Merge pull request #1013 from splunk/speechruntime

RavenTait · web-flow · commit 80a31d0f6b88 · 2025-08-25T14:00:50.000-04:00
Add dataset for SpeechRuntime Hijacking
diff --git a/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/lateral_movement_speechruntime.yml b/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/lateral_movement_speechruntime.yml
@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 54417fe2-a9c5-46f8-895a-591f5d87231e
+date: '2025-08-25'
+description: Using DLL to start a process on a remote endpoint
+  leveraging COM Hijacking against SpeechRuntime to perform lateral movement and remote code execution.
+environment: attack_range
+directory: lateral_movement_speechruntime
+mitre_technique:
+- T1021.003
+datasets:
+- name: windows-sysmon
+  path: /datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log b/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cf3358ff725498d5371cc79967539a435aaf46b2c6fb4c944ebab61fccdf63ef
+size 6525

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:cf3358ff725498d5371cc79967539a435aaf46b2c6fb4c944ebab61fccdf63ef`
	`3`	`+size 6525`