msxi aistubs

MHaggis · MHaggis · commit f956ae5149d4 · 2025-08-18T08:40:53.000-06:00
diff --git a/datasets/attack_techniques/T1218/msix_ai_stubs/msix_ai_stubs.yml b/datasets/attack_techniques/T1218/msix_ai_stubs/msix_ai_stubs.yml
@@ -0,0 +1,12 @@
+author: Michael Haag
+id: kk9b2623-abd5-11eb-926b-120zf0943f11
+date: '2023-05-15'
+description: MSIX AI_STUBS execution detection for malicious installer packages
+environment: attack_range
+dataset:
+- https://raw.githubusercontent.com/splunk/attack_data/master/datasets/attack_techniques/T1218/msix_ai_stubs/windows_sysmon.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://attack.mitre.org/techniques/T1218
+- https://redcanary.com/threat-detection-report/techniques/installer-packages/
diff --git a/datasets/attack_techniques/T1218/msix_ai_stubs/windows_sysmon.log b/datasets/attack_techniques/T1218/msix_ai_stubs/windows_sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4f6b0e90b70112e5d63f16310f5f4695be77c542871b88a7fe696914637488d5
+size 1736

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:4f6b0e90b70112e5d63f16310f5f4695be77c542871b88a7fe696914637488d5`
	`3`	`+size 1736`