Add medusa logs

RavenTait · RavenTait · commit 572faddafb63 · 2025-08-05T14:19:55.000-05:00
diff --git a/datasets/attack_techniques/T1014/medusa_rootkit/medusa.yml b/datasets/attack_techniques/T1014/medusa_rootkit/medusa.yml
@@ -0,0 +1,12 @@
+author: Raven Tait, Splunk
+id: 2481e83c-b888-4383-bc61-9d292f4e03ea
+date: '2025-08-05'
+description: Logs from usage of the Medusa rootkit on a Linux host.
+environment: custom
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/medusa_rootkit/sysmon_linux.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- Syslog:Linux-Sysmon/Operational
+references:
+- https://attack.mitre.org/techniques/T1014/
diff --git a/datasets/attack_techniques/T1014/medusa_rootkit/sysmon_linux.log b/datasets/attack_techniques/T1014/medusa_rootkit/sysmon_linux.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:092f23c31aaa9c2f26d38c083255ade96bd953e0b5110443e9c1d39ae487bf63
+size 6275
diff --git a/datasets/attack_techniques/T1567/gdrive/gdrive_linux.log b/datasets/attack_techniques/T1567/gdrive/gdrive_linux.log
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:9d4131e5da55ad18265a03de96a248ff3f0193e56e148c8cbc38423cc41975f6
-size 5546
+oid sha256:f06508f6810bcfc183393448f973db7185e0059fc1b716e45fe42cd620b9d701
+size 5545

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:092f23c31aaa9c2f26d38c083255ade96bd953e0b5110443e9c1d39ae487bf63`
	`3`	`+size 6275`