diff --git a/.appsec-tests/vpatch-CVE-2025-27222/CVE-2025-27222.yaml b/.appsec-tests/vpatch-CVE-2025-27222/CVE-2025-27222.yaml new file mode 100644 index 00000000000..33d45d26931 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2025-27222/CVE-2025-27222.yaml @@ -0,0 +1,18 @@ +## autogenerated on 2025-10-15 13:55:58 +id: CVE-2025-27222 +info: + name: CVE-2025-27222 + author: crowdsec + severity: info + description: CVE-2025-27222 testing + tags: appsec-testing +http: + - raw: + - | + GET /trufusionPortal/getCobrandingData?cobrandingImageName=../../../../../../Windows/System32/drivers/etc/hosts HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + matchers: + - type: status + status: + - 403 diff --git a/.appsec-tests/vpatch-CVE-2025-27222/config.yaml b/.appsec-tests/vpatch-CVE-2025-27222/config.yaml new file mode 100644 index 00000000000..24563495136 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2025-27222/config.yaml @@ -0,0 +1,5 @@ +## autogenerated on 2025-10-15 13:55:58 +appsec-rules: + - ./appsec-rules/crowdsecurity/base-config.yaml + - ./appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml +nuclei_template: CVE-2025-27222.yaml diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml new file mode 100644 index 00000000000..48f004e2f3a --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml @@ -0,0 +1,34 @@ +## autogenerated on 2025-10-15 13:55:58 +name: crowdsecurity/vpatch-CVE-2025-27222 +description: 'Detects path traversal in TRUfusion Enterprise via cobrandingImageName parameter in getCobrandingData endpoint.' +rules: + - and: + - zones: + - URI + transform: + - lowercase + match: + type: contains + value: /trufusionportal/getcobrandingdata + - zones: + - ARGS + variables: + - cobrandingimagename + transform: + - lowercase + - urldecode + match: + type: contains + value: '../' + +labels: + type: exploit + service: http + confidence: 3 + spoofable: 0 + behavior: 'http:exploit' + label: 'TRUfusion Enterprise - LFI' + classification: + - cve.CVE-2025-27222 + - attack.T1006 + - cwe.CWE-22 diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml index 6cbe5bf1e86..1a7b28afbde 100644 --- a/collections/crowdsecurity/appsec-virtual-patching.yaml +++ b/collections/crowdsecurity/appsec-virtual-patching.yaml @@ -122,6 +122,7 @@ appsec-rules: - crowdsecurity/vpatch-CVE-2022-38627 - crowdsecurity/vpatch-CVE-2025-36604 - crowdsecurity/vpatch-CVE-2025-61882 +- crowdsecurity/vpatch-CVE-2025-27222 - crowdsecurity/vpatch-CVE-2018-11511 author: crowdsecurity contexts: diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index 8bb1723c090..df355d2a973 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -9,7 +9,7 @@ "spoofable": 3, "cti": true, "service": "http", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T13:56:35.132817" }, "crowdsecurity/experimental-no-user-agent": { "name": "crowdsecurity/experimental-no-user-agent", @@ -26,7 +26,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-07-01T08:27:00" + "created_at": "2025-10-15T13:56:34.458080" }, "crowdsecurity/generic-freemarker-ssti": { "name": "crowdsecurity/generic-freemarker-ssti", @@ -43,7 +43,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-28T16:01:19" + "created_at": "2025-10-15T13:56:34.460889" }, "crowdsecurity/generic-wordpress-uploads-listing": { "name": "crowdsecurity/generic-wordpress-uploads-listing", @@ -60,7 +60,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-05T10:33:19" + "created_at": "2025-10-15T13:56:34.464103" }, "crowdsecurity/generic-wordpress-uploads-php": { "name": "crowdsecurity/generic-wordpress-uploads-php", @@ -77,7 +77,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-17T15:50:39" + "created_at": "2025-10-15T13:56:34.466929" }, "crowdsecurity/vpatch-CVE-2002-1131": { "name": "crowdsecurity/vpatch-CVE-2002-1131", @@ -93,7 +93,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-24T16:39:04", + "created_at": "2025-10-15T13:56:34.473386", "cves": [ "CVE-2002-1131" ], @@ -115,7 +115,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:16:13", + "created_at": "2025-10-15T13:56:34.476838", "cves": [ "CVE-2007-0885" ], @@ -138,7 +138,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.479632", "cves": [ "CVE-2017-9841" ], @@ -161,7 +161,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.483018", "cves": [ "CVE-2018-1000861" ], @@ -184,7 +184,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-08T09:24:18", + "created_at": "2025-10-15T13:56:34.486457", "cves": [ "CVE-2018-10562" ], @@ -228,7 +228,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-14T08:43:45", + "created_at": "2025-10-15T13:56:34.489765", "cves": [ "CVE-2018-1207" ], @@ -251,7 +251,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.493294", "cves": [ "CVE-2018-13379" ], @@ -274,7 +274,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.497105", "cves": [ "CVE-2018-20062" ] @@ -294,7 +294,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.500027", "cves": [ "CVE-2019-1003030" ], @@ -317,7 +317,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.503829", "cves": [ "CVE-2019-12989" ], @@ -340,7 +340,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.507271", "cves": [ "CVE-2019-18935" ], @@ -362,7 +362,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-07T10:50:31", + "created_at": "2025-10-15T13:56:34.510093", "cves": [ "CVE-2019-5418" ], @@ -385,7 +385,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.513589", "cves": [ "CVE-2020-11738" ], @@ -408,7 +408,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-22T11:09:51", + "created_at": "2025-10-15T13:56:34.517289", "cves": [ "CVE-2020-17496" ], @@ -430,7 +430,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-25T12:14:33", + "created_at": "2025-10-15T13:56:34.520610", "cves": [ "CVE-2020-25078" ], @@ -453,7 +453,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.523680", "cves": [ "CVE-2020-5902" ], @@ -475,7 +475,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.526953", "cves": [ "CVE-2020-9054" ], @@ -498,7 +498,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.530390", "cves": [ "CVE-2021-22941" ], @@ -521,7 +521,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.533752", "cves": [ "CVE-2021-26086" ] @@ -540,7 +540,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-25T06:54:32", + "created_at": "2025-10-15T13:56:34.537047", "cves": [ "CVE-2021-26294" ], @@ -563,7 +563,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.540231", "cves": [ "CVE-2021-3129" ], @@ -585,7 +585,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T16:14:54", + "created_at": "2025-10-15T13:56:34.543363", "cves": [ "CVE-2021-43798" ], @@ -607,7 +607,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.546610", "cves": [ "CVE-2021-44529" ], @@ -629,7 +629,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:04:11", + "created_at": "2025-10-15T13:56:34.550475", "cves": [ "CVE-2022-1388" ], @@ -652,7 +652,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-19T08:32:53", + "created_at": "2025-10-15T13:56:34.554191", "cves": [ "CVE-2022-22954" ] @@ -672,7 +672,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.556956", "cves": [ "CVE-2022-22965" ], @@ -694,7 +694,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-26T14:44:30", + "created_at": "2025-10-15T13:56:34.560208", "cves": [ "CVE-2022-25488" ], @@ -717,7 +717,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.564064", "cves": [ "CVE-2022-26134" ], @@ -740,7 +740,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.567232", "cves": [ "CVE-2022-27926" ], @@ -762,7 +762,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-08T06:52:22", + "created_at": "2025-10-15T13:56:34.570691", "cves": [ "CVE-2022-31499" ], @@ -785,7 +785,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.573439", "cves": [ "CVE-2022-35914" ], @@ -807,7 +807,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-01T14:30:05", + "created_at": "2025-10-15T13:56:34.576695", "cves": [ "CVE-2022-38627" ], @@ -830,7 +830,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.580117", "cves": [ "CVE-2022-41082" ], @@ -853,7 +853,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.583194", "cves": [ "CVE-2022-44877" ], @@ -876,7 +876,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.586386", "cves": [ "CVE-2022-46169" ], @@ -901,7 +901,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-24T16:35:30", + "created_at": "2025-10-15T13:56:34.589778", "cves": [ "CVE-2023-0297" ], @@ -924,7 +924,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.592763", "cves": [ "CVE-2023-0600" ], @@ -947,7 +947,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.597040", "cves": [ "CVE-2023-0900" ], @@ -970,7 +970,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-16T10:54:35", + "created_at": "2025-10-15T13:56:34.601033", "cves": [ "CVE-2023-1389" ], @@ -993,7 +993,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.604849", "cves": [ "CVE-2023-2009" ], @@ -1016,7 +1016,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.607868", "cves": [ "CVE-2023-20198" ], @@ -1039,7 +1039,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.611372", "cves": [ "CVE-2023-22515" ], @@ -1062,7 +1062,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-05T15:54:31", + "created_at": "2025-10-15T13:56:34.615106", "cves": [ "CVE-2023-22527" ] @@ -1081,7 +1081,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T07:35:54", + "created_at": "2025-10-15T13:56:34.618473", "cves": [ "CVE-2023-23063" ], @@ -1104,7 +1104,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.622128", "cves": [ "CVE-2023-23488" ], @@ -1127,7 +1127,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.625967", "cves": [ "CVE-2023-23489" ], @@ -1150,7 +1150,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.629201", "cves": [ "CVE-2023-23752" ], @@ -1174,7 +1174,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.632923", "cves": [ "CVE-2023-24489" ], @@ -1197,7 +1197,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-16T13:28:14", + "created_at": "2025-10-15T13:56:34.635957", "cves": [ "CVE-2023-28121" ], @@ -1220,7 +1220,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.641203", "cves": [ "CVE-2023-33617" ], @@ -1243,7 +1243,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.645400", "cves": [ "CVE-2023-34362" ], @@ -1266,7 +1266,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-09T14:28:50", + "created_at": "2025-10-15T13:56:34.648525", "cves": [ "CVE-2023-35078" ] @@ -1286,7 +1286,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-09T14:28:50", + "created_at": "2025-10-15T13:56:34.651732", "cves": [ "CVE-2023-35082" ] @@ -1306,7 +1306,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.655491", "cves": [ "CVE-2023-3519" ], @@ -1329,7 +1329,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.658361", "cves": [ "CVE-2023-38205" ], @@ -1352,7 +1352,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.661838", "cves": [ "CVE-2023-40044" ], @@ -1375,7 +1375,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.664552", "cves": [ "CVE-2023-42793" ], @@ -1397,7 +1397,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.667639", "cves": [ "CVE-2023-4634" ], @@ -1420,7 +1420,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-18T17:00:09", + "created_at": "2025-10-15T13:56:34.670619", "cves": [ "CVE-2023-46805", "CVE-2024-21887" @@ -1445,7 +1445,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-18T15:28:39", + "created_at": "2025-10-15T13:56:34.674677", "cves": [ "CVE-2023-47218" ], @@ -1469,7 +1469,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.678813", "cves": [ "CVE-2023-49070" ], @@ -1492,7 +1492,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.681972", "cves": [ "CVE-2023-50164" ], @@ -1514,7 +1514,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T09:15:18", + "created_at": "2025-10-15T13:56:34.685808", "cves": [ "CVE-2023-6000" ], @@ -1537,7 +1537,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.689225", "cves": [ "CVE-2023-6360" ], @@ -1560,7 +1560,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-08T09:42:56", + "created_at": "2025-10-15T13:56:34.692361", "cves": [ "CVE-2023-6553" ], @@ -1583,7 +1583,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.695765", "cves": [ "CVE-2023-6567" ], @@ -1606,7 +1606,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.699706", "cves": [ "CVE-2023-6623" ], @@ -1629,7 +1629,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T10:39:13", + "created_at": "2025-10-15T13:56:34.703297", "cves": [ "CVE-2023-7028" ] @@ -1649,7 +1649,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:34.706154", "cves": [ "CVE-2024-0012" ], @@ -1671,7 +1671,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-25T13:59:26", + "created_at": "2025-10-15T13:56:34.709001", "cves": [ "CVE-2024-0204" ], @@ -1694,7 +1694,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.712424", "cves": [ "CVE-2024-1061" ], @@ -1717,7 +1717,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.716190", "cves": [ "CVE-2024-1071" ], @@ -1740,7 +1740,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-26T08:21:36", + "created_at": "2025-10-15T13:56:34.719401", "cves": [ "CVE-2024-1212" ] @@ -1760,7 +1760,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-26T10:14:34", + "created_at": "2025-10-15T13:56:34.722878", "cves": [ "CVE-2024-22024" ], @@ -1783,7 +1783,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-26T17:01:15", + "created_at": "2025-10-15T13:56:34.726599", "cves": [ "CVE-2024-23897" ], @@ -1806,7 +1806,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-04-19T10:04:54", + "created_at": "2025-10-15T13:56:34.729789", "cves": [ "CVE-2024-27198" ], @@ -1828,7 +1828,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.733007", "cves": [ "CVE-2024-27292" ], @@ -1851,7 +1851,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-08-22T15:02:07", + "created_at": "2025-10-15T13:56:34.736449", "cves": [ "CVE-2024-27348" ], @@ -1873,7 +1873,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.739689", "cves": [ "CVE-2024-27564" ], @@ -1896,7 +1896,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T16:19:55", + "created_at": "2025-10-15T13:56:34.743227", "cves": [ "CVE-2024-27954" ], @@ -1919,7 +1919,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T16:19:55", + "created_at": "2025-10-15T13:56:34.746707", "cves": [ "CVE-2024-27956" ], @@ -1942,7 +1942,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-31T09:07:41", + "created_at": "2025-10-15T13:56:34.750405", "cves": [ "CVE-2024-28255" ], @@ -1965,7 +1965,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.753433", "cves": [ "CVE-2024-28987" ], @@ -1987,7 +1987,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T09:52:11", + "created_at": "2025-10-15T13:56:34.756814", "cves": [ "CVE-2024-29028" ], @@ -2010,7 +2010,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-08-22T15:02:07", + "created_at": "2025-10-15T13:56:34.760147", "cves": [ "CVE-2024-29824" ], @@ -2033,7 +2033,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-06-19T15:51:07", + "created_at": "2025-10-15T13:56:34.764920", "cves": [ "CVE-2024-29849" ] @@ -2053,7 +2053,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.768212", "cves": [ "CVE-2024-29973" ], @@ -2076,7 +2076,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-19T13:56:16", + "created_at": "2025-10-15T13:56:34.771303", "cves": [ "CVE-2024-32113" ], @@ -2099,7 +2099,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-19T13:56:16", + "created_at": "2025-10-15T13:56:34.775183", "cves": [ "CVE-2024-3272" ], @@ -2122,7 +2122,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-08T13:12:35", + "created_at": "2025-10-15T13:56:34.778899", "cves": [ "CVE-2024-3273" ] @@ -2141,7 +2141,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:41:10", + "created_at": "2025-10-15T13:56:34.783296", "cves": [ "CVE-2024-32870" ], @@ -2164,7 +2164,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.788633", "cves": [ "CVE-2024-34102" ], @@ -2187,7 +2187,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-08T14:49:23", + "created_at": "2025-10-15T13:56:34.791720", "cves": [ "CVE-2024-38816" ], @@ -2210,7 +2210,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.795331", "cves": [ "CVE-2024-38856" ], @@ -2233,7 +2233,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T16:30:59", + "created_at": "2025-10-15T13:56:34.798111", "cves": [ "CVE-2024-41713" ], @@ -2257,7 +2257,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-06-10T15:43:47", + "created_at": "2025-10-15T13:56:34.801014", "cves": [ "CVE-2024-4577" ], @@ -2281,7 +2281,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T10:41:01", + "created_at": "2025-10-15T13:56:34.804780", "cves": [ "CVE-2024-46506" ], @@ -2304,7 +2304,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T15:48:37", + "created_at": "2025-10-15T13:56:34.808189", "cves": [ "CVE-2024-51378" ], @@ -2327,7 +2327,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T15:49:31", + "created_at": "2025-10-15T13:56:34.811716", "cves": [ "CVE-2024-51567" ], @@ -2350,7 +2350,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-08T07:57:45", + "created_at": "2025-10-15T13:56:34.814470", "cves": [ "CVE-2024-51977" ], @@ -2373,7 +2373,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-21T08:54:14", + "created_at": "2025-10-15T13:56:34.817189", "cves": [ "CVE-2024-52301" ], @@ -2395,7 +2395,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.819968", "cves": [ "CVE-2024-57727" ], @@ -2418,7 +2418,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-03T13:11:18", + "created_at": "2025-10-15T13:56:34.823220", "cves": [ "CVE-2024-6205" ], @@ -2440,7 +2440,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T15:31:41", + "created_at": "2025-10-15T13:56:34.828855", "cves": [ "CVE-2024-7593" ], @@ -2464,7 +2464,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-23T13:35:04", + "created_at": "2025-10-15T13:56:34.832438", "cves": [ "CVE-2024-8190" ], @@ -2487,7 +2487,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-27T15:54:59", + "created_at": "2025-10-15T13:56:34.835485", "cves": [ "CVE-2024-8963" ], @@ -2510,7 +2510,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T15:48:37", + "created_at": "2025-10-15T13:56:34.839055", "cves": [ "CVE-2024-9465" ], @@ -2533,7 +2533,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:34.842943", "cves": [ "CVE-2024-9474" ], @@ -2555,7 +2555,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-02T13:17:39", + "created_at": "2025-10-15T13:56:34.846200", "cves": [ "CVE-2025-24893" ], @@ -2577,7 +2577,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-07-11T13:14:42", + "created_at": "2025-10-15T13:56:34.849733", "cves": [ "CVE-2025-25257" ], @@ -2585,6 +2585,28 @@ "CWE-89" ] }, + "crowdsecurity/vpatch-CVE-2025-27222": { + "name": "crowdsecurity/vpatch-CVE-2025-27222", + "description": "Detects path traversal in TRUfusion Enterprise via cobrandingImageName parameter in getCobrandingData endpoint.", + "label": "TRUfusion Enterprise - LFI", + "behaviors": [ + "http:exploit" + ], + "mitre_attacks": [ + "TA0005:T1006" + ], + "confidence": 3, + "spoofable": 0, + "cti": true, + "service": "http", + "created_at": "2025-10-15T13:56:34.853327", + "cves": [ + "CVE-2025-27222" + ], + "cwes": [ + "CWE-22" + ] + }, "crowdsecurity/vpatch-CVE-2025-28367": { "name": "crowdsecurity/vpatch-CVE-2025-28367", "description": "Detects directory traversal in mojoPortal BetterImageGallery API Controller (CVE-2025-28367)", @@ -2599,7 +2621,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:39:12", + "created_at": "2025-10-15T13:56:34.856991", "cves": [ "CVE-2025-28367" ], @@ -2621,7 +2643,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-05T09:14:12", + "created_at": "2025-10-15T13:56:34.860359", "cves": [ "CVE-2025-29306" ], @@ -2644,7 +2666,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-24T08:57:28", + "created_at": "2025-10-15T13:56:34.863161", "cves": [ "CVE-2025-29927" ], @@ -2666,7 +2688,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:41:54", + "created_at": "2025-10-15T13:56:34.866953", "cves": [ "CVE-2025-31161" ], @@ -2689,7 +2711,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T11:00:23", + "created_at": "2025-10-15T13:56:34.870747", "cves": [ "CVE-2025-31324" ], @@ -2711,7 +2733,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:38:09", + "created_at": "2025-10-15T13:56:34.874090", "cves": [ "CVE-2025-3248" ], @@ -2733,7 +2755,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T10:35:45", + "created_at": "2025-10-15T13:56:34.877847", "cves": [ "CVE-2025-3605" ], @@ -2755,7 +2777,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-10T14:42:39", + "created_at": "2025-10-15T13:56:34.881121", "cves": [ "CVE-2025-36604" ], @@ -2777,7 +2799,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:22:35", + "created_at": "2025-10-15T13:56:34.884979", "cves": [ "CVE-2025-47812" ], @@ -2799,7 +2821,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-09T16:18:55", + "created_at": "2025-10-15T13:56:34.889357", "cves": [ "CVE-2025-49113" ], @@ -2821,7 +2843,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:26:41", + "created_at": "2025-10-15T13:56:34.892745", "cves": [ "CVE-2025-49132" ], @@ -2843,7 +2865,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:32:38", + "created_at": "2025-10-15T13:56:34.895962", "cves": [ "CVE-2025-52488" ], @@ -2865,7 +2887,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-19T09:43:02", + "created_at": "2025-10-15T13:56:34.899900", "cves": [ "CVE-2025-57819" ], @@ -2887,7 +2909,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-10T08:14:38", + "created_at": "2025-10-15T13:56:34.903907", "cves": [ "CVE-2025-61882" ], @@ -2910,7 +2932,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-21T15:28:33", + "created_at": "2025-10-15T13:56:34.906837", "cves": [ "CVE-2024-1709" ] @@ -2930,7 +2952,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:34.909629" }, "crowdsecurity/vpatch-git-config": { "name": "crowdsecurity/vpatch-git-config", @@ -2946,7 +2968,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-18T15:28:39" + "created_at": "2025-10-15T13:56:34.912383" }, "crowdsecurity/vpatch-laravel-debug-mode": { "name": "crowdsecurity/vpatch-laravel-debug-mode", @@ -2963,7 +2985,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-22T12:24:34", + "created_at": "2025-10-15T13:56:34.915709", "cves": [ "CVE-2017-16894", "CVE-2021-41714", @@ -2985,7 +3007,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-02T14:29:31" + "created_at": "2025-10-15T13:56:34.918796" }, "Dominic-Wagner/vaultwarden-bf": { "name": "Dominic-Wagner/vaultwarden-bf", @@ -3001,7 +3023,7 @@ "spoofable": 0, "cti": true, "service": "vaultwarden", - "created_at": "2022-02-15T13:18:17" + "created_at": "2025-10-15T13:56:34.922718" }, "Dominic-Wagner/vaultwarden-bf_user-enum": { "name": "Dominic-Wagner/vaultwarden-bf_user-enum", @@ -3018,7 +3040,7 @@ "spoofable": 0, "cti": true, "service": "vaultwarden", - "created_at": "2022-02-15T13:18:17" + "created_at": "2025-10-15T13:56:34.924138" }, "Jgigantino31/calibre-web-bf": { "name": "Jgigantino31/calibre-web-bf", @@ -3034,7 +3056,7 @@ "spoofable": 0, "cti": true, "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" + "created_at": "2025-10-15T13:56:34.927862" }, "Jgigantino31/calibre-web-bf_user-enum": { "name": "Jgigantino31/calibre-web-bf_user-enum", @@ -3051,7 +3073,7 @@ "spoofable": 0, "cti": true, "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" + "created_at": "2025-10-15T13:56:34.929250" }, "Jgigantino31/ntfy-bf": { "name": "Jgigantino31/ntfy-bf", @@ -3067,7 +3089,7 @@ "spoofable": 0, "cti": true, "service": "ntfy", - "created_at": "2025-09-30T09:33:37" + "created_at": "2025-10-15T13:56:34.931769" }, "LePresidente/adguardhome-bf": { "name": "LePresidente/adguardhome-bf", @@ -3083,7 +3105,7 @@ "spoofable": 0, "cti": true, "service": "adguardhome", - "created_at": "2023-02-21T11:03:22" + "created_at": "2025-10-15T13:56:34.934329" }, "LePresidente/authelia-bf": { "name": "LePresidente/authelia-bf", @@ -3099,7 +3121,7 @@ "spoofable": 0, "cti": true, "service": "authelia", - "created_at": "2022-02-28T10:24:54" + "created_at": "2025-10-15T13:56:34.938050" }, "LePresidente/authelia-bf_user-enum": { "name": "LePresidente/authelia-bf_user-enum", @@ -3116,7 +3138,7 @@ "spoofable": 0, "cti": true, "service": "authelia", - "created_at": "2022-02-28T10:24:54" + "created_at": "2025-10-15T13:56:34.939484" }, "LePresidente/emby-bf": { "name": "LePresidente/emby-bf", @@ -3132,7 +3154,7 @@ "spoofable": 0, "cti": true, "service": "emby", - "created_at": "2022-02-28T10:11:12" + "created_at": "2025-10-15T13:56:34.942072" }, "LePresidente/gitea-bf": { "name": "LePresidente/gitea-bf", @@ -3148,7 +3170,7 @@ "spoofable": 0, "cti": true, "service": "gitea", - "created_at": "2022-03-30T09:47:59" + "created_at": "2025-10-15T13:56:34.945712" }, "LePresidente/gitea-bf_user-enum": { "name": "LePresidente/gitea-bf_user-enum", @@ -3165,7 +3187,7 @@ "spoofable": 0, "cti": true, "service": "gitea", - "created_at": "2022-03-30T09:47:59" + "created_at": "2025-10-15T13:56:34.947116" }, "LePresidente/grafana-bf": { "name": "LePresidente/grafana-bf", @@ -3181,7 +3203,7 @@ "spoofable": 0, "cti": true, "service": "grafana", - "created_at": "2023-03-16T09:39:52" + "created_at": "2025-10-15T13:56:34.949805" }, "LePresidente/harbor-bf": { "name": "LePresidente/harbor-bf", @@ -3197,7 +3219,7 @@ "spoofable": 0, "cti": true, "service": "harbor", - "created_at": "2023-05-16T15:35:43" + "created_at": "2025-10-15T13:56:34.953615" }, "LePresidente/harbor-bf_user-enum": { "name": "LePresidente/harbor-bf_user-enum", @@ -3214,7 +3236,7 @@ "spoofable": 0, "cti": true, "service": "harbor", - "created_at": "2023-05-16T15:35:43" + "created_at": "2025-10-15T13:56:34.955038" }, "LePresidente/jellyfin-bf": { "name": "LePresidente/jellyfin-bf", @@ -3230,7 +3252,7 @@ "spoofable": 0, "cti": true, "service": "jellyfin", - "created_at": "2023-02-13T11:18:24" + "created_at": "2025-10-15T13:56:34.958733" }, "LePresidente/jellyfin-bf_user-enum": { "name": "LePresidente/jellyfin-bf_user-enum", @@ -3247,7 +3269,7 @@ "spoofable": 0, "cti": true, "service": "jellyfin", - "created_at": "2023-02-13T11:18:24" + "created_at": "2025-10-15T13:56:34.960117" }, "LePresidente/jellyseerr-bf": { "name": "LePresidente/jellyseerr-bf", @@ -3263,7 +3285,7 @@ "spoofable": 0, "cti": true, "service": "jellyseerr", - "created_at": "2022-07-28T16:02:18" + "created_at": "2025-10-15T13:56:34.963789" }, "LePresidente/jellyseerr-bf_user-enum": { "name": "LePresidente/jellyseerr-bf_user-enum", @@ -3280,7 +3302,7 @@ "spoofable": 0, "cti": true, "service": "jellyseerr", - "created_at": "2022-07-28T16:02:18" + "created_at": "2025-10-15T13:56:34.965156" }, "LePresidente/ombi-bf": { "name": "LePresidente/ombi-bf", @@ -3296,7 +3318,7 @@ "spoofable": 0, "cti": true, "service": "ombi", - "created_at": "2022-02-28T10:16:46" + "created_at": "2025-10-15T13:56:34.967727" }, "LePresidente/overseerr-bf": { "name": "LePresidente/overseerr-bf", @@ -3312,7 +3334,7 @@ "spoofable": 0, "cti": true, "service": "overseerr", - "created_at": "2024-01-18T07:37:57" + "created_at": "2025-10-15T13:56:34.971368" }, "LePresidente/overseerr-bf_user-enum": { "name": "LePresidente/overseerr-bf_user-enum", @@ -3329,7 +3351,7 @@ "spoofable": 0, "cti": true, "service": "overseerr", - "created_at": "2024-01-18T07:37:57" + "created_at": "2025-10-15T13:56:34.972877" }, "LePresidente/redmine-bf": { "name": "LePresidente/redmine-bf", @@ -3345,7 +3367,7 @@ "spoofable": 0, "cti": true, "service": "redmine", - "created_at": "2023-03-13T12:00:45" + "created_at": "2025-10-15T13:56:34.976590" }, "LePresidente/redmine-bf_user-enum": { "name": "LePresidente/redmine-bf_user-enum", @@ -3362,7 +3384,7 @@ "spoofable": 0, "cti": true, "service": "redmine", - "created_at": "2023-03-13T12:00:45" + "created_at": "2025-10-15T13:56:34.977978" }, "lepresidente/ssh-bad-keyexchange-bf": { "name": "lepresidente/ssh-bad-keyexchange-bf", @@ -3378,7 +3400,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2023-06-14T14:32:14" + "created_at": "2025-10-15T13:56:34.980651" }, "LearningSpot/baserow-bf": { "name": "LearningSpot/baserow-bf", @@ -3394,7 +3416,7 @@ "spoofable": 0, "cti": true, "service": "baserow", - "created_at": "2025-05-01T11:27:22" + "created_at": "2025-10-15T13:56:34.983206" }, "LearningSpot/dockge-bf": { "name": "LearningSpot/dockge-bf", @@ -3410,7 +3432,7 @@ "spoofable": 0, "cti": true, "service": "dockge", - "created_at": "2025-03-20T08:55:10" + "created_at": "2025-10-15T13:56:34.986802" }, "LearningSpot/dockge_bf_user_enum": { "name": "LearningSpot/dockge_bf_user_enum", @@ -3427,7 +3449,7 @@ "spoofable": 0, "cti": true, "service": "dockge", - "created_at": "2025-03-20T08:55:10" + "created_at": "2025-10-15T13:56:34.988179" }, "LearningSpot/hestiacp-bf": { "name": "LearningSpot/hestiacp-bf", @@ -3443,7 +3465,7 @@ "spoofable": 0, "cti": true, "service": "hestiacp", - "created_at": "2025-05-01T10:24:27" + "created_at": "2025-10-15T13:56:34.991854" }, "LearningSpot/hestiacp-bf-user-enum": { "name": "LearningSpot/hestiacp-bf-user-enum", @@ -3460,7 +3482,7 @@ "spoofable": 0, "cti": true, "service": "hestiacp", - "created_at": "2025-05-01T10:24:27" + "created_at": "2025-10-15T13:56:34.993224" }, "LearningSpot/litellm-bf": { "name": "LearningSpot/litellm-bf", @@ -3476,7 +3498,7 @@ "spoofable": 0, "cti": true, "service": "litellm", - "created_at": "2025-05-01T11:03:17" + "created_at": "2025-10-15T13:56:34.995820" }, "MariuszKociubinski/bitwarden-bf": { "name": "MariuszKociubinski/bitwarden-bf", @@ -3492,7 +3514,7 @@ "spoofable": 0, "cti": true, "service": "bitwarden", - "created_at": "2023-05-10T11:39:42" + "created_at": "2025-10-15T13:56:34.999384" }, "MrShippeR/filebrowser-bf": { "name": "MrShippeR/filebrowser-bf", @@ -3508,7 +3530,7 @@ "spoofable": 0, "cti": true, "service": "filebrowser", - "created_at": "2025-05-01T10:29:44" + "created_at": "2025-10-15T13:56:35.001884" }, "PintjesB/technitium-bf": { "name": "PintjesB/technitium-bf", @@ -3524,7 +3546,7 @@ "spoofable": 0, "cti": true, "service": "technitium", - "created_at": "2025-10-02T10:22:05" + "created_at": "2025-10-15T13:56:35.004450" }, "a1ad/meshcentral-bf": { "name": "a1ad/meshcentral-bf", @@ -3540,7 +3562,7 @@ "spoofable": 0, "cti": true, "service": "meshcentral", - "created_at": "2023-02-13T13:22:34" + "created_at": "2025-10-15T13:56:35.008156" }, "a1ad/meshcentral-bf_user-enum": { "name": "a1ad/meshcentral-bf_user-enum", @@ -3557,7 +3579,7 @@ "spoofable": 0, "cti": true, "service": "meshcentral", - "created_at": "2023-02-13T13:22:34" + "created_at": "2025-10-15T13:56:35.009535" }, "a1ad/mikrotik-bf": { "name": "a1ad/mikrotik-bf", @@ -3573,7 +3595,7 @@ "spoofable": 0, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T13:56:35.013189" }, "a1ad/mikrotik-bf_user-enum": { "name": "a1ad/mikrotik-bf_user-enum", @@ -3590,7 +3612,7 @@ "spoofable": 0, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T13:56:35.014582" }, "a1ad/mikrotik-scan-multi_ports": { "name": "a1ad/mikrotik-scan-multi_ports", @@ -3608,7 +3630,7 @@ "spoofable": 2, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T13:56:35.017233" }, "aidalinfo/couchdb-slow-bf": { "name": "aidalinfo/couchdb-slow-bf", @@ -3622,7 +3644,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T13:56:35.020735" }, "aidalinfo/couchdb-bf": { "name": "aidalinfo/couchdb-bf", @@ -3636,7 +3658,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T13:56:35.022079" }, "aidalinfo/couchdb-crawl": { "name": "aidalinfo/couchdb-crawl", @@ -3652,7 +3674,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T13:56:35.024718" }, "aidalinfo/tcpudp-flood-traefik": { "name": "aidalinfo/tcpudp-flood-traefik", @@ -3666,7 +3688,7 @@ "spoofable": 0, "cti": true, "service": null, - "created_at": "2024-01-18T08:01:59" + "created_at": "2025-10-15T13:56:35.027138" }, "andreasbrett/baikal-bf": { "name": "andreasbrett/baikal-bf", @@ -3682,7 +3704,7 @@ "spoofable": 0, "cti": true, "service": "baikal", - "created_at": "2023-07-05T09:55:56" + "created_at": "2025-10-15T13:56:35.030815" }, "andreasbrett/baikal-bf_user-enum": { "name": "andreasbrett/baikal-bf_user-enum", @@ -3698,7 +3720,7 @@ "spoofable": 0, "cti": true, "service": "baikal", - "created_at": "2023-07-05T09:55:56" + "created_at": "2025-10-15T13:56:35.032163" }, "andreasbrett/paperless-ngx-bf": { "name": "andreasbrett/paperless-ngx-bf", @@ -3714,7 +3736,7 @@ "spoofable": 0, "cti": true, "service": "paperless-ngx", - "created_at": "2023-07-03T10:00:29" + "created_at": "2025-10-15T13:56:35.035918" }, "andreasbrett/paperless-ngx-bf_user-enum": { "name": "andreasbrett/paperless-ngx-bf_user-enum", @@ -3730,7 +3752,7 @@ "spoofable": 0, "cti": true, "service": "paperless-ngx", - "created_at": "2023-07-03T10:00:29" + "created_at": "2025-10-15T13:56:35.037295" }, "andreasbrett/webmin-bf": { "name": "andreasbrett/webmin-bf", @@ -3746,7 +3768,7 @@ "spoofable": 0, "cti": true, "service": "webmin", - "created_at": "2023-08-09T19:16:51" + "created_at": "2025-10-15T13:56:35.040928" }, "andreasbrett/webmin-bf_user-enum": { "name": "andreasbrett/webmin-bf_user-enum", @@ -3762,7 +3784,7 @@ "spoofable": 0, "cti": true, "service": "webmin", - "created_at": "2023-08-09T19:16:51" + "created_at": "2025-10-15T13:56:35.042324" }, "barnoux/crs-anomaly-score": { "name": "barnoux/crs-anomaly-score", @@ -3779,7 +3801,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-03T21:29:58" + "created_at": "2025-10-15T13:56:35.045016" }, "baudneo/gotify-bf": { "name": "baudneo/gotify-bf", @@ -3795,7 +3817,7 @@ "spoofable": 0, "cti": true, "service": "gotify", - "created_at": "2022-03-04T14:05:06" + "created_at": "2025-10-15T13:56:35.047635" }, "baudneo/zoneminder-bf": { "name": "baudneo/zoneminder-bf", @@ -3812,7 +3834,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-03-04T14:05:06" + "created_at": "2025-10-15T13:56:35.052793" }, "baudneo/zoneminder_cve-2022-39285": { "name": "baudneo/zoneminder_cve-2022-39285", @@ -3829,7 +3851,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T13:56:35.055620", "cves": [ "CVE-2022-39285" ] @@ -3849,7 +3871,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T13:56:35.058271", "cves": [ "CVE-2022-39290" ] @@ -3869,7 +3891,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T13:56:35.061314", "cves": [ "CVE-2022-39291" ] @@ -3888,7 +3910,7 @@ "spoofable": 0, "cti": true, "service": "opensearch", - "created_at": "2025-03-19T18:14:43" + "created_at": "2025-10-15T13:56:35.063883" }, "corvese/apache-guacamole_bf": { "name": "corvese/apache-guacamole_bf", @@ -3904,7 +3926,7 @@ "spoofable": 0, "cti": true, "service": "apache-guacamole", - "created_at": "2023-04-06T12:46:40" + "created_at": "2025-10-15T13:56:35.066389" }, "corvese/apache-guacamole_user_enum": { "name": "corvese/apache-guacamole_user_enum", @@ -3921,7 +3943,7 @@ "spoofable": 0, "cti": true, "service": "apache-guacamole", - "created_at": "2023-04-06T12:46:40" + "created_at": "2025-10-15T13:56:35.068985" }, "crowdsecurity/CVE-2017-9841": { "name": "crowdsecurity/CVE-2017-9841", @@ -3938,7 +3960,7 @@ "spoofable": 0, "cti": true, "service": "PHP", - "created_at": "2024-02-26T09:45:44", + "created_at": "2025-10-15T13:56:35.071603", "cves": [ "CVE-2017-9841" ] @@ -3958,7 +3980,7 @@ "spoofable": 0, "cti": true, "service": "telerik", - "created_at": "2023-04-05T13:50:46", + "created_at": "2025-10-15T13:56:35.074197", "cves": [ "CVE-2019-18935" ] @@ -3977,7 +3999,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2022-01-27T12:50:03", + "created_at": "2025-10-15T13:56:35.076772", "cves": [ "CVE-2021-4034" ] @@ -3997,7 +4019,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2022-10-17T15:36:43", + "created_at": "2025-10-15T13:56:35.079373", "cves": [ "CVE-2022-26134" ] @@ -4017,7 +4039,7 @@ "spoofable": 0, "cti": true, "service": "glpi", - "created_at": "2022-10-07T12:19:09", + "created_at": "2025-10-15T13:56:35.081891", "cves": [ "CVE-2022-35914" ] @@ -4037,7 +4059,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2022-08-18T09:37:38", + "created_at": "2025-10-15T13:56:35.084534", "cves": [ "CVE-2022-37042" ] @@ -4056,7 +4078,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2022-10-14T11:48:41", + "created_at": "2025-10-15T13:56:35.087068", "cves": [ "CVE-2022-40684" ] @@ -4076,7 +4098,7 @@ "spoofable": 0, "cti": true, "service": "exchange", - "created_at": "2022-10-01T12:22:22", + "created_at": "2025-10-15T13:56:35.089652", "cves": [ "CVE-2022-41082" ] @@ -4095,7 +4117,7 @@ "spoofable": 0, "cti": true, "service": "ghost", - "created_at": "2022-12-27T14:51:55", + "created_at": "2025-10-15T13:56:35.092254", "cves": [ "CVE-2022-41697" ] @@ -4115,7 +4137,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2022-10-24T10:03:41", + "created_at": "2025-10-15T13:56:35.094924", "cves": [ "CVE-2022-42889" ] @@ -4135,7 +4157,7 @@ "spoofable": 0, "cti": true, "service": "centos", - "created_at": "2023-01-20T14:00:02", + "created_at": "2025-10-15T13:56:35.097517", "cves": [ "CVE-2022-44877" ] @@ -4154,7 +4176,7 @@ "spoofable": 0, "cti": true, "service": "cacti", - "created_at": "2023-01-18T11:13:11", + "created_at": "2025-10-15T13:56:35.101266", "cves": [ "CVE-2022-46169" ] @@ -4174,7 +4196,7 @@ "spoofable": 0, "cti": true, "service": "cacti", - "created_at": "2023-01-18T11:13:11", + "created_at": "2025-10-15T13:56:35.102671", "cves": [ "CVE-2022-46169" ] @@ -4194,7 +4216,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2023-10-06T14:39:30", + "created_at": "2025-10-15T13:56:35.105249", "cves": [ "CVE-2023-22515" ] @@ -4214,7 +4236,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2023-11-06T09:42:38", + "created_at": "2025-10-15T13:56:35.107805", "cves": [ "CVE-2023-22518" ] @@ -4233,7 +4255,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2023-03-31T12:33:19", + "created_at": "2025-10-15T13:56:35.110875", "cves": [ "CVE-2023-23397" ] @@ -4253,7 +4275,7 @@ "spoofable": 1, "cti": true, "service": "owncloud", - "created_at": "2023-11-28T12:43:10", + "created_at": "2025-10-15T13:56:35.113498", "cves": [ "CVE-2023-49103" ] @@ -4272,7 +4294,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-10-05T11:14:30" + "created_at": "2025-10-15T13:56:35.116019" }, "crowdsecurity/CVE-2024-0012": { "name": "crowdsecurity/CVE-2024-0012", @@ -4289,7 +4311,7 @@ "spoofable": 0, "cti": true, "service": "panos", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:35.118764", "cves": [ "CVE-2024-0012" ] @@ -4309,7 +4331,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2024-08-22T13:15:02", + "created_at": "2025-10-15T13:56:35.121551", "cves": [ "CVE-2024-38475" ] @@ -4329,7 +4351,7 @@ "spoofable": 0, "cti": true, "service": "panos", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:35.124319", "cves": [ "CVE-2024-9474" ] @@ -4347,7 +4369,7 @@ "spoofable": 0, "cti": true, "service": "amavis", - "created_at": "2024-03-26T08:37:46" + "created_at": "2025-10-15T13:56:35.127007" }, "crowdsecurity/apache_log4j2_cve-2021-44228": { "name": "crowdsecurity/apache_log4j2_cve-2021-44228", @@ -4364,7 +4386,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-12-10T16:32:21", + "created_at": "2025-10-15T13:56:35.130214", "cves": [ "CVE-2021-44228" ] @@ -4383,7 +4405,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-28T09:34:04" + "created_at": "2025-10-15T13:56:35.135516" }, "crowdsecurity/appsec-vpatch": { "name": "crowdsecurity/appsec-vpatch", @@ -4399,7 +4421,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:35.138247" }, "crowdsecurity/asterisk_bf": { "name": "crowdsecurity/asterisk_bf", @@ -4415,7 +4437,7 @@ "spoofable": 0, "cti": true, "service": "asterisk", - "created_at": "2021-12-22T14:08:32" + "created_at": "2025-10-15T13:56:35.140788" }, "crowdsecurity/asterisk_user_enum": { "name": "crowdsecurity/asterisk_user_enum", @@ -4433,7 +4455,7 @@ "spoofable": 0, "cti": true, "service": "asterisk", - "created_at": "2021-12-22T14:08:32" + "created_at": "2025-10-15T13:56:35.143471" }, "crowdsecurity/auditd-base64-exec-behavior": { "name": "crowdsecurity/auditd-base64-exec-behavior", @@ -4449,7 +4471,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.146404" }, "crowdsecurity/auditd-postexploit-exec-from-net": { "name": "crowdsecurity/auditd-postexploit-exec-from-net", @@ -4465,7 +4487,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.149419" }, "crowdsecurity/auditd-postexploit-pkill": { "name": "crowdsecurity/auditd-postexploit-pkill", @@ -4481,7 +4503,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.152221" }, "crowdsecurity/auditd-postexploit-rm": { "name": "crowdsecurity/auditd-postexploit-rm", @@ -4497,7 +4519,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.155050" }, "crowdsecurity/auditd-suid-crash": { "name": "crowdsecurity/auditd-suid-crash", @@ -4513,7 +4535,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-10-04T16:28:36" + "created_at": "2025-10-15T13:56:35.158336" }, "crowdsecurity/auditd-sus-exec": { "name": "crowdsecurity/auditd-sus-exec", @@ -4529,7 +4551,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.160949" }, "crowdsecurity/aws-cloudtrail-bf-console-login": { "name": "crowdsecurity/aws-cloudtrail-bf-console-login", @@ -4545,7 +4567,7 @@ "spoofable": 0, "cti": true, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.163865" }, "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change": { "name": "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change", @@ -4561,7 +4583,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.166491" }, "crowdsecurity/aws-cis-benchmark-config-config-change": { "name": "crowdsecurity/aws-cis-benchmark-config-config-change", @@ -4577,7 +4599,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.169076" }, "crowdsecurity/aws-cis-benchmark-console-auth-fail": { "name": "crowdsecurity/aws-cis-benchmark-console-auth-fail", @@ -4593,7 +4615,7 @@ "spoofable": 0, "cti": true, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.171493" }, "crowdsecurity/aws-cis-benchmark-iam-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-iam-policy-change", @@ -4609,7 +4631,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.174196" }, "crowdsecurity/aws-cis-benchmark-kms-deletion": { "name": "crowdsecurity/aws-cis-benchmark-kms-deletion", @@ -4625,7 +4647,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.176676" }, "crowdsecurity/aws-cis-benchmark-login-no-mfa": { "name": "crowdsecurity/aws-cis-benchmark-login-no-mfa", @@ -4642,7 +4664,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.179179" }, "crowdsecurity/aws-cis-benchmark-nacl-change": { "name": "crowdsecurity/aws-cis-benchmark-nacl-change", @@ -4658,7 +4680,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.181691" }, "crowdsecurity/aws-cis-benchmark-ngw-change": { "name": "crowdsecurity/aws-cis-benchmark-ngw-change", @@ -4674,7 +4696,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.184218" }, "crowdsecurity/aws-cis-benchmark-root-usage": { "name": "crowdsecurity/aws-cis-benchmark-root-usage", @@ -4691,7 +4713,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.186676" }, "crowdsecurity/aws-cis-benchmark-route-table-change": { "name": "crowdsecurity/aws-cis-benchmark-route-table-change", @@ -4707,7 +4729,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.189193" }, "crowdsecurity/aws-cis-benchmark-s3-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-s3-policy-change", @@ -4723,7 +4745,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.191823" }, "crowdsecurity/aws-cis-benchmark-security-group-change": { "name": "crowdsecurity/aws-cis-benchmark-security-group-change", @@ -4739,7 +4761,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.194329" }, "crowdsecurity/aws-cis-benchmark-unauthorized-call": { "name": "crowdsecurity/aws-cis-benchmark-unauthorized-call", @@ -4755,7 +4777,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.196778" }, "crowdsecurity/aws-cis-benchmark-vpc-change": { "name": "crowdsecurity/aws-cis-benchmark-vpc-change", @@ -4771,7 +4793,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.199377" }, "crowdsecurity/aws-cloudtrail-postexploit": { "name": "crowdsecurity/aws-cloudtrail-postexploit", @@ -4788,7 +4810,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.202787" }, "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login": { "name": "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login", @@ -4804,7 +4826,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.205749" }, "crowdsecurity/configserver-lfd-bf": { "name": "crowdsecurity/configserver-lfd-bf", @@ -4820,7 +4842,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2024-01-05T09:54:29" + "created_at": "2025-10-15T13:56:35.209307" }, "crowdsecurity/cpanel-bf-attempt": { "name": "crowdsecurity/cpanel-bf-attempt", @@ -4836,7 +4858,7 @@ "spoofable": 0, "cti": true, "service": "cpanel", - "created_at": "2022-08-29T15:04:15" + "created_at": "2025-10-15T13:56:35.211724" }, "crowdsecurity/cpanel-bf": { "name": "crowdsecurity/cpanel-bf", @@ -4852,7 +4874,7 @@ "spoofable": 0, "cti": true, "service": "cpanel", - "created_at": "2021-06-28T11:05:18" + "created_at": "2025-10-15T13:56:35.214224" }, "crowdsecurity/crowdsec-appsec-inband": { "name": "crowdsecurity/crowdsec-appsec-inband", @@ -4868,7 +4890,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:35.216898" }, "crowdsecurity/crowdsec-appsec-outofband": { "name": "crowdsecurity/crowdsec-appsec-outofband", @@ -4884,7 +4906,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:35.219815" }, "crowdsecurity/dovecot-spam": { "name": "crowdsecurity/dovecot-spam", @@ -4900,7 +4922,7 @@ "spoofable": 0, "cti": true, "service": "dovecot", - "created_at": "2021-02-17T10:15:15" + "created_at": "2025-10-15T13:56:35.222457" }, "crowdsecurity/endlessh-bf": { "name": "crowdsecurity/endlessh-bf", @@ -4916,7 +4938,7 @@ "spoofable": 0, "cti": true, "service": "endlessh", - "created_at": "2022-02-28T10:07:59" + "created_at": "2025-10-15T13:56:35.225127" }, "crowdsecurity/exchange-bf": { "name": "crowdsecurity/exchange-bf", @@ -4932,7 +4954,7 @@ "spoofable": 0, "cti": true, "service": "exchange", - "created_at": "2022-07-21T08:37:19" + "created_at": "2025-10-15T13:56:35.227683" }, "crowdsecurity/exim-bf": { "name": "crowdsecurity/exim-bf", @@ -4948,7 +4970,7 @@ "spoofable": 0, "cti": true, "service": "smtp", - "created_at": "2023-01-09T16:38:20" + "created_at": "2025-10-15T13:56:35.231325" }, "crowdsecurity/exim-user-bf": { "name": "crowdsecurity/exim-user-bf", @@ -4964,7 +4986,7 @@ "spoofable": 0, "cti": true, "service": "smtp", - "created_at": "2023-01-09T16:38:20" + "created_at": "2025-10-15T13:56:35.232690" }, "crowdsecurity/f5-big-ip-cve-2020-5902": { "name": "crowdsecurity/f5-big-ip-cve-2020-5902", @@ -4981,7 +5003,7 @@ "spoofable": 0, "cti": true, "service": "f5", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.236412", "cves": [ "CVE-2020-5902" ] @@ -5001,7 +5023,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.239095", "cves": [ "CVE-2018-13379" ] @@ -5020,7 +5042,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2024-10-23T14:07:50" + "created_at": "2025-10-15T13:56:35.241713" }, "crowdsecurity/freeswitch-acl-reject": { "name": "crowdsecurity/freeswitch-acl-reject", @@ -5036,7 +5058,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.244226" }, "crowdsecurity/freeswitch-bf": { "name": "crowdsecurity/freeswitch-bf", @@ -5052,7 +5074,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.247857" }, "crowdsecurity/freeswitch-slow-bf": { "name": "crowdsecurity/freeswitch-slow-bf", @@ -5068,7 +5090,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.249220" }, "crowdsecurity/freeswitch-user-enumeration": { "name": "crowdsecurity/freeswitch-user-enumeration", @@ -5084,7 +5106,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.254215" }, "crowdsecurity/grafana-cve-2021-43798": { "name": "crowdsecurity/grafana-cve-2021-43798", @@ -5101,7 +5123,7 @@ "spoofable": 0, "cti": true, "service": "grafana", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.256851", "cves": [ "CVE-2021-43798" ] @@ -5120,7 +5142,7 @@ "spoofable": 0, "cti": true, "service": "home-assistant", - "created_at": "2022-01-28T16:07:26" + "created_at": "2025-10-15T13:56:35.259394" }, "crowdsecurity/http-admin-interface-probing": { "name": "crowdsecurity/http-admin-interface-probing", @@ -5136,7 +5158,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-23T08:34:34" + "created_at": "2025-10-15T13:56:35.262761" }, "crowdsecurity/http-apiscp-bf": { "name": "crowdsecurity/http-apiscp-bf", @@ -5152,7 +5174,7 @@ "spoofable": 0, "cti": true, "service": "apisCP", - "created_at": "2022-07-28T15:22:51" + "created_at": "2025-10-15T13:56:35.265392" }, "crowdsecurity/http-backdoors-attempts": { "name": "crowdsecurity/http-backdoors-attempts", @@ -5168,7 +5190,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-02T11:09:12" + "created_at": "2025-10-15T13:56:35.268251" }, "crowdsecurity/http-bad-user-agent": { "name": "crowdsecurity/http-bad-user-agent", @@ -5184,7 +5206,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-24T18:06:23" + "created_at": "2025-10-15T13:56:35.271432" }, "crowdsecurity/http-bf-wordpress_bf": { "name": "crowdsecurity/http-bf-wordpress_bf", @@ -5200,7 +5222,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.274085" }, "crowdsecurity/http-bf-wordpress_bf_xmlrpc": { "name": "crowdsecurity/http-bf-wordpress_bf_xmlrpc", @@ -5216,7 +5238,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2021-10-04T16:24:05" + "created_at": "2025-10-15T13:56:35.276719" }, "crowdsecurity/http-crawl-non_statics": { "name": "crowdsecurity/http-crawl-non_statics", @@ -5232,7 +5254,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.279573" }, "crowdsecurity/http-cve-2021-41773": { "name": "crowdsecurity/http-cve-2021-41773", @@ -5249,7 +5271,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-10-11T16:09:41", + "created_at": "2025-10-15T13:56:35.282164", "cves": [ "CVE-2021-41773" ] @@ -5269,7 +5291,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-10-12T18:03:32", + "created_at": "2025-10-15T13:56:35.284780", "cves": [ "CVE-2021-42013" ] @@ -5288,7 +5310,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-10T12:21:25" + "created_at": "2025-10-15T13:56:35.287683" }, "crowdsecurity/http-dos-bypass-cache": { "name": "crowdsecurity/http-dos-bypass-cache", @@ -5304,7 +5326,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.290652" }, "crowdsecurity/http-dos-invalid-http-versions": { "name": "crowdsecurity/http-dos-invalid-http-versions", @@ -5320,7 +5342,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.293396" }, "crowdsecurity/http-dos-random-uri": { "name": "crowdsecurity/http-dos-random-uri", @@ -5336,7 +5358,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.296138" }, "crowdsecurity/http-dos-swithcing-ua": { "name": "crowdsecurity/http-dos-swithcing-ua", @@ -5352,7 +5374,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.298868" }, "crowdsecurity/http-generic-bf": { "name": "crowdsecurity/http-generic-bf", @@ -5368,7 +5390,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T13:56:35.303698" }, "LePresidente/http-generic-401-bf": { "name": "LePresidente/http-generic-401-bf", @@ -5384,7 +5406,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T13:56:35.305075" }, "LePresidente/http-generic-403-bf": { "name": "LePresidente/http-generic-403-bf", @@ -5400,7 +5422,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T13:56:35.306499" }, "crowdsecurity/http-generic-test": { "name": "crowdsecurity/http-generic-test", @@ -5412,7 +5434,7 @@ "spoofable": 3, "cti": true, "service": "http", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T13:56:35.308928" }, "crowdsecurity/http-magento-bf": { "name": "crowdsecurity/http-magento-bf", @@ -5428,7 +5450,7 @@ "spoofable": 0, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.311629" }, "crowdsecurity/http-magento-ccs-by-as": { "name": "crowdsecurity/http-magento-ccs-by-as", @@ -5444,7 +5466,7 @@ "spoofable": 3, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.314320" }, "crowdsecurity/http-magento-ccs-by-country": { "name": "crowdsecurity/http-magento-ccs-by-country", @@ -5460,7 +5482,7 @@ "spoofable": 3, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.317003" }, "crowdsecurity/http-magento-ccs": { "name": "crowdsecurity/http-magento-ccs", @@ -5476,7 +5498,7 @@ "spoofable": 0, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.319589" }, "crowdsecurity/http-open-proxy": { "name": "crowdsecurity/http-open-proxy", @@ -5492,7 +5514,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-09-30T09:21:12" + "created_at": "2025-10-15T13:56:35.322244" }, "crowdsecurity/http-path-traversal-probing": { "name": "crowdsecurity/http-path-traversal-probing", @@ -5508,7 +5530,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-01T13:41:04" + "created_at": "2025-10-15T13:56:35.325319" }, "crowdsecurity/http-probing": { "name": "crowdsecurity/http-probing", @@ -5524,7 +5546,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-21T13:21:12" + "created_at": "2025-10-15T13:56:35.328048" }, "crowdsecurity/http-sap-interface-probing": { "name": "crowdsecurity/http-sap-interface-probing", @@ -5540,7 +5562,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-06T11:41:26" + "created_at": "2025-10-15T13:56:35.331032" }, "crowdsecurity/http-sensitive-files": { "name": "crowdsecurity/http-sensitive-files", @@ -5556,7 +5578,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-01T14:48:05" + "created_at": "2025-10-15T13:56:35.334068" }, "crowdsecurity/http-sqli-probbing-detection": { "name": "crowdsecurity/http-sqli-probbing-detection", @@ -5572,7 +5594,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-29T10:32:32" + "created_at": "2025-10-15T13:56:35.337141" }, "crowdsecurity/http-wordpress-scan": { "name": "crowdsecurity/http-wordpress-scan", @@ -5588,7 +5610,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2024-04-22T07:58:44" + "created_at": "2025-10-15T13:56:35.339833" }, "crowdsecurity/http-wordpress_user-enum": { "name": "crowdsecurity/http-wordpress_user-enum", @@ -5606,7 +5628,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2022-02-16T10:27:10" + "created_at": "2025-10-15T13:56:35.342619" }, "crowdsecurity/http-wordpress_wpconfig": { "name": "crowdsecurity/http-wordpress_wpconfig", @@ -5622,7 +5644,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2021-06-10T08:33:07" + "created_at": "2025-10-15T13:56:35.345264" }, "crowdsecurity/http-xss-probbing": { "name": "crowdsecurity/http-xss-probbing", @@ -5638,7 +5660,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-18T08:23:27" + "created_at": "2025-10-15T13:56:35.348356" }, "crowdsecurity/impossible-travel-user": { "name": "crowdsecurity/impossible-travel-user", @@ -5652,7 +5674,7 @@ "spoofable": 0, "cti": true, "service": "authentication", - "created_at": "2023-12-12T09:27:38" + "created_at": "2025-10-15T13:56:35.351237" }, "crowdsecurity/impossible-travel": { "name": "crowdsecurity/impossible-travel", @@ -5666,7 +5688,7 @@ "spoofable": 0, "cti": true, "service": "authentication", - "created_at": "2023-12-12T09:27:38" + "created_at": "2025-10-15T13:56:35.353946" }, "crowdsecurity/iptables-scan-multi_ports": { "name": "crowdsecurity/iptables-scan-multi_ports", @@ -5684,7 +5706,7 @@ "spoofable": 3, "cti": true, "service": null, - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.356594" }, "crowdsecurity/jira_cve-2021-26086": { "name": "crowdsecurity/jira_cve-2021-26086", @@ -5701,7 +5723,7 @@ "spoofable": 0, "cti": true, "service": "jira", - "created_at": "2021-12-13T17:47:03", + "created_at": "2025-10-15T13:56:35.359496", "cves": [ "CVE-2021-26086" ] @@ -5720,7 +5742,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.361957" }, "crowdsecurity/k8s-audit-api-server-bruteforce": { "name": "crowdsecurity/k8s-audit-api-server-bruteforce", @@ -5736,7 +5758,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.364644" }, "crowdsecurity/k8s-audit-pod-exec": { "name": "crowdsecurity/k8s-audit-pod-exec", @@ -5752,7 +5774,7 @@ "spoofable": 0, "cti": false, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.367194" }, "crowdsecurity/k8s-audit-pod-host-network": { "name": "crowdsecurity/k8s-audit-pod-host-network", @@ -5768,7 +5790,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.369776" }, "crowdsecurity/k8s-audit-pod-host-path-volume": { "name": "crowdsecurity/k8s-audit-pod-host-path-volume", @@ -5784,7 +5806,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.372737" }, "crowdsecurity/k8s-audit-privileged-pod-creation": { "name": "crowdsecurity/k8s-audit-privileged-pod-creation", @@ -5800,7 +5822,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.375533" }, "crowdsecurity/k8s-audit-service-account-access-denied": { "name": "crowdsecurity/k8s-audit-service-account-access-denied", @@ -5817,7 +5839,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.378080" }, "crowdsecurity/kasm-bruteforce": { "name": "crowdsecurity/kasm-bruteforce", @@ -5833,7 +5855,7 @@ "spoofable": 0, "cti": true, "service": "kasm", - "created_at": "2023-02-07T13:48:59" + "created_at": "2025-10-15T13:56:35.380710" }, "crowdsecurity/litespeed-admin-bf": { "name": "crowdsecurity/litespeed-admin-bf", @@ -5849,7 +5871,7 @@ "spoofable": 0, "cti": true, "service": "litespeed", - "created_at": "2022-06-10T11:47:55" + "created_at": "2025-10-15T13:56:35.383331" }, "crowdsecurity/mariadb-bf": { "name": "crowdsecurity/mariadb-bf", @@ -5865,7 +5887,7 @@ "spoofable": 0, "cti": true, "service": "mariadb", - "created_at": "2021-12-10T10:32:28" + "created_at": "2025-10-15T13:56:35.385879" }, "crowdsecurity/modsecurity": { "name": "crowdsecurity/modsecurity", @@ -5882,7 +5904,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-14T08:47:54" + "created_at": "2025-10-15T13:56:35.388441" }, "crowdsecurity/mssql-bf": { "name": "crowdsecurity/mssql-bf", @@ -5898,7 +5920,7 @@ "spoofable": 0, "cti": true, "service": "mssql", - "created_at": "2022-01-28T16:50:20" + "created_at": "2025-10-15T13:56:35.390960" }, "crowdsecurity/mysql-bf": { "name": "crowdsecurity/mysql-bf", @@ -5914,7 +5936,7 @@ "spoofable": 0, "cti": true, "service": "mysql", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.393486" }, "crowdsecurity/naxsi-exploit-vpatch": { "name": "crowdsecurity/naxsi-exploit-vpatch", @@ -5931,7 +5953,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.395995" }, "crowdsecurity/netgear_rce": { "name": "crowdsecurity/netgear_rce", @@ -5948,7 +5970,7 @@ "spoofable": 0, "cti": true, "service": "netgear", - "created_at": "2023-06-14T14:40:29", + "created_at": "2025-10-15T13:56:35.398725", "cves": [ "CVE-2024-12847" ] @@ -5967,7 +5989,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T13:56:35.403675" }, "crowdsecurity/nextcloud-bf_user_enum": { "name": "crowdsecurity/nextcloud-bf_user_enum", @@ -5983,7 +6005,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T13:56:35.405034" }, "crowdsecurity/nextcloud-bf_domain_error": { "name": "crowdsecurity/nextcloud-bf_domain_error", @@ -5999,7 +6021,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T13:56:35.406723" }, "crowdsecurity/nginx-req-limit-exceeded": { "name": "crowdsecurity/nginx-req-limit-exceeded", @@ -6015,7 +6037,7 @@ "spoofable": 2, "cti": true, "service": "http", - "created_at": "2022-04-22T08:47:07" + "created_at": "2025-10-15T13:56:35.409342" }, "crowdsecurity/odoo-bf": { "name": "crowdsecurity/odoo-bf", @@ -6031,7 +6053,7 @@ "spoofable": 0, "cti": true, "service": "odoo", - "created_at": "2022-04-11T14:35:05" + "created_at": "2025-10-15T13:56:35.413003" }, "crowdsecurity/odoo_user-enum": { "name": "crowdsecurity/odoo_user-enum", @@ -6047,7 +6069,7 @@ "spoofable": 0, "cti": true, "service": "odoo", - "created_at": "2022-04-11T14:35:05" + "created_at": "2025-10-15T13:56:35.414532" }, "crowdsecurity/opnsense-gui-bf": { "name": "crowdsecurity/opnsense-gui-bf", @@ -6063,7 +6085,7 @@ "spoofable": 0, "cti": true, "service": "opnsense", - "created_at": "2022-01-21T15:38:17" + "created_at": "2025-10-15T13:56:35.417110" }, "crowdsecurity/pfsense-gui-bf": { "name": "crowdsecurity/pfsense-gui-bf", @@ -6079,7 +6101,7 @@ "spoofable": 0, "cti": true, "service": "pfsense", - "created_at": "2023-10-31T11:54:38" + "created_at": "2025-10-15T13:56:35.420463" }, "crowdsecurity/pgsql-bf": { "name": "crowdsecurity/pgsql-bf", @@ -6095,7 +6117,7 @@ "spoofable": 0, "cti": true, "service": "pgsql", - "created_at": "2021-05-25T14:14:18" + "created_at": "2025-10-15T13:56:35.422990" }, "crowdsecurity/pgsql-user-enum": { "name": "crowdsecurity/pgsql-user-enum", @@ -6112,7 +6134,7 @@ "spoofable": 0, "cti": true, "service": "pgsql", - "created_at": "2023-03-21T15:05:50" + "created_at": "2025-10-15T13:56:35.425624" }, "crowdsecurity/postfix-helo-rejected": { "name": "crowdsecurity/postfix-helo-rejected", @@ -6129,7 +6151,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-09-02T09:43:16" + "created_at": "2025-10-15T13:56:35.428392" }, "crowdsecurity/postfix-non-smtp-command": { "name": "crowdsecurity/postfix-non-smtp-command", @@ -6143,7 +6165,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-10-31T13:38:47" + "created_at": "2025-10-15T13:56:35.430779" }, "crowdsecurity/postfix-relay-denied": { "name": "crowdsecurity/postfix-relay-denied", @@ -6160,7 +6182,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-09-02T09:43:16" + "created_at": "2025-10-15T13:56:35.433538" }, "crowdsecurity/proftpd-bf": { "name": "crowdsecurity/proftpd-bf", @@ -6176,7 +6198,7 @@ "spoofable": 0, "cti": true, "service": "proftpd", - "created_at": "2021-12-15T11:30:11" + "created_at": "2025-10-15T13:56:35.438203" }, "crowdsecurity/proftpd-bf_user-enum": { "name": "crowdsecurity/proftpd-bf_user-enum", @@ -6193,7 +6215,7 @@ "spoofable": 0, "cti": true, "service": "proftpd", - "created_at": "2021-12-15T11:30:11" + "created_at": "2025-10-15T13:56:35.440807" }, "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510": { "name": "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510", @@ -6209,7 +6231,7 @@ "spoofable": 0, "cti": true, "service": "pulse-secure", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.443443", "cves": [ "CVE-2019-11510" ] @@ -6228,7 +6250,7 @@ "spoofable": 0, "cti": true, "service": "sabnzbd", - "created_at": "2024-07-22T11:40:20" + "created_at": "2025-10-15T13:56:35.447072" }, "crowdsecurity/sabnzbd-slow-bf": { "name": "crowdsecurity/sabnzbd-slow-bf", @@ -6244,7 +6266,7 @@ "spoofable": 0, "cti": true, "service": "sabnzbd", - "created_at": "2024-07-22T11:40:20" + "created_at": "2025-10-15T13:56:35.448444" }, "crowdsecurity/smb-bf": { "name": "crowdsecurity/smb-bf", @@ -6260,7 +6282,7 @@ "spoofable": 0, "cti": true, "service": "smb", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.450912" }, "crowdsecurity/spring4shell_cve-2022-22965": { "name": "crowdsecurity/spring4shell_cve-2022-22965", @@ -6276,7 +6298,7 @@ "spoofable": 0, "cti": true, "service": "spring", - "created_at": "2022-04-09T11:23:37", + "created_at": "2025-10-15T13:56:35.453431", "cves": [ "CVE-2022-22965" ] @@ -6295,7 +6317,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.457864" }, "crowdsecurity/ssh-bf_user-enum": { "name": "crowdsecurity/ssh-bf_user-enum", @@ -6311,7 +6333,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.459340" }, "crowdsecurity/ssh-cve-2024-6387": { "name": "crowdsecurity/ssh-cve-2024-6387", @@ -6327,7 +6349,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2024-07-01T11:57:38", + "created_at": "2025-10-15T13:56:35.462017", "cves": [ "CVE-2024-6387" ] @@ -6346,7 +6368,7 @@ "spoofable": 3, "cti": true, "service": "ssh", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T13:56:35.464543" }, "crowdsecurity/ssh-refused-conn": { "name": "crowdsecurity/ssh-refused-conn", @@ -6362,7 +6384,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2025-05-14T09:30:59" + "created_at": "2025-10-15T13:56:35.467030" }, "crowdsecurity/ssh-slow-bf": { "name": "crowdsecurity/ssh-slow-bf", @@ -6378,7 +6400,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2021-09-27T15:17:49" + "created_at": "2025-10-15T13:56:35.470823" }, "crowdsecurity/ssh-slow-bf_user-enum": { "name": "crowdsecurity/ssh-slow-bf_user-enum", @@ -6394,7 +6416,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2021-09-27T15:17:49" + "created_at": "2025-10-15T13:56:35.472176" }, "crowdsecurity/stirling-pdf-bf": { "name": "crowdsecurity/stirling-pdf-bf", @@ -6410,7 +6432,7 @@ "spoofable": 0, "cti": true, "service": "stirling-pdf", - "created_at": "2024-10-23T13:40:37" + "created_at": "2025-10-15T13:56:35.474772" }, "crowdsecurity/suricata-major-severity": { "name": "crowdsecurity/suricata-major-severity", @@ -6427,7 +6449,7 @@ "spoofable": 3, "cti": true, "service": "suricata", - "created_at": "2022-07-13T07:05:09" + "created_at": "2025-10-15T13:56:35.478593" }, "crowdsecurity/suricata-high-medium-severity": { "name": "crowdsecurity/suricata-high-medium-severity", @@ -6444,7 +6466,7 @@ "spoofable": 3, "cti": true, "service": "suricata", - "created_at": "2022-07-13T07:05:09" + "created_at": "2025-10-15T13:56:35.479972" }, "crowdsecurity/synology-dsm-bf": { "name": "crowdsecurity/synology-dsm-bf", @@ -6460,7 +6482,7 @@ "spoofable": 0, "cti": true, "service": "synology_dsm", - "created_at": "2022-02-15T15:53:08" + "created_at": "2025-10-15T13:56:35.482543" }, "crowdsecurity/teamspeak3-bf": { "name": "crowdsecurity/teamspeak3-bf", @@ -6476,7 +6498,7 @@ "spoofable": 0, "cti": true, "service": "teamspeak3", - "created_at": "2022-12-29T15:22:40" + "created_at": "2025-10-15T13:56:35.485061" }, "crowdsecurity/teleport-bf": { "name": "crowdsecurity/teleport-bf", @@ -6490,7 +6512,7 @@ "spoofable": 0, "cti": true, "service": "teleport", - "created_at": "2024-01-29T13:40:10" + "created_at": "2025-10-15T13:56:35.488715" }, "crowdsecurity/teleport-slow-bf": { "name": "crowdsecurity/teleport-slow-bf", @@ -6504,7 +6526,7 @@ "spoofable": 0, "cti": true, "service": "teleport", - "created_at": "2024-01-29T13:40:10" + "created_at": "2025-10-15T13:56:35.490085" }, "crowdsecurity/telnet-bf": { "name": "crowdsecurity/telnet-bf", @@ -6520,7 +6542,7 @@ "spoofable": 0, "cti": true, "service": "telnet", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.492590" }, "crowdsecurity/thehive-bf": { "name": "crowdsecurity/thehive-bf", @@ -6536,7 +6558,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2022-10-21T12:27:41" + "created_at": "2025-10-15T13:56:35.495178" }, "crowdsecurity/thinkphp-cve-2018-20062": { "name": "crowdsecurity/thinkphp-cve-2018-20062", @@ -6553,7 +6575,7 @@ "spoofable": 0, "cti": true, "service": "thinkphp", - "created_at": "2021-12-10T15:59:24", + "created_at": "2025-10-15T13:56:35.498310", "cves": [ "CVE-2018-20062" ] @@ -6573,7 +6595,7 @@ "spoofable": 0, "cti": true, "service": "vmware", - "created_at": "2022-04-13T15:39:38", + "created_at": "2025-10-15T13:56:35.500960", "cves": [ "CVE-2022-22954" ] @@ -6593,7 +6615,7 @@ "spoofable": 0, "cti": true, "service": "vmware", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.503569", "cves": [ "CVE-2021-0027" ] @@ -6612,7 +6634,7 @@ "spoofable": 0, "cti": true, "service": "vsftpd", - "created_at": "2020-05-13T07:52:02" + "created_at": "2025-10-15T13:56:35.506055" }, "crowdsecurity/CVE-2022-30190-msdt": { "name": "crowdsecurity/CVE-2022-30190-msdt", @@ -6629,7 +6651,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2022-07-21T08:48:09", + "created_at": "2025-10-15T13:56:35.508787", "cves": [ "CVE-2022-30190" ] @@ -6648,7 +6670,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2022-01-25T09:07:17" + "created_at": "2025-10-15T13:56:35.511332" }, "crowdsecurity/wireguard-auth": { "name": "crowdsecurity/wireguard-auth", @@ -6664,7 +6686,7 @@ "spoofable": 0, "cti": true, "service": "wireguard", - "created_at": "2023-08-11T15:12:59" + "created_at": "2025-10-15T13:56:35.513847" }, "darkclip/charon-ipsec-bf": { "name": "darkclip/charon-ipsec-bf", @@ -6680,7 +6702,7 @@ "spoofable": 0, "cti": true, "service": "charon_ipsec", - "created_at": "2024-02-26T14:13:43" + "created_at": "2025-10-15T13:56:35.518838" }, "firewallservices/lemonldap-ng-bf": { "name": "firewallservices/lemonldap-ng-bf", @@ -6696,7 +6718,7 @@ "spoofable": 0, "cti": true, "service": "ldap", - "created_at": "2021-03-11T14:22:58" + "created_at": "2025-10-15T13:56:35.522605" }, "firewallservices/lemonldap-ng-user-enum": { "name": "firewallservices/lemonldap-ng-user-enum", @@ -6713,7 +6735,7 @@ "spoofable": 0, "cti": true, "service": "ldap", - "created_at": "2021-03-11T14:22:58" + "created_at": "2025-10-15T13:56:35.523973" }, "firewallservices/pf-scan-multi_ports": { "name": "firewallservices/pf-scan-multi_ports", @@ -6731,7 +6753,7 @@ "spoofable": 3, "cti": true, "service": "tcp", - "created_at": "2021-05-11T09:28:41" + "created_at": "2025-10-15T13:56:35.526673" }, "firewallservices/zimbra-bf": { "name": "firewallservices/zimbra-bf", @@ -6747,7 +6769,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2021-03-08T10:51:39" + "created_at": "2025-10-15T13:56:35.530376" }, "firewallservices/zimbra-user-enum": { "name": "firewallservices/zimbra-user-enum", @@ -6764,7 +6786,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2021-03-08T10:51:39" + "created_at": "2025-10-15T13:56:35.531733" }, "firix/authentik-bf": { "name": "firix/authentik-bf", @@ -6780,7 +6802,7 @@ "spoofable": 0, "cti": true, "service": "authentik", - "created_at": "2023-10-20T08:05:42" + "created_at": "2025-10-15T13:56:35.535424" }, "firix/authentik-bf_user-enum": { "name": "firix/authentik-bf_user-enum", @@ -6797,7 +6819,7 @@ "spoofable": 0, "cti": true, "service": "authentik", - "created_at": "2023-10-20T08:05:42" + "created_at": "2025-10-15T13:56:35.536802" }, "fulljackz/proxmox-bf": { "name": "fulljackz/proxmox-bf", @@ -6813,7 +6835,7 @@ "spoofable": 0, "cti": true, "service": "vm-management", - "created_at": "2022-01-19T14:51:02" + "created_at": "2025-10-15T13:56:35.540548" }, "fulljackz/proxmox-bf-user-enum": { "name": "fulljackz/proxmox-bf-user-enum", @@ -6830,7 +6852,7 @@ "spoofable": 0, "cti": true, "service": "vm-management", - "created_at": "2022-01-19T14:51:02" + "created_at": "2025-10-15T13:56:35.541927" }, "fulljackz/pureftpd-bf": { "name": "fulljackz/pureftpd-bf", @@ -6846,7 +6868,7 @@ "spoofable": 0, "cti": true, "service": "ftp", - "created_at": "2022-01-13T13:11:29" + "created_at": "2025-10-15T13:56:35.544694" }, "gauth-fr/immich-bf": { "name": "gauth-fr/immich-bf", @@ -6862,7 +6884,7 @@ "spoofable": 0, "cti": true, "service": "immich", - "created_at": "2023-08-04T08:06:05" + "created_at": "2025-10-15T13:56:35.548480" }, "gauth-fr/immich-bf_user-enum": { "name": "gauth-fr/immich-bf_user-enum", @@ -6878,7 +6900,7 @@ "spoofable": 0, "cti": true, "service": "immich", - "created_at": "2023-08-04T08:06:05" + "created_at": "2025-10-15T13:56:35.549880" }, "hitech95/email-generic-bf": { "name": "hitech95/email-generic-bf", @@ -6894,7 +6916,7 @@ "spoofable": 0, "cti": true, "service": "pop3/imap", - "created_at": "2022-04-20T13:31:56" + "created_at": "2025-10-15T13:56:35.553646" }, "hitech95/email-user-bf": { "name": "hitech95/email-user-bf", @@ -6911,7 +6933,7 @@ "spoofable": 0, "cti": true, "service": "pop3/imap", - "created_at": "2022-04-20T13:31:56" + "created_at": "2025-10-15T13:56:35.555014" }, "inherent-io/keycloak-bf": { "name": "inherent-io/keycloak-bf", @@ -6927,7 +6949,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.558834" }, "inherent-io/keycloak-user-enum-bf": { "name": "inherent-io/keycloak-user-enum-bf", @@ -6943,7 +6965,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.560199" }, "inherent-io/keycloak-slow-bf": { "name": "inherent-io/keycloak-slow-bf", @@ -6959,7 +6981,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.563970" }, "inherent-io/keycloak-user-enum-slow-bf": { "name": "inherent-io/keycloak-user-enum-slow-bf", @@ -6975,7 +6997,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.565343" }, "jbowdre/miniflux-bf": { "name": "jbowdre/miniflux-bf", @@ -6991,7 +7013,7 @@ "spoofable": 0, "cti": true, "service": "miniflux", - "created_at": "2024-01-16T10:54:20" + "created_at": "2025-10-15T13:56:35.568918" }, "jbowdre/miniflux-bf_user-enum": { "name": "jbowdre/miniflux-bf_user-enum", @@ -7007,7 +7029,7 @@ "spoofable": 0, "cti": true, "service": "miniflux", - "created_at": "2024-01-16T10:54:20" + "created_at": "2025-10-15T13:56:35.570301" }, "jusabatier/apereo-cas-bf": { "name": "jusabatier/apereo-cas-bf", @@ -7023,7 +7045,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.574126" }, "jusabatier/apereo-cas-bf_user-enum": { "name": "jusabatier/apereo-cas-bf_user-enum", @@ -7040,7 +7062,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.575525" }, "jusabatier/cas-slow-bf": { "name": "jusabatier/cas-slow-bf", @@ -7056,7 +7078,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.579365" }, "jusabatier/cas-slow-bf_user-enum": { "name": "jusabatier/cas-slow-bf_user-enum", @@ -7073,7 +7095,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.580743" }, "jusabatier/apereo-cas-slow-bf": { "name": "jusabatier/apereo-cas-slow-bf", @@ -7090,7 +7112,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.584621" }, "jusabatier/apereo-cas-slow-bf_user-enum": { "name": "jusabatier/apereo-cas-slow-bf_user-enum", @@ -7107,7 +7129,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.585997" }, "lourys/pterodactyl-wings-bf": { "name": "lourys/pterodactyl-wings-bf", @@ -7123,7 +7145,7 @@ "spoofable": 0, "cti": true, "service": "pterodactyl", - "created_at": "2022-07-28T12:39:51" + "created_at": "2025-10-15T13:56:35.593560" }, "ltsich/http-w00tw00t": { "name": "ltsich/http-w00tw00t", @@ -7139,7 +7161,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-02-02T13:15:35" + "created_at": "2025-10-15T13:56:35.596169" }, "mstilkerich/bind9-refused": { "name": "mstilkerich/bind9-refused", @@ -7155,7 +7177,7 @@ "spoofable": 0, "cti": true, "service": "domain", - "created_at": "2022-11-21T12:14:27" + "created_at": "2025-10-15T13:56:35.598745" }, "mwinters-stuff/mailu-admin-bf": { "name": "mwinters-stuff/mailu-admin-bf", @@ -7171,7 +7193,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-05T13:50:17" + "created_at": "2025-10-15T13:56:35.601195" }, "openappsec/openappsec-bot-protection": { "name": "openappsec/openappsec-bot-protection", @@ -7188,7 +7210,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.603778" }, "openappsec/openappsec-cross-site-redirect": { "name": "openappsec/openappsec-cross-site-redirect", @@ -7204,7 +7226,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.606400" }, "openappsec/openappsec-csrf": { "name": "openappsec/openappsec-csrf", @@ -7220,7 +7242,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.608942" }, "openappsec/openappsec-error-disclosure": { "name": "openappsec/openappsec-error-disclosure", @@ -7237,7 +7259,7 @@ "spoofable": 1, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.611530" }, "openappsec/openappsec-error-limit": { "name": "openappsec/openappsec-error-limit", @@ -7254,7 +7276,7 @@ "spoofable": 1, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.614102" }, "openappsec/openappsec-evasion-techniques": { "name": "openappsec/openappsec-evasion-techniques", @@ -7271,7 +7293,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.616729" }, "openappsec/openappsec-general": { "name": "openappsec/openappsec-general", @@ -7288,7 +7310,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.619318" }, "openappsec/openappsec-http-limit-violation": { "name": "openappsec/openappsec-http-limit-violation", @@ -7305,7 +7327,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.621900" }, "openappsec/openappsec-http-method-violation": { "name": "openappsec/openappsec-http-method-violation", @@ -7322,7 +7344,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.624509" }, "openappsec/openappsec-ldap-injection": { "name": "openappsec/openappsec-ldap-injection", @@ -7339,7 +7361,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.627131" }, "openappsec/openappsec-open-redirect": { "name": "openappsec/openappsec-open-redirect", @@ -7356,7 +7378,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.629847" }, "openappsec/openappsec-path-traversal": { "name": "openappsec/openappsec-path-traversal", @@ -7373,7 +7395,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.632612" }, "openappsec/openappsec-probing": { "name": "openappsec/openappsec-probing", @@ -7390,7 +7412,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.635352" }, "openappsec/openappsec-rce": { "name": "openappsec/openappsec-rce", @@ -7407,7 +7429,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.638111" }, "openappsec/openappsec-request-rate-limit": { "name": "openappsec/openappsec-request-rate-limit", @@ -7423,7 +7445,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.640770" }, "openappsec/openappsec-schema-validation": { "name": "openappsec/openappsec-schema-validation", @@ -7439,7 +7461,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.643371" }, "openappsec/openappsec-sql-injection": { "name": "openappsec/openappsec-sql-injection", @@ -7456,7 +7478,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.645986" }, "openappsec/openappsec-url-instead-of-file": { "name": "openappsec/openappsec-url-instead-of-file", @@ -7473,7 +7495,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.648675" }, "openappsec/openappsec-xss": { "name": "openappsec/openappsec-xss", @@ -7491,7 +7513,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.651336" }, "openappsec/openappsec-xxe": { "name": "openappsec/openappsec-xxe", @@ -7508,7 +7530,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.654006" }, "plague-doctor/audiobookshelf-bf": { "name": "plague-doctor/audiobookshelf-bf", @@ -7524,7 +7546,7 @@ "spoofable": 0, "cti": true, "service": "audiobookshelf", - "created_at": "2024-11-15T09:28:37" + "created_at": "2025-10-15T13:56:35.656630" }, "pserranoa/openvpn-bf": { "name": "pserranoa/openvpn-bf", @@ -7538,7 +7560,7 @@ "spoofable": 0, "cti": true, "service": "openvpn", - "created_at": "2024-12-17T09:50:08" + "created_at": "2025-10-15T13:56:35.659489" }, "schiz0phr3ne/prowlarr-bf": { "name": "schiz0phr3ne/prowlarr-bf", @@ -7554,7 +7576,7 @@ "spoofable": 0, "cti": true, "service": "prowlarr", - "created_at": "2022-10-28T12:44:47" + "created_at": "2025-10-15T13:56:35.663358" }, "schiz0phr3ne/prowlarr-bf_user-enum": { "name": "schiz0phr3ne/prowlarr-bf_user-enum", @@ -7571,7 +7593,7 @@ "spoofable": 0, "cti": true, "service": "prowlarr", - "created_at": "2022-10-28T12:44:47" + "created_at": "2025-10-15T13:56:35.664778" }, "schiz0phr3ne/radarr-bf": { "name": "schiz0phr3ne/radarr-bf", @@ -7587,7 +7609,7 @@ "spoofable": 0, "cti": true, "service": "radarr", - "created_at": "2022-10-28T12:43:07" + "created_at": "2025-10-15T13:56:35.668640" }, "schiz0phr3ne/radarr-bf_user-enum": { "name": "schiz0phr3ne/radarr-bf_user-enum", @@ -7604,7 +7626,7 @@ "spoofable": 0, "cti": true, "service": "radarr", - "created_at": "2022-10-28T12:43:07" + "created_at": "2025-10-15T13:56:35.670068" }, "schiz0phr3ne/sonarr-bf": { "name": "schiz0phr3ne/sonarr-bf", @@ -7620,7 +7642,7 @@ "spoofable": 0, "cti": true, "service": "sonarr", - "created_at": "2022-10-31T18:37:18" + "created_at": "2025-10-15T13:56:35.673896" }, "schiz0phr3ne/sonarr-bf_user-enum": { "name": "schiz0phr3ne/sonarr-bf_user-enum", @@ -7637,7 +7659,7 @@ "spoofable": 0, "cti": true, "service": "sonarr", - "created_at": "2022-10-31T18:37:18" + "created_at": "2025-10-15T13:56:35.675410" }, "sdwilsh/navidrome-bf": { "name": "sdwilsh/navidrome-bf", @@ -7653,7 +7675,7 @@ "spoofable": 0, "cti": true, "service": "navidrome", - "created_at": "2025-03-13T10:01:55" + "created_at": "2025-10-15T13:56:35.678077" }, "sigmahq/proc_creation_win_addinutil_suspicious_cmdline": { "name": "sigmahq/proc_creation_win_addinutil_suspicious_cmdline", @@ -7665,7 +7687,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.681142" }, "sigmahq/proc_creation_win_adplus_memory_dump": { "name": "sigmahq/proc_creation_win_adplus_memory_dump", @@ -7677,7 +7699,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.683994" }, "sigmahq/proc_creation_win_agentexecutor_susp_usage": { "name": "sigmahq/proc_creation_win_agentexecutor_susp_usage", @@ -7689,7 +7711,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.686824" }, "sigmahq/proc_creation_win_aspnet_compiler_susp_child_process": { "name": "sigmahq/proc_creation_win_aspnet_compiler_susp_child_process", @@ -7701,7 +7723,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.689631" }, "sigmahq/proc_creation_win_aspnet_compiler_susp_paths": { "name": "sigmahq/proc_creation_win_aspnet_compiler_susp_paths", @@ -7713,7 +7735,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.692433" }, "sigmahq/proc_creation_win_at_interactive_execution": { "name": "sigmahq/proc_creation_win_at_interactive_execution", @@ -7725,7 +7747,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.695060" }, "sigmahq/proc_creation_win_attrib_system_susp_paths": { "name": "sigmahq/proc_creation_win_attrib_system_susp_paths", @@ -7737,7 +7759,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.698050" }, "sigmahq/proc_creation_win_auditpol_nt_resource_kit_usage": { "name": "sigmahq/proc_creation_win_auditpol_nt_resource_kit_usage", @@ -7749,7 +7771,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.700855" }, "sigmahq/proc_creation_win_auditpol_susp_execution": { "name": "sigmahq/proc_creation_win_auditpol_susp_execution", @@ -7761,7 +7783,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.703603" }, "sigmahq/proc_creation_win_bcdedit_boot_conf_tamper": { "name": "sigmahq/proc_creation_win_bcdedit_boot_conf_tamper", @@ -7773,7 +7795,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.706339" }, "sigmahq/proc_creation_win_bginfo_suspicious_child_process": { "name": "sigmahq/proc_creation_win_bginfo_suspicious_child_process", @@ -7785,7 +7807,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.709434" }, "sigmahq/proc_creation_win_bitsadmin_download_direct_ip": { "name": "sigmahq/proc_creation_win_bitsadmin_download_direct_ip", @@ -7797,7 +7819,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.712540" }, "sigmahq/proc_creation_win_bitsadmin_download_susp_extensions": { "name": "sigmahq/proc_creation_win_bitsadmin_download_susp_extensions", @@ -7809,7 +7831,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.716003" }, "sigmahq/proc_creation_win_bitsadmin_download_susp_targetfolder": { "name": "sigmahq/proc_creation_win_bitsadmin_download_susp_targetfolder", @@ -7821,7 +7843,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.719143" }, "sigmahq/proc_creation_win_browsers_chromium_headless_debugging": { "name": "sigmahq/proc_creation_win_browsers_chromium_headless_debugging", @@ -7833,7 +7855,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.721945" }, "sigmahq/proc_creation_win_browsers_chromium_headless_file_download": { "name": "sigmahq/proc_creation_win_browsers_chromium_headless_file_download", @@ -7845,7 +7867,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.724753" }, "sigmahq/proc_creation_win_browsers_chromium_mockbin_abuse": { "name": "sigmahq/proc_creation_win_browsers_chromium_mockbin_abuse", @@ -7857,7 +7879,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.727481" }, "sigmahq/proc_creation_win_browsers_chromium_susp_load_extension": { "name": "sigmahq/proc_creation_win_browsers_chromium_susp_load_extension", @@ -7869,7 +7891,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.730372" }, "sigmahq/proc_creation_win_browsers_tor_execution": { "name": "sigmahq/proc_creation_win_browsers_tor_execution", @@ -7881,7 +7903,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.732980" }, "sigmahq/proc_creation_win_calc_uncommon_exec": { "name": "sigmahq/proc_creation_win_calc_uncommon_exec", @@ -7893,7 +7915,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.735732" }, "sigmahq/proc_creation_win_certoc_download_direct_ip": { "name": "sigmahq/proc_creation_win_certoc_download_direct_ip", @@ -7905,7 +7927,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.738408" }, "sigmahq/proc_creation_win_certoc_load_dll_susp_locations": { "name": "sigmahq/proc_creation_win_certoc_load_dll_susp_locations", @@ -7917,7 +7939,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.741285" }, "sigmahq/proc_creation_win_certutil_download_direct_ip": { "name": "sigmahq/proc_creation_win_certutil_download_direct_ip", @@ -7929,7 +7951,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.744115" }, "sigmahq/proc_creation_win_certutil_ntlm_coercion": { "name": "sigmahq/proc_creation_win_certutil_ntlm_coercion", @@ -7941,7 +7963,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.746784" }, "sigmahq/proc_creation_win_citrix_trolleyexpress_procdump": { "name": "sigmahq/proc_creation_win_citrix_trolleyexpress_procdump", @@ -7953,7 +7975,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.749670" }, "sigmahq/proc_creation_win_cmd_assoc_tamper_exe_file_association": { "name": "sigmahq/proc_creation_win_cmd_assoc_tamper_exe_file_association", @@ -7965,7 +7987,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.752532" }, "sigmahq/proc_creation_win_cmd_copy_dmp_from_share": { "name": "sigmahq/proc_creation_win_cmd_copy_dmp_from_share", @@ -7977,7 +7999,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.755145" }, "sigmahq/proc_creation_win_cmd_curl_download_exec_combo": { "name": "sigmahq/proc_creation_win_cmd_curl_download_exec_combo", @@ -7989,7 +8011,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.758014" }, "sigmahq/proc_creation_win_cmd_mklink_osk_cmd": { "name": "sigmahq/proc_creation_win_cmd_mklink_osk_cmd", @@ -8001,7 +8023,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.760756" }, "sigmahq/proc_creation_win_cmd_mklink_shadow_copies_access_symlink": { "name": "sigmahq/proc_creation_win_cmd_mklink_shadow_copies_access_symlink", @@ -8013,7 +8035,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.763428" }, "sigmahq/proc_creation_win_cmd_net_use_and_exec_combo": { "name": "sigmahq/proc_creation_win_cmd_net_use_and_exec_combo", @@ -8025,7 +8047,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.766231" }, "sigmahq/proc_creation_win_cmd_no_space_execution": { "name": "sigmahq/proc_creation_win_cmd_no_space_execution", @@ -8037,7 +8059,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.769594" }, "sigmahq/proc_creation_win_cmd_ntdllpipe_redirect": { "name": "sigmahq/proc_creation_win_cmd_ntdllpipe_redirect", @@ -8049,7 +8071,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.772205" }, "sigmahq/proc_creation_win_cmd_path_traversal": { "name": "sigmahq/proc_creation_win_cmd_path_traversal", @@ -8061,7 +8083,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.775026" }, "sigmahq/proc_creation_win_cmd_ping_del_combined_execution": { "name": "sigmahq/proc_creation_win_cmd_ping_del_combined_execution", @@ -8073,7 +8095,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.777921" }, "sigmahq/proc_creation_win_cmd_shadowcopy_access": { "name": "sigmahq/proc_creation_win_cmd_shadowcopy_access", @@ -8085,7 +8107,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.780615" }, "sigmahq/proc_creation_win_cmd_sticky_key_like_backdoor_execution": { "name": "sigmahq/proc_creation_win_cmd_sticky_key_like_backdoor_execution", @@ -8097,7 +8119,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.783530" }, "sigmahq/proc_creation_win_cmd_sticky_keys_replace": { "name": "sigmahq/proc_creation_win_cmd_sticky_keys_replace", @@ -8109,7 +8131,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.786409" }, "sigmahq/proc_creation_win_cmdkey_recon": { "name": "sigmahq/proc_creation_win_cmdkey_recon", @@ -8121,7 +8143,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.789302" }, "sigmahq/proc_creation_win_cmstp_execution_by_creation": { "name": "sigmahq/proc_creation_win_cmstp_execution_by_creation", @@ -8133,7 +8155,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.791938" }, "sigmahq/proc_creation_win_conhost_path_traversal": { "name": "sigmahq/proc_creation_win_conhost_path_traversal", @@ -8145,7 +8167,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.794618" }, "sigmahq/proc_creation_win_control_panel_item": { "name": "sigmahq/proc_creation_win_control_panel_item", @@ -8157,7 +8179,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.797467" }, "sigmahq/proc_creation_win_createdump_lolbin_execution": { "name": "sigmahq/proc_creation_win_createdump_lolbin_execution", @@ -8169,7 +8191,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.800216" }, "sigmahq/proc_creation_win_csc_susp_parent": { "name": "sigmahq/proc_creation_win_csc_susp_parent", @@ -8181,7 +8203,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.803910" }, "sigmahq/proc_creation_win_csi_use_of_csharp_console": { "name": "sigmahq/proc_creation_win_csi_use_of_csharp_console", @@ -8193,7 +8215,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.806571" }, "sigmahq/proc_creation_win_curl_download_direct_ip_susp_extensions": { "name": "sigmahq/proc_creation_win_curl_download_direct_ip_susp_extensions", @@ -8205,7 +8227,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.809915" }, "sigmahq/proc_creation_win_curl_susp_download": { "name": "sigmahq/proc_creation_win_curl_susp_download", @@ -8217,7 +8239,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.812998" }, "sigmahq/proc_creation_win_dctask64_arbitrary_command_and_dll_execution": { "name": "sigmahq/proc_creation_win_dctask64_arbitrary_command_and_dll_execution", @@ -8229,7 +8251,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.815810" }, "sigmahq/proc_creation_win_desktopimgdownldr_susp_execution": { "name": "sigmahq/proc_creation_win_desktopimgdownldr_susp_execution", @@ -8241,7 +8263,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.818485" }, "sigmahq/proc_creation_win_dism_enable_powershell_web_access_feature": { "name": "sigmahq/proc_creation_win_dism_enable_powershell_web_access_feature", @@ -8253,7 +8275,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.821170" }, "sigmahq/proc_creation_win_dll_sideload_vmware_xfer": { "name": "sigmahq/proc_creation_win_dll_sideload_vmware_xfer", @@ -8265,7 +8287,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.823826" }, "sigmahq/proc_creation_win_dllhost_no_cli_execution": { "name": "sigmahq/proc_creation_win_dllhost_no_cli_execution", @@ -8277,7 +8299,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.826468" }, "sigmahq/proc_creation_win_dns_exfiltration_tools_execution": { "name": "sigmahq/proc_creation_win_dns_exfiltration_tools_execution", @@ -8289,7 +8311,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.829153" }, "sigmahq/proc_creation_win_dns_susp_child_process": { "name": "sigmahq/proc_creation_win_dns_susp_child_process", @@ -8301,7 +8323,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.831862" }, "sigmahq/proc_creation_win_dnscmd_install_new_server_level_plugin_dll": { "name": "sigmahq/proc_creation_win_dnscmd_install_new_server_level_plugin_dll", @@ -8313,7 +8335,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.834599" }, "sigmahq/proc_creation_win_driverquery_recon": { "name": "sigmahq/proc_creation_win_driverquery_recon", @@ -8325,7 +8347,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.837350" }, "sigmahq/proc_creation_win_dtrace_kernel_dump": { "name": "sigmahq/proc_creation_win_dtrace_kernel_dump", @@ -8337,7 +8359,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.839961" }, "sigmahq/proc_creation_win_dump64_defender_av_bypass_rename": { "name": "sigmahq/proc_creation_win_dump64_defender_av_bypass_rename", @@ -8349,7 +8371,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.842727" }, "sigmahq/proc_creation_win_dumpminitool_susp_execution": { "name": "sigmahq/proc_creation_win_dumpminitool_susp_execution", @@ -8361,7 +8383,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.845545" }, "sigmahq/proc_creation_win_esentutl_sensitive_file_copy": { "name": "sigmahq/proc_creation_win_esentutl_sensitive_file_copy", @@ -8373,7 +8395,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.848596" }, "sigmahq/proc_creation_win_eventvwr_susp_child_process": { "name": "sigmahq/proc_creation_win_eventvwr_susp_child_process", @@ -8385,7 +8407,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.851258" }, "sigmahq/proc_creation_win_explorer_nouaccheck": { "name": "sigmahq/proc_creation_win_explorer_nouaccheck", @@ -8397,7 +8419,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.853950" }, "sigmahq/proc_creation_win_findstr_gpp_passwords": { "name": "sigmahq/proc_creation_win_findstr_gpp_passwords", @@ -8409,7 +8431,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.856802" }, "sigmahq/proc_creation_win_findstr_sysmon_discovery_via_default_altitude": { "name": "sigmahq/proc_creation_win_findstr_sysmon_discovery_via_default_altitude", @@ -8421,7 +8443,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.859660" }, "sigmahq/proc_creation_win_finger_execution": { "name": "sigmahq/proc_creation_win_finger_execution", @@ -8433,7 +8455,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.862539" }, "sigmahq/proc_creation_win_fltmc_unload_driver_sysmon": { "name": "sigmahq/proc_creation_win_fltmc_unload_driver_sysmon", @@ -8445,7 +8467,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.865376" }, "sigmahq/proc_creation_win_forfiles_child_process_masquerading": { "name": "sigmahq/proc_creation_win_forfiles_child_process_masquerading", @@ -8457,7 +8479,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.868341" }, "sigmahq/proc_creation_win_format_uncommon_filesystem_load": { "name": "sigmahq/proc_creation_win_format_uncommon_filesystem_load", @@ -8469,7 +8491,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.871223" }, "sigmahq/proc_creation_win_fsutil_usage": { "name": "sigmahq/proc_creation_win_fsutil_usage", @@ -8481,7 +8503,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.874164" }, "sigmahq/proc_creation_win_googleupdate_susp_child_process": { "name": "sigmahq/proc_creation_win_googleupdate_susp_child_process", @@ -8493,7 +8515,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.876898" }, "sigmahq/proc_creation_win_gpg4win_susp_location": { "name": "sigmahq/proc_creation_win_gpg4win_susp_location", @@ -8505,7 +8527,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.880216" }, "sigmahq/proc_creation_win_gup_download": { "name": "sigmahq/proc_creation_win_gup_download", @@ -8517,7 +8539,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.883524" }, "sigmahq/proc_creation_win_gup_suspicious_execution": { "name": "sigmahq/proc_creation_win_gup_suspicious_execution", @@ -8529,7 +8551,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.886394" }, "sigmahq/proc_creation_win_hh_html_help_susp_child_process": { "name": "sigmahq/proc_creation_win_hh_html_help_susp_child_process", @@ -8541,7 +8563,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.889801" }, "sigmahq/proc_creation_win_hh_susp_execution": { "name": "sigmahq/proc_creation_win_hh_susp_execution", @@ -8553,7 +8575,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.893114" }, "sigmahq/proc_creation_win_hktl_adcspwn": { "name": "sigmahq/proc_creation_win_hktl_adcspwn", @@ -8565,7 +8587,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.895963" }, "sigmahq/proc_creation_win_hktl_bloodhound_sharphound": { "name": "sigmahq/proc_creation_win_hktl_bloodhound_sharphound", @@ -8577,7 +8599,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.899238" }, "sigmahq/proc_creation_win_hktl_c3_rundll32_pattern": { "name": "sigmahq/proc_creation_win_hktl_c3_rundll32_pattern", @@ -8589,7 +8611,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.902215" }, "sigmahq/proc_creation_win_hktl_certify": { "name": "sigmahq/proc_creation_win_hktl_certify", @@ -8601,7 +8623,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.905651" }, "sigmahq/proc_creation_win_hktl_certipy": { "name": "sigmahq/proc_creation_win_hktl_certipy", @@ -8613,7 +8635,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.910077" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_cmd": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_cmd", @@ -8625,7 +8647,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.914053" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_modules": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_modules", @@ -8637,7 +8659,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.918000" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_load_by_rundll32": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_load_by_rundll32", @@ -8649,7 +8671,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.921739" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_process_patterns": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_process_patterns", @@ -8661,7 +8683,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.925635" }, "sigmahq/proc_creation_win_hktl_covenant": { "name": "sigmahq/proc_creation_win_hktl_covenant", @@ -8673,7 +8695,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.929528" }, "sigmahq/proc_creation_win_hktl_crackmapexec_execution": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_execution", @@ -8685,7 +8707,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.934394" }, "sigmahq/proc_creation_win_hktl_crackmapexec_execution_patterns": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_execution_patterns", @@ -8697,7 +8719,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.938544" }, "sigmahq/proc_creation_win_hktl_crackmapexec_patterns": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_patterns", @@ -8709,7 +8731,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.942425" }, "sigmahq/proc_creation_win_hktl_crackmapexec_powershell_obfuscation": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_powershell_obfuscation", @@ -8721,7 +8743,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.945470" }, "sigmahq/proc_creation_win_hktl_createminidump": { "name": "sigmahq/proc_creation_win_hktl_createminidump", @@ -8733,7 +8755,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.948240" }, "sigmahq/proc_creation_win_hktl_dinjector": { "name": "sigmahq/proc_creation_win_hktl_dinjector", @@ -8745,7 +8767,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.950928" }, "sigmahq/proc_creation_win_hktl_dumpert": { "name": "sigmahq/proc_creation_win_hktl_dumpert", @@ -8757,7 +8779,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.953621" }, "sigmahq/proc_creation_win_hktl_edrsilencer": { "name": "sigmahq/proc_creation_win_hktl_edrsilencer", @@ -8769,7 +8791,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.956311" }, "sigmahq/proc_creation_win_hktl_empire_powershell_launch": { "name": "sigmahq/proc_creation_win_hktl_empire_powershell_launch", @@ -8781,7 +8803,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.959009" }, "sigmahq/proc_creation_win_hktl_empire_powershell_uac_bypass": { "name": "sigmahq/proc_creation_win_hktl_empire_powershell_uac_bypass", @@ -8793,7 +8815,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.961690" }, "sigmahq/proc_creation_win_hktl_execution_via_imphashes": { "name": "sigmahq/proc_creation_win_hktl_execution_via_imphashes", @@ -8805,7 +8827,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.968024" }, "sigmahq/proc_creation_win_hktl_execution_via_pe_metadata": { "name": "sigmahq/proc_creation_win_hktl_execution_via_pe_metadata", @@ -8817,7 +8839,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.970714" }, "sigmahq/proc_creation_win_hktl_gmer": { "name": "sigmahq/proc_creation_win_hktl_gmer", @@ -8829,7 +8851,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.973437" }, "sigmahq/proc_creation_win_hktl_handlekatz": { "name": "sigmahq/proc_creation_win_hktl_handlekatz", @@ -8841,7 +8863,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.976295" }, "sigmahq/proc_creation_win_hktl_hashcat": { "name": "sigmahq/proc_creation_win_hktl_hashcat", @@ -8853,7 +8875,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.978939" }, "sigmahq/proc_creation_win_hktl_htran_or_natbypass": { "name": "sigmahq/proc_creation_win_hktl_htran_or_natbypass", @@ -8865,7 +8887,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.981610" }, "sigmahq/proc_creation_win_hktl_hydra": { "name": "sigmahq/proc_creation_win_hktl_hydra", @@ -8877,7 +8899,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.984268" }, "sigmahq/proc_creation_win_hktl_impacket_lateral_movement": { "name": "sigmahq/proc_creation_win_hktl_impacket_lateral_movement", @@ -8889,7 +8911,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.987148" }, "sigmahq/proc_creation_win_hktl_impacket_tools": { "name": "sigmahq/proc_creation_win_hktl_impacket_tools", @@ -8901,7 +8923,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.990372" }, "sigmahq/proc_creation_win_hktl_inveigh": { "name": "sigmahq/proc_creation_win_hktl_inveigh", @@ -8913,7 +8935,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.993102" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_clip": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_clip", @@ -8925,7 +8947,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.995785" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_obfuscated_iex_commandline": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_obfuscated_iex_commandline", @@ -8937,7 +8959,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.998625" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_stdin": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_stdin", @@ -8949,7 +8971,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.001260" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_var": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_var", @@ -8961,7 +8983,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.003914" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_stdin": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_stdin", @@ -8973,7 +8995,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.006656" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_clip": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_clip", @@ -8985,7 +9007,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.009455" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta", @@ -8997,7 +9019,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.012164" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_var": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_var", @@ -9009,7 +9031,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.014914" }, "sigmahq/proc_creation_win_hktl_koadic": { "name": "sigmahq/proc_creation_win_hktl_koadic", @@ -9021,7 +9043,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.017718" }, "sigmahq/proc_creation_win_hktl_krbrelay": { "name": "sigmahq/proc_creation_win_hktl_krbrelay", @@ -9033,7 +9055,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.021393" }, "sigmahq/proc_creation_win_hktl_krbrelayup": { "name": "sigmahq/proc_creation_win_hktl_krbrelayup", @@ -9045,7 +9067,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.025164" }, "sigmahq/proc_creation_win_hktl_localpotato": { "name": "sigmahq/proc_creation_win_hktl_localpotato", @@ -9057,7 +9079,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.028022" }, "sigmahq/proc_creation_win_hktl_meterpreter_getsystem": { "name": "sigmahq/proc_creation_win_hktl_meterpreter_getsystem", @@ -9069,7 +9091,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.030829" }, "sigmahq/proc_creation_win_hktl_mimikatz_command_line": { "name": "sigmahq/proc_creation_win_hktl_mimikatz_command_line", @@ -9081,7 +9103,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.033956" }, "sigmahq/proc_creation_win_hktl_pchunter": { "name": "sigmahq/proc_creation_win_hktl_pchunter", @@ -9093,7 +9115,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.037209" }, "sigmahq/proc_creation_win_hktl_powersploit_empire_default_schtasks": { "name": "sigmahq/proc_creation_win_hktl_powersploit_empire_default_schtasks", @@ -9105,7 +9127,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.040027" }, "sigmahq/proc_creation_win_hktl_powertool": { "name": "sigmahq/proc_creation_win_hktl_powertool", @@ -9117,7 +9139,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.042637" }, "sigmahq/proc_creation_win_hktl_purplesharp_indicators": { "name": "sigmahq/proc_creation_win_hktl_purplesharp_indicators", @@ -9129,7 +9151,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.045256" }, "sigmahq/proc_creation_win_hktl_pypykatz": { "name": "sigmahq/proc_creation_win_hktl_pypykatz", @@ -9141,7 +9163,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.047922" }, "sigmahq/proc_creation_win_hktl_quarks_pwdump": { "name": "sigmahq/proc_creation_win_hktl_quarks_pwdump", @@ -9153,7 +9175,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.050575" }, "sigmahq/proc_creation_win_hktl_redmimicry_winnti_playbook": { "name": "sigmahq/proc_creation_win_hktl_redmimicry_winnti_playbook", @@ -9165,7 +9187,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.053314" }, "sigmahq/proc_creation_win_hktl_relay_attacks_tools": { "name": "sigmahq/proc_creation_win_hktl_relay_attacks_tools", @@ -9177,7 +9199,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.056319" }, "sigmahq/proc_creation_win_hktl_rubeus": { "name": "sigmahq/proc_creation_win_hktl_rubeus", @@ -9189,7 +9211,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.059284" }, "sigmahq/proc_creation_win_hktl_safetykatz": { "name": "sigmahq/proc_creation_win_hktl_safetykatz", @@ -9201,7 +9223,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.061875" }, "sigmahq/proc_creation_win_hktl_secutyxploded": { "name": "sigmahq/proc_creation_win_hktl_secutyxploded", @@ -9213,7 +9235,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.064574" }, "sigmahq/proc_creation_win_hktl_selectmyparent": { "name": "sigmahq/proc_creation_win_hktl_selectmyparent", @@ -9225,7 +9247,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.067642" }, "sigmahq/proc_creation_win_hktl_sharp_chisel": { "name": "sigmahq/proc_creation_win_hktl_sharp_chisel", @@ -9237,7 +9259,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.070243" }, "sigmahq/proc_creation_win_hktl_sharp_impersonation": { "name": "sigmahq/proc_creation_win_hktl_sharp_impersonation", @@ -9249,7 +9271,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.073080" }, "sigmahq/proc_creation_win_hktl_sharpersist": { "name": "sigmahq/proc_creation_win_hktl_sharpersist", @@ -9261,7 +9283,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.075826" }, "sigmahq/proc_creation_win_hktl_sharpevtmute": { "name": "sigmahq/proc_creation_win_hktl_sharpevtmute", @@ -9273,7 +9295,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.078502" }, "sigmahq/proc_creation_win_hktl_sharpldapwhoami": { "name": "sigmahq/proc_creation_win_hktl_sharpldapwhoami", @@ -9285,7 +9307,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.081216" }, "sigmahq/proc_creation_win_hktl_sharpup": { "name": "sigmahq/proc_creation_win_hktl_sharpup", @@ -9297,7 +9319,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.084027" }, "sigmahq/proc_creation_win_hktl_sharpview": { "name": "sigmahq/proc_creation_win_hktl_sharpview", @@ -9309,7 +9331,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.088473" }, "sigmahq/proc_creation_win_hktl_silenttrinity_stager": { "name": "sigmahq/proc_creation_win_hktl_silenttrinity_stager", @@ -9321,7 +9343,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.091043" }, "sigmahq/proc_creation_win_hktl_sliver_c2_execution_pattern": { "name": "sigmahq/proc_creation_win_hktl_sliver_c2_execution_pattern", @@ -9333,7 +9355,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.093706" }, "sigmahq/proc_creation_win_hktl_stracciatella_execution": { "name": "sigmahq/proc_creation_win_hktl_stracciatella_execution", @@ -9345,7 +9367,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.096580" }, "sigmahq/proc_creation_win_hktl_sysmoneop": { "name": "sigmahq/proc_creation_win_hktl_sysmoneop", @@ -9357,7 +9379,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.100101" }, "sigmahq/proc_creation_win_hktl_trufflesnout": { "name": "sigmahq/proc_creation_win_hktl_trufflesnout", @@ -9369,7 +9391,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.103568" }, "sigmahq/proc_creation_win_hktl_uacme": { "name": "sigmahq/proc_creation_win_hktl_uacme", @@ -9381,7 +9403,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.107066" }, "sigmahq/proc_creation_win_hktl_wce": { "name": "sigmahq/proc_creation_win_hktl_wce", @@ -9393,7 +9415,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.109816" }, "sigmahq/proc_creation_win_hktl_winpeas": { "name": "sigmahq/proc_creation_win_hktl_winpeas", @@ -9405,7 +9427,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.112821" }, "sigmahq/proc_creation_win_hktl_winpwn": { "name": "sigmahq/proc_creation_win_hktl_winpwn", @@ -9417,7 +9439,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.115769" }, "sigmahq/proc_creation_win_hktl_wmiexec_default_powershell": { "name": "sigmahq/proc_creation_win_hktl_wmiexec_default_powershell", @@ -9429,7 +9451,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.118321" }, "sigmahq/proc_creation_win_hktl_xordump": { "name": "sigmahq/proc_creation_win_hktl_xordump", @@ -9441,7 +9463,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.121097" }, "sigmahq/proc_creation_win_hwp_exploits": { "name": "sigmahq/proc_creation_win_hwp_exploits", @@ -9453,7 +9475,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.123798" }, "sigmahq/proc_creation_win_ieexec_download": { "name": "sigmahq/proc_creation_win_ieexec_download", @@ -9465,7 +9487,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.126435" }, "sigmahq/proc_creation_win_iis_appcmd_http_logging": { "name": "sigmahq/proc_creation_win_iis_appcmd_http_logging", @@ -9477,7 +9499,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.129141" }, "sigmahq/proc_creation_win_iis_appcmd_service_account_password_dumped": { "name": "sigmahq/proc_creation_win_iis_appcmd_service_account_password_dumped", @@ -9489,7 +9511,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.132045" }, "sigmahq/proc_creation_win_iis_connection_strings_decryption": { "name": "sigmahq/proc_creation_win_iis_connection_strings_decryption", @@ -9501,7 +9523,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.134770" }, "sigmahq/proc_creation_win_iis_susp_module_registration": { "name": "sigmahq/proc_creation_win_iis_susp_module_registration", @@ -9513,7 +9535,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.137490" }, "sigmahq/proc_creation_win_imagingdevices_unusual_parents": { "name": "sigmahq/proc_creation_win_imagingdevices_unusual_parents", @@ -9525,7 +9547,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.140083" }, "sigmahq/proc_creation_win_imewbdld_download": { "name": "sigmahq/proc_creation_win_imewbdld_download", @@ -9537,7 +9559,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.142714" }, "sigmahq/proc_creation_win_java_keytool_susp_child_process": { "name": "sigmahq/proc_creation_win_java_keytool_susp_child_process", @@ -9549,7 +9571,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.145662" }, "sigmahq/proc_creation_win_java_manageengine_susp_child_process": { "name": "sigmahq/proc_creation_win_java_manageengine_susp_child_process", @@ -9561,7 +9583,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.148841" }, "sigmahq/proc_creation_win_kavremover_uncommon_execution": { "name": "sigmahq/proc_creation_win_kavremover_uncommon_execution", @@ -9573,7 +9595,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.151523" }, "sigmahq/proc_creation_win_logman_disable_eventlog": { "name": "sigmahq/proc_creation_win_logman_disable_eventlog", @@ -9585,7 +9607,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.154348" }, "sigmahq/proc_creation_win_lolbin_devtoolslauncher": { "name": "sigmahq/proc_creation_win_lolbin_devtoolslauncher", @@ -9597,7 +9619,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.156941" }, "sigmahq/proc_creation_win_lolbin_manage_bde": { "name": "sigmahq/proc_creation_win_lolbin_manage_bde", @@ -9609,7 +9631,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.159728" }, "sigmahq/proc_creation_win_lolbin_mavinject_process_injection": { "name": "sigmahq/proc_creation_win_lolbin_mavinject_process_injection", @@ -9621,7 +9643,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.162493" }, "sigmahq/proc_creation_win_lolbin_mpiexec": { "name": "sigmahq/proc_creation_win_lolbin_mpiexec", @@ -9633,7 +9655,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.165190" }, "sigmahq/proc_creation_win_lolbin_msdt_answer_file": { "name": "sigmahq/proc_creation_win_lolbin_msdt_answer_file", @@ -9645,7 +9667,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.167981" }, "sigmahq/proc_creation_win_lolbin_openwith": { "name": "sigmahq/proc_creation_win_lolbin_openwith", @@ -9657,7 +9679,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.170691" }, "sigmahq/proc_creation_win_lolbin_pcwrun_follina": { "name": "sigmahq/proc_creation_win_lolbin_pcwrun_follina", @@ -9669,7 +9691,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.174152" }, "sigmahq/proc_creation_win_lolbin_printbrm": { "name": "sigmahq/proc_creation_win_lolbin_printbrm", @@ -9681,7 +9703,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.177732" }, "sigmahq/proc_creation_win_lolbin_settingsynchost": { "name": "sigmahq/proc_creation_win_lolbin_settingsynchost", @@ -9693,7 +9715,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.180819" }, "sigmahq/proc_creation_win_lolbin_susp_certreq_download": { "name": "sigmahq/proc_creation_win_lolbin_susp_certreq_download", @@ -9705,7 +9727,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.183586" }, "sigmahq/proc_creation_win_lolbin_susp_grpconv": { "name": "sigmahq/proc_creation_win_lolbin_susp_grpconv", @@ -9717,7 +9739,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.186310" }, "sigmahq/proc_creation_win_lolbin_tttracer_mod_load": { "name": "sigmahq/proc_creation_win_lolbin_tttracer_mod_load", @@ -9729,7 +9751,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.189017" }, "sigmahq/proc_creation_win_lolbin_visual_basic_compiler": { "name": "sigmahq/proc_creation_win_lolbin_visual_basic_compiler", @@ -9741,7 +9763,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.191681" }, "sigmahq/proc_creation_win_lsass_process_clone": { "name": "sigmahq/proc_creation_win_lsass_process_clone", @@ -9753,7 +9775,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.194388" }, "sigmahq/proc_creation_win_mmc_mmc20_lateral_movement": { "name": "sigmahq/proc_creation_win_mmc_mmc20_lateral_movement", @@ -9765,7 +9787,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.197046" }, "sigmahq/proc_creation_win_mmc_susp_child_process": { "name": "sigmahq/proc_creation_win_mmc_susp_child_process", @@ -9777,7 +9799,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.199821" }, "sigmahq/proc_creation_win_mofcomp_execution": { "name": "sigmahq/proc_creation_win_mofcomp_execution", @@ -9789,7 +9811,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.202894" }, "sigmahq/proc_creation_win_mpcmdrun_dll_sideload_defender": { "name": "sigmahq/proc_creation_win_mpcmdrun_dll_sideload_defender", @@ -9801,7 +9823,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.205707" }, "sigmahq/proc_creation_win_mpcmdrun_download_arbitrary_file": { "name": "sigmahq/proc_creation_win_mpcmdrun_download_arbitrary_file", @@ -9813,7 +9835,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.208431" }, "sigmahq/proc_creation_win_mpcmdrun_remove_windows_defender_definition": { "name": "sigmahq/proc_creation_win_mpcmdrun_remove_windows_defender_definition", @@ -9825,7 +9847,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.211084" }, "sigmahq/proc_creation_win_msdt_arbitrary_command_execution": { "name": "sigmahq/proc_creation_win_msdt_arbitrary_command_execution", @@ -9837,7 +9859,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.213948" }, "sigmahq/proc_creation_win_msdt_susp_parent": { "name": "sigmahq/proc_creation_win_msdt_susp_parent", @@ -9849,7 +9871,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.216809" }, "sigmahq/proc_creation_win_mshta_http": { "name": "sigmahq/proc_creation_win_mshta_http", @@ -9861,7 +9883,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.219506" }, "sigmahq/proc_creation_win_mshta_javascript": { "name": "sigmahq/proc_creation_win_mshta_javascript", @@ -9873,7 +9895,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.222212" }, "sigmahq/proc_creation_win_mshta_lethalhta_technique": { "name": "sigmahq/proc_creation_win_mshta_lethalhta_technique", @@ -9885,7 +9907,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.224838" }, "sigmahq/proc_creation_win_mshta_susp_child_processes": { "name": "sigmahq/proc_creation_win_mshta_susp_child_processes", @@ -9897,7 +9919,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.227649" }, "sigmahq/proc_creation_win_mshta_susp_execution": { "name": "sigmahq/proc_creation_win_mshta_susp_execution", @@ -9909,7 +9931,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.230486" }, "sigmahq/proc_creation_win_mshta_susp_pattern": { "name": "sigmahq/proc_creation_win_mshta_susp_pattern", @@ -9921,7 +9943,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.233478" }, "sigmahq/proc_creation_win_msiexec_masquerading": { "name": "sigmahq/proc_creation_win_msiexec_masquerading", @@ -9933,7 +9955,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.236118" }, "sigmahq/proc_creation_win_msra_process_injection": { "name": "sigmahq/proc_creation_win_msra_process_injection", @@ -9945,7 +9967,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.238921" }, "sigmahq/proc_creation_win_mssql_susp_child_process": { "name": "sigmahq/proc_creation_win_mssql_susp_child_process", @@ -9957,7 +9979,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.242033" }, "sigmahq/proc_creation_win_mssql_veaam_susp_child_processes": { "name": "sigmahq/proc_creation_win_mssql_veaam_susp_child_processes", @@ -9969,7 +9991,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.244990" }, "sigmahq/proc_creation_win_mstsc_rdp_hijack_shadowing": { "name": "sigmahq/proc_creation_win_mstsc_rdp_hijack_shadowing", @@ -9981,7 +10003,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.247798" }, "sigmahq/proc_creation_win_mstsc_run_local_rdp_file_susp_location": { "name": "sigmahq/proc_creation_win_mstsc_run_local_rdp_file_susp_location", @@ -9993,7 +10015,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.250800" }, "sigmahq/proc_creation_win_mstsc_run_local_rpd_file_susp_parent": { "name": "sigmahq/proc_creation_win_mstsc_run_local_rpd_file_susp_parent", @@ -10005,7 +10027,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.253639" }, "sigmahq/proc_creation_win_msxsl_remote_execution": { "name": "sigmahq/proc_creation_win_msxsl_remote_execution", @@ -10017,7 +10039,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.256292" }, "sigmahq/proc_creation_win_net_use_mount_internet_share": { "name": "sigmahq/proc_creation_win_net_use_mount_internet_share", @@ -10029,7 +10051,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.259011" }, "sigmahq/proc_creation_win_net_user_add_never_expire": { "name": "sigmahq/proc_creation_win_net_user_add_never_expire", @@ -10041,7 +10063,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.261745" }, "sigmahq/proc_creation_win_net_user_default_accounts_manipulation": { "name": "sigmahq/proc_creation_win_net_user_default_accounts_manipulation", @@ -10053,7 +10075,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.265067" }, "sigmahq/proc_creation_win_netsh_fw_allow_program_in_susp_location": { "name": "sigmahq/proc_creation_win_netsh_fw_allow_program_in_susp_location", @@ -10065,7 +10087,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.268353" }, "sigmahq/proc_creation_win_netsh_fw_allow_rdp": { "name": "sigmahq/proc_creation_win_netsh_fw_allow_rdp", @@ -10077,7 +10099,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.271107" }, "sigmahq/proc_creation_win_netsh_port_forwarding_3389": { "name": "sigmahq/proc_creation_win_netsh_port_forwarding_3389", @@ -10089,7 +10111,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.273892" }, "sigmahq/proc_creation_win_node_abuse": { "name": "sigmahq/proc_creation_win_node_abuse", @@ -10101,7 +10123,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.276731" }, "sigmahq/proc_creation_win_nslookup_domain_discovery": { "name": "sigmahq/proc_creation_win_nslookup_domain_discovery", @@ -10113,7 +10135,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.279511" }, "sigmahq/proc_creation_win_odbcconf_driver_install_susp": { "name": "sigmahq/proc_creation_win_odbcconf_driver_install_susp", @@ -10125,7 +10147,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.282268" }, "sigmahq/proc_creation_win_odbcconf_exec_susp_locations": { "name": "sigmahq/proc_creation_win_odbcconf_exec_susp_locations", @@ -10137,7 +10159,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.285558" }, "sigmahq/proc_creation_win_odbcconf_register_dll_regsvr_susp": { "name": "sigmahq/proc_creation_win_odbcconf_register_dll_regsvr_susp", @@ -10149,7 +10171,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.288251" }, "sigmahq/proc_creation_win_office_arbitrary_cli_download": { "name": "sigmahq/proc_creation_win_office_arbitrary_cli_download", @@ -10161,7 +10183,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.291105" }, "sigmahq/proc_creation_win_office_excel_dcom_lateral_movement": { "name": "sigmahq/proc_creation_win_office_excel_dcom_lateral_movement", @@ -10173,7 +10195,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.294034" }, "sigmahq/proc_creation_win_office_exec_from_trusted_locations": { "name": "sigmahq/proc_creation_win_office_exec_from_trusted_locations", @@ -10185,7 +10207,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.297028" }, "sigmahq/proc_creation_win_office_onenote_embedded_script_execution": { "name": "sigmahq/proc_creation_win_office_onenote_embedded_script_execution", @@ -10197,7 +10219,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.299943" }, "sigmahq/proc_creation_win_office_onenote_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_onenote_susp_child_processes", @@ -10209,7 +10231,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.303974" }, "sigmahq/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules": { "name": "sigmahq/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules", @@ -10221,7 +10243,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.306786" }, "sigmahq/proc_creation_win_office_outlook_execution_from_temp": { "name": "sigmahq/proc_creation_win_office_outlook_execution_from_temp", @@ -10233,7 +10255,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.309520" }, "sigmahq/proc_creation_win_office_outlook_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_outlook_susp_child_processes", @@ -10245,7 +10267,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.312797" }, "sigmahq/proc_creation_win_office_outlook_susp_child_processes_remote": { "name": "sigmahq/proc_creation_win_office_outlook_susp_child_processes_remote", @@ -10257,7 +10279,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.315656" }, "sigmahq/proc_creation_win_office_spawn_exe_from_users_directory": { "name": "sigmahq/proc_creation_win_office_spawn_exe_from_users_directory", @@ -10269,7 +10291,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.318817" }, "sigmahq/proc_creation_win_office_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_susp_child_processes", @@ -10281,7 +10303,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.322841" }, "sigmahq/proc_creation_win_ping_hex_ip": { "name": "sigmahq/proc_creation_win_ping_hex_ip", @@ -10293,7 +10315,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.325525" }, "sigmahq/proc_creation_win_plink_port_forwarding": { "name": "sigmahq/proc_creation_win_plink_port_forwarding", @@ -10305,7 +10327,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.328181" }, "sigmahq/proc_creation_win_plink_susp_tunneling": { "name": "sigmahq/proc_creation_win_plink_susp_tunneling", @@ -10317,7 +10339,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.330890" }, "sigmahq/proc_creation_win_powershell_aadinternals_cmdlets_execution": { "name": "sigmahq/proc_creation_win_powershell_aadinternals_cmdlets_execution", @@ -10329,7 +10351,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.333915" }, "sigmahq/proc_creation_win_powershell_amsi_init_failed_bypass": { "name": "sigmahq/proc_creation_win_powershell_amsi_init_failed_bypass", @@ -10341,7 +10363,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.336732" }, "sigmahq/proc_creation_win_powershell_base64_encoded_cmd": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_cmd", @@ -10353,7 +10375,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.339647" }, "sigmahq/proc_creation_win_powershell_base64_encoded_cmd_patterns": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_cmd_patterns", @@ -10365,7 +10387,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.342955" }, "sigmahq/proc_creation_win_powershell_base64_encoded_obfusc": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_obfusc", @@ -10377,7 +10399,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.346073" }, "sigmahq/proc_creation_win_powershell_base64_frombase64string": { "name": "sigmahq/proc_creation_win_powershell_base64_frombase64string", @@ -10389,7 +10411,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.348885" }, "sigmahq/proc_creation_win_powershell_base64_hidden_flag": { "name": "sigmahq/proc_creation_win_powershell_base64_hidden_flag", @@ -10401,7 +10423,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.352693" }, "sigmahq/proc_creation_win_powershell_base64_iex": { "name": "sigmahq/proc_creation_win_powershell_base64_iex", @@ -10413,7 +10435,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.356041" }, "sigmahq/proc_creation_win_powershell_base64_invoke": { "name": "sigmahq/proc_creation_win_powershell_base64_invoke", @@ -10425,7 +10447,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.358926" }, "sigmahq/proc_creation_win_powershell_base64_mppreference": { "name": "sigmahq/proc_creation_win_powershell_base64_mppreference", @@ -10437,7 +10459,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.362122" }, "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load": { "name": "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load", @@ -10449,7 +10471,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.365367" }, "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load_obfusc": { "name": "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load_obfusc", @@ -10461,7 +10483,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.368525" }, "sigmahq/proc_creation_win_powershell_base64_wmi_classes": { "name": "sigmahq/proc_creation_win_powershell_base64_wmi_classes", @@ -10473,7 +10495,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.372023" }, "sigmahq/proc_creation_win_powershell_cmdline_reversed_strings": { "name": "sigmahq/proc_creation_win_powershell_cmdline_reversed_strings", @@ -10485,7 +10507,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.375579" }, "sigmahq/proc_creation_win_powershell_cmdline_special_characters": { "name": "sigmahq/proc_creation_win_powershell_cmdline_special_characters", @@ -10497,7 +10519,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.378496" }, "sigmahq/proc_creation_win_powershell_decrypt_pattern": { "name": "sigmahq/proc_creation_win_powershell_decrypt_pattern", @@ -10509,7 +10531,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.381371" }, "sigmahq/proc_creation_win_powershell_defender_disable_feature": { "name": "sigmahq/proc_creation_win_powershell_defender_disable_feature", @@ -10521,7 +10543,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.386320" }, "sigmahq/proc_creation_win_powershell_disable_defender_av_security_monitoring": { "name": "sigmahq/proc_creation_win_powershell_disable_defender_av_security_monitoring", @@ -10533,7 +10555,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.389257" }, "sigmahq/proc_creation_win_powershell_disable_ie_features": { "name": "sigmahq/proc_creation_win_powershell_disable_ie_features", @@ -10545,7 +10567,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.392102" }, "sigmahq/proc_creation_win_powershell_download_cradle_obfuscated": { "name": "sigmahq/proc_creation_win_powershell_download_cradle_obfuscated", @@ -10557,7 +10579,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.395073" }, "sigmahq/proc_creation_win_powershell_download_iex": { "name": "sigmahq/proc_creation_win_powershell_download_iex", @@ -10569,7 +10591,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.398030" }, "sigmahq/proc_creation_win_powershell_email_exfil": { "name": "sigmahq/proc_creation_win_powershell_email_exfil", @@ -10581,7 +10603,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.400762" }, "sigmahq/proc_creation_win_powershell_frombase64string": { "name": "sigmahq/proc_creation_win_powershell_frombase64string", @@ -10593,7 +10615,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.403537" }, "sigmahq/proc_creation_win_powershell_getprocess_lsass": { "name": "sigmahq/proc_creation_win_powershell_getprocess_lsass", @@ -10605,7 +10627,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.406180" }, "sigmahq/proc_creation_win_powershell_hide_services_via_set_service": { "name": "sigmahq/proc_creation_win_powershell_hide_services_via_set_service", @@ -10617,7 +10639,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.408971" }, "sigmahq/proc_creation_win_powershell_iex_patterns": { "name": "sigmahq/proc_creation_win_powershell_iex_patterns", @@ -10629,7 +10651,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.411988" }, "sigmahq/proc_creation_win_powershell_import_cert_susp_locations": { "name": "sigmahq/proc_creation_win_powershell_import_cert_susp_locations", @@ -10641,7 +10663,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.414767" }, "sigmahq/proc_creation_win_powershell_mailboxexport_share": { "name": "sigmahq/proc_creation_win_powershell_mailboxexport_share", @@ -10653,7 +10675,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.417383" }, "sigmahq/proc_creation_win_powershell_obfuscation_via_utf8": { "name": "sigmahq/proc_creation_win_powershell_obfuscation_via_utf8", @@ -10665,7 +10687,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.420112" }, "sigmahq/proc_creation_win_powershell_public_folder": { "name": "sigmahq/proc_creation_win_powershell_public_folder", @@ -10677,7 +10699,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.422984" }, "sigmahq/proc_creation_win_powershell_remotefxvgpudisablement_abuse": { "name": "sigmahq/proc_creation_win_powershell_remotefxvgpudisablement_abuse", @@ -10689,7 +10711,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.425684" }, "sigmahq/proc_creation_win_powershell_remove_mppreference": { "name": "sigmahq/proc_creation_win_powershell_remove_mppreference", @@ -10701,7 +10723,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.428450" }, "sigmahq/proc_creation_win_powershell_reverse_shell_connection": { "name": "sigmahq/proc_creation_win_powershell_reverse_shell_connection", @@ -10713,7 +10735,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.431150" }, "sigmahq/proc_creation_win_powershell_run_script_from_ads": { "name": "sigmahq/proc_creation_win_powershell_run_script_from_ads", @@ -10725,7 +10747,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.433848" }, "sigmahq/proc_creation_win_powershell_run_script_from_input_stream": { "name": "sigmahq/proc_creation_win_powershell_run_script_from_input_stream", @@ -10737,7 +10759,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.436586" }, "sigmahq/proc_creation_win_powershell_sam_access": { "name": "sigmahq/proc_creation_win_powershell_sam_access", @@ -10749,7 +10771,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.439244" }, "sigmahq/proc_creation_win_powershell_service_dacl_modification_set_service": { "name": "sigmahq/proc_creation_win_powershell_service_dacl_modification_set_service", @@ -10761,7 +10783,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.442066" }, "sigmahq/proc_creation_win_powershell_set_acl": { "name": "sigmahq/proc_creation_win_powershell_set_acl", @@ -10773,7 +10795,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.444692" }, "sigmahq/proc_creation_win_powershell_set_acl_susp_location": { "name": "sigmahq/proc_creation_win_powershell_set_acl_susp_location", @@ -10785,7 +10807,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.447396" }, "sigmahq/proc_creation_win_powershell_shadowcopy_deletion": { "name": "sigmahq/proc_creation_win_powershell_shadowcopy_deletion", @@ -10797,7 +10819,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.450171" }, "sigmahq/proc_creation_win_powershell_snapins_hafnium": { "name": "sigmahq/proc_creation_win_powershell_snapins_hafnium", @@ -10809,7 +10831,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.453041" }, "sigmahq/proc_creation_win_powershell_susp_download_patterns": { "name": "sigmahq/proc_creation_win_powershell_susp_download_patterns", @@ -10821,7 +10843,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.455858" }, "sigmahq/proc_creation_win_powershell_susp_parameter_variation": { "name": "sigmahq/proc_creation_win_powershell_susp_parameter_variation", @@ -10833,7 +10855,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.460554" }, "sigmahq/proc_creation_win_powershell_susp_parent_process": { "name": "sigmahq/proc_creation_win_powershell_susp_parent_process", @@ -10845,7 +10867,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.463901" }, "sigmahq/proc_creation_win_powershell_susp_ps_downloadfile": { "name": "sigmahq/proc_creation_win_powershell_susp_ps_downloadfile", @@ -10857,7 +10879,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.466777" }, "sigmahq/proc_creation_win_powershell_token_obfuscation": { "name": "sigmahq/proc_creation_win_powershell_token_obfuscation", @@ -10869,7 +10891,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.469526" }, "sigmahq/proc_creation_win_powershell_webclient_casing": { "name": "sigmahq/proc_creation_win_powershell_webclient_casing", @@ -10881,7 +10903,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.475232" }, "sigmahq/proc_creation_win_provlaunch_susp_child_process": { "name": "sigmahq/proc_creation_win_provlaunch_susp_child_process", @@ -10893,7 +10915,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.478178" }, "sigmahq/proc_creation_win_pua_3proxy_execution": { "name": "sigmahq/proc_creation_win_pua_3proxy_execution", @@ -10905,7 +10927,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.480830" }, "sigmahq/proc_creation_win_pua_adfind_enumeration": { "name": "sigmahq/proc_creation_win_pua_adfind_enumeration", @@ -10917,7 +10939,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.483589" }, "sigmahq/proc_creation_win_pua_adfind_susp_usage": { "name": "sigmahq/proc_creation_win_pua_adfind_susp_usage", @@ -10929,7 +10951,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.486664" }, "sigmahq/proc_creation_win_pua_advancedrun_priv_user": { "name": "sigmahq/proc_creation_win_pua_advancedrun_priv_user", @@ -10941,7 +10963,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.489492" }, "sigmahq/proc_creation_win_pua_chisel": { "name": "sigmahq/proc_creation_win_pua_chisel", @@ -10953,7 +10975,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.492195" }, "sigmahq/proc_creation_win_pua_cleanwipe": { "name": "sigmahq/proc_creation_win_pua_cleanwipe", @@ -10965,7 +10987,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.494927" }, "sigmahq/proc_creation_win_pua_crassus": { "name": "sigmahq/proc_creation_win_pua_crassus", @@ -10977,7 +10999,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.497607" }, "sigmahq/proc_creation_win_pua_csexec": { "name": "sigmahq/proc_creation_win_pua_csexec", @@ -10989,7 +11011,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.500213" }, "sigmahq/proc_creation_win_pua_defendercheck": { "name": "sigmahq/proc_creation_win_pua_defendercheck", @@ -11001,7 +11023,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.502866" }, "sigmahq/proc_creation_win_pua_ditsnap": { "name": "sigmahq/proc_creation_win_pua_ditsnap", @@ -11013,7 +11035,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.505584" }, "sigmahq/proc_creation_win_pua_frp": { "name": "sigmahq/proc_creation_win_pua_frp", @@ -11025,7 +11047,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.508491" }, "sigmahq/proc_creation_win_pua_iox": { "name": "sigmahq/proc_creation_win_pua_iox", @@ -11037,7 +11059,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.511350" }, "sigmahq/proc_creation_win_pua_netcat": { "name": "sigmahq/proc_creation_win_pua_netcat", @@ -11049,7 +11071,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.514214" }, "sigmahq/proc_creation_win_pua_ngrok": { "name": "sigmahq/proc_creation_win_pua_ngrok", @@ -11061,7 +11083,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.517116" }, "sigmahq/proc_creation_win_pua_nimgrab": { "name": "sigmahq/proc_creation_win_pua_nimgrab", @@ -11073,7 +11095,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.519938" }, "sigmahq/proc_creation_win_pua_nircmd_as_system": { "name": "sigmahq/proc_creation_win_pua_nircmd_as_system", @@ -11085,7 +11107,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.522536" }, "sigmahq/proc_creation_win_pua_nps": { "name": "sigmahq/proc_creation_win_pua_nps", @@ -11097,7 +11119,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.525330" }, "sigmahq/proc_creation_win_pua_nsudo": { "name": "sigmahq/proc_creation_win_pua_nsudo", @@ -11109,7 +11131,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.528141" }, "sigmahq/proc_creation_win_pua_rclone_execution": { "name": "sigmahq/proc_creation_win_pua_rclone_execution", @@ -11121,7 +11143,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.531064" }, "sigmahq/proc_creation_win_pua_runxcmd": { "name": "sigmahq/proc_creation_win_pua_runxcmd", @@ -11133,7 +11155,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.533692" }, "sigmahq/proc_creation_win_pua_seatbelt": { "name": "sigmahq/proc_creation_win_pua_seatbelt", @@ -11145,7 +11167,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.536845" }, "sigmahq/proc_creation_win_pua_wsudo_susp_execution": { "name": "sigmahq/proc_creation_win_pua_wsudo_susp_execution", @@ -11157,7 +11179,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.539609" }, "sigmahq/proc_creation_win_python_pty_spawn": { "name": "sigmahq/proc_creation_win_python_pty_spawn", @@ -11169,7 +11191,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.542303" }, "sigmahq/proc_creation_win_rar_compression_with_password": { "name": "sigmahq/proc_creation_win_rar_compression_with_password", @@ -11181,7 +11203,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.545860" }, "sigmahq/proc_creation_win_rar_susp_greedy_compression": { "name": "sigmahq/proc_creation_win_rar_susp_greedy_compression", @@ -11193,7 +11215,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.549812" }, "sigmahq/proc_creation_win_rdrleakdiag_process_dumping": { "name": "sigmahq/proc_creation_win_rdrleakdiag_process_dumping", @@ -11205,7 +11227,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.552874" }, "sigmahq/proc_creation_win_reg_add_safeboot": { "name": "sigmahq/proc_creation_win_reg_add_safeboot", @@ -11217,7 +11239,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.555621" }, "sigmahq/proc_creation_win_reg_bitlocker": { "name": "sigmahq/proc_creation_win_reg_bitlocker", @@ -11229,7 +11251,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.558446" }, "sigmahq/proc_creation_win_reg_delete_safeboot": { "name": "sigmahq/proc_creation_win_reg_delete_safeboot", @@ -11241,7 +11263,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.561130" }, "sigmahq/proc_creation_win_reg_delete_services": { "name": "sigmahq/proc_creation_win_reg_delete_services", @@ -11253,7 +11275,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.563783" }, "sigmahq/proc_creation_win_reg_disable_sec_services": { "name": "sigmahq/proc_creation_win_reg_disable_sec_services", @@ -11265,7 +11287,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.566654" }, "sigmahq/proc_creation_win_reg_dumping_sensitive_hives": { "name": "sigmahq/proc_creation_win_reg_dumping_sensitive_hives", @@ -11277,7 +11299,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.569722" }, "sigmahq/proc_creation_win_reg_lsa_disable_restricted_admin": { "name": "sigmahq/proc_creation_win_reg_lsa_disable_restricted_admin", @@ -11289,7 +11311,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.572492" }, "sigmahq/proc_creation_win_reg_lsa_ppl_protection_disabled": { "name": "sigmahq/proc_creation_win_reg_lsa_ppl_protection_disabled", @@ -11301,7 +11323,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.575178" }, "sigmahq/proc_creation_win_reg_nolmhash": { "name": "sigmahq/proc_creation_win_reg_nolmhash", @@ -11313,7 +11335,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.577873" }, "sigmahq/proc_creation_win_reg_rdp_keys_tamper": { "name": "sigmahq/proc_creation_win_reg_rdp_keys_tamper", @@ -11325,7 +11347,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.580895" }, "sigmahq/proc_creation_win_reg_susp_paths": { "name": "sigmahq/proc_creation_win_reg_susp_paths", @@ -11337,7 +11359,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.583729" }, "sigmahq/proc_creation_win_reg_volsnap_disable": { "name": "sigmahq/proc_creation_win_reg_volsnap_disable", @@ -11349,7 +11371,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.586314" }, "sigmahq/proc_creation_win_reg_windows_defender_tamper": { "name": "sigmahq/proc_creation_win_reg_windows_defender_tamper", @@ -11361,7 +11383,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.589670" }, "sigmahq/proc_creation_win_regedit_export_critical_keys": { "name": "sigmahq/proc_creation_win_regedit_export_critical_keys", @@ -11373,7 +11395,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.592487" }, "sigmahq/proc_creation_win_regedit_import_keys_ads": { "name": "sigmahq/proc_creation_win_regedit_import_keys_ads", @@ -11385,7 +11407,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.595382" }, "sigmahq/proc_creation_win_regedit_trustedinstaller": { "name": "sigmahq/proc_creation_win_regedit_trustedinstaller", @@ -11397,7 +11419,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.597990" }, "sigmahq/proc_creation_win_regini_ads": { "name": "sigmahq/proc_creation_win_regini_ads", @@ -11409,7 +11431,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.600673" }, "sigmahq/proc_creation_win_registry_ie_security_zone_protocol_defaults_downgrade": { "name": "sigmahq/proc_creation_win_registry_ie_security_zone_protocol_defaults_downgrade", @@ -11421,7 +11443,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.603361" }, "sigmahq/proc_creation_win_registry_install_reg_debugger_backdoor": { "name": "sigmahq/proc_creation_win_registry_install_reg_debugger_backdoor", @@ -11433,7 +11455,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.606109" }, "sigmahq/proc_creation_win_registry_logon_script": { "name": "sigmahq/proc_creation_win_registry_logon_script", @@ -11445,7 +11467,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.608797" }, "sigmahq/proc_creation_win_registry_new_network_provider": { "name": "sigmahq/proc_creation_win_registry_new_network_provider", @@ -11457,7 +11479,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.611516" }, "sigmahq/proc_creation_win_registry_office_disable_python_security_warnings": { "name": "sigmahq/proc_creation_win_registry_office_disable_python_security_warnings", @@ -11469,7 +11491,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.614300" }, "sigmahq/proc_creation_win_registry_privilege_escalation_via_service_key": { "name": "sigmahq/proc_creation_win_registry_privilege_escalation_via_service_key", @@ -11481,7 +11503,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.617930" }, "sigmahq/proc_creation_win_registry_provlaunch_provisioning_command": { "name": "sigmahq/proc_creation_win_registry_provlaunch_provisioning_command", @@ -11493,7 +11515,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.621410" }, "sigmahq/proc_creation_win_registry_set_unsecure_powershell_policy": { "name": "sigmahq/proc_creation_win_registry_set_unsecure_powershell_policy", @@ -11505,7 +11527,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.624401" }, "sigmahq/proc_creation_win_regsvr32_http_ip_pattern": { "name": "sigmahq/proc_creation_win_regsvr32_http_ip_pattern", @@ -11517,7 +11539,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.627668" }, "sigmahq/proc_creation_win_regsvr32_remote_share": { "name": "sigmahq/proc_creation_win_regsvr32_remote_share", @@ -11529,7 +11551,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.630302" }, "sigmahq/proc_creation_win_regsvr32_susp_child_process": { "name": "sigmahq/proc_creation_win_regsvr32_susp_child_process", @@ -11541,7 +11563,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.633149" }, "sigmahq/proc_creation_win_regsvr32_susp_exec_path_2": { "name": "sigmahq/proc_creation_win_regsvr32_susp_exec_path_2", @@ -11553,7 +11575,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.636449" }, "sigmahq/proc_creation_win_regsvr32_susp_extensions": { "name": "sigmahq/proc_creation_win_regsvr32_susp_extensions", @@ -11565,7 +11587,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.639479" }, "sigmahq/proc_creation_win_remote_access_tools_anydesk_silent_install": { "name": "sigmahq/proc_creation_win_remote_access_tools_anydesk_silent_install", @@ -11577,7 +11599,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.642113" }, "sigmahq/proc_creation_win_remote_access_tools_anydesk_susp_exec": { "name": "sigmahq/proc_creation_win_remote_access_tools_anydesk_susp_exec", @@ -11589,7 +11611,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.645007" }, "sigmahq/proc_creation_win_renamed_adfind": { "name": "sigmahq/proc_creation_win_renamed_adfind", @@ -11601,7 +11623,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.648425" }, "sigmahq/proc_creation_win_renamed_autoit": { "name": "sigmahq/proc_creation_win_renamed_autoit", @@ -11613,7 +11635,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.651484" }, "sigmahq/proc_creation_win_renamed_binary_highly_relevant": { "name": "sigmahq/proc_creation_win_renamed_binary_highly_relevant", @@ -11625,7 +11647,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.654687" }, "sigmahq/proc_creation_win_renamed_browsercore": { "name": "sigmahq/proc_creation_win_renamed_browsercore", @@ -11637,7 +11659,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.657443" }, "sigmahq/proc_creation_win_renamed_cloudflared": { "name": "sigmahq/proc_creation_win_renamed_cloudflared", @@ -11649,7 +11671,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.662243" }, "sigmahq/proc_creation_win_renamed_createdump": { "name": "sigmahq/proc_creation_win_renamed_createdump", @@ -11661,7 +11683,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.665072" }, "sigmahq/proc_creation_win_renamed_dctask64": { "name": "sigmahq/proc_creation_win_renamed_dctask64", @@ -11673,7 +11695,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.667929" }, "sigmahq/proc_creation_win_renamed_gpg4win": { "name": "sigmahq/proc_creation_win_renamed_gpg4win", @@ -11685,7 +11707,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.670585" }, "sigmahq/proc_creation_win_renamed_jusched": { "name": "sigmahq/proc_creation_win_renamed_jusched", @@ -11697,7 +11719,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.673173" }, "sigmahq/proc_creation_win_renamed_mavinject": { "name": "sigmahq/proc_creation_win_renamed_mavinject", @@ -11709,7 +11731,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.675865" }, "sigmahq/proc_creation_win_renamed_megasync": { "name": "sigmahq/proc_creation_win_renamed_megasync", @@ -11721,7 +11743,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.678489" }, "sigmahq/proc_creation_win_renamed_msdt": { "name": "sigmahq/proc_creation_win_renamed_msdt", @@ -11733,7 +11755,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.681064" }, "sigmahq/proc_creation_win_renamed_netsupport_rat": { "name": "sigmahq/proc_creation_win_renamed_netsupport_rat", @@ -11745,7 +11767,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.683671" }, "sigmahq/proc_creation_win_renamed_office_processes": { "name": "sigmahq/proc_creation_win_renamed_office_processes", @@ -11757,7 +11779,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.686503" }, "sigmahq/proc_creation_win_renamed_paexec": { "name": "sigmahq/proc_creation_win_renamed_paexec", @@ -11769,7 +11791,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.689292" }, "sigmahq/proc_creation_win_renamed_plink": { "name": "sigmahq/proc_creation_win_renamed_plink", @@ -11781,7 +11803,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.691918" }, "sigmahq/proc_creation_win_renamed_rundll32_dllregisterserver": { "name": "sigmahq/proc_creation_win_renamed_rundll32_dllregisterserver", @@ -11793,7 +11815,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.695334" }, "sigmahq/proc_creation_win_renamed_sysinternals_debugview": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_debugview", @@ -11805,7 +11827,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.698777" }, "sigmahq/proc_creation_win_renamed_sysinternals_procdump": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_procdump", @@ -11817,7 +11839,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.702479" }, "sigmahq/proc_creation_win_renamed_sysinternals_psexec_service": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_psexec_service", @@ -11829,7 +11851,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.705050" }, "sigmahq/proc_creation_win_renamed_sysinternals_sdelete": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_sdelete", @@ -11841,7 +11863,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.707711" }, "sigmahq/proc_creation_win_renamed_vmnat": { "name": "sigmahq/proc_creation_win_renamed_vmnat", @@ -11853,7 +11875,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.710320" }, "sigmahq/proc_creation_win_renamed_whoami": { "name": "sigmahq/proc_creation_win_renamed_whoami", @@ -11865,7 +11887,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.712905" }, "sigmahq/proc_creation_win_rundll32_ads_stored_dll_execution": { "name": "sigmahq/proc_creation_win_rundll32_ads_stored_dll_execution", @@ -11877,7 +11899,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.715571" }, "sigmahq/proc_creation_win_rundll32_advpack_obfuscated_ordinal_call": { "name": "sigmahq/proc_creation_win_rundll32_advpack_obfuscated_ordinal_call", @@ -11889,7 +11911,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.718197" }, "sigmahq/proc_creation_win_rundll32_inline_vbs": { "name": "sigmahq/proc_creation_win_rundll32_inline_vbs", @@ -11901,7 +11923,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.720846" }, "sigmahq/proc_creation_win_rundll32_keymgr": { "name": "sigmahq/proc_creation_win_rundll32_keymgr", @@ -11913,7 +11935,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.723471" }, "sigmahq/proc_creation_win_rundll32_mshtml_runhtmlapplication": { "name": "sigmahq/proc_creation_win_rundll32_mshtml_runhtmlapplication", @@ -11925,7 +11947,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.726055" }, "sigmahq/proc_creation_win_rundll32_no_params": { "name": "sigmahq/proc_creation_win_rundll32_no_params", @@ -11937,7 +11959,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.728874" }, "sigmahq/proc_creation_win_rundll32_ntlmrelay": { "name": "sigmahq/proc_creation_win_rundll32_ntlmrelay", @@ -11949,7 +11971,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.731605" }, "sigmahq/proc_creation_win_rundll32_process_dump_via_comsvcs": { "name": "sigmahq/proc_creation_win_rundll32_process_dump_via_comsvcs", @@ -11961,7 +11983,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.734481" }, "sigmahq/proc_creation_win_rundll32_registered_com_objects": { "name": "sigmahq/proc_creation_win_rundll32_registered_com_objects", @@ -11973,7 +11995,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.737153" }, "sigmahq/proc_creation_win_rundll32_shell32_susp_execution": { "name": "sigmahq/proc_creation_win_rundll32_shell32_susp_execution", @@ -11985,7 +12007,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.739913" }, "sigmahq/proc_creation_win_rundll32_spawn_explorer": { "name": "sigmahq/proc_creation_win_rundll32_spawn_explorer", @@ -11997,7 +12019,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.742584" }, "sigmahq/proc_creation_win_rundll32_susp_control_dll_load": { "name": "sigmahq/proc_creation_win_rundll32_susp_control_dll_load", @@ -12009,7 +12031,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.745226" }, "sigmahq/proc_creation_win_rundll32_susp_execution_with_image_extension": { "name": "sigmahq/proc_creation_win_rundll32_susp_execution_with_image_extension", @@ -12021,7 +12043,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.748068" }, "sigmahq/proc_creation_win_rundll32_susp_shellexec_execution": { "name": "sigmahq/proc_creation_win_rundll32_susp_shellexec_execution", @@ -12033,7 +12055,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.750781" }, "sigmahq/proc_creation_win_rundll32_susp_shimcache_flush": { "name": "sigmahq/proc_creation_win_rundll32_susp_shimcache_flush", @@ -12045,7 +12067,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.753480" }, "sigmahq/proc_creation_win_rundll32_sys": { "name": "sigmahq/proc_creation_win_rundll32_sys", @@ -12057,7 +12079,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.756111" }, "sigmahq/proc_creation_win_rundll32_unc_path": { "name": "sigmahq/proc_creation_win_rundll32_unc_path", @@ -12069,7 +12091,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.758840" }, "sigmahq/proc_creation_win_rundll32_webdav_client_susp_execution": { "name": "sigmahq/proc_creation_win_rundll32_webdav_client_susp_execution", @@ -12081,7 +12103,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.761979" }, "sigmahq/proc_creation_win_rundll32_without_parameters": { "name": "sigmahq/proc_creation_win_rundll32_without_parameters", @@ -12093,7 +12115,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.765603" }, "sigmahq/proc_creation_win_sc_change_sevice_image_path_by_non_admin": { "name": "sigmahq/proc_creation_win_sc_change_sevice_image_path_by_non_admin", @@ -12105,7 +12127,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.769165" }, "sigmahq/proc_creation_win_sc_sdset_allow_service_changes": { "name": "sigmahq/proc_creation_win_sc_sdset_allow_service_changes", @@ -12117,7 +12139,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.772152" }, "sigmahq/proc_creation_win_sc_sdset_deny_service_access": { "name": "sigmahq/proc_creation_win_sc_sdset_deny_service_access", @@ -12129,7 +12151,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.774951" }, "sigmahq/proc_creation_win_sc_sdset_hide_sevices": { "name": "sigmahq/proc_creation_win_sc_sdset_hide_sevices", @@ -12141,7 +12163,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.777642" }, "sigmahq/proc_creation_win_sc_service_path_modification": { "name": "sigmahq/proc_creation_win_sc_service_path_modification", @@ -12153,7 +12175,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.780627" }, "sigmahq/proc_creation_win_schtasks_appdata_local_system": { "name": "sigmahq/proc_creation_win_schtasks_appdata_local_system", @@ -12165,7 +12187,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.783504" }, "sigmahq/proc_creation_win_schtasks_change": { "name": "sigmahq/proc_creation_win_schtasks_change", @@ -12177,7 +12199,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.786836" }, "sigmahq/proc_creation_win_schtasks_creation_temp_folder": { "name": "sigmahq/proc_creation_win_schtasks_creation_temp_folder", @@ -12189,7 +12211,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.789504" }, "sigmahq/proc_creation_win_schtasks_delete": { "name": "sigmahq/proc_creation_win_schtasks_delete", @@ -12201,7 +12223,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.792318" }, "sigmahq/proc_creation_win_schtasks_delete_all": { "name": "sigmahq/proc_creation_win_schtasks_delete_all", @@ -12213,7 +12235,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.794963" }, "sigmahq/proc_creation_win_schtasks_disable": { "name": "sigmahq/proc_creation_win_schtasks_disable", @@ -12225,7 +12247,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.797824" }, "sigmahq/proc_creation_win_schtasks_folder_combos": { "name": "sigmahq/proc_creation_win_schtasks_folder_combos", @@ -12237,7 +12259,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.800613" }, "sigmahq/proc_creation_win_schtasks_one_time_only_midnight_task": { "name": "sigmahq/proc_creation_win_schtasks_one_time_only_midnight_task", @@ -12249,7 +12271,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.803404" }, "sigmahq/proc_creation_win_schtasks_powershell_persistence": { "name": "sigmahq/proc_creation_win_schtasks_powershell_persistence", @@ -12261,7 +12283,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.806234" }, "sigmahq/proc_creation_win_schtasks_reg_loader_encoded": { "name": "sigmahq/proc_creation_win_schtasks_reg_loader_encoded", @@ -12273,7 +12295,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.809106" }, "sigmahq/proc_creation_win_schtasks_schedule_type": { "name": "sigmahq/proc_creation_win_schtasks_schedule_type", @@ -12285,7 +12307,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.811847" }, "sigmahq/proc_creation_win_schtasks_system": { "name": "sigmahq/proc_creation_win_schtasks_system", @@ -12297,7 +12319,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.814718" }, "sigmahq/proc_creation_win_scrcons_susp_child_process": { "name": "sigmahq/proc_creation_win_scrcons_susp_child_process", @@ -12309,7 +12331,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.817485" }, "sigmahq/proc_creation_win_sdiagnhost_susp_child": { "name": "sigmahq/proc_creation_win_sdiagnhost_susp_child", @@ -12321,7 +12343,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.820408" }, "sigmahq/proc_creation_win_servu_susp_child_process": { "name": "sigmahq/proc_creation_win_servu_susp_child_process", @@ -12333,7 +12355,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.823216" }, "sigmahq/proc_creation_win_setres_uncommon_child_process": { "name": "sigmahq/proc_creation_win_setres_uncommon_child_process", @@ -12345,7 +12367,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.825970" }, "sigmahq/proc_creation_win_splwow64_cli_anomaly": { "name": "sigmahq/proc_creation_win_splwow64_cli_anomaly", @@ -12357,7 +12379,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.828590" }, "sigmahq/proc_creation_win_spoolsv_susp_child_processes": { "name": "sigmahq/proc_creation_win_spoolsv_susp_child_processes", @@ -12369,7 +12391,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.831894" }, "sigmahq/proc_creation_win_sqlcmd_veeam_dump": { "name": "sigmahq/proc_creation_win_sqlcmd_veeam_dump", @@ -12381,7 +12403,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.834531" }, "sigmahq/proc_creation_win_sqlite_chromium_profile_data": { "name": "sigmahq/proc_creation_win_sqlite_chromium_profile_data", @@ -12393,7 +12415,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.837404" }, "sigmahq/proc_creation_win_sqlite_firefox_gecko_profile_data": { "name": "sigmahq/proc_creation_win_sqlite_firefox_gecko_profile_data", @@ -12405,7 +12427,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.840994" }, "sigmahq/proc_creation_win_ssh_rdp_tunneling": { "name": "sigmahq/proc_creation_win_ssh_rdp_tunneling", @@ -12417,7 +12439,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.844417" }, "sigmahq/proc_creation_win_stordiag_susp_child_process": { "name": "sigmahq/proc_creation_win_stordiag_susp_child_process", @@ -12429,7 +12451,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.847485" }, "sigmahq/proc_creation_win_susp_abusing_debug_privilege": { "name": "sigmahq/proc_creation_win_susp_abusing_debug_privilege", @@ -12441,7 +12463,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.850377" }, "sigmahq/proc_creation_win_susp_add_user_privileged_group": { "name": "sigmahq/proc_creation_win_susp_add_user_privileged_group", @@ -12453,7 +12475,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.853047" }, "sigmahq/proc_creation_win_susp_add_user_remote_desktop_group": { "name": "sigmahq/proc_creation_win_susp_add_user_remote_desktop_group", @@ -12465,7 +12487,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.855932" }, "sigmahq/proc_creation_win_susp_archiver_iso_phishing": { "name": "sigmahq/proc_creation_win_susp_archiver_iso_phishing", @@ -12477,7 +12499,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.858664" }, "sigmahq/proc_creation_win_susp_child_process_as_system_": { "name": "sigmahq/proc_creation_win_susp_child_process_as_system_", @@ -12489,7 +12511,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.861429" }, "sigmahq/proc_creation_win_susp_cli_obfuscation_unicode_img": { "name": "sigmahq/proc_creation_win_susp_cli_obfuscation_unicode_img", @@ -12501,7 +12523,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.864348" }, "sigmahq/proc_creation_win_susp_copy_system_dir_lolbin": { "name": "sigmahq/proc_creation_win_susp_copy_system_dir_lolbin", @@ -12513,7 +12535,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.867357" }, "sigmahq/proc_creation_win_susp_crypto_mining_monero": { "name": "sigmahq/proc_creation_win_susp_crypto_mining_monero", @@ -12525,7 +12547,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.870391" }, "sigmahq/proc_creation_win_susp_data_exfiltration_via_cli": { "name": "sigmahq/proc_creation_win_susp_data_exfiltration_via_cli", @@ -12537,7 +12559,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.873530" }, "sigmahq/proc_creation_win_susp_disable_raccine": { "name": "sigmahq/proc_creation_win_susp_disable_raccine", @@ -12549,7 +12571,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.876246" }, "sigmahq/proc_creation_win_susp_double_extension": { "name": "sigmahq/proc_creation_win_susp_double_extension", @@ -12561,7 +12583,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.879652" }, "sigmahq/proc_creation_win_susp_double_extension_parent": { "name": "sigmahq/proc_creation_win_susp_double_extension_parent", @@ -12573,7 +12595,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.882931" }, "sigmahq/proc_creation_win_susp_download_office_domain": { "name": "sigmahq/proc_creation_win_susp_download_office_domain", @@ -12585,7 +12607,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.885848" }, "sigmahq/proc_creation_win_susp_dumpstack_log_evasion": { "name": "sigmahq/proc_creation_win_susp_dumpstack_log_evasion", @@ -12597,7 +12619,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.888396" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_1": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_1", @@ -12609,7 +12631,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.905851" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_2": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_2", @@ -12621,7 +12643,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.924680" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_3": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_3", @@ -12633,7 +12655,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.941752" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_4": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_4", @@ -12645,7 +12667,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.955898" }, "sigmahq/proc_creation_win_susp_etw_modification_cmdline": { "name": "sigmahq/proc_creation_win_susp_etw_modification_cmdline", @@ -12657,7 +12679,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.958762" }, "sigmahq/proc_creation_win_susp_etw_trace_evasion": { "name": "sigmahq/proc_creation_win_susp_etw_trace_evasion", @@ -12669,7 +12691,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.961702" }, "sigmahq/proc_creation_win_susp_eventlog_clear": { "name": "sigmahq/proc_creation_win_susp_eventlog_clear", @@ -12681,7 +12703,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.964697" }, "sigmahq/proc_creation_win_susp_execution_from_public_folder_as_parent": { "name": "sigmahq/proc_creation_win_susp_execution_from_public_folder_as_parent", @@ -12693,7 +12715,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.967763" }, "sigmahq/proc_creation_win_susp_execution_path": { "name": "sigmahq/proc_creation_win_susp_execution_path", @@ -12705,7 +12727,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.971896" }, "sigmahq/proc_creation_win_susp_gather_network_info_execution": { "name": "sigmahq/proc_creation_win_susp_gather_network_info_execution", @@ -12717,7 +12739,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.975474" }, "sigmahq/proc_creation_win_susp_image_missing": { "name": "sigmahq/proc_creation_win_susp_image_missing", @@ -12729,7 +12751,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.978107" }, "sigmahq/proc_creation_win_susp_inline_base64_mz_header": { "name": "sigmahq/proc_creation_win_susp_inline_base64_mz_header", @@ -12741,7 +12763,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.980726" }, "sigmahq/proc_creation_win_susp_inline_win_api_access": { "name": "sigmahq/proc_creation_win_susp_inline_win_api_access", @@ -12753,7 +12775,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.984249" }, "sigmahq/proc_creation_win_susp_lsass_dmp_cli_keywords": { "name": "sigmahq/proc_creation_win_susp_lsass_dmp_cli_keywords", @@ -12765,7 +12787,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.987213" }, "sigmahq/proc_creation_win_susp_non_priv_reg_or_ps": { "name": "sigmahq/proc_creation_win_susp_non_priv_reg_or_ps", @@ -12777,7 +12799,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.990027" }, "sigmahq/proc_creation_win_susp_ntds": { "name": "sigmahq/proc_creation_win_susp_ntds", @@ -12789,7 +12811,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.993074" }, "sigmahq/proc_creation_win_susp_nteventlogfile_usage": { "name": "sigmahq/proc_creation_win_susp_nteventlogfile_usage", @@ -12801,7 +12823,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.995951" }, "sigmahq/proc_creation_win_susp_parents": { "name": "sigmahq/proc_creation_win_susp_parents", @@ -12813,7 +12835,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.998937" }, "sigmahq/proc_creation_win_susp_powershell_execution_via_dll": { "name": "sigmahq/proc_creation_win_susp_powershell_execution_via_dll", @@ -12825,7 +12847,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.001837" }, "sigmahq/proc_creation_win_susp_priv_escalation_via_named_pipe": { "name": "sigmahq/proc_creation_win_susp_priv_escalation_via_named_pipe", @@ -12837,7 +12859,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.004600" }, "sigmahq/proc_creation_win_susp_progname": { "name": "sigmahq/proc_creation_win_susp_progname", @@ -12849,7 +12871,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.007871" }, "sigmahq/proc_creation_win_susp_recycle_bin_fake_execution": { "name": "sigmahq/proc_creation_win_susp_recycle_bin_fake_execution", @@ -12861,7 +12883,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.010449" }, "sigmahq/proc_creation_win_susp_redirect_local_admin_share": { "name": "sigmahq/proc_creation_win_susp_redirect_local_admin_share", @@ -12873,7 +12895,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.013125" }, "sigmahq/proc_creation_win_susp_right_to_left_override": { "name": "sigmahq/proc_creation_win_susp_right_to_left_override", @@ -12885,7 +12907,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.015812" }, "sigmahq/proc_creation_win_susp_script_exec_from_env_folder": { "name": "sigmahq/proc_creation_win_susp_script_exec_from_env_folder", @@ -12897,7 +12919,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.018860" }, "sigmahq/proc_creation_win_susp_script_exec_from_temp": { "name": "sigmahq/proc_creation_win_susp_script_exec_from_temp", @@ -12909,7 +12931,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.021783" }, "sigmahq/proc_creation_win_susp_sensitive_file_access_shadowcopy": { "name": "sigmahq/proc_creation_win_susp_sensitive_file_access_shadowcopy", @@ -12921,7 +12943,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.024483" }, "sigmahq/proc_creation_win_susp_service_creation": { "name": "sigmahq/proc_creation_win_susp_service_creation", @@ -12933,7 +12955,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.027582" }, "sigmahq/proc_creation_win_susp_service_dir": { "name": "sigmahq/proc_creation_win_susp_service_dir", @@ -12945,7 +12967,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.030472" }, "sigmahq/proc_creation_win_susp_service_tamper": { "name": "sigmahq/proc_creation_win_susp_service_tamper", @@ -12957,7 +12979,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.037461" }, "sigmahq/proc_creation_win_susp_shadow_copies_deletion": { "name": "sigmahq/proc_creation_win_susp_shadow_copies_deletion", @@ -12969,7 +12991,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.040422" }, "sigmahq/proc_creation_win_susp_shell_spawn_susp_program": { "name": "sigmahq/proc_creation_win_susp_shell_spawn_susp_program", @@ -12981,7 +13003,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.043741" }, "sigmahq/proc_creation_win_susp_system_user_anomaly": { "name": "sigmahq/proc_creation_win_susp_system_user_anomaly", @@ -12993,7 +13015,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.047484" }, "sigmahq/proc_creation_win_susp_task_folder_evasion": { "name": "sigmahq/proc_creation_win_susp_task_folder_evasion", @@ -13005,7 +13027,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.050407" }, "sigmahq/proc_creation_win_susp_whoami_as_param": { "name": "sigmahq/proc_creation_win_susp_whoami_as_param", @@ -13017,7 +13039,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.053112" }, "sigmahq/proc_creation_win_susp_workfolders": { "name": "sigmahq/proc_creation_win_susp_workfolders", @@ -13029,7 +13051,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.055828" }, "sigmahq/proc_creation_win_svchost_execution_with_no_cli_flags": { "name": "sigmahq/proc_creation_win_svchost_execution_with_no_cli_flags", @@ -13041,7 +13063,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.058574" }, "sigmahq/proc_creation_win_svchost_termserv_proc_spawn": { "name": "sigmahq/proc_creation_win_svchost_termserv_proc_spawn", @@ -13053,7 +13075,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.061392" }, "sigmahq/proc_creation_win_sysinternals_adexplorer_susp_execution": { "name": "sigmahq/proc_creation_win_sysinternals_adexplorer_susp_execution", @@ -13065,7 +13087,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.064181" }, "sigmahq/proc_creation_win_sysinternals_procdump_evasion": { "name": "sigmahq/proc_creation_win_sysinternals_procdump_evasion", @@ -13077,7 +13099,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.067002" }, "sigmahq/proc_creation_win_sysinternals_procdump_lsass": { "name": "sigmahq/proc_creation_win_sysinternals_procdump_lsass", @@ -13089,7 +13111,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.069806" }, "sigmahq/proc_creation_win_sysinternals_psexec_paexec_escalate_system": { "name": "sigmahq/proc_creation_win_sysinternals_psexec_paexec_escalate_system", @@ -13101,7 +13123,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.075540" }, "sigmahq/proc_creation_win_sysinternals_psexec_remote_execution": { "name": "sigmahq/proc_creation_win_sysinternals_psexec_remote_execution", @@ -13113,7 +13135,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.078192" }, "sigmahq/proc_creation_win_sysinternals_psexesvc_as_system": { "name": "sigmahq/proc_creation_win_sysinternals_psexesvc_as_system", @@ -13125,7 +13147,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.080867" }, "sigmahq/proc_creation_win_sysinternals_pssuspend_susp_execution": { "name": "sigmahq/proc_creation_win_sysinternals_pssuspend_susp_execution", @@ -13137,7 +13159,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.083579" }, "sigmahq/proc_creation_win_sysinternals_sdelete": { "name": "sigmahq/proc_creation_win_sysinternals_sdelete", @@ -13149,7 +13171,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.086217" }, "sigmahq/proc_creation_win_sysinternals_susp_psexec_paexec_flags": { "name": "sigmahq/proc_creation_win_sysinternals_susp_psexec_paexec_flags", @@ -13161,7 +13183,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.091973" }, "sigmahq/proc_creation_win_sysinternals_sysmon_uninstall": { "name": "sigmahq/proc_creation_win_sysinternals_sysmon_uninstall", @@ -13173,7 +13195,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.094735" }, "sigmahq/proc_creation_win_systemsettingsadminflows_turn_on_dev_features": { "name": "sigmahq/proc_creation_win_systemsettingsadminflows_turn_on_dev_features", @@ -13185,7 +13207,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.097416" }, "sigmahq/proc_creation_win_taskkill_sep": { "name": "sigmahq/proc_creation_win_taskkill_sep", @@ -13197,7 +13219,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.100181" }, "sigmahq/proc_creation_win_taskmgr_localsystem": { "name": "sigmahq/proc_creation_win_taskmgr_localsystem", @@ -13209,7 +13231,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.102851" }, "sigmahq/proc_creation_win_tscon_localsystem": { "name": "sigmahq/proc_creation_win_tscon_localsystem", @@ -13221,7 +13243,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.105469" }, "sigmahq/proc_creation_win_tscon_rdp_redirect": { "name": "sigmahq/proc_creation_win_tscon_rdp_redirect", @@ -13233,7 +13255,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.108088" }, "sigmahq/proc_creation_win_uac_bypass_changepk_slui": { "name": "sigmahq/proc_creation_win_uac_bypass_changepk_slui", @@ -13245,7 +13267,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.110768" }, "sigmahq/proc_creation_win_uac_bypass_cleanmgr": { "name": "sigmahq/proc_creation_win_uac_bypass_cleanmgr", @@ -13257,7 +13279,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.113426" }, "sigmahq/proc_creation_win_uac_bypass_cmstp": { "name": "sigmahq/proc_creation_win_uac_bypass_cmstp", @@ -13269,7 +13291,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.116140" }, "sigmahq/proc_creation_win_uac_bypass_cmstp_com_object_access": { "name": "sigmahq/proc_creation_win_uac_bypass_cmstp_com_object_access", @@ -13281,7 +13303,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.119055" }, "sigmahq/proc_creation_win_uac_bypass_computerdefaults": { "name": "sigmahq/proc_creation_win_uac_bypass_computerdefaults", @@ -13293,7 +13315,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.121770" }, "sigmahq/proc_creation_win_uac_bypass_consent_comctl32": { "name": "sigmahq/proc_creation_win_uac_bypass_consent_comctl32", @@ -13305,7 +13327,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.124587" }, "sigmahq/proc_creation_win_uac_bypass_dismhost": { "name": "sigmahq/proc_creation_win_uac_bypass_dismhost", @@ -13317,7 +13339,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.127376" }, "sigmahq/proc_creation_win_uac_bypass_eventvwr_recentviews": { "name": "sigmahq/proc_creation_win_uac_bypass_eventvwr_recentviews", @@ -13329,7 +13351,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.129972" }, "sigmahq/proc_creation_win_uac_bypass_fodhelper": { "name": "sigmahq/proc_creation_win_uac_bypass_fodhelper", @@ -13341,7 +13363,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.132612" }, "sigmahq/proc_creation_win_uac_bypass_icmluautil": { "name": "sigmahq/proc_creation_win_uac_bypass_icmluautil", @@ -13353,7 +13375,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.135305" }, "sigmahq/proc_creation_win_uac_bypass_idiagnostic_profile": { "name": "sigmahq/proc_creation_win_uac_bypass_idiagnostic_profile", @@ -13365,7 +13387,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.138002" }, "sigmahq/proc_creation_win_uac_bypass_ieinstal": { "name": "sigmahq/proc_creation_win_uac_bypass_ieinstal", @@ -13377,7 +13399,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.140679" }, "sigmahq/proc_creation_win_uac_bypass_msconfig_gui": { "name": "sigmahq/proc_creation_win_uac_bypass_msconfig_gui", @@ -13389,7 +13411,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.143375" }, "sigmahq/proc_creation_win_uac_bypass_ntfs_reparse_point": { "name": "sigmahq/proc_creation_win_uac_bypass_ntfs_reparse_point", @@ -13401,7 +13423,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.146188" }, "sigmahq/proc_creation_win_uac_bypass_pkgmgr_dism": { "name": "sigmahq/proc_creation_win_uac_bypass_pkgmgr_dism", @@ -13413,7 +13435,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.148897" }, "sigmahq/proc_creation_win_uac_bypass_trustedpath": { "name": "sigmahq/proc_creation_win_uac_bypass_trustedpath", @@ -13425,7 +13447,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.151534" }, "sigmahq/proc_creation_win_uac_bypass_winsat": { "name": "sigmahq/proc_creation_win_uac_bypass_winsat", @@ -13437,7 +13459,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.154193" }, "sigmahq/proc_creation_win_uac_bypass_wmp": { "name": "sigmahq/proc_creation_win_uac_bypass_wmp", @@ -13449,7 +13471,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.156892" }, "sigmahq/proc_creation_win_uac_bypass_wsreset": { "name": "sigmahq/proc_creation_win_uac_bypass_wsreset", @@ -13461,7 +13483,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.159634" }, "sigmahq/proc_creation_win_uac_bypass_wsreset_integrity_level": { "name": "sigmahq/proc_creation_win_uac_bypass_wsreset_integrity_level", @@ -13473,7 +13495,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.162256" }, "sigmahq/proc_creation_win_ultravnc_susp_execution": { "name": "sigmahq/proc_creation_win_ultravnc_susp_execution", @@ -13485,7 +13507,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.165310" }, "sigmahq/proc_creation_win_uninstall_crowdstrike_falcon": { "name": "sigmahq/proc_creation_win_uninstall_crowdstrike_falcon", @@ -13497,7 +13519,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.168023" }, "sigmahq/proc_creation_win_userinit_uncommon_child_processes": { "name": "sigmahq/proc_creation_win_userinit_uncommon_child_processes", @@ -13509,7 +13531,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.171025" }, "sigmahq/proc_creation_win_vmware_toolbox_cmd_persistence_susp": { "name": "sigmahq/proc_creation_win_vmware_toolbox_cmd_persistence_susp", @@ -13521,7 +13543,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.173893" }, "sigmahq/proc_creation_win_vmware_vmtoolsd_susp_child_process": { "name": "sigmahq/proc_creation_win_vmware_vmtoolsd_susp_child_process", @@ -13533,7 +13555,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.176913" }, "sigmahq/proc_creation_win_vscode_tunnel_renamed_execution": { "name": "sigmahq/proc_creation_win_vscode_tunnel_renamed_execution", @@ -13545,7 +13567,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.179837" }, "sigmahq/proc_creation_win_w32tm": { "name": "sigmahq/proc_creation_win_w32tm", @@ -13557,7 +13579,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.182530" }, "sigmahq/proc_creation_win_wab_execution_from_non_default_location": { "name": "sigmahq/proc_creation_win_wab_execution_from_non_default_location", @@ -13569,7 +13591,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.185170" }, "sigmahq/proc_creation_win_wab_unusual_parents": { "name": "sigmahq/proc_creation_win_wab_unusual_parents", @@ -13581,7 +13603,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.187807" }, "sigmahq/proc_creation_win_wbadmin_delete_all_backups": { "name": "sigmahq/proc_creation_win_wbadmin_delete_all_backups", @@ -13593,7 +13615,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.190496" }, "sigmahq/proc_creation_win_webshell_chopper": { "name": "sigmahq/proc_creation_win_webshell_chopper", @@ -13605,7 +13627,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.193379" }, "sigmahq/proc_creation_win_webshell_hacking": { "name": "sigmahq/proc_creation_win_webshell_hacking", @@ -13617,7 +13639,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.198448" }, "sigmahq/proc_creation_win_webshell_recon_commands_and_processes": { "name": "sigmahq/proc_creation_win_webshell_recon_commands_and_processes", @@ -13629,7 +13651,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.203546" }, "sigmahq/proc_creation_win_webshell_susp_process_spawned_from_webserver": { "name": "sigmahq/proc_creation_win_webshell_susp_process_spawned_from_webserver", @@ -13641,7 +13663,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.207210" }, "sigmahq/proc_creation_win_webshell_tool_recon": { "name": "sigmahq/proc_creation_win_webshell_tool_recon", @@ -13653,7 +13675,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.210242" }, "sigmahq/proc_creation_win_werfault_lsass_shtinkering": { "name": "sigmahq/proc_creation_win_werfault_lsass_shtinkering", @@ -13665,7 +13687,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.213047" }, "sigmahq/proc_creation_win_wermgr_susp_exec_location": { "name": "sigmahq/proc_creation_win_wermgr_susp_exec_location", @@ -13677,7 +13699,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.215673" }, "sigmahq/proc_creation_win_wget_download_direct_ip": { "name": "sigmahq/proc_creation_win_wget_download_direct_ip", @@ -13689,7 +13711,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.218777" }, "sigmahq/proc_creation_win_whoami_execution_from_high_priv_process": { "name": "sigmahq/proc_creation_win_whoami_execution_from_high_priv_process", @@ -13701,7 +13723,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.221453" }, "sigmahq/proc_creation_win_whoami_priv_discovery": { "name": "sigmahq/proc_creation_win_whoami_priv_discovery", @@ -13713,7 +13735,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.224118" }, "sigmahq/proc_creation_win_winget_add_insecure_custom_source": { "name": "sigmahq/proc_creation_win_winget_add_insecure_custom_source", @@ -13725,7 +13747,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.226823" }, "sigmahq/proc_creation_win_winrm_susp_child_process": { "name": "sigmahq/proc_creation_win_winrm_susp_child_process", @@ -13737,7 +13759,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.229610" }, "sigmahq/proc_creation_win_wmi_backdoor_exchange_transport_agent": { "name": "sigmahq/proc_creation_win_wmi_backdoor_exchange_transport_agent", @@ -13749,7 +13771,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.232469" }, "sigmahq/proc_creation_win_wmic_eventconsumer_creation": { "name": "sigmahq/proc_creation_win_wmic_eventconsumer_creation", @@ -13761,7 +13783,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.235100" }, "sigmahq/proc_creation_win_wmic_namespace_defender": { "name": "sigmahq/proc_creation_win_wmic_namespace_defender", @@ -13773,7 +13795,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.237816" }, "sigmahq/proc_creation_win_wmic_susp_execution_via_office_process": { "name": "sigmahq/proc_creation_win_wmic_susp_execution_via_office_process", @@ -13785,7 +13807,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.240921" }, "sigmahq/proc_creation_win_wmic_susp_process_creation": { "name": "sigmahq/proc_creation_win_wmic_susp_process_creation", @@ -13797,7 +13819,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.244008" }, "sigmahq/proc_creation_win_wmic_uninstall_security_products": { "name": "sigmahq/proc_creation_win_wmic_uninstall_security_products", @@ -13809,7 +13831,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.247527" }, "sigmahq/proc_creation_win_wmiprvse_susp_child_processes": { "name": "sigmahq/proc_creation_win_wmiprvse_susp_child_processes", @@ -13821,7 +13843,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.250512" }, "sigmahq/proc_creation_win_wpbbin_potential_persistence": { "name": "sigmahq/proc_creation_win_wpbbin_potential_persistence", @@ -13833,7 +13855,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.253168" }, "sigmahq/proc_creation_win_wscript_cscript_uncommon_extension_exec": { "name": "sigmahq/proc_creation_win_wscript_cscript_uncommon_extension_exec", @@ -13845,7 +13867,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.256033" }, "sigmahq/proc_creation_win_wuauclt_dll_loading": { "name": "sigmahq/proc_creation_win_wuauclt_dll_loading", @@ -13857,7 +13879,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.258862" }, "sigmahq/proc_creation_win_wuauclt_no_cli_flags_execution": { "name": "sigmahq/proc_creation_win_wuauclt_no_cli_flags_execution", @@ -13869,7 +13891,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.261534" }, "sigmahq/proc_creation_win_wusa_cab_files_extraction_from_susp_paths": { "name": "sigmahq/proc_creation_win_wusa_cab_files_extraction_from_susp_paths", @@ -13881,7 +13903,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.264184" }, "sigmahq/proc_creation_win_xwizard_execution_non_default_location": { "name": "sigmahq/proc_creation_win_xwizard_execution_non_default_location", @@ -13893,7 +13915,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.266913" }, "thespad/sshesame-bf": { "name": "thespad/sshesame-bf", @@ -13909,7 +13931,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T13:56:37.273223" }, "thespad/sshesame-cmd": { "name": "thespad/sshesame-cmd", @@ -13925,7 +13947,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T13:56:37.274724" }, "thespad/sshesame-input": { "name": "thespad/sshesame-input", @@ -13941,7 +13963,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T13:56:37.276150" }, "timokoessler/gitlab-bf": { "name": "timokoessler/gitlab-bf", @@ -13957,7 +13979,7 @@ "spoofable": 0, "cti": true, "service": "gitlab", - "created_at": "2022-07-26T15:59:43" + "created_at": "2025-10-15T13:56:37.280015" }, "timokoessler/gitlab-bf_user-enum": { "name": "timokoessler/gitlab-bf_user-enum", @@ -13974,7 +13996,7 @@ "spoofable": 0, "cti": true, "service": "gitlab", - "created_at": "2022-07-26T15:59:43" + "created_at": "2025-10-15T13:56:37.281450" }, "timokoessler/mongodb-bf": { "name": "timokoessler/mongodb-bf", @@ -13990,7 +14012,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T13:56:37.286434" }, "timokoessler/mongodb-bf_user-enum": { "name": "timokoessler/mongodb-bf_user-enum", @@ -14007,7 +14029,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T13:56:37.287863" }, "timokoessler/mongodb-bf_auth-db-enum": { "name": "timokoessler/mongodb-bf_auth-db-enum", @@ -14024,7 +14046,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T13:56:37.289319" }, "timokoessler/uptime-kuma-bf": { "name": "timokoessler/uptime-kuma-bf", @@ -14040,7 +14062,7 @@ "spoofable": 0, "cti": true, "service": "uptime-kuma", - "created_at": "2022-07-04T13:09:30" + "created_at": "2025-10-15T13:56:37.293179" }, "timokoessler/uptime-kuma-bf_user-enum": { "name": "timokoessler/uptime-kuma-bf_user-enum", @@ -14057,7 +14079,7 @@ "spoofable": 0, "cti": true, "service": "uptime-kuma", - "created_at": "2022-07-04T13:09:30" + "created_at": "2025-10-15T13:56:37.294593" }, "xs539/bookstack-bf": { "name": "xs539/bookstack-bf", @@ -14073,7 +14095,7 @@ "spoofable": 0, "cti": true, "service": "bookstack", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.298250" }, "xs539/bookstack-bf_user-enum": { "name": "xs539/bookstack-bf_user-enum", @@ -14089,7 +14111,7 @@ "spoofable": 0, "cti": true, "service": "bookstack", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.299661" }, "xs539/joplin-server-bf": { "name": "xs539/joplin-server-bf", @@ -14105,7 +14127,7 @@ "spoofable": 0, "cti": true, "service": "joplin", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.303253" }, "xs539/joplin-server-bf_user-enum": { "name": "xs539/joplin-server-bf_user-enum", @@ -14121,6 +14143,6 @@ "spoofable": 0, "cti": true, "service": "joplin", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.304674" } } \ No newline at end of file