From 20f948404f056c18d2ee8e055047df922e496c02 Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 15 Oct 2025 15:56:01 +0200 Subject: [PATCH 1/5] Add vpatch-CVE-2025-27222 rule --- .../crowdsecurity/vpatch-CVE-2025-27222.yaml | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml new file mode 100644 index 00000000000..48f004e2f3a --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml @@ -0,0 +1,34 @@ +## autogenerated on 2025-10-15 13:55:58 +name: crowdsecurity/vpatch-CVE-2025-27222 +description: 'Detects path traversal in TRUfusion Enterprise via cobrandingImageName parameter in getCobrandingData endpoint.' +rules: + - and: + - zones: + - URI + transform: + - lowercase + match: + type: contains + value: /trufusionportal/getcobrandingdata + - zones: + - ARGS + variables: + - cobrandingimagename + transform: + - lowercase + - urldecode + match: + type: contains + value: '../' + +labels: + type: exploit + service: http + confidence: 3 + spoofable: 0 + behavior: 'http:exploit' + label: 'TRUfusion Enterprise - LFI' + classification: + - cve.CVE-2025-27222 + - attack.T1006 + - cwe.CWE-22 From e4176c62b95627346f8851d187150d3e46df5735 Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 15 Oct 2025 15:56:03 +0200 Subject: [PATCH 2/5] Add vpatch-CVE-2025-27222 test config --- .appsec-tests/vpatch-CVE-2025-27222/config.yaml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .appsec-tests/vpatch-CVE-2025-27222/config.yaml diff --git a/.appsec-tests/vpatch-CVE-2025-27222/config.yaml b/.appsec-tests/vpatch-CVE-2025-27222/config.yaml new file mode 100644 index 00000000000..24563495136 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2025-27222/config.yaml @@ -0,0 +1,5 @@ +## autogenerated on 2025-10-15 13:55:58 +appsec-rules: + - ./appsec-rules/crowdsecurity/base-config.yaml + - ./appsec-rules/crowdsecurity/vpatch-CVE-2025-27222.yaml +nuclei_template: CVE-2025-27222.yaml From 59cb72b080ea850f8546668ce45f6926cb0f5f6b Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 15 Oct 2025 15:56:05 +0200 Subject: [PATCH 3/5] Add CVE-2025-27222.yaml test --- .../vpatch-CVE-2025-27222/CVE-2025-27222.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .appsec-tests/vpatch-CVE-2025-27222/CVE-2025-27222.yaml diff --git a/.appsec-tests/vpatch-CVE-2025-27222/CVE-2025-27222.yaml b/.appsec-tests/vpatch-CVE-2025-27222/CVE-2025-27222.yaml new file mode 100644 index 00000000000..33d45d26931 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2025-27222/CVE-2025-27222.yaml @@ -0,0 +1,18 @@ +## autogenerated on 2025-10-15 13:55:58 +id: CVE-2025-27222 +info: + name: CVE-2025-27222 + author: crowdsec + severity: info + description: CVE-2025-27222 testing + tags: appsec-testing +http: + - raw: + - | + GET /trufusionPortal/getCobrandingData?cobrandingImageName=../../../../../../Windows/System32/drivers/etc/hosts HTTP/1.1 + Host: {{Hostname}} + cookie-reuse: true + matchers: + - type: status + status: + - 403 From 652b4099a1c4d460fcc7c524c3e42fff482ed47b Mon Sep 17 00:00:00 2001 From: crowdsec-automation <63358111+crowdsec-automation@users.noreply.github.com> Date: Wed, 15 Oct 2025 15:56:06 +0200 Subject: [PATCH 4/5] Add vpatch-CVE-2025-27222 rule to vpatch collection --- collections/crowdsecurity/appsec-virtual-patching.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml index 894d2d191ca..47c470ddd12 100644 --- a/collections/crowdsecurity/appsec-virtual-patching.yaml +++ b/collections/crowdsecurity/appsec-virtual-patching.yaml @@ -122,6 +122,7 @@ appsec-rules: - crowdsecurity/vpatch-CVE-2022-38627 - crowdsecurity/vpatch-CVE-2025-36604 - crowdsecurity/vpatch-CVE-2025-61882 +- crowdsecurity/vpatch-CVE-2025-27222 author: crowdsecurity contexts: - crowdsecurity/appsec_base From 0c5c21e10c22a6efc1e68a014d28cbce4e9eb157 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 15 Oct 2025 13:56:39 +0000 Subject: [PATCH 5/5] Update taxonomy --- taxonomy/scenarios.json | 1951 +++++++++++++++++++-------------------- 1 file changed, 970 insertions(+), 981 deletions(-) diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index 8ca14edc1ff..ebafb8028f4 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -9,7 +9,7 @@ "spoofable": 3, "cti": true, "service": "http", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T13:56:35.132817" }, "crowdsecurity/experimental-no-user-agent": { "name": "crowdsecurity/experimental-no-user-agent", @@ -26,7 +26,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-07-01T08:27:00" + "created_at": "2025-10-15T13:56:34.458080" }, "crowdsecurity/generic-freemarker-ssti": { "name": "crowdsecurity/generic-freemarker-ssti", @@ -43,7 +43,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-28T16:01:19" + "created_at": "2025-10-15T13:56:34.460889" }, "crowdsecurity/generic-wordpress-uploads-listing": { "name": "crowdsecurity/generic-wordpress-uploads-listing", @@ -60,7 +60,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-05T10:33:19" + "created_at": "2025-10-15T13:56:34.464103" }, "crowdsecurity/generic-wordpress-uploads-php": { "name": "crowdsecurity/generic-wordpress-uploads-php", @@ -77,7 +77,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-17T15:50:39" + "created_at": "2025-10-15T13:56:34.466929" }, "crowdsecurity/vpatch-CVE-2002-1131": { "name": "crowdsecurity/vpatch-CVE-2002-1131", @@ -93,7 +93,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-24T16:39:04", + "created_at": "2025-10-15T13:56:34.473386", "cves": [ "CVE-2002-1131" ], @@ -115,7 +115,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:16:13", + "created_at": "2025-10-15T13:56:34.476838", "cves": [ "CVE-2007-0885" ], @@ -138,7 +138,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.479632", "cves": [ "CVE-2017-9841" ], @@ -161,7 +161,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.483018", "cves": [ "CVE-2018-1000861" ], @@ -184,7 +184,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-08T09:24:18", + "created_at": "2025-10-15T13:56:34.486457", "cves": [ "CVE-2018-10562" ], @@ -206,7 +206,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-14T08:43:45", + "created_at": "2025-10-15T13:56:34.489765", "cves": [ "CVE-2018-1207" ], @@ -229,7 +229,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.493294", "cves": [ "CVE-2018-13379" ], @@ -252,7 +252,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.497105", "cves": [ "CVE-2018-20062" ] @@ -272,7 +272,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.500027", "cves": [ "CVE-2019-1003030" ], @@ -295,7 +295,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.503829", "cves": [ "CVE-2019-12989" ], @@ -318,7 +318,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.507271", "cves": [ "CVE-2019-18935" ], @@ -340,7 +340,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-07T10:50:31", + "created_at": "2025-10-15T13:56:34.510093", "cves": [ "CVE-2019-5418" ], @@ -363,7 +363,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.513589", "cves": [ "CVE-2020-11738" ], @@ -386,7 +386,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-22T11:09:51", + "created_at": "2025-10-15T13:56:34.517289", "cves": [ "CVE-2020-17496" ], @@ -408,7 +408,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-25T12:14:33", + "created_at": "2025-10-15T13:56:34.520610", "cves": [ "CVE-2020-25078" ], @@ -431,7 +431,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.523680", "cves": [ "CVE-2020-5902" ], @@ -453,7 +453,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.526953", "cves": [ "CVE-2020-9054" ], @@ -476,7 +476,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.530390", "cves": [ "CVE-2021-22941" ], @@ -499,7 +499,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.533752", "cves": [ "CVE-2021-26086" ] @@ -518,7 +518,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-25T06:54:32", + "created_at": "2025-10-15T13:56:34.537047", "cves": [ "CVE-2021-26294" ], @@ -541,7 +541,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.540231", "cves": [ "CVE-2021-3129" ], @@ -563,7 +563,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T16:14:54", + "created_at": "2025-10-15T13:56:34.543363", "cves": [ "CVE-2021-43798" ], @@ -585,7 +585,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.546610", "cves": [ "CVE-2021-44529" ], @@ -607,7 +607,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:04:11", + "created_at": "2025-10-15T13:56:34.550475", "cves": [ "CVE-2022-1388" ], @@ -630,7 +630,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-19T08:32:53", + "created_at": "2025-10-15T13:56:34.554191", "cves": [ "CVE-2022-22954" ] @@ -650,7 +650,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.556956", "cves": [ "CVE-2022-22965" ], @@ -672,7 +672,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-26T14:44:30", + "created_at": "2025-10-15T13:56:34.560208", "cves": [ "CVE-2022-25488" ], @@ -695,7 +695,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.564064", "cves": [ "CVE-2022-26134" ], @@ -718,7 +718,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.567232", "cves": [ "CVE-2022-27926" ], @@ -740,7 +740,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-08T06:52:22", + "created_at": "2025-10-15T13:56:34.570691", "cves": [ "CVE-2022-31499" ], @@ -763,7 +763,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.573439", "cves": [ "CVE-2022-35914" ], @@ -785,7 +785,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-01T14:30:05", + "created_at": "2025-10-15T13:56:34.576695", "cves": [ "CVE-2022-38627" ], @@ -808,7 +808,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.580117", "cves": [ "CVE-2022-41082" ], @@ -831,7 +831,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.583194", "cves": [ "CVE-2022-44877" ], @@ -854,7 +854,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.586386", "cves": [ "CVE-2022-46169" ], @@ -879,7 +879,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-24T16:35:30", + "created_at": "2025-10-15T13:56:34.589778", "cves": [ "CVE-2023-0297" ], @@ -902,7 +902,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.592763", "cves": [ "CVE-2023-0600" ], @@ -925,7 +925,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.597040", "cves": [ "CVE-2023-0900" ], @@ -948,7 +948,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-16T10:54:35", + "created_at": "2025-10-15T13:56:34.601033", "cves": [ "CVE-2023-1389" ], @@ -971,7 +971,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.604849", "cves": [ "CVE-2023-2009" ], @@ -994,7 +994,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.607868", "cves": [ "CVE-2023-20198" ], @@ -1017,7 +1017,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.611372", "cves": [ "CVE-2023-22515" ], @@ -1040,7 +1040,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-05T15:54:31", + "created_at": "2025-10-15T13:56:34.615106", "cves": [ "CVE-2023-22527" ] @@ -1059,7 +1059,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T07:35:54", + "created_at": "2025-10-15T13:56:34.618473", "cves": [ "CVE-2023-23063" ], @@ -1082,7 +1082,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.622128", "cves": [ "CVE-2023-23488" ], @@ -1105,7 +1105,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.625967", "cves": [ "CVE-2023-23489" ], @@ -1128,7 +1128,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.629201", "cves": [ "CVE-2023-23752" ], @@ -1152,7 +1152,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.632923", "cves": [ "CVE-2023-24489" ], @@ -1175,7 +1175,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-16T13:28:14", + "created_at": "2025-10-15T13:56:34.635957", "cves": [ "CVE-2023-28121" ], @@ -1198,7 +1198,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.641203", "cves": [ "CVE-2023-33617" ], @@ -1221,7 +1221,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.645400", "cves": [ "CVE-2023-34362" ], @@ -1244,7 +1244,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-09T14:28:50", + "created_at": "2025-10-15T13:56:34.648525", "cves": [ "CVE-2023-35078" ] @@ -1264,7 +1264,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-09T14:28:50", + "created_at": "2025-10-15T13:56:34.651732", "cves": [ "CVE-2023-35082" ] @@ -1284,7 +1284,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.655491", "cves": [ "CVE-2023-3519" ], @@ -1307,7 +1307,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.658361", "cves": [ "CVE-2023-38205" ], @@ -1330,7 +1330,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.661838", "cves": [ "CVE-2023-40044" ], @@ -1353,7 +1353,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.664552", "cves": [ "CVE-2023-42793" ], @@ -1375,7 +1375,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.667639", "cves": [ "CVE-2023-4634" ], @@ -1398,7 +1398,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-18T17:00:09", + "created_at": "2025-10-15T13:56:34.670619", "cves": [ "CVE-2023-46805", "CVE-2024-21887" @@ -1423,7 +1423,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-18T15:28:39", + "created_at": "2025-10-15T13:56:34.674677", "cves": [ "CVE-2023-47218" ], @@ -1447,7 +1447,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T13:56:34.678813", "cves": [ "CVE-2023-49070" ], @@ -1470,7 +1470,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T13:56:34.681972", "cves": [ "CVE-2023-50164" ], @@ -1492,7 +1492,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T09:15:18", + "created_at": "2025-10-15T13:56:34.685808", "cves": [ "CVE-2023-6000" ], @@ -1515,7 +1515,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.689225", "cves": [ "CVE-2023-6360" ], @@ -1538,7 +1538,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-08T09:42:56", + "created_at": "2025-10-15T13:56:34.692361", "cves": [ "CVE-2023-6553" ], @@ -1561,7 +1561,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.695765", "cves": [ "CVE-2023-6567" ], @@ -1584,7 +1584,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.699706", "cves": [ "CVE-2023-6623" ], @@ -1607,7 +1607,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T10:39:13", + "created_at": "2025-10-15T13:56:34.703297", "cves": [ "CVE-2023-7028" ] @@ -1627,7 +1627,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:34.706154", "cves": [ "CVE-2024-0012" ], @@ -1649,7 +1649,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-25T13:59:26", + "created_at": "2025-10-15T13:56:34.709001", "cves": [ "CVE-2024-0204" ], @@ -1672,7 +1672,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.712424", "cves": [ "CVE-2024-1061" ], @@ -1695,7 +1695,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T13:56:34.716190", "cves": [ "CVE-2024-1071" ], @@ -1718,7 +1718,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-26T08:21:36", + "created_at": "2025-10-15T13:56:34.719401", "cves": [ "CVE-2024-1212" ] @@ -1738,7 +1738,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-26T10:14:34", + "created_at": "2025-10-15T13:56:34.722878", "cves": [ "CVE-2024-22024" ], @@ -1761,7 +1761,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-26T17:01:15", + "created_at": "2025-10-15T13:56:34.726599", "cves": [ "CVE-2024-23897" ], @@ -1784,7 +1784,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-04-19T10:04:54", + "created_at": "2025-10-15T13:56:34.729789", "cves": [ "CVE-2024-27198" ], @@ -1806,7 +1806,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.733007", "cves": [ "CVE-2024-27292" ], @@ -1829,7 +1829,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-08-22T15:02:07", + "created_at": "2025-10-15T13:56:34.736449", "cves": [ "CVE-2024-27348" ], @@ -1851,7 +1851,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.739689", "cves": [ "CVE-2024-27564" ], @@ -1874,7 +1874,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T16:19:55", + "created_at": "2025-10-15T13:56:34.743227", "cves": [ "CVE-2024-27954" ], @@ -1897,7 +1897,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T16:19:55", + "created_at": "2025-10-15T13:56:34.746707", "cves": [ "CVE-2024-27956" ], @@ -1920,7 +1920,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-31T09:07:41", + "created_at": "2025-10-15T13:56:34.750405", "cves": [ "CVE-2024-28255" ], @@ -1943,7 +1943,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.753433", "cves": [ "CVE-2024-28987" ], @@ -1965,7 +1965,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T09:52:11", + "created_at": "2025-10-15T13:56:34.756814", "cves": [ "CVE-2024-29028" ], @@ -1988,7 +1988,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-08-22T15:02:07", + "created_at": "2025-10-15T13:56:34.760147", "cves": [ "CVE-2024-29824" ], @@ -2011,7 +2011,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-06-19T15:51:07", + "created_at": "2025-10-15T13:56:34.764920", "cves": [ "CVE-2024-29849" ] @@ -2031,7 +2031,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.768212", "cves": [ "CVE-2024-29973" ], @@ -2054,7 +2054,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-19T13:56:16", + "created_at": "2025-10-15T13:56:34.771303", "cves": [ "CVE-2024-32113" ], @@ -2077,7 +2077,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-19T13:56:16", + "created_at": "2025-10-15T13:56:34.775183", "cves": [ "CVE-2024-3272" ], @@ -2100,7 +2100,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-08T13:12:35", + "created_at": "2025-10-15T13:56:34.778899", "cves": [ "CVE-2024-3273" ] @@ -2119,7 +2119,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:41:10", + "created_at": "2025-10-15T13:56:34.783296", "cves": [ "CVE-2024-32870" ], @@ -2142,7 +2142,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T13:56:34.788633", "cves": [ "CVE-2024-34102" ], @@ -2165,7 +2165,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-08T14:49:23", + "created_at": "2025-10-15T13:56:34.791720", "cves": [ "CVE-2024-38816" ], @@ -2188,7 +2188,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T13:56:34.795331", "cves": [ "CVE-2024-38856" ], @@ -2211,7 +2211,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T16:30:59", + "created_at": "2025-10-15T13:56:34.798111", "cves": [ "CVE-2024-41713" ], @@ -2235,7 +2235,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-06-10T15:43:47", + "created_at": "2025-10-15T13:56:34.801014", "cves": [ "CVE-2024-4577" ], @@ -2259,7 +2259,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T10:41:01", + "created_at": "2025-10-15T13:56:34.804780", "cves": [ "CVE-2024-46506" ], @@ -2282,7 +2282,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T15:48:37", + "created_at": "2025-10-15T13:56:34.808189", "cves": [ "CVE-2024-51378" ], @@ -2305,7 +2305,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T15:49:31", + "created_at": "2025-10-15T13:56:34.811716", "cves": [ "CVE-2024-51567" ], @@ -2328,7 +2328,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-08T07:57:45", + "created_at": "2025-10-15T13:56:34.814470", "cves": [ "CVE-2024-51977" ], @@ -2351,7 +2351,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-21T08:54:14", + "created_at": "2025-10-15T13:56:34.817189", "cves": [ "CVE-2024-52301" ], @@ -2373,7 +2373,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T13:56:34.819968", "cves": [ "CVE-2024-57727" ], @@ -2396,7 +2396,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-03T13:11:18", + "created_at": "2025-10-15T13:56:34.823220", "cves": [ "CVE-2024-6205" ], @@ -2418,7 +2418,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T15:31:41", + "created_at": "2025-10-15T13:56:34.828855", "cves": [ "CVE-2024-7593" ], @@ -2442,7 +2442,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-23T13:35:04", + "created_at": "2025-10-15T13:56:34.832438", "cves": [ "CVE-2024-8190" ], @@ -2465,7 +2465,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-27T15:54:59", + "created_at": "2025-10-15T13:56:34.835485", "cves": [ "CVE-2024-8963" ], @@ -2488,7 +2488,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T15:48:37", + "created_at": "2025-10-15T13:56:34.839055", "cves": [ "CVE-2024-9465" ], @@ -2511,7 +2511,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:34.842943", "cves": [ "CVE-2024-9474" ], @@ -2533,7 +2533,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-02T13:17:39", + "created_at": "2025-10-15T13:56:34.846200", "cves": [ "CVE-2025-24893" ], @@ -2555,7 +2555,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-07-11T13:14:42", + "created_at": "2025-10-15T13:56:34.849733", "cves": [ "CVE-2025-25257" ], @@ -2563,6 +2563,28 @@ "CWE-89" ] }, + "crowdsecurity/vpatch-CVE-2025-27222": { + "name": "crowdsecurity/vpatch-CVE-2025-27222", + "description": "Detects path traversal in TRUfusion Enterprise via cobrandingImageName parameter in getCobrandingData endpoint.", + "label": "TRUfusion Enterprise - LFI", + "behaviors": [ + "http:exploit" + ], + "mitre_attacks": [ + "TA0005:T1006" + ], + "confidence": 3, + "spoofable": 0, + "cti": true, + "service": "http", + "created_at": "2025-10-15T13:56:34.853327", + "cves": [ + "CVE-2025-27222" + ], + "cwes": [ + "CWE-22" + ] + }, "crowdsecurity/vpatch-CVE-2025-28367": { "name": "crowdsecurity/vpatch-CVE-2025-28367", "description": "Detects directory traversal in mojoPortal BetterImageGallery API Controller (CVE-2025-28367)", @@ -2577,7 +2599,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:39:12", + "created_at": "2025-10-15T13:56:34.856991", "cves": [ "CVE-2025-28367" ], @@ -2599,7 +2621,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-05T09:14:12", + "created_at": "2025-10-15T13:56:34.860359", "cves": [ "CVE-2025-29306" ], @@ -2622,7 +2644,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-24T08:57:28", + "created_at": "2025-10-15T13:56:34.863161", "cves": [ "CVE-2025-29927" ], @@ -2644,7 +2666,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:41:54", + "created_at": "2025-10-15T13:56:34.866953", "cves": [ "CVE-2025-31161" ], @@ -2667,7 +2689,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T11:00:23", + "created_at": "2025-10-15T13:56:34.870747", "cves": [ "CVE-2025-31324" ], @@ -2689,7 +2711,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:38:09", + "created_at": "2025-10-15T13:56:34.874090", "cves": [ "CVE-2025-3248" ], @@ -2711,7 +2733,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T10:35:45", + "created_at": "2025-10-15T13:56:34.877847", "cves": [ "CVE-2025-3605" ], @@ -2733,7 +2755,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-10T14:42:39", + "created_at": "2025-10-15T13:56:34.881121", "cves": [ "CVE-2025-36604" ], @@ -2755,7 +2777,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:22:35", + "created_at": "2025-10-15T13:56:34.884979", "cves": [ "CVE-2025-47812" ], @@ -2777,7 +2799,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-09T16:18:55", + "created_at": "2025-10-15T13:56:34.889357", "cves": [ "CVE-2025-49113" ], @@ -2799,7 +2821,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:26:41", + "created_at": "2025-10-15T13:56:34.892745", "cves": [ "CVE-2025-49132" ], @@ -2821,7 +2843,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:32:38", + "created_at": "2025-10-15T13:56:34.895962", "cves": [ "CVE-2025-52488" ], @@ -2843,7 +2865,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-19T09:43:02", + "created_at": "2025-10-15T13:56:34.899900", "cves": [ "CVE-2025-57819" ], @@ -2865,7 +2887,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-10T08:14:38", + "created_at": "2025-10-15T13:56:34.903907", "cves": [ "CVE-2025-61882" ], @@ -2888,7 +2910,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-21T15:28:33", + "created_at": "2025-10-15T13:56:34.906837", "cves": [ "CVE-2024-1709" ] @@ -2908,7 +2930,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:34.909629" }, "crowdsecurity/vpatch-git-config": { "name": "crowdsecurity/vpatch-git-config", @@ -2924,7 +2946,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-18T15:28:39" + "created_at": "2025-10-15T13:56:34.912383" }, "crowdsecurity/vpatch-laravel-debug-mode": { "name": "crowdsecurity/vpatch-laravel-debug-mode", @@ -2941,7 +2963,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-22T12:24:34", + "created_at": "2025-10-15T13:56:34.915709", "cves": [ "CVE-2017-16894", "CVE-2021-41714", @@ -2963,7 +2985,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-02T14:29:31" + "created_at": "2025-10-15T13:56:34.918796" }, "Dominic-Wagner/vaultwarden-bf": { "name": "Dominic-Wagner/vaultwarden-bf", @@ -2979,7 +3001,7 @@ "spoofable": 0, "cti": true, "service": "vaultwarden", - "created_at": "2022-02-15T13:18:17" + "created_at": "2025-10-15T13:56:34.922718" }, "Dominic-Wagner/vaultwarden-bf_user-enum": { "name": "Dominic-Wagner/vaultwarden-bf_user-enum", @@ -2996,40 +3018,7 @@ "spoofable": 0, "cti": true, "service": "vaultwarden", - "created_at": "2022-02-15T13:18:17" - }, - "Jgigantino31/calibre-web-bf": { - "name": "Jgigantino31/calibre-web-bf", - "description": "Detect calibre-web bruteforce", - "label": "Calibre-Web Bruteforce", - "behaviors": [ - "http:bruteforce" - ], - "mitre_attacks": [ - "TA0006:T1110" - ], - "confidence": 3, - "spoofable": 0, - "cti": true, - "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" - }, - "Jgigantino31/calibre-web-bf_user-enum": { - "name": "Jgigantino31/calibre-web-bf_user-enum", - "description": "Detect calibre-web user enum bruteforce", - "label": "Calibre-Web User Enumeration", - "behaviors": [ - "http:bruteforce" - ], - "mitre_attacks": [ - "TA0043:T1589", - "TA0006:T1110" - ], - "confidence": 3, - "spoofable": 0, - "cti": true, - "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" + "created_at": "2025-10-15T13:56:34.924138" }, "Jgigantino31/calibre-web-bf": { "name": "Jgigantino31/calibre-web-bf", @@ -3045,7 +3034,7 @@ "spoofable": 0, "cti": true, "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" + "created_at": "2025-10-15T13:56:34.927862" }, "Jgigantino31/calibre-web-bf_user-enum": { "name": "Jgigantino31/calibre-web-bf_user-enum", @@ -3062,7 +3051,7 @@ "spoofable": 0, "cti": true, "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" + "created_at": "2025-10-15T13:56:34.929250" }, "Jgigantino31/ntfy-bf": { "name": "Jgigantino31/ntfy-bf", @@ -3078,7 +3067,7 @@ "spoofable": 0, "cti": true, "service": "ntfy", - "created_at": "2025-09-30T09:33:37" + "created_at": "2025-10-15T13:56:34.931769" }, "LePresidente/adguardhome-bf": { "name": "LePresidente/adguardhome-bf", @@ -3094,7 +3083,7 @@ "spoofable": 0, "cti": true, "service": "adguardhome", - "created_at": "2023-02-21T11:03:22" + "created_at": "2025-10-15T13:56:34.934329" }, "LePresidente/authelia-bf": { "name": "LePresidente/authelia-bf", @@ -3110,7 +3099,7 @@ "spoofable": 0, "cti": true, "service": "authelia", - "created_at": "2022-02-28T10:24:54" + "created_at": "2025-10-15T13:56:34.938050" }, "LePresidente/authelia-bf_user-enum": { "name": "LePresidente/authelia-bf_user-enum", @@ -3127,7 +3116,7 @@ "spoofable": 0, "cti": true, "service": "authelia", - "created_at": "2022-02-28T10:24:54" + "created_at": "2025-10-15T13:56:34.939484" }, "LePresidente/emby-bf": { "name": "LePresidente/emby-bf", @@ -3143,7 +3132,7 @@ "spoofable": 0, "cti": true, "service": "emby", - "created_at": "2022-02-28T10:11:12" + "created_at": "2025-10-15T13:56:34.942072" }, "LePresidente/gitea-bf": { "name": "LePresidente/gitea-bf", @@ -3159,7 +3148,7 @@ "spoofable": 0, "cti": true, "service": "gitea", - "created_at": "2022-03-30T09:47:59" + "created_at": "2025-10-15T13:56:34.945712" }, "LePresidente/gitea-bf_user-enum": { "name": "LePresidente/gitea-bf_user-enum", @@ -3176,7 +3165,7 @@ "spoofable": 0, "cti": true, "service": "gitea", - "created_at": "2022-03-30T09:47:59" + "created_at": "2025-10-15T13:56:34.947116" }, "LePresidente/grafana-bf": { "name": "LePresidente/grafana-bf", @@ -3192,7 +3181,7 @@ "spoofable": 0, "cti": true, "service": "grafana", - "created_at": "2023-03-16T09:39:52" + "created_at": "2025-10-15T13:56:34.949805" }, "LePresidente/harbor-bf": { "name": "LePresidente/harbor-bf", @@ -3208,7 +3197,7 @@ "spoofable": 0, "cti": true, "service": "harbor", - "created_at": "2023-05-16T15:35:43" + "created_at": "2025-10-15T13:56:34.953615" }, "LePresidente/harbor-bf_user-enum": { "name": "LePresidente/harbor-bf_user-enum", @@ -3225,7 +3214,7 @@ "spoofable": 0, "cti": true, "service": "harbor", - "created_at": "2023-05-16T15:35:43" + "created_at": "2025-10-15T13:56:34.955038" }, "LePresidente/jellyfin-bf": { "name": "LePresidente/jellyfin-bf", @@ -3241,7 +3230,7 @@ "spoofable": 0, "cti": true, "service": "jellyfin", - "created_at": "2023-02-13T11:18:24" + "created_at": "2025-10-15T13:56:34.958733" }, "LePresidente/jellyfin-bf_user-enum": { "name": "LePresidente/jellyfin-bf_user-enum", @@ -3258,7 +3247,7 @@ "spoofable": 0, "cti": true, "service": "jellyfin", - "created_at": "2023-02-13T11:18:24" + "created_at": "2025-10-15T13:56:34.960117" }, "LePresidente/jellyseerr-bf": { "name": "LePresidente/jellyseerr-bf", @@ -3274,7 +3263,7 @@ "spoofable": 0, "cti": true, "service": "jellyseerr", - "created_at": "2022-07-28T16:02:18" + "created_at": "2025-10-15T13:56:34.963789" }, "LePresidente/jellyseerr-bf_user-enum": { "name": "LePresidente/jellyseerr-bf_user-enum", @@ -3291,7 +3280,7 @@ "spoofable": 0, "cti": true, "service": "jellyseerr", - "created_at": "2022-07-28T16:02:18" + "created_at": "2025-10-15T13:56:34.965156" }, "LePresidente/ombi-bf": { "name": "LePresidente/ombi-bf", @@ -3307,7 +3296,7 @@ "spoofable": 0, "cti": true, "service": "ombi", - "created_at": "2022-02-28T10:16:46" + "created_at": "2025-10-15T13:56:34.967727" }, "LePresidente/overseerr-bf": { "name": "LePresidente/overseerr-bf", @@ -3323,7 +3312,7 @@ "spoofable": 0, "cti": true, "service": "overseerr", - "created_at": "2024-01-18T07:37:57" + "created_at": "2025-10-15T13:56:34.971368" }, "LePresidente/overseerr-bf_user-enum": { "name": "LePresidente/overseerr-bf_user-enum", @@ -3340,7 +3329,7 @@ "spoofable": 0, "cti": true, "service": "overseerr", - "created_at": "2024-01-18T07:37:57" + "created_at": "2025-10-15T13:56:34.972877" }, "LePresidente/redmine-bf": { "name": "LePresidente/redmine-bf", @@ -3356,7 +3345,7 @@ "spoofable": 0, "cti": true, "service": "redmine", - "created_at": "2023-03-13T12:00:45" + "created_at": "2025-10-15T13:56:34.976590" }, "LePresidente/redmine-bf_user-enum": { "name": "LePresidente/redmine-bf_user-enum", @@ -3373,7 +3362,7 @@ "spoofable": 0, "cti": true, "service": "redmine", - "created_at": "2023-03-13T12:00:45" + "created_at": "2025-10-15T13:56:34.977978" }, "lepresidente/ssh-bad-keyexchange-bf": { "name": "lepresidente/ssh-bad-keyexchange-bf", @@ -3389,7 +3378,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2023-06-14T14:32:14" + "created_at": "2025-10-15T13:56:34.980651" }, "LearningSpot/baserow-bf": { "name": "LearningSpot/baserow-bf", @@ -3405,7 +3394,7 @@ "spoofable": 0, "cti": true, "service": "baserow", - "created_at": "2025-05-01T11:27:22" + "created_at": "2025-10-15T13:56:34.983206" }, "LearningSpot/dockge-bf": { "name": "LearningSpot/dockge-bf", @@ -3421,7 +3410,7 @@ "spoofable": 0, "cti": true, "service": "dockge", - "created_at": "2025-03-20T08:55:10" + "created_at": "2025-10-15T13:56:34.986802" }, "LearningSpot/dockge_bf_user_enum": { "name": "LearningSpot/dockge_bf_user_enum", @@ -3438,7 +3427,7 @@ "spoofable": 0, "cti": true, "service": "dockge", - "created_at": "2025-03-20T08:55:10" + "created_at": "2025-10-15T13:56:34.988179" }, "LearningSpot/hestiacp-bf": { "name": "LearningSpot/hestiacp-bf", @@ -3454,7 +3443,7 @@ "spoofable": 0, "cti": true, "service": "hestiacp", - "created_at": "2025-05-01T10:24:27" + "created_at": "2025-10-15T13:56:34.991854" }, "LearningSpot/hestiacp-bf-user-enum": { "name": "LearningSpot/hestiacp-bf-user-enum", @@ -3471,7 +3460,7 @@ "spoofable": 0, "cti": true, "service": "hestiacp", - "created_at": "2025-05-01T10:24:27" + "created_at": "2025-10-15T13:56:34.993224" }, "LearningSpot/litellm-bf": { "name": "LearningSpot/litellm-bf", @@ -3487,7 +3476,7 @@ "spoofable": 0, "cti": true, "service": "litellm", - "created_at": "2025-05-01T11:03:17" + "created_at": "2025-10-15T13:56:34.995820" }, "MariuszKociubinski/bitwarden-bf": { "name": "MariuszKociubinski/bitwarden-bf", @@ -3503,7 +3492,7 @@ "spoofable": 0, "cti": true, "service": "bitwarden", - "created_at": "2023-05-10T11:39:42" + "created_at": "2025-10-15T13:56:34.999384" }, "MrShippeR/filebrowser-bf": { "name": "MrShippeR/filebrowser-bf", @@ -3519,7 +3508,7 @@ "spoofable": 0, "cti": true, "service": "filebrowser", - "created_at": "2025-05-01T10:29:44" + "created_at": "2025-10-15T13:56:35.001884" }, "PintjesB/technitium-bf": { "name": "PintjesB/technitium-bf", @@ -3535,7 +3524,7 @@ "spoofable": 0, "cti": true, "service": "technitium", - "created_at": "2025-10-02T10:22:05" + "created_at": "2025-10-15T13:56:35.004450" }, "a1ad/meshcentral-bf": { "name": "a1ad/meshcentral-bf", @@ -3551,7 +3540,7 @@ "spoofable": 0, "cti": true, "service": "meshcentral", - "created_at": "2023-02-13T13:22:34" + "created_at": "2025-10-15T13:56:35.008156" }, "a1ad/meshcentral-bf_user-enum": { "name": "a1ad/meshcentral-bf_user-enum", @@ -3568,7 +3557,7 @@ "spoofable": 0, "cti": true, "service": "meshcentral", - "created_at": "2023-02-13T13:22:34" + "created_at": "2025-10-15T13:56:35.009535" }, "a1ad/mikrotik-bf": { "name": "a1ad/mikrotik-bf", @@ -3584,7 +3573,7 @@ "spoofable": 0, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T13:56:35.013189" }, "a1ad/mikrotik-bf_user-enum": { "name": "a1ad/mikrotik-bf_user-enum", @@ -3601,7 +3590,7 @@ "spoofable": 0, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T13:56:35.014582" }, "a1ad/mikrotik-scan-multi_ports": { "name": "a1ad/mikrotik-scan-multi_ports", @@ -3619,7 +3608,7 @@ "spoofable": 2, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T13:56:35.017233" }, "aidalinfo/couchdb-slow-bf": { "name": "aidalinfo/couchdb-slow-bf", @@ -3633,7 +3622,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T13:56:35.020735" }, "aidalinfo/couchdb-bf": { "name": "aidalinfo/couchdb-bf", @@ -3647,7 +3636,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T13:56:35.022079" }, "aidalinfo/couchdb-crawl": { "name": "aidalinfo/couchdb-crawl", @@ -3663,7 +3652,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T13:56:35.024718" }, "aidalinfo/tcpudp-flood-traefik": { "name": "aidalinfo/tcpudp-flood-traefik", @@ -3677,7 +3666,7 @@ "spoofable": 0, "cti": true, "service": null, - "created_at": "2024-01-18T08:01:59" + "created_at": "2025-10-15T13:56:35.027138" }, "andreasbrett/baikal-bf": { "name": "andreasbrett/baikal-bf", @@ -3693,7 +3682,7 @@ "spoofable": 0, "cti": true, "service": "baikal", - "created_at": "2023-07-05T09:55:56" + "created_at": "2025-10-15T13:56:35.030815" }, "andreasbrett/baikal-bf_user-enum": { "name": "andreasbrett/baikal-bf_user-enum", @@ -3709,7 +3698,7 @@ "spoofable": 0, "cti": true, "service": "baikal", - "created_at": "2023-07-05T09:55:56" + "created_at": "2025-10-15T13:56:35.032163" }, "andreasbrett/paperless-ngx-bf": { "name": "andreasbrett/paperless-ngx-bf", @@ -3725,7 +3714,7 @@ "spoofable": 0, "cti": true, "service": "paperless-ngx", - "created_at": "2023-07-03T10:00:29" + "created_at": "2025-10-15T13:56:35.035918" }, "andreasbrett/paperless-ngx-bf_user-enum": { "name": "andreasbrett/paperless-ngx-bf_user-enum", @@ -3741,7 +3730,7 @@ "spoofable": 0, "cti": true, "service": "paperless-ngx", - "created_at": "2023-07-03T10:00:29" + "created_at": "2025-10-15T13:56:35.037295" }, "andreasbrett/webmin-bf": { "name": "andreasbrett/webmin-bf", @@ -3757,7 +3746,7 @@ "spoofable": 0, "cti": true, "service": "webmin", - "created_at": "2023-08-09T19:16:51" + "created_at": "2025-10-15T13:56:35.040928" }, "andreasbrett/webmin-bf_user-enum": { "name": "andreasbrett/webmin-bf_user-enum", @@ -3773,7 +3762,7 @@ "spoofable": 0, "cti": true, "service": "webmin", - "created_at": "2023-08-09T19:16:51" + "created_at": "2025-10-15T13:56:35.042324" }, "barnoux/crs-anomaly-score": { "name": "barnoux/crs-anomaly-score", @@ -3790,7 +3779,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-03T21:29:58" + "created_at": "2025-10-15T13:56:35.045016" }, "baudneo/gotify-bf": { "name": "baudneo/gotify-bf", @@ -3806,7 +3795,7 @@ "spoofable": 0, "cti": true, "service": "gotify", - "created_at": "2022-03-04T14:05:06" + "created_at": "2025-10-15T13:56:35.047635" }, "baudneo/zoneminder-bf": { "name": "baudneo/zoneminder-bf", @@ -3823,7 +3812,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-03-04T14:05:06" + "created_at": "2025-10-15T13:56:35.052793" }, "baudneo/zoneminder_cve-2022-39285": { "name": "baudneo/zoneminder_cve-2022-39285", @@ -3840,7 +3829,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T13:56:35.055620", "cves": [ "CVE-2022-39285" ] @@ -3860,7 +3849,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T13:56:35.058271", "cves": [ "CVE-2022-39290" ] @@ -3880,7 +3869,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T13:56:35.061314", "cves": [ "CVE-2022-39291" ] @@ -3899,7 +3888,7 @@ "spoofable": 0, "cti": true, "service": "opensearch", - "created_at": "2025-03-19T18:14:43" + "created_at": "2025-10-15T13:56:35.063883" }, "corvese/apache-guacamole_bf": { "name": "corvese/apache-guacamole_bf", @@ -3915,7 +3904,7 @@ "spoofable": 0, "cti": true, "service": "apache-guacamole", - "created_at": "2023-04-06T12:46:40" + "created_at": "2025-10-15T13:56:35.066389" }, "corvese/apache-guacamole_user_enum": { "name": "corvese/apache-guacamole_user_enum", @@ -3932,7 +3921,7 @@ "spoofable": 0, "cti": true, "service": "apache-guacamole", - "created_at": "2023-04-06T12:46:40" + "created_at": "2025-10-15T13:56:35.068985" }, "crowdsecurity/CVE-2017-9841": { "name": "crowdsecurity/CVE-2017-9841", @@ -3949,7 +3938,7 @@ "spoofable": 0, "cti": true, "service": "PHP", - "created_at": "2024-02-26T09:45:44", + "created_at": "2025-10-15T13:56:35.071603", "cves": [ "CVE-2017-9841" ] @@ -3969,7 +3958,7 @@ "spoofable": 0, "cti": true, "service": "telerik", - "created_at": "2023-04-05T13:50:46", + "created_at": "2025-10-15T13:56:35.074197", "cves": [ "CVE-2019-18935" ] @@ -3988,7 +3977,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2022-01-27T12:50:03", + "created_at": "2025-10-15T13:56:35.076772", "cves": [ "CVE-2021-4034" ] @@ -4008,7 +3997,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2022-10-17T15:36:43", + "created_at": "2025-10-15T13:56:35.079373", "cves": [ "CVE-2022-26134" ] @@ -4028,7 +4017,7 @@ "spoofable": 0, "cti": true, "service": "glpi", - "created_at": "2022-10-07T12:19:09", + "created_at": "2025-10-15T13:56:35.081891", "cves": [ "CVE-2022-35914" ] @@ -4048,7 +4037,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2022-08-18T09:37:38", + "created_at": "2025-10-15T13:56:35.084534", "cves": [ "CVE-2022-37042" ] @@ -4067,7 +4056,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2022-10-14T11:48:41", + "created_at": "2025-10-15T13:56:35.087068", "cves": [ "CVE-2022-40684" ] @@ -4087,7 +4076,7 @@ "spoofable": 0, "cti": true, "service": "exchange", - "created_at": "2022-10-01T12:22:22", + "created_at": "2025-10-15T13:56:35.089652", "cves": [ "CVE-2022-41082" ] @@ -4106,7 +4095,7 @@ "spoofable": 0, "cti": true, "service": "ghost", - "created_at": "2022-12-27T14:51:55", + "created_at": "2025-10-15T13:56:35.092254", "cves": [ "CVE-2022-41697" ] @@ -4126,7 +4115,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2022-10-24T10:03:41", + "created_at": "2025-10-15T13:56:35.094924", "cves": [ "CVE-2022-42889" ] @@ -4146,7 +4135,7 @@ "spoofable": 0, "cti": true, "service": "centos", - "created_at": "2023-01-20T14:00:02", + "created_at": "2025-10-15T13:56:35.097517", "cves": [ "CVE-2022-44877" ] @@ -4165,7 +4154,7 @@ "spoofable": 0, "cti": true, "service": "cacti", - "created_at": "2023-01-18T11:13:11", + "created_at": "2025-10-15T13:56:35.101266", "cves": [ "CVE-2022-46169" ] @@ -4185,7 +4174,7 @@ "spoofable": 0, "cti": true, "service": "cacti", - "created_at": "2023-01-18T11:13:11", + "created_at": "2025-10-15T13:56:35.102671", "cves": [ "CVE-2022-46169" ] @@ -4205,7 +4194,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2023-10-06T14:39:30", + "created_at": "2025-10-15T13:56:35.105249", "cves": [ "CVE-2023-22515" ] @@ -4225,7 +4214,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2023-11-06T09:42:38", + "created_at": "2025-10-15T13:56:35.107805", "cves": [ "CVE-2023-22518" ] @@ -4244,7 +4233,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2023-03-31T12:33:19", + "created_at": "2025-10-15T13:56:35.110875", "cves": [ "CVE-2023-23397" ] @@ -4264,7 +4253,7 @@ "spoofable": 1, "cti": true, "service": "owncloud", - "created_at": "2023-11-28T12:43:10", + "created_at": "2025-10-15T13:56:35.113498", "cves": [ "CVE-2023-49103" ] @@ -4283,7 +4272,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-10-05T11:14:30" + "created_at": "2025-10-15T13:56:35.116019" }, "crowdsecurity/CVE-2024-0012": { "name": "crowdsecurity/CVE-2024-0012", @@ -4300,7 +4289,7 @@ "spoofable": 0, "cti": true, "service": "panos", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:35.118764", "cves": [ "CVE-2024-0012" ] @@ -4320,7 +4309,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2024-08-22T13:15:02", + "created_at": "2025-10-15T13:56:35.121551", "cves": [ "CVE-2024-38475" ] @@ -4340,7 +4329,7 @@ "spoofable": 0, "cti": true, "service": "panos", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T13:56:35.124319", "cves": [ "CVE-2024-9474" ] @@ -4358,7 +4347,7 @@ "spoofable": 0, "cti": true, "service": "amavis", - "created_at": "2024-03-26T08:37:46" + "created_at": "2025-10-15T13:56:35.127007" }, "crowdsecurity/apache_log4j2_cve-2021-44228": { "name": "crowdsecurity/apache_log4j2_cve-2021-44228", @@ -4375,7 +4364,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-12-10T16:32:21", + "created_at": "2025-10-15T13:56:35.130214", "cves": [ "CVE-2021-44228" ] @@ -4394,7 +4383,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-28T09:34:04" + "created_at": "2025-10-15T13:56:35.135516" }, "crowdsecurity/appsec-vpatch": { "name": "crowdsecurity/appsec-vpatch", @@ -4410,7 +4399,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:35.138247" }, "crowdsecurity/asterisk_bf": { "name": "crowdsecurity/asterisk_bf", @@ -4426,7 +4415,7 @@ "spoofable": 0, "cti": true, "service": "asterisk", - "created_at": "2021-12-22T14:08:32" + "created_at": "2025-10-15T13:56:35.140788" }, "crowdsecurity/asterisk_user_enum": { "name": "crowdsecurity/asterisk_user_enum", @@ -4444,7 +4433,7 @@ "spoofable": 0, "cti": true, "service": "asterisk", - "created_at": "2021-12-22T14:08:32" + "created_at": "2025-10-15T13:56:35.143471" }, "crowdsecurity/auditd-base64-exec-behavior": { "name": "crowdsecurity/auditd-base64-exec-behavior", @@ -4460,7 +4449,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.146404" }, "crowdsecurity/auditd-postexploit-exec-from-net": { "name": "crowdsecurity/auditd-postexploit-exec-from-net", @@ -4476,7 +4465,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.149419" }, "crowdsecurity/auditd-postexploit-pkill": { "name": "crowdsecurity/auditd-postexploit-pkill", @@ -4492,7 +4481,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.152221" }, "crowdsecurity/auditd-postexploit-rm": { "name": "crowdsecurity/auditd-postexploit-rm", @@ -4508,7 +4497,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.155050" }, "crowdsecurity/auditd-suid-crash": { "name": "crowdsecurity/auditd-suid-crash", @@ -4524,7 +4513,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-10-04T16:28:36" + "created_at": "2025-10-15T13:56:35.158336" }, "crowdsecurity/auditd-sus-exec": { "name": "crowdsecurity/auditd-sus-exec", @@ -4540,7 +4529,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.160949" }, "crowdsecurity/aws-cloudtrail-bf-console-login": { "name": "crowdsecurity/aws-cloudtrail-bf-console-login", @@ -4556,7 +4545,7 @@ "spoofable": 0, "cti": true, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.163865" }, "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change": { "name": "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change", @@ -4572,7 +4561,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.166491" }, "crowdsecurity/aws-cis-benchmark-config-config-change": { "name": "crowdsecurity/aws-cis-benchmark-config-config-change", @@ -4588,7 +4577,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.169076" }, "crowdsecurity/aws-cis-benchmark-console-auth-fail": { "name": "crowdsecurity/aws-cis-benchmark-console-auth-fail", @@ -4604,7 +4593,7 @@ "spoofable": 0, "cti": true, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.171493" }, "crowdsecurity/aws-cis-benchmark-iam-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-iam-policy-change", @@ -4620,7 +4609,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.174196" }, "crowdsecurity/aws-cis-benchmark-kms-deletion": { "name": "crowdsecurity/aws-cis-benchmark-kms-deletion", @@ -4636,7 +4625,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.176676" }, "crowdsecurity/aws-cis-benchmark-login-no-mfa": { "name": "crowdsecurity/aws-cis-benchmark-login-no-mfa", @@ -4653,7 +4642,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.179179" }, "crowdsecurity/aws-cis-benchmark-nacl-change": { "name": "crowdsecurity/aws-cis-benchmark-nacl-change", @@ -4669,7 +4658,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.181691" }, "crowdsecurity/aws-cis-benchmark-ngw-change": { "name": "crowdsecurity/aws-cis-benchmark-ngw-change", @@ -4685,7 +4674,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.184218" }, "crowdsecurity/aws-cis-benchmark-root-usage": { "name": "crowdsecurity/aws-cis-benchmark-root-usage", @@ -4702,7 +4691,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.186676" }, "crowdsecurity/aws-cis-benchmark-route-table-change": { "name": "crowdsecurity/aws-cis-benchmark-route-table-change", @@ -4718,7 +4707,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.189193" }, "crowdsecurity/aws-cis-benchmark-s3-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-s3-policy-change", @@ -4734,7 +4723,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.191823" }, "crowdsecurity/aws-cis-benchmark-security-group-change": { "name": "crowdsecurity/aws-cis-benchmark-security-group-change", @@ -4750,7 +4739,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.194329" }, "crowdsecurity/aws-cis-benchmark-unauthorized-call": { "name": "crowdsecurity/aws-cis-benchmark-unauthorized-call", @@ -4766,7 +4755,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.196778" }, "crowdsecurity/aws-cis-benchmark-vpc-change": { "name": "crowdsecurity/aws-cis-benchmark-vpc-change", @@ -4782,7 +4771,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.199377" }, "crowdsecurity/aws-cloudtrail-postexploit": { "name": "crowdsecurity/aws-cloudtrail-postexploit", @@ -4799,7 +4788,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.202787" }, "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login": { "name": "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login", @@ -4815,7 +4804,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.205749" }, "crowdsecurity/configserver-lfd-bf": { "name": "crowdsecurity/configserver-lfd-bf", @@ -4831,7 +4820,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2024-01-05T09:54:29" + "created_at": "2025-10-15T13:56:35.209307" }, "crowdsecurity/cpanel-bf-attempt": { "name": "crowdsecurity/cpanel-bf-attempt", @@ -4847,7 +4836,7 @@ "spoofable": 0, "cti": true, "service": "cpanel", - "created_at": "2022-08-29T15:04:15" + "created_at": "2025-10-15T13:56:35.211724" }, "crowdsecurity/cpanel-bf": { "name": "crowdsecurity/cpanel-bf", @@ -4863,7 +4852,7 @@ "spoofable": 0, "cti": true, "service": "cpanel", - "created_at": "2021-06-28T11:05:18" + "created_at": "2025-10-15T13:56:35.214224" }, "crowdsecurity/crowdsec-appsec-inband": { "name": "crowdsecurity/crowdsec-appsec-inband", @@ -4879,7 +4868,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:35.216898" }, "crowdsecurity/crowdsec-appsec-outofband": { "name": "crowdsecurity/crowdsec-appsec-outofband", @@ -4895,7 +4884,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T13:56:35.219815" }, "crowdsecurity/dovecot-spam": { "name": "crowdsecurity/dovecot-spam", @@ -4911,7 +4900,7 @@ "spoofable": 0, "cti": true, "service": "dovecot", - "created_at": "2021-02-17T10:15:15" + "created_at": "2025-10-15T13:56:35.222457" }, "crowdsecurity/endlessh-bf": { "name": "crowdsecurity/endlessh-bf", @@ -4927,7 +4916,7 @@ "spoofable": 0, "cti": true, "service": "endlessh", - "created_at": "2022-02-28T10:07:59" + "created_at": "2025-10-15T13:56:35.225127" }, "crowdsecurity/exchange-bf": { "name": "crowdsecurity/exchange-bf", @@ -4943,7 +4932,7 @@ "spoofable": 0, "cti": true, "service": "exchange", - "created_at": "2022-07-21T08:37:19" + "created_at": "2025-10-15T13:56:35.227683" }, "crowdsecurity/exim-bf": { "name": "crowdsecurity/exim-bf", @@ -4959,7 +4948,7 @@ "spoofable": 0, "cti": true, "service": "smtp", - "created_at": "2023-01-09T16:38:20" + "created_at": "2025-10-15T13:56:35.231325" }, "crowdsecurity/exim-user-bf": { "name": "crowdsecurity/exim-user-bf", @@ -4975,7 +4964,7 @@ "spoofable": 0, "cti": true, "service": "smtp", - "created_at": "2023-01-09T16:38:20" + "created_at": "2025-10-15T13:56:35.232690" }, "crowdsecurity/f5-big-ip-cve-2020-5902": { "name": "crowdsecurity/f5-big-ip-cve-2020-5902", @@ -4992,7 +4981,7 @@ "spoofable": 0, "cti": true, "service": "f5", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.236412", "cves": [ "CVE-2020-5902" ] @@ -5012,7 +5001,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.239095", "cves": [ "CVE-2018-13379" ] @@ -5031,7 +5020,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2024-10-23T14:07:50" + "created_at": "2025-10-15T13:56:35.241713" }, "crowdsecurity/freeswitch-acl-reject": { "name": "crowdsecurity/freeswitch-acl-reject", @@ -5047,7 +5036,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.244226" }, "crowdsecurity/freeswitch-bf": { "name": "crowdsecurity/freeswitch-bf", @@ -5063,7 +5052,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.247857" }, "crowdsecurity/freeswitch-slow-bf": { "name": "crowdsecurity/freeswitch-slow-bf", @@ -5079,7 +5068,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.249220" }, "crowdsecurity/freeswitch-user-enumeration": { "name": "crowdsecurity/freeswitch-user-enumeration", @@ -5095,7 +5084,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T13:56:35.254215" }, "crowdsecurity/grafana-cve-2021-43798": { "name": "crowdsecurity/grafana-cve-2021-43798", @@ -5112,7 +5101,7 @@ "spoofable": 0, "cti": true, "service": "grafana", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.256851", "cves": [ "CVE-2021-43798" ] @@ -5131,7 +5120,7 @@ "spoofable": 0, "cti": true, "service": "home-assistant", - "created_at": "2022-01-28T16:07:26" + "created_at": "2025-10-15T13:56:35.259394" }, "crowdsecurity/http-admin-interface-probing": { "name": "crowdsecurity/http-admin-interface-probing", @@ -5147,7 +5136,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-23T08:34:34" + "created_at": "2025-10-15T13:56:35.262761" }, "crowdsecurity/http-apiscp-bf": { "name": "crowdsecurity/http-apiscp-bf", @@ -5163,7 +5152,7 @@ "spoofable": 0, "cti": true, "service": "apisCP", - "created_at": "2022-07-28T15:22:51" + "created_at": "2025-10-15T13:56:35.265392" }, "crowdsecurity/http-backdoors-attempts": { "name": "crowdsecurity/http-backdoors-attempts", @@ -5179,7 +5168,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-02T11:09:12" + "created_at": "2025-10-15T13:56:35.268251" }, "crowdsecurity/http-bad-user-agent": { "name": "crowdsecurity/http-bad-user-agent", @@ -5195,7 +5184,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-24T18:06:23" + "created_at": "2025-10-15T13:56:35.271432" }, "crowdsecurity/http-bf-wordpress_bf": { "name": "crowdsecurity/http-bf-wordpress_bf", @@ -5211,7 +5200,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.274085" }, "crowdsecurity/http-bf-wordpress_bf_xmlrpc": { "name": "crowdsecurity/http-bf-wordpress_bf_xmlrpc", @@ -5227,7 +5216,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2021-10-04T16:24:05" + "created_at": "2025-10-15T13:56:35.276719" }, "crowdsecurity/http-crawl-non_statics": { "name": "crowdsecurity/http-crawl-non_statics", @@ -5243,7 +5232,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.279573" }, "crowdsecurity/http-cve-2021-41773": { "name": "crowdsecurity/http-cve-2021-41773", @@ -5260,7 +5249,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-10-11T16:09:41", + "created_at": "2025-10-15T13:56:35.282164", "cves": [ "CVE-2021-41773" ] @@ -5280,7 +5269,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-10-12T18:03:32", + "created_at": "2025-10-15T13:56:35.284780", "cves": [ "CVE-2021-42013" ] @@ -5299,7 +5288,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-10T12:21:25" + "created_at": "2025-10-15T13:56:35.287683" }, "crowdsecurity/http-dos-bypass-cache": { "name": "crowdsecurity/http-dos-bypass-cache", @@ -5315,7 +5304,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.290652" }, "crowdsecurity/http-dos-invalid-http-versions": { "name": "crowdsecurity/http-dos-invalid-http-versions", @@ -5331,7 +5320,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.293396" }, "crowdsecurity/http-dos-random-uri": { "name": "crowdsecurity/http-dos-random-uri", @@ -5347,7 +5336,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.296138" }, "crowdsecurity/http-dos-swithcing-ua": { "name": "crowdsecurity/http-dos-swithcing-ua", @@ -5363,7 +5352,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T13:56:35.298868" }, "crowdsecurity/http-generic-bf": { "name": "crowdsecurity/http-generic-bf", @@ -5379,7 +5368,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T13:56:35.303698" }, "LePresidente/http-generic-401-bf": { "name": "LePresidente/http-generic-401-bf", @@ -5395,7 +5384,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T13:56:35.305075" }, "LePresidente/http-generic-403-bf": { "name": "LePresidente/http-generic-403-bf", @@ -5411,7 +5400,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T13:56:35.306499" }, "crowdsecurity/http-generic-test": { "name": "crowdsecurity/http-generic-test", @@ -5423,7 +5412,7 @@ "spoofable": 3, "cti": true, "service": "http", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T13:56:35.308928" }, "crowdsecurity/http-magento-bf": { "name": "crowdsecurity/http-magento-bf", @@ -5439,7 +5428,7 @@ "spoofable": 0, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.311629" }, "crowdsecurity/http-magento-ccs-by-as": { "name": "crowdsecurity/http-magento-ccs-by-as", @@ -5455,7 +5444,7 @@ "spoofable": 3, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.314320" }, "crowdsecurity/http-magento-ccs-by-country": { "name": "crowdsecurity/http-magento-ccs-by-country", @@ -5471,7 +5460,7 @@ "spoofable": 3, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.317003" }, "crowdsecurity/http-magento-ccs": { "name": "crowdsecurity/http-magento-ccs", @@ -5487,7 +5476,7 @@ "spoofable": 0, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T13:56:35.319589" }, "crowdsecurity/http-open-proxy": { "name": "crowdsecurity/http-open-proxy", @@ -5503,7 +5492,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-09-30T09:21:12" + "created_at": "2025-10-15T13:56:35.322244" }, "crowdsecurity/http-path-traversal-probing": { "name": "crowdsecurity/http-path-traversal-probing", @@ -5519,7 +5508,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-01T13:41:04" + "created_at": "2025-10-15T13:56:35.325319" }, "crowdsecurity/http-probing": { "name": "crowdsecurity/http-probing", @@ -5535,7 +5524,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-21T13:21:12" + "created_at": "2025-10-15T13:56:35.328048" }, "crowdsecurity/http-sap-interface-probing": { "name": "crowdsecurity/http-sap-interface-probing", @@ -5551,7 +5540,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-06T11:41:26" + "created_at": "2025-10-15T13:56:35.331032" }, "crowdsecurity/http-sensitive-files": { "name": "crowdsecurity/http-sensitive-files", @@ -5567,7 +5556,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-01T14:48:05" + "created_at": "2025-10-15T13:56:35.334068" }, "crowdsecurity/http-sqli-probbing-detection": { "name": "crowdsecurity/http-sqli-probbing-detection", @@ -5583,7 +5572,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-29T10:32:32" + "created_at": "2025-10-15T13:56:35.337141" }, "crowdsecurity/http-wordpress-scan": { "name": "crowdsecurity/http-wordpress-scan", @@ -5599,7 +5588,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2024-04-22T07:58:44" + "created_at": "2025-10-15T13:56:35.339833" }, "crowdsecurity/http-wordpress_user-enum": { "name": "crowdsecurity/http-wordpress_user-enum", @@ -5617,7 +5606,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2022-02-16T10:27:10" + "created_at": "2025-10-15T13:56:35.342619" }, "crowdsecurity/http-wordpress_wpconfig": { "name": "crowdsecurity/http-wordpress_wpconfig", @@ -5633,7 +5622,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2021-06-10T08:33:07" + "created_at": "2025-10-15T13:56:35.345264" }, "crowdsecurity/http-xss-probbing": { "name": "crowdsecurity/http-xss-probbing", @@ -5649,7 +5638,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-18T08:23:27" + "created_at": "2025-10-15T13:56:35.348356" }, "crowdsecurity/impossible-travel-user": { "name": "crowdsecurity/impossible-travel-user", @@ -5663,7 +5652,7 @@ "spoofable": 0, "cti": true, "service": "authentication", - "created_at": "2023-12-12T09:27:38" + "created_at": "2025-10-15T13:56:35.351237" }, "crowdsecurity/impossible-travel": { "name": "crowdsecurity/impossible-travel", @@ -5677,7 +5666,7 @@ "spoofable": 0, "cti": true, "service": "authentication", - "created_at": "2023-12-12T09:27:38" + "created_at": "2025-10-15T13:56:35.353946" }, "crowdsecurity/iptables-scan-multi_ports": { "name": "crowdsecurity/iptables-scan-multi_ports", @@ -5695,7 +5684,7 @@ "spoofable": 3, "cti": true, "service": null, - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.356594" }, "crowdsecurity/jira_cve-2021-26086": { "name": "crowdsecurity/jira_cve-2021-26086", @@ -5712,7 +5701,7 @@ "spoofable": 0, "cti": true, "service": "jira", - "created_at": "2021-12-13T17:47:03", + "created_at": "2025-10-15T13:56:35.359496", "cves": [ "CVE-2021-26086" ] @@ -5731,7 +5720,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.361957" }, "crowdsecurity/k8s-audit-api-server-bruteforce": { "name": "crowdsecurity/k8s-audit-api-server-bruteforce", @@ -5747,7 +5736,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.364644" }, "crowdsecurity/k8s-audit-pod-exec": { "name": "crowdsecurity/k8s-audit-pod-exec", @@ -5763,7 +5752,7 @@ "spoofable": 0, "cti": false, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.367194" }, "crowdsecurity/k8s-audit-pod-host-network": { "name": "crowdsecurity/k8s-audit-pod-host-network", @@ -5779,7 +5768,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.369776" }, "crowdsecurity/k8s-audit-pod-host-path-volume": { "name": "crowdsecurity/k8s-audit-pod-host-path-volume", @@ -5795,7 +5784,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.372737" }, "crowdsecurity/k8s-audit-privileged-pod-creation": { "name": "crowdsecurity/k8s-audit-privileged-pod-creation", @@ -5811,7 +5800,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.375533" }, "crowdsecurity/k8s-audit-service-account-access-denied": { "name": "crowdsecurity/k8s-audit-service-account-access-denied", @@ -5828,7 +5817,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T13:56:35.378080" }, "crowdsecurity/kasm-bruteforce": { "name": "crowdsecurity/kasm-bruteforce", @@ -5844,7 +5833,7 @@ "spoofable": 0, "cti": true, "service": "kasm", - "created_at": "2023-02-07T13:48:59" + "created_at": "2025-10-15T13:56:35.380710" }, "crowdsecurity/litespeed-admin-bf": { "name": "crowdsecurity/litespeed-admin-bf", @@ -5860,7 +5849,7 @@ "spoofable": 0, "cti": true, "service": "litespeed", - "created_at": "2022-06-10T11:47:55" + "created_at": "2025-10-15T13:56:35.383331" }, "crowdsecurity/mariadb-bf": { "name": "crowdsecurity/mariadb-bf", @@ -5876,7 +5865,7 @@ "spoofable": 0, "cti": true, "service": "mariadb", - "created_at": "2021-12-10T10:32:28" + "created_at": "2025-10-15T13:56:35.385879" }, "crowdsecurity/modsecurity": { "name": "crowdsecurity/modsecurity", @@ -5893,7 +5882,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-14T08:47:54" + "created_at": "2025-10-15T13:56:35.388441" }, "crowdsecurity/mssql-bf": { "name": "crowdsecurity/mssql-bf", @@ -5909,7 +5898,7 @@ "spoofable": 0, "cti": true, "service": "mssql", - "created_at": "2022-01-28T16:50:20" + "created_at": "2025-10-15T13:56:35.390960" }, "crowdsecurity/mysql-bf": { "name": "crowdsecurity/mysql-bf", @@ -5925,7 +5914,7 @@ "spoofable": 0, "cti": true, "service": "mysql", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.393486" }, "crowdsecurity/naxsi-exploit-vpatch": { "name": "crowdsecurity/naxsi-exploit-vpatch", @@ -5942,7 +5931,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.395995" }, "crowdsecurity/netgear_rce": { "name": "crowdsecurity/netgear_rce", @@ -5959,7 +5948,7 @@ "spoofable": 0, "cti": true, "service": "netgear", - "created_at": "2023-06-14T14:40:29", + "created_at": "2025-10-15T13:56:35.398725", "cves": [ "CVE-2024-12847" ] @@ -5978,7 +5967,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T13:56:35.403675" }, "crowdsecurity/nextcloud-bf_user_enum": { "name": "crowdsecurity/nextcloud-bf_user_enum", @@ -5994,7 +5983,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T13:56:35.405034" }, "crowdsecurity/nextcloud-bf_domain_error": { "name": "crowdsecurity/nextcloud-bf_domain_error", @@ -6010,7 +5999,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T13:56:35.406723" }, "crowdsecurity/nginx-req-limit-exceeded": { "name": "crowdsecurity/nginx-req-limit-exceeded", @@ -6026,7 +6015,7 @@ "spoofable": 2, "cti": true, "service": "http", - "created_at": "2022-04-22T08:47:07" + "created_at": "2025-10-15T13:56:35.409342" }, "crowdsecurity/odoo-bf": { "name": "crowdsecurity/odoo-bf", @@ -6042,7 +6031,7 @@ "spoofable": 0, "cti": true, "service": "odoo", - "created_at": "2022-04-11T14:35:05" + "created_at": "2025-10-15T13:56:35.413003" }, "crowdsecurity/odoo_user-enum": { "name": "crowdsecurity/odoo_user-enum", @@ -6058,7 +6047,7 @@ "spoofable": 0, "cti": true, "service": "odoo", - "created_at": "2022-04-11T14:35:05" + "created_at": "2025-10-15T13:56:35.414532" }, "crowdsecurity/opnsense-gui-bf": { "name": "crowdsecurity/opnsense-gui-bf", @@ -6074,7 +6063,7 @@ "spoofable": 0, "cti": true, "service": "opnsense", - "created_at": "2022-01-21T15:38:17" + "created_at": "2025-10-15T13:56:35.417110" }, "crowdsecurity/pfsense-gui-bf": { "name": "crowdsecurity/pfsense-gui-bf", @@ -6090,7 +6079,7 @@ "spoofable": 0, "cti": true, "service": "pfsense", - "created_at": "2023-10-31T11:54:38" + "created_at": "2025-10-15T13:56:35.420463" }, "crowdsecurity/pgsql-bf": { "name": "crowdsecurity/pgsql-bf", @@ -6106,7 +6095,7 @@ "spoofable": 0, "cti": true, "service": "pgsql", - "created_at": "2021-05-25T14:14:18" + "created_at": "2025-10-15T13:56:35.422990" }, "crowdsecurity/pgsql-user-enum": { "name": "crowdsecurity/pgsql-user-enum", @@ -6123,7 +6112,7 @@ "spoofable": 0, "cti": true, "service": "pgsql", - "created_at": "2023-03-21T15:05:50" + "created_at": "2025-10-15T13:56:35.425624" }, "crowdsecurity/postfix-helo-rejected": { "name": "crowdsecurity/postfix-helo-rejected", @@ -6140,7 +6129,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-09-02T09:43:16" + "created_at": "2025-10-15T13:56:35.428392" }, "crowdsecurity/postfix-non-smtp-command": { "name": "crowdsecurity/postfix-non-smtp-command", @@ -6154,7 +6143,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-10-31T13:38:47" + "created_at": "2025-10-15T13:56:35.430779" }, "crowdsecurity/postfix-relay-denied": { "name": "crowdsecurity/postfix-relay-denied", @@ -6171,7 +6160,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-09-02T09:43:16" + "created_at": "2025-10-15T13:56:35.433538" }, "crowdsecurity/proftpd-bf": { "name": "crowdsecurity/proftpd-bf", @@ -6187,7 +6176,7 @@ "spoofable": 0, "cti": true, "service": "proftpd", - "created_at": "2021-12-15T11:30:11" + "created_at": "2025-10-15T13:56:35.438203" }, "crowdsecurity/proftpd-bf_user-enum": { "name": "crowdsecurity/proftpd-bf_user-enum", @@ -6204,7 +6193,7 @@ "spoofable": 0, "cti": true, "service": "proftpd", - "created_at": "2021-12-15T11:30:11" + "created_at": "2025-10-15T13:56:35.440807" }, "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510": { "name": "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510", @@ -6220,7 +6209,7 @@ "spoofable": 0, "cti": true, "service": "pulse-secure", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.443443", "cves": [ "CVE-2019-11510" ] @@ -6239,7 +6228,7 @@ "spoofable": 0, "cti": true, "service": "sabnzbd", - "created_at": "2024-07-22T11:40:20" + "created_at": "2025-10-15T13:56:35.447072" }, "crowdsecurity/sabnzbd-slow-bf": { "name": "crowdsecurity/sabnzbd-slow-bf", @@ -6255,7 +6244,7 @@ "spoofable": 0, "cti": true, "service": "sabnzbd", - "created_at": "2024-07-22T11:40:20" + "created_at": "2025-10-15T13:56:35.448444" }, "crowdsecurity/smb-bf": { "name": "crowdsecurity/smb-bf", @@ -6271,7 +6260,7 @@ "spoofable": 0, "cti": true, "service": "smb", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.450912" }, "crowdsecurity/spring4shell_cve-2022-22965": { "name": "crowdsecurity/spring4shell_cve-2022-22965", @@ -6287,7 +6276,7 @@ "spoofable": 0, "cti": true, "service": "spring", - "created_at": "2022-04-09T11:23:37", + "created_at": "2025-10-15T13:56:35.453431", "cves": [ "CVE-2022-22965" ] @@ -6306,7 +6295,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.457864" }, "crowdsecurity/ssh-bf_user-enum": { "name": "crowdsecurity/ssh-bf_user-enum", @@ -6322,7 +6311,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.459340" }, "crowdsecurity/ssh-cve-2024-6387": { "name": "crowdsecurity/ssh-cve-2024-6387", @@ -6338,7 +6327,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2024-07-01T11:57:38", + "created_at": "2025-10-15T13:56:35.462017", "cves": [ "CVE-2024-6387" ] @@ -6357,7 +6346,7 @@ "spoofable": 3, "cti": true, "service": "ssh", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T13:56:35.464543" }, "crowdsecurity/ssh-refused-conn": { "name": "crowdsecurity/ssh-refused-conn", @@ -6373,7 +6362,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2025-05-14T09:30:59" + "created_at": "2025-10-15T13:56:35.467030" }, "crowdsecurity/ssh-slow-bf": { "name": "crowdsecurity/ssh-slow-bf", @@ -6389,7 +6378,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2021-09-27T15:17:49" + "created_at": "2025-10-15T13:56:35.470823" }, "crowdsecurity/ssh-slow-bf_user-enum": { "name": "crowdsecurity/ssh-slow-bf_user-enum", @@ -6405,7 +6394,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2021-09-27T15:17:49" + "created_at": "2025-10-15T13:56:35.472176" }, "crowdsecurity/stirling-pdf-bf": { "name": "crowdsecurity/stirling-pdf-bf", @@ -6421,7 +6410,7 @@ "spoofable": 0, "cti": true, "service": "stirling-pdf", - "created_at": "2024-10-23T13:40:37" + "created_at": "2025-10-15T13:56:35.474772" }, "crowdsecurity/suricata-major-severity": { "name": "crowdsecurity/suricata-major-severity", @@ -6438,7 +6427,7 @@ "spoofable": 3, "cti": true, "service": "suricata", - "created_at": "2022-07-13T07:05:09" + "created_at": "2025-10-15T13:56:35.478593" }, "crowdsecurity/suricata-high-medium-severity": { "name": "crowdsecurity/suricata-high-medium-severity", @@ -6455,7 +6444,7 @@ "spoofable": 3, "cti": true, "service": "suricata", - "created_at": "2022-07-13T07:05:09" + "created_at": "2025-10-15T13:56:35.479972" }, "crowdsecurity/synology-dsm-bf": { "name": "crowdsecurity/synology-dsm-bf", @@ -6471,7 +6460,7 @@ "spoofable": 0, "cti": true, "service": "synology_dsm", - "created_at": "2022-02-15T15:53:08" + "created_at": "2025-10-15T13:56:35.482543" }, "crowdsecurity/teamspeak3-bf": { "name": "crowdsecurity/teamspeak3-bf", @@ -6487,7 +6476,7 @@ "spoofable": 0, "cti": true, "service": "teamspeak3", - "created_at": "2022-12-29T15:22:40" + "created_at": "2025-10-15T13:56:35.485061" }, "crowdsecurity/teleport-bf": { "name": "crowdsecurity/teleport-bf", @@ -6501,7 +6490,7 @@ "spoofable": 0, "cti": true, "service": "teleport", - "created_at": "2024-01-29T13:40:10" + "created_at": "2025-10-15T13:56:35.488715" }, "crowdsecurity/teleport-slow-bf": { "name": "crowdsecurity/teleport-slow-bf", @@ -6515,7 +6504,7 @@ "spoofable": 0, "cti": true, "service": "teleport", - "created_at": "2024-01-29T13:40:10" + "created_at": "2025-10-15T13:56:35.490085" }, "crowdsecurity/telnet-bf": { "name": "crowdsecurity/telnet-bf", @@ -6531,7 +6520,7 @@ "spoofable": 0, "cti": true, "service": "telnet", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T13:56:35.492590" }, "crowdsecurity/thehive-bf": { "name": "crowdsecurity/thehive-bf", @@ -6547,7 +6536,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2022-10-21T12:27:41" + "created_at": "2025-10-15T13:56:35.495178" }, "crowdsecurity/thinkphp-cve-2018-20062": { "name": "crowdsecurity/thinkphp-cve-2018-20062", @@ -6564,7 +6553,7 @@ "spoofable": 0, "cti": true, "service": "thinkphp", - "created_at": "2021-12-10T15:59:24", + "created_at": "2025-10-15T13:56:35.498310", "cves": [ "CVE-2018-20062" ] @@ -6584,7 +6573,7 @@ "spoofable": 0, "cti": true, "service": "vmware", - "created_at": "2022-04-13T15:39:38", + "created_at": "2025-10-15T13:56:35.500960", "cves": [ "CVE-2022-22954" ] @@ -6604,7 +6593,7 @@ "spoofable": 0, "cti": true, "service": "vmware", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T13:56:35.503569", "cves": [ "CVE-2021-0027" ] @@ -6623,7 +6612,7 @@ "spoofable": 0, "cti": true, "service": "vsftpd", - "created_at": "2020-05-13T07:52:02" + "created_at": "2025-10-15T13:56:35.506055" }, "crowdsecurity/CVE-2022-30190-msdt": { "name": "crowdsecurity/CVE-2022-30190-msdt", @@ -6640,7 +6629,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2022-07-21T08:48:09", + "created_at": "2025-10-15T13:56:35.508787", "cves": [ "CVE-2022-30190" ] @@ -6659,7 +6648,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2022-01-25T09:07:17" + "created_at": "2025-10-15T13:56:35.511332" }, "crowdsecurity/wireguard-auth": { "name": "crowdsecurity/wireguard-auth", @@ -6675,7 +6664,7 @@ "spoofable": 0, "cti": true, "service": "wireguard", - "created_at": "2023-08-11T15:12:59" + "created_at": "2025-10-15T13:56:35.513847" }, "darkclip/charon-ipsec-bf": { "name": "darkclip/charon-ipsec-bf", @@ -6691,7 +6680,7 @@ "spoofable": 0, "cti": true, "service": "charon_ipsec", - "created_at": "2024-02-26T14:13:43" + "created_at": "2025-10-15T13:56:35.518838" }, "firewallservices/lemonldap-ng-bf": { "name": "firewallservices/lemonldap-ng-bf", @@ -6707,7 +6696,7 @@ "spoofable": 0, "cti": true, "service": "ldap", - "created_at": "2021-03-11T14:22:58" + "created_at": "2025-10-15T13:56:35.522605" }, "firewallservices/lemonldap-ng-user-enum": { "name": "firewallservices/lemonldap-ng-user-enum", @@ -6724,7 +6713,7 @@ "spoofable": 0, "cti": true, "service": "ldap", - "created_at": "2021-03-11T14:22:58" + "created_at": "2025-10-15T13:56:35.523973" }, "firewallservices/pf-scan-multi_ports": { "name": "firewallservices/pf-scan-multi_ports", @@ -6742,7 +6731,7 @@ "spoofable": 3, "cti": true, "service": "tcp", - "created_at": "2021-05-11T09:28:41" + "created_at": "2025-10-15T13:56:35.526673" }, "firewallservices/zimbra-bf": { "name": "firewallservices/zimbra-bf", @@ -6758,7 +6747,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2021-03-08T10:51:39" + "created_at": "2025-10-15T13:56:35.530376" }, "firewallservices/zimbra-user-enum": { "name": "firewallservices/zimbra-user-enum", @@ -6775,7 +6764,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2021-03-08T10:51:39" + "created_at": "2025-10-15T13:56:35.531733" }, "firix/authentik-bf": { "name": "firix/authentik-bf", @@ -6791,7 +6780,7 @@ "spoofable": 0, "cti": true, "service": "authentik", - "created_at": "2023-10-20T08:05:42" + "created_at": "2025-10-15T13:56:35.535424" }, "firix/authentik-bf_user-enum": { "name": "firix/authentik-bf_user-enum", @@ -6808,7 +6797,7 @@ "spoofable": 0, "cti": true, "service": "authentik", - "created_at": "2023-10-20T08:05:42" + "created_at": "2025-10-15T13:56:35.536802" }, "fulljackz/proxmox-bf": { "name": "fulljackz/proxmox-bf", @@ -6824,7 +6813,7 @@ "spoofable": 0, "cti": true, "service": "vm-management", - "created_at": "2022-01-19T14:51:02" + "created_at": "2025-10-15T13:56:35.540548" }, "fulljackz/proxmox-bf-user-enum": { "name": "fulljackz/proxmox-bf-user-enum", @@ -6841,7 +6830,7 @@ "spoofable": 0, "cti": true, "service": "vm-management", - "created_at": "2022-01-19T14:51:02" + "created_at": "2025-10-15T13:56:35.541927" }, "fulljackz/pureftpd-bf": { "name": "fulljackz/pureftpd-bf", @@ -6857,7 +6846,7 @@ "spoofable": 0, "cti": true, "service": "ftp", - "created_at": "2022-01-13T13:11:29" + "created_at": "2025-10-15T13:56:35.544694" }, "gauth-fr/immich-bf": { "name": "gauth-fr/immich-bf", @@ -6873,7 +6862,7 @@ "spoofable": 0, "cti": true, "service": "immich", - "created_at": "2023-08-04T08:06:05" + "created_at": "2025-10-15T13:56:35.548480" }, "gauth-fr/immich-bf_user-enum": { "name": "gauth-fr/immich-bf_user-enum", @@ -6889,7 +6878,7 @@ "spoofable": 0, "cti": true, "service": "immich", - "created_at": "2023-08-04T08:06:05" + "created_at": "2025-10-15T13:56:35.549880" }, "hitech95/email-generic-bf": { "name": "hitech95/email-generic-bf", @@ -6905,7 +6894,7 @@ "spoofable": 0, "cti": true, "service": "pop3/imap", - "created_at": "2022-04-20T13:31:56" + "created_at": "2025-10-15T13:56:35.553646" }, "hitech95/email-user-bf": { "name": "hitech95/email-user-bf", @@ -6922,7 +6911,7 @@ "spoofable": 0, "cti": true, "service": "pop3/imap", - "created_at": "2022-04-20T13:31:56" + "created_at": "2025-10-15T13:56:35.555014" }, "inherent-io/keycloak-bf": { "name": "inherent-io/keycloak-bf", @@ -6938,7 +6927,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.558834" }, "inherent-io/keycloak-user-enum-bf": { "name": "inherent-io/keycloak-user-enum-bf", @@ -6954,7 +6943,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.560199" }, "inherent-io/keycloak-slow-bf": { "name": "inherent-io/keycloak-slow-bf", @@ -6970,7 +6959,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.563970" }, "inherent-io/keycloak-user-enum-slow-bf": { "name": "inherent-io/keycloak-user-enum-slow-bf", @@ -6986,7 +6975,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T13:56:35.565343" }, "jbowdre/miniflux-bf": { "name": "jbowdre/miniflux-bf", @@ -7002,7 +6991,7 @@ "spoofable": 0, "cti": true, "service": "miniflux", - "created_at": "2024-01-16T10:54:20" + "created_at": "2025-10-15T13:56:35.568918" }, "jbowdre/miniflux-bf_user-enum": { "name": "jbowdre/miniflux-bf_user-enum", @@ -7018,7 +7007,7 @@ "spoofable": 0, "cti": true, "service": "miniflux", - "created_at": "2024-01-16T10:54:20" + "created_at": "2025-10-15T13:56:35.570301" }, "jusabatier/apereo-cas-bf": { "name": "jusabatier/apereo-cas-bf", @@ -7034,7 +7023,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.574126" }, "jusabatier/apereo-cas-bf_user-enum": { "name": "jusabatier/apereo-cas-bf_user-enum", @@ -7051,7 +7040,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.575525" }, "jusabatier/cas-slow-bf": { "name": "jusabatier/cas-slow-bf", @@ -7067,7 +7056,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.579365" }, "jusabatier/cas-slow-bf_user-enum": { "name": "jusabatier/cas-slow-bf_user-enum", @@ -7084,7 +7073,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.580743" }, "jusabatier/apereo-cas-slow-bf": { "name": "jusabatier/apereo-cas-slow-bf", @@ -7101,7 +7090,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.584621" }, "jusabatier/apereo-cas-slow-bf_user-enum": { "name": "jusabatier/apereo-cas-slow-bf_user-enum", @@ -7118,7 +7107,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T13:56:35.585997" }, "lourys/pterodactyl-wings-bf": { "name": "lourys/pterodactyl-wings-bf", @@ -7134,7 +7123,7 @@ "spoofable": 0, "cti": true, "service": "pterodactyl", - "created_at": "2022-07-28T12:39:51" + "created_at": "2025-10-15T13:56:35.593560" }, "ltsich/http-w00tw00t": { "name": "ltsich/http-w00tw00t", @@ -7150,7 +7139,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-02-02T13:15:35" + "created_at": "2025-10-15T13:56:35.596169" }, "mstilkerich/bind9-refused": { "name": "mstilkerich/bind9-refused", @@ -7166,7 +7155,7 @@ "spoofable": 0, "cti": true, "service": "domain", - "created_at": "2022-11-21T12:14:27" + "created_at": "2025-10-15T13:56:35.598745" }, "mwinters-stuff/mailu-admin-bf": { "name": "mwinters-stuff/mailu-admin-bf", @@ -7182,7 +7171,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-05T13:50:17" + "created_at": "2025-10-15T13:56:35.601195" }, "openappsec/openappsec-bot-protection": { "name": "openappsec/openappsec-bot-protection", @@ -7199,7 +7188,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.603778" }, "openappsec/openappsec-cross-site-redirect": { "name": "openappsec/openappsec-cross-site-redirect", @@ -7215,7 +7204,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.606400" }, "openappsec/openappsec-csrf": { "name": "openappsec/openappsec-csrf", @@ -7231,7 +7220,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.608942" }, "openappsec/openappsec-error-disclosure": { "name": "openappsec/openappsec-error-disclosure", @@ -7248,7 +7237,7 @@ "spoofable": 1, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.611530" }, "openappsec/openappsec-error-limit": { "name": "openappsec/openappsec-error-limit", @@ -7265,7 +7254,7 @@ "spoofable": 1, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.614102" }, "openappsec/openappsec-evasion-techniques": { "name": "openappsec/openappsec-evasion-techniques", @@ -7282,7 +7271,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.616729" }, "openappsec/openappsec-general": { "name": "openappsec/openappsec-general", @@ -7299,7 +7288,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.619318" }, "openappsec/openappsec-http-limit-violation": { "name": "openappsec/openappsec-http-limit-violation", @@ -7316,7 +7305,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.621900" }, "openappsec/openappsec-http-method-violation": { "name": "openappsec/openappsec-http-method-violation", @@ -7333,7 +7322,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.624509" }, "openappsec/openappsec-ldap-injection": { "name": "openappsec/openappsec-ldap-injection", @@ -7350,7 +7339,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.627131" }, "openappsec/openappsec-open-redirect": { "name": "openappsec/openappsec-open-redirect", @@ -7367,7 +7356,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.629847" }, "openappsec/openappsec-path-traversal": { "name": "openappsec/openappsec-path-traversal", @@ -7384,7 +7373,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.632612" }, "openappsec/openappsec-probing": { "name": "openappsec/openappsec-probing", @@ -7401,7 +7390,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.635352" }, "openappsec/openappsec-rce": { "name": "openappsec/openappsec-rce", @@ -7418,7 +7407,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.638111" }, "openappsec/openappsec-request-rate-limit": { "name": "openappsec/openappsec-request-rate-limit", @@ -7434,7 +7423,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.640770" }, "openappsec/openappsec-schema-validation": { "name": "openappsec/openappsec-schema-validation", @@ -7450,7 +7439,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.643371" }, "openappsec/openappsec-sql-injection": { "name": "openappsec/openappsec-sql-injection", @@ -7467,7 +7456,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.645986" }, "openappsec/openappsec-url-instead-of-file": { "name": "openappsec/openappsec-url-instead-of-file", @@ -7484,7 +7473,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.648675" }, "openappsec/openappsec-xss": { "name": "openappsec/openappsec-xss", @@ -7502,7 +7491,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.651336" }, "openappsec/openappsec-xxe": { "name": "openappsec/openappsec-xxe", @@ -7519,7 +7508,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T13:56:35.654006" }, "plague-doctor/audiobookshelf-bf": { "name": "plague-doctor/audiobookshelf-bf", @@ -7535,7 +7524,7 @@ "spoofable": 0, "cti": true, "service": "audiobookshelf", - "created_at": "2024-11-15T09:28:37" + "created_at": "2025-10-15T13:56:35.656630" }, "pserranoa/openvpn-bf": { "name": "pserranoa/openvpn-bf", @@ -7549,7 +7538,7 @@ "spoofable": 0, "cti": true, "service": "openvpn", - "created_at": "2024-12-17T09:50:08" + "created_at": "2025-10-15T13:56:35.659489" }, "schiz0phr3ne/prowlarr-bf": { "name": "schiz0phr3ne/prowlarr-bf", @@ -7565,7 +7554,7 @@ "spoofable": 0, "cti": true, "service": "prowlarr", - "created_at": "2022-10-28T12:44:47" + "created_at": "2025-10-15T13:56:35.663358" }, "schiz0phr3ne/prowlarr-bf_user-enum": { "name": "schiz0phr3ne/prowlarr-bf_user-enum", @@ -7582,7 +7571,7 @@ "spoofable": 0, "cti": true, "service": "prowlarr", - "created_at": "2022-10-28T12:44:47" + "created_at": "2025-10-15T13:56:35.664778" }, "schiz0phr3ne/radarr-bf": { "name": "schiz0phr3ne/radarr-bf", @@ -7598,7 +7587,7 @@ "spoofable": 0, "cti": true, "service": "radarr", - "created_at": "2022-10-28T12:43:07" + "created_at": "2025-10-15T13:56:35.668640" }, "schiz0phr3ne/radarr-bf_user-enum": { "name": "schiz0phr3ne/radarr-bf_user-enum", @@ -7615,7 +7604,7 @@ "spoofable": 0, "cti": true, "service": "radarr", - "created_at": "2022-10-28T12:43:07" + "created_at": "2025-10-15T13:56:35.670068" }, "schiz0phr3ne/sonarr-bf": { "name": "schiz0phr3ne/sonarr-bf", @@ -7631,7 +7620,7 @@ "spoofable": 0, "cti": true, "service": "sonarr", - "created_at": "2022-10-31T18:37:18" + "created_at": "2025-10-15T13:56:35.673896" }, "schiz0phr3ne/sonarr-bf_user-enum": { "name": "schiz0phr3ne/sonarr-bf_user-enum", @@ -7648,7 +7637,7 @@ "spoofable": 0, "cti": true, "service": "sonarr", - "created_at": "2022-10-31T18:37:18" + "created_at": "2025-10-15T13:56:35.675410" }, "sdwilsh/navidrome-bf": { "name": "sdwilsh/navidrome-bf", @@ -7664,7 +7653,7 @@ "spoofable": 0, "cti": true, "service": "navidrome", - "created_at": "2025-03-13T10:01:55" + "created_at": "2025-10-15T13:56:35.678077" }, "sigmahq/proc_creation_win_addinutil_suspicious_cmdline": { "name": "sigmahq/proc_creation_win_addinutil_suspicious_cmdline", @@ -7676,7 +7665,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.681142" }, "sigmahq/proc_creation_win_adplus_memory_dump": { "name": "sigmahq/proc_creation_win_adplus_memory_dump", @@ -7688,7 +7677,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.683994" }, "sigmahq/proc_creation_win_agentexecutor_susp_usage": { "name": "sigmahq/proc_creation_win_agentexecutor_susp_usage", @@ -7700,7 +7689,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.686824" }, "sigmahq/proc_creation_win_aspnet_compiler_susp_child_process": { "name": "sigmahq/proc_creation_win_aspnet_compiler_susp_child_process", @@ -7712,7 +7701,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.689631" }, "sigmahq/proc_creation_win_aspnet_compiler_susp_paths": { "name": "sigmahq/proc_creation_win_aspnet_compiler_susp_paths", @@ -7724,7 +7713,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.692433" }, "sigmahq/proc_creation_win_at_interactive_execution": { "name": "sigmahq/proc_creation_win_at_interactive_execution", @@ -7736,7 +7725,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.695060" }, "sigmahq/proc_creation_win_attrib_system_susp_paths": { "name": "sigmahq/proc_creation_win_attrib_system_susp_paths", @@ -7748,7 +7737,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.698050" }, "sigmahq/proc_creation_win_auditpol_nt_resource_kit_usage": { "name": "sigmahq/proc_creation_win_auditpol_nt_resource_kit_usage", @@ -7760,7 +7749,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.700855" }, "sigmahq/proc_creation_win_auditpol_susp_execution": { "name": "sigmahq/proc_creation_win_auditpol_susp_execution", @@ -7772,7 +7761,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.703603" }, "sigmahq/proc_creation_win_bcdedit_boot_conf_tamper": { "name": "sigmahq/proc_creation_win_bcdedit_boot_conf_tamper", @@ -7784,7 +7773,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.706339" }, "sigmahq/proc_creation_win_bginfo_suspicious_child_process": { "name": "sigmahq/proc_creation_win_bginfo_suspicious_child_process", @@ -7796,7 +7785,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.709434" }, "sigmahq/proc_creation_win_bitsadmin_download_direct_ip": { "name": "sigmahq/proc_creation_win_bitsadmin_download_direct_ip", @@ -7808,7 +7797,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.712540" }, "sigmahq/proc_creation_win_bitsadmin_download_susp_extensions": { "name": "sigmahq/proc_creation_win_bitsadmin_download_susp_extensions", @@ -7820,7 +7809,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.716003" }, "sigmahq/proc_creation_win_bitsadmin_download_susp_targetfolder": { "name": "sigmahq/proc_creation_win_bitsadmin_download_susp_targetfolder", @@ -7832,7 +7821,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.719143" }, "sigmahq/proc_creation_win_browsers_chromium_headless_debugging": { "name": "sigmahq/proc_creation_win_browsers_chromium_headless_debugging", @@ -7844,7 +7833,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.721945" }, "sigmahq/proc_creation_win_browsers_chromium_headless_file_download": { "name": "sigmahq/proc_creation_win_browsers_chromium_headless_file_download", @@ -7856,7 +7845,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.724753" }, "sigmahq/proc_creation_win_browsers_chromium_mockbin_abuse": { "name": "sigmahq/proc_creation_win_browsers_chromium_mockbin_abuse", @@ -7868,7 +7857,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.727481" }, "sigmahq/proc_creation_win_browsers_chromium_susp_load_extension": { "name": "sigmahq/proc_creation_win_browsers_chromium_susp_load_extension", @@ -7880,7 +7869,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.730372" }, "sigmahq/proc_creation_win_browsers_tor_execution": { "name": "sigmahq/proc_creation_win_browsers_tor_execution", @@ -7892,7 +7881,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.732980" }, "sigmahq/proc_creation_win_calc_uncommon_exec": { "name": "sigmahq/proc_creation_win_calc_uncommon_exec", @@ -7904,7 +7893,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.735732" }, "sigmahq/proc_creation_win_certoc_download_direct_ip": { "name": "sigmahq/proc_creation_win_certoc_download_direct_ip", @@ -7916,7 +7905,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.738408" }, "sigmahq/proc_creation_win_certoc_load_dll_susp_locations": { "name": "sigmahq/proc_creation_win_certoc_load_dll_susp_locations", @@ -7928,7 +7917,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.741285" }, "sigmahq/proc_creation_win_certutil_download_direct_ip": { "name": "sigmahq/proc_creation_win_certutil_download_direct_ip", @@ -7940,7 +7929,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.744115" }, "sigmahq/proc_creation_win_certutil_ntlm_coercion": { "name": "sigmahq/proc_creation_win_certutil_ntlm_coercion", @@ -7952,7 +7941,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.746784" }, "sigmahq/proc_creation_win_citrix_trolleyexpress_procdump": { "name": "sigmahq/proc_creation_win_citrix_trolleyexpress_procdump", @@ -7964,7 +7953,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.749670" }, "sigmahq/proc_creation_win_cmd_assoc_tamper_exe_file_association": { "name": "sigmahq/proc_creation_win_cmd_assoc_tamper_exe_file_association", @@ -7976,7 +7965,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.752532" }, "sigmahq/proc_creation_win_cmd_copy_dmp_from_share": { "name": "sigmahq/proc_creation_win_cmd_copy_dmp_from_share", @@ -7988,7 +7977,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.755145" }, "sigmahq/proc_creation_win_cmd_curl_download_exec_combo": { "name": "sigmahq/proc_creation_win_cmd_curl_download_exec_combo", @@ -8000,7 +7989,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.758014" }, "sigmahq/proc_creation_win_cmd_mklink_osk_cmd": { "name": "sigmahq/proc_creation_win_cmd_mklink_osk_cmd", @@ -8012,7 +8001,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.760756" }, "sigmahq/proc_creation_win_cmd_mklink_shadow_copies_access_symlink": { "name": "sigmahq/proc_creation_win_cmd_mklink_shadow_copies_access_symlink", @@ -8024,7 +8013,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.763428" }, "sigmahq/proc_creation_win_cmd_net_use_and_exec_combo": { "name": "sigmahq/proc_creation_win_cmd_net_use_and_exec_combo", @@ -8036,7 +8025,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.766231" }, "sigmahq/proc_creation_win_cmd_no_space_execution": { "name": "sigmahq/proc_creation_win_cmd_no_space_execution", @@ -8048,7 +8037,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.769594" }, "sigmahq/proc_creation_win_cmd_ntdllpipe_redirect": { "name": "sigmahq/proc_creation_win_cmd_ntdllpipe_redirect", @@ -8060,7 +8049,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.772205" }, "sigmahq/proc_creation_win_cmd_path_traversal": { "name": "sigmahq/proc_creation_win_cmd_path_traversal", @@ -8072,7 +8061,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.775026" }, "sigmahq/proc_creation_win_cmd_ping_del_combined_execution": { "name": "sigmahq/proc_creation_win_cmd_ping_del_combined_execution", @@ -8084,7 +8073,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.777921" }, "sigmahq/proc_creation_win_cmd_shadowcopy_access": { "name": "sigmahq/proc_creation_win_cmd_shadowcopy_access", @@ -8096,7 +8085,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.780615" }, "sigmahq/proc_creation_win_cmd_sticky_key_like_backdoor_execution": { "name": "sigmahq/proc_creation_win_cmd_sticky_key_like_backdoor_execution", @@ -8108,7 +8097,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.783530" }, "sigmahq/proc_creation_win_cmd_sticky_keys_replace": { "name": "sigmahq/proc_creation_win_cmd_sticky_keys_replace", @@ -8120,7 +8109,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.786409" }, "sigmahq/proc_creation_win_cmdkey_recon": { "name": "sigmahq/proc_creation_win_cmdkey_recon", @@ -8132,7 +8121,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.789302" }, "sigmahq/proc_creation_win_cmstp_execution_by_creation": { "name": "sigmahq/proc_creation_win_cmstp_execution_by_creation", @@ -8144,7 +8133,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.791938" }, "sigmahq/proc_creation_win_conhost_path_traversal": { "name": "sigmahq/proc_creation_win_conhost_path_traversal", @@ -8156,7 +8145,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.794618" }, "sigmahq/proc_creation_win_control_panel_item": { "name": "sigmahq/proc_creation_win_control_panel_item", @@ -8168,7 +8157,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.797467" }, "sigmahq/proc_creation_win_createdump_lolbin_execution": { "name": "sigmahq/proc_creation_win_createdump_lolbin_execution", @@ -8180,7 +8169,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.800216" }, "sigmahq/proc_creation_win_csc_susp_parent": { "name": "sigmahq/proc_creation_win_csc_susp_parent", @@ -8192,7 +8181,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.803910" }, "sigmahq/proc_creation_win_csi_use_of_csharp_console": { "name": "sigmahq/proc_creation_win_csi_use_of_csharp_console", @@ -8204,7 +8193,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.806571" }, "sigmahq/proc_creation_win_curl_download_direct_ip_susp_extensions": { "name": "sigmahq/proc_creation_win_curl_download_direct_ip_susp_extensions", @@ -8216,7 +8205,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.809915" }, "sigmahq/proc_creation_win_curl_susp_download": { "name": "sigmahq/proc_creation_win_curl_susp_download", @@ -8228,7 +8217,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.812998" }, "sigmahq/proc_creation_win_dctask64_arbitrary_command_and_dll_execution": { "name": "sigmahq/proc_creation_win_dctask64_arbitrary_command_and_dll_execution", @@ -8240,7 +8229,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.815810" }, "sigmahq/proc_creation_win_desktopimgdownldr_susp_execution": { "name": "sigmahq/proc_creation_win_desktopimgdownldr_susp_execution", @@ -8252,7 +8241,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.818485" }, "sigmahq/proc_creation_win_dism_enable_powershell_web_access_feature": { "name": "sigmahq/proc_creation_win_dism_enable_powershell_web_access_feature", @@ -8264,7 +8253,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.821170" }, "sigmahq/proc_creation_win_dll_sideload_vmware_xfer": { "name": "sigmahq/proc_creation_win_dll_sideload_vmware_xfer", @@ -8276,7 +8265,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.823826" }, "sigmahq/proc_creation_win_dllhost_no_cli_execution": { "name": "sigmahq/proc_creation_win_dllhost_no_cli_execution", @@ -8288,7 +8277,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.826468" }, "sigmahq/proc_creation_win_dns_exfiltration_tools_execution": { "name": "sigmahq/proc_creation_win_dns_exfiltration_tools_execution", @@ -8300,7 +8289,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.829153" }, "sigmahq/proc_creation_win_dns_susp_child_process": { "name": "sigmahq/proc_creation_win_dns_susp_child_process", @@ -8312,7 +8301,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.831862" }, "sigmahq/proc_creation_win_dnscmd_install_new_server_level_plugin_dll": { "name": "sigmahq/proc_creation_win_dnscmd_install_new_server_level_plugin_dll", @@ -8324,7 +8313,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.834599" }, "sigmahq/proc_creation_win_driverquery_recon": { "name": "sigmahq/proc_creation_win_driverquery_recon", @@ -8336,7 +8325,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.837350" }, "sigmahq/proc_creation_win_dtrace_kernel_dump": { "name": "sigmahq/proc_creation_win_dtrace_kernel_dump", @@ -8348,7 +8337,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.839961" }, "sigmahq/proc_creation_win_dump64_defender_av_bypass_rename": { "name": "sigmahq/proc_creation_win_dump64_defender_av_bypass_rename", @@ -8360,7 +8349,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.842727" }, "sigmahq/proc_creation_win_dumpminitool_susp_execution": { "name": "sigmahq/proc_creation_win_dumpminitool_susp_execution", @@ -8372,7 +8361,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.845545" }, "sigmahq/proc_creation_win_esentutl_sensitive_file_copy": { "name": "sigmahq/proc_creation_win_esentutl_sensitive_file_copy", @@ -8384,7 +8373,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.848596" }, "sigmahq/proc_creation_win_eventvwr_susp_child_process": { "name": "sigmahq/proc_creation_win_eventvwr_susp_child_process", @@ -8396,7 +8385,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.851258" }, "sigmahq/proc_creation_win_explorer_nouaccheck": { "name": "sigmahq/proc_creation_win_explorer_nouaccheck", @@ -8408,7 +8397,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.853950" }, "sigmahq/proc_creation_win_findstr_gpp_passwords": { "name": "sigmahq/proc_creation_win_findstr_gpp_passwords", @@ -8420,7 +8409,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.856802" }, "sigmahq/proc_creation_win_findstr_sysmon_discovery_via_default_altitude": { "name": "sigmahq/proc_creation_win_findstr_sysmon_discovery_via_default_altitude", @@ -8432,7 +8421,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.859660" }, "sigmahq/proc_creation_win_finger_execution": { "name": "sigmahq/proc_creation_win_finger_execution", @@ -8444,7 +8433,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.862539" }, "sigmahq/proc_creation_win_fltmc_unload_driver_sysmon": { "name": "sigmahq/proc_creation_win_fltmc_unload_driver_sysmon", @@ -8456,7 +8445,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.865376" }, "sigmahq/proc_creation_win_forfiles_child_process_masquerading": { "name": "sigmahq/proc_creation_win_forfiles_child_process_masquerading", @@ -8468,7 +8457,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.868341" }, "sigmahq/proc_creation_win_format_uncommon_filesystem_load": { "name": "sigmahq/proc_creation_win_format_uncommon_filesystem_load", @@ -8480,7 +8469,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.871223" }, "sigmahq/proc_creation_win_fsutil_usage": { "name": "sigmahq/proc_creation_win_fsutil_usage", @@ -8492,7 +8481,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.874164" }, "sigmahq/proc_creation_win_googleupdate_susp_child_process": { "name": "sigmahq/proc_creation_win_googleupdate_susp_child_process", @@ -8504,7 +8493,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.876898" }, "sigmahq/proc_creation_win_gpg4win_susp_location": { "name": "sigmahq/proc_creation_win_gpg4win_susp_location", @@ -8516,7 +8505,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.880216" }, "sigmahq/proc_creation_win_gup_download": { "name": "sigmahq/proc_creation_win_gup_download", @@ -8528,7 +8517,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.883524" }, "sigmahq/proc_creation_win_gup_suspicious_execution": { "name": "sigmahq/proc_creation_win_gup_suspicious_execution", @@ -8540,7 +8529,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.886394" }, "sigmahq/proc_creation_win_hh_html_help_susp_child_process": { "name": "sigmahq/proc_creation_win_hh_html_help_susp_child_process", @@ -8552,7 +8541,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.889801" }, "sigmahq/proc_creation_win_hh_susp_execution": { "name": "sigmahq/proc_creation_win_hh_susp_execution", @@ -8564,7 +8553,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.893114" }, "sigmahq/proc_creation_win_hktl_adcspwn": { "name": "sigmahq/proc_creation_win_hktl_adcspwn", @@ -8576,7 +8565,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.895963" }, "sigmahq/proc_creation_win_hktl_bloodhound_sharphound": { "name": "sigmahq/proc_creation_win_hktl_bloodhound_sharphound", @@ -8588,7 +8577,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.899238" }, "sigmahq/proc_creation_win_hktl_c3_rundll32_pattern": { "name": "sigmahq/proc_creation_win_hktl_c3_rundll32_pattern", @@ -8600,7 +8589,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.902215" }, "sigmahq/proc_creation_win_hktl_certify": { "name": "sigmahq/proc_creation_win_hktl_certify", @@ -8612,7 +8601,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.905651" }, "sigmahq/proc_creation_win_hktl_certipy": { "name": "sigmahq/proc_creation_win_hktl_certipy", @@ -8624,7 +8613,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.910077" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_cmd": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_cmd", @@ -8636,7 +8625,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.914053" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_modules": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_modules", @@ -8648,7 +8637,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.918000" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_load_by_rundll32": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_load_by_rundll32", @@ -8660,7 +8649,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.921739" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_process_patterns": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_process_patterns", @@ -8672,7 +8661,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.925635" }, "sigmahq/proc_creation_win_hktl_covenant": { "name": "sigmahq/proc_creation_win_hktl_covenant", @@ -8684,7 +8673,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.929528" }, "sigmahq/proc_creation_win_hktl_crackmapexec_execution": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_execution", @@ -8696,7 +8685,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.934394" }, "sigmahq/proc_creation_win_hktl_crackmapexec_execution_patterns": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_execution_patterns", @@ -8708,7 +8697,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.938544" }, "sigmahq/proc_creation_win_hktl_crackmapexec_patterns": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_patterns", @@ -8720,7 +8709,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.942425" }, "sigmahq/proc_creation_win_hktl_crackmapexec_powershell_obfuscation": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_powershell_obfuscation", @@ -8732,7 +8721,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.945470" }, "sigmahq/proc_creation_win_hktl_createminidump": { "name": "sigmahq/proc_creation_win_hktl_createminidump", @@ -8744,7 +8733,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.948240" }, "sigmahq/proc_creation_win_hktl_dinjector": { "name": "sigmahq/proc_creation_win_hktl_dinjector", @@ -8756,7 +8745,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.950928" }, "sigmahq/proc_creation_win_hktl_dumpert": { "name": "sigmahq/proc_creation_win_hktl_dumpert", @@ -8768,7 +8757,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.953621" }, "sigmahq/proc_creation_win_hktl_edrsilencer": { "name": "sigmahq/proc_creation_win_hktl_edrsilencer", @@ -8780,7 +8769,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.956311" }, "sigmahq/proc_creation_win_hktl_empire_powershell_launch": { "name": "sigmahq/proc_creation_win_hktl_empire_powershell_launch", @@ -8792,7 +8781,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.959009" }, "sigmahq/proc_creation_win_hktl_empire_powershell_uac_bypass": { "name": "sigmahq/proc_creation_win_hktl_empire_powershell_uac_bypass", @@ -8804,7 +8793,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.961690" }, "sigmahq/proc_creation_win_hktl_execution_via_imphashes": { "name": "sigmahq/proc_creation_win_hktl_execution_via_imphashes", @@ -8816,7 +8805,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.968024" }, "sigmahq/proc_creation_win_hktl_execution_via_pe_metadata": { "name": "sigmahq/proc_creation_win_hktl_execution_via_pe_metadata", @@ -8828,7 +8817,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.970714" }, "sigmahq/proc_creation_win_hktl_gmer": { "name": "sigmahq/proc_creation_win_hktl_gmer", @@ -8840,7 +8829,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.973437" }, "sigmahq/proc_creation_win_hktl_handlekatz": { "name": "sigmahq/proc_creation_win_hktl_handlekatz", @@ -8852,7 +8841,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.976295" }, "sigmahq/proc_creation_win_hktl_hashcat": { "name": "sigmahq/proc_creation_win_hktl_hashcat", @@ -8864,7 +8853,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.978939" }, "sigmahq/proc_creation_win_hktl_htran_or_natbypass": { "name": "sigmahq/proc_creation_win_hktl_htran_or_natbypass", @@ -8876,7 +8865,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.981610" }, "sigmahq/proc_creation_win_hktl_hydra": { "name": "sigmahq/proc_creation_win_hktl_hydra", @@ -8888,7 +8877,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.984268" }, "sigmahq/proc_creation_win_hktl_impacket_lateral_movement": { "name": "sigmahq/proc_creation_win_hktl_impacket_lateral_movement", @@ -8900,7 +8889,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.987148" }, "sigmahq/proc_creation_win_hktl_impacket_tools": { "name": "sigmahq/proc_creation_win_hktl_impacket_tools", @@ -8912,7 +8901,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.990372" }, "sigmahq/proc_creation_win_hktl_inveigh": { "name": "sigmahq/proc_creation_win_hktl_inveigh", @@ -8924,7 +8913,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.993102" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_clip": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_clip", @@ -8936,7 +8925,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.995785" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_obfuscated_iex_commandline": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_obfuscated_iex_commandline", @@ -8948,7 +8937,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:35.998625" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_stdin": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_stdin", @@ -8960,7 +8949,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.001260" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_var": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_var", @@ -8972,7 +8961,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.003914" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_stdin": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_stdin", @@ -8984,7 +8973,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.006656" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_clip": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_clip", @@ -8996,7 +8985,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.009455" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta", @@ -9008,7 +8997,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.012164" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_var": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_var", @@ -9020,7 +9009,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.014914" }, "sigmahq/proc_creation_win_hktl_koadic": { "name": "sigmahq/proc_creation_win_hktl_koadic", @@ -9032,7 +9021,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.017718" }, "sigmahq/proc_creation_win_hktl_krbrelay": { "name": "sigmahq/proc_creation_win_hktl_krbrelay", @@ -9044,7 +9033,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.021393" }, "sigmahq/proc_creation_win_hktl_krbrelayup": { "name": "sigmahq/proc_creation_win_hktl_krbrelayup", @@ -9056,7 +9045,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.025164" }, "sigmahq/proc_creation_win_hktl_localpotato": { "name": "sigmahq/proc_creation_win_hktl_localpotato", @@ -9068,7 +9057,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.028022" }, "sigmahq/proc_creation_win_hktl_meterpreter_getsystem": { "name": "sigmahq/proc_creation_win_hktl_meterpreter_getsystem", @@ -9080,7 +9069,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.030829" }, "sigmahq/proc_creation_win_hktl_mimikatz_command_line": { "name": "sigmahq/proc_creation_win_hktl_mimikatz_command_line", @@ -9092,7 +9081,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.033956" }, "sigmahq/proc_creation_win_hktl_pchunter": { "name": "sigmahq/proc_creation_win_hktl_pchunter", @@ -9104,7 +9093,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.037209" }, "sigmahq/proc_creation_win_hktl_powersploit_empire_default_schtasks": { "name": "sigmahq/proc_creation_win_hktl_powersploit_empire_default_schtasks", @@ -9116,7 +9105,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.040027" }, "sigmahq/proc_creation_win_hktl_powertool": { "name": "sigmahq/proc_creation_win_hktl_powertool", @@ -9128,7 +9117,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.042637" }, "sigmahq/proc_creation_win_hktl_purplesharp_indicators": { "name": "sigmahq/proc_creation_win_hktl_purplesharp_indicators", @@ -9140,7 +9129,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.045256" }, "sigmahq/proc_creation_win_hktl_pypykatz": { "name": "sigmahq/proc_creation_win_hktl_pypykatz", @@ -9152,7 +9141,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.047922" }, "sigmahq/proc_creation_win_hktl_quarks_pwdump": { "name": "sigmahq/proc_creation_win_hktl_quarks_pwdump", @@ -9164,7 +9153,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.050575" }, "sigmahq/proc_creation_win_hktl_redmimicry_winnti_playbook": { "name": "sigmahq/proc_creation_win_hktl_redmimicry_winnti_playbook", @@ -9176,7 +9165,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.053314" }, "sigmahq/proc_creation_win_hktl_relay_attacks_tools": { "name": "sigmahq/proc_creation_win_hktl_relay_attacks_tools", @@ -9188,7 +9177,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.056319" }, "sigmahq/proc_creation_win_hktl_rubeus": { "name": "sigmahq/proc_creation_win_hktl_rubeus", @@ -9200,7 +9189,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.059284" }, "sigmahq/proc_creation_win_hktl_safetykatz": { "name": "sigmahq/proc_creation_win_hktl_safetykatz", @@ -9212,7 +9201,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.061875" }, "sigmahq/proc_creation_win_hktl_secutyxploded": { "name": "sigmahq/proc_creation_win_hktl_secutyxploded", @@ -9224,7 +9213,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.064574" }, "sigmahq/proc_creation_win_hktl_selectmyparent": { "name": "sigmahq/proc_creation_win_hktl_selectmyparent", @@ -9236,7 +9225,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.067642" }, "sigmahq/proc_creation_win_hktl_sharp_chisel": { "name": "sigmahq/proc_creation_win_hktl_sharp_chisel", @@ -9248,7 +9237,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.070243" }, "sigmahq/proc_creation_win_hktl_sharp_impersonation": { "name": "sigmahq/proc_creation_win_hktl_sharp_impersonation", @@ -9260,7 +9249,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.073080" }, "sigmahq/proc_creation_win_hktl_sharpersist": { "name": "sigmahq/proc_creation_win_hktl_sharpersist", @@ -9272,7 +9261,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.075826" }, "sigmahq/proc_creation_win_hktl_sharpevtmute": { "name": "sigmahq/proc_creation_win_hktl_sharpevtmute", @@ -9284,7 +9273,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.078502" }, "sigmahq/proc_creation_win_hktl_sharpldapwhoami": { "name": "sigmahq/proc_creation_win_hktl_sharpldapwhoami", @@ -9296,7 +9285,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.081216" }, "sigmahq/proc_creation_win_hktl_sharpup": { "name": "sigmahq/proc_creation_win_hktl_sharpup", @@ -9308,7 +9297,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.084027" }, "sigmahq/proc_creation_win_hktl_sharpview": { "name": "sigmahq/proc_creation_win_hktl_sharpview", @@ -9320,7 +9309,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.088473" }, "sigmahq/proc_creation_win_hktl_silenttrinity_stager": { "name": "sigmahq/proc_creation_win_hktl_silenttrinity_stager", @@ -9332,7 +9321,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.091043" }, "sigmahq/proc_creation_win_hktl_sliver_c2_execution_pattern": { "name": "sigmahq/proc_creation_win_hktl_sliver_c2_execution_pattern", @@ -9344,7 +9333,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.093706" }, "sigmahq/proc_creation_win_hktl_stracciatella_execution": { "name": "sigmahq/proc_creation_win_hktl_stracciatella_execution", @@ -9356,7 +9345,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.096580" }, "sigmahq/proc_creation_win_hktl_sysmoneop": { "name": "sigmahq/proc_creation_win_hktl_sysmoneop", @@ -9368,7 +9357,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.100101" }, "sigmahq/proc_creation_win_hktl_trufflesnout": { "name": "sigmahq/proc_creation_win_hktl_trufflesnout", @@ -9380,7 +9369,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.103568" }, "sigmahq/proc_creation_win_hktl_uacme": { "name": "sigmahq/proc_creation_win_hktl_uacme", @@ -9392,7 +9381,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.107066" }, "sigmahq/proc_creation_win_hktl_wce": { "name": "sigmahq/proc_creation_win_hktl_wce", @@ -9404,7 +9393,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.109816" }, "sigmahq/proc_creation_win_hktl_winpeas": { "name": "sigmahq/proc_creation_win_hktl_winpeas", @@ -9416,7 +9405,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.112821" }, "sigmahq/proc_creation_win_hktl_winpwn": { "name": "sigmahq/proc_creation_win_hktl_winpwn", @@ -9428,7 +9417,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.115769" }, "sigmahq/proc_creation_win_hktl_wmiexec_default_powershell": { "name": "sigmahq/proc_creation_win_hktl_wmiexec_default_powershell", @@ -9440,7 +9429,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.118321" }, "sigmahq/proc_creation_win_hktl_xordump": { "name": "sigmahq/proc_creation_win_hktl_xordump", @@ -9452,7 +9441,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.121097" }, "sigmahq/proc_creation_win_hwp_exploits": { "name": "sigmahq/proc_creation_win_hwp_exploits", @@ -9464,7 +9453,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.123798" }, "sigmahq/proc_creation_win_ieexec_download": { "name": "sigmahq/proc_creation_win_ieexec_download", @@ -9476,7 +9465,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.126435" }, "sigmahq/proc_creation_win_iis_appcmd_http_logging": { "name": "sigmahq/proc_creation_win_iis_appcmd_http_logging", @@ -9488,7 +9477,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.129141" }, "sigmahq/proc_creation_win_iis_appcmd_service_account_password_dumped": { "name": "sigmahq/proc_creation_win_iis_appcmd_service_account_password_dumped", @@ -9500,7 +9489,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.132045" }, "sigmahq/proc_creation_win_iis_connection_strings_decryption": { "name": "sigmahq/proc_creation_win_iis_connection_strings_decryption", @@ -9512,7 +9501,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.134770" }, "sigmahq/proc_creation_win_iis_susp_module_registration": { "name": "sigmahq/proc_creation_win_iis_susp_module_registration", @@ -9524,7 +9513,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.137490" }, "sigmahq/proc_creation_win_imagingdevices_unusual_parents": { "name": "sigmahq/proc_creation_win_imagingdevices_unusual_parents", @@ -9536,7 +9525,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.140083" }, "sigmahq/proc_creation_win_imewbdld_download": { "name": "sigmahq/proc_creation_win_imewbdld_download", @@ -9548,7 +9537,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.142714" }, "sigmahq/proc_creation_win_java_keytool_susp_child_process": { "name": "sigmahq/proc_creation_win_java_keytool_susp_child_process", @@ -9560,7 +9549,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.145662" }, "sigmahq/proc_creation_win_java_manageengine_susp_child_process": { "name": "sigmahq/proc_creation_win_java_manageengine_susp_child_process", @@ -9572,7 +9561,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.148841" }, "sigmahq/proc_creation_win_kavremover_uncommon_execution": { "name": "sigmahq/proc_creation_win_kavremover_uncommon_execution", @@ -9584,7 +9573,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.151523" }, "sigmahq/proc_creation_win_logman_disable_eventlog": { "name": "sigmahq/proc_creation_win_logman_disable_eventlog", @@ -9596,7 +9585,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.154348" }, "sigmahq/proc_creation_win_lolbin_devtoolslauncher": { "name": "sigmahq/proc_creation_win_lolbin_devtoolslauncher", @@ -9608,7 +9597,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.156941" }, "sigmahq/proc_creation_win_lolbin_manage_bde": { "name": "sigmahq/proc_creation_win_lolbin_manage_bde", @@ -9620,7 +9609,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.159728" }, "sigmahq/proc_creation_win_lolbin_mavinject_process_injection": { "name": "sigmahq/proc_creation_win_lolbin_mavinject_process_injection", @@ -9632,7 +9621,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.162493" }, "sigmahq/proc_creation_win_lolbin_mpiexec": { "name": "sigmahq/proc_creation_win_lolbin_mpiexec", @@ -9644,7 +9633,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.165190" }, "sigmahq/proc_creation_win_lolbin_msdt_answer_file": { "name": "sigmahq/proc_creation_win_lolbin_msdt_answer_file", @@ -9656,7 +9645,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.167981" }, "sigmahq/proc_creation_win_lolbin_openwith": { "name": "sigmahq/proc_creation_win_lolbin_openwith", @@ -9668,7 +9657,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.170691" }, "sigmahq/proc_creation_win_lolbin_pcwrun_follina": { "name": "sigmahq/proc_creation_win_lolbin_pcwrun_follina", @@ -9680,7 +9669,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.174152" }, "sigmahq/proc_creation_win_lolbin_printbrm": { "name": "sigmahq/proc_creation_win_lolbin_printbrm", @@ -9692,7 +9681,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.177732" }, "sigmahq/proc_creation_win_lolbin_settingsynchost": { "name": "sigmahq/proc_creation_win_lolbin_settingsynchost", @@ -9704,7 +9693,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.180819" }, "sigmahq/proc_creation_win_lolbin_susp_certreq_download": { "name": "sigmahq/proc_creation_win_lolbin_susp_certreq_download", @@ -9716,7 +9705,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.183586" }, "sigmahq/proc_creation_win_lolbin_susp_grpconv": { "name": "sigmahq/proc_creation_win_lolbin_susp_grpconv", @@ -9728,7 +9717,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.186310" }, "sigmahq/proc_creation_win_lolbin_tttracer_mod_load": { "name": "sigmahq/proc_creation_win_lolbin_tttracer_mod_load", @@ -9740,7 +9729,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.189017" }, "sigmahq/proc_creation_win_lolbin_visual_basic_compiler": { "name": "sigmahq/proc_creation_win_lolbin_visual_basic_compiler", @@ -9752,7 +9741,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.191681" }, "sigmahq/proc_creation_win_lsass_process_clone": { "name": "sigmahq/proc_creation_win_lsass_process_clone", @@ -9764,7 +9753,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.194388" }, "sigmahq/proc_creation_win_mmc_mmc20_lateral_movement": { "name": "sigmahq/proc_creation_win_mmc_mmc20_lateral_movement", @@ -9776,7 +9765,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.197046" }, "sigmahq/proc_creation_win_mmc_susp_child_process": { "name": "sigmahq/proc_creation_win_mmc_susp_child_process", @@ -9788,7 +9777,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.199821" }, "sigmahq/proc_creation_win_mofcomp_execution": { "name": "sigmahq/proc_creation_win_mofcomp_execution", @@ -9800,7 +9789,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.202894" }, "sigmahq/proc_creation_win_mpcmdrun_dll_sideload_defender": { "name": "sigmahq/proc_creation_win_mpcmdrun_dll_sideload_defender", @@ -9812,7 +9801,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.205707" }, "sigmahq/proc_creation_win_mpcmdrun_download_arbitrary_file": { "name": "sigmahq/proc_creation_win_mpcmdrun_download_arbitrary_file", @@ -9824,7 +9813,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.208431" }, "sigmahq/proc_creation_win_mpcmdrun_remove_windows_defender_definition": { "name": "sigmahq/proc_creation_win_mpcmdrun_remove_windows_defender_definition", @@ -9836,7 +9825,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.211084" }, "sigmahq/proc_creation_win_msdt_arbitrary_command_execution": { "name": "sigmahq/proc_creation_win_msdt_arbitrary_command_execution", @@ -9848,7 +9837,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.213948" }, "sigmahq/proc_creation_win_msdt_susp_parent": { "name": "sigmahq/proc_creation_win_msdt_susp_parent", @@ -9860,7 +9849,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.216809" }, "sigmahq/proc_creation_win_mshta_http": { "name": "sigmahq/proc_creation_win_mshta_http", @@ -9872,7 +9861,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.219506" }, "sigmahq/proc_creation_win_mshta_javascript": { "name": "sigmahq/proc_creation_win_mshta_javascript", @@ -9884,7 +9873,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.222212" }, "sigmahq/proc_creation_win_mshta_lethalhta_technique": { "name": "sigmahq/proc_creation_win_mshta_lethalhta_technique", @@ -9896,7 +9885,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.224838" }, "sigmahq/proc_creation_win_mshta_susp_child_processes": { "name": "sigmahq/proc_creation_win_mshta_susp_child_processes", @@ -9908,7 +9897,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.227649" }, "sigmahq/proc_creation_win_mshta_susp_execution": { "name": "sigmahq/proc_creation_win_mshta_susp_execution", @@ -9920,7 +9909,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.230486" }, "sigmahq/proc_creation_win_mshta_susp_pattern": { "name": "sigmahq/proc_creation_win_mshta_susp_pattern", @@ -9932,7 +9921,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.233478" }, "sigmahq/proc_creation_win_msiexec_masquerading": { "name": "sigmahq/proc_creation_win_msiexec_masquerading", @@ -9944,7 +9933,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.236118" }, "sigmahq/proc_creation_win_msra_process_injection": { "name": "sigmahq/proc_creation_win_msra_process_injection", @@ -9956,7 +9945,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.238921" }, "sigmahq/proc_creation_win_mssql_susp_child_process": { "name": "sigmahq/proc_creation_win_mssql_susp_child_process", @@ -9968,7 +9957,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.242033" }, "sigmahq/proc_creation_win_mssql_veaam_susp_child_processes": { "name": "sigmahq/proc_creation_win_mssql_veaam_susp_child_processes", @@ -9980,7 +9969,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.244990" }, "sigmahq/proc_creation_win_mstsc_rdp_hijack_shadowing": { "name": "sigmahq/proc_creation_win_mstsc_rdp_hijack_shadowing", @@ -9992,7 +9981,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.247798" }, "sigmahq/proc_creation_win_mstsc_run_local_rdp_file_susp_location": { "name": "sigmahq/proc_creation_win_mstsc_run_local_rdp_file_susp_location", @@ -10004,7 +9993,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.250800" }, "sigmahq/proc_creation_win_mstsc_run_local_rpd_file_susp_parent": { "name": "sigmahq/proc_creation_win_mstsc_run_local_rpd_file_susp_parent", @@ -10016,7 +10005,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.253639" }, "sigmahq/proc_creation_win_msxsl_remote_execution": { "name": "sigmahq/proc_creation_win_msxsl_remote_execution", @@ -10028,7 +10017,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.256292" }, "sigmahq/proc_creation_win_net_use_mount_internet_share": { "name": "sigmahq/proc_creation_win_net_use_mount_internet_share", @@ -10040,7 +10029,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.259011" }, "sigmahq/proc_creation_win_net_user_add_never_expire": { "name": "sigmahq/proc_creation_win_net_user_add_never_expire", @@ -10052,7 +10041,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.261745" }, "sigmahq/proc_creation_win_net_user_default_accounts_manipulation": { "name": "sigmahq/proc_creation_win_net_user_default_accounts_manipulation", @@ -10064,7 +10053,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.265067" }, "sigmahq/proc_creation_win_netsh_fw_allow_program_in_susp_location": { "name": "sigmahq/proc_creation_win_netsh_fw_allow_program_in_susp_location", @@ -10076,7 +10065,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.268353" }, "sigmahq/proc_creation_win_netsh_fw_allow_rdp": { "name": "sigmahq/proc_creation_win_netsh_fw_allow_rdp", @@ -10088,7 +10077,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.271107" }, "sigmahq/proc_creation_win_netsh_port_forwarding_3389": { "name": "sigmahq/proc_creation_win_netsh_port_forwarding_3389", @@ -10100,7 +10089,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.273892" }, "sigmahq/proc_creation_win_node_abuse": { "name": "sigmahq/proc_creation_win_node_abuse", @@ -10112,7 +10101,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.276731" }, "sigmahq/proc_creation_win_nslookup_domain_discovery": { "name": "sigmahq/proc_creation_win_nslookup_domain_discovery", @@ -10124,7 +10113,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.279511" }, "sigmahq/proc_creation_win_odbcconf_driver_install_susp": { "name": "sigmahq/proc_creation_win_odbcconf_driver_install_susp", @@ -10136,7 +10125,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.282268" }, "sigmahq/proc_creation_win_odbcconf_exec_susp_locations": { "name": "sigmahq/proc_creation_win_odbcconf_exec_susp_locations", @@ -10148,7 +10137,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.285558" }, "sigmahq/proc_creation_win_odbcconf_register_dll_regsvr_susp": { "name": "sigmahq/proc_creation_win_odbcconf_register_dll_regsvr_susp", @@ -10160,7 +10149,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.288251" }, "sigmahq/proc_creation_win_office_arbitrary_cli_download": { "name": "sigmahq/proc_creation_win_office_arbitrary_cli_download", @@ -10172,7 +10161,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.291105" }, "sigmahq/proc_creation_win_office_excel_dcom_lateral_movement": { "name": "sigmahq/proc_creation_win_office_excel_dcom_lateral_movement", @@ -10184,7 +10173,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.294034" }, "sigmahq/proc_creation_win_office_exec_from_trusted_locations": { "name": "sigmahq/proc_creation_win_office_exec_from_trusted_locations", @@ -10196,7 +10185,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.297028" }, "sigmahq/proc_creation_win_office_onenote_embedded_script_execution": { "name": "sigmahq/proc_creation_win_office_onenote_embedded_script_execution", @@ -10208,7 +10197,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.299943" }, "sigmahq/proc_creation_win_office_onenote_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_onenote_susp_child_processes", @@ -10220,7 +10209,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.303974" }, "sigmahq/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules": { "name": "sigmahq/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules", @@ -10232,7 +10221,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.306786" }, "sigmahq/proc_creation_win_office_outlook_execution_from_temp": { "name": "sigmahq/proc_creation_win_office_outlook_execution_from_temp", @@ -10244,7 +10233,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.309520" }, "sigmahq/proc_creation_win_office_outlook_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_outlook_susp_child_processes", @@ -10256,7 +10245,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.312797" }, "sigmahq/proc_creation_win_office_outlook_susp_child_processes_remote": { "name": "sigmahq/proc_creation_win_office_outlook_susp_child_processes_remote", @@ -10268,7 +10257,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.315656" }, "sigmahq/proc_creation_win_office_spawn_exe_from_users_directory": { "name": "sigmahq/proc_creation_win_office_spawn_exe_from_users_directory", @@ -10280,7 +10269,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.318817" }, "sigmahq/proc_creation_win_office_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_susp_child_processes", @@ -10292,7 +10281,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.322841" }, "sigmahq/proc_creation_win_ping_hex_ip": { "name": "sigmahq/proc_creation_win_ping_hex_ip", @@ -10304,7 +10293,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.325525" }, "sigmahq/proc_creation_win_plink_port_forwarding": { "name": "sigmahq/proc_creation_win_plink_port_forwarding", @@ -10316,7 +10305,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.328181" }, "sigmahq/proc_creation_win_plink_susp_tunneling": { "name": "sigmahq/proc_creation_win_plink_susp_tunneling", @@ -10328,7 +10317,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.330890" }, "sigmahq/proc_creation_win_powershell_aadinternals_cmdlets_execution": { "name": "sigmahq/proc_creation_win_powershell_aadinternals_cmdlets_execution", @@ -10340,7 +10329,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.333915" }, "sigmahq/proc_creation_win_powershell_amsi_init_failed_bypass": { "name": "sigmahq/proc_creation_win_powershell_amsi_init_failed_bypass", @@ -10352,7 +10341,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.336732" }, "sigmahq/proc_creation_win_powershell_base64_encoded_cmd": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_cmd", @@ -10364,7 +10353,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.339647" }, "sigmahq/proc_creation_win_powershell_base64_encoded_cmd_patterns": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_cmd_patterns", @@ -10376,7 +10365,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.342955" }, "sigmahq/proc_creation_win_powershell_base64_encoded_obfusc": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_obfusc", @@ -10388,7 +10377,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.346073" }, "sigmahq/proc_creation_win_powershell_base64_frombase64string": { "name": "sigmahq/proc_creation_win_powershell_base64_frombase64string", @@ -10400,7 +10389,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.348885" }, "sigmahq/proc_creation_win_powershell_base64_hidden_flag": { "name": "sigmahq/proc_creation_win_powershell_base64_hidden_flag", @@ -10412,7 +10401,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.352693" }, "sigmahq/proc_creation_win_powershell_base64_iex": { "name": "sigmahq/proc_creation_win_powershell_base64_iex", @@ -10424,7 +10413,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.356041" }, "sigmahq/proc_creation_win_powershell_base64_invoke": { "name": "sigmahq/proc_creation_win_powershell_base64_invoke", @@ -10436,7 +10425,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.358926" }, "sigmahq/proc_creation_win_powershell_base64_mppreference": { "name": "sigmahq/proc_creation_win_powershell_base64_mppreference", @@ -10448,7 +10437,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.362122" }, "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load": { "name": "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load", @@ -10460,7 +10449,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.365367" }, "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load_obfusc": { "name": "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load_obfusc", @@ -10472,7 +10461,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.368525" }, "sigmahq/proc_creation_win_powershell_base64_wmi_classes": { "name": "sigmahq/proc_creation_win_powershell_base64_wmi_classes", @@ -10484,7 +10473,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.372023" }, "sigmahq/proc_creation_win_powershell_cmdline_reversed_strings": { "name": "sigmahq/proc_creation_win_powershell_cmdline_reversed_strings", @@ -10496,7 +10485,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.375579" }, "sigmahq/proc_creation_win_powershell_cmdline_special_characters": { "name": "sigmahq/proc_creation_win_powershell_cmdline_special_characters", @@ -10508,7 +10497,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.378496" }, "sigmahq/proc_creation_win_powershell_decrypt_pattern": { "name": "sigmahq/proc_creation_win_powershell_decrypt_pattern", @@ -10520,7 +10509,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.381371" }, "sigmahq/proc_creation_win_powershell_defender_disable_feature": { "name": "sigmahq/proc_creation_win_powershell_defender_disable_feature", @@ -10532,7 +10521,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.386320" }, "sigmahq/proc_creation_win_powershell_disable_defender_av_security_monitoring": { "name": "sigmahq/proc_creation_win_powershell_disable_defender_av_security_monitoring", @@ -10544,7 +10533,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.389257" }, "sigmahq/proc_creation_win_powershell_disable_ie_features": { "name": "sigmahq/proc_creation_win_powershell_disable_ie_features", @@ -10556,7 +10545,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.392102" }, "sigmahq/proc_creation_win_powershell_download_cradle_obfuscated": { "name": "sigmahq/proc_creation_win_powershell_download_cradle_obfuscated", @@ -10568,7 +10557,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.395073" }, "sigmahq/proc_creation_win_powershell_download_iex": { "name": "sigmahq/proc_creation_win_powershell_download_iex", @@ -10580,7 +10569,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.398030" }, "sigmahq/proc_creation_win_powershell_email_exfil": { "name": "sigmahq/proc_creation_win_powershell_email_exfil", @@ -10592,7 +10581,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.400762" }, "sigmahq/proc_creation_win_powershell_frombase64string": { "name": "sigmahq/proc_creation_win_powershell_frombase64string", @@ -10604,7 +10593,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.403537" }, "sigmahq/proc_creation_win_powershell_getprocess_lsass": { "name": "sigmahq/proc_creation_win_powershell_getprocess_lsass", @@ -10616,7 +10605,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.406180" }, "sigmahq/proc_creation_win_powershell_hide_services_via_set_service": { "name": "sigmahq/proc_creation_win_powershell_hide_services_via_set_service", @@ -10628,7 +10617,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.408971" }, "sigmahq/proc_creation_win_powershell_iex_patterns": { "name": "sigmahq/proc_creation_win_powershell_iex_patterns", @@ -10640,7 +10629,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.411988" }, "sigmahq/proc_creation_win_powershell_import_cert_susp_locations": { "name": "sigmahq/proc_creation_win_powershell_import_cert_susp_locations", @@ -10652,7 +10641,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.414767" }, "sigmahq/proc_creation_win_powershell_mailboxexport_share": { "name": "sigmahq/proc_creation_win_powershell_mailboxexport_share", @@ -10664,7 +10653,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.417383" }, "sigmahq/proc_creation_win_powershell_obfuscation_via_utf8": { "name": "sigmahq/proc_creation_win_powershell_obfuscation_via_utf8", @@ -10676,7 +10665,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.420112" }, "sigmahq/proc_creation_win_powershell_public_folder": { "name": "sigmahq/proc_creation_win_powershell_public_folder", @@ -10688,7 +10677,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.422984" }, "sigmahq/proc_creation_win_powershell_remotefxvgpudisablement_abuse": { "name": "sigmahq/proc_creation_win_powershell_remotefxvgpudisablement_abuse", @@ -10700,7 +10689,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.425684" }, "sigmahq/proc_creation_win_powershell_remove_mppreference": { "name": "sigmahq/proc_creation_win_powershell_remove_mppreference", @@ -10712,7 +10701,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.428450" }, "sigmahq/proc_creation_win_powershell_reverse_shell_connection": { "name": "sigmahq/proc_creation_win_powershell_reverse_shell_connection", @@ -10724,7 +10713,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.431150" }, "sigmahq/proc_creation_win_powershell_run_script_from_ads": { "name": "sigmahq/proc_creation_win_powershell_run_script_from_ads", @@ -10736,7 +10725,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.433848" }, "sigmahq/proc_creation_win_powershell_run_script_from_input_stream": { "name": "sigmahq/proc_creation_win_powershell_run_script_from_input_stream", @@ -10748,7 +10737,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.436586" }, "sigmahq/proc_creation_win_powershell_sam_access": { "name": "sigmahq/proc_creation_win_powershell_sam_access", @@ -10760,7 +10749,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.439244" }, "sigmahq/proc_creation_win_powershell_service_dacl_modification_set_service": { "name": "sigmahq/proc_creation_win_powershell_service_dacl_modification_set_service", @@ -10772,7 +10761,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.442066" }, "sigmahq/proc_creation_win_powershell_set_acl": { "name": "sigmahq/proc_creation_win_powershell_set_acl", @@ -10784,7 +10773,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.444692" }, "sigmahq/proc_creation_win_powershell_set_acl_susp_location": { "name": "sigmahq/proc_creation_win_powershell_set_acl_susp_location", @@ -10796,7 +10785,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.447396" }, "sigmahq/proc_creation_win_powershell_shadowcopy_deletion": { "name": "sigmahq/proc_creation_win_powershell_shadowcopy_deletion", @@ -10808,7 +10797,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.450171" }, "sigmahq/proc_creation_win_powershell_snapins_hafnium": { "name": "sigmahq/proc_creation_win_powershell_snapins_hafnium", @@ -10820,7 +10809,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.453041" }, "sigmahq/proc_creation_win_powershell_susp_download_patterns": { "name": "sigmahq/proc_creation_win_powershell_susp_download_patterns", @@ -10832,7 +10821,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.455858" }, "sigmahq/proc_creation_win_powershell_susp_parameter_variation": { "name": "sigmahq/proc_creation_win_powershell_susp_parameter_variation", @@ -10844,7 +10833,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.460554" }, "sigmahq/proc_creation_win_powershell_susp_parent_process": { "name": "sigmahq/proc_creation_win_powershell_susp_parent_process", @@ -10856,7 +10845,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.463901" }, "sigmahq/proc_creation_win_powershell_susp_ps_downloadfile": { "name": "sigmahq/proc_creation_win_powershell_susp_ps_downloadfile", @@ -10868,7 +10857,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.466777" }, "sigmahq/proc_creation_win_powershell_token_obfuscation": { "name": "sigmahq/proc_creation_win_powershell_token_obfuscation", @@ -10880,7 +10869,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.469526" }, "sigmahq/proc_creation_win_powershell_webclient_casing": { "name": "sigmahq/proc_creation_win_powershell_webclient_casing", @@ -10892,7 +10881,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.475232" }, "sigmahq/proc_creation_win_provlaunch_susp_child_process": { "name": "sigmahq/proc_creation_win_provlaunch_susp_child_process", @@ -10904,7 +10893,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.478178" }, "sigmahq/proc_creation_win_pua_3proxy_execution": { "name": "sigmahq/proc_creation_win_pua_3proxy_execution", @@ -10916,7 +10905,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.480830" }, "sigmahq/proc_creation_win_pua_adfind_enumeration": { "name": "sigmahq/proc_creation_win_pua_adfind_enumeration", @@ -10928,7 +10917,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.483589" }, "sigmahq/proc_creation_win_pua_adfind_susp_usage": { "name": "sigmahq/proc_creation_win_pua_adfind_susp_usage", @@ -10940,7 +10929,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.486664" }, "sigmahq/proc_creation_win_pua_advancedrun_priv_user": { "name": "sigmahq/proc_creation_win_pua_advancedrun_priv_user", @@ -10952,7 +10941,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.489492" }, "sigmahq/proc_creation_win_pua_chisel": { "name": "sigmahq/proc_creation_win_pua_chisel", @@ -10964,7 +10953,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.492195" }, "sigmahq/proc_creation_win_pua_cleanwipe": { "name": "sigmahq/proc_creation_win_pua_cleanwipe", @@ -10976,7 +10965,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.494927" }, "sigmahq/proc_creation_win_pua_crassus": { "name": "sigmahq/proc_creation_win_pua_crassus", @@ -10988,7 +10977,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.497607" }, "sigmahq/proc_creation_win_pua_csexec": { "name": "sigmahq/proc_creation_win_pua_csexec", @@ -11000,7 +10989,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.500213" }, "sigmahq/proc_creation_win_pua_defendercheck": { "name": "sigmahq/proc_creation_win_pua_defendercheck", @@ -11012,7 +11001,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.502866" }, "sigmahq/proc_creation_win_pua_ditsnap": { "name": "sigmahq/proc_creation_win_pua_ditsnap", @@ -11024,7 +11013,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.505584" }, "sigmahq/proc_creation_win_pua_frp": { "name": "sigmahq/proc_creation_win_pua_frp", @@ -11036,7 +11025,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.508491" }, "sigmahq/proc_creation_win_pua_iox": { "name": "sigmahq/proc_creation_win_pua_iox", @@ -11048,7 +11037,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.511350" }, "sigmahq/proc_creation_win_pua_netcat": { "name": "sigmahq/proc_creation_win_pua_netcat", @@ -11060,7 +11049,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.514214" }, "sigmahq/proc_creation_win_pua_ngrok": { "name": "sigmahq/proc_creation_win_pua_ngrok", @@ -11072,7 +11061,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.517116" }, "sigmahq/proc_creation_win_pua_nimgrab": { "name": "sigmahq/proc_creation_win_pua_nimgrab", @@ -11084,7 +11073,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.519938" }, "sigmahq/proc_creation_win_pua_nircmd_as_system": { "name": "sigmahq/proc_creation_win_pua_nircmd_as_system", @@ -11096,7 +11085,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.522536" }, "sigmahq/proc_creation_win_pua_nps": { "name": "sigmahq/proc_creation_win_pua_nps", @@ -11108,7 +11097,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.525330" }, "sigmahq/proc_creation_win_pua_nsudo": { "name": "sigmahq/proc_creation_win_pua_nsudo", @@ -11120,7 +11109,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.528141" }, "sigmahq/proc_creation_win_pua_rclone_execution": { "name": "sigmahq/proc_creation_win_pua_rclone_execution", @@ -11132,7 +11121,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.531064" }, "sigmahq/proc_creation_win_pua_runxcmd": { "name": "sigmahq/proc_creation_win_pua_runxcmd", @@ -11144,7 +11133,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.533692" }, "sigmahq/proc_creation_win_pua_seatbelt": { "name": "sigmahq/proc_creation_win_pua_seatbelt", @@ -11156,7 +11145,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.536845" }, "sigmahq/proc_creation_win_pua_wsudo_susp_execution": { "name": "sigmahq/proc_creation_win_pua_wsudo_susp_execution", @@ -11168,7 +11157,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.539609" }, "sigmahq/proc_creation_win_python_pty_spawn": { "name": "sigmahq/proc_creation_win_python_pty_spawn", @@ -11180,7 +11169,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.542303" }, "sigmahq/proc_creation_win_rar_compression_with_password": { "name": "sigmahq/proc_creation_win_rar_compression_with_password", @@ -11192,7 +11181,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.545860" }, "sigmahq/proc_creation_win_rar_susp_greedy_compression": { "name": "sigmahq/proc_creation_win_rar_susp_greedy_compression", @@ -11204,7 +11193,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.549812" }, "sigmahq/proc_creation_win_rdrleakdiag_process_dumping": { "name": "sigmahq/proc_creation_win_rdrleakdiag_process_dumping", @@ -11216,7 +11205,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.552874" }, "sigmahq/proc_creation_win_reg_add_safeboot": { "name": "sigmahq/proc_creation_win_reg_add_safeboot", @@ -11228,7 +11217,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.555621" }, "sigmahq/proc_creation_win_reg_bitlocker": { "name": "sigmahq/proc_creation_win_reg_bitlocker", @@ -11240,7 +11229,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.558446" }, "sigmahq/proc_creation_win_reg_delete_safeboot": { "name": "sigmahq/proc_creation_win_reg_delete_safeboot", @@ -11252,7 +11241,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.561130" }, "sigmahq/proc_creation_win_reg_delete_services": { "name": "sigmahq/proc_creation_win_reg_delete_services", @@ -11264,7 +11253,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.563783" }, "sigmahq/proc_creation_win_reg_disable_sec_services": { "name": "sigmahq/proc_creation_win_reg_disable_sec_services", @@ -11276,7 +11265,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.566654" }, "sigmahq/proc_creation_win_reg_dumping_sensitive_hives": { "name": "sigmahq/proc_creation_win_reg_dumping_sensitive_hives", @@ -11288,7 +11277,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.569722" }, "sigmahq/proc_creation_win_reg_lsa_disable_restricted_admin": { "name": "sigmahq/proc_creation_win_reg_lsa_disable_restricted_admin", @@ -11300,7 +11289,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.572492" }, "sigmahq/proc_creation_win_reg_lsa_ppl_protection_disabled": { "name": "sigmahq/proc_creation_win_reg_lsa_ppl_protection_disabled", @@ -11312,7 +11301,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.575178" }, "sigmahq/proc_creation_win_reg_nolmhash": { "name": "sigmahq/proc_creation_win_reg_nolmhash", @@ -11324,7 +11313,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.577873" }, "sigmahq/proc_creation_win_reg_rdp_keys_tamper": { "name": "sigmahq/proc_creation_win_reg_rdp_keys_tamper", @@ -11336,7 +11325,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.580895" }, "sigmahq/proc_creation_win_reg_susp_paths": { "name": "sigmahq/proc_creation_win_reg_susp_paths", @@ -11348,7 +11337,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.583729" }, "sigmahq/proc_creation_win_reg_volsnap_disable": { "name": "sigmahq/proc_creation_win_reg_volsnap_disable", @@ -11360,7 +11349,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.586314" }, "sigmahq/proc_creation_win_reg_windows_defender_tamper": { "name": "sigmahq/proc_creation_win_reg_windows_defender_tamper", @@ -11372,7 +11361,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.589670" }, "sigmahq/proc_creation_win_regedit_export_critical_keys": { "name": "sigmahq/proc_creation_win_regedit_export_critical_keys", @@ -11384,7 +11373,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.592487" }, "sigmahq/proc_creation_win_regedit_import_keys_ads": { "name": "sigmahq/proc_creation_win_regedit_import_keys_ads", @@ -11396,7 +11385,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.595382" }, "sigmahq/proc_creation_win_regedit_trustedinstaller": { "name": "sigmahq/proc_creation_win_regedit_trustedinstaller", @@ -11408,7 +11397,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.597990" }, "sigmahq/proc_creation_win_regini_ads": { "name": "sigmahq/proc_creation_win_regini_ads", @@ -11420,7 +11409,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.600673" }, "sigmahq/proc_creation_win_registry_ie_security_zone_protocol_defaults_downgrade": { "name": "sigmahq/proc_creation_win_registry_ie_security_zone_protocol_defaults_downgrade", @@ -11432,7 +11421,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.603361" }, "sigmahq/proc_creation_win_registry_install_reg_debugger_backdoor": { "name": "sigmahq/proc_creation_win_registry_install_reg_debugger_backdoor", @@ -11444,7 +11433,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.606109" }, "sigmahq/proc_creation_win_registry_logon_script": { "name": "sigmahq/proc_creation_win_registry_logon_script", @@ -11456,7 +11445,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.608797" }, "sigmahq/proc_creation_win_registry_new_network_provider": { "name": "sigmahq/proc_creation_win_registry_new_network_provider", @@ -11468,7 +11457,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.611516" }, "sigmahq/proc_creation_win_registry_office_disable_python_security_warnings": { "name": "sigmahq/proc_creation_win_registry_office_disable_python_security_warnings", @@ -11480,7 +11469,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.614300" }, "sigmahq/proc_creation_win_registry_privilege_escalation_via_service_key": { "name": "sigmahq/proc_creation_win_registry_privilege_escalation_via_service_key", @@ -11492,7 +11481,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.617930" }, "sigmahq/proc_creation_win_registry_provlaunch_provisioning_command": { "name": "sigmahq/proc_creation_win_registry_provlaunch_provisioning_command", @@ -11504,7 +11493,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.621410" }, "sigmahq/proc_creation_win_registry_set_unsecure_powershell_policy": { "name": "sigmahq/proc_creation_win_registry_set_unsecure_powershell_policy", @@ -11516,7 +11505,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.624401" }, "sigmahq/proc_creation_win_regsvr32_http_ip_pattern": { "name": "sigmahq/proc_creation_win_regsvr32_http_ip_pattern", @@ -11528,7 +11517,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.627668" }, "sigmahq/proc_creation_win_regsvr32_remote_share": { "name": "sigmahq/proc_creation_win_regsvr32_remote_share", @@ -11540,7 +11529,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.630302" }, "sigmahq/proc_creation_win_regsvr32_susp_child_process": { "name": "sigmahq/proc_creation_win_regsvr32_susp_child_process", @@ -11552,7 +11541,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.633149" }, "sigmahq/proc_creation_win_regsvr32_susp_exec_path_2": { "name": "sigmahq/proc_creation_win_regsvr32_susp_exec_path_2", @@ -11564,7 +11553,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.636449" }, "sigmahq/proc_creation_win_regsvr32_susp_extensions": { "name": "sigmahq/proc_creation_win_regsvr32_susp_extensions", @@ -11576,7 +11565,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.639479" }, "sigmahq/proc_creation_win_remote_access_tools_anydesk_silent_install": { "name": "sigmahq/proc_creation_win_remote_access_tools_anydesk_silent_install", @@ -11588,7 +11577,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.642113" }, "sigmahq/proc_creation_win_remote_access_tools_anydesk_susp_exec": { "name": "sigmahq/proc_creation_win_remote_access_tools_anydesk_susp_exec", @@ -11600,7 +11589,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.645007" }, "sigmahq/proc_creation_win_renamed_adfind": { "name": "sigmahq/proc_creation_win_renamed_adfind", @@ -11612,7 +11601,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.648425" }, "sigmahq/proc_creation_win_renamed_autoit": { "name": "sigmahq/proc_creation_win_renamed_autoit", @@ -11624,7 +11613,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.651484" }, "sigmahq/proc_creation_win_renamed_binary_highly_relevant": { "name": "sigmahq/proc_creation_win_renamed_binary_highly_relevant", @@ -11636,7 +11625,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.654687" }, "sigmahq/proc_creation_win_renamed_browsercore": { "name": "sigmahq/proc_creation_win_renamed_browsercore", @@ -11648,7 +11637,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.657443" }, "sigmahq/proc_creation_win_renamed_cloudflared": { "name": "sigmahq/proc_creation_win_renamed_cloudflared", @@ -11660,7 +11649,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.662243" }, "sigmahq/proc_creation_win_renamed_createdump": { "name": "sigmahq/proc_creation_win_renamed_createdump", @@ -11672,7 +11661,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.665072" }, "sigmahq/proc_creation_win_renamed_dctask64": { "name": "sigmahq/proc_creation_win_renamed_dctask64", @@ -11684,7 +11673,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.667929" }, "sigmahq/proc_creation_win_renamed_gpg4win": { "name": "sigmahq/proc_creation_win_renamed_gpg4win", @@ -11696,7 +11685,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.670585" }, "sigmahq/proc_creation_win_renamed_jusched": { "name": "sigmahq/proc_creation_win_renamed_jusched", @@ -11708,7 +11697,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.673173" }, "sigmahq/proc_creation_win_renamed_mavinject": { "name": "sigmahq/proc_creation_win_renamed_mavinject", @@ -11720,7 +11709,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.675865" }, "sigmahq/proc_creation_win_renamed_megasync": { "name": "sigmahq/proc_creation_win_renamed_megasync", @@ -11732,7 +11721,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.678489" }, "sigmahq/proc_creation_win_renamed_msdt": { "name": "sigmahq/proc_creation_win_renamed_msdt", @@ -11744,7 +11733,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.681064" }, "sigmahq/proc_creation_win_renamed_netsupport_rat": { "name": "sigmahq/proc_creation_win_renamed_netsupport_rat", @@ -11756,7 +11745,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.683671" }, "sigmahq/proc_creation_win_renamed_office_processes": { "name": "sigmahq/proc_creation_win_renamed_office_processes", @@ -11768,7 +11757,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.686503" }, "sigmahq/proc_creation_win_renamed_paexec": { "name": "sigmahq/proc_creation_win_renamed_paexec", @@ -11780,7 +11769,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.689292" }, "sigmahq/proc_creation_win_renamed_plink": { "name": "sigmahq/proc_creation_win_renamed_plink", @@ -11792,7 +11781,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.691918" }, "sigmahq/proc_creation_win_renamed_rundll32_dllregisterserver": { "name": "sigmahq/proc_creation_win_renamed_rundll32_dllregisterserver", @@ -11804,7 +11793,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.695334" }, "sigmahq/proc_creation_win_renamed_sysinternals_debugview": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_debugview", @@ -11816,7 +11805,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.698777" }, "sigmahq/proc_creation_win_renamed_sysinternals_procdump": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_procdump", @@ -11828,7 +11817,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.702479" }, "sigmahq/proc_creation_win_renamed_sysinternals_psexec_service": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_psexec_service", @@ -11840,7 +11829,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.705050" }, "sigmahq/proc_creation_win_renamed_sysinternals_sdelete": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_sdelete", @@ -11852,7 +11841,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.707711" }, "sigmahq/proc_creation_win_renamed_vmnat": { "name": "sigmahq/proc_creation_win_renamed_vmnat", @@ -11864,7 +11853,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.710320" }, "sigmahq/proc_creation_win_renamed_whoami": { "name": "sigmahq/proc_creation_win_renamed_whoami", @@ -11876,7 +11865,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.712905" }, "sigmahq/proc_creation_win_rundll32_ads_stored_dll_execution": { "name": "sigmahq/proc_creation_win_rundll32_ads_stored_dll_execution", @@ -11888,7 +11877,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.715571" }, "sigmahq/proc_creation_win_rundll32_advpack_obfuscated_ordinal_call": { "name": "sigmahq/proc_creation_win_rundll32_advpack_obfuscated_ordinal_call", @@ -11900,7 +11889,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.718197" }, "sigmahq/proc_creation_win_rundll32_inline_vbs": { "name": "sigmahq/proc_creation_win_rundll32_inline_vbs", @@ -11912,7 +11901,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.720846" }, "sigmahq/proc_creation_win_rundll32_keymgr": { "name": "sigmahq/proc_creation_win_rundll32_keymgr", @@ -11924,7 +11913,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.723471" }, "sigmahq/proc_creation_win_rundll32_mshtml_runhtmlapplication": { "name": "sigmahq/proc_creation_win_rundll32_mshtml_runhtmlapplication", @@ -11936,7 +11925,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.726055" }, "sigmahq/proc_creation_win_rundll32_no_params": { "name": "sigmahq/proc_creation_win_rundll32_no_params", @@ -11948,7 +11937,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.728874" }, "sigmahq/proc_creation_win_rundll32_ntlmrelay": { "name": "sigmahq/proc_creation_win_rundll32_ntlmrelay", @@ -11960,7 +11949,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.731605" }, "sigmahq/proc_creation_win_rundll32_process_dump_via_comsvcs": { "name": "sigmahq/proc_creation_win_rundll32_process_dump_via_comsvcs", @@ -11972,7 +11961,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.734481" }, "sigmahq/proc_creation_win_rundll32_registered_com_objects": { "name": "sigmahq/proc_creation_win_rundll32_registered_com_objects", @@ -11984,7 +11973,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.737153" }, "sigmahq/proc_creation_win_rundll32_shell32_susp_execution": { "name": "sigmahq/proc_creation_win_rundll32_shell32_susp_execution", @@ -11996,7 +11985,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.739913" }, "sigmahq/proc_creation_win_rundll32_spawn_explorer": { "name": "sigmahq/proc_creation_win_rundll32_spawn_explorer", @@ -12008,7 +11997,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.742584" }, "sigmahq/proc_creation_win_rundll32_susp_control_dll_load": { "name": "sigmahq/proc_creation_win_rundll32_susp_control_dll_load", @@ -12020,7 +12009,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.745226" }, "sigmahq/proc_creation_win_rundll32_susp_execution_with_image_extension": { "name": "sigmahq/proc_creation_win_rundll32_susp_execution_with_image_extension", @@ -12032,7 +12021,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.748068" }, "sigmahq/proc_creation_win_rundll32_susp_shellexec_execution": { "name": "sigmahq/proc_creation_win_rundll32_susp_shellexec_execution", @@ -12044,7 +12033,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.750781" }, "sigmahq/proc_creation_win_rundll32_susp_shimcache_flush": { "name": "sigmahq/proc_creation_win_rundll32_susp_shimcache_flush", @@ -12056,7 +12045,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.753480" }, "sigmahq/proc_creation_win_rundll32_sys": { "name": "sigmahq/proc_creation_win_rundll32_sys", @@ -12068,7 +12057,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.756111" }, "sigmahq/proc_creation_win_rundll32_unc_path": { "name": "sigmahq/proc_creation_win_rundll32_unc_path", @@ -12080,7 +12069,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.758840" }, "sigmahq/proc_creation_win_rundll32_webdav_client_susp_execution": { "name": "sigmahq/proc_creation_win_rundll32_webdav_client_susp_execution", @@ -12092,7 +12081,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.761979" }, "sigmahq/proc_creation_win_rundll32_without_parameters": { "name": "sigmahq/proc_creation_win_rundll32_without_parameters", @@ -12104,7 +12093,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.765603" }, "sigmahq/proc_creation_win_sc_change_sevice_image_path_by_non_admin": { "name": "sigmahq/proc_creation_win_sc_change_sevice_image_path_by_non_admin", @@ -12116,7 +12105,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.769165" }, "sigmahq/proc_creation_win_sc_sdset_allow_service_changes": { "name": "sigmahq/proc_creation_win_sc_sdset_allow_service_changes", @@ -12128,7 +12117,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.772152" }, "sigmahq/proc_creation_win_sc_sdset_deny_service_access": { "name": "sigmahq/proc_creation_win_sc_sdset_deny_service_access", @@ -12140,7 +12129,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.774951" }, "sigmahq/proc_creation_win_sc_sdset_hide_sevices": { "name": "sigmahq/proc_creation_win_sc_sdset_hide_sevices", @@ -12152,7 +12141,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.777642" }, "sigmahq/proc_creation_win_sc_service_path_modification": { "name": "sigmahq/proc_creation_win_sc_service_path_modification", @@ -12164,7 +12153,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.780627" }, "sigmahq/proc_creation_win_schtasks_appdata_local_system": { "name": "sigmahq/proc_creation_win_schtasks_appdata_local_system", @@ -12176,7 +12165,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.783504" }, "sigmahq/proc_creation_win_schtasks_change": { "name": "sigmahq/proc_creation_win_schtasks_change", @@ -12188,7 +12177,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.786836" }, "sigmahq/proc_creation_win_schtasks_creation_temp_folder": { "name": "sigmahq/proc_creation_win_schtasks_creation_temp_folder", @@ -12200,7 +12189,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.789504" }, "sigmahq/proc_creation_win_schtasks_delete": { "name": "sigmahq/proc_creation_win_schtasks_delete", @@ -12212,7 +12201,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.792318" }, "sigmahq/proc_creation_win_schtasks_delete_all": { "name": "sigmahq/proc_creation_win_schtasks_delete_all", @@ -12224,7 +12213,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.794963" }, "sigmahq/proc_creation_win_schtasks_disable": { "name": "sigmahq/proc_creation_win_schtasks_disable", @@ -12236,7 +12225,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.797824" }, "sigmahq/proc_creation_win_schtasks_folder_combos": { "name": "sigmahq/proc_creation_win_schtasks_folder_combos", @@ -12248,7 +12237,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.800613" }, "sigmahq/proc_creation_win_schtasks_one_time_only_midnight_task": { "name": "sigmahq/proc_creation_win_schtasks_one_time_only_midnight_task", @@ -12260,7 +12249,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.803404" }, "sigmahq/proc_creation_win_schtasks_powershell_persistence": { "name": "sigmahq/proc_creation_win_schtasks_powershell_persistence", @@ -12272,7 +12261,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.806234" }, "sigmahq/proc_creation_win_schtasks_reg_loader_encoded": { "name": "sigmahq/proc_creation_win_schtasks_reg_loader_encoded", @@ -12284,7 +12273,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.809106" }, "sigmahq/proc_creation_win_schtasks_schedule_type": { "name": "sigmahq/proc_creation_win_schtasks_schedule_type", @@ -12296,7 +12285,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.811847" }, "sigmahq/proc_creation_win_schtasks_system": { "name": "sigmahq/proc_creation_win_schtasks_system", @@ -12308,7 +12297,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.814718" }, "sigmahq/proc_creation_win_scrcons_susp_child_process": { "name": "sigmahq/proc_creation_win_scrcons_susp_child_process", @@ -12320,7 +12309,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.817485" }, "sigmahq/proc_creation_win_sdiagnhost_susp_child": { "name": "sigmahq/proc_creation_win_sdiagnhost_susp_child", @@ -12332,7 +12321,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.820408" }, "sigmahq/proc_creation_win_servu_susp_child_process": { "name": "sigmahq/proc_creation_win_servu_susp_child_process", @@ -12344,7 +12333,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.823216" }, "sigmahq/proc_creation_win_setres_uncommon_child_process": { "name": "sigmahq/proc_creation_win_setres_uncommon_child_process", @@ -12356,7 +12345,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.825970" }, "sigmahq/proc_creation_win_splwow64_cli_anomaly": { "name": "sigmahq/proc_creation_win_splwow64_cli_anomaly", @@ -12368,7 +12357,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.828590" }, "sigmahq/proc_creation_win_spoolsv_susp_child_processes": { "name": "sigmahq/proc_creation_win_spoolsv_susp_child_processes", @@ -12380,7 +12369,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.831894" }, "sigmahq/proc_creation_win_sqlcmd_veeam_dump": { "name": "sigmahq/proc_creation_win_sqlcmd_veeam_dump", @@ -12392,7 +12381,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.834531" }, "sigmahq/proc_creation_win_sqlite_chromium_profile_data": { "name": "sigmahq/proc_creation_win_sqlite_chromium_profile_data", @@ -12404,7 +12393,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.837404" }, "sigmahq/proc_creation_win_sqlite_firefox_gecko_profile_data": { "name": "sigmahq/proc_creation_win_sqlite_firefox_gecko_profile_data", @@ -12416,7 +12405,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.840994" }, "sigmahq/proc_creation_win_ssh_rdp_tunneling": { "name": "sigmahq/proc_creation_win_ssh_rdp_tunneling", @@ -12428,7 +12417,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.844417" }, "sigmahq/proc_creation_win_stordiag_susp_child_process": { "name": "sigmahq/proc_creation_win_stordiag_susp_child_process", @@ -12440,7 +12429,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.847485" }, "sigmahq/proc_creation_win_susp_abusing_debug_privilege": { "name": "sigmahq/proc_creation_win_susp_abusing_debug_privilege", @@ -12452,7 +12441,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.850377" }, "sigmahq/proc_creation_win_susp_add_user_privileged_group": { "name": "sigmahq/proc_creation_win_susp_add_user_privileged_group", @@ -12464,7 +12453,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.853047" }, "sigmahq/proc_creation_win_susp_add_user_remote_desktop_group": { "name": "sigmahq/proc_creation_win_susp_add_user_remote_desktop_group", @@ -12476,7 +12465,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.855932" }, "sigmahq/proc_creation_win_susp_archiver_iso_phishing": { "name": "sigmahq/proc_creation_win_susp_archiver_iso_phishing", @@ -12488,7 +12477,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.858664" }, "sigmahq/proc_creation_win_susp_child_process_as_system_": { "name": "sigmahq/proc_creation_win_susp_child_process_as_system_", @@ -12500,7 +12489,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.861429" }, "sigmahq/proc_creation_win_susp_cli_obfuscation_unicode_img": { "name": "sigmahq/proc_creation_win_susp_cli_obfuscation_unicode_img", @@ -12512,7 +12501,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.864348" }, "sigmahq/proc_creation_win_susp_copy_system_dir_lolbin": { "name": "sigmahq/proc_creation_win_susp_copy_system_dir_lolbin", @@ -12524,7 +12513,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.867357" }, "sigmahq/proc_creation_win_susp_crypto_mining_monero": { "name": "sigmahq/proc_creation_win_susp_crypto_mining_monero", @@ -12536,7 +12525,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.870391" }, "sigmahq/proc_creation_win_susp_data_exfiltration_via_cli": { "name": "sigmahq/proc_creation_win_susp_data_exfiltration_via_cli", @@ -12548,7 +12537,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.873530" }, "sigmahq/proc_creation_win_susp_disable_raccine": { "name": "sigmahq/proc_creation_win_susp_disable_raccine", @@ -12560,7 +12549,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.876246" }, "sigmahq/proc_creation_win_susp_double_extension": { "name": "sigmahq/proc_creation_win_susp_double_extension", @@ -12572,7 +12561,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.879652" }, "sigmahq/proc_creation_win_susp_double_extension_parent": { "name": "sigmahq/proc_creation_win_susp_double_extension_parent", @@ -12584,7 +12573,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.882931" }, "sigmahq/proc_creation_win_susp_download_office_domain": { "name": "sigmahq/proc_creation_win_susp_download_office_domain", @@ -12596,7 +12585,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.885848" }, "sigmahq/proc_creation_win_susp_dumpstack_log_evasion": { "name": "sigmahq/proc_creation_win_susp_dumpstack_log_evasion", @@ -12608,7 +12597,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.888396" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_1": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_1", @@ -12620,7 +12609,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.905851" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_2": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_2", @@ -12632,7 +12621,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.924680" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_3": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_3", @@ -12644,7 +12633,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.941752" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_4": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_4", @@ -12656,7 +12645,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.955898" }, "sigmahq/proc_creation_win_susp_etw_modification_cmdline": { "name": "sigmahq/proc_creation_win_susp_etw_modification_cmdline", @@ -12668,7 +12657,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.958762" }, "sigmahq/proc_creation_win_susp_etw_trace_evasion": { "name": "sigmahq/proc_creation_win_susp_etw_trace_evasion", @@ -12680,7 +12669,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.961702" }, "sigmahq/proc_creation_win_susp_eventlog_clear": { "name": "sigmahq/proc_creation_win_susp_eventlog_clear", @@ -12692,7 +12681,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.964697" }, "sigmahq/proc_creation_win_susp_execution_from_public_folder_as_parent": { "name": "sigmahq/proc_creation_win_susp_execution_from_public_folder_as_parent", @@ -12704,7 +12693,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.967763" }, "sigmahq/proc_creation_win_susp_execution_path": { "name": "sigmahq/proc_creation_win_susp_execution_path", @@ -12716,7 +12705,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.971896" }, "sigmahq/proc_creation_win_susp_gather_network_info_execution": { "name": "sigmahq/proc_creation_win_susp_gather_network_info_execution", @@ -12728,7 +12717,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.975474" }, "sigmahq/proc_creation_win_susp_image_missing": { "name": "sigmahq/proc_creation_win_susp_image_missing", @@ -12740,7 +12729,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.978107" }, "sigmahq/proc_creation_win_susp_inline_base64_mz_header": { "name": "sigmahq/proc_creation_win_susp_inline_base64_mz_header", @@ -12752,7 +12741,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.980726" }, "sigmahq/proc_creation_win_susp_inline_win_api_access": { "name": "sigmahq/proc_creation_win_susp_inline_win_api_access", @@ -12764,7 +12753,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.984249" }, "sigmahq/proc_creation_win_susp_lsass_dmp_cli_keywords": { "name": "sigmahq/proc_creation_win_susp_lsass_dmp_cli_keywords", @@ -12776,7 +12765,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.987213" }, "sigmahq/proc_creation_win_susp_non_priv_reg_or_ps": { "name": "sigmahq/proc_creation_win_susp_non_priv_reg_or_ps", @@ -12788,7 +12777,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.990027" }, "sigmahq/proc_creation_win_susp_ntds": { "name": "sigmahq/proc_creation_win_susp_ntds", @@ -12800,7 +12789,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.993074" }, "sigmahq/proc_creation_win_susp_nteventlogfile_usage": { "name": "sigmahq/proc_creation_win_susp_nteventlogfile_usage", @@ -12812,7 +12801,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.995951" }, "sigmahq/proc_creation_win_susp_parents": { "name": "sigmahq/proc_creation_win_susp_parents", @@ -12824,7 +12813,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:36.998937" }, "sigmahq/proc_creation_win_susp_powershell_execution_via_dll": { "name": "sigmahq/proc_creation_win_susp_powershell_execution_via_dll", @@ -12836,7 +12825,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.001837" }, "sigmahq/proc_creation_win_susp_priv_escalation_via_named_pipe": { "name": "sigmahq/proc_creation_win_susp_priv_escalation_via_named_pipe", @@ -12848,7 +12837,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.004600" }, "sigmahq/proc_creation_win_susp_progname": { "name": "sigmahq/proc_creation_win_susp_progname", @@ -12860,7 +12849,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.007871" }, "sigmahq/proc_creation_win_susp_recycle_bin_fake_execution": { "name": "sigmahq/proc_creation_win_susp_recycle_bin_fake_execution", @@ -12872,7 +12861,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.010449" }, "sigmahq/proc_creation_win_susp_redirect_local_admin_share": { "name": "sigmahq/proc_creation_win_susp_redirect_local_admin_share", @@ -12884,7 +12873,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.013125" }, "sigmahq/proc_creation_win_susp_right_to_left_override": { "name": "sigmahq/proc_creation_win_susp_right_to_left_override", @@ -12896,7 +12885,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.015812" }, "sigmahq/proc_creation_win_susp_script_exec_from_env_folder": { "name": "sigmahq/proc_creation_win_susp_script_exec_from_env_folder", @@ -12908,7 +12897,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.018860" }, "sigmahq/proc_creation_win_susp_script_exec_from_temp": { "name": "sigmahq/proc_creation_win_susp_script_exec_from_temp", @@ -12920,7 +12909,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.021783" }, "sigmahq/proc_creation_win_susp_sensitive_file_access_shadowcopy": { "name": "sigmahq/proc_creation_win_susp_sensitive_file_access_shadowcopy", @@ -12932,7 +12921,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.024483" }, "sigmahq/proc_creation_win_susp_service_creation": { "name": "sigmahq/proc_creation_win_susp_service_creation", @@ -12944,7 +12933,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.027582" }, "sigmahq/proc_creation_win_susp_service_dir": { "name": "sigmahq/proc_creation_win_susp_service_dir", @@ -12956,7 +12945,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.030472" }, "sigmahq/proc_creation_win_susp_service_tamper": { "name": "sigmahq/proc_creation_win_susp_service_tamper", @@ -12968,7 +12957,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.037461" }, "sigmahq/proc_creation_win_susp_shadow_copies_deletion": { "name": "sigmahq/proc_creation_win_susp_shadow_copies_deletion", @@ -12980,7 +12969,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.040422" }, "sigmahq/proc_creation_win_susp_shell_spawn_susp_program": { "name": "sigmahq/proc_creation_win_susp_shell_spawn_susp_program", @@ -12992,7 +12981,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.043741" }, "sigmahq/proc_creation_win_susp_system_user_anomaly": { "name": "sigmahq/proc_creation_win_susp_system_user_anomaly", @@ -13004,7 +12993,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.047484" }, "sigmahq/proc_creation_win_susp_task_folder_evasion": { "name": "sigmahq/proc_creation_win_susp_task_folder_evasion", @@ -13016,7 +13005,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.050407" }, "sigmahq/proc_creation_win_susp_whoami_as_param": { "name": "sigmahq/proc_creation_win_susp_whoami_as_param", @@ -13028,7 +13017,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.053112" }, "sigmahq/proc_creation_win_susp_workfolders": { "name": "sigmahq/proc_creation_win_susp_workfolders", @@ -13040,7 +13029,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.055828" }, "sigmahq/proc_creation_win_svchost_execution_with_no_cli_flags": { "name": "sigmahq/proc_creation_win_svchost_execution_with_no_cli_flags", @@ -13052,7 +13041,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.058574" }, "sigmahq/proc_creation_win_svchost_termserv_proc_spawn": { "name": "sigmahq/proc_creation_win_svchost_termserv_proc_spawn", @@ -13064,7 +13053,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.061392" }, "sigmahq/proc_creation_win_sysinternals_adexplorer_susp_execution": { "name": "sigmahq/proc_creation_win_sysinternals_adexplorer_susp_execution", @@ -13076,7 +13065,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.064181" }, "sigmahq/proc_creation_win_sysinternals_procdump_evasion": { "name": "sigmahq/proc_creation_win_sysinternals_procdump_evasion", @@ -13088,7 +13077,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.067002" }, "sigmahq/proc_creation_win_sysinternals_procdump_lsass": { "name": "sigmahq/proc_creation_win_sysinternals_procdump_lsass", @@ -13100,7 +13089,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.069806" }, "sigmahq/proc_creation_win_sysinternals_psexec_paexec_escalate_system": { "name": "sigmahq/proc_creation_win_sysinternals_psexec_paexec_escalate_system", @@ -13112,7 +13101,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.075540" }, "sigmahq/proc_creation_win_sysinternals_psexec_remote_execution": { "name": "sigmahq/proc_creation_win_sysinternals_psexec_remote_execution", @@ -13124,7 +13113,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.078192" }, "sigmahq/proc_creation_win_sysinternals_psexesvc_as_system": { "name": "sigmahq/proc_creation_win_sysinternals_psexesvc_as_system", @@ -13136,7 +13125,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.080867" }, "sigmahq/proc_creation_win_sysinternals_pssuspend_susp_execution": { "name": "sigmahq/proc_creation_win_sysinternals_pssuspend_susp_execution", @@ -13148,7 +13137,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.083579" }, "sigmahq/proc_creation_win_sysinternals_sdelete": { "name": "sigmahq/proc_creation_win_sysinternals_sdelete", @@ -13160,7 +13149,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.086217" }, "sigmahq/proc_creation_win_sysinternals_susp_psexec_paexec_flags": { "name": "sigmahq/proc_creation_win_sysinternals_susp_psexec_paexec_flags", @@ -13172,7 +13161,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.091973" }, "sigmahq/proc_creation_win_sysinternals_sysmon_uninstall": { "name": "sigmahq/proc_creation_win_sysinternals_sysmon_uninstall", @@ -13184,7 +13173,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.094735" }, "sigmahq/proc_creation_win_systemsettingsadminflows_turn_on_dev_features": { "name": "sigmahq/proc_creation_win_systemsettingsadminflows_turn_on_dev_features", @@ -13196,7 +13185,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.097416" }, "sigmahq/proc_creation_win_taskkill_sep": { "name": "sigmahq/proc_creation_win_taskkill_sep", @@ -13208,7 +13197,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.100181" }, "sigmahq/proc_creation_win_taskmgr_localsystem": { "name": "sigmahq/proc_creation_win_taskmgr_localsystem", @@ -13220,7 +13209,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.102851" }, "sigmahq/proc_creation_win_tscon_localsystem": { "name": "sigmahq/proc_creation_win_tscon_localsystem", @@ -13232,7 +13221,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.105469" }, "sigmahq/proc_creation_win_tscon_rdp_redirect": { "name": "sigmahq/proc_creation_win_tscon_rdp_redirect", @@ -13244,7 +13233,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.108088" }, "sigmahq/proc_creation_win_uac_bypass_changepk_slui": { "name": "sigmahq/proc_creation_win_uac_bypass_changepk_slui", @@ -13256,7 +13245,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.110768" }, "sigmahq/proc_creation_win_uac_bypass_cleanmgr": { "name": "sigmahq/proc_creation_win_uac_bypass_cleanmgr", @@ -13268,7 +13257,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.113426" }, "sigmahq/proc_creation_win_uac_bypass_cmstp": { "name": "sigmahq/proc_creation_win_uac_bypass_cmstp", @@ -13280,7 +13269,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.116140" }, "sigmahq/proc_creation_win_uac_bypass_cmstp_com_object_access": { "name": "sigmahq/proc_creation_win_uac_bypass_cmstp_com_object_access", @@ -13292,7 +13281,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.119055" }, "sigmahq/proc_creation_win_uac_bypass_computerdefaults": { "name": "sigmahq/proc_creation_win_uac_bypass_computerdefaults", @@ -13304,7 +13293,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.121770" }, "sigmahq/proc_creation_win_uac_bypass_consent_comctl32": { "name": "sigmahq/proc_creation_win_uac_bypass_consent_comctl32", @@ -13316,7 +13305,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.124587" }, "sigmahq/proc_creation_win_uac_bypass_dismhost": { "name": "sigmahq/proc_creation_win_uac_bypass_dismhost", @@ -13328,7 +13317,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.127376" }, "sigmahq/proc_creation_win_uac_bypass_eventvwr_recentviews": { "name": "sigmahq/proc_creation_win_uac_bypass_eventvwr_recentviews", @@ -13340,7 +13329,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.129972" }, "sigmahq/proc_creation_win_uac_bypass_fodhelper": { "name": "sigmahq/proc_creation_win_uac_bypass_fodhelper", @@ -13352,7 +13341,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.132612" }, "sigmahq/proc_creation_win_uac_bypass_icmluautil": { "name": "sigmahq/proc_creation_win_uac_bypass_icmluautil", @@ -13364,7 +13353,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.135305" }, "sigmahq/proc_creation_win_uac_bypass_idiagnostic_profile": { "name": "sigmahq/proc_creation_win_uac_bypass_idiagnostic_profile", @@ -13376,7 +13365,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.138002" }, "sigmahq/proc_creation_win_uac_bypass_ieinstal": { "name": "sigmahq/proc_creation_win_uac_bypass_ieinstal", @@ -13388,7 +13377,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.140679" }, "sigmahq/proc_creation_win_uac_bypass_msconfig_gui": { "name": "sigmahq/proc_creation_win_uac_bypass_msconfig_gui", @@ -13400,7 +13389,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.143375" }, "sigmahq/proc_creation_win_uac_bypass_ntfs_reparse_point": { "name": "sigmahq/proc_creation_win_uac_bypass_ntfs_reparse_point", @@ -13412,7 +13401,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.146188" }, "sigmahq/proc_creation_win_uac_bypass_pkgmgr_dism": { "name": "sigmahq/proc_creation_win_uac_bypass_pkgmgr_dism", @@ -13424,7 +13413,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.148897" }, "sigmahq/proc_creation_win_uac_bypass_trustedpath": { "name": "sigmahq/proc_creation_win_uac_bypass_trustedpath", @@ -13436,7 +13425,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.151534" }, "sigmahq/proc_creation_win_uac_bypass_winsat": { "name": "sigmahq/proc_creation_win_uac_bypass_winsat", @@ -13448,7 +13437,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.154193" }, "sigmahq/proc_creation_win_uac_bypass_wmp": { "name": "sigmahq/proc_creation_win_uac_bypass_wmp", @@ -13460,7 +13449,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.156892" }, "sigmahq/proc_creation_win_uac_bypass_wsreset": { "name": "sigmahq/proc_creation_win_uac_bypass_wsreset", @@ -13472,7 +13461,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.159634" }, "sigmahq/proc_creation_win_uac_bypass_wsreset_integrity_level": { "name": "sigmahq/proc_creation_win_uac_bypass_wsreset_integrity_level", @@ -13484,7 +13473,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.162256" }, "sigmahq/proc_creation_win_ultravnc_susp_execution": { "name": "sigmahq/proc_creation_win_ultravnc_susp_execution", @@ -13496,7 +13485,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.165310" }, "sigmahq/proc_creation_win_uninstall_crowdstrike_falcon": { "name": "sigmahq/proc_creation_win_uninstall_crowdstrike_falcon", @@ -13508,7 +13497,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.168023" }, "sigmahq/proc_creation_win_userinit_uncommon_child_processes": { "name": "sigmahq/proc_creation_win_userinit_uncommon_child_processes", @@ -13520,7 +13509,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.171025" }, "sigmahq/proc_creation_win_vmware_toolbox_cmd_persistence_susp": { "name": "sigmahq/proc_creation_win_vmware_toolbox_cmd_persistence_susp", @@ -13532,7 +13521,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.173893" }, "sigmahq/proc_creation_win_vmware_vmtoolsd_susp_child_process": { "name": "sigmahq/proc_creation_win_vmware_vmtoolsd_susp_child_process", @@ -13544,7 +13533,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.176913" }, "sigmahq/proc_creation_win_vscode_tunnel_renamed_execution": { "name": "sigmahq/proc_creation_win_vscode_tunnel_renamed_execution", @@ -13556,7 +13545,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.179837" }, "sigmahq/proc_creation_win_w32tm": { "name": "sigmahq/proc_creation_win_w32tm", @@ -13568,7 +13557,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.182530" }, "sigmahq/proc_creation_win_wab_execution_from_non_default_location": { "name": "sigmahq/proc_creation_win_wab_execution_from_non_default_location", @@ -13580,7 +13569,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.185170" }, "sigmahq/proc_creation_win_wab_unusual_parents": { "name": "sigmahq/proc_creation_win_wab_unusual_parents", @@ -13592,7 +13581,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.187807" }, "sigmahq/proc_creation_win_wbadmin_delete_all_backups": { "name": "sigmahq/proc_creation_win_wbadmin_delete_all_backups", @@ -13604,7 +13593,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.190496" }, "sigmahq/proc_creation_win_webshell_chopper": { "name": "sigmahq/proc_creation_win_webshell_chopper", @@ -13616,7 +13605,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.193379" }, "sigmahq/proc_creation_win_webshell_hacking": { "name": "sigmahq/proc_creation_win_webshell_hacking", @@ -13628,7 +13617,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.198448" }, "sigmahq/proc_creation_win_webshell_recon_commands_and_processes": { "name": "sigmahq/proc_creation_win_webshell_recon_commands_and_processes", @@ -13640,7 +13629,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.203546" }, "sigmahq/proc_creation_win_webshell_susp_process_spawned_from_webserver": { "name": "sigmahq/proc_creation_win_webshell_susp_process_spawned_from_webserver", @@ -13652,7 +13641,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.207210" }, "sigmahq/proc_creation_win_webshell_tool_recon": { "name": "sigmahq/proc_creation_win_webshell_tool_recon", @@ -13664,7 +13653,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.210242" }, "sigmahq/proc_creation_win_werfault_lsass_shtinkering": { "name": "sigmahq/proc_creation_win_werfault_lsass_shtinkering", @@ -13676,7 +13665,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.213047" }, "sigmahq/proc_creation_win_wermgr_susp_exec_location": { "name": "sigmahq/proc_creation_win_wermgr_susp_exec_location", @@ -13688,7 +13677,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.215673" }, "sigmahq/proc_creation_win_wget_download_direct_ip": { "name": "sigmahq/proc_creation_win_wget_download_direct_ip", @@ -13700,7 +13689,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.218777" }, "sigmahq/proc_creation_win_whoami_execution_from_high_priv_process": { "name": "sigmahq/proc_creation_win_whoami_execution_from_high_priv_process", @@ -13712,7 +13701,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.221453" }, "sigmahq/proc_creation_win_whoami_priv_discovery": { "name": "sigmahq/proc_creation_win_whoami_priv_discovery", @@ -13724,7 +13713,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.224118" }, "sigmahq/proc_creation_win_winget_add_insecure_custom_source": { "name": "sigmahq/proc_creation_win_winget_add_insecure_custom_source", @@ -13736,7 +13725,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.226823" }, "sigmahq/proc_creation_win_winrm_susp_child_process": { "name": "sigmahq/proc_creation_win_winrm_susp_child_process", @@ -13748,7 +13737,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.229610" }, "sigmahq/proc_creation_win_wmi_backdoor_exchange_transport_agent": { "name": "sigmahq/proc_creation_win_wmi_backdoor_exchange_transport_agent", @@ -13760,7 +13749,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.232469" }, "sigmahq/proc_creation_win_wmic_eventconsumer_creation": { "name": "sigmahq/proc_creation_win_wmic_eventconsumer_creation", @@ -13772,7 +13761,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.235100" }, "sigmahq/proc_creation_win_wmic_namespace_defender": { "name": "sigmahq/proc_creation_win_wmic_namespace_defender", @@ -13784,7 +13773,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.237816" }, "sigmahq/proc_creation_win_wmic_susp_execution_via_office_process": { "name": "sigmahq/proc_creation_win_wmic_susp_execution_via_office_process", @@ -13796,7 +13785,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.240921" }, "sigmahq/proc_creation_win_wmic_susp_process_creation": { "name": "sigmahq/proc_creation_win_wmic_susp_process_creation", @@ -13808,7 +13797,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.244008" }, "sigmahq/proc_creation_win_wmic_uninstall_security_products": { "name": "sigmahq/proc_creation_win_wmic_uninstall_security_products", @@ -13820,7 +13809,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.247527" }, "sigmahq/proc_creation_win_wmiprvse_susp_child_processes": { "name": "sigmahq/proc_creation_win_wmiprvse_susp_child_processes", @@ -13832,7 +13821,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.250512" }, "sigmahq/proc_creation_win_wpbbin_potential_persistence": { "name": "sigmahq/proc_creation_win_wpbbin_potential_persistence", @@ -13844,7 +13833,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.253168" }, "sigmahq/proc_creation_win_wscript_cscript_uncommon_extension_exec": { "name": "sigmahq/proc_creation_win_wscript_cscript_uncommon_extension_exec", @@ -13856,7 +13845,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.256033" }, "sigmahq/proc_creation_win_wuauclt_dll_loading": { "name": "sigmahq/proc_creation_win_wuauclt_dll_loading", @@ -13868,7 +13857,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.258862" }, "sigmahq/proc_creation_win_wuauclt_no_cli_flags_execution": { "name": "sigmahq/proc_creation_win_wuauclt_no_cli_flags_execution", @@ -13880,7 +13869,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.261534" }, "sigmahq/proc_creation_win_wusa_cab_files_extraction_from_susp_paths": { "name": "sigmahq/proc_creation_win_wusa_cab_files_extraction_from_susp_paths", @@ -13892,7 +13881,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.264184" }, "sigmahq/proc_creation_win_xwizard_execution_non_default_location": { "name": "sigmahq/proc_creation_win_xwizard_execution_non_default_location", @@ -13904,7 +13893,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T13:56:37.266913" }, "thespad/sshesame-bf": { "name": "thespad/sshesame-bf", @@ -13920,7 +13909,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T13:56:37.273223" }, "thespad/sshesame-cmd": { "name": "thespad/sshesame-cmd", @@ -13936,7 +13925,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T13:56:37.274724" }, "thespad/sshesame-input": { "name": "thespad/sshesame-input", @@ -13952,7 +13941,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T13:56:37.276150" }, "timokoessler/gitlab-bf": { "name": "timokoessler/gitlab-bf", @@ -13968,7 +13957,7 @@ "spoofable": 0, "cti": true, "service": "gitlab", - "created_at": "2022-07-26T15:59:43" + "created_at": "2025-10-15T13:56:37.280015" }, "timokoessler/gitlab-bf_user-enum": { "name": "timokoessler/gitlab-bf_user-enum", @@ -13985,7 +13974,7 @@ "spoofable": 0, "cti": true, "service": "gitlab", - "created_at": "2022-07-26T15:59:43" + "created_at": "2025-10-15T13:56:37.281450" }, "timokoessler/mongodb-bf": { "name": "timokoessler/mongodb-bf", @@ -14001,7 +13990,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T13:56:37.286434" }, "timokoessler/mongodb-bf_user-enum": { "name": "timokoessler/mongodb-bf_user-enum", @@ -14018,7 +14007,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T13:56:37.287863" }, "timokoessler/mongodb-bf_auth-db-enum": { "name": "timokoessler/mongodb-bf_auth-db-enum", @@ -14035,7 +14024,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T13:56:37.289319" }, "timokoessler/uptime-kuma-bf": { "name": "timokoessler/uptime-kuma-bf", @@ -14051,7 +14040,7 @@ "spoofable": 0, "cti": true, "service": "uptime-kuma", - "created_at": "2022-07-04T13:09:30" + "created_at": "2025-10-15T13:56:37.293179" }, "timokoessler/uptime-kuma-bf_user-enum": { "name": "timokoessler/uptime-kuma-bf_user-enum", @@ -14068,7 +14057,7 @@ "spoofable": 0, "cti": true, "service": "uptime-kuma", - "created_at": "2022-07-04T13:09:30" + "created_at": "2025-10-15T13:56:37.294593" }, "xs539/bookstack-bf": { "name": "xs539/bookstack-bf", @@ -14084,7 +14073,7 @@ "spoofable": 0, "cti": true, "service": "bookstack", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.298250" }, "xs539/bookstack-bf_user-enum": { "name": "xs539/bookstack-bf_user-enum", @@ -14100,7 +14089,7 @@ "spoofable": 0, "cti": true, "service": "bookstack", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.299661" }, "xs539/joplin-server-bf": { "name": "xs539/joplin-server-bf", @@ -14116,7 +14105,7 @@ "spoofable": 0, "cti": true, "service": "joplin", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.303253" }, "xs539/joplin-server-bf_user-enum": { "name": "xs539/joplin-server-bf_user-enum", @@ -14132,6 +14121,6 @@ "spoofable": 0, "cti": true, "service": "joplin", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T13:56:37.304674" } } \ No newline at end of file