|
Credential Extraction
|
attack_range
|
T1003 (OS Credential Dumping)
|
1 dataset
|
Stanislav Miskovic
|
2021-02-23
|
|
Wdigest Enable
|
attack_range
|
T1003 (OS Credential Dumping)
|
1 dataset
|
Teoderick Contreras
|
2021-10-05
|
|
Atomic Red Team
|
attack_range
|
T1003.001 (LSASS Memory)
|
5 datasets
|
Patrick Bareiss, Michael Haag
|
2022-01-12
|
|
Serioussam
|
attack_range
|
T1003.002 (Security Account Manager)
|
1 dataset
|
Mauricio Velazco, Michael Haag
|
2021-07-21
|
|
Detect Copy Of Shadowcopy With Script Block Logging
|
attack_range
|
T1003.002 (Security Account Manager)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Atomic Red Team
|
attack_range
|
T1003.002 (Security Account Manager)
|
2 datasets
|
Patrick Bareiss
|
2020-10-08
|
|
Atomic Red Team
|
attack_range
|
T1003.003 (NTDS)
|
3 datasets
|
Patrick Bareiss
|
2020-10-08
|
|
Nolmhash
|
attack_range
|
T1003.004 (LSA Secrets)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-15
|
|
Mimikatz
|
attack_range
|
T1003.006 (DCSync)
|
1 dataset
|
Dean Luxton
|
2022-07-20
|
|
Impacket
|
attack_range
|
T1003.006 (DCSync)
|
1 dataset
|
Dean Luxton
|
2022-07-20
|
|
Esxi Sensitive Files
|
custom
|
T1003.008 (/etc/passwd and /etc/shadow)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Linux Auditd Access Credential
|
attack_range
|
T1003.008 (/etc/passwd and /etc/shadow)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Copy File Stdoutpipe
|
attack_range
|
T1003.008 (/etc/passwd and /etc/shadow)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Esxi Vm Download
|
custom
|
T1005 (Data from Local System)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Net Start
|
attack_range
|
T1007 (System Service Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-25
|
|
T1014
|
attack_range
|
T1014 (Rootkit)
|
2 datasets
|
Michael Haag
|
2022-04-04
|
|
Medusa Rootkit
|
custom
|
T1014 (Rootkit)
|
1 dataset
|
Raven Tait, Splunk
|
2025-08-05
|
|
Linux Auditd Net Tool
|
attack_range
|
T1016 (System Network Configuration Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-20
|
|
Discovery Commands
|
attack_range
|
T1016 (System Network Configuration Discovery)
|
1 dataset
|
Patrick Bareiss
|
2020-11-10
|
|
Macos Net Discovery
|
vm
|
T1016 (System Network Configuration Discovery)
|
2 datasets
|
Jamie Windley
|
2025-08-15
|
|
Linux Net Discovery
|
attack_range
|
T1016 (System Network Configuration Discovery)
|
1 dataset
|
Teoderick Contreras
|
2022-02-14
|
|
Linux Auditd Net Tool New
|
attack_range
|
T1016 (System Network Configuration Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Ad Discovery
|
attack_range
|
T1018 (Remote System Discovery)
|
1 dataset
|
Mauricio Velazco
|
2021-09-07
|
|
Windows Get Adcomputer Unconstrained Delegation Discovery
|
attack_range
|
T1018 (Remote System Discovery)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Atomic Red Team
|
attack_range
|
T1018 (Remote System Discovery)
|
1 dataset
|
Jose Hernandez
|
2020-12-16
|
|
Windows Powerview Constrained Delegation Discovery
|
attack_range
|
T1018 (Remote System Discovery)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
T1020
|
attack_range
|
T1020 (Automated Exfiltration)
|
1 dataset
|
Michael Haag, Splunk
|
2021-05-13
|
|
Esxi Shell Enabled
|
custom
|
T1021 (Remote Services)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Allow Inbound Traffic In Firewall Rule
|
attack_range
|
T1021 (Remote Services)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Terminal Server Reg Created
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Remote Desktop Connection
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Patrick Bareiss
|
2024-02-27
|
|
Susp Default Rdp Creation
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-10-27
|
|
Rdp Creation
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Rdp Session Established
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-31
|
|
Bmc Creation
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Unhide File
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Mstsc Rdp Cmd
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-17
|
|
Nirsoft Tooling
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-21
|
|
Mstsc Admini
|
attack_range
|
T1021.001 (Remote Desktop Protocol)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Executable In Share
|
attack_range
|
T1021.002 (SMB/Windows Admin Shares)
|
1 dataset
|
Patrick Bareiss
|
2024-01-30
|
|
Atomic Red Team
|
attack_range
|
T1021.002 (SMB/Windows Admin Shares)
|
7 datasets
|
Patrick Bareiss
|
2020-11-10
|
|
Impacket Wmiexec
|
attack_range
|
T1021.002 (SMB/Windows Admin Shares)
|
1 dataset
|
Patrick Bareiss
|
2024-02-01
|
|
Impacket Smbexec
|
attack_range
|
T1021.002 (SMB/Windows Admin Shares)
|
1 dataset
|
Patrick Bareiss
|
2024-02-01
|
|
Lateral Movement
|
attack_range
|
T1021.003 (Distributed Component Object Model)
|
3 datasets
|
Mauricio Velazco
|
2021-11-15
|
|
Lateral Movement Speechruntime
|
attack_range
|
T1021.003 (Distributed Component Object Model)
|
1 dataset
|
Raven Tait, Splunk
|
2025-08-25
|
|
Impacket
|
attack_range
|
T1021.003 (Distributed Component Object Model)
|
1 dataset
|
Mauricio Velazco
|
2021-11-19
|
|
Excel Activemicrosoftapp
|
attack_range
|
T1021.003 (Distributed Component Object Model)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-20
|
|
Lateral Movement Lolbas
|
attack_range
|
T1021.003 (Distributed Component Object Model)
|
1 dataset
|
Mauricio Velazco
|
2021-11-23
|
|
Esxi Ssh Enabled
|
custom
|
T1021.004 (SSH)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Atomic Red Team
|
attack_range
|
T1021.004 (SSH)
|
1 dataset
|
Michael Haag, Splunk
|
2022-07-24
|
|
Lateral Movement Psh
|
attack_range
|
T1021.006 (Windows Remote Management)
|
2 datasets
|
Mauricio Velazco
|
2021-11-16
|
|
Wirm Execute Shell
|
attack_range
|
T1021.006 (Windows Remote Management)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-12-13
|
|
Lateral Movement
|
attack_range
|
T1021.006 (Windows Remote Management)
|
1 dataset
|
Mauricio Velazco
|
2021-11-12
|
|
Compmgtm Access
|
attack_range
|
T1021.006 (Windows Remote Management)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-17
|
|
Lateral Movement Lolbas
|
attack_range
|
T1021.006 (Windows Remote Management)
|
1 dataset
|
Mauricio Velazco
|
2021-11-23
|
|
Lateral Movement Pssession
|
attack_range
|
T1021.006 (Windows Remote Management)
|
1 dataset
|
Mauricio Velazco
|
2021-11-18
|
|
Wsman Trustedhost
|
attack_range
|
T1021.006 (Windows Remote Management)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Trickbot Drop
|
attack_range
|
T1027 (Obfuscated Files or Information)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Fuckthatpacker
|
attack_range
|
T1027 (Obfuscated Files or Information)
|
1 dataset
|
Michael Haag, Jose Hernandez, Splunk
|
2022-03-18
|
|
Atomic Red Team
|
attack_range
|
T1027 (Obfuscated Files or Information)
|
1 dataset
|
Patrick Bareiss
|
2020-10-08
|
|
Manual B64 Decode Pwsh
|
attack_range
|
T1027.010 (Command Obfuscation)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-23
|
|
Linux Auditd Split B Exec
|
attack_range
|
T1030 (Data Transfer Size Limits)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Split Syscall New
|
attack_range
|
T1030 (Data Transfer Size Limits)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Linux Auditd Split Syscall
|
attack_range
|
T1030 (Data Transfer Size Limits)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-19
|
|
Linux Auditd Whoami New
|
attack_range
|
T1033 (System Owner/User Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Ad Discovery
|
attack_range
|
T1033 (System Owner/User Discovery)
|
2 datasets
|
Mauricio Velazco
|
2021-09-13
|
|
Qakbot Discovery Cmdline
|
attack_range
|
T1033 (System Owner/User Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-21
|
|
Atomic Red Team
|
attack_range
|
T1033 (System Owner/User Discovery)
|
1 dataset
|
Automated Attack Data Service
|
2020-12-04
|
|
Linux Auditd Whoami
|
attack_range
|
T1033 (System Owner/User Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-19
|
|
Whoami Priv
|
attack_range
|
T1033 (System Owner/User Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-15
|
|
Msdtc Process Param
|
attack_range
|
T1036 (Masquerading)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-21
|
|
Write To Recycle Bin
|
attack_range
|
T1036 (Masquerading)
|
1 dataset
|
Patrick Bareiss
|
2020-12-08
|
|
Suspicious Process Path
|
attack_range
|
T1036 (Masquerading)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-01-27
|
|
Copy Sysmon
|
attack_range
|
T1036.003 (Rename Legitimate Utilities)
|
1 dataset
|
Teoderick Contreras
|
2021-10-05
|
|
Mpcmdrun
|
attack_range
|
T1036.003 (Rename Legitimate Utilities)
|
1 dataset
|
Lou Stella, Splunk
|
2022-07-18
|
|
Samsam Extension
|
attack_range
|
T1036.003 (Rename Legitimate Utilities)
|
1 dataset
|
Patrick Bareiss
|
2020-11-19
|
|
Atomic Red Team
|
attack_range
|
T1036.003 (Rename Legitimate Utilities)
|
1 dataset
|
Patrick Bareiss
|
2020-11-19
|
|
Logonscript Reg
|
attack_range
|
T1037.001 (Logon Script (Windows))
|
1 dataset
|
Teoderick Contreras
|
2021-09-28
|
|
Kubernetes Scanning
|
attack_range
|
T1046 (Network Service Discovery)
|
1 dataset
|
Patrick Bareiss
|
2023-12-07
|
|
Advanced Ip Port Scanner
|
attack_range
|
T1046 (Network Service Discovery)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-13
|
|
Sysinternals Pstools
|
attack_range
|
T1046 (Network Service Discovery)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-15
|
|
Wbadmin Recovery
|
attack_range
|
T1046 (Network Service Discovery)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-15
|
|
Lateral Movement
|
attack_range
|
T1047 (Windows Management Instrumentation)
|
1 dataset
|
Mauricio Velazco
|
2021-11-15
|
|
Execution Scrcons
|
attack_range
|
T1047 (Windows Management Instrumentation)
|
1 dataset
|
Patrick Bareiss
|
2020-12-07
|
|
Lateral Movement Lolbas
|
attack_range
|
T1047 (Windows Management Instrumentation)
|
1 dataset
|
Mauricio Velazco
|
2021-11-23
|
|
Atomic Red Team
|
attack_range
|
T1047 (Windows Management Instrumentation)
|
3 datasets
|
Patrick Bareiss
|
2020-11-30
|
|
Wmi Impersonate
|
attack_range
|
T1047 (Windows Management Instrumentation)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-24
|
|
Ftp Connection
|
attack_range
|
T1048 (Exfiltration Over Alternative Protocol)
|
1 dataset
|
Patrick Bareiss
|
2024-02-27
|
|
Long Dns Queries
|
attack_range
|
T1048.003 (Exfiltration Over Unencrypted Non-C2 Protocol)
|
1 dataset
|
Patrick Bareiss
|
2021-01-18
|
|
Cve 2023 23397
|
attack_range
|
T1048.003 (Exfiltration Over Unencrypted Non-C2 Protocol)
|
1 dataset
|
Michael Haag
|
2023-03-16
|
|
Nslookup Exfil
|
attack_range
|
T1048.003 (Exfiltration Over Unencrypted Non-C2 Protocol)
|
2 datasets
|
Teoderick Contreras
|
2022-06-03
|
|
Mass File Creation
|
attack_range
|
T1048.003 (Exfiltration Over Unencrypted Non-C2 Protocol)
|
1 dataset
|
Patrick Bareiss
|
2021-12-08
|
|
Ad Discovery
|
attack_range
|
T1049 (System Network Connections Discovery)
|
1 dataset
|
Mauricio Velazco
|
2021-09-10
|
|
At Execution
|
attack_range
|
T1053.002 (At)
|
1 dataset
|
Teoderick Contreras
|
2021-12-17
|
|
Linux Auditd At
|
attack_range
|
T1053.002 (At)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-09
|
|
Linux Auditd Chown Root
|
attack_range
|
T1053.002 (At)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Lateral Movement
|
attack_range
|
T1053.002 (At)
|
1 dataset
|
Mauricio Velazco
|
2021-11-12
|
|
Linux New Auditd At
|
attack_range
|
T1053.002 (At)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Linux Auditd Crontab Edit
|
attack_range
|
T1053.003 (Cron)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-09
|
|
Cronjobs Entry
|
attack_range
|
T1053.003 (Cron)
|
2 datasets
|
Teoderick Contreras
|
2021-12-17
|
|
Crontab Edit Parameter
|
attack_range
|
T1053.003 (Cron)
|
1 dataset
|
Teoderick Contreras
|
2021-12-17
|
|
Linux Auditd Crontab Edit New
|
attack_range
|
T1053.003 (Cron)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Crontab List Parameter
|
attack_range
|
T1053.003 (Cron)
|
1 dataset
|
Teoderick Contreras
|
2022-04-26
|
|
Linux Auditd Cron File Audited
|
attack_range
|
T1053.003 (Cron)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Asyncrat Highest Priv Schtasks
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-26
|
|
Taskschedule
|
attack_range
|
T1053.005 (Scheduled Task)
|
2 datasets
|
Michael Haag, Splunk
|
2022-04-18
|
|
Schtask System
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Michael Haag
|
2022-02-10
|
|
Windows Taskschedule
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Michael Haag, Splunk
|
2021-10-21
|
|
Schtasks
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Patrick Bareiss
|
2020-12-07
|
|
Lateral Movement
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Mauricio Velazco
|
2021-11-12
|
|
Schtask Shutdown
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Patrick Bareiss
|
2020-12-07
|
|
Svchost Lolbas Execution Process Spawn
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Winevent Scheduled Task With Suspect Name
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Steven Dick
|
2025-01-28
|
|
Winevent Windows Task Scheduler Event Action Started
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Winevent Scheduled Task Created To Spawn Shell
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Lateral Movement Lolbas
|
attack_range
|
T1053.005 (Scheduled Task)
|
1 dataset
|
Mauricio Velazco
|
2021-11-23
|
|
Atomic Red Team
|
attack_range
|
T1053.005 (Scheduled Task)
|
3 datasets
|
Automated Attack Data Service
|
2020-12-07
|
|
Linux Services Restart
|
attack_range
|
T1053.006 (Systemd Timers)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Service Systemd
|
attack_range
|
T1053.006 (Systemd Timers)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Kubernetes Audit Cron Job Creation
|
attack_range
|
T1053.007 (Container Orchestration Job)
|
1 dataset
|
Patrick Bareiss
|
2023-12-14
|
|
Cobalt Strike
|
attack_range
|
T1055 (Process Injection)
|
3 datasets
|
Michael Haag
|
2021-02-22
|
|
Msra
|
attack_range
|
T1055 (Process Injection)
|
2 datasets
|
Michael Haag
|
2021-02-22
|
|
Sliver
|
attack_range
|
T1055 (Process Injection)
|
3 datasets
|
Michael Haag
|
2023-02-22
|
|
Trickbot Inf
|
attack_range
|
T1055 (Process Injection)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Rasautou
|
attack_range
|
T1055.001 (Dynamic-link Library Injection)
|
1 dataset
|
Michael Haag
|
2022-02-15
|
|
Process Commandline Discovery
|
attack_range
|
T1057 (Process Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-15
|
|
Path Traversal
|
attack_range
|
T1059 (Command and Scripting Interpreter)
|
1 dataset
|
Teoderick Contreras
|
2022-05-30
|
|
Suspiciously Named Executables
|
attack_range
|
T1059 (Command and Scripting Interpreter)
|
1 dataset
|
Michael Hart
|
2022-02-15
|
|
Vmtoolsd Execution
|
custom
|
T1059 (Command and Scripting Interpreter)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-30
|
|
Autoit
|
attack_range
|
T1059 (Command and Scripting Interpreter)
|
1 dataset
|
Michael Haag
|
2023-11-08
|
|
Metasploit
|
attack_range
|
T1059 (Command and Scripting Interpreter)
|
1 dataset
|
Michael Haag
|
2022-11-21
|
|
Esxi Reverse Shell
|
custom
|
T1059 (Command and Scripting Interpreter)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Excessive Distinct Processes From Windows Temp
|
attack_range
|
T1059 (Command and Scripting Interpreter)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Malicious Cmd Line Samples
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Michael Hart
|
2022-01-19
|
|
Soaphound
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Michael Haag
|
2024-02-13
|
|
Powershell Testing
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Michael Haag
|
2021-06-09
|
|
Powershell Script Block Logging
|
attack_range
|
T1059.001 (PowerShell)
|
3 datasets
|
Michael Haag
|
2021-06-09
|
|
Obfuscated Powershell
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Patrick Bareiss
|
2021-01-19
|
|
Import Applocker Policy
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Teoderick Contreras
|
2022-06-30
|
|
Unmanaged Powershell Execution
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Mauricio Velazco
|
2023-02-22
|
|
Asyncrat Crypto Pwh Namespace
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-26
|
|
Sharphound
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Michael Haag
|
2021-06-03
|
|
Trickbot Cmd Powershell
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Powershell Remotesigned
|
attack_range
|
T1059.001 (PowerShell)
|
3 datasets
|
Teoderick Contreras, Splunk
|
2023-06-16
|
|
Msix Powershell
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Michael Haag
|
2023-06-22
|
|
Exchange
|
attack_range
|
T1059.001 (PowerShell)
|
2 datasets
|
Michael Haag, Splunk
|
2022-10-05
|
|
Atomic Red Team
|
attack_range
|
T1059.001 (PowerShell)
|
8 datasets
|
Command and Scripting Interpreter: PowerShell
|
2021-03-01
|
|
Hidden Powershell
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Patrick Bareiss
|
2020-11-20
|
|
Powershell Xml Requests
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Patrick Bareiss
|
2020-11-20
|
|
Powershell Execution Policy
|
attack_range
|
T1059.001 (PowerShell)
|
1 dataset
|
Patrick Bareiss
|
2020-12-09
|
|
Encoded Powershell
|
attack_range
|
T1059.001 (PowerShell)
|
4 datasets
|
Patrick Bareiss
|
2021-01-19
|
|
Cmd Spawns Cscript
|
attack_range
|
T1059.003 (Windows Command Shell)
|
1 dataset
|
Patrick Bareiss
|
2020-11-10
|
|
Ryuk
|
attack_range
|
T1059.003 (Windows Command Shell)
|
1 dataset
|
Michael Haag
|
2021-03-01
|
|
Atomic Red Team
|
attack_range
|
T1059.003 (Windows Command Shell)
|
1 dataset
|
Michael Haag
|
2024-02-04
|
|
Powershell Spawn Cmd
|
attack_range
|
T1059.003 (Windows Command Shell)
|
1 dataset
|
Patrick Bareiss
|
2020-11-10
|
|
Linux Discovery Tools
|
attack_range
|
T1059.004 (Unix Shell)
|
1 dataset
|
Bhavin Patel
|
2022-02-14
|
|
Discord Dnsquery
|
attack_range
|
T1059.005 (Visual Basic)
|
1 dataset
|
Teoderick Contreras
|
2022-01-19
|
|
Vbs Wscript
|
attack_range
|
T1059.005 (Visual Basic)
|
1 dataset
|
Teoderick Contreras
|
2021-10-01
|
|
Drivers
|
attack_range
|
T1068 (Exploitation for Privilege Escalation)
|
2 datasets
|
Michael haag
|
2022-05-16
|
|
Windows Escalation Behavior
|
attack_range
|
T1068 (Exploitation for Privilege Escalation)
|
1 dataset
|
Steven Dick
|
2023-11-30
|
|
Zoom Child Process
|
attack_range
|
T1068 (Exploitation for Privilege Escalation)
|
1 dataset
|
Patrick Bareiss
|
2020-11-19
|
|
Atomic Red Team
|
attack_range
|
T1069.001 (Local Groups)
|
2 datasets
|
Michael Haag
|
2021-09-14
|
|
Ad Discovery
|
attack_range
|
T1069.002 (Domain Groups)
|
6 datasets
|
Mauricio Velazco
|
2021-09-07
|
|
Domain Group Discovery With Adsisearcher
|
attack_range
|
T1069.002 (Domain Groups)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Esxi System Clock Manipulation
|
custom
|
T1070 (Indicator Removal)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Remove Windows Security Event Log
|
attack_range
|
T1070 (Indicator Removal)
|
1 dataset
|
Patrick Bareiss
|
2024-01-29
|
|
Atomic Red Team
|
attack_range
|
T1070 (Indicator Removal)
|
1 dataset
|
Automated Attack Data Service
|
2020-12-08
|
|
Fsutil File Zero
|
attack_range
|
T1070 (Indicator Removal)
|
1 dataset
|
Teoderick Contreras
|
2021-08-11
|
|
Suspicious Kerberos Service Ticket Request
|
attack_range
|
T1070.001 (Clear Windows Event Logs)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Windows Event Log Cleared
|
attack_range
|
T1070.001 (Clear Windows Event Logs)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Atomic Red Team
|
attack_range
|
T1070.001 (Clear Windows Event Logs)
|
1 dataset
|
Patrick Bareiss
|
2020-10-09
|
|
Suspicious Event Log Service Behavior
|
attack_range
|
T1070.001 (Clear Windows Event Logs)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Rdp Deletion
|
attack_range
|
T1070.004 (File Deletion)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Automatic File Deleted
|
attack_range
|
T1070.004 (File Deletion)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Terminal Server Reg Deleted
|
attack_range
|
T1070.004 (File Deletion)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Bmc File Deleted
|
attack_range
|
T1070.004 (File Deletion)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-30
|
|
Atomic Red Team
|
attack_range
|
T1070.005 (Network Share Connection Removal)
|
1 dataset
|
Automated Attack Data Service
|
2020-12-09
|
|
Outbound Smb Traffic
|
attack_range
|
T1071.002 (File Transfer Protocols)
|
1 dataset
|
Patrick Bareiss
|
2024-02-27
|
|
Hugging Face
|
attack_range
|
T1071.004 (DNS)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-25
|
|
Vbc Dnsquery
|
attack_range
|
T1071.004 (DNS)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-10-01
|
|
Esxi Stolen Root Account
|
custom
|
T1078 (Valid Accounts)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Aws Setdefaultpolicyversion
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Bhavin Patel
|
2021-02-22
|
|
Esxi External Root Login
|
custom
|
T1078 (Valid Accounts)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Defaultaccount
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Michael Haag
|
2021-11-15
|
|
Aws Createloginprofile
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Bhavin Patel
|
2021-02-22
|
|
Aws Create Policy Version
|
attack_range
|
T1078 (Valid Accounts)
|
2 datasets
|
Bhavin Patel
|
2021-02-22
|
|
Special Logon On Mulitple Hosts
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Mauricio Velazco
|
2023-03-27
|
|
Aws Updateloginprofile
|
attack_range
|
T1078 (Valid Accounts)
|
2 datasets
|
Bhavin Patel
|
2021-02-22
|
|
Aws Saml Update Identity Provider
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Rod Soto
|
2021-01-26
|
|
O365 Multiple Appids And Useragents Auth
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Mauricio Velazco
|
2023-10-24
|
|
Aws Saml Access By Provider User And Principal
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Rod Soto
|
2021-01-26
|
|
Update Saml Provider
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Patrick Bareiss
|
2021-02-01
|
|
Aws Createaccesskey
|
attack_range
|
T1078 (Valid Accounts)
|
2 datasets
|
Bhavin Patel
|
2021-02-22
|
|
Azure Ad Multiple Appids And Useragents Auth
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Mauricio Velazco
|
2023-10-25
|
|
Okta Suspicious Activity Reported By User
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Mauricio Velazco
|
2024-03-11
|
|
O365 Excessive Sso Logon Errors
|
attack_range
|
T1078 (Valid Accounts)
|
1 dataset
|
Rod Soto
|
2021-01-26
|
|
Suspicious Computer Account Name Change
|
attack_range
|
T1078.002 (Domain Accounts)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Powerview Acl Enumeration
|
attack_range
|
T1078.002 (Domain Accounts)
|
1 dataset
|
Mauricio Velazco
|
2023-04-21
|
|
Suspicious Ticket Granting Ticket Request
|
attack_range
|
T1078.002 (Domain Accounts)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Account Lockout
|
attack_range
|
T1078.002 (Domain Accounts)
|
3 datasets
|
Patrick Bareiss
|
2020-11-09
|
|
Okta Single Factor Auth
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Bhavin Patel
|
2024-03-18
|
|
Okta Threatinsight Threat Detected
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2024-04-02
|
|
Azuread
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2022-07-12
|
|
Azuread Pws
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2022-07-13
|
|
Azure Automation Runbook
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2022-08-23
|
|
O365 Security And Compliance Alert Triggered
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2024-03-26
|
|
Azure Ad Service Principal Authentication
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2024-02-12
|
|
Gcp Single Factor Auth
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2022-10-13
|
|
Azure Runbook Webhook
|
attack_range
|
T1078.004 (Cloud Accounts)
|
1 dataset
|
Mauricio Velazco
|
2022-08-23
|
|
Wmic Cmd
|
attack_range
|
T1082 (System Information Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-25
|
|
Esxi System Information
|
custom
|
T1082 (System Information Discovery)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Linux Auditd Lsmod
|
attack_range
|
T1082 (System Information Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-09
|
|
Atomic Red Team
|
attack_range
|
T1082 (System Information Discovery)
|
1 dataset
|
Patrick Bareiss
|
2020-10-09
|
|
Linux Auditd Lsmod New
|
attack_range
|
T1082 (System Information Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Linux Auditd Hidden File
|
attack_range
|
T1083 (File and Directory Discovery)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Find Virtual Disk
|
attack_range
|
T1083 (File and Directory Discovery)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Find Document
|
attack_range
|
T1083 (File and Directory Discovery)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Find Db
|
attack_range
|
T1083 (File and Directory Discovery)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-19
|
|
Enumerate Users Local Group Using Telegram
|
attack_range
|
T1087 (Account Discovery)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Ad Discovery
|
attack_range
|
T1087.001 (Local Account)
|
2 datasets
|
Mauricio Velazco
|
2021-08-24
|
|
Blackmatter Schcache
|
attack_range
|
T1087.002 (Domain Account)
|
1 dataset
|
Teoderick Contreras
|
2021-09-07
|
|
Ad Discovery
|
attack_range
|
T1087.002 (Domain Account)
|
6 datasets
|
Teoderick Contreras
|
2021-08-24
|
|
Adsi Discovery
|
attack_range
|
T1087.002 (Domain Account)
|
3 datasets
|
Teoderick Contreras
|
2022-04-28
|
|
Azurehound
|
attack_range
|
T1087.004 (Cloud Account)
|
1 dataset
|
Dean Luxton
|
2025-01-07
|
|
Okta Unauth Access
|
attack_range
|
T1087.004 (Cloud Account)
|
1 dataset
|
Bhavin Patel
|
2024-03-07
|
|
Netsh Portproxy
|
attack_range
|
T1090.001 (Internal Proxy)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-05-25
|
|
Account Manipulation
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Stanislav Miskovic
|
2021-02-23
|
|
Aws Iam Successful Group Deletion
|
attack_range
|
T1098 (Account Manipulation)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Windows Multiple Accounts Deleted
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2024-02-21
|
|
Aws Iam Delete Policy
|
attack_range
|
T1098 (Account Manipulation)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Esxi Admin Role
|
custom
|
T1098 (Account Manipulation)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Short Lived Service Principal Name
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2022-11-18
|
|
Esxi Account Modified
|
custom
|
T1098 (Account Manipulation)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Dnsadmins Member Added
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2022-04-06
|
|
Service Principal Name Added
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2022-11-17
|
|
Azure Ad Enable And Reset
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2022-08-30
|
|
Windows Multiple Passwords Changed
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2024-02-21
|
|
O365 Add App Registration Owner
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2023-09-06
|
|
Azure Ad Set Immutableid
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2022-09-02
|
|
O365 Azure Workload Events
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Steven Dick
|
2024-4-13
|
|
Dsrm Account
|
attack_range
|
T1098 (Account Manipulation)
|
2 datasets
|
Dean Luxton
|
2022-07-21
|
|
Azure Ad Add Serviceprincipal Owner
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2022-08-30
|
|
Aws Iam Failure Group Deletion
|
attack_range
|
T1098 (Account Manipulation)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Windows Multiple Accounts Disabled
|
attack_range
|
T1098 (Account Manipulation)
|
1 dataset
|
Mauricio Velazco
|
2024-02-21
|
|
Azure Ad Service Principal Credentials
|
attack_range
|
T1098.001 (Additional Cloud Credentials)
|
1 dataset
|
Mauricio Velazco
|
2022-08-18
|
|
O365 Service Principal Credentials
|
attack_range
|
T1098.001 (Additional Cloud Credentials)
|
1 dataset
|
Mauricio Velazco
|
2023-09-01
|
|
Okta New Api Token Created
|
attack_range
|
T1098.001 (Additional Cloud Credentials)
|
1 dataset
|
Mauricio Velazco
|
2024-03-06
|
|
O365 Full Access As App Permission Assigned
|
attack_range
|
T1098.002 (Additional Email Delegate Permissions)
|
1 dataset
|
Mauricio Velazco
|
2024-01-29
|
|
O365 Mailbox Folder Read Granted
|
attack_range
|
T1098.002 (Additional Email Delegate Permissions)
|
1 dataset
|
Mauricio Velazco
|
2024-03-28
|
|
Full Access As App Permission Assigned
|
attack_range
|
T1098.002 (Additional Email Delegate Permissions)
|
1 dataset
|
Mauricio Velazco
|
2024-01-29
|
|
Azure Ad Assign Global Administrator
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Gowthamaraj Rajendran
|
2022-08-17
|
|
O365 High Priv Role Assigned
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-10-20
|
|
Azure Ad Bypass Admin Consent
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2024-02-09
|
|
Azure Ad Admin Consent
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-09-14
|
|
O365 Admin Consent
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-09-05
|
|
Azure Ad Spn Privesc
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Dean Luxton
|
2025-01-07
|
|
O365 Privileged Graph Perm Assigned
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2024-01-30
|
|
Azure Ad Privileged Graph Perm Assigned
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-01-30
|
|
O365 Spn Privesc
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Dean Luxton
|
2025-01-07
|
|
Azure Ad Assign Privileged Role
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2022-08-29
|
|
O365 Bypass Admin Consent
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-02-09
|
|
Azure Ad Privileged Role Serviceprincipal
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-04-28
|
|
Azure Ad Pim Role Activated
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-04-26
|
|
O365 Grant Mail Read
|
attack_range
|
T1098.003 (Additional Cloud Roles)
|
1 dataset
|
Mauricio Velazco
|
2023-09-04
|
|
Ssh Authorized Keys
|
attack_range
|
T1098.004 (SSH Authorized Keys)
|
2 datasets
|
Teoderick Contreras
|
2022-01-11
|
|
Linux Auditd Nopasswd
|
attack_range
|
T1098.004 (SSH Authorized Keys)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Okta New Device Enrolled
|
attack_range
|
T1098.005 (Device Registration)
|
1 dataset
|
Mauricio Velazco
|
2024-03-08
|
|
Azure Ad Register New Mfa Method
|
attack_range
|
T1098.005 (Device Registration)
|
1 dataset
|
Mauricio Velazco
|
2023-10-31
|
|
O365 Register New Mfa Method
|
attack_range
|
T1098.005 (Device Registration)
|
1 dataset
|
Mauricio Velazco
|
2023-10-20
|
|
Download To Pipe Exec
|
attack_range
|
T1105 (Ingress Tool Transfer)
|
2 datasets
|
Nasreddine Bencherchali, Splunk
|
2025-10-17
|
|
Atomic Red Team
|
attack_range
|
T1105 (Ingress Tool Transfer)
|
4 datasets
|
Michael Haag, Splunk
|
2021-03-25
|
|
Dll Loaded In Temp
|
attack_range
|
T1105 (Ingress Tool Transfer)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-20
|
|
Okta Multiple Accounts Lockout
|
attack_range
|
T1110 (Brute Force)
|
1 dataset
|
Mauricio Velazco, Splunk
|
2024-03-04
|
|
O365 Brute Force Login
|
attack_range
|
T1110 (Brute Force)
|
1 dataset
|
Patrick Bareiss
|
2020-12-17
|
|
Azure Mfasweep Events
|
attack_range
|
T1110 (Brute Force)
|
1 dataset
|
Steven Dick
|
2024-12-19
|
|
Esxi Ssh Brute Force
|
custom
|
T1110 (Brute Force)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Azure Ad Successful Authentication From Different Ips
|
attack_range
|
T1110.001 (Password Guessing)
|
1 dataset
|
Mauricio Velazco
|
2023-01-24
|
|
Azure Ad High Number Of Failed Authentications For User
|
attack_range
|
T1110.001 (Password Guessing)
|
1 dataset
|
Mauricio Velazco
|
2023-01-23
|
|
O365 High Number Authentications For User
|
attack_range
|
T1110.001 (Password Guessing)
|
1 dataset
|
Mauricio Velazco
|
2023-10-10
|
|
Rdp Brute Sysmon
|
attack_range
|
T1110.001 (Password Guessing)
|
1 dataset
|
Bhavin Patel
|
2025-01-10
|
|
Aws Login Failure
|
attack_range
|
T1110.001 (Password Guessing)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-08
|
|
Aws Rds Password Reset
|
attack_range
|
T1110.002
|
2 datasets
|
Gowthamaraj Rajendran, Splunk
|
2022-08-08
|
|
Purplesharp Invalid Users Ntlm Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-09-08
|
|
O365 Distributed Spray
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2023-11-06
|
|
Purplesharp Valid Users Ntlm Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-09-07
|
|
Purplesharp Invalid Users Kerberos Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-09-08
|
|
Aws Mulitple Failed Console Login
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Bhavin Patel
|
2022-09-26
|
|
Purplesharp Multiple Users From Process Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-09-09
|
|
Gcp Gws Multiple Login Failure
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Bhavin Patel
|
2022-10-11
|
|
Password Spraying Azuread
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2023-06-16
|
|
Azure Ad Distributed Spray
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Purplesharp Explicit Credential Spray Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-09-08
|
|
Azuread Highrisk
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-07-11
|
|
Okta Multiple Users From Ip
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-02-27
|
|
Purplesharp Remote Spray Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-09-08
|
|
O365 Multiple Users From Ip
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2023-10-10
|
|
Purplesharp Valid Users Kerberos Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Mauricio Velazco
|
2022-09-08
|
|
Purplesharp Disabled Users Kerberos Xml
|
attack_range
|
T1110.003 (Password Spraying)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Local Administrator Cred Stuffing
|
attack_range
|
T1110.004 (Credential Stuffing)
|
1 dataset
|
Mauricio Velazco
|
2023-03-22
|
|
Ransomware Disable Reg
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras
|
2022-03-08
|
|
Shimcache Flush
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras
|
2021-10-05
|
|
Authenticationleveloverride
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Longpathsenabled
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-07-10
|
|
Enablelinkedconnections
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-07-10
|
|
Reg Profiles Private
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-06
|
|
Firewall Modify Delete
|
attack_range
|
T1112 (Modify Registry)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2024-07-11
|
|
Disable Notif Center
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras
|
2022-02-17
|
|
Atomic Red Team
|
attack_range
|
T1112 (Modify Registry)
|
4 datasets
|
Patrick Bareiss
|
2022-03-30
|
|
Reg Profiles Private
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-10-08
|
|
Minint Reg
|
attack_range
|
T1112 (Modify Registry)
|
1 dataset
|
Teoderick Contreras
|
2021-10-05
|
|
O365 New Forwarding Mailflow Rule Created
|
attack_range
|
T1114 (Email Collection)
|
1 dataset
|
Mauricio Velazco
|
2023-04-10
|
|
O365 Export Pst File
|
attack_range
|
T1114 (Email Collection)
|
1 dataset
|
Patrick Bareiss
|
2020-12-17
|
|
O365 Suspect Email Actions
|
attack_range
|
T1114 (Email Collection)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
O365 Compliance Content Search Started
|
attack_range
|
T1114.002 (Remote Email Collection)
|
1 dataset
|
Mauricio Velazco
|
2024-04-01
|
|
O365 Inbox Shared With All Users
|
attack_range
|
T1114.002 (Remote Email Collection)
|
1 dataset
|
Mauricio Velazco
|
2023-09-06
|
|
O365 Oauth App Graph Mailbox Access
|
attack_range
|
T1114.002 (Remote Email Collection)
|
1 dataset
|
Mauricio Velazco
|
2024-01-31
|
|
O365 Compliance Content Search Exported
|
attack_range
|
T1114.002 (Remote Email Collection)
|
1 dataset
|
Mauricio Velazco
|
2024-04-01
|
|
O365 Multiple Mailboxes Accessed Via Api
|
attack_range
|
T1114.002 (Remote Email Collection)
|
1 dataset
|
Mauricio Velazco
|
2024-02-01
|
|
O365 Oauth App Ews Mailbox Access
|
attack_range
|
T1114.002 (Remote Email Collection)
|
1 dataset
|
Mauricio Velazco
|
2024-02-01
|
|
O365 Email Forwarding Rule Created
|
attack_range
|
T1114.003 (Email Forwarding Rule)
|
1 dataset
|
Mauricio Velazco
|
2024-03-28
|
|
O365 Mailbox Forwarding Enabled
|
attack_range
|
T1114.003 (Email Forwarding Rule)
|
1 dataset
|
Patrick Bareiss
|
2020-12-16
|
|
Linux Auditd Xclip
|
attack_range
|
T1115 (Clipboard Data)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Doc Collection
|
attack_range
|
T1119 (Automated Collection)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-26
|
|
Etw Disable
|
attack_range
|
T1127 (Trusted Developer Utilities Proxy Execution)
|
1 dataset
|
Teoderick Contreras
|
2021-10-07
|
|
Atomic Red Team
|
attack_range
|
T1127 (Trusted Developer Utilities Proxy Execution)
|
1 dataset
|
Michael Haag
|
2021-01-19
|
|
T1127.001
|
attack_range
|
T1127.001 (MSBuild)
|
1 dataset
|
Michael Haag
|
2021-01-15
|
|
Regsvr32 Silent
|
attack_range
|
T1127.001 (MSBuild)
|
1 dataset
|
Teoderick Contreras
|
2021-10-03
|
|
Uac Process Handle Dup
|
attack_range
|
T1134.001 (Token Impersonation/Theft)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-10-31
|
|
Mimikatz
|
attack_range
|
T1134.005 (SID-History Injection)
|
1 dataset
|
Dean Luxton
|
2022-08-23
|
|
Sid History2
|
attack_range
|
T1134.005 (SID-History Injection)
|
1 dataset
|
Mauricio Velazco
|
2022-11-17
|
|
Ipc Share Accessed
|
attack_range
|
T1135 (Network Share Discovery)
|
1 dataset
|
Mauricio Velazco
|
2023-03-23
|
|
Net Share Discovery Via Dir
|
attack_range
|
T1135 (Network Share Discovery)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2023-05-23
|
|
Powerview Sharefinder
|
attack_range
|
T1135 (Network Share Discovery)
|
1 dataset
|
Mauricio Velazco
|
2023-03-20
|
|
Large Number Computer Service Tickets
|
attack_range
|
T1135 (Network Share Discovery)
|
1 dataset
|
Mauricio Velazco
|
2023-03-21
|
|
Net Share
|
attack_range
|
T1135 (Network Share Discovery)
|
1 dataset
|
Dean Luxton
|
2023-04-21
|
|
Rapid Authentication Multiple Hosts
|
attack_range
|
T1135 (Network Share Discovery)
|
1 dataset
|
Mauricio Velazco
|
2023-03-23
|
|
Linux Auditd Add User
|
attack_range
|
T1136.001 (Local Account)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Atomic Red Team
|
attack_range
|
T1136.001 (Local Account)
|
6 datasets
|
Patrick Bareiss
|
2020-10-09
|
|
Linux Auditd Add User Type
|
attack_range
|
T1136.001 (Local Account)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-14
|
|
Azure Ad Multiple Service Principals Created
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Mauricio Velazco
|
2024-02-07
|
|
O365 Add Service Principal
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Patrick Bareiss
|
2021-02-01
|
|
O365 Added Service Principal
|
attack_range
|
T1136.003 (Cloud Account)
|
2 datasets
|
Rod Soto
|
2021-01-26
|
|
Azure Ad Add Service Principal
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Gowthamaraj Rajendran
|
2022-08-17
|
|
Azure Automation Account
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Mauricio Velazco
|
2022-08-19
|
|
Azure Ad External Guest User Invited
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Gowthamaraj Rajendran
|
2022-08-18
|
|
O365 New Federation
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Patrick Bareiss
|
2021-02-01
|
|
O365 New Federated Domain
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Patrick Bareiss
|
2021-02-01
|
|
O365 Multiple Service Principals Created
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Mauricio Velazco
|
2024-02-07
|
|
O365 New Federated Domain Added
|
attack_range
|
T1136.003 (Cloud Account)
|
2 datasets
|
Rod Soto
|
2021-01-26
|
|
O365 Add App Role Assignment Grant User
|
attack_range
|
T1136.003 (Cloud Account)
|
1 dataset
|
Rod Soto
|
2021-01-26
|
|
Linux Auditd Base64
|
attack_range
|
T1140 (Deobfuscate/Decode Files or Information)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Atomic Red Team
|
attack_range
|
T1140 (Deobfuscate/Decode Files or Information)
|
2 datasets
|
Michael Haag, Splunk
|
2021-03-25
|
|
Browser Unusual Flag
|
attack_range
|
T1185 (Browser Session Hijacking)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-10-31
|
|
Aws Concurrent Sessions From Different Ips
|
attack_range
|
T1185 (Browser Session Hijacking)
|
1 dataset
|
Bhavin Patel
|
2023-01-24
|
|
O365 Concurrent Sessions From Different Ips
|
attack_range
|
T1185 (Browser Session Hijacking)
|
1 dataset
|
Mauricio Velazco
|
2023-12-04
|
|
Azure Ad Concurrent Sessions From Different Ips
|
attack_range
|
T1185 (Browser Session Hijacking)
|
1 dataset
|
Mauricio Velazco
|
2023-01-24
|
|
Petitpotam
|
attack_range
|
T1187 (Forced Authentication)
|
2 datasets
|
Mauricio Velazcom, Michael Haag
|
2021-09-01
|
|
Dyn Dns Site
|
attack_range
|
T1189 (Drive-by Compromise)
|
1 dataset
|
Patrick Bareiss
|
2021-01-14
|
|
Synthetically generated datasets for testing Cisco...
|
manual simulations in a controlled lab environment
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Bhavin Patel, Michael Haag, Splunk
|
2025-08-21
|
|
Oracle E Business Suite
|
custom
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-23
|
|
T1190
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2021-09-01
|
|
Sap
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
2 datasets
|
Michael Haag, Splunk
|
2025-04-28
|
|
Java
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2021-12-13
|
|
Generated datasets for Cisco Smart Install port di...
|
manual simulations in a controlled lab environment
|
T1190 (Exploit Public-Facing Application)
|
2 datasets
|
Bhavin Patel, Michael Haag, Splunk
|
2025-08-21
|
|
Text4shell
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2022-04-05
|
|
Request Smuggling
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
4 datasets
|
Raven Tait, Splunk
|
2023-10-16
|
|
Confluence
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
4 datasets
|
Michael Haag, Splunk
|
2023-07-21
|
|
Sharepoint
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
2 datasets
|
Michael Haag, Splunk
|
2023-10-01
|
|
Papercut
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
2 datasets
|
Michael Haag, Splunk
|
2023-05-15
|
|
Juniper
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2023-08-29
|
|
Spring4shell
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2022-04-05
|
|
Proxyshell
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2022-10-03
|
|
Crushftp
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
3 datasets
|
Michael Haag, Splunk
|
2024-05-23
|
|
Jenkins
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2024-01-29
|
|
Citrix
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
3 datasets
|
Michael Haag, Splunk
|
2023-07-21
|
|
Tomcat
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Michael Haag, Splunk
|
2025-03-26
|
|
Screenconnect
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
3 datasets
|
Michael Haag, Splunk
|
2024-02-21
|
|
Ivanti
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
8 datasets
|
Michael Haag, Splunk
|
2023-08-08
|
|
Outbound Java
|
attack_range
|
T1190 (Exploit Public-Facing Application)
|
1 dataset
|
Mauricio Velazco
|
2021-12-15
|
|
3cx
|
attack_range
|
T1195.002 (Compromise Software Supply Chain)
|
3 datasets
|
Michael Haag
|
2022-03-30
|
|
Atomic Red Team
|
attack_range
|
T1197 (BITS Jobs)
|
2 datasets
|
Michael Haag, Splunk
|
2021-03-30
|
|
Linux Auditd Swapoff
|
attack_range
|
T1200 (Hardware Additions)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Sysmon Usb Use Execution
|
attack_range
|
T1200 (Hardware Additions)
|
1 dataset
|
Steven Dick
|
2025-01-17
|
|
Pwd Policy Discovery
|
attack_range
|
T1201 (Password Policy Discovery)
|
2 datasets
|
Teoderick Contreras
|
2021-08-26
|
|
Atomic Red Team
|
attack_range
|
T1202 (Indirect Command Execution)
|
2 datasets
|
Eric McGinnis
|
2022-04-05
|
|
Kubernetes Audit Daemonset Created
|
attack_range
|
T1204 (User Execution)
|
1 dataset
|
Patrick Bareiss
|
2023-12-14
|
|
Failed Login Service Account Ad
|
attack_range
|
T1204 (User Execution)
|
1 dataset
|
Patrick Bareiss
|
2024-02-08
|
|
Rare Executables
|
attack_range
|
T1204 (User Execution)
|
1 dataset
|
Patrick Bareiss
|
2024-03-12
|
|
Kubernetes Privileged Pod
|
attack_range
|
T1204 (User Execution)
|
1 dataset
|
Patrick Bareiss
|
2023-12-14
|
|
Aws Updatelambdafunctioncode
|
attack_range
|
T1204 (User Execution)
|
1 dataset
|
Bhavin Patel
|
2022-02-28
|
|
Kubernetes Falco Shell Spawned
|
attack_range
|
T1204 (User Execution)
|
1 dataset
|
Patrick Bareiss
|
2023-12-13
|
|
Kubernetes Unauthorized Access
|
attack_range
|
T1204 (User Execution)
|
1 dataset
|
Patrick Bareiss
|
2023-12-07
|
|
Batch File In System32
|
attack_range
|
T1204.002 (Malicious File)
|
1 dataset
|
Patrick Bareiss
|
2020-11-06
|
|
Appx Deployment
|
attack_range
|
T1204.002 (Malicious File)
|
2 datasets
|
Michael Haag, Splunk
|
2025-08-07
|
|
Single Letter Exe
|
attack_range
|
T1204.002 (Malicious File)
|
1 dataset
|
Patrick Bareiss
|
2020-12-08
|
|
Atomic Red Team
|
attack_range
|
T1204.002 (Malicious File)
|
1 dataset
|
Patrick Bareiss
|
2020-11-06
|
|
Aws Ecr Container Upload
|
attack_range
|
T1204.003 (Malicious Image)
|
2 datasets
|
Patrick Bareiss
|
2021-08-18
|
|
Aws Ecr Image Scanning
|
attack_range
|
T1204.003 (Malicious Image)
|
1 dataset
|
Patrick Bareiss
|
2021-08-18
|
|
Risk Dataset
|
attack_range
|
T1204.003 (Malicious Image)
|
1 dataset
|
Bhavin Patel
|
2021-08-18
|
|
Mimikatz
|
attack_range
|
T1207 (Rogue Domain Controller)
|
1 dataset
|
Dean Luxton
|
2022-07-20
|
|
Dc Promo
|
attack_range
|
T1207 (Rogue Domain Controller)
|
1 dataset
|
Dean Luxton
|
2023-01-26
|
|
Short Lived Server Object
|
attack_range
|
T1207 (Rogue Domain Controller)
|
1 dataset
|
Mauricio Velazco
|
2022-10-17
|
|
Kuberntest Nginx Rfi Attack
|
attack_range
|
T1212 (Exploitation for Credential Access)
|
1 dataset
|
Patrick Bareiss
|
2021-08-23
|
|
Kubernetes Nginx Lfi Attack
|
attack_range
|
T1212 (Exploitation for Credential Access)
|
1 dataset
|
Patrick Bareiss
|
2021-08-18
|
|
O365 Sus Sharepoint Search
|
attack_range
|
T1213.002 (Sharepoint)
|
1 dataset
|
Steven Dick
|
2024-12-19
|
|
Atomic Red Team
|
attack_range
|
T1216 (System Script Proxy Execution)
|
2 datasets
|
Michael Haag, Splunk
|
2022-09-26
|
|
Bitlockertogo
|
attack_range
|
T1218 (System Binary Proxy Execution)
|
2 datasets
|
Michael Haag
|
2024-11-13
|
|
Diskshadow
|
attack_range
|
T1218 (System Binary Proxy Execution)
|
1 dataset
|
Lou Stella
|
2022-02-17
|
|
Msix Ai Stubs
|
attack_range
|
T1218 (System Binary Proxy Execution)
|
1 dataset
|
Michael Haag
|
2023-05-15
|
|
Eviltwin
|
attack_range
|
T1218 (System Binary Proxy Execution)
|
1 dataset
|
Michael Haag
|
2024-04-17
|
|
Atomic Red Team
|
attack_range
|
T1218.001 (Compiled HTML File)
|
3 datasets
|
Michael Haag
|
2021-02-11
|
|
Atomic Red Team
|
attack_range
|
T1218.002 (Control Panel)
|
1 dataset
|
Michael Haag
|
2021-09-08
|
|
Atomic Red Team
|
attack_range
|
T1218.004 (InstallUtil)
|
2 datasets
|
Michael Haag
|
2021-11-12
|
|
Mshta In Registry
|
attack_range
|
T1218.005 (Mshta)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2022-10-14
|
|
Atomic Red Team
|
attack_range
|
T1218.005 (Mshta)
|
2 datasets
|
Patrick Bareiss
|
2020-11-09
|
|
Atomic Red Team
|
attack_range
|
T1218.007 (Msiexec)
|
2 datasets
|
Michael Haag
|
2022-06-16
|
|
Atomic Red Team
|
attack_range
|
T1218.008 (Odbcconf)
|
3 datasets
|
Michael Haag
|
2022-06-16
|
|
Atomic Red Team
|
attack_range
|
T1218.009 (Regsvcs/Regasm)
|
1 dataset
|
Michael Haag
|
2021-02-12
|
|
Atomic Red Team
|
attack_range
|
T1218.010 (Regsvr32)
|
1 dataset
|
Michael Haag
|
2021-01-28
|
|
Rundll32 Dll In Temp
|
attack_range
|
T1218.011 (Rundll32)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-29
|
|
Atomic Red Team
|
attack_range
|
T1218.011 (Rundll32)
|
2 datasets
|
Patrick Bareiss
|
2020-11-30
|
|
Verclsid Exec
|
attack_range
|
T1218.012 (Verclsid)
|
1 dataset
|
Teoderick Contreras
|
2021-09-29
|
|
Atomic Red Team
|
attack_range
|
T1218.013 (Mavinject)
|
1 dataset
|
Michael Haah
|
2020-11-30
|
|
Teamviewer
|
attack_range
|
T1219 (Remote Access Tools)
|
1 dataset
|
Patrick Bareiss
|
2024-08-09
|
|
Atomic Red Team
|
attack_range
|
T1219 (Remote Access Tools)
|
1 dataset
|
Michael Haag
|
2022-08-22
|
|
Screenconnect
|
attack_range
|
T1219 (Remote Access Tools)
|
1 dataset
|
Steven Dick
|
2024-02-19
|
|
Atomic Red Team
|
attack_range
|
T1220 (XSL Script Processing)
|
1 dataset
|
Michael Haag
|
2021-11-12
|
|
Dacl Abuse
|
attack_range
|
T1222.001 (Windows File and Directory Permissions Modification)
|
8 datasets
|
Dean Luxton
|
2023-12-06
|
|
Atomic Red Team
|
attack_range
|
T1222.001 (Windows File and Directory Permissions Modification)
|
1 dataset
|
Patrick Bareiss
|
2020-11-19
|
|
Fsutil Symlink Eval
|
attack_range
|
T1222.001 (Windows File and Directory Permissions Modification)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-07
|
|
Subinacl
|
attack_range
|
T1222.001 (Windows File and Directory Permissions Modification)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2024-12-06
|
|
Linux Auditd Chmod Exec Attrib
|
attack_range
|
T1222.002 (Linux and Mac File and Directory Permissions Modification)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Chattr I
|
attack_range
|
T1222.002 (Linux and Mac File and Directory Permissions Modification)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Atomic Red Team
|
attack_range
|
T1482 (Domain Trust Discovery)
|
1 dataset
|
Michael Haag
|
2021-01-25
|
|
Discovery
|
attack_range
|
T1482 (Domain Trust Discovery)
|
2 datasets
|
Michael Haag
|
2021-09-02
|
|
Dcshadowpermissions
|
attack_range
|
T1484 (Domain or Tenant Policy Modification)
|
1 dataset
|
Dean Luxton
|
2023-11-10
|
|
Aclmodification
|
attack_range
|
T1484 (Domain or Tenant Policy Modification)
|
1 dataset
|
Dean Luxton
|
2022-11-18
|
|
Default Domain Policy Modified
|
attack_range
|
T1484.001 (Group Policy Modification)
|
1 dataset
|
Mauricio Velazco
|
2023-03-29
|
|
Group Policy Disabled
|
attack_range
|
T1484.001 (Group Policy Modification)
|
1 dataset
|
Dean Luxton
|
2024-08-07
|
|
Group Policy Deleted
|
attack_range
|
T1484.001 (Group Policy Modification)
|
1 dataset
|
Dean Luxton
|
2024-08-07
|
|
Group Policy New Cse
|
attack_range
|
T1484.001 (Group Policy Modification)
|
1 dataset
|
Dean Luxton
|
2024-08-08
|
|
Gpo Modification
|
attack_range
|
T1484.001 (Group Policy Modification)
|
1 dataset
|
Dean Luxton
|
2023-12-18
|
|
Group Policy Created
|
attack_range
|
T1484.001 (Group Policy Modification)
|
1 dataset
|
Mauricio Velazco
|
2023-03-29
|
|
New Federated Domain
|
attack_range
|
T1484.002 (Trust Modification)
|
1 dataset
|
Mauricio Velazco
|
2022-09-02
|
|
Linux Dd File Overwrite
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Teoderick Contreras
|
2022-02-14
|
|
Linux Auditd No Preserve Root
|
attack_range
|
T1485 (Data Destruction)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Dd Overwrite
|
attack_range
|
T1485 (Data Destruction)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Rm Shred Critical Dir
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Teoderick Contreras
|
2022-04-26
|
|
Excessive File Deletions
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Patrick Bareiss
|
2021-12-08
|
|
Decommissioned Buckets
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Jose Hernandez, Bhavin Patel
|
2025-02-14
|
|
Excessive File Del In Windefender Dir
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Teoderick Contreras, Steven Dick
|
2024-03-05
|
|
Linux Auditd Shred
|
attack_range
|
T1485 (Data Destruction)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Ransomware Extensions
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Patrick Bareiss
|
2020-11-09
|
|
Rm Boot Dir
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Teoderick Contreras
|
2022-04-27
|
|
Atomic Red Team
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Patrick Bareiss
|
2020-11-09
|
|
Sdelete
|
attack_range
|
T1485 (Data Destruction)
|
1 dataset
|
Teoderick Contreras
|
2021-10-06
|
|
Ransomware Notes
|
attack_range
|
T1485 (Data Destruction)
|
2 datasets
|
Patrick Bareiss
|
2020-11-09
|
|
Sam Sam Note
|
attack_range
|
T1486 (Data Encrypted for Impact)
|
1 dataset
|
Patrick Bareiss
|
2020-12-07
|
|
S3 File Encryption
|
attack_range
|
T1486 (Data Encrypted for Impact)
|
1 dataset
|
Patrick Bareiss
|
2021-01-11
|
|
Dcrypt
|
attack_range
|
T1486 (Data Encrypted for Impact)
|
1 dataset
|
Michael Haag
|
2020-11-15
|
|
Aws Kms Key
|
attack_range
|
T1486 (Data Encrypted for Impact)
|
2 datasets
|
Patrick Bareiss
|
2021-01-11
|
|
Linux Auditd Auditd Service Stop
|
attack_range
|
T1489 (Service Stop)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-14
|
|
Linux Service Stop Disable
|
attack_range
|
T1489 (Service Stop)
|
1 dataset
|
Teoderick Contreras
|
2022-04-26
|
|
Linux Auditd Service Stop
|
attack_range
|
T1489 (Service Stop)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-09
|
|
Linux Auditd Sysmon Service Stop
|
attack_range
|
T1489 (Service Stop)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-14
|
|
Linux Auditd Osquerd Service Stop
|
attack_range
|
T1489 (Service Stop)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-14
|
|
Shadowcopy Del
|
attack_range
|
T1490 (Inhibit System Recovery)
|
1 dataset
|
Bhavin Patel
|
2025-03-18
|
|
Known Services Killed By Ransomware
|
attack_range
|
T1490 (Inhibit System Recovery)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Atomic Red Team
|
attack_range
|
T1490 (Inhibit System Recovery)
|
2 datasets
|
Patrick Bareiss
|
2020-11-09
|
|
Aws Bucket Version
|
attack_range
|
T1490 (Inhibit System Recovery)
|
1 dataset
|
Bhavin Patel
|
2023-04-12
|
|
Ransomware Notes
|
attack_range
|
T1490 (Inhibit System Recovery)
|
1 dataset
|
Patrick Bareiss
|
2020-11-09
|
|
Ping Sleep
|
attack_range
|
T1497.003 (Time Based Checks)
|
1 dataset
|
Teoderick Contreras
|
2022-01-20
|
|
Simulation
|
attack_range
|
T1505.001 (SQL Stored Procedures)
|
4 datasets
|
Michael Haag
|
2025-02-05
|
|
T1505.003
|
attack_range
|
T1505.003 (Web Shell)
|
9 datasets
|
Michael Haag
|
2025-10-28
|
|
Sharepoint Webshell
|
attack_range
|
T1505.003 (Web Shell)
|
1 dataset
|
Michael Haag, Splunk
|
2025-07-20
|
|
T1505.004
|
attack_range
|
T1505.004 (IIS Components)
|
11 datasets
|
Michael Haag
|
2022-12-19
|
|
Esxi Malicious Vib Forced Install
|
custom
|
T1505.006 (vSphere Installation Bundles)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Kubernetes Kube Hunter
|
attack_range
|
T1526 (Cloud Service Discovery)
|
1 dataset
|
Patrick Bareiss
|
2021-08-24
|
|
Aws Security Scanner
|
attack_range
|
T1526 (Cloud Service Discovery)
|
1 dataset
|
Patrick Bareiss
|
2021-04-13
|
|
Kubernetes Audit Pull Image
|
attack_range
|
T1526 (Cloud Service Discovery)
|
1 dataset
|
Patrick Bareiss
|
2023-12-07
|
|
Azure Ad User Consent Granted
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-10-27
|
|
O365 User Consent Mail Permissions
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-10-12
|
|
Azure Ad User Consent Declined
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-10-30
|
|
O365 User Consent Blocked
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-10-01
|
|
Azure Ad User Consent Blocked
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-10-27
|
|
Device Code Authentication
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-08-03
|
|
O365 User Consent File Permissions
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-10-18
|
|
O365 User Consent Declined
|
attack_range
|
T1528 (Steal Application Access Token)
|
1 dataset
|
Mauricio Velazco
|
2023-10-12
|
|
Esxi Bulk Vm Termination
|
custom
|
T1529 (System Shutdown/Reboot)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Linux Sysrq Abuse
|
custom
|
T1529 (System Shutdown/Reboot)
|
1 dataset
|
Milad Cheraghi
|
2025-09-03
|
|
Aws S3 Public Bucket
|
attack_range
|
T1530 (Data from Cloud Storage)
|
1 dataset
|
Patrick Bareiss
|
2021-01-12
|
|
Atomic Red Team
|
attack_range
|
T1531 (Account Access Removal)
|
1 dataset
|
Teoderick Contreras
|
2021-11-15
|
|
Aws Exfil Risk Events
|
attack_range
|
T1537 (Transfer Data to Cloud Account)
|
1 dataset
|
Bhavin Patel
|
2023-03-31
|
|
High Frequency Copy Of Files In Network Share
|
attack_range
|
T1537 (Transfer Data to Cloud Account)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Aws Snapshot Exfil
|
attack_range
|
T1537 (Transfer Data to Cloud Account)
|
2 datasets
|
Bhavin Patel
|
2021-07-20
|
|
Aws Ami Shared Public
|
attack_range
|
T1537 (Transfer Data to Cloud Account)
|
1 dataset
|
Bhavin Patel
|
2023-03-31
|
|
Okta Web Session Multiple Ip
|
attack_range
|
T1539 (Steal Web Session Cookie)
|
1 dataset
|
Bhavin Patel
|
2024-03-18
|
|
Bootkits
|
attack_range
|
T1542.003 (Bootkit)
|
1 dataset
|
Automated Attack Data Service
|
2023-05-03
|
|
Lateral Movement
|
attack_range
|
T1543.003 (Windows Service)
|
1 dataset
|
Mauricio Velazco
|
2021-11-12
|
|
Services Lolbas Execution
|
attack_range
|
T1543.003 (Windows Service)
|
1 dataset
|
Bhavin Patel
|
2023-10-02
|
|
Lateral Movement Lolbas
|
attack_range
|
T1543.003 (Windows Service)
|
1 dataset
|
Mauricio Velazco
|
2021-11-23
|
|
Atomic Red Team
|
attack_range
|
T1543.003 (Windows Service)
|
5 datasets
|
Automated Attack Data Service
|
2020-12-07
|
|
Lateral Movement Powershell
|
attack_range
|
T1543.003 (Windows Service)
|
1 dataset
|
Mauricio Velazco
|
2021-11-29
|
|
Windows Krbrelayup Service Creation
|
attack_range
|
T1543.003 (Windows Service)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Adminsdholder Modified
|
attack_range
|
T1546 (Event Triggered Execution)
|
1 dataset
|
Mauricio Velazco
|
2022-11-15
|
|
Txtfile Reg
|
attack_range
|
T1546.001 (Change Default File Association)
|
1 dataset
|
Teoderick Contreras
|
2021-09-28
|
|
Scrnsave Reg
|
attack_range
|
T1546.002 (Screensaver)
|
1 dataset
|
Teoderick Contreras
|
2021-09-28
|
|
Atomic Red Team
|
attack_range
|
T1546.003 (Windows Management Instrumentation Event Subscription)
|
1 dataset
|
Michael Haag
|
2020-12-08
|
|
Wmi Event Subscription
|
attack_range
|
T1546.003 (Windows Management Instrumentation Event Subscription)
|
1 dataset
|
Automated Attack Data Service
|
2020-12-08
|
|
Linux Init Profile
|
attack_range
|
T1546.004 (Unix Shell Configuration Modification)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Linux Auditd Unix Shell Mod Config
|
attack_range
|
T1546.004 (Unix Shell Configuration Modification)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Atomic Red Team
|
attack_range
|
T1546.008 (Accessibility Features)
|
1 dataset
|
Patrick Bareiss
|
2020-11-23
|
|
Atomic Red Team
|
attack_range
|
T1546.011 (Application Shimming)
|
1 dataset
|
Patrick Bareiss
|
2020-11-26
|
|
Atomic Red Team
|
attack_range
|
T1546.012 (Image File Execution Options Injection)
|
2 datasets
|
Patrick Bareiss
|
2020-11-27
|
|
Pwh Com Object
|
attack_range
|
T1546.015 (Component Object Model Hijacking)
|
1 dataset
|
Teoderick Contreras
|
2022-03-22
|
|
Uac Colorui
|
attack_range
|
T1546.015 (Component Object Model Hijacking)
|
1 dataset
|
Teoderick Contreras
|
2021-08-13
|
|
Atomic Red Team
|
attack_range
|
T1546.015 (Component Object Model Hijacking)
|
3 datasets
|
Michael Haag, Splunk
|
2022-09-26
|
|
Atomic Red Team
|
attack_range
|
T1547.001 (Registry Run Keys / Startup Folder)
|
2 datasets
|
Patrick Bareiss
|
2020-11-27
|
|
Timeprovider Reg
|
attack_range
|
T1547.003 (Time Providers)
|
1 dataset
|
Teoderick Contreras
|
2021-09-30
|
|
Malicious Ssp
|
attack_range
|
T1547.005 (Security Support Provider)
|
2 datasets
|
Dean Luxton
|
2022-08-23
|
|
Linux Auditd Modprobe New
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Linux Auditd Rmmod New
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Linux Auditd Insmod New
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Linux Auditd Modprobe Unload Module
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Insmod
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-09
|
|
Linux Auditd Rmmod
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-14
|
|
Linux Auditd Modprobe
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-09
|
|
Loading Linux Kernel Module
|
attack_range
|
T1547.006 (Kernel Modules and Extensions)
|
1 dataset
|
Teoderick Contreras
|
2021-12-22
|
|
Atomic Red Team
|
attack_range
|
T1547.008 (LSASS Driver)
|
1 dataset
|
Michael Haag
|
2022-08-22
|
|
Atomic Red Team
|
attack_range
|
T1547.010 (Port Monitors)
|
2 datasets
|
Patrick Bareiss
|
2020-11-23
|
|
Printnightmare
|
attack_range
|
T1547.012 (Print Processors)
|
2 datasets
|
Michael Haag, Teoderick Contreras, Mauricio Velazco
|
2021-07-01
|
|
Print Reg
|
attack_range
|
T1547.012 (Print Processors)
|
3 datasets
|
Teoderick Contreras
|
2021-09-29
|
|
Active Setup Stubpath
|
attack_range
|
T1547.014 (Active Setup)
|
1 dataset
|
Teoderick Contreras
|
2021-09-29
|
|
Cpulimit
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Emacs
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Busybox
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Gdb
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Make
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Apt
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Openvpn
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Gem
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Mysql
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Rpm
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Composer
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Octave
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Apt Get
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
2 datasets
|
Gowthamaraj Rajendran, Splunk
|
2025-10-28
|
|
Find
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Docker
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-01
|
|
Gawk
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Splunk
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Ruby
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
Node
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-01
|
|
Puppet
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
C99
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Darkside Cmstp Com
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Awk
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-01
|
|
Sqlite3
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Php
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-10
|
|
C89
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Uac Bypass
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
2 datasets
|
Teoderick Contreras
|
2021-07-23
|
|
Csvtool
|
attack_range
|
T1548 (Abuse Elevation Control Mechanism)
|
1 dataset
|
Gowthamaraj Rajendran, Splunk
|
2022-08-12
|
|
Linux Setcap
|
attack_range
|
T1548.001 (Setuid and Setgid)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Linux Auditd Setuid
|
attack_range
|
T1548.001 (Setuid and Setgid)
|
4 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Chmod Uid
|
attack_range
|
T1548.001 (Setuid and Setgid)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Uac Behavior
|
attack_range
|
T1548.002 (Bypass User Account Control)
|
1 dataset
|
Steven Dick
|
2023-11-20
|
|
Ssa Eventvwr
|
attack_range
|
T1548.002 (Bypass User Account Control)
|
1 dataset
|
Lou Stella
|
2022-02-23
|
|
Atomic Red Team
|
attack_range
|
T1548.002 (Bypass User Account Control)
|
2 datasets
|
Patrick Bareiss
|
2020-11-18
|
|
Slui
|
attack_range
|
T1548.002 (Bypass User Account Control)
|
1 dataset
|
Michael Haag, Splunk
|
2021-05-13
|
|
Localaccounttokenfilterpolicy
|
attack_range
|
T1548.002 (Bypass User Account Control)
|
1 dataset
|
Teoderick Contreras
|
2021-09-30
|
|
Computerdefaults Spawn Proc
|
attack_range
|
T1548.002 (Bypass User Account Control)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-10-31
|
|
Sudo Su
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras
|
2022-01-04
|
|
Sudoers Temp
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras
|
2021-12-24
|
|
Doas
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras
|
2022-01-05
|
|
Linux Auditd Sudo Su
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Nopasswd Sudoers
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Linux Auditd Doas
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-09
|
|
Linux Adduser
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Linux Auditd Sudoers Access
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Linux Auditd Doas New
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-04-16
|
|
Doas Exec
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras
|
2022-01-05
|
|
Visudo
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
1 dataset
|
Teoderick Contreras
|
2021-12-21
|
|
Linux Auditd Nopasswd
|
attack_range
|
T1548.003 (Sudo and Sudo Caching)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Rubeus
|
attack_range
|
T1550 (Use Alternate Authentication Material)
|
1 dataset
|
Mauricio Velazco
|
2022-03-09
|
|
Kerberos Tgt Request Using Rc4 Encryption
|
attack_range
|
T1550 (Use Alternate Authentication Material)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Atomic Red Team
|
attack_range
|
T1550.002
|
1 dataset
|
Patrick Bareiss
|
2020-10-08
|
|
Mimikatz
|
attack_range
|
T1550.003 (Pass the Ticket)
|
1 dataset
|
Mauricio Velazco
|
2022-01-24
|
|
Rubeus
|
attack_range
|
T1550.003 (Pass the Ticket)
|
1 dataset
|
Mauricio Velazco
|
2022-02-01
|
|
Aws Getpassworddata
|
attack_range
|
T1552 (Unsecured Credentials)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Password In Username
|
attack_range
|
T1552.001 (Credentials In Files)
|
1 dataset
|
Mikael Bjerkeland
|
2022-05-27
|
|
Autoadminlogon
|
attack_range
|
T1552.002 (Credentials in Registry)
|
1 dataset
|
Teoderick Contreras
|
2021-09-06
|
|
Linux Auditd Find Ssh Files
|
attack_range
|
T1552.004 (Private Keys)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Find Gpg
|
attack_range
|
T1552.004 (Private Keys)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Isovalent Cloud Metadata
|
not_applicable
|
T1552.005
|
1 dataset
|
Bhavin Patel, Splunk
|
2025-10-28
|
|
Findstr Gpp Discovery
|
attack_range
|
T1552.006 (Group Policy Preferences)
|
2 datasets
|
Mauricio Velazco
|
2023-03-17
|
|
Sip
|
attack_range
|
T1553.003 (SIP and Trust Provider Hijacking)
|
1 dataset
|
Michael Haag, Splunk
|
2023-10-10
|
|
Atomic Red Team
|
attack_range
|
T1553.004 (Install Root Certificate)
|
1 dataset
|
Patrick Bareiss
|
2020-11-03
|
|
Msix Unsigned
|
attack_range
|
T1553.005 (Mark-of-the-Web Bypass)
|
1 dataset
|
Michael Haag
|
2023-06-22
|
|
Non Chrome Process Accessing Chrome Default Dir
|
attack_range
|
T1555 (Credentials from Password Stores)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Web Browser Pass View
|
attack_range
|
T1555 (Credentials from Password Stores)
|
1 dataset
|
Teoderick Contreras
|
2021-11-22
|
|
Linux Auditd Find Password Db
|
attack_range
|
T1555.005 (Password Managers)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Find Credentials
|
attack_range
|
T1555.005 (Password Managers)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Cisco Duo Policy Allow Devices Without Screen Lock
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-10
|
|
Cisco Duo Bulk Policy Deletion
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-10
|
|
Cisco Duo Bypass Code
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-08
|
|
Cisco Duo Policy Allow Old Flash And Java
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-09
|
|
Disable Credential Guard
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Dean Luxton
|
2022-08-23
|
|
Okta Idp
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Bhavin Patel
|
2024-03-05
|
|
Azuread
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Mauricio Velazco
|
2022-08-15
|
|
Cisco Duo Policy Allow Tampered Devices
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-10
|
|
Cisco Duo Policy Bypass 2fa Other Countries
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-08
|
|
O365 Disable Mfa
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2020-12-17
|
|
Disable Lsa Protection New
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-20
|
|
Cisco Duo Policy Deny Access
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-08
|
|
O365 Sso Logon Errors
|
attack_range
|
T1556 (Modify Authentication Process)
|
2 datasets
|
Patrick Bareiss
|
2021-02-01
|
|
Gcp Disable Mfa
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Mauricio Velazco
|
2022-10-13
|
|
Cisco Duo Unusual Admin Login
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-10
|
|
Disable Lsa Protection
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Dean Luxton
|
2022-08-23
|
|
Cisco Duo Policy Bypass 2fa
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-08
|
|
Cisco Duo Policy Allow Network Bypass 2fa
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-09
|
|
Cisco Duo Bypass 2fa
|
attack_range
|
T1556 (Modify Authentication Process)
|
1 dataset
|
Patrick Bareiss
|
2025-07-08
|
|
Atomic Red Team
|
attack_range
|
T1556.001
|
1 dataset
|
Michael Haag, Splunk
|
2022-03-30
|
|
Azure Ad New Mfa Method Registered For User
|
attack_range
|
T1556.006 (Multi-Factor Authentication)
|
1 dataset
|
Mauricio Velazco
|
2023-01-30
|
|
Okta Mfa Method Disabled
|
attack_range
|
T1556.006 (Multi-Factor Authentication)
|
1 dataset
|
Mauricio Velazco
|
2024-03-11
|
|
Aws New Mfa Method Registered For User
|
attack_range
|
T1556.006 (Multi-Factor Authentication)
|
1 dataset
|
Bhavin Patel
|
2023-05-22
|
|
Windows Computer Account With Spn
|
attack_range
|
T1558 (Steal or Forge Kerberos Tickets)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Windows Computer Account Created By Computer Account
|
attack_range
|
T1558 (Steal or Forge Kerberos Tickets)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Diamond Ticket
|
attack_range
|
T1558 (Steal or Forge Kerberos Tickets)
|
1 dataset
|
Mauricio Velazco
|
2023-10-05
|
|
Windows Computer Account Requesting Kerberos Ticket
|
attack_range
|
T1558 (Steal or Forge Kerberos Tickets)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Windows Kerberos Local Successful Logon
|
attack_range
|
T1558 (Steal or Forge Kerberos Tickets)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Kerberos Service Ticket Request Using Rc4 Encryption
|
attack_range
|
T1558.001 (Golden Ticket)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Kerberoasting Spn Request With Rc4 Encryption
|
attack_range
|
T1558.003 (Kerberoasting)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Unusual Number Of Kerberos Service Tickets Requested
|
attack_range
|
T1558.003 (Kerberoasting)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Powerview
|
attack_range
|
T1558.003 (Kerberoasting)
|
1 dataset
|
Mauricio Velazco
|
2022-06-22
|
|
Powerview 2
|
attack_range
|
T1558.003 (Kerberoasting)
|
1 dataset
|
Gowthamaraj rajendran
|
2022-06-23
|
|
Rubeus
|
attack_range
|
T1558.003 (Kerberoasting)
|
1 dataset
|
Mauricio Velazco
|
2022-02-11
|
|
Atomic Red Team
|
attack_range
|
T1558.003 (Kerberoasting)
|
2 datasets
|
Patrick Bareiss
|
2020-10-08
|
|
Powershell
|
attack_range
|
T1558.004 (AS-REP Roasting)
|
2 datasets
|
Mauricio Velazco
|
2022-02-22
|
|
Archive Utility
|
attack_range
|
T1560.001 (Archive via Utility)
|
1 dataset
|
Michael Haag
|
2021-04-22
|
|
Mbr Raw Access
|
attack_range
|
T1561.002 (Disk Structure Wipe)
|
1 dataset
|
Teoderick Contreras
|
2022-02-18
|
|
Cisco Asa
|
attack_range
|
T1562 (Impair Defenses)
|
1 dataset
|
Bhavin Patel, Micheal Haag, Splunk
|
2025-09-23
|
|
Esxi Vib Acceptance Level Tampering
|
custom
|
T1562 (Impair Defenses)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Esxi Encryption Modified
|
custom
|
T1562 (Impair Defenses)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Azuread Disable Blockconsent For Riskapps
|
attack_range
|
T1562 (Impair Defenses)
|
1 dataset
|
Mauricio Velazco
|
2023-10-26
|
|
O365 Disable Blockconsent For Riskapps
|
attack_range
|
T1562 (Impair Defenses)
|
1 dataset
|
Mauricio Velazco
|
2023-10-26
|
|
Esxi Lockdown Disabled
|
custom
|
T1562 (Impair Defenses)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Delete Win Defender Context Menu
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Teoderick Contreras
|
2022-06-07
|
|
Disable Defender Logging
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Teoderick Contreras
|
2022-06-07
|
|
Sc Service Start Disabled
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Michael Hart
|
2020-06-23
|
|
Disable Gpo
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Dean Luxton
|
2023-01-26
|
|
Win Defend Service Stop
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Patrick Bareiss
|
2020-11-06
|
|
Disable Windows Security Defender Features
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-01-08
|
|
Powershell Windows Defender Exclusion Commands
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Unload Sysmon
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Bhavin Patel
|
2022-06-01
|
|
Windows Excessive Disabled Services Event
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Pwh Defender Disabling
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Teoderick Contreras
|
2021-07-05
|
|
Win App Defender Disabling
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Hotkey Disabled Hidden User
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Disable Defender Asr Or Threats
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-13
|
|
Atomic Red Team
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
5 datasets
|
Patrick Bareiss
|
2020-10-09
|
|
Defender Exclusion Sysmon
|
attack_range
|
T1562.001 (Disable or Modify Tools)
|
1 dataset
|
Teoderick Contreras
|
2021-11-25
|
|
Auditpol Tampering
|
attack_range
|
T1562.002 (Disable Windows Event Logging)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-01-27
|
|
Eventlog Sddl Tampering
|
attack_range
|
T1562.002 (Disable Windows Event Logging)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2024-12-06
|
|
Esxi Syslog Config
|
custom
|
T1562.003 (Impair Command History Logging)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Esxi Loghost Config Tampering
|
custom
|
T1562.003 (Impair Command History Logging)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
Esxi Audit Tampering
|
custom
|
T1562.003 (Impair Command History Logging)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Njrat Delete Firewall
|
attack_range
|
T1562.004 (Disable or Modify System Firewall)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-09-08
|
|
Njrat Add Firewall Rule
|
attack_range
|
T1562.004 (Disable or Modify System Firewall)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2023-12-12
|
|
Esxi Firewall Disabled
|
custom
|
T1562.004 (Disable or Modify System Firewall)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Linux Auditd Disable Firewall
|
attack_range
|
T1562.004 (Disable or Modify System Firewall)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-14
|
|
Atomic Red Team
|
attack_range
|
T1562.004 (Disable or Modify System Firewall)
|
1 dataset
|
Patrick Bareiss
|
2020-11-23
|
|
O365 Bypass Mfa Via Trusted Ip
|
attack_range
|
T1562.007 (Disable or Modify Cloud Firewall)
|
1 dataset
|
Bhavin Patel
|
2021-01-12
|
|
Aws Delete Acl
|
attack_range
|
T1562.007 (Disable or Modify Cloud Firewall)
|
2 datasets
|
Patrick Bareiss
|
2021-01-12
|
|
Aws Create Acl
|
attack_range
|
T1562.007 (Disable or Modify Cloud Firewall)
|
2 datasets
|
Patrick Bareiss
|
2021-01-12
|
|
Aws Delete Security Services
|
attack_range
|
T1562.008 (Disable or Modify Cloud Logs)
|
2 datasets
|
Bhavin Patel, Splunk
|
2022-07-19
|
|
Stop Delete Cloudtrail
|
attack_range
|
T1562.008 (Disable or Modify Cloud Logs)
|
3 datasets
|
Bhavin Patel
|
2022-07-12
|
|
Delete Cloudwatch Log Group
|
attack_range
|
T1562.008 (Disable or Modify Cloud Logs)
|
2 datasets
|
Gowthamaraj Rajendran, Splunk
|
2022-07-19
|
|
Put Bucketlifecycle
|
attack_range
|
T1562.008 (Disable or Modify Cloud Logs)
|
2 datasets
|
Bhavin Patel, Splunk
|
2022-07-19
|
|
Update Cloudtrail
|
attack_range
|
T1562.008 (Disable or Modify Cloud Logs)
|
2 datasets
|
Gowthamaraj Rajendran, Splunk
|
2022-07-19
|
|
O365 Advanced Audit Disabled
|
attack_range
|
T1562.008 (Disable or Modify Cloud Logs)
|
1 dataset
|
Mauricio Velazco, Splunk
|
2023-09-19
|
|
Auditd Daemon Type
|
attack_range
|
T1562.012 (Disable or Modify Linux Audit System)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Rdphijack
|
attack_range
|
T1563.002 (RDP Hijacking)
|
2 datasets
|
Michael Haag
|
2023-03-29
|
|
Windows Rdp Connection Successful
|
attack_range
|
T1563.002 (RDP Hijacking)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Sc Sdset Tampering
|
attack_range
|
T1564 (Hide Artifacts)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2024-12-06
|
|
Linux Auditd Hidden File
|
attack_range
|
T1564.001 (Hidden Files and Directories)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-08-14
|
|
Ads Abuse
|
attack_range
|
T1564.004 (NTFS File Attributes)
|
1 dataset
|
Steven Dick
|
2023-10-30
|
|
O365
|
attack_range
|
T1564.008 (Email Hiding Rules)
|
1 dataset
|
unknown
|
2025-02-14
|
|
Cve 2024 21378
|
attack_range
|
T1566 (Phishing)
|
1 dataset
|
Michael Haag
|
2024-03-20
|
|
Zscalar Web Proxy
|
attack_range
|
T1566 (Phishing)
|
1 dataset
|
Bhavin patel, Gowtham
|
2024-03-12
|
|
O365 Various Alerts
|
attack_range
|
T1566 (Phishing)
|
1 dataset
|
Steven Dick
|
2024-4-6
|
|
Phishing Pdf Uri
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-18
|
|
Gsuite Outbound Email To External
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Teoderick Contreras
|
2021-08-19
|
|
Office Doc Abuses Rels
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-27
|
|
Onenote Spear Phishing
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-24
|
|
Datasets
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Gsuite Susp Subj
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Teoderick Contreras
|
2021-08-20
|
|
Gsuite Susp Url
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Teoderick Contreras
|
2021-08-23
|
|
Datasets2
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Macro
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
8 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Gsuite Susp Attachment Ext
|
attack_range
|
T1566.001 (Spearphishing Attachment)
|
1 dataset
|
Teoderick Contreras
|
2021-08-19
|
|
Atomic Red Team
|
attack_range
|
T1566.002 (Spearphishing Link)
|
2 datasets
|
Peter Gael
|
2020-08-13
|
|
Lnk File Temp Folder
|
attack_range
|
T1566.002 (Spearphishing Link)
|
1 dataset
|
Patrick Bareiss
|
2020-12-08
|
|
Web Upload Nginx
|
attack_range
|
T1567 (Exfiltration Over Web Service)
|
1 dataset
|
Bhavin Patel, Splunk
|
2023-02-21
|
|
O365 Sus File Activity
|
attack_range
|
T1567 (Exfiltration Over Web Service)
|
1 dataset
|
Steven Dick
|
2025-01-28
|
|
Gdrive
|
attack_range
|
T1567 (Exfiltration Over Web Service)
|
2 datasets
|
Raven Tait, Splunk
|
2025-08-01
|
|
Scmanager Sddl Tamper
|
attack_range
|
T1569.002 (Service Execution)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2024-12-06
|
|
Windows Service Created With Suspicious Service Path
|
attack_range
|
T1569.002 (Service Execution)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Linux Service Start
|
attack_range
|
T1569.002 (Service Execution)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Malicious Powershell Executed As A Service
|
attack_range
|
T1569.002 (Service Execution)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Atomic Red Team
|
attack_range
|
T1569.002 (Service Execution)
|
1 dataset
|
Ryan Becwar
|
2021-04-05
|
|
Remcom
|
attack_range
|
T1569.002 (Service Execution)
|
2 datasets
|
Michael Haag
|
2023-03-20
|
|
Remcom
|
attack_range
|
T1570
|
2 datasets
|
Michael Haag
|
2023-03-20
|
|
Ssh Proxy Command
|
attack_range
|
T1572 (Protocol Tunneling)
|
1 dataset
|
Michael Haag
|
2021-11-15
|
|
Cobalt Strike
|
attack_range
|
T1572 (Protocol Tunneling)
|
1 dataset
|
Michael Haag
|
2021-02-22
|
|
Plink
|
attack_range
|
T1572 (Protocol Tunneling)
|
3 datasets
|
Michael Haag
|
2021-11-15
|
|
Ngrok
|
attack_range
|
T1572 (Protocol Tunneling)
|
1 dataset
|
Michael Haag
|
2022-11-16
|
|
Iscsicpl
|
attack_range
|
T1574.001 (DLL)
|
1 dataset
|
Michael Haag
|
2020-12-08
|
|
Firewall Api Path
|
attack_range
|
T1574.001 (DLL)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-06
|
|
Atomic Red Team
|
attack_range
|
T1574.001 (DLL)
|
1 dataset
|
Michael Haag
|
2022-08-18
|
|
Wineloader
|
attack_range
|
T1574.002
|
1 dataset
|
Michael Haag, Teoderick Contreras, Splunk
|
2023-12-18
|
|
Hijacklibs
|
attack_range
|
T1574.002
|
1 dataset
|
Steven Dick
|
2024-2-19
|
|
Msi Module Load
|
attack_range
|
T1574.002
|
2 datasets
|
Michael Haag
|
2020-12-08
|
|
Lib Hijack
|
attack_range
|
T1574.006 (Dynamic Linker Hijacking)
|
1 dataset
|
Teoderick Contreras
|
2021-12-22
|
|
Linux Auditd Ldpreload
|
attack_range
|
T1574.006 (Dynamic Linker Hijacking)
|
2 datasets
|
Teoderick Contreras, Splunk
|
2025-02-20
|
|
Linux Auditd Preload File
|
attack_range
|
T1574.006 (Dynamic Linker Hijacking)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Atomic Red Team
|
attack_range
|
T1574.009 (Path Interception by Unquoted Path)
|
1 dataset
|
Patrick Bareiss
|
2020-10-09
|
|
Change Registry Path Service
|
attack_range
|
T1574.011 (Services Registry Permissions Weakness)
|
1 dataset
|
Patrick Bareiss
|
2020-11-26
|
|
Aws Authorize Security Group
|
attack_range
|
T1578.005 (Modify Cloud Compute Configurations)
|
1 dataset
|
Bhavin Patel
|
2024-02-21
|
|
Aws Iam Excessive List Command Usage
|
attack_range
|
T1580 (Cloud Infrastructure Discovery)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Aws Iam Assume Role Policy Brute Force
|
attack_range
|
T1580 (Cloud Infrastructure Discovery)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Aws Iam Accessdenied Discovery Events
|
attack_range
|
T1580 (Cloud Infrastructure Discovery)
|
2 datasets
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Esxi Dormant Vm Started
|
custom
|
T1584
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Okta Multiple City
|
attack_range
|
T1586.003 (Cloud Accounts)
|
1 dataset
|
Bhavin Patel
|
2024-03-07
|
|
Atomic Red Team
|
attack_range
|
T1587.002 (Code Signing Certificates)
|
1 dataset
|
Michael Haag
|
2022-03-31
|
|
Add Store Cert
|
attack_range
|
T1587.003 (Digital Certificates)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-08-06
|
|
Nirsoft Tooling
|
attack_range
|
T1588.002 (Tool)
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-10-21
|
|
Atomic Red Team
|
attack_range
|
T1588.002 (Tool)
|
1 dataset
|
Michael Haag
|
2021-01-24
|
|
Kerberos User Enumeration
|
attack_range
|
T1589.002 (Email Addresses)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Enum Dns Record
|
attack_range
|
T1590.002 (DNS)
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-04-11
|
|
T1590.005
|
attack_range
|
T1590.005 (IP Addresses)
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Host Info Dxdiag
|
attack_range
|
T1592 (Gather Victim Host Information)
|
1 dataset
|
Teoderick Contreras
|
2021-11-19
|
|
Pwh Av Recon
|
attack_range
|
T1592 (Gather Victim Host Information)
|
1 dataset
|
Teoderick Contreras
|
2022-03-22
|
|
Sysmon Scanning Events
|
attack_range
|
T1595 (Active Scanning)
|
1 dataset
|
Steven Dick
|
2024-12-26
|
|
Attacker Scan Tools
|
attack_range
|
T1595 (Active Scanning)
|
2 datasets
|
Bhavin Patel
|
2021-06-25
|
|
Rdp
|
attack_range
|
T1598.002 (Spearphishing Attachment)
|
1 dataset
|
Michael Haag, Splunk
|
2024-11-25
|
|
Esxi Download Errors
|
custom
|
T1601.001 (Patch System Image)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-08
|
|
Cisco Isovalent K8 Escape
|
manual simulations in a K8s cluster running Tetragon
|
T1611
|
1 dataset
|
Bhavin Patel, Splunk
|
2025-10-01
|
|
Common Language Runtim Loaded
|
attack_range
|
T1620
|
1 dataset
|
Mauricio Velazco
|
2023-02-23
|
|
Okta Multiple Failed Mfa Pushes
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2024-03-18
|
|
Multiple Failed Mfa Gws
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2022-10-17
|
|
Multiple Failed Mfa Requests
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2022-08-25
|
|
O365 Multiple Failed Mfa Requests
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2023-10-19
|
|
Azuread
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2022-07-14
|
|
Okta Mismatch
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Bhavin Patel
|
2024-11-19
|
|
Azure Ad Multiple Denied Mfa Requests
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2022-10-31
|
|
Pingid
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
2 datasets
|
Steven Dick
|
2023-09-26
|
|
Okta Mfa Login Failed
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Bhavin Patel
|
2024-03-05
|
|
Gcp Failed Mfa
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2022-10-14
|
|
Okta Multiple Failed Mfa Requests
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Mauricio Velazco
|
2024-03-05
|
|
Aws Mfa Disabled
|
attack_range
|
T1621 (Multi-Factor Authentication Request Generation)
|
1 dataset
|
Bhavin Patel
|
2022-10-03
|
|
Certify Abuse
|
attack_range
|
T1649 (Steal or Forge Authentication Certificates)
|
1 dataset
|
Steven Dick
|
2023-06-30
|
|
Atomic Red Team
|
attack_range
|
T1649 (Steal or Forge Authentication Certificates)
|
9 datasets
|
Michael Haag
|
2023-02-01
|
|
Esxi Vm Discovery
|
custom
|
T1673 (Virtual Machine Discovery)
|
1 dataset
|
Raven Tait, Splunk
|
2025-07-09
|
|
M365 Copilot
|
attack_range
|
|
2 datasets
|
Rod Soto, Splunk
|
2025-09-25
|
|
Generated datasets for Cisco Secure Firewall Threa...
|
|
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-04-03
|
|
Generated datasets Lumma Stealer Intrusion Events ...
|
|
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-04-26
|
|
Generated datasets for Cisco Secure Firewall Threa...
|
|
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-04-04
|
|
Generated datasets for Cisco Secure Firewall Threa...
|
|
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-04-16
|
|
Acidrain
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-04-12
|
|
Winpeas
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-12-01
|
|
Powershell
|
attack_range
|
|
2 datasets
|
Teoderick Contreras, Splunk
|
2022-12-01
|
|
Winpeas Search Private Key
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-12-01
|
|
Winpeas Search Pwd Db
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-12-01
|
|
Winpeas Cmdkeylist
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-12-01
|
|
Winpeas Fsutil
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-12-01
|
|
Winpeas Search Pwd
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-12-01
|
|
Partial Ttps
|
attack_range
|
|
2 datasets
|
Steven Dick
|
2023-06-15
|
|
Lockbit Ransomware
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-16
|
|
Remcos
|
attack_range
|
|
1 dataset
|
Michael Haag, Splunk
|
2021-10-05
|
|
remcos RAT panel and agent datasets.
|
attack_range
|
|
1 dataset
|
Rod Soto
|
2021-09-23
|
|
Remcos Registry
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-03-21
|
|
Remcos Agent
|
attack_range
|
|
2 datasets
|
Teoderick Contreras
|
2021-09-22
|
|
Remcos Pastebin Download
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-11-18
|
|
Remcos Dynwrapx
|
attack_range
|
|
3 datasets
|
Teoderick Contreras
|
2021-11-18
|
|
Inf1
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Inf2
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Msmpeng Side
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-07-05
|
|
Olympic Destroyer
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-02-23
|
|
Generated datasets for pkgmgr uac bypass in attack...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-07-27
|
|
Generated datasets for unsigned dll loaded in atta...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-07-27
|
|
Generated datasets for maxconnectionperserver in a...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-07-27
|
|
Generated datasets for shell regrun in attack rang...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-06-13
|
|
Access Permission
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-06-13
|
|
Disable Av
|
attack_range
|
|
2 datasets
|
Teoderick Contreras
|
2021-10-18
|
|
Phish Icedid
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-07-29
|
|
Inf Icedid
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-07-29
|
|
Simulated Icedid
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-08-05
|
|
Disable Schtask
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-10-18
|
|
Cmd Carry Str Param
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-10-21
|
|
Azorult
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-06-22
|
|
Data1
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Data2
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Xmrig Miner
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Prestige Ransomware
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-11-30
|
|
Snakemalware
|
attack_range
|
|
4 datasets
|
Michael Haag
|
2023-05-11
|
|
Test2
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-02-08
|
|
Test1
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-02-08
|
|
Test3
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-02-09
|
|
Service Deletion
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-01
|
|
Generated datasets for sedebugprivilege token in a...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-05
|
|
Iso Version Dll Campaign
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-08-30
|
|
Loading Samlib
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-08-31
|
|
Create Remote Thread
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-05
|
|
Brute Duplicate Token
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-01
|
|
Wallpaper Via Transcodedwallpaper
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-05
|
|
Vilsel
|
attack_range
|
|
2 datasets
|
Teoderick Contreras
|
2021-11-12
|
|
Pwh Uploadstring
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-02-21
|
|
Scheduledtask
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-02-21
|
|
Pwh Exfiltration
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-02-21
|
|
Chaos Ransomware
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-12
|
|
Spread In Root Drives
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-01-17
|
|
Qakbot
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-20
|
|
Remote Thread
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-28
|
|
Qbot2
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-24
|
|
Qbot Wermgr
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-27
|
|
Qbot Wermgr2
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-27
|
|
Qbot 3
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-10-27
|
|
Cyclopsblink
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-04-07
|
|
Minergate
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Fin7 Js 2
|
attack_range
|
|
3 datasets
|
Teoderick Contreras
|
2021-09-14
|
|
Jssloader
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-09-14
|
|
Fin7 Macro Js 1
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-09-14
|
|
fin7 jssloader sacl event accessing browser sql db...
|
attack_range
|
|
2 datasets
|
Teoderick Contreras
|
2021-09-15
|
|
Infection
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Exe Smbshare
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Spear Phish
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-07-19
|
|
Namedpipe
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Swift Slicer
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-02-02
|
|
Outlook Macro
|
attack_range
|
|
1 dataset
|
Raven Tait, Splunk
|
2025-09-09
|
|
Disable Dialogs
|
attack_range
|
|
1 dataset
|
Raven Tait, Splunk
|
2025-09-09
|
|
Loadmacroprovideronboot
|
attack_range
|
|
1 dataset
|
Raven Tait, Splunk
|
2025-09-09
|
|
Macro Security Level
|
attack_range
|
|
1 dataset
|
Raven Tait, Splunk
|
2025-09-09
|
|
Industroyer2
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-04-22
|
|
Ryuk
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2020-11-30
|
|
Doublezero Wiper
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-03-28
|
|
Reboot Logoff Commandline
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Dcrat Forkbomb
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-07-28
|
|
Dcrat Enum Camera
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-07-29
|
|
Dcrat Explorer Url
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-08-01
|
|
Shutdown Commandline
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-07-27
|
|
Dcrat Delay Execution
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-07-28
|
|
Inf1
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Conti Cobalt
|
attack_range
|
|
1 dataset
|
Generated by dataset_analyzer.py
|
2025-08-12
|
|
Conti Leak
|
attack_range
|
|
3 datasets
|
Teoderick Contreras
|
2021-08-10
|
|
Clop B
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-03-22
|
|
Clop A
|
attack_range
|
|
2 datasets
|
Teoderick Contreras
|
2021-03-22
|
|
Generated datasets for chrome local state simulate...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-04-26
|
|
Generated datasets for recon registry in attack ra...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-04-26
|
|
Generated datasets for browser ext access in attac...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-04-26
|
|
Generated datasets for win update services stop in...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-04-24
|
|
Generated datasets for browser list in attack rang...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-05-02
|
|
Modify Registry
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-04-24
|
|
Generated datasets for chrome login data simulate ...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-04-27
|
|
Hermetic Wiper
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-02-25
|
|
Globalfolderoptions Reg
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-03-02
|
|
Agent Tesla Tor Dns Query
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-21
|
|
Chm Powershell
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-21
|
|
Agent Tesla Smtp
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-21
|
|
Agent Tesla Ftp
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2022-09-21
|
|
This dataset has arguments to certutil.exe indicat...
|
attack_range
|
|
1 dataset
|
Bhavin Patel
|
2020-12-09
|
|
This dataset is a collection of Okta Risk events t...
|
attack_range
|
|
1 dataset
|
Bhavin Patel
|
2024-04-02
|
|
These datasets correspond to different Linux Post ...
|
attack_range
|
|
5 datasets
|
Rod Soto
|
2021-12-06
|
|
Local Llms
|
attack_range
|
|
2 datasets
|
Rod Soto
|
2025-11-12
|
|
This dataset is synthetically generated using a cu...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2020-10-28
|
|
This dataset starts a new windows service calles E...
|
attack_range
|
|
4 datasets
|
Patrick BAreiss
|
2020-12-09
|
|
These datasets correspond to different risk_events...
|
attack_range
|
|
11 datasets
|
Jose Hernandez
|
2022-08-31
|
|
This dataset is from a demo environment for Cisco ...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2024-10-24
|
|
This dataset is from a demo environment for ms365:...
|
NA
|
|
2 datasets
|
Bhavin Patel
|
2024-10-24
|
|
This dataset includes Microsoft Exchange 2016 IIS ...
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2021-03-11
|
|
This dataset is from a test instance with Security...
|
|
|
1 dataset
|
Bhavin Patel
|
2021-01-26
|
|
These datasets correspond to different log4shell e...
|
attack_range
|
|
1 dataset
|
Jose Hernandez
|
2021-01-27
|
|
This dataset is from a demo environment for cisco:...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2025-02-15
|
|
Generated datasets for user duplicate password in ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-16
|
|
Generated datasets for privilege escalation in att...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-16
|
|
Generated datasets for riskscore in attack range.
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-16
|
|
Generated datasets for admin duplicate password in...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-16
|
|
Generated datasets for high risk score in attack r...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-17
|
|
Generated datasets for admin weak password policy ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-16
|
|
Generated datasets for multiple low alert in attac...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-17
|
|
Generated datasets from a demo environment for Cro...
|
NA
|
|
1 dataset
|
Bryan Pluta, Splunk
|
2025-06-02
|
|
Generated datasets for medium alert in attack rang...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-16
|
|
Generated datasets for admin weak password policy ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-16
|
|
Generated datasets for Cisco Network Visibility Mo...
|
|
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-06-23
|
|
Cisco Isovalent
|
manual simulations in a K8s cluster running Tetragon
|
|
3 datasets
|
Bhavin Patel, Splunk
|
2025-08-15
|
|
This dataset contains an multiple authentication a...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2022-10-03
|
|
Generated datasets for open dns port in attack ran...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-30
|
|
Generated datasets for open ports discovery in att...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-24
|
|
Manual generation of nmap portscanning activity wi...
|
attack_range
|
|
2 datasets
|
Dean Luxton
|
2023-10-20
|
|
CVE-2022-37439 Attempted Exploitation
|
attack_range
|
|
1 dataset
|
Jose Hernandez
|
2022-08-16
|
|
Manual generation of attack data by disabling a se...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2021-09-01
|
|
Manual generation of attack data by disabling a se...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2021-09-02
|
|
Using Get-ADComputer manually to discover systems ...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2022-03-28
|
|
Using PowerView manually to discover systems with ...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2022-03-28
|
|
Using PowerView manually to discover systems with ...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2022-03-31
|
|
Manual generation of attack data by disable a work...
|
manual
|
|
1 dataset
|
Patrick Bareiss
|
2022-04-04
|
|
Generated datasets for explorer root proc cmdline ...
|
attackrange
|
|
1 dataset
|
Michael Haag, Splunk
|
2024-11-21
|
|
This dataset contains registry set logs from Windo...
|
attack_range
|
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2024-12-08
|
|
Manually executed PowerSploit's commandlets to ret...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2023-03-16
|
|
Generated datasets for tinyurl dns query in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-02
|
|
Dataset which contains cloudtrail events with a de...
|
attack_range
|
|
1 dataset
|
Bhavin Patel, Splunk
|
2025-04-10
|
|
Dataset which contains cloudtrail logs for aws del...
|
attack_range
|
|
1 dataset
|
Bhavin Patel, Splunk
|
2025-04-10
|
|
Generation of Atomic Red Team technique T1547.011 ...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2022-03-29
|
|
Generated datasets for large outbound ICMP using P...
|
attack_range
|
|
1 dataset
|
Dean Luxton
|
2024-11-07
|
|
CVE-2021-3422 Attempted Exploitation
|
attack_range
|
|
1 dataset
|
Lou Stella
|
2022-03-28
|
|
Generated datasets for explorer root proc cmdline ...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-21
|
|
Generated datasets for browser credential info tem...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-10-09
|
|
Splunk Audit Logs.
|
attack_range
|
|
1 dataset
|
Mike Haag, Splunk
|
2022-05-23
|
|
Sample of events when an Exchange transport rule i...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2025-01-15
|
|
Manual exploitation of CVE-2021-42287 and CVE-2021...
|
attack_range
|
|
2 datasets
|
Mauricio Velazco
|
2021-12-20
|
|
Manual generation of attack data by logging into a...
|
attack_range
|
|
1 dataset
|
Lou Stella
|
2022-01-06
|
|
Dataset generated from AWS CloudTrail logs capturi...
|
attack_range
|
|
1 dataset
|
Bhavin Patel
|
2025-04-10
|
|
Generated datasets for 32bit process execute 64bit...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-02-11
|
|
Dataset which contains cloudtrail logs for creatin...
|
attack_range
|
|
1 dataset
|
Bhavin Patel
|
2023-04-10
|
|
Generated datasets for time delay using choice exe...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-02-15
|
|
Generated datasets for njrat ping delay before del...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-09-08
|
|
This search provides detection of accounts with hi...
|
custom
|
|
1 dataset
|
Rod Soto
|
2020-10-09
|
|
This search provides detection of GCPloit exploita...
|
custom
|
|
1 dataset
|
Rod Soto
|
2020-10-09
|
|
This search provides detection of high risk permis...
|
custom
|
|
1 dataset
|
Rod Soto
|
2020-10-09
|
|
This search provides detection of role creation by...
|
custom
|
|
1 dataset
|
Rod Soto
|
2020-08-19
|
|
This search provides detection of an user attachin...
|
custom
|
|
1 dataset
|
Rod Soto
|
2020-08-19
|
|
This search provides detection of suspicious use o...
|
custom
|
|
1 dataset
|
Rod Soto
|
2020-08-19
|
|
Usage of assumerolewithsaml function in aws cli.
|
custom
|
|
1 dataset
|
Patrick Bareiss
|
2021-02-01
|
|
This search provides detection of an user attachin...
|
custom
|
|
1 dataset
|
Rod Soto
|
2020-08-19
|
|
Manual generation of attack data by enabling Defau...
|
attack_range
|
|
1 dataset
|
Lou Stella
|
2022-04-29
|
|
Privilege elevation abuse.
|
custom
|
|
2 datasets
|
Stanislav Miskovic
|
2021-02-23
|
|
Generated risk events for Linux persistence and pr...
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2022-07-21
|
|
Generated datasets for disable extension in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-05-26
|
|
Manual golden ticket attack with Impacket using ti...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2022-03-15
|
|
Generated datasets for linux password change in at...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-24
|
|
Modification of Active Directory and Windows domai...
|
custom
|
|
2 datasets
|
Stanislav Miskovic
|
2021-02-23
|
|
Anonymized datasets on Pass the Hash and Pass the ...
|
real_data
|
|
2 datasets
|
Stanislav Miskovic
|
2021-09-01
|
|
Manual generation of attack data for generic websh...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2023-04-11
|
|
Generated datasets for allowed tor traffic.
|
attack range
|
|
1 dataset
|
Bhavin Patel, Splunk
|
2023-09-20
|
|
Generated datasets for vaultcli creds in attack ra...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-11-29
|
|
Generated datasets for braodo screenshot in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-10-09
|
|
A sample event with a known abusedd manage-bde com...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2025-02-10
|
|
Splunk TLS/SSL certificate logs
|
attack_range
|
|
1 dataset
|
Michael Haag, Splunk
|
2022-05-26
|
|
Generated datasets for anonymous pipe in attack ra...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-02-11
|
|
Generated datasets for renamed powershell in attac...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-05-07
|
|
Atomic Red Team Execution of T1115
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2022-07-28
|
|
Manual generation of pkexec local privilege escala...
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2022-02-01
|
|
Generated datasets for outlook dropped dll in atta...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-03-21
|
|
Generated datasets for ConsoleHost History deletio...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-17
|
|
Kubernetes audit logs which contains a creation of...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2023-12-13
|
|
This dataset contains multiple events that simulat...
|
attack_range
|
|
1 dataset
|
Nasreddine Bencherchali
|
2025-04-24
|
|
Generated dataset for amos stealer execution with ...
|
attack_range
|
|
1 dataset
|
Nasreddine Bencherchali
|
2025-04-25
|
|
Manual silver ticket attack with Impacket using ti...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2022-03-16
|
|
Risk events related to Living Off The Land Analyti...
|
attack_range
|
|
2 datasets
|
Michael Haag
|
2022-07-13
|
|
The following analytic identifies LOLBAS with netw...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2023-01-20
|
|
Illegal account creation via PowerSploit modules.
|
custom
|
|
1 dataset
|
Stanislav Miskovic
|
2021-02-23
|
|
A set of events related the usage of NetExec attac...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2024-12-19
|
|
Over pass the hash attack using impackets getTGT s...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2022-03-08
|
|
Generated datasets for net create user in attack r...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-13
|
|
Generated datasets for firewall win event in attac...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-19
|
|
Generated datasets for delete rule in attack range...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-19
|
|
Generated datasets for added rule in attack range.
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-19
|
|
Generated datasets for modify rule in attack range...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-19
|
|
Generated datasets for unsigned dll load in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-04-05
|
|
Generated datasets for svr loaded modules in attac...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-18
|
|
Generated datasets for unsigned dll loaded same pr...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-06-07
|
|
Generated datasets for process in programdata in a...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-13
|
|
Manual generation of attack data by generating sec...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2021-09-01
|
|
Manual generation of attack data by creating a pul...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2021-09-01
|
|
Some simple T1036.003 and T1036.005 tests using mo...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2024-5-3
|
|
Generated datasets for debugger execution in attac...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-06-07
|
|
Running sensative processes outside \windows\syste...
|
attack_range
|
|
3 datasets
|
Jose Hernandez
|
2022-10-13
|
|
Generated datasets for executables suspicious file...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-02-21
|
|
Generated datasets for process temp path in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-01-27
|
|
Simulated test github Datasets for push or commit ...
|
attack_range
|
|
2 datasets
|
Teoderick Contreras
|
2021-08-20
|
|
This search looks for arguments to certutil.exe in...
|
custom
|
|
1 dataset
|
Rod Soto
|
2021-01-26
|
|
Generated datasets for taskkill in attack range.
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-09-14
|
|
Generated datasets for defender exclusion in attac...
|
attack_range
|
|
1 dataset
|
Dean Luxton
|
2025-01-08
|
|
Generated datasets for rmdir defender pwsh in atta...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2022-01-20
|
|
Generated datasets for taskkill browser in attack ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-10-09
|
|
Generated datasets for defender exclusion powershe...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-11-25
|
|
Generated datasets for defender exclusion in attac...
|
attack_range
|
|
2 datasets
|
Dean Luxton
|
2025-01-08
|
|
Generated dataset for abusing Cisco Secure Endpoin...
|
attack_range
|
|
2 datasets
|
Nasreddine Bencherchali, Splunk
|
2025-01-08
|
|
Generated datasets for moz lib loaded in attack ra...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-10
|
|
Generated datasets for rar sfx execution in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-12-13
|
|
Generation of Atomic Red Team technique T1547.011 ...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2022-03-29
|
|
Manually enumerating domain accounts with Kerberos...
|
attack_range
|
|
3 datasets
|
Mauricio Velazco
|
2022-02-18
|
|
Manually enumerating domain accounts with Kerberos...
|
attack_range
|
|
3 datasets
|
Mauricio Velazco
|
2022-02-22
|
|
Generated datasets for telegram api dns in attack ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-12-13
|
|
Generated datasets for telegram api requests via c...
|
attack_range
|
|
1 dataset
|
Nasreddine Bencherchali, Splunk
|
2025-02-19
|
|
High Number of Login Failures from a single source...
|
attack_range
|
|
1 dataset
|
Bhavin Patel
|
2020-12-16
|
|
Generated datasets for njrat fileless registry ent...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-09-14
|
|
Kerberos user enumeration using kerbrute.
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2022-02-10
|
|
Dataset which contains an AWS exfiltration attempt...
|
attack_range
|
|
1 dataset
|
Bhavin Patel
|
2023-04-12
|
|
Illegal service or process control.
|
custom
|
|
2 datasets
|
Stanislav Miskovic
|
2021-02-23
|
|
Manual simulation of krbrelayup.
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2022-04-28
|
|
Manual generation of attack data related to CVE-20...
|
attack_range
|
|
1 dataset
|
Michael Haag, Splunk
|
2023-10-01
|
|
Attack data related to CVE-2023-20198
|
attack_range
|
|
1 dataset
|
Michael Haag, Splunk
|
2023-10-17
|
|
Attack data related to Fortinet CVE-2022-40684
|
attack_range
|
|
2 datasets
|
Michael Haag, Splunk
|
2022-10-15
|
|
Attack data related to CVE-2022-1388
|
attack_range
|
|
2 datasets
|
Michael Haag, Splunk
|
2022-05-19
|
|
Manual generation of attack data related to cve-20...
|
attack_range
|
|
3 datasets
|
Michael Haag, Splunk
|
2023-10-01
|
|
Manual generation of attack data related to Log4j ...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss, Splunk
|
2021-12-14
|
|
Generation of attack data related to CVE-2024-2560...
|
attack_range
|
|
1 dataset
|
Michael Haag, Splunk
|
2024-02-22
|
|
AttackData from WatchTowr blog related to CVE-2024...
|
attack_range
|
|
1 dataset
|
Michael Haag, Splunk
|
2024-07-23
|
|
Manual generation of attack data related to Log4j ...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss, Splunk
|
2021-12-14
|
|
Manual generation of attack data by creating outbo...
|
attack_range
|
|
1 dataset
|
Bhavin Patel
|
2021-12-13
|
|
Attack data related to CVE-2022-1388
|
attack_range
|
|
2 datasets
|
Michael Haag, Splunk
|
2022-05-10
|
|
Attack data related to CVE-2023-26460 and CVE-2023...
|
attack_range
|
|
2 datasets
|
Michael Haag, Splunk
|
2023-08-23
|
|
Simulated attacks using Unicorn, Cobalt Strike, an...
|
attack_range
|
|
8 datasets
|
Michael Haag
|
2021-04-20
|
|
Simulated test Gsuite Datasets for shared file wit...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-08-23
|
|
Sample events for CompatTelRunner abuse.
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2025-02-10
|
|
Generated datasets for cmdkey create credential st...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Datasets containing in-line calls to all critical ...
|
custom
|
|
2 datasets
|
Stanislav Miskovic
|
2021-02-23
|
|
Generated datasets for cmdkey delete credentials s...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Generated datasets for powerview get netuser preau...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-15
|
|
Generated datasets for macos lolbin execution with...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2022-03-04
|
|
cisco ios logs
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2020-11-26
|
|
Generated datasets for suspicious spawn svchost in...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-02-11
|
|
Use the searches in this story to monitor your Kub...
|
custom
|
|
2 datasets
|
Rod Soto
|
2020-08-18
|
|
Generated datasets for auditd daemon end in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Generated datasets for msiexec-hidewindow-rundll32...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-01-03
|
|
Simulated attacks using conhost with --headless
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2023-11-1
|
|
Used Exchange Online PowerShell module to grant th...
|
O365 tenant
|
|
1 dataset
|
Mauricio Velazco
|
2023-10-17
|
|
Performing the Death from Above attack moving late...
|
Frothly Dev Azure Tenant
|
|
1 dataset
|
Dean Luxton
|
2025-01-07
|
|
Illegal access to user content via PowerSploit mod...
|
custom
|
|
1 dataset
|
Stanislav Miskovic
|
2021-02-23
|
|
Generated datasets for linux unix delete user in a...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-22
|
|
Generated datasets for powershell log process tree...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-12-17
|
|
Generated datasets for log off user in attack rang...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-12-13
|
|
Generated datasets for executable shared modules i...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-09-12
|
|
Generated datasets for linux unix new user in atta...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-22
|
|
Generated datasets for windows pwh log cleared in ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-06-19
|
|
Generated datasets for attrib hidden in attack ran...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-12-20
|
|
Generated datasets for icacls inheritance in attac...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-12-13
|
|
Kubernetes audit log to retrieve a secret from k8s...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2023-12-06
|
|
Generated datasets for process high mem usage in a...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-22
|
|
Generated datasets for process high cpu usage in a...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-22
|
|
simulated data sets of high frequency copy of file...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-11-17
|
|
cisco ios logs
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2020-11-26
|
|
Generated datasets for mark of the web bypass in a...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-08-14
|
|
Log deletion with likely malicious intent or tools...
|
custom
|
|
1 dataset
|
Stanislav Miskovic
|
2021-02-23
|
|
Generated datasets for rmdir delete files and dir ...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Performed full access rights delegation on mailbox...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2020-12-15
|
|
Automated generation of attack data using PurpleSh...
|
attack_range + badblood
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
Automated generation of attack data using PurpleSh...
|
attack_range + badblood
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
Automated generation of attack data using PurpleSh...
|
attack_range + badblood
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
Generic detection of password spray behaviors usin...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2023-10-30
|
|
Automated generation of attack data using PurpleSh...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
Automated generation of attack data using PurpleSh...
|
attack_range + badblood
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
Detection of suspicious NTLM authentication behavi...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2024-2-19
|
|
Automated generation of attack data using PurpleSh...
|
attack_range + badblood
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
This dataset is generated from cloudtrail events i...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2023-01-26
|
|
Automated generation of attack data using PurpleSh...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
Automated generation of attack data using PurpleSh...
|
attack_range + badblood
|
|
1 dataset
|
Mauricio Velazco
|
2021-04-20
|
|
Generated datasets for non-service-searchindexer i...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-01-03
|
|
Manual generation of attack data using Splunk
|
attack_range
|
|
1 dataset
|
Lou Stella
|
2022-05-26
|
|
Simulated test Gsuite Datasets for sharing drive o...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-08-18
|
|
This dataset is generated in the AWS research tena...
|
NA
|
|
2 datasets
|
Bhavin Patel
|
2023-01-26
|
|
Generated datasets for update per user system in a...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-12
|
|
The following attack data is related to browsers r...
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2023-09-11
|
|
This dataset contains an cloudtrail events of succ...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2022-10-03
|
|
Generated datasets for disable linux firewall in a...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-07-22
|
|
The following is data related to Windows AppLocker...
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2024-03-20
|
|
Generated datasets for splunk in attack range.
|
attack_range
|
|
1 dataset
|
Rod Soto, Splunk
|
2024-12-16
|
|
Dataset which contains cloudtrail logs showcasing ...
|
attack_range
|
|
2 datasets
|
Michael Haag
|
2021-04-14
|
|
Dataset which contains cloudtrail logs for aws inv...
|
attack_range
|
|
1 dataset
|
Bhavin Patel, Splunk
|
2025-04-10
|
|
Generated datasets for snakey keylogger outlook re...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-02-15
|
|
Generated datasets for windows post exploitation i...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-06-14
|
|
Manual generation of attack data using Splunk
|
attack_range
|
|
1 dataset
|
Lou Stella
|
2022-05-26
|
|
Generated datasets for T1112 in attack range.
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Generated datasets for no changing wallpaper in at...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-12
|
|
Generated datasets for smart card group policy in ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-06-19
|
|
Generated datasets for valleyrat c2 reg2 in attack...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-09-16
|
|
Generated datasets for pwn reg in attack range.
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-09-16
|
|
Generated datasets for windows mod reg risk behavi...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-06-15
|
|
Generated datasets for test registry in attack ran...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-02-11
|
|
Generated datasets for kingsoft reg in attack rang...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-09-16
|
|
Generated datasets for wer dontshowui in attack ra...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Generated datasets for disable rdp in attack range...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-06-19
|
|
Generated datasets for bitlocker registry setting ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-06-19
|
|
Generated datasets for proxy server in attack rang...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Generated datasets for proxy enable in attack rang...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Generated datasets for DisableRemoteDesktopAntiAli...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Generated datasets for njrat md5 registry entry in...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-09-25
|
|
This dataset is synthetically generated using by s...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2022-01-28
|
|
Generated datasets for chrom no sandbox in attack ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-05-26
|
|
A set of events related the usage of query.exe on ...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2025-01-06
|
|
Generated datasets for cipher in attack range.
|
attack_range
|
|
1 dataset
|
Teoderick Contreras
|
2021-12-20
|
|
Manual generation of attack data for right to left...
|
attack_range
|
|
1 dataset
|
Steven Dick
|
2023-04-04
|
|
This dataset is generated in a AWS Bedrock Lab Env...
|
NA
|
|
1 dataset
|
Bhavin Patel
|
2024-03-07
|
|
Generated datasets for njrat admin check in attack...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-09-19
|
|
Generated datasets for njrat ngrok connection in a...
|
attackrange
|
|
1 dataset
|
teoderick Contreras, Splunk
|
2023-09-20
|
|
Manual generation of attack data with a command li...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2020-03-29
|
|
Generated datasets for delete pwh history in attac...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-03-17
|
|
Manual manipulation of attack data by spawn cmd.ex...
|
attack_range
|
|
1 dataset
|
Lou Stella
|
2023-10-26
|
|
Manual manipulation of attack data by spawn cmd.ex...
|
attack_range
|
|
1 dataset
|
Lou Stella
|
2023-10-26
|
|
Manual generation of attack data with a long comma...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2020-03-29
|
|
The following data was using archive tools from th...
|
attack_range
|
|
1 dataset
|
Patrick Bareiss
|
2021-11-23
|
|
Generated datasets for archive utility darkgate in...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-11-23
|
|
Generated datasets for abused commandline in attac...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-06-14
|
|
Contains PAN Traffic logs generated by SALO with L...
|
custom
|
|
1 dataset
|
Marcus LaFerrera, Jose Hernandez Splunk
|
2022-02-17
|
|
Contains Defender logs generated by testing the AS...
|
custom
|
|
5 datasets
|
Michael Haag, Splunk
|
2023-11-20
|
|
Unusual number of taskhost and taskhostex processe...
|
custom
|
|
1 dataset
|
Rod Soto, Michael Hart
|
2021-04-01
|
|
Unusual number of processes created from the Windo...
|
custom
|
|
1 dataset
|
Rod Soto, Michael Hart
|
2021-04-01
|
|
Generated datasets for protocol handlers in attack...
|
attack_range
|
|
1 dataset
|
Michael Haag
|
2022-05-30
|
|
Generated datasets for archived in temp dir in att...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-10-09
|
|
Generated datasets for powershell archive in attac...
|
attackrange
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2023-12-19
|
|
Generated datasets for linux audited doas conf in ...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-06-10
|
|
Simulated attack using KrbRelayUp
|
attack_range
|
|
1 dataset
|
Michael Haag, Splunk
|
2022-05-02
|
|
Manually using the sc.exe binary to create and sta...
|
attack_range
|
|
1 dataset
|
Mauricio Velazco
|
2021-11-23
|
|
Generated datasets for ie intelliform storage in a...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-10
|
|
Generated datasets for file xml config in attack r...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-07-10
|
|
Generated datasets for hidden schedule task in att...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2025-05-26
|
|
Generated datasets for taskschd dll in attack rang...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-09-16
|
|
Generated datasets for valleyrat schedtask in atta...
|
attack_range
|
|
1 dataset
|
Teoderick Contreras, Splunk
|
2024-09-16
|
|
Logs from Ollama server, contain errors, system me...
|
attack_range
|
|
2 datasets
|
Rod Soto, Splunk
|
2025-10-05
|
