secret_blizzard

t-contreras · t-contreras · commit c2148081f7ed · 2025-08-06T12:18:12.000+02:00
diff --git a/datasets/attack_techniques/T1112/reg_profiles_private/reg_profiles_private.log b/datasets/attack_techniques/T1112/reg_profiles_private/reg_profiles_private.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7b59305a325b7cc064ae1f5a4be1944d3db6070cb3775ec6583c36f8e676aaa5
+size 4542
diff --git a/datasets/attack_techniques/T1112/reg_profiles_private/reg_profiles_private.yml b/datasets/attack_techniques/T1112/reg_profiles_private/reg_profiles_private.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: eff617c0-72aa-11f0-9625-629be3538068
+date: '2025-08-06'
+description: Generated datasets for reg profiles private in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1112/reg_profiles_private/reg_profiles_private.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/
diff --git a/datasets/attack_techniques/T1574.001/firewall_api_path/firewall_api_path.yml b/datasets/attack_techniques/T1574.001/firewall_api_path/firewall_api_path.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: e90865ba-72ac-11f0-9625-629be3538068
+date: '2025-08-06'
+description: Generated datasets for firewall api path in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1574.001/firewall_api_path/firewallapi_temp.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/
diff --git a/datasets/attack_techniques/T1574.001/firewall_api_path/firewallapi_temp.log b/datasets/attack_techniques/T1574.001/firewall_api_path/firewallapi_temp.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2973ed09af8ca140f4c0da90d12a1399a2765428f6b4388df1f8876f45978d78
+size 1555
diff --git a/datasets/attack_techniques/T1587.003/add_store_cert/add_store_cert.yml b/datasets/attack_techniques/T1587.003/add_store_cert/add_store_cert.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 28f730ce-72ae-11f0-9625-629be3538068
+date: '2025-08-06'
+description: Generated datasets for add store cert in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1587.003/add_store_cert/addstore_cert.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://www.microsoft.com/en-us/security/blog/2025/07/31/frozen-in-transit-secret-blizzards-aitm-campaign-against-diplomats/
diff --git a/datasets/attack_techniques/T1587.003/add_store_cert/addstore_cert.log b/datasets/attack_techniques/T1587.003/add_store_cert/addstore_cert.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c31b0e86dd5ed796d2f2bcab64c479fe15a895bd0597961dc3746ad8603e4065
+size 4040

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:7b59305a325b7cc064ae1f5a4be1944d3db6070cb3775ec6583c36f8e676aaa5`
	`3`	`+size 4542`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:2973ed09af8ca140f4c0da90d12a1399a2765428f6b4388df1f8876f45978d78`
	`3`	`+size 1555`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:c31b0e86dd5ed796d2f2bcab64c479fe15a895bd0597961dc3746ad8603e4065`
	`3`	`+size 4040`