From 5116dafddd6087df682abbdba4a2f2e6d58c95f3 Mon Sep 17 00:00:00 2001
From: Raven Tait <rmtait@cisco.com>
Date: Thu, 29 Jan 2026 13:02:56 -0500
Subject: [PATCH] telnet bypass cve data

---
 .../attack_techniques/T1548/telnet/sysmon_linux.log |  3 +++
 datasets/attack_techniques/T1548/telnet/telnet.yml  | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/attack_techniques/T1548/telnet/sysmon_linux.log
 create mode 100644 datasets/attack_techniques/T1548/telnet/telnet.yml

diff --git a/datasets/attack_techniques/T1548/telnet/sysmon_linux.log b/datasets/attack_techniques/T1548/telnet/sysmon_linux.log
new file mode 100644
index 00000000..31668f68
--- /dev/null
+++ b/datasets/attack_techniques/T1548/telnet/sysmon_linux.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ad92be6bb2eaedc68b093184eee05d421c3bcc9b289f4b7f3042988d360fad76
+size 1629
diff --git a/datasets/attack_techniques/T1548/telnet/telnet.yml b/datasets/attack_techniques/T1548/telnet/telnet.yml
new file mode 100644
index 00000000..bf020ee6
--- /dev/null
+++ b/datasets/attack_techniques/T1548/telnet/telnet.yml
@@ -0,0 +1,13 @@
+author: Raven Tait, Splunk
+id: f33eeaa5-ecd3-4e6c-b73b-b84feedbaa89
+date: '2026-01-29'
+description: Telnet authentication bypass and privilege escalation.
+environment: attack_range
+directory: telnet
+mitre_technique:
+- T1548
+datasets:
+- name: sysmon_linux
+  path: /datasets/attack_techniques/T1548/telnet/sysmon_linux.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational