Add YAML metadata for T1003.003

P4T12ICK · P4T12ICK · commit 7408a9b3f9b1 · 2025-11-12T14:41:28.000+01:00
diff --git a/datasets/attack_techniques/T1003.003/credential-dumping-via-symlink/credential-dumping-via-symlink.yml b/datasets/attack_techniques/T1003.003/credential-dumping-via-symlink/credential-dumping-via-symlink.yml
@@ -0,0 +1,14 @@
+author: PB
+id: b6ed453c-c5e3-496f-b6f7-7dc365e984ba
+date: '2025-11-12'
+description: Attack data for detection Credential Dumping via Symlink to Shadow Copy
+  New
+environment: attack_range
+directory: credential-dumping-via-symlink
+mitre_technique:
+- T1003.003
+datasets:
+- name: data
+  path: datasets/attack_techniques/T1003.003/credential-dumping-via-symlink/data.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
