Data2

Date: 2025-08-12 ID: 6f4e39a0-c1a5-4e9e-bde6-fd26c4af04d9 Author: Generated by dataset_analyzer.py Environment: attack_range Directory: data2

Description

Automatically categorized datasets in directory data2

No MITRE techniques specified for this dataset.

The following datasets were collected during this attack simulation:

The following detections in our security content repository use this attack data for testing:

Detection Name	Type	Source	MITRE ATT&CK	Analytic Story
Execute Javascript With Jscript COM CLSID	`TTP`	Endpoint	T1059.005	Ransomware
Recursive Delete of Directory In Batch CMD	`TTP`	Endpoint	T1070.004	Ransomware, APT37 Rustonotto and FadeStealer
Disable ETW Through Registry	`TTP`	Endpoint	T1562.001	Ransomware, CISA AA23-347A, Windows Registry Abuse
Excessive Usage Of SC Service Utility	`Anomaly`	Endpoint	T1569.002	Azorult, Ransomware, Crypto Stealer
Allow Network Discovery In Firewall	`TTP`	Endpoint	T1562.007	BlackByte Ransomware, NjRAT, Revil Ransomware, Ransomware, Medusa Ransomware, Hellcat Ransomware
Allow File And Printing Sharing In Firewall	`TTP`	Endpoint	T1562.007	Ransomware, BlackByte Ransomware, Hellcat Ransomware
Disable AMSI Through Registry	`TTP`	Endpoint	T1562.001	Ransomware, CISA AA23-347A, Windows Registry Abuse

Replay attack data with replay.py from Splunk Attack Data.

1python replay.py --dataset /datasets/malware/ransomware_ttp/data2/windows-sysmon.log --index attack_data

Find more detections and analytics for this attack technique in our security content repository.

Source: GitHub | Version: 1.0