From 112145de4e3cb820f2cae91d2dddf7b490f50229 Mon Sep 17 00:00:00 2001
From: Raven Tait <rmtait@cisco.com>
Date: Mon, 25 Aug 2025 10:24:50 -0400
Subject: [PATCH] Add dataset for SpeechRuntime Hijacking

---
 .../lateral_movement_speechruntime.yml             | 14 ++++++++++++++
 .../windows-sysmon.log                             |  3 +++
 2 files changed, 17 insertions(+)
 create mode 100644 datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/lateral_movement_speechruntime.yml
 create mode 100644 datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log

diff --git a/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/lateral_movement_speechruntime.yml b/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/lateral_movement_speechruntime.yml
new file mode 100644
index 00000000..50dac9bb
--- /dev/null
+++ b/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/lateral_movement_speechruntime.yml
@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 54417fe2-a9c5-46f8-895a-591f5d87231e
+date: '2025-08-25'
+description: Using DLL to start a process on a remote endpoint
+  leveraging COM Hijacking against SpeechRuntime to perform lateral movement and remote code execution.
+environment: attack_range
+directory: lateral_movement_speechruntime
+mitre_technique:
+- T1021.003
+datasets:
+- name: windows-sysmon
+  path: /datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log b/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log
new file mode 100644
index 00000000..09f67430
--- /dev/null
+++ b/datasets/attack_techniques/T1021.003/lateral_movement_speechruntime/windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cf3358ff725498d5371cc79967539a435aaf46b2c6fb4c944ebab61fccdf63ef
+size 6525