Merge branch 'master' into replay_improvements

Patrick Bareiss · Patrick Bareiss · commit 9bb23647db4f · 2025-08-21T10:25:06.000+02:00
diff --git a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 1177fe7c-7dd2-11f0-8ab3-629be3538069
+date: '2025-08-20'
+description: Generated datasets for excel activemicrosoftapp in attack range.
+environment: attack_range
+directory: excel_activemicrosoftapp
+mitre_technique:
+- T1021.003
+datasets:
+- name: sysmon_winprojexe.log
+  path: /datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
diff --git a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:151c77e301c05f9dbb55db88002235c2eecc81cff6d3edd3a614e33d6d4fcad0
+size 11820
diff --git a/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml b/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 7519d2b8-7db7-11f0-8ab3-629be3538069
+date: '2025-08-20'
+description: Generated datasets for dll loaded in temp in attack range.
+environment: attack_range
+directory: dll_loaded_in_temp
+mitre_technique:
+- T1105
+datasets:
+- name: module_loaded_in_temp.log
+  path: /datasets/attack_techniques/T1105/dll_loaded_in_temp/module_loaded_in_temp.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1105/dll_loaded_in_temp/module_loaded_in_temp.log b/datasets/attack_techniques/T1105/dll_loaded_in_temp/module_loaded_in_temp.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f190e90bdefef1523b5af5bade0c217c33efbd0eb8497ea2e812f805c8b1ef72
+size 3034
diff --git a/datasets/attack_techniques/T1556/disable_lsa_protection_new/disable_lsa_protection_new.yml b/datasets/attack_techniques/T1556/disable_lsa_protection_new/disable_lsa_protection_new.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: a54f1d38-7dd7-11f0-8ab3-629be3538069
+date: '2025-08-20'
+description: Generated datasets for disable lsa protection new in attack range.
+environment: attack_range
+directory: disable_lsa_protection_new
+mitre_technique:
+- T1556
+datasets:
+- name: lsa_reg_deletion_modification.log
+  path: /datasets/attack_techniques/T1556/disable_lsa_protection_new/lsa_reg_deletion_modification.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
diff --git a/datasets/attack_techniques/T1556/disable_lsa_protection_new/lsa_reg_deletion_modification.log b/datasets/attack_techniques/T1556/disable_lsa_protection_new/lsa_reg_deletion_modification.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2837f645d3270b5c2c362f633e0c25f2232b9df8099eed695576cbc754a9f59a
+size 51908

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:151c77e301c05f9dbb55db88002235c2eecc81cff6d3edd3a614e33d6d4fcad0`
	`3`	`+size 11820`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:f190e90bdefef1523b5af5bade0c217c33efbd0eb8497ea2e812f805c8b1ef72`
	`3`	`+size 3034`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:2837f645d3270b5c2c362f633e0c25f2232b9df8099eed695576cbc754a9f59a`
	`3`	`+size 51908`