attack data for mac techniques

RavenTait · RavenTait · commit d03a67b5fcd5 · 2026-02-20T12:29:26.000-05:00
diff --git a/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log b/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cc3fda3ff1a0f3862b5cb17e82390a43f6fc54a5a4a9a118f019461727ecb2e8
+size 9992
diff --git a/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.yml b/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: e1ad8f03-6cb5-4ae9-a0c0-b9eb9ff0e4b8
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1030/
diff --git a/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log b/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b9b92d8af052ca04218b44efc58915627fce032fb1a6fee5751c4bb6a33bd760
+size 17994
diff --git a/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.yml b/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 69fb68a6-dce5-400f-8a5e-086abda181aa
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1037/002/
diff --git a/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log b/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6c25818a60216c479d081963996b39470a2799a6991fcd86b5479d7425cc3235
+size 5012
diff --git a/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.yml b/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: a319c571-0d12-4af7-b3dc-a30907e98277
+date: '2026-02-20'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1053/004/
diff --git a/datasets/attack_techniques/T1068/osquery_system_startup/osquery.log b/datasets/attack_techniques/T1068/osquery_system_startup/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3137c31603d3075c97373f932fbdd6ead2dc00f75b615a27857c2d52866d2686
+size 3314
diff --git a/datasets/attack_techniques/T1068/osquery_system_startup/osquery.yml b/datasets/attack_techniques/T1068/osquery_system_startup/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: bb5c9118-aec9-4d94-b3a5-cf5e7f422740
+date: '2026-02-20'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1068/osquery_system_startup/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1068/
diff --git a/datasets/attack_techniques/T1070/osquery_log_removal/osquery.log b/datasets/attack_techniques/T1070/osquery_log_removal/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce87d38d0b1aacefc671e5a097a8972ff414cd6f82f02b9b08968bd7b618a364
+size 5125
diff --git a/datasets/attack_techniques/T1070/osquery_log_removal/osquery.yml b/datasets/attack_techniques/T1070/osquery_log_removal/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 06297035-0abf-485a-9c4c-9f416999d845
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070/osquery_log_removal/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1070/
diff --git a/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log b/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f1ca56ffe6f26edc26ca299f6bf6bc306a3c4b84932940f3a88e082745d29a29
+size 9120
diff --git a/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.yml b/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: d93e309a-f7b1-4bef-b8b7-b447f1f616a3
+date: '2026-02-20'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1135/
diff --git a/datasets/attack_techniques/T1136/osquery_account_creation/osquery.log b/datasets/attack_techniques/T1136/osquery_account_creation/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c5314b876c37c2ea34035f443ce907739bfbada3f7d5266de6ca891f853a8c3
+size 11005
diff --git a/datasets/attack_techniques/T1136/osquery_account_creation/osquery.yml b/datasets/attack_techniques/T1136/osquery_account_creation/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 06297035-0abf-485a-9c4c-9f416999d845
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136/osquery_account_creation/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1136/
diff --git a/datasets/attack_techniques/T1543/osquery_ketxload/osquery.log b/datasets/attack_techniques/T1543/osquery_ketxload/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0aed38a63d7e7c1e852e5aab2c8683521329c287640928744f553f6d7fca701f
+size 10055
diff --git a/datasets/attack_techniques/T1543/osquery_ketxload/osquery.yml b/datasets/attack_techniques/T1543/osquery_ketxload/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 324fc256-70c7-4e68-a32e-e2886f6245bb
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1543/osquery_ketxload/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1543
diff --git a/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log b/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e62dfb19c5c2663f7e8df6ff09fa912f2b33daa598b5423bca8e66fbc8a32d24
+size 7169
diff --git a/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.yml b/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: d9cbe409-3012-48d7-8926-b5ee0287ee3f
+date: '2026-02-19'
+description: Generation of Mac OSX techniques involving keychains and osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1555/001/
diff --git a/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log b/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:37027028bc331fa2c020bcb9544d8c5cdb8b9f2af0142844d9bf15a63dae9d5b
+size 19741
diff --git a/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.yml b/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 649730e9-20c1-4776-b902-2c4fc819b00c
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1564/001/

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:cc3fda3ff1a0f3862b5cb17e82390a43f6fc54a5a4a9a118f019461727ecb2e8`
	`3`	`+size 9992`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:b9b92d8af052ca04218b44efc58915627fce032fb1a6fee5751c4bb6a33bd760`
	`3`	`+size 17994`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:6c25818a60216c479d081963996b39470a2799a6991fcd86b5479d7425cc3235`
	`3`	`+size 5012`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:3137c31603d3075c97373f932fbdd6ead2dc00f75b615a27857c2d52866d2686`
	`3`	`+size 3314`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:ce87d38d0b1aacefc671e5a097a8972ff414cd6f82f02b9b08968bd7b618a364`
	`3`	`+size 5125`