blankgrabber (#1140)

Co-authored-by: Teoderick Contreras <tcontreras@splunk.com>

Author: tccontre

datasets/attack_techniques/T1012/backup_product_key_registry/backup_product_key_registry.yml

@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: af95e1a6-196c-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for backup product key registry in attack range.
+environment: attack_range
+directory: backup_product_key_registry
+mitre_technique:
+- T1012
+datasets:
+- name: backup_protection.log
+  path: /datasets/attack_techniques/T1012/backup_product_key_registry/backup_protection.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Security'

datasets/attack_techniques/T1012/backup_product_key_registry/backup_protection.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b6423cb2660be00a9372e68e3cf380581c4cb85fae3fc3492261dea9de3675e
+size 1254

datasets/attack_techniques/T1012/host_file_accessed/host_file_accessed.yml

@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 1248c214-196d-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for host file accessed in attack range.
+environment: attack_range
+directory: host_file_accessed
+mitre_technique:
+- T1012
+datasets:
+- name: hosts_accessed.log
+  path: /datasets/attack_techniques/T1012/host_file_accessed/hosts_accessed.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Security'

datasets/attack_techniques/T1012/host_file_accessed/hosts_accessed.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dab0cef35984e303f3a480ff3919663597468c143c4db0f1103e07122d180f63
+size 15393

datasets/attack_techniques/T1047/susp_winrar/blank123.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57d7d9159fb48e074cd2954cbb2778ec1276502e9ca0bcd64d8f89cedea90fb4
+size 4342

datasets/attack_techniques/T1047/susp_winrar/susp_winrar.yml

@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: ebd77fee-196c-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for susp winrar in attack range.
+environment: attack_range
+directory: susp_winrar
+mitre_technique:
+- T1047
+datasets:
+- name: blank123.log
+  path: /datasets/attack_techniques/T1047/susp_winrar/blank123.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

datasets/attack_techniques/T1047/wmic_classes/wmic_classes.yml

@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 8188a806-196d-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for wmic classes in attack range.
+environment: attack_range
+directory: wmic_classes
+mitre_technique:
+- T1047
+datasets:
+- name: wmic_cmd.log
+  path: /datasets/attack_techniques/T1047/wmic_classes/wmic_cmd.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

datasets/attack_techniques/T1047/wmic_classes/wmic_cmd.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4d4894fe9a4d6bc11315788d0cd4f83e5865a7fbb7be9c2441eedd451fe4f8e5
+size 16015

datasets/attack_techniques/T1071.004/upload_files_dns/upload_files.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fc4a25a46ac4e5dda18b601403c81068905eb52197af6d32ac1c75242b398f17
+size 2083

datasets/attack_techniques/T1071.004/upload_files_dns/upload_files_dns.yml

@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: f5d8301e-196d-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for upload files dns in attack range.
+environment: attack_range
+directory: upload_files_dns
+mitre_technique:
+- T1071.004
+datasets:
+- name: upload_files.log
+  path: /datasets/attack_techniques/T1071.004/upload_files_dns/upload_files.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'