From bcb6b50def23d65bf7d64c6f332a6be1e5a33cc8 Mon Sep 17 00:00:00 2001
From: blueteam0ps <jananthadm@gmail.com>
Date: Fri, 11 Aug 2023 04:20:49 -0700
Subject: [PATCH] Added first batch of M365 atomic simulation logs

---
 .../m365/collection/enable_pop_imap_owa.zip      | Bin 0 -> 686 bytes
 .../m365/credential_access/o365spray_default.zip | Bin 0 -> 1995 bytes
 .../credential_access/o365spray_reporting.zip    | Bin 0 -> 1830 bytes
 .../disable _strong_authentication.zip           | Bin 0 -> 1028 bytes
 .../set-mailbox-audit_log_age_limit_to_zero.zip  | Bin 0 -> 701 bytes
 .../set_mailboxauditbypassassociation.zip        | Bin 0 -> 696 bytes
 .../unified_auditlog_ingestion_stopped.zip       | Bin 0 -> 678 bytes
 .../add_a_user_to_company_administrator_role.zip | Bin 0 -> 901 bytes
 ...ccount_delegation_full_access_permissions.zip | Bin 0 -> 765 bytes
 9 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 datasets/atomic/m365/collection/enable_pop_imap_owa.zip
 create mode 100644 datasets/atomic/m365/credential_access/o365spray_default.zip
 create mode 100644 datasets/atomic/m365/credential_access/o365spray_reporting.zip
 create mode 100644 datasets/atomic/m365/defense_evasion/disable _strong_authentication.zip
 create mode 100644 datasets/atomic/m365/defense_evasion/set-mailbox-audit_log_age_limit_to_zero.zip
 create mode 100644 datasets/atomic/m365/defense_evasion/set_mailboxauditbypassassociation.zip
 create mode 100644 datasets/atomic/m365/defense_evasion/unified_auditlog_ingestion_stopped.zip
 create mode 100644 datasets/atomic/m365/persistence/add_a_user_to_company_administrator_role.zip
 create mode 100644 datasets/atomic/m365/persistence/mail_account_delegation_full_access_permissions.zip

diff --git a/datasets/atomic/m365/collection/enable_pop_imap_owa.zip b/datasets/atomic/m365/collection/enable_pop_imap_owa.zip
new file mode 100644
index 0000000000000000000000000000000000000000..eb0da98912623e320c55f79877540d67b2de9708
GIT binary patch
literal 686
zcmWIWW@Zs#U|`^2_@&4Z?!I{Ox*v=T3_i>Z3=%-m)V#!`oYeS&{DSz*+{A+T{PIM-
ztm6E<-r&=Dw+#gLh`+EGvD(^@`9X7{)m7dgg^bG*8z(Q|D2mt@vvpHSKvAOkiT&kE
zZ`8{0JaKz>?##J&llpH)a$N||-Mr?SqPDT$PK7NBF*=!XUa>}#eK&FUuRLTdV3@UN
zCzI0NewU(U99QpUX>TpoQ~H)Ad}&3;6xSCgZ{`$ohUVVBJHbagV^w@|oygTVqjOE_
zQ-XX|&f0D?lycg;DJ;Q@yM52=2e+O~|IJ&Ka(L_QYkwED*WF%t!YG%yDR0*VyH;B^
ziKR`!r;0W0p0%FgKbdYfKV`dO>5GIbyRt9$?`l1G=I6QE<}}lcxmQCoesx>Ay|)Yq
zjw)D{(lfPZ70_Q<p96}Hw#ePubieua@iry#b45!#7x8USJlwf(kHRTWb{nJo9?Kh&
zA7kSakAAtg)%Skc+by}*rg~R&{k^g^yXBnO?DW*=41FHeE1GSm&I!v#I4;^Qm=nlx
z@{Rm+cOkZO<+UEXSB#%KwLk6(D1Z1rw5GA}=W-jK2U($}1{JX_UyPR|zKYL(c0DAf
zPD8^y|DKWQ(~?=wulQ(Ae?P&by=7N~O!qzew00$NxwoNz<rudI<hNgVek#16h{=EQ
z{yU~Q=cG53esKSl`1k*!XK%S3!pk=YFKGANcED41zD97A;}zD0Y$6lSSTEXoB>zFT
zjrfmvrwcbPzYgEe7~svwWY2&ry{G_F3<xNIN!+Q23#x(<n8q@6Uafz5@+L6Np@IN!
RRyL3bBM@c*X+0(o4*=3oAE*ET

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/credential_access/o365spray_default.zip b/datasets/atomic/m365/credential_access/o365spray_default.zip
new file mode 100644
index 0000000000000000000000000000000000000000..316435765f88b869686d59ea6a186fda4f90637d
GIT binary patch
literal 1995
zcmZ{ldpOgJAIHDU?J$us#xu;VjF3w%8A2Ij#^hFEg+p@5PzX7i+%mDl=592^Dz;SC
z(J9B#&1QzkHRZBu9G6lp_3Qke^PK<A=lwjN_w)XIp7-A`90nw%3IKo{@DU*w6j?k<
zfXM;?&l&)rKdy;Z2W*H*$%ORq$f#&S>X{U?)5OFCQS}q9z(V=r8v4H57zC|x-+b{=
zU*bs=aJdVW@8YTJ6EeWDiZ#ZKSArCAJN~22>*r~(oKxhTgbTfgSFSVqPN4eNBTerG
zlpHh~i%0Bn^`U6$z`~#J?2&SBR)Ne*3C2BSVr=mIqLa0+D~ZU=9s8bQP0u%6@RZ3=
z^K~cLF;(LC+gVbnAJY6H{5p7{=v>-aE=n*R4aNLa@-w8F?i*%U&M9n<-4xmK+AAJy
zedjF+Rs&^cE*!bt`8J$=9yT{@GFlc@S#N)%EcO*hfs2lAuG)oBo@Po_j&10_=1g#*
zD0PoNx2r!2*|~k>J#*Y+j<nvlhV|{C-X{co2);ld|88~RN|^2M{RXa<5X6>yk`+yk
zdTD}e=Y%L62wofYeYbRUr)zAWLm~K%S{l3-?K5M;T8hCtclcu-c%8Gh;kEs>UF|F`
zuU-}Zw(@TB1$-Q~d8G#-I;U2SU45Vxo;S;g>vhP3w-+IQQxMo^Tk|J-;$N<d^%V-o
zo>h?BNapfk@w0&fV@JE_(hYu7=Fz&EAQu1jl>S5V#%uiy!iRN!T!#`F>y+a(kf~uF
z1Xl}MZR>7!t1_SN%UFCI6N(z(r+fR>^fwF0Q%f)>JEOZ!PsI=T`}Ph8nlvT$TCZv2
zTd%W|8agIW2^;Dt)vV9FyzKphlm3SrijS{#lvPX(;X4P{bhMlN7Ow|{$Cl1EyuW=P
zw=iH;b5P*nk&)A)J~iBnfo*1wt;8Y=Z*t;|23=PdHY@D!*wySz!_ECgBBm{CSHloA
zJ_#1%7;?+MHcInuBtIjA+G()7H)Rxa4_cW#H9SB5_46h}ln^8|HX9sOg1z*ZV6w&O
zVHX1D`;Ruw@nzEIJk&!92-Zky1Qm%!rD}$t^;p07g~WCj#Gv1U`#M#!b7W3D_&`!(
z9uNP^d`A?3S#zSlAx>VqoD;IT@IGa;#6d3gTsJqUDc|GMHAq9A@Qlwql$K&o;gRT1
zjT((h;wUW_ES_`9G|rojXx!r8C1sjNf4u#fRj{uR=3lEEptS#9yZYQ0?J;vgXcXPu
zDiJdKD6PHVI(Cdm4U6j~4&CRz-j-E512HRl>NVU+(2H`*jxq$nOp9H0c_T@-ZApGD
zUVfT9u&;}n>=VhVQd$e-v0kzqVf)pB*RLH}Z5k<U6T?@>T?b?;XHuy+ehBZ>$q?9(
zwY0m;w8xi4w=QH7WFvz*kuT{c2SLCHQDl5Qjf-SO7@$mF*%X1jS|5@M*L1_sV$h@Q
zP5RAm8JVDHR*(<JMsUr<0YlJGLT(q0Jg=gLY)GegrAHhCB)az2s}ZH)>8FRmC7WQ^
z11j)faMZT9Gwp0qCPRrP)N&Zn6xiN+e}l$lx-j{c+8}0$;guo%p|9n`_)gcgLrkkI
zEqU-oA=_b>9{-yG{=FW9Xiyu+wc8uzh(y$ieQ7s>y!RB-3MzX%${@nWAO&=h<g%C9
zRj5VYNry?((-r$f2h~0vYxv`SV70w5B{kPE6dX~Pt=5}B-a_bSxjBcreYvT~iK8F%
zN<@n+S&ZQ}I_`N5ojL+#vQ(@$Qt65P7bTQ;Zh9|$CD5xDn$2hT6O5T29BiW~aKn_?
zdd93=d}w!_$*C6K$K~bh!vR=7$q`+v(#*lU))NbW%7?1zLEH=R^s~mMz9tjqp)CEW
z)#`V0BSsx^X?%QneYr9FjoGEox>mtDj=XT@=pDpE;BNh1m{h)&QGmgI7cL+Pvs^x-
ztVeeJ)_VLqC2Ku&YZ+H-nCpUV1Q%27nuqrhJ<}p4t0*e2jjDt)(gi4~Y35qf*Xpag
zyVnnJ*qJxNnJ?w*MO{vjorx=+alvzcusIBeLCW0`(q{l2kHgLgDoB8zq3^R)i+2HY
z`5;hZFMD3O@a><;mO*KiJ*vAk>fquPJrRrjX|5fsKrvAH^v&DQLZr~%<NPyXM%Qp+
z`ggA9y;h&dU9|Clr)8dgxJE|t?vyY(JlZ$4A80FWA)`hwgFh(3V-??O1*g66uEKf}
z5LU65=t5H|1wA`G>mz0bc|}vHj6}Cw35%>8?3Xyksk0=rd}%1Fxj%VBXDOaePg(G9
ze4M)<zS1a5!gOk2(tPL^xYAvDD`8qQ(t=XS?NwTKa?#Cgw2tM7?N+l*%lDVJI7YoT
z6kDXUahz+cdT6GWm%U&|+f@D@g`{3LUf8Dy%6Hky!tPYL+ZyhPRak6g>%CwEV<nVU
zBrV7eFFR!_@vVp5B^s=V#>k>kw2@lqEme!Wr2%OtfF7QXe<7|h&pYxZzm%Q7rD)2D
zW8iiD>#_3GN80I;vQYiHjOZu3RYI%B6Y7LhxCp?z)#umlUy`DQlFo|)2t08)fVxFV
zdo{a#jG03g>Hs*5grqa@UpO`R0o1=o_y7C9;41&mUjonoE;}CX5I&id_^0r%;V{xN
Re+P*liuvI_KadRo{{!77n&$uj

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/credential_access/o365spray_reporting.zip b/datasets/atomic/m365/credential_access/o365spray_reporting.zip
new file mode 100644
index 0000000000000000000000000000000000000000..e881d1ee13919229fb7f5eeb7ce48880fe17b9b8
GIT binary patch
literal 1830
zcmZ{lX*3&%7Jw5XVoNjDAhlIU6(!OTOPZjy6UCE`s#f~i(TY8Jw!V^RN@WPGrIy;O
z)1nxfPAwg3DHRk&MW5RDrD}<`n7ny&-oLr`oO{pRe%*V|M{*Jc$pZiY2tc3-@us(0
zEQNppfCf(h04~f1n_y3chlE{@@(cTCNN`w0K+rYA>*2vct2sWwgGTb56KMjdR{<gC
z&gy85??u$E1UOM95}+1~V-d30m|4AM3*E&IYzOj;3Xfw!T}r2P;_>*?{JmSs6OUW4
zXS~)FV~ifMakI)rcQ*pFawI(DG&@wME91ELG5?9uOdK+ooh;S-G5(k#$g!-|&+*;P
zB!0;EXYx!JV(Huar^SubWaWgNp#AR5_W9nzr(WVMW=sOAEC-S!KIM-|054u(aU<qx
z#wi<KN9m_mDaRfJ9u}Ou%5$aUwj*xfDqh7*SqT!d&>eXkP2HZW1lu61cUp3`p_#MY
zGt${ORCPsW5WB$IYW>GvY)9Xdud5ZcRMqkVrBlu~JsR)io{?$(Wyy`a)lm^w`yqPh
zC9jy9w;foF%U|e9_>lCOdh4TV-FmcRmb&ZMtAvg>iFbDRHGM>;`8O&bGZO2Cecw1%
z(cRQKA~3+_Hjmjf6r5TbjtM03bF0L;cq|DFNnMicEIkge+W!7l5Kp!Hnjju*&4ji&
z7L0umfr8im;p@FESU&4LwK27&fS=5sq;LP0&09%65q2-d(CS1t>1KAS+DZ!iW2v`Y
zq^6R$oqBj^6z1bZL5oSq?p-j?r2fHdiPP@dTF}G<oOhRN^iuSIN{fn^runY6B%fg4
zbs0Ng(*x^hq2vY6dy2dpfu55Mg=4HannFrFr+&vS|KHrWy@4}!I!E|=f-Br;sae7D
zTbUIvl>cYu{KnV1?XdZ_%G`aM6^+K`pt|-0%W9|az3q)C(|%bz_GwRM)%frMCP8KH
z%S8LU;;`>}Y>sKQ>H0$rlgh^m<g)5aNV{05Ik}ZMYyD*W{I#sv>kax`$FR}!E9>60
zUws7J>J@kXWuI4!x!)`Ib-Rmv{M3dwOjBC3Eg^Yca|<q!evyK`#^@K}`n6D9P)TRW
zM)c1k(1G5xRrFdapUMmNj2R{PU<c8G{DEf1bkR+I?_9rFpsBaI{tjYj6@IQGyzcdo
zPsYc}=e3(n`3gn(#?<X2%XW19VVnc)`}WjrH3a7lqEH{MX9+u&t)&G&8v$j&DJ5Kd
z$=)-wxXKB=KB$O=)VlGw8wrpgV;SNiPc26cvfxNuSN@!2@nz53M2}B~_h~>E%E)bo
z=rbMIcS+EG$qEP(ow6Doz$r?j;E=>Rw-99{w)#1RrSfbjK&2vGOID^g4s0hz52?%Y
z#i7sP(MQovrLSqppU%7Hb%px_NA%6nRmg7=?h8*iZ|>7C#cJbF4hh5QW<S7*MnI)u
zcdN%d5r|wRG#<5%zR(3^8OoWBgBc1KJ)18?%G5!5Z30bGYgO?pvDllPA7`7I=6h13
z(dc5#i6r)m86`sKL)Gh{V|J|F@c=?ax|*y;F93FUwP9m_)SfYaKgv#?f*28Tm!;-g
z@4#<V&_yk<{=@BT7W*+|)ZU0e{smK`V?Qp+M>r!e5|4malR!)zVjtXs$WS}ha8cHF
z?h3?ux>tMyghIFFQqpbX#U0Ie%N?p6qwTfL4z)=vW+EP@7|5zp$jk0Q`4i?bgEoA*
zNXy;ovljl5J)xOswlfD_l5U||+RNNz>a@_^mFOpnF1<l5C|}Vf^<VpG<gJK`v7yPl
z{TAY1Vh`HBsHc=mYt-**jt=URkwk69JRil_)9Rb9<RCJ^@2sV<f-%g%Ab5ZIH#s9C
zMH0_IjRMy4(h1EFVUv^Rn>3}YiTz~mQLGfeH-lt!MShE2BZpcru3bjP%UQm_9(rU^
z96QBj-yY{!Dy5nCx!${!vBj|uIdCYn?GbBs(ZW^HLn`~BG&RaMMV=i;d6uaa|9(uw
z<Du<?X*BOw`@l!??^u@;Zxk_9c5)eu(s&)1v@*!bMtCT~r&^wkdoGenL%g2W7}1I7
z<(tmDF{c=3Ot*U=$Vi+vG|vaB9krNa#+fOznJ4tYoHhrvPg)%!>^BGMNrkDP&(7|`
z(k(Et5B0xNxQehpa+_!Ewm1=D{4NQm{!HSB0B-*g*(QJeE~k5qTh74G!Ox`}F22-}
zjnHZXF@Vg%Yl%o&z`3jgH;skkYO0cuXvssC6r&7eoObDV?FD6u!-br-vO`hH^cNAn
zsGpFDNgz?-(qT?x1EmK01%!SNJXRjIC4V5J1aj~(kAQ7S*OVH#j19zxe^Mnm0Yy#&
z{*F`HLQ?%#H2$=IPc6y6I)Fm96*uKoE_QtY{x$M{M{*Jq@(%z23iZ0sKl(HJ13+Cn
A+W-In

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/defense_evasion/disable _strong_authentication.zip b/datasets/atomic/m365/defense_evasion/disable _strong_authentication.zip
new file mode 100644
index 0000000000000000000000000000000000000000..a8cb1f03e1ab3b5d68d2441562a77986f031f62b
GIT binary patch
literal 1028
zcmWIWW@Zs#U|`^2U{>M?UtRgV)q<IUK}m>#K^Z8Tl3ARXl#{9uUtCg@pO+q=SXz>i
znpcvUoLG{XpQo2qoS*kL{B+-C1ChI*MMI|r^#AdgvqYPVb)}Py3%AY*4$E)8oJ%|l
zWft`OdLN^{R5q^3(Mc*`wU=Mc{NnlF0`;19i%rp<T@|@baR$qrBF79Di&!Hw!6YHq
zgBCNSV<t6aYnJ#d>d+K&nmA!jTNB4Aix$lzCZ;>Se`L!!-!UOwda+E;F0nT=<2PxC
zPM`nl>O3Pu#m7863#X{5EV(pck4BJ_@090E(}flaeitc8K3lZgkze@#t+J`n7EgDH
zd5X=wc46C&_ma0N8KUPTPvP>@oW5{}{^Njq*L>g3+Gd&ks&u8Uo#;Cs^VhZ+3zj{8
zV0mL(`P|-S@!r~K(^J1K|6YllkrlqLJu=gA_p!WMo1fA(@02rRBiA4Jcj#Px-rtEk
ztKTmyyLbNH_G)?AD{N<kZzt@E<($zmUHqW(Rq;T{;9oMUv)KHmPCb9NIJC6xt&+9N
z9M;J?6&$Z+a>U*=-TmRfQ2i^j-DU67-4Vw{cNM0*%51v()1u<Wj7=K#&(0jWxh&4t
z`ny!7*In`dntNUwY%o2i@KE{3ht|(eclu|i^1YvV_SMA~i{w8{PyD!A_u2c-O?lmn
z56+y`k&wS$8{H6}@c8tCQu${*_om;_?w2ypzs+|>RzvFc`*Yvs_W!Rq`LgAx@U%ON
zN}MvqcwDUQ=fwM6-g7OqJyYsyZQo-<=Hnac^x3B;?aN7A`G#x5;dA@0ywSc_`*B~}
zch#A{=Dl2PF#m7ZY2LY_3p4wF{9};a)^S+u{iW46GS-&(b&9z<9-31$>6C%`u?qq2
zTAG)b_#)~K{8KzL+s03xX>WI8;_0}jUNe;s>1|uvTzdPlNV2EmLWN3|4`q`lOfX?P
zveYox#>Y3Wi!uFbgS4Kj<mrG_QzQap&VFP{yd$8id`zXmYeu{7uCvQF=0(2RZt$aX
zvUA}^uj^_HAMd}Y|2$r4Z_&&$^L2~-ZTueDv`+94P3CGzb8*!O?_9ERVN=%8eOH%9
z-dwe(>0*JMd%XOG$w{%oN3A?Bf1S8&^0q&}KFr_pbpPdP6I4BQT0bT!d9Fxxobo_1
zaV5iH<#Wm$`>%?vVAx-KB`x@E|J97ex4tpII>gcc?d9SZ_0witHvRdU%`SHG|3juf
zB?G(}nd}*GWjz&O<^ur*FiBKK<bo<@WRPIE-x{{#<;k0jP~C7Uz?+o~#9;)&QXpLk
I%<Bvc0HY4b0{{R3

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/defense_evasion/set-mailbox-audit_log_age_limit_to_zero.zip b/datasets/atomic/m365/defense_evasion/set-mailbox-audit_log_age_limit_to_zero.zip
new file mode 100644
index 0000000000000000000000000000000000000000..63c48c61f4dd78d31d260f1b7ae7002828a0862b
GIT binary patch
literal 701
zcmWIWW@Zs#U|`^25K`g@ztklrb)S)e;WrZlgAP!%IJHDKH!(9ODZfHDu{0&KBt9oU
zJw7o#H9jXZ7sxBgkFQEC%Gb*(&d)0iiq5}mAo5RJ!(ZX*#gD2RFRPz2S<=b7YOAzU
z2YY<CqOaC*SKZ+M*6KH{Hnw|qPWe%@{j)0nQP)pa$M;1aU#tI&mH8NFNXx-lmn;wL
zS=Aj`__SaNPkR)H|CY^jIQV9n%#&g|HFH&B$SpO6Z>P^K_Y~CBo`15pZ|zI|$11rc
z;{W{)ySu7uEWRhm5a8nQwu5t_;sdQ@i$0O<Cw70`=AT!4C(*%bAK!1Y^_$N9W^}!l
z`ChQZ{KuD*@*f+R3fK;09kjm|bjAO$yWMQj?{>U15-$C^wfuhW`r`)E*?$L@&klUO
zsCVD#@Y9|?Q+%dwS@|*VSx8V|@9G)x_nu{PuATC2hYe@w*^Uh+0%w=1tXi0mrMhJD
za}MFU6N0gqs&AL?l>fEq{kDs0HC#Kl{1sc+eK*gEO?m2LUV#mwN2}H-bItWAP|HwO
z6~AJ$+;;MZ2cIU?zAD+h;TnHL;Dxsj;;;RW^pF3&l}FhkFKPMlHQMw4{V*~6`!=tV
z`_HpxmTP+|y;o0ijO6z6UU1f0MYq%`*2Mktd;X)7Pfk5tVJI(Hu>SVniY*y`A6{kh
z+noL?>3!0^cjn!_`}=Os_&?bpc!qy?;V(n&upKXdZqJ%Cc^8|rL70M4LbF@wJPl{v
zhBX@3_gMU84)A7VvS+}RR8)Y81q2kpBxwnU3#yBeL4qN~tNhf<lQ)4$5ETS?v$BCi
P7=f@3NNWNUC<6lk1N0$v

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/defense_evasion/set_mailboxauditbypassassociation.zip b/datasets/atomic/m365/defense_evasion/set_mailboxauditbypassassociation.zip
new file mode 100644
index 0000000000000000000000000000000000000000..1f1de633a07c9ff32a8a836ea74e3e66ee169297
GIT binary patch
literal 696
zcmWIWW@Zs#U|`^2;8fxW&%F{*{)~}<ftQ(qK@BKcoLUl}o0yrClwXlpnvz+PR9TQ%
zTnt3{$(e~InfZBoS;hHzr9r3jZW{>vnd-D$%%D|OwQGuhX_E*?mx<e(B^q6FKO%N!
zrJhuHc_{Be{d=$8<|h-H875j=8(ZHw{>Es5=i3YGZ|kOg_G!?N@K8%Q`%~tMjKb{H
z>vdYDaZDj=w3enW-Ed;Vw-XN4+S!UrO!_u#x8@O6-nzzMqx9vnG7Ft=`+UWZ&+RM}
zeEi@Rr}3l1$G*J1|I*@RMtsr1i^dEW*0h{5zHMU4tiM)w#ggv8=X`es{`}gZe7nZx
zSnc$%lS^t<CY9b$ZhWWQcD`Z>H(vk;L*Ue-%e|&v4gOfae?}_5gp%cq9sBqmmYdJG
zc;@QCzb1dvp6q%P_2%-|A|>tOg~f5<U#=EMW=e48ztu0vlsc4=J3;%nR3vAZ)jfk?
zjiV)J4~FduiJPnI^J7L-5U2dz3(FPxeqP9r7JsqcbEot+me@CC!kadF{a(bz=2z5p
zymFamr|CVjV_Kn8?%3_NHNSZDs$${`-|Yo_%C1*t=skM<WB-gy_IsZUnr{2vo_+B(
z*I{{{<V*M8O)n3)6Qd#Ub@%s}XH1_~J+Wbrt6#8eDd!RIM=HPm8deKcZsZT&yHU2P
z$!<no|MTnCXXhQfJ})iv@<-N`iw_^3-Qs7TcC%}l&H9kHdyPaR+@?u|nN68@RcPk6
zJB%79xr0-d*9UkrGTAfWN-HYB)B*wuV3OFB!v$5($RNSMy1Z@w%ab>OsSgzdc(byB
OL>Pgv0!V8yfp`F^a3OyH

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/defense_evasion/unified_auditlog_ingestion_stopped.zip b/datasets/atomic/m365/defense_evasion/unified_auditlog_ingestion_stopped.zip
new file mode 100644
index 0000000000000000000000000000000000000000..77d3fc3079053d1e79dbab6f0a44019e5cfe8763
GIT binary patch
literal 678
zcmWIWW@Zs#U|`^25K!U>mq}rLc8QUJ;S>`CgE~;OG%qtPGc_eXu{0&KBqu*TJ~J;p
zwYVfRKQF$xB)^~_HAOG0I6tp6=ycv~1A#xH&dbF(Sof)P*<Cf2Iq>3i$6FECi_G)&
zqGuXu?DCL$a({QoTPE8l3J!PX&YT<hX=Rk!@*;^xdNQ%5>ou0~JY);pqg-+CgJs^T
z*;%>X-8=j;vL<|BQ+{`w?dCDh7VFj0o`vd5Sl%q3>^)g2V4L3JR@=567Plwd=Wl;1
zP-`I)Vzok|&i{bt-pz9kuyh+7lYO*ft4B5et8Eu&Ij&A-t0+ImbMl>>f5NmWk1O7N
zHd|dI=a@469G}DQi%ZMj339O{yBRLiP2axu!P})jr~Buxs-EsvV31iWcj<gxz|k|W
z4%UQ!4A?TQw!m<``DBUpnc>1W52-)j@_5n|jbH7?m0X6YbA1!jCzP@MEbeIkXjFEn
zXX&F$(#A(@dYo;KBpY!4t66upfaS%bl35ety3ZMP3YzgYPL=4ka%cGzR=u<}Va|(s
zzV#{^YveY02Y%&FzQd9Iah3et|JwgoEW2HI(wVW{xnotu-CbW!FWq!k|MywhH2Hg6
zK2P6>W@dH0o+ccWtQ60jxmf7Mp#q6tUsvwpxq19S^XBX78`{1kf85aJ_5B>v`?#;q
zoA&6st$v<wepRd|KE6$~r*NfB){KA-?nM)>Oi^B(%k6h7%rMIKKVyJ5Ba=M?u7sfi
xOd24d049k}CR|Vrj0_SCy#muuygYdmnAT81fHx}}NQ4mxD}l5)FeNfD002{n6l4GZ

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/persistence/add_a_user_to_company_administrator_role.zip b/datasets/atomic/m365/persistence/add_a_user_to_company_administrator_role.zip
new file mode 100644
index 0000000000000000000000000000000000000000..e5090ea71877c9392b984250bde8cccca4aa344b
GIT binary patch
literal 901
zcmWIWW@Zs#U|`^2c&Eq_ZeJ&&wv>s1A%=~CK^G{Rn358o7++ePS`=TBAD^6`TacJn
z8K0Pvo0*qcTvC)+l3x^Gl%JETmsOmfw>IQ--faVcJ>oCyC9Gz%xdyGDlXZhLfyKA`
zhA*FMK){nz3Cf*puIhzM|EoQJO*G-(!C5u=#LSy>Z?eiSn#h<pH7|Wt;|mR?838TE
zE-!eNyX)90RbJ^=yA*q}>#0-Gvv(<t5q?4;1v8boWKK=GJmbib#QnMlSX|vDy>4bN
z&^-8M%{$51!v~bl%-R0RuA!+&Z>Dmyi^O9Y!#Q3dVWEv1d`?|@{Vc@do+U@_lbo#u
zz0dw_kG@uxwKKNNFJ+eq)2?$5>q-**5}%$+>d`znV@c1vC6eCzIqpW?ec6~Nt=jW@
z)f<NwY2LRy9@mvHF5~8VR9CX{Z0XvaU&`K1XKOpON?Jmj`B2v8Pj#p6zpEA!FufzI
zAyhCo^sUU9+ZV#KW$!y=*G^uz@v$}cT9%)8GsJg>J_!2pQ(*2#0}s8WpBO(^@l0EN
zi@o^Z>!tgvBivvAljDq@`|y&XQ>Wl|gYvKQ0?yriv*>H6{jXI^S6#^tE#Gj^tbgO;
z`3K+nDXIn}L>WvG3vH5ED5>>`N%_sQ*{O!!3diiuM7@)^ttQ`kd{y+7ny3B$uF1Vj
zJ9s-ZUqkxps&i8B9$6`vH6QDYoN?m+z2~Y|zGkk@zwIle|9h_E>1gR)Z|7yl?!5Us
zvpqunaedUZvwkYC>k{_d`EA?sP9agWJ~fC#&#Q-Jt=17QpMZ&*ggiTEdQ`-TioV&I
za{jNv+37Vl_oQVlqx0DBe-`qQIqVZYw{_X=J-#bDCL1m0Fme=Zo}n;LxKYUOl!@XU
z)s0Uj_dR5l>Q2^j@eGU-DtM}~Af{s7<VPDfdoC#2^0H{-g=6QY>}d0ye~-<)ctfIB
zf8!^c=K|?Wp`Km>!iB9CXN{(a8|q!2lWOE0@A<6RB>vOSj}P5nyiN7oG`S_!f7;Wm
z^v`#Vqw4>CVGr<TWU^<#mEu)^X&wX=z$A(3p9`vukwJptrVjI>mnUyBLd}6w0p6^@
Tti`~<2!!=O`U5btF)#oCwswJ|

literal 0
HcmV?d00001

diff --git a/datasets/atomic/m365/persistence/mail_account_delegation_full_access_permissions.zip b/datasets/atomic/m365/persistence/mail_account_delegation_full_access_permissions.zip
new file mode 100644
index 0000000000000000000000000000000000000000..53b201f33aa7050f2b80a259db1c3eb951f59b71
GIT binary patch
literal 765
zcmWIWW@Zs#U|`^2c&f+|&iveSH$M{tLn$)@g9%VHH!(9OJ~25tzcjBTJ|#6LH9fH;
zGe0jrtuzNLo?2WSUyxdqn^{~86fV}wD$dXA4LY57#X(??@<;v?>J!SsK5shySeV=E
z2p7}p6ycUdGS4n<mi%yQ^+z4Aj!*Bm%vEpqxbx=St5vUN?bEbVGqC)2*D7ye2AAJX
zg%Cl#Ydz*o=1Vowj$TUkUi~0K!*b#|W2Mqu&jqRiQPt7Wq0S$;Hr_9rpynnMS>fO3
zlapJ&wP{Q5;fAk*lg*ZO*Q?z)5?g)Jg4thVsp-TmpN_OG;QYFDD^v8=0*i8<b^dj=
zd!1M3{E_{ZYj;xZJ-bTea$AKLB@JIB*KItYAvz~0&a*H=GxDza`)5DbSTvhR&Dyc=
z`^)g#voD@GICZzl-LxmaZn(YpRMdL4IB!MXn!?n>Gjb$!XSdCCyWPEPis{wIQQy>e
z*yyrcs(4rFD<bNkvfA__*XGqZXGK}guK4u5OzqDEWvyl3*S#;Y|MGd?ZMW$kw4dyJ
zy`3ZWO_{J!!j-rTuNB&oZclAiHfjp(;XS6Ms<OHNoP67cf`X}vrORS1*qM)s`dA;>
z@Bi_tkNJm5?SeAq8;uuV7xvh%*t_z-MXYRa;TOlib@%tAKAm&9GBnV3dCb1U3#WRX
z=zgS8RTq4xTgUcR_fILt^ksMZm-=5=%3(QMJb1@k+jIBV7Rs1UudFy$xFcWQtcJ<o
z(4M)r)9&B&6PtFoh-`i-<KzC>Wn;$eN8ggd<}A2$STI}tfW(C(8EPNSYP+rBP-Tp>
zdfFS}wffPwudDY5cr!BDGvG>MD!@br0t#S~yadMu)y>Et!7$y$VEW6GHyNSE!Knam
TRyGia5eVCWbRsa3GcW)EQ~p40

literal 0
HcmV?d00001