search

splunk / attack_data

A repository of curated datasets from various attacks
Apache License 2.0
588 stars 95 forks source link

Nterl0k - Goot Loader Malware w/ Partial TTPs #817

Closed nterl0k closed 1 year ago

nterl0k commented 1 year ago

Upload for incoming detection builds.

patel-bhavin commented 1 year ago

@nterl0k : Hello, thank you for the PR. Can you add a yml file in the partial_ttps directory describing the data, how it was generated? Also, it looks like the .log file was directly committed into the branch. Upload these dataset files via git lfs? Eg: https://github.com/splunk/attack_data/blob/master/datasets/attack_techniques/T1003.001/atomic_red_team/atomic_red_team.yml

nterl0k commented 1 year ago

Can do, didn't realize we still needed the description ymls.

I'll craft one and upload shortly.

From: Bhavin Patel @.> Sent: Tuesday, July 11, 2023 11:16 AM To: splunk/attack_data @.> Cc: Steven Dick @.>; Mention @.> Subject: Re: [splunk/attack_data] Nterl0k - Goot Loader Malware w/ Partial TTPs (PR #817)

@nterl0khttps://github.com/nterl0k : Hello, thank you for the PR. Can you add a yml file in the partial_ttps describing the data, how it was generated? Eg: https://github.com/splunk/attack_data/blob/master/datasets/attack_techniques/T1003.001/atomic_red_team/atomic_red_team.yml

— Reply to this email directly, view it on GitHubhttps://github.com/splunk/attack_data/pull/817#issuecomment-1631018856, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJIYP7UV4NGXBMZYNDSNV3LXPVU4FANCNFSM6AAAAAAZIJPYIM. You are receiving this because you were mentioned.Message ID: @.***>

nterl0k commented 1 year ago

yml added, edit/update as you need to.

patel-bhavin commented 1 year ago

perfect! this is great. thank you for being so prompt! @nterl0k