From 951fd7436fc9daf5a247c3dc18004862dedefcd4 Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bhavin.j.patel91@gmail.com>
Date: Mon, 2 Oct 2023 16:13:38 -0700
Subject: [PATCH] adding dataset

---
 .../4688_xml_windows_security.log                    |  3 +++
 .../services_lolbas_execution.yml                    | 12 ++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 datasets/attack_techniques/T1543.003/services_lolbas_execution/4688_xml_windows_security.log
 create mode 100644 datasets/attack_techniques/T1543.003/services_lolbas_execution/services_lolbas_execution.yml

diff --git a/datasets/attack_techniques/T1543.003/services_lolbas_execution/4688_xml_windows_security.log b/datasets/attack_techniques/T1543.003/services_lolbas_execution/4688_xml_windows_security.log
new file mode 100644
index 00000000..be7e2e2f
--- /dev/null
+++ b/datasets/attack_techniques/T1543.003/services_lolbas_execution/4688_xml_windows_security.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dad07c208742ffd84a56e165a1f63533070d702e95dae5c724f301d2db41ed9b
+size 2631
diff --git a/datasets/attack_techniques/T1543.003/services_lolbas_execution/services_lolbas_execution.yml b/datasets/attack_techniques/T1543.003/services_lolbas_execution/services_lolbas_execution.yml
new file mode 100644
index 00000000..83321109
--- /dev/null
+++ b/datasets/attack_techniques/T1543.003/services_lolbas_execution/services_lolbas_execution.yml
@@ -0,0 +1,12 @@
+author: Bhavin Patel
+id: cc9b2651-efc9-11eb-926b-550bf0143fbb
+date: '2023-10-02'
+description: 'Attack data for services.exe spawning msiexec'
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1543.003/services_lolbas_execution/4688_xml_windows_security.log
+sourcetypes:
+- XmlWinEventLog
+references:
+- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.003/T1543.003.md
+- https://atomicredteam.io/privilege-escalation/T1543.003/