rdp

t-contreras · t-contreras · commit 81b7ee2cd931 · 2025-07-30T13:59:47.000+02:00
diff --git a/datasets/attack_techniques/T1021.001/bmc_creation/bmc_creation.log b/datasets/attack_techniques/T1021.001/bmc_creation/bmc_creation.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02509f46c0827bf20cab033da354191ec78f76f78cee88ab469b800efa816089
+size 1092
diff --git a/datasets/attack_techniques/T1021.001/bmc_creation/bmc_creation.yml b/datasets/attack_techniques/T1021.001/bmc_creation/bmc_creation.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 2050c38a-6d1e-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for bmc creation in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1021.001/bmc_creation/bmc_creation.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1021.001/mstsc_admini/mstsc_admin.log b/datasets/attack_techniques/T1021.001/mstsc_admini/mstsc_admin.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b4e043ffb2a24d2da86e1ef9b396fc53cc8169d4974434057d4d1a802eb7540
+size 19709
diff --git a/datasets/attack_techniques/T1021.001/mstsc_admini/mstsc_admini.yml b/datasets/attack_techniques/T1021.001/mstsc_admini/mstsc_admini.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: bf432e34-6d3b-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for mstsc admini in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1021.001/mstsc_admini/mstsc_admin.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1021.001/rdp_creation/deafault_rdp_created.log b/datasets/attack_techniques/T1021.001/rdp_creation/deafault_rdp_created.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:48db5e0511cab2055386df33d44309cc03fc81f61292ce939d2ceef18d8443a5
+size 1048
diff --git a/datasets/attack_techniques/T1021.001/rdp_creation/rdp_creation.yml b/datasets/attack_techniques/T1021.001/rdp_creation/rdp_creation.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 30e07cc0-6d25-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for rdp creation in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1021.001/rdp_creation/deafault_rdp_created.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1021.001/terminal_server_reg_created/terminal_server_reg_created.yml b/datasets/attack_techniques/T1021.001/terminal_server_reg_created/terminal_server_reg_created.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 27f7e43a-6d3a-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for terminal server reg created in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1021.001/terminal_server_reg_created/terminal_sever_client_Reg_created.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1021.001/terminal_server_reg_created/terminal_sever_client_Reg_created.log b/datasets/attack_techniques/T1021.001/terminal_server_reg_created/terminal_sever_client_Reg_created.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5342e02893436798ee664d51b0c19098a395b99039e208d4e5e7f6f530cf6c82
+size 8021
diff --git a/datasets/attack_techniques/T1021.001/unhide_file/unhide_file.log b/datasets/attack_techniques/T1021.001/unhide_file/unhide_file.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e01d3f22c954a724a0ce81fc3537dedc15a33699315190fecca6303390d0dc44
+size 24073
diff --git a/datasets/attack_techniques/T1021.001/unhide_file/unhide_file.yml b/datasets/attack_techniques/T1021.001/unhide_file/unhide_file.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: a2d674e4-6d3c-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for unhide file in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1021.001/unhide_file/unhide_file.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1070.004/automatic_file_deleted/automatic_file_deleted.log b/datasets/attack_techniques/T1070.004/automatic_file_deleted/automatic_file_deleted.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f9c8d1b18a31990e5a0b741f8624e92b90b7733db2be3e3c84fb3a27fbc87e37
+size 2634
diff --git a/datasets/attack_techniques/T1070.004/automatic_file_deleted/automatic_file_deleted.yml b/datasets/attack_techniques/T1070.004/automatic_file_deleted/automatic_file_deleted.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: c6e9706c-6d27-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for automatic file deleted in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070.004/automatic_file_deleted/automatic_file_deleted.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1070.004/bmc_file_deleted/bmc_file_deleted.log b/datasets/attack_techniques/T1070.004/bmc_file_deleted/bmc_file_deleted.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:87240fa72a24d0bc31599feee506289d25eade037e565ad7ab58cd38a5bf0f99
+size 1278
diff --git a/datasets/attack_techniques/T1070.004/bmc_file_deleted/bmc_file_deleted.yml b/datasets/attack_techniques/T1070.004/bmc_file_deleted/bmc_file_deleted.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: e9002aca-6d26-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for bmc file deleted in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070.004/bmc_file_deleted/bmc_file_deleted.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1070.004/rdp_deletion/rdp_deletion.yml b/datasets/attack_techniques/T1070.004/rdp_deletion/rdp_deletion.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 55943188-6d25-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for rdp deletion in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070.004/rdp_deletion/rdp_file_deleted.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344
diff --git a/datasets/attack_techniques/T1070.004/rdp_deletion/rdp_file_deleted.log b/datasets/attack_techniques/T1070.004/rdp_deletion/rdp_file_deleted.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:25af6d9241545d5923e6153b0b12bb52ca0b590abdfa3623ca3e9036572ad4d9
+size 2470
diff --git a/datasets/attack_techniques/T1070.004/terminal_server_reg_deleted/terminal_server_client_reg_deleted.log b/datasets/attack_techniques/T1070.004/terminal_server_reg_deleted/terminal_server_client_reg_deleted.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:493010eceea55098ea984de69250fc32e36d4fcbf11a04fd218c7e2134a77e7c
+size 3254
diff --git a/datasets/attack_techniques/T1070.004/terminal_server_reg_deleted/terminal_server_reg_deleted.yml b/datasets/attack_techniques/T1070.004/terminal_server_reg_deleted/terminal_server_reg_deleted.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 8c2fbcce-6d3b-11f0-86b8-629be3538068
+date: '2025-07-30'
+description: Generated datasets for terminal server reg deleted in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070.004/terminal_server_reg_deleted/terminal_server_client_reg_deleted.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://medium.com/@bonguides25/how-to-clear-rdp-connections-history-in-windows-cf0ffb67f344

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:02509f46c0827bf20cab033da354191ec78f76f78cee88ab469b800efa816089`
	`3`	`+size 1092`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:2b4e043ffb2a24d2da86e1ef9b396fc53cc8169d4974434057d4d1a802eb7540`
	`3`	`+size 19709`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:48db5e0511cab2055386df33d44309cc03fc81f61292ce939d2ceef18d8443a5`
	`3`	`+size 1048`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:5342e02893436798ee664d51b0c19098a395b99039e208d4e5e7f6f530cf6c82`
	`3`	`+size 8021`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:e01d3f22c954a724a0ce81fc3537dedc15a33699315190fecca6303390d0dc44`
	`3`	`+size 24073`