From 4236caae4dc6fc60a857952f6ac5ba4a47e673dd Mon Sep 17 00:00:00 2001 From: Teoderick Contreras Date: Wed, 20 Aug 2025 16:20:47 +0200 Subject: [PATCH 1/2] pathwiper --- .../excel_activemicrosoftapp.yml | 13 +++++++++++++ .../excel_activemicrosoftapp/sysmon_winprojexe.log | 3 +++ 2 files changed, 16 insertions(+) create mode 100644 datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml create mode 100644 datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log diff --git a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml new file mode 100644 index 00000000..ec11dc79 --- /dev/null +++ b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml @@ -0,0 +1,13 @@ +author: Teoderick Contreras, Splunk +id: bb7a2c30-7dd0-11f0-8ab3-629be3538069 +date: 2025-08-20 +description: Generated datasets for excel activemicrosoftapp in attack range. +environment: attack_range +directory: excel_activemicrosoftapp +mitre_technique: +- T1021.003 +datasets: +- name: sysmon_winprojexe.log + path: /datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log + sourcetype: 'XmlWinEventLog' + source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log new file mode 100644 index 00000000..42545f8a --- /dev/null +++ b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/sysmon_winprojexe.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:151c77e301c05f9dbb55db88002235c2eecc81cff6d3edd3a614e33d6d4fcad0 +size 11820 From a292718d848b1a3e4ca9d3f94b36ef724a0f2948 Mon Sep 17 00:00:00 2001 From: Teoderick Contreras Date: Wed, 20 Aug 2025 16:29:45 +0200 Subject: [PATCH 2/2] pathwiper --- .../excel_activemicrosoftapp/excel_activemicrosoftapp.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml index ec11dc79..4485c32d 100644 --- a/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml +++ b/datasets/attack_techniques/T1021.003/excel_activemicrosoftapp/excel_activemicrosoftapp.yml @@ -1,6 +1,6 @@ author: Teoderick Contreras, Splunk -id: bb7a2c30-7dd0-11f0-8ab3-629be3538069 -date: 2025-08-20 +id: 1177fe7c-7dd2-11f0-8ab3-629be3538069 +date: '2025-08-20' description: Generated datasets for excel activemicrosoftapp in attack range. environment: attack_range directory: excel_activemicrosoftapp