LOLBAS/YML-Template.yml

---
Name: Binary.exe
Description: Something general about the binary
Author: The name of the person that created this file
Created: YYYY-MM-DD (date the person created this file)
Commands:
  - Command: The command
    Description: Description of the command
    Usecase: A description of the usecase
    Category: Execute
    Privileges: Required privs
    MitreID: T1055
    OperatingSystem: Windows 10 1803, Windows 10 1703
  - Command: The second command
    Description: Description of the second command
    Usecase: A description of the usecase
    Category: AWL Bypass
    Privileges: Required privs
    MitreID: T1033
    OperatingSystem: Windows 10 All
Full_Path:
  - Path: c:\windows\system32\bin.exe
  - Path: c:\windows\syswow64\bin.exe
Code_Sample:
  - Code: http://url.com/git.txt
Detection:
  - IOC: Event ID 10
  - IOC: binary.exe spawned
Resources:
  - Link: http://blogpost.com
  - Link: http://twitter.com/something
  - Link: Threatintelreport...
Acknowledgement:
  - Person: John Doe
    Handle: '@johndoe'
  - Person: Ola Norman
    Handle: '@olaNor'
Update YML-Template.yml 2018-09-18 16:32:50 +02:00			`---`
New yml template 2018-09-18 16:31:27 +02:00			`Name: Binary.exe`
			`Description: Something general about the binary`
MITRE ATT&CK realignment sprint 2021-11-05 19:58:26 +01:00			`Author: The name of the person that created this file`
			`Created: YYYY-MM-DD (date the person created this file)`
New yml template 2018-09-18 16:31:27 +02:00			`Commands:`
			`- Command: The command`
			`Description: Description of the command`
			`Usecase: A description of the usecase`
Major changes to Web portal - Small fixes to source files to adjust 2018-12-10 14:28:12 +01:00			`Category: Execute`
New yml template 2018-09-18 16:31:27 +02:00			`Privileges: Required privs`
			`MitreID: T1055`
			`OperatingSystem: Windows 10 1803, Windows 10 1703`
			`- Command: The second command`
			`Description: Description of the second command`
			`Usecase: A description of the usecase`
Major changes to Web portal - Small fixes to source files to adjust 2018-12-10 14:28:12 +01:00			`Category: AWL Bypass`
New yml template 2018-09-18 16:31:27 +02:00			`Privileges: Required privs`
			`MitreID: T1033`
			`OperatingSystem: Windows 10 All`
Major changes to Web portal - Small fixes to source files to adjust 2018-12-10 14:28:12 +01:00			`Full_Path:`
Adjusted template (some space errors) 2019-06-27 17:02:21 +02:00			`- Path: c:\windows\system32\bin.exe`
			`- Path: c:\windows\syswow64\bin.exe`
MITRE ATT&CK realignment sprint 2021-11-05 19:58:26 +01:00			`Code_Sample:`
Adjusted template (some space errors) 2019-06-27 17:02:21 +02:00			`- Code: http://url.com/git.txt`
MITRE ATT&CK realignment sprint 2021-11-05 19:58:26 +01:00			`Detection:`
Adjusted template (some space errors) 2019-06-27 17:02:21 +02:00			`- IOC: Event ID 10`
			`- IOC: binary.exe spawned`
New yml template 2018-09-18 16:31:27 +02:00			`Resources:`
Adjusted template (some space errors) 2019-06-27 17:02:21 +02:00			`- Link: http://blogpost.com`
			`- Link: http://twitter.com/something`
			`- Link: Threatintelreport...`
			`Acknowledgement:`
New yml template 2018-09-18 16:31:27 +02:00			`- Person: John Doe`
syntax: encapsulating strings with special char 2021-03-09 14:13:52 +01:00			`Handle: '@johndoe'`
New yml template 2018-09-18 16:31:27 +02:00			`- Person: Ola Norman`
MITRE ATT&CK realignment sprint 2021-11-05 19:58:26 +01:00			`Handle: '@olaNor'`