Skip to content

Commit cb3653a

Browse files
P4T12ICKP4T12ICK
authored
Merge pull request #1070 from splunk/castlerat
castlerat
2 parents e85e7c4 + 7eb3e87 commit cb3653a

File tree

6 files changed

+48
-0
lines changed

6 files changed

+48
-0
lines changed

datasets/attack_techniques/T1134.001/uac_process_handle_dup/Computerdefaults_access.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:2f9d2265f105cd8bcea38d720a0eb2afd2d5894d162b5938be0ec026728b3e9e
3+
size 3050

datasets/attack_techniques/T1134.001/uac_process_handle_dup/uac_process_handle_dup.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
author: Teoderick Contreras, Splunk
2+
id: 9c496a76-b672-11f0-b923-629be353806a
3+
date: '2025-10-31'
4+
description: Generated datasets for uac process handle dup in attack range.
5+
environment: attack_range
6+
directory: uac_process_handle_dup
7+
mitre_technique:
8+
- T1134.001
9+
datasets:
10+
- name: Computerdefaults_access.log
11+
path: /datasets/attack_techniques/T1134.001/uac_process_handle_dup/Computerdefaults_access.log
12+
sourcetype: 'XmlWinEventLog'
13+
source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

datasets/attack_techniques/T1185/browser_unusual_flag/browser_unusual_flag.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
author: Teoderick Contreras, Splunk
2+
id: 79bea778-b672-11f0-b923-629be353806a
3+
date: '2025-10-31'
4+
description: Generated datasets for browser unusual flag in attack range.
5+
environment: attack_range
6+
directory: browser_unusual_flag
7+
mitre_technique:
8+
- T1185
9+
datasets:
10+
- name: castle_chrome_shell32.log
11+
path: /datasets/attack_techniques/T1185/browser_unusual_flag/castle_chrome_shell32.log
12+
sourcetype: 'XmlWinEventLog'
13+
source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

datasets/attack_techniques/T1185/browser_unusual_flag/castle_chrome_shell32.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:c786c3ff82efdd1a76a939fbf18003f576975252fe8e1983d750e22a790a152e
3+
size 18755

datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_process.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:e9a868a2f9599263413d32b01b848d4b86cbd80eaa4c5287256ee6af14080b90
3+
size 5873

datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_spawn_proc.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
author: Teoderick Contreras, Splunk
2+
id: 55a86252-b672-11f0-b923-629be353806a
3+
date: '2025-10-31'
4+
description: Generated datasets for computerdefaults spawn proc in attack range.
5+
environment: attack_range
6+
directory: computerdefaults_spawn_proc
7+
mitre_technique:
8+
- T1548.002
9+
datasets:
10+
- name: computerdefaults_process.log
11+
path: /datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_process.log
12+
sourcetype: 'XmlWinEventLog'
13+
source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

0 commit comments

Comments
 (0)