README.md

Title

Table of Contents

• Title
  • Table of Contents
  • Acknowledgement(s)
  • Description
  • Versions History
  • File Metadata
  • Common CommandLine
  • Threat Actor Ops (TAOps)
  • Common Process Trees
  • Default Install Location
  • DFIR Artifacts
  • Examples In The Wild
  • Documentation
  • Blogs / Reports References
  • ATT&CK Techniques
  • Telemetry
  • Detection Validation
  • Detection Rules
  • LOLBAS / GTFOBins References

Acknowledgement(s)

• Name - @Social_Handle

Description

Sample Description Source

Versions History

Version	SHA1	VT
X.XX	0000000000000000000000000000000000000000	LINK

File Metadata

• TBD

Common CommandLine

xxxxx.exe -arg1

xxxxx.exe -arg2

xxxxx.exe -arg3

Threat Actor Ops (TAOps)

Insert commands executed by threat actors or malware

Common Process Trees

.
└── parent.exe
    └── child.exe

Default Install Location

X:\XXXXX\XXXX\XXXX.exe

DFIR Artifacts

• TBD

Examples In The Wild

• Website - Filename

Documentation

• SiteName - Title

Blogs / Reports References

• SiteName - Title

ATT&CK Techniques

• TXXXX - TechniqueName

Telemetry

• EventSource Event ID XXXX - Title

Detection Validation

• TBD

Detection Rules

• Format (Splunk/Sigma/Elastic/Other)
• Rule Title

LOLBAS / GTFOBins References

• LOLBAS/GTFOBins - Title