From 1836881f52fedc874008e69f8d50ff68d87e6401 Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Wed, 20 Aug 2025 13:56:37 +0200
Subject: [PATCH 1/3] interlockrat

---
 .../T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml b/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
index b9cb060a..c3e5f2dd 100644
--- a/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
+++ b/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
@@ -7,7 +7,7 @@ directory: dll_loaded_in_temp
 mitre_technique:
 - T1105
 dataset:
-- name: windows-sysmon
+- name: module_loaded_in_temp.log
   path: /datasets/attack_techniques/T1105/dll_loaded_in_temp/module_loaded_in_temp.log
   sourcetypes: XmlWinEventLog
   source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

From a1f9f2524cda905210c2e8095176d28f307fbf04 Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Wed, 20 Aug 2025 14:02:35 +0200
Subject: [PATCH 2/3] interlockrat

---
 .../T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml b/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
index c3e5f2dd..5a12983a 100644
--- a/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
+++ b/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
@@ -9,5 +9,5 @@ mitre_technique:
 dataset:
 - name: module_loaded_in_temp.log
   path: /datasets/attack_techniques/T1105/dll_loaded_in_temp/module_loaded_in_temp.log
-  sourcetypes: XmlWinEventLog
-  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

From 89799e425ef1ab95c47c981451701637da71c0ef Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Wed, 20 Aug 2025 14:05:47 +0200
Subject: [PATCH 3/3] interlockrat

---
 .../T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml b/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
index 5a12983a..64e03c74 100644
--- a/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
+++ b/datasets/attack_techniques/T1105/dll_loaded_in_temp/dll_loaded_in_temp.yml
@@ -6,7 +6,7 @@ environment: attack_range
 directory: dll_loaded_in_temp
 mitre_technique:
 - T1105
-dataset:
+datasets:
 - name: module_loaded_in_temp.log
   path: /datasets/attack_techniques/T1105/dll_loaded_in_temp/module_loaded_in_temp.log
   sourcetype: XmlWinEventLog