From 909a531b5a062600ee7a22202e1eb032024bb7ae Mon Sep 17 00:00:00 2001 From: Teoderick Contreras Date: Fri, 23 Jan 2026 14:21:56 +0100 Subject: [PATCH] browser_hijack_2 --- .../browser_disable_extension.yml | 13 +++++++++++++ .../chrome_disable_ext.log | 3 +++ .../browser_disable_logs/browser_disable_logs.yml | 13 +++++++++++++ .../browser_disable_logs/chrome_disable_log.log | 3 +++ .../chrome_disable_popup/chrome_disable_popup.log | 3 +++ .../chrome_disable_popup/chrome_disable_popup.yml | 13 +++++++++++++ .../T1497/headless_browser/headless_browser.yml | 13 +++++++++++++ .../T1497/headless_browser/headless_chrome.log | 3 +++ 8 files changed, 64 insertions(+) create mode 100644 datasets/attack_techniques/T1497/browser_disable_extension/browser_disable_extension.yml create mode 100644 datasets/attack_techniques/T1497/browser_disable_extension/chrome_disable_ext.log create mode 100644 datasets/attack_techniques/T1497/browser_disable_logs/browser_disable_logs.yml create mode 100644 datasets/attack_techniques/T1497/browser_disable_logs/chrome_disable_log.log create mode 100644 datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.log create mode 100644 datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.yml create mode 100644 datasets/attack_techniques/T1497/headless_browser/headless_browser.yml create mode 100644 datasets/attack_techniques/T1497/headless_browser/headless_chrome.log diff --git a/datasets/attack_techniques/T1497/browser_disable_extension/browser_disable_extension.yml b/datasets/attack_techniques/T1497/browser_disable_extension/browser_disable_extension.yml new file mode 100644 index 00000000..24a2356d --- /dev/null +++ b/datasets/attack_techniques/T1497/browser_disable_extension/browser_disable_extension.yml @@ -0,0 +1,13 @@ +author: Teoderick Contreras, Splunk +id: 55ccd628-f85d-11f0-89c9-629be3538068 +date: '2026-01-23' +description: Generated datasets for browser disable extension in attack range. +environment: attack_range +directory: browser_disable_extension +mitre_technique: +- T1497 +datasets: +- name: chrome_disable_ext.log + path: /datasets/attack_techniques/T1497/browser_disable_extension/chrome_disable_ext.log + sourcetype: 'XmlWinEventLog' + source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/attack_techniques/T1497/browser_disable_extension/chrome_disable_ext.log b/datasets/attack_techniques/T1497/browser_disable_extension/chrome_disable_ext.log new file mode 100644 index 00000000..8111e8cc --- /dev/null +++ b/datasets/attack_techniques/T1497/browser_disable_extension/chrome_disable_ext.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d162cad6d50fdc778ecff45d4f6e76a6586978c198513958d0f6b24dc337f478 +size 4046 diff --git a/datasets/attack_techniques/T1497/browser_disable_logs/browser_disable_logs.yml b/datasets/attack_techniques/T1497/browser_disable_logs/browser_disable_logs.yml new file mode 100644 index 00000000..c0678f41 --- /dev/null +++ b/datasets/attack_techniques/T1497/browser_disable_logs/browser_disable_logs.yml @@ -0,0 +1,13 @@ +author: Teoderick Contreras, Splunk +id: 6e7e5bec-f85d-11f0-89c9-629be3538068 +date: '2026-01-23' +description: Generated datasets for browser disable logs in attack range. +environment: attack_range +directory: browser_disable_logs +mitre_technique: +- T1497 +datasets: +- name: chrome_disable_log.log + path: /datasets/attack_techniques/T1497/browser_disable_logs/chrome_disable_log.log + sourcetype: 'XmlWinEventLog' + source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/attack_techniques/T1497/browser_disable_logs/chrome_disable_log.log b/datasets/attack_techniques/T1497/browser_disable_logs/chrome_disable_log.log new file mode 100644 index 00000000..7448b402 --- /dev/null +++ b/datasets/attack_techniques/T1497/browser_disable_logs/chrome_disable_log.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a4d5e688246499207345627a8f667ffc8df45938e9397ec42874e4c1b03b2694 +size 1943 diff --git a/datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.log b/datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.log new file mode 100644 index 00000000..8ae7f4da --- /dev/null +++ b/datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ad96dcec64437df2fd40258508faca1952f28c82a0aa3b5ab72cd588015eeeab +size 2000 diff --git a/datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.yml b/datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.yml new file mode 100644 index 00000000..78829ae5 --- /dev/null +++ b/datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.yml @@ -0,0 +1,13 @@ +author: Teoderick Contreras, Splunk +id: 9d33e0f6-f85d-11f0-89c9-629be3538068 +date: '2026-01-23' +description: Generated datasets for chrome disable popup in attack range. +environment: attack_range +directory: chrome_disable_popup +mitre_technique: +- T1497 +datasets: +- name: chrome_disable_popup.log + path: /datasets/attack_techniques/T1497/chrome_disable_popup/chrome_disable_popup.log + sourcetype: 'XmlWinEventLog' + source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/attack_techniques/T1497/headless_browser/headless_browser.yml b/datasets/attack_techniques/T1497/headless_browser/headless_browser.yml new file mode 100644 index 00000000..6197de5e --- /dev/null +++ b/datasets/attack_techniques/T1497/headless_browser/headless_browser.yml @@ -0,0 +1,13 @@ +author: Teoderick Contreras, Splunk +id: 842f5932-f85d-11f0-89c9-629be3538068 +date: '2026-01-23' +description: Generated datasets for headless browser in attack range. +environment: attack_range +directory: headless_browser +mitre_technique: +- T1497 +datasets: +- name: headless_chrome.log + path: /datasets/attack_techniques/T1497/headless_browser/headless_chrome.log + sourcetype: 'XmlWinEventLog' + source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational' \ No newline at end of file diff --git a/datasets/attack_techniques/T1497/headless_browser/headless_chrome.log b/datasets/attack_techniques/T1497/headless_browser/headless_chrome.log new file mode 100644 index 00000000..6b773505 --- /dev/null +++ b/datasets/attack_techniques/T1497/headless_browser/headless_chrome.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a1e27c24bbbb934094eff3ab56e5f730e85a7265b737e3982f2dd20a5dc90a2e +size 4034