Skip to content

Commit bf2d87e

Browse files
AAtashGarAAtashGar
committed
fix: update dataset
1 parent 387a52c commit bf2d87e

File tree

3 files changed

+16
-10
lines changed

3 files changed

+16
-10
lines changed

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/bitlocker_com_hijacking.yml

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,15 +9,21 @@ description: Simulated Windows Security and System events demonstrating the
99
BitLocker Network Unlock COM Object Hijacking lateral movement technique
1010
(T1574.015 / T1546.015) using RemoteRegistry service enablement, HKCU CLSID
1111
manipulation, and execution via baaupdate.exe or BdeUISrv.exe.
12+
environment: NA
13+
directory: bitlocker_com_hijacking
14+
mitre_technique:
15+
- T1546.015
1216
references:
1317
- https://ipurple.team/2025/08/04/lateral-movement-bitlocker/
1418
- https://github.com/rtecCyberSec/BitlockMove
1519
attack_data:
1620
- file_name: windows-security.log
17-
data: datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-security.log
18-
source: WinEventLog:Security
19-
sourcetype: WinEventLog:Security
21+
data: datasets/attack_techniques/T1546.015/
22+
bitlocker_com_hijacking/windows-security.log
23+
source: XmlWinEventLog:Security
24+
sourcetype: XmlWinEventLog:Security
2025
- file_name: windows-system.log
21-
data: datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-system.log
22-
source: WinEventLog:System
23-
sourcetype: WinEventLog:System
26+
data: datasets/attack_techniques/T1546.015/
27+
bitlocker_com_hijacking/windows-system.log
28+
source: XmlWinEventLog:System
29+
sourcetype: XmlWinEventLog:System

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-security.log

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
version https://git-lfs.github.com/spec/v1
2-
oid sha256:8a9cf4b18a6383c2baefec1bfab29f561bb3055d2dba9df3062f3f97a81def33
3-
size 7003
2+
oid sha256:60f0af77ce8f0e40d115a1e196c5444ea3f024a4a8fcac61775ec1fd6301f879
3+
size 6334

datasets/attack_techniques/T1546.015/bitlocker_com_hijacking/windows-system.log

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
version https://git-lfs.github.com/spec/v1
2-
oid sha256:52199fd95101d48968b9683959cd06e894d23f036480253c13862589222c182f
3-
size 1058
2+
oid sha256:5168356ebbd579b0565d5de536f612f0e9099a2335a80299fe50fbbbd1a52c63
3+
size 1684

0 commit comments

Comments
 (0)