interlock

t-contreras · t-contreras · commit 9284ab7096ae · 2025-07-29T12:05:15.000+02:00
diff --git a/datasets/attack_techniques/T1218.011/rundll32_dll_in_temp/rundll32_dll_in_temp.yml b/datasets/attack_techniques/T1218.011/rundll32_dll_in_temp/rundll32_dll_in_temp.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 76f9a94c-6c63-11f0-89ae-629be3538068
+date: '2025-07-29'
+description: Generated datasets for rundll32 dll in temp in attack range.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1218.011/rundll32_dll_in_temp/rundll32_tmp.log
+sourcetypes:
+- 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+references:
+- https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/
diff --git a/datasets/attack_techniques/T1218.011/rundll32_dll_in_temp/rundll32_tmp.log b/datasets/attack_techniques/T1218.011/rundll32_dll_in_temp/rundll32_tmp.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5ac4747551f733d673cd6828a55732b7b542d3552698325cbdac2df2a69aa62f
+size 4057

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:5ac4747551f733d673cd6828a55732b7b542d3552698325cbdac2df2a69aa62f`
	`3`	`+size 4057`