lnk attacks

MHaggis · MHaggis · commit 93898f012ac2 · 2025-03-24T11:47:36.000-06:00
diff --git a/datasets/attack_techniques/T1059.001/encoded_powershell/encoded_powershell.yml b/datasets/attack_techniques/T1059.001/encoded_powershell/encoded_powershell.yml
@@ -6,6 +6,8 @@ environment: attack_range
 dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/encoded_powershell/windows-sysmon.log
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/encoded_powershell/windows-security.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/encoded_powershell/padded_windows-sysmon.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059.001/encoded_powershell/explorer_spawns_windows-sysmon.log
 sourcetypes:
 - XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
 references:
diff --git a/datasets/attack_techniques/T1059.001/encoded_powershell/explorer_spawns_windows-sysmon.log b/datasets/attack_techniques/T1059.001/encoded_powershell/explorer_spawns_windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9200692ad74037b5234fe6f7da733d3e416b0ea8bb7f6d8ebb5bd16fc39b8b22
+size 13142
diff --git a/datasets/attack_techniques/T1059.001/encoded_powershell/padded_windows-sysmon.log b/datasets/attack_techniques/T1059.001/encoded_powershell/padded_windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0324ee4e5f2cb4c761e10862808c37a046097a2ad800d034490e3980c3e86dec
+size 11135
diff --git a/datasets/attack_techniques/T1572/ssh_proxy_command/ssh.yml b/datasets/attack_techniques/T1572/ssh_proxy_command/ssh.yml
@@ -0,0 +1,11 @@
+author: Michael Haag
+id: cc9b2667-efc9-11eb-926b-660bf0943fbb
+date: '2021-11-15'
+description: Simulation of plink activity.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1572/ssh_proxy_command/sshproxycommand_windows-sysmon.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://attack.mitre.org/techniques/T1572
diff --git a/datasets/attack_techniques/T1572/ssh_proxy_command/sshproxycommand_windows-sysmon.log b/datasets/attack_techniques/T1572/ssh_proxy_command/sshproxycommand_windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:19ba4ba374556d3b04abbd22867dfac95a68a6efc4f68fafb741f2500d922d1f
+size 6748

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:9200692ad74037b5234fe6f7da733d3e416b0ea8bb7f6d8ebb5bd16fc39b8b22`
	`3`	`+size 13142`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:0324ee4e5f2cb4c761e10862808c37a046097a2ad800d034490e3980c3e86dec`
	`3`	`+size 11135`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:19ba4ba374556d3b04abbd22867dfac95a68a6efc4f68fafb741f2500d922d1f`
	`3`	`+size 6748`