Skip to content

Commit a845871

Browse files
author
Patrick Bareiss
committed
bug fixes
1 parent 3b43118 commit a845871

File tree

3 files changed

+24
-23
lines changed

3 files changed

+24
-23
lines changed

datasets/attack_techniques/T1059.001/msix_powershell/msix_powershell.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,11 @@ id: 3f9b2623-abd5-11eb-926b-120zf0943f11
33
date: '2023-06-22'
44
description: PowerShell execution from MSIX packages and WindowsApps directory
55
environment: attack_range
6-
dataset:
7-
- https://media.githubusercontent.com/media/splunk/attack_data/refs/heads/master/datasets/attack_techniques/T1059.001/msix_powershell/windows-sysmon.log
8-
sourcetypes:
9-
- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
10-
references:
11-
- https://attack.mitre.org/techniques/T1059/001
12-
- https://redcanary.com/blog/threat-intelligence/msix-installers/
13-
- https://redcanary.com/threat-detection-report/techniques/installer-packages/
6+
directory: msix_powershell
7+
mitre_technique:
8+
- T1059.001
9+
datasets:
10+
- name: windows-sysmon
11+
path: /datasets/attack_techniques/T1059.001/msix_powershell/windows-sysmon.log
12+
sourcetype: XmlWinEventLog
13+
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

datasets/attack_techniques/T1218/msix_ai_stubs/msix_ai_stubs.yml

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,11 @@ id: kk9b2623-abd5-11eb-926b-120zf0943f11
33
date: '2023-05-15'
44
description: MSIX AI_STUBS execution detection for malicious installer packages
55
environment: attack_range
6-
dataset:
7-
- https://media.githubusercontent.com/media/splunk/attack_data/refs/heads/master/datasets/attack_techniques/T1218/msix_ai_stubs/windows_sysmon.log
8-
sourcetypes:
9-
- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
10-
references:
11-
- https://attack.mitre.org/techniques/T1218
12-
- https://redcanary.com/threat-detection-report/techniques/installer-packages/
6+
directory: msix_ai_stubs
7+
mitre_technique:
8+
- T1218
9+
datasets:
10+
- name: windows-sysmon
11+
path: /datasets/attack_techniques/T1218/msix_ai_stubs/windows_sysmon.log
12+
sourcetype: XmlWinEventLog
13+
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

datasets/attack_techniques/T1553.005/msix_unsigned/msix_unsigned.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,11 @@ id: 4f9b2623-abd5-11eb-926b-120zf0943f22
33
date: '2023-06-22'
44
description: Detection of unsigned MSIX package installation using PowerShell
55
environment: attack_range
6-
dataset:
7-
- https://media.githubusercontent.com/media/splunk/attack_data/refs/heads/master/datasets/attack_techniques/T1553.005/msix_unsigned/windows-powershell.log
8-
sourcetypes:
9-
- XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
10-
references:
11-
- https://attack.mitre.org/techniques/T1553/005
12-
- https://redcanary.com/blog/threat-intelligence/msix-installers/
13-
- https://redcanary.com/threat-detection-report/techniques/installer-packages/
6+
directory: msix_unsigned
7+
mitre_technique:
8+
- T1553.005
9+
datasets:
10+
- name: windows-powershell
11+
path: /datasets/attack_techniques/T1553.005/msix_unsigned/windows-powershell.log
12+
sourcetype: XmlWinEventLog
13+
source: XmlWinEventLog:Microsoft-Windows-PowerShell/Operational

0 commit comments

Comments
 (0)