headless_bee

t-contreras · t-contreras · commit 6d764cc83148 · 2025-02-21T14:03:34.000+01:00
diff --git a/datasets/attack_techniques/T1036/executables_suspicious_file_path/exec_susp_path2.log b/datasets/attack_techniques/T1036/executables_suspicious_file_path/exec_susp_path2.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ae3ae67e3f31e6600605b816a2d9a504b7acf7a70e8838fcec9e9dbeccc6ae6f
+size 5479
diff --git a/datasets/attack_techniques/T1036/executables_suspicious_file_path/executables_suspicious_file_path.yml b/datasets/attack_techniques/T1036/executables_suspicious_file_path/executables_suspicious_file_path.yml
@@ -1,11 +1,11 @@
 author: Teoderick Contreras, Splunk
-id: ecd2eb7a-e864-11ef-9080-acde48001122
-date: '2025-02-11'
+id: 44ea25a8-f053-11ef-bb6f-629be3538068
+date: '2025-02-21'
 description: Generated datasets for executables suspicious file path in attack range.
 environment: attack_range
 dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1036/executables_suspicious_file_path/exec_susp_path.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1036/executables_suspicious_file_path/exec_susp_path2.log
 sourcetypes:
 - 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
 references:
-- https://thedfirreport.com/2020/04/20/sqlserver-or-the-miner-in-the-basement/
+- https://twitter.com/pr0xylife/status/1590394227758104576

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:ae3ae67e3f31e6600605b816a2d9a504b7acf7a70e8838fcec9e9dbeccc6ae6f`
	`3`	`+size 5479`