Big dump of snapattack logs

datasets/attack_techniques/T1001/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 359d5738-ce1c-40f4-8360-d544dab6db59
+date: '2026-04-01'
+description: Generated datasets for Windows String Manipulation Techniques in attack
+    range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1001
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1001/snapattack/snaattack.log

datasets/attack_techniques/T1003.001/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 23bcd20e-abc1-43fa-bd6f-117cb360633e
+date: '2026-04-01'
+description: Generated datasets for Windows Evidence of LSASS Shtinkering - AppCrash
+    Reports in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1003.001
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1003.001/snapattack/snaattack.log

datasets/attack_techniques/T1003.002/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: df5b874a-91f8-4eca-bf06-2570a6f7834b
+date: '2026-04-01'
+description: Generated datasets for Windows Usage of Mimikatz lsadump::sam module
+    (PoSh) in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1003.002
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
+    path: /datasets/attack_techniques/T1003.002/snapattack/snaattack.log

datasets/attack_techniques/T1003.003/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 53065f7f-c068-4a10-8009-26bb81ba80f9
+date: '2026-04-01'
+description: Generated datasets for Windows Explorer mounting a ntdsutil snapshot
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1003.003
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1003.003/snapattack/snaattack.log

datasets/attack_techniques/T1003.004/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: e30f8af0-68c6-4d63-93f7-c835dee26282
+date: '2026-04-01'
+description: Generated datasets for Windows Usage of Mimikatz lsadump::secrets module
+    (Sysmon) in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1003.004
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1003.004/snapattack/snaattack.log

datasets/attack_techniques/T1003.005/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: a0c61c8d-b591-43ea-960e-e07c70908955
+date: '2026-04-01'
+description: Generated datasets for Windows Usage of Mimikatz lsadump::cache module
+    (Sysmon) in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1003.005
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1003.005/snapattack/snaattack.log

datasets/attack_techniques/T1003.006/snapattack/snapattack.yml

@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: c662746c-b0c8-440e-b0a0-2ae243fdd61d
+date: '2026-04-01'
+description: Generated datasets for Windows Possible DCSync attack in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1003.006
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1003.006/snapattack/snaattack.log

datasets/attack_techniques/T1003/snapattack/snapattack.yml

@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: b7b26034-912b-4cb5-9f7a-f1389e00a680
+date: '2026-04-01'
+description: "Generated datasets for Windows Common credential dumpers in attack range."
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1003
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1003/snapattack/snaattack.log

datasets/attack_techniques/T1006/snapattack/snapattack.yml

@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: 1588ea84-f7f1-4ed3-8d53-acba5c6a5c2d
+date: '2026-04-01'
+description: Generated datasets for Windows IsaacWiper DLL RawDiskRead in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1006
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1006/snapattack/snaattack.log

datasets/attack_techniques/T1011/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 13356374-aa80-49d4-9e1e-10e0ed9a2093
+date: '2026-04-01'
+description: Generated datasets for Windows Suspicious Program Location with Network
+    Connections in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1011
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1011/snapattack/snaattack.log

datasets/attack_techniques/T1012/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 24d12d67-7cba-4ee2-aadd-05a6a224064d
+date: '2026-04-01'
+description: Generated datasets for Windows Possible Turla Snake Malware via Covert
+    Store Registry Key in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1012
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1012/snapattack/snaattack.log

datasets/attack_techniques/T1016.001/snapattack/snapattack.yml

@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: a2887fd7-921d-4411-a338-8262c2f42a52
+date: '2026-04-01'
+description: Generated datasets for Windows GoldFinder DNS Query in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1016.001
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1016.001/snapattack/snaattack.log

datasets/attack_techniques/T1020/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: bd2aeef0-e309-41aa-8e46-7ebf9cf226be
+date: '2026-04-01'
+description: Generated datasets for Windows Impacket Remote Temporary File Activity
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1020
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1020/snapattack/snaattack.log

datasets/attack_techniques/T1021.002/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 1d9993d2-f45e-409c-93aa-f83fac84756b
+date: '2026-04-01'
+description: Generated datasets for Windows CVE-2023-38146 (ThemeBleed) Exploitation
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1021.002
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1021.002/snapattack/snaattack.log

datasets/attack_techniques/T1021.004/snapattack/snapattack.yml

@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: cac19d26-abb2-4a44-88ac-8b78e0528e4c
+date: '2026-04-01'
+description: Generated datasets for Windows Putty suite in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1021.004
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1021.004/snapattack/snaattack.log

datasets/attack_techniques/T1021/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 3c2d473c-2cc8-465b-af06-a3361892740d
+date: '2026-04-01'
+description: Generated datasets for Windows Command Line Remote Services in attack
+    range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1021
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1021/snapattack/snaattack.log

datasets/attack_techniques/T1022/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 67a6dbde-f352-4c16-8d31-546195a2f15b
+date: '2026-04-01'
+description: Generated datasets for Windows Suspicious Key Created in Root Directory
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1022
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1022/snapattack/snaattack.log

datasets/attack_techniques/T1027.009/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: fed6ef80-21ff-48c8-8e52-614b774ef17b
+date: '2026-04-01'
+description: Generated datasets for Windows Possible Turla Snake Malware Installer
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1027.009
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1027.009/snapattack/snaattack.log

datasets/attack_techniques/T1027.010/snapattack/snapattack.yml

@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 6fa1cd43-1106-466c-a2e4-cf254277ab62
+date: '2026-04-01'
+description: Generated datasets for Windows Command Obfuscation with Environment Variable
+    Substrings in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1027.010
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1027.010/snapattack/snaattack.log

datasets/attack_techniques/T1027/snapattack/snapattack.yml

@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: f7e0f1ec-2f22-47c8-8e13-59f521c08829
+date: '2026-04-01'
+description: Generated datasets for Windows Possible Nuitka Artifacts in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1027
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1027/snapattack/snaattack.log

datasets/attack_techniques/T1030/snapattack/snapattack.yml

@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: 610dfbc6-0ce6-4a13-b500-251775f4fc39
+date: '2026-04-01'
+description: Generated datasets for Windows MagicCopy in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1030
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
+    path: /datasets/attack_techniques/T1030/snapattack/snaattack.log