Simulated Atomic Test Logs with Ground Truth
This dataset includes system logs generated by Atomic Tests, along with the corresponding ground truth annotations for malicious logs. Covering a total of 14 distinct techniques, each entry provides a comprehensive view of both benign and malicious activities, supporting the analysis and validation of detection mechanisms across multiple technique categories.
Ground Truth Log Demo
09/03/2024 02:52:09 PM
LogName=Microsoft-Windows-Sysmon/Operational
EventCode=1
EventType=4
ComputerName=DESKTOP-43B3OH1
User=SYSTEM
Sid=S-1-5-18
SidType=1
SourceName=Microsoft-Windows-Sysmon
Type=message
RecordNumber=394917
Keywords=None
TaskCategory=Process Create (rule: ProcessCreate)
OpCode=message
Message=Process Create:
RuleName: -
UtcTime: 2024-09-03 06:52:09.460
ProcessGuid: {6f6dba56-b219-66d6-793b-2b0000001700}
ProcessId: 4124
Image: C:\Windows\System32\net.exe
FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
Description: Net Command
Product: Microsoft® Windows® Operating System
Company: Microsoft Corporation
OriginalFileName: net.exe
CommandLine: net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator
CurrentDirectory: C:\Windows\system32\
LogonGuid: {6f6dba56-34a7-66d6-0a51-0c2102000000}
LogonId: 0x2210C510A
TerminalSessionId: 2
IntegrityLevel: High
Hashes: SHA1=88B101598CC6726B7A57D02B1FA95BE1B272A821,MD5=0BD94A338EEA5A4E1F2830AE326E6D19,SHA256=9F376759BCBCD705F726460FC4A7E2B07F310F52BAA73CAAAAA124FDDBDF993E,IMPHASH=57F0C47AE2A1A2C06C8B987372AB0B07
ParentProcessGuid: {6f6dba56-b219-66d6-783b-2b0000001700}
ParentProcessId: 3816
ParentImage: C:\Windows\System32\cmd.exe
ParentCommandLine: cmd.exe /c "net use \\Target\C$ P@ssw0rd1 /u:DOMAIN\Administrator"
ParentUser: DESKTOP-43B3OH1\xcy
Collapse
host = DESKTOP-43B3OH1source = C:\Users\Desktop\TTP_logs\15ttp_logs_2_with_powershell\T1021.002\T1021_002.evtxsourcetype = WinEventLog:Microsoft-Windows-Sysmon/Operational
CTI Reports for Atomic Tests
This dataset contains a Cyber Threat Intelligence (CTI) report corresponding to each Atomic Test. Each report provides detailed intelligence on the specific techniques and tactics exercised in the test, offering insights into the threat patterns simulated by the Atomic Tests.