crushftp auth bypass session logs

Author: MHaggis

datasets/attack_techniques/T1190/crushftp/crushftp.yml

@@ -1,13 +1,15 @@
 author: Michael Haag, Splunk
 id: 1e1c1f1c-0b0b-4b0b-8b0b-0b0b0b0b0b0d
 date: '2024-05-23'
-description: Generated event logs from CrushFTP server from simulated attack leveraging CVE-2024-4040.
+description: Generated event logs from CrushFTP server from simulated attack leveraging CVE-2024-4040 and CVE-2025-31161,.
 environment: attack_range
 dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1190/crushftp/crushftp.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1190/crushftp/crushftp11_session.log
 sourcetypes:
 - crushftp:sessionlogs
 references:
   - https://attack.mitre.org/techniques/T1190
   - https://github.com/airbus-cert/CVE-2024-4040
-  - https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
+  - https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
+  - https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation

datasets/attack_techniques/T1190/crushftp/crushftp11_session.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:540647b42c934ae59d139c2a3344c1056a412875bf0d04770540e1920d2c6420
+size 289353