Skip to content

Commit 0b93d1c

Browse files
RavenTaitRavenTait
authored
Merge pull request #1022 from splunk/notdoor
Add NotDoor logs
2 parents 3456b94 + c4f9f91 commit 0b93d1c

File tree

8 files changed

+56
-0
lines changed

8 files changed

+56
-0
lines changed

datasets/malware/notdoor/disable_dialogs/disable_dialogs.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Raven Tait, Splunk
2+
id: 1e606a99-47d9-4f89-8aab-a00bc7c38e63
3+
date: '2025-09-09'
4+
description: logs from NotDoor malware execution
5+
environment: attack_range
6+
directory: disable_dialogs
7+
datasets:
8+
- name: windows-sysmon
9+
path: /datasets/malware/notdoor/disable_dialogs/windows-sysmon.log
10+
sourcetype: XmlWinEventLog
11+
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

datasets/malware/notdoor/disable_dialogs/windows-sysmon.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:cc9a6bb62770ced26341092729f79f256b5a1a16d85b3fea2dd5c992fc0d190f
3+
size 3633

datasets/malware/notdoor/loadmacroprovideronboot/loadmacroprovideronboot.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Raven Tait, Splunk
2+
id: f67a778d-f7a5-4352-941b-daf2a5919167
3+
date: '2025-09-09'
4+
description: logs from NotDoor malware execution
5+
environment: attack_range
6+
directory: loadmacroprovideronboot
7+
datasets:
8+
- name: windows-sysmon
9+
path: /datasets/malware/notdoor/loadmacroprovideronboot/windows-sysmon.log
10+
sourcetype: XmlWinEventLog
11+
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

datasets/malware/notdoor/loadmacroprovideronboot/windows-sysmon.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:1b47a4814f43b986d8f53e525f1adfb759cb8b67e80df57a691bd6f3ae60b678
3+
size 1417

datasets/malware/notdoor/macro_security_level/macro_security_level.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Raven Tait, Splunk
2+
id: 0cd14ec6-4fcb-437c-aeee-0f04007c55fa
3+
date: '2025-09-09'
4+
description: logs from NotDoor malware execution
5+
environment: attack_range
6+
directory: macro_security_level
7+
datasets:
8+
- name: windows-sysmon
9+
path: /datasets/malware/notdoor/macro_security_level/windows-sysmon.log
10+
sourcetype: XmlWinEventLog
11+
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

datasets/malware/notdoor/macro_security_level/windows-sysmon.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:77cf15b3359975a879ce8e890884d36728907abbbdc2f0be9b48e747ce1a1fd4
3+
size 1408

datasets/malware/notdoor/outlook_macro/outlook_macro.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Raven Tait, Splunk
2+
id: 62f29b0e-692f-4dca-a17a-98809d1a40fe
3+
date: '2025-09-09'
4+
description: logs from NotDoor malware execution
5+
environment: attack_range
6+
directory: outlook_macro
7+
datasets:
8+
- name: windows-sysmon
9+
path: /datasets/malware/notdoor/outlook_macro/windows-sysmon.log
10+
sourcetype: XmlWinEventLog
11+
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

datasets/malware/notdoor/outlook_macro/windows-sysmon.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:b77d784369294d71581012bc729013271ca23ad5a39f7509676ba9bd12e75094
3+
size 1376

0 commit comments

Comments
 (0)