From d5b62829159146366e7bf28072936f99c19ec50e Mon Sep 17 00:00:00 2001 From: Teoderick Contreras Date: Tue, 26 Aug 2025 13:25:34 +0200 Subject: [PATCH] lamehug --- .../{ => lamehug}/T1007/net_start/net_start.log | 0 .../{ => lamehug}/T1007/net_start/net_start.yml | 2 +- .../T1071.004/hugging_face/hugging_face.yml | 2 +- .../T1071.004/hugging_face/huggingface.log | 0 .../{ => lamehug}/T1082/wmic_cmd/wmic_cmd.log | 0 .../{ => lamehug}/T1082/wmic_cmd/wmic_cmd.yml | 2 +- .../lamehug/T1119/doc_collection/doc_collection.yml | 13 +++++++++++++ .../lamehug/T1119/doc_collection/xcopy_event.log | 3 +++ 8 files changed, 19 insertions(+), 3 deletions(-) rename datasets/malware/{ => lamehug}/T1007/net_start/net_start.log (100%) rename datasets/malware/{ => lamehug}/T1007/net_start/net_start.yml (84%) rename datasets/malware/{ => lamehug}/T1071.004/hugging_face/hugging_face.yml (83%) rename datasets/malware/{ => lamehug}/T1071.004/hugging_face/huggingface.log (100%) rename datasets/malware/{ => lamehug}/T1082/wmic_cmd/wmic_cmd.log (100%) rename datasets/malware/{ => lamehug}/T1082/wmic_cmd/wmic_cmd.yml (85%) create mode 100644 datasets/malware/lamehug/T1119/doc_collection/doc_collection.yml create mode 100644 datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log diff --git a/datasets/malware/T1007/net_start/net_start.log b/datasets/malware/lamehug/T1007/net_start/net_start.log similarity index 100% rename from datasets/malware/T1007/net_start/net_start.log rename to datasets/malware/lamehug/T1007/net_start/net_start.log diff --git a/datasets/malware/T1007/net_start/net_start.yml b/datasets/malware/lamehug/T1007/net_start/net_start.yml similarity index 84% rename from datasets/malware/T1007/net_start/net_start.yml rename to datasets/malware/lamehug/T1007/net_start/net_start.yml index f4027cc4..326e75ef 100644 --- a/datasets/malware/T1007/net_start/net_start.yml +++ b/datasets/malware/lamehug/T1007/net_start/net_start.yml @@ -8,6 +8,6 @@ mitre_technique: - T1007 datasets: - name: net_start.log - path: /datasets/malware/T1007/net_start/net_start.log + path: /datasets/malware/lamehug/T1007/net_start/net_start.log sourcetype: 'XmlWinEventLog' source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/malware/T1071.004/hugging_face/hugging_face.yml b/datasets/malware/lamehug/T1071.004/hugging_face/hugging_face.yml similarity index 83% rename from datasets/malware/T1071.004/hugging_face/hugging_face.yml rename to datasets/malware/lamehug/T1071.004/hugging_face/hugging_face.yml index 117181c4..9d407c3e 100644 --- a/datasets/malware/T1071.004/hugging_face/hugging_face.yml +++ b/datasets/malware/lamehug/T1071.004/hugging_face/hugging_face.yml @@ -8,6 +8,6 @@ mitre_technique: - T1071.004 datasets: - name: huggingface.log - path: /datasets/malware/T1071.004/hugging_face/huggingface.log + path: /datasets/malware/lamehug/T1071.004/hugging_face/huggingface.log sourcetype: 'XmlWinEventLog' source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/malware/T1071.004/hugging_face/huggingface.log b/datasets/malware/lamehug/T1071.004/hugging_face/huggingface.log similarity index 100% rename from datasets/malware/T1071.004/hugging_face/huggingface.log rename to datasets/malware/lamehug/T1071.004/hugging_face/huggingface.log diff --git a/datasets/malware/T1082/wmic_cmd/wmic_cmd.log b/datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.log similarity index 100% rename from datasets/malware/T1082/wmic_cmd/wmic_cmd.log rename to datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.log diff --git a/datasets/malware/T1082/wmic_cmd/wmic_cmd.yml b/datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.yml similarity index 85% rename from datasets/malware/T1082/wmic_cmd/wmic_cmd.yml rename to datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.yml index 693d651a..35a90c7c 100644 --- a/datasets/malware/T1082/wmic_cmd/wmic_cmd.yml +++ b/datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.yml @@ -8,6 +8,6 @@ mitre_technique: - T1082 datasets: - name: wmic_cmd.log - path: /datasets/malware/T1082/wmic_cmd/wmic_cmd.log + path: /datasets/malware/lamehug/T1082/wmic_cmd/wmic_cmd.log sourcetype: 'XmlWinEventLog' source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/malware/lamehug/T1119/doc_collection/doc_collection.yml b/datasets/malware/lamehug/T1119/doc_collection/doc_collection.yml new file mode 100644 index 00000000..5ee91ed4 --- /dev/null +++ b/datasets/malware/lamehug/T1119/doc_collection/doc_collection.yml @@ -0,0 +1,13 @@ +author: Teoderick Contreras, Splunk +id: 4db3d658-826f-11f0-b7e4-629be3538068 +date: '2025-08-26' +description: Generated datasets for doc collection in attack range. +environment: attack_range +directory: doc_collection +mitre_technique: +- T1119 +datasets: +- name: xcopy_event.log + path: /datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log + sourcetype: 'XmlWinEventLog' + source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log b/datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log new file mode 100644 index 00000000..fd330799 --- /dev/null +++ b/datasets/malware/lamehug/T1119/doc_collection/xcopy_event.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d0b0b5049a6cf825e21f4f17dc436e06e1dec2743e2e7fecd8a2d02efc977993 +size 252732