Linux-APT-Dataset-2024

A novel dataset 'Linux-APT-Dataset-2024' that includes the Tactics, Techniques and Procedure (TTPs) of Advanced Persistent Threat (APT) attacks in Linux environment. There are 17 files ranging from 01st October 2023 to 07 January 2024 and each of the file contains all the essential data fields that could be required for any analysis. Timestamp, Agent-Name, Full-log (Including commands, payloads, and arguments), Rule Description, MITRE Tactic and Associated IDs, MITRE Technique, File Hash (MD5), File Hash (SHA256), Source-OS, Path, Source Datatype, Filename, Source-log, Rule PCI-DSS, Rule HIPAA, Rule NIST800-53, Source/Destination IP & Port. The dataset contains both type of activities general as well as malicious/suspicious to make the dataset near real-time for better analysis and evaluation. It will be more productive if the cybersecurity framework considered for mapping the TTP is MITRE. The simulated attacks includes all the Privilege Escalation payloads for linux, recently discovered CVEs, emulations of key-loggers and APTs like APT41, APT28, APT29, Turla. An effective way to make the log/records whether it is general or suspicious is to filter the log if it is TTP tagged, that means it's suspicious/malicious otherwise it is considered as general. While developing the dataset we have The dataset is also useful for analysing all the critical log resources in the linux environment that could be considered while performing forensics activity. The combined version for all the files are placed in the below reference.Karim, Sohaib (2024), “Linux-APT-Dataset-2024”, Mendeley Data, V1, doi: 10.17632/5x68fv63sh.1 (Combine-CSV)