From 94d63135f503cfd89a6ea34b3c5c291de96d16c0 Mon Sep 17 00:00:00 2001
From: Steven Dick <38897662+nterl0k@users.noreply.github.com>
Date: Fri, 3 May 2024 11:23:47 -0400
Subject: [PATCH 1/2] Add files via upload

---
 .../T1036/cmd_lolbas_usage/cmd_lolbas_usage.yml     | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.yml

diff --git a/datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.yml b/datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.yml
new file mode 100644
index 00000000..61627d00
--- /dev/null
+++ b/datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.yml
@@ -0,0 +1,13 @@
+author: Steven Dick
+id: 8c54662e-a3c8-456c-a8bb-928e6c13b641
+date: '2024-5-3'
+description: 'Some simple T1036.003 and T1036.005 tests using moved/renamed cmd.exe'
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.log
+sourcetypes:
+- xmlwineventlog
+references:
+- https://attack.mitre.org/techniques/T1036/
+- https://attack.mitre.org/techniques/T1036/003/
+- https://attack.mitre.org/techniques/T1036/005/
\ No newline at end of file

From 3c803e1dfbf2de9a8e2f4f0b81558a718db60dba Mon Sep 17 00:00:00 2001
From: Steven Dick <38897662+nterl0k@users.noreply.github.com>
Date: Fri, 3 May 2024 11:26:32 -0400
Subject: [PATCH 2/2] log upload

---
 .../T1036/cmd_lolbas_usage/cmd_lolbas_usage.log                | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.log

diff --git a/datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.log b/datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.log
new file mode 100644
index 00000000..c5e3ab49
--- /dev/null
+++ b/datasets/attack_techniques/T1036/cmd_lolbas_usage/cmd_lolbas_usage.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:498b62af6fe8753e73d8973e4ff843aef2efca7a59d346d779d4258fddb258cb
+size 125338