diff --git a/.appsec-tests/vpatch-CVE-2020-13640/CVE-2020-13640.yaml b/.appsec-tests/vpatch-CVE-2020-13640/CVE-2020-13640.yaml new file mode 100644 index 00000000000..ac0d373d35b --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2020-13640/CVE-2020-13640.yaml @@ -0,0 +1,22 @@ +## autogenerated on 2025-10-15 14:07:19 +id: CVE-2020-13640 +info: + name: CVE-2020-13640 + author: crowdsec + severity: info + description: CVE-2020-13640 testing + tags: appsec-testing +http: + - raw: + - | + POST /wp-content/plugins/wpdiscuz/utils/ajax/wpdiscuz-ajax.php HTTP/1.1 + Host: {{Host}} + Content-Type: application/x-www-form-urlencoded + Connection: close + + action=wpdLoadMoreComments&offset=1&orderBy=comment_date_gmt&order=, (SELECT CASE WHEN (ORD(SUBSTRING((SELECT user_login FROM wp_users LIMIT 0,1),1,1)) > 96) THEN 1 ELSE 1*(SELECT table_name FROM information_schema.tables) END)=1 ASC #&lastParentId=&postId=1 + cookie-reuse: true + matchers: + - type: status + status: + - 403 diff --git a/.appsec-tests/vpatch-CVE-2020-13640/config.yaml b/.appsec-tests/vpatch-CVE-2020-13640/config.yaml new file mode 100644 index 00000000000..c4be25e6685 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2020-13640/config.yaml @@ -0,0 +1,5 @@ +## autogenerated on 2025-10-15 14:07:19 +appsec-rules: + - ./appsec-rules/crowdsecurity/base-config.yaml + - ./appsec-rules/crowdsecurity/vpatch-CVE-2020-13640.yaml +nuclei_template: CVE-2020-13640.yaml diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2020-13640.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2020-13640.yaml new file mode 100644 index 00000000000..4104408a0ad --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2020-13640.yaml @@ -0,0 +1,34 @@ +## autogenerated on 2025-10-15 14:07:19 +name: crowdsecurity/vpatch-CVE-2020-13640 +description: 'Detects SQL injection in wpDiscuz plugin via the order parameter in wpdLoadMoreComments action.' +rules: + - and: + - zones: + - URI + transform: + - lowercase + match: + type: contains + value: /wp-content/plugins/wpdiscuz/utils/ajax/wpdiscuz-ajax.php + - zones: + - BODY_ARGS + variables: + - order + transform: + - lowercase + - urldecode + match: + type: contains + value: '(' + +labels: + type: exploit + service: http + confidence: 3 + spoofable: 0 + behavior: 'http:exploit' + label: 'WpDiscuz - SQLI' + classification: + - cve.CVE-2020-13640 + - attack.T1190 + - cwe.CWE-89 diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml index 6cbe5bf1e86..64c757aeec4 100644 --- a/collections/crowdsecurity/appsec-virtual-patching.yaml +++ b/collections/crowdsecurity/appsec-virtual-patching.yaml @@ -122,6 +122,7 @@ appsec-rules: - crowdsecurity/vpatch-CVE-2022-38627 - crowdsecurity/vpatch-CVE-2025-36604 - crowdsecurity/vpatch-CVE-2025-61882 +- crowdsecurity/vpatch-CVE-2020-13640 - crowdsecurity/vpatch-CVE-2018-11511 author: crowdsecurity contexts: diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index 8bb1723c090..6674676aebf 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -9,7 +9,7 @@ "spoofable": 3, "cti": true, "service": "http", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T14:07:55.823456" }, "crowdsecurity/experimental-no-user-agent": { "name": "crowdsecurity/experimental-no-user-agent", @@ -26,7 +26,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-07-01T08:27:00" + "created_at": "2025-10-15T14:07:55.142718" }, "crowdsecurity/generic-freemarker-ssti": { "name": "crowdsecurity/generic-freemarker-ssti", @@ -43,7 +43,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-28T16:01:19" + "created_at": "2025-10-15T14:07:55.145510" }, "crowdsecurity/generic-wordpress-uploads-listing": { "name": "crowdsecurity/generic-wordpress-uploads-listing", @@ -60,7 +60,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-05T10:33:19" + "created_at": "2025-10-15T14:07:55.148700" }, "crowdsecurity/generic-wordpress-uploads-php": { "name": "crowdsecurity/generic-wordpress-uploads-php", @@ -77,7 +77,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-17T15:50:39" + "created_at": "2025-10-15T14:07:55.151490" }, "crowdsecurity/vpatch-CVE-2002-1131": { "name": "crowdsecurity/vpatch-CVE-2002-1131", @@ -93,7 +93,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-24T16:39:04", + "created_at": "2025-10-15T14:07:55.157872", "cves": [ "CVE-2002-1131" ], @@ -115,7 +115,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:16:13", + "created_at": "2025-10-15T14:07:55.161218", "cves": [ "CVE-2007-0885" ], @@ -138,7 +138,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.163970", "cves": [ "CVE-2017-9841" ], @@ -161,7 +161,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T14:07:55.167385", "cves": [ "CVE-2018-1000861" ], @@ -184,7 +184,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-08T09:24:18", + "created_at": "2025-10-15T14:07:55.170818", "cves": [ "CVE-2018-10562" ], @@ -228,7 +228,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-14T08:43:45", + "created_at": "2025-10-15T14:07:55.174173", "cves": [ "CVE-2018-1207" ], @@ -251,7 +251,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T14:07:55.177654", "cves": [ "CVE-2018-13379" ], @@ -274,7 +274,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T14:07:55.181411", "cves": [ "CVE-2018-20062" ] @@ -294,7 +294,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T14:07:55.184436", "cves": [ "CVE-2019-1003030" ], @@ -317,7 +317,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.188333", "cves": [ "CVE-2019-12989" ], @@ -340,7 +340,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T14:07:55.191872", "cves": [ "CVE-2019-18935" ], @@ -362,7 +362,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-07T10:50:31", + "created_at": "2025-10-15T14:07:55.194736", "cves": [ "CVE-2019-5418" ], @@ -385,7 +385,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.198337", "cves": [ "CVE-2020-11738" ], @@ -393,6 +393,28 @@ "CWE-22" ] }, + "crowdsecurity/vpatch-CVE-2020-13640": { + "name": "crowdsecurity/vpatch-CVE-2020-13640", + "description": "Detects SQL injection in wpDiscuz plugin via the order parameter in wpdLoadMoreComments action.", + "label": "WpDiscuz - SQLI", + "behaviors": [ + "http:exploit" + ], + "mitre_attacks": [ + "TA0001:T1190" + ], + "confidence": 3, + "spoofable": 0, + "cti": true, + "service": "http", + "created_at": "2025-10-15T14:07:55.201819", + "cves": [ + "CVE-2020-13640" + ], + "cwes": [ + "CWE-89" + ] + }, "crowdsecurity/vpatch-CVE-2020-17496": { "name": "crowdsecurity/vpatch-CVE-2020-17496", "description": "vBulletin RCE (CVE-2020-17496)", @@ -408,7 +430,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-22T11:09:51", + "created_at": "2025-10-15T14:07:55.205476", "cves": [ "CVE-2020-17496" ], @@ -430,7 +452,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-25T12:14:33", + "created_at": "2025-10-15T14:07:55.208880", "cves": [ "CVE-2020-25078" ], @@ -453,7 +475,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T14:07:55.211970", "cves": [ "CVE-2020-5902" ], @@ -475,7 +497,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T14:07:55.215255", "cves": [ "CVE-2020-9054" ], @@ -498,7 +520,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.218677", "cves": [ "CVE-2021-22941" ], @@ -521,7 +543,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T14:07:55.222193", "cves": [ "CVE-2021-26086" ] @@ -540,7 +562,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-25T06:54:32", + "created_at": "2025-10-15T14:07:55.225508", "cves": [ "CVE-2021-26294" ], @@ -563,7 +585,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.228690", "cves": [ "CVE-2021-3129" ], @@ -585,7 +607,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T16:14:54", + "created_at": "2025-10-15T14:07:55.231875", "cves": [ "CVE-2021-43798" ], @@ -607,7 +629,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T14:07:55.236432", "cves": [ "CVE-2021-44529" ], @@ -629,7 +651,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:04:11", + "created_at": "2025-10-15T14:07:55.241589", "cves": [ "CVE-2022-1388" ], @@ -652,7 +674,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-19T08:32:53", + "created_at": "2025-10-15T14:07:55.245151", "cves": [ "CVE-2022-22954" ] @@ -672,7 +694,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T14:07:55.247794", "cves": [ "CVE-2022-22965" ], @@ -694,7 +716,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-26T14:44:30", + "created_at": "2025-10-15T14:07:55.251022", "cves": [ "CVE-2022-25488" ], @@ -717,7 +739,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T14:07:55.254872", "cves": [ "CVE-2022-26134" ], @@ -740,7 +762,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.258187", "cves": [ "CVE-2022-27926" ], @@ -762,7 +784,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-08T06:52:22", + "created_at": "2025-10-15T14:07:55.261586", "cves": [ "CVE-2022-31499" ], @@ -785,7 +807,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.264490", "cves": [ "CVE-2022-35914" ], @@ -807,7 +829,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-01T14:30:05", + "created_at": "2025-10-15T14:07:55.267803", "cves": [ "CVE-2022-38627" ], @@ -830,7 +852,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T14:07:55.271259", "cves": [ "CVE-2022-41082" ], @@ -853,7 +875,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.274369", "cves": [ "CVE-2022-44877" ], @@ -876,7 +898,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.277577", "cves": [ "CVE-2022-46169" ], @@ -901,7 +923,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-24T16:35:30", + "created_at": "2025-10-15T14:07:55.280978", "cves": [ "CVE-2023-0297" ], @@ -924,7 +946,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.284062", "cves": [ "CVE-2023-0600" ], @@ -947,7 +969,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.288515", "cves": [ "CVE-2023-0900" ], @@ -970,7 +992,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-16T10:54:35", + "created_at": "2025-10-15T14:07:55.292426", "cves": [ "CVE-2023-1389" ], @@ -993,7 +1015,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.296216", "cves": [ "CVE-2023-2009" ], @@ -1016,7 +1038,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.299273", "cves": [ "CVE-2023-20198" ], @@ -1039,7 +1061,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.302818", "cves": [ "CVE-2023-22515" ], @@ -1062,7 +1084,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-05T15:54:31", + "created_at": "2025-10-15T14:07:55.306472", "cves": [ "CVE-2023-22527" ] @@ -1081,7 +1103,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T07:35:54", + "created_at": "2025-10-15T14:07:55.309814", "cves": [ "CVE-2023-23063" ], @@ -1104,7 +1126,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.313536", "cves": [ "CVE-2023-23488" ], @@ -1127,7 +1149,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.317459", "cves": [ "CVE-2023-23489" ], @@ -1150,7 +1172,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T14:07:55.320693", "cves": [ "CVE-2023-23752" ], @@ -1174,7 +1196,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.324417", "cves": [ "CVE-2023-24489" ], @@ -1197,7 +1219,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-16T13:28:14", + "created_at": "2025-10-15T14:07:55.327485", "cves": [ "CVE-2023-28121" ], @@ -1220,7 +1242,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.332738", "cves": [ "CVE-2023-33617" ], @@ -1243,7 +1265,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.337032", "cves": [ "CVE-2023-34362" ], @@ -1266,7 +1288,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-09T14:28:50", + "created_at": "2025-10-15T14:07:55.340604", "cves": [ "CVE-2023-35078" ] @@ -1286,7 +1308,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-09T14:28:50", + "created_at": "2025-10-15T14:07:55.345036", "cves": [ "CVE-2023-35082" ] @@ -1306,7 +1328,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.348589", "cves": [ "CVE-2023-3519" ], @@ -1329,7 +1351,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.351410", "cves": [ "CVE-2023-38205" ], @@ -1352,7 +1374,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.354852", "cves": [ "CVE-2023-40044" ], @@ -1375,7 +1397,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.357528", "cves": [ "CVE-2023-42793" ], @@ -1397,7 +1419,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.360684", "cves": [ "CVE-2023-4634" ], @@ -1420,7 +1442,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-18T17:00:09", + "created_at": "2025-10-15T14:07:55.363626", "cves": [ "CVE-2023-46805", "CVE-2024-21887" @@ -1445,7 +1467,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-18T15:28:39", + "created_at": "2025-10-15T14:07:55.367690", "cves": [ "CVE-2023-47218" ], @@ -1469,7 +1491,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T14:59:53", + "created_at": "2025-10-15T14:07:55.371816", "cves": [ "CVE-2023-49070" ], @@ -1492,7 +1514,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44", + "created_at": "2025-10-15T14:07:55.375021", "cves": [ "CVE-2023-50164" ], @@ -1514,7 +1536,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T09:15:18", + "created_at": "2025-10-15T14:07:55.378872", "cves": [ "CVE-2023-6000" ], @@ -1537,7 +1559,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.382363", "cves": [ "CVE-2023-6360" ], @@ -1560,7 +1582,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-08T09:42:56", + "created_at": "2025-10-15T14:07:55.385607", "cves": [ "CVE-2023-6553" ], @@ -1583,7 +1605,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.389063", "cves": [ "CVE-2023-6567" ], @@ -1606,7 +1628,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.393044", "cves": [ "CVE-2023-6623" ], @@ -1629,7 +1651,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-17T10:39:13", + "created_at": "2025-10-15T14:07:55.396507", "cves": [ "CVE-2023-7028" ] @@ -1649,7 +1671,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T14:07:55.399382", "cves": [ "CVE-2024-0012" ], @@ -1671,7 +1693,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-25T13:59:26", + "created_at": "2025-10-15T14:07:55.402360", "cves": [ "CVE-2024-0204" ], @@ -1694,7 +1716,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.405733", "cves": [ "CVE-2024-1061" ], @@ -1717,7 +1739,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-14T16:04:42", + "created_at": "2025-10-15T14:07:55.409570", "cves": [ "CVE-2024-1071" ], @@ -1740,7 +1762,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-26T08:21:36", + "created_at": "2025-10-15T14:07:55.412850", "cves": [ "CVE-2024-1212" ] @@ -1760,7 +1782,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-03-26T10:14:34", + "created_at": "2025-10-15T14:07:55.416361", "cves": [ "CVE-2024-22024" ], @@ -1783,7 +1805,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-26T17:01:15", + "created_at": "2025-10-15T14:07:55.420081", "cves": [ "CVE-2024-23897" ], @@ -1806,7 +1828,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-04-19T10:04:54", + "created_at": "2025-10-15T14:07:55.423298", "cves": [ "CVE-2024-27198" ], @@ -1828,7 +1850,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T14:07:55.426575", "cves": [ "CVE-2024-27292" ], @@ -1851,7 +1873,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-08-22T15:02:07", + "created_at": "2025-10-15T14:07:55.430114", "cves": [ "CVE-2024-27348" ], @@ -1873,7 +1895,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T14:07:55.433382", "cves": [ "CVE-2024-27564" ], @@ -1896,7 +1918,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T16:19:55", + "created_at": "2025-10-15T14:07:55.436964", "cves": [ "CVE-2024-27954" ], @@ -1919,7 +1941,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T16:19:55", + "created_at": "2025-10-15T14:07:55.440577", "cves": [ "CVE-2024-27956" ], @@ -1942,7 +1964,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-31T09:07:41", + "created_at": "2025-10-15T14:07:55.444107", "cves": [ "CVE-2024-28255" ], @@ -1965,7 +1987,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T14:07:55.447007", "cves": [ "CVE-2024-28987" ], @@ -1987,7 +2009,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T09:52:11", + "created_at": "2025-10-15T14:07:55.450301", "cves": [ "CVE-2024-29028" ], @@ -2010,7 +2032,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-08-22T15:02:07", + "created_at": "2025-10-15T14:07:55.453579", "cves": [ "CVE-2024-29824" ], @@ -2033,7 +2055,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-06-19T15:51:07", + "created_at": "2025-10-15T14:07:55.458316", "cves": [ "CVE-2024-29849" ] @@ -2053,7 +2075,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T14:07:55.461671", "cves": [ "CVE-2024-29973" ], @@ -2076,7 +2098,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-19T13:56:16", + "created_at": "2025-10-15T14:07:55.464734", "cves": [ "CVE-2024-32113" ], @@ -2099,7 +2121,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-19T13:56:16", + "created_at": "2025-10-15T14:07:55.468557", "cves": [ "CVE-2024-3272" ], @@ -2122,7 +2144,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-08T13:12:35", + "created_at": "2025-10-15T14:07:55.472277", "cves": [ "CVE-2024-3273" ] @@ -2141,7 +2163,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:41:10", + "created_at": "2025-10-15T14:07:55.476632", "cves": [ "CVE-2024-32870" ], @@ -2164,7 +2186,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-12T16:08:34", + "created_at": "2025-10-15T14:07:55.482065", "cves": [ "CVE-2024-34102" ], @@ -2187,7 +2209,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-08T14:49:23", + "created_at": "2025-10-15T14:07:55.485296", "cves": [ "CVE-2024-38816" ], @@ -2210,7 +2232,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-10-25T07:33:36", + "created_at": "2025-10-15T14:07:55.488968", "cves": [ "CVE-2024-38856" ], @@ -2233,7 +2255,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T16:30:59", + "created_at": "2025-10-15T14:07:55.491945", "cves": [ "CVE-2024-41713" ], @@ -2257,7 +2279,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-06-10T15:43:47", + "created_at": "2025-10-15T14:07:55.494821", "cves": [ "CVE-2024-4577" ], @@ -2281,7 +2303,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T10:41:01", + "created_at": "2025-10-15T14:07:55.498546", "cves": [ "CVE-2024-46506" ], @@ -2304,7 +2326,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T15:48:37", + "created_at": "2025-10-15T14:07:55.501914", "cves": [ "CVE-2024-51378" ], @@ -2327,7 +2349,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-13T15:49:31", + "created_at": "2025-10-15T14:07:55.505516", "cves": [ "CVE-2024-51567" ], @@ -2350,7 +2372,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-08T07:57:45", + "created_at": "2025-10-15T14:07:55.508648", "cves": [ "CVE-2024-51977" ], @@ -2373,7 +2395,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-21T08:54:14", + "created_at": "2025-10-15T14:07:55.511444", "cves": [ "CVE-2024-52301" ], @@ -2395,7 +2417,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-31T17:08:27", + "created_at": "2025-10-15T14:07:55.514431", "cves": [ "CVE-2024-57727" ], @@ -2418,7 +2440,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-03T13:11:18", + "created_at": "2025-10-15T14:07:55.517837", "cves": [ "CVE-2024-6205" ], @@ -2440,7 +2462,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T15:31:41", + "created_at": "2025-10-15T14:07:55.523575", "cves": [ "CVE-2024-7593" ], @@ -2464,7 +2486,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-09-23T13:35:04", + "created_at": "2025-10-15T14:07:55.527185", "cves": [ "CVE-2024-8190" ], @@ -2487,7 +2509,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-27T15:54:59", + "created_at": "2025-10-15T14:07:55.530334", "cves": [ "CVE-2024-8963" ], @@ -2510,7 +2532,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-01-21T15:48:37", + "created_at": "2025-10-15T14:07:55.533985", "cves": [ "CVE-2024-9465" ], @@ -2533,7 +2555,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T14:07:55.538048", "cves": [ "CVE-2024-9474" ], @@ -2555,7 +2577,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-04-02T13:17:39", + "created_at": "2025-10-15T14:07:55.541384", "cves": [ "CVE-2025-24893" ], @@ -2577,7 +2599,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-07-11T13:14:42", + "created_at": "2025-10-15T14:07:55.545073", "cves": [ "CVE-2025-25257" ], @@ -2599,7 +2621,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:39:12", + "created_at": "2025-10-15T14:07:55.548534", "cves": [ "CVE-2025-28367" ], @@ -2621,7 +2643,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-05T09:14:12", + "created_at": "2025-10-15T14:07:55.551920", "cves": [ "CVE-2025-29306" ], @@ -2644,7 +2666,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-03-24T08:57:28", + "created_at": "2025-10-15T14:07:55.554752", "cves": [ "CVE-2025-29927" ], @@ -2666,7 +2688,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T10:41:54", + "created_at": "2025-10-15T14:07:55.558549", "cves": [ "CVE-2025-31161" ], @@ -2689,7 +2711,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T11:00:23", + "created_at": "2025-10-15T14:07:55.562236", "cves": [ "CVE-2025-31324" ], @@ -2711,7 +2733,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-05-09T09:38:09", + "created_at": "2025-10-15T14:07:55.565876", "cves": [ "CVE-2025-3248" ], @@ -2733,7 +2755,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-02T10:35:45", + "created_at": "2025-10-15T14:07:55.569623", "cves": [ "CVE-2025-3605" ], @@ -2755,7 +2777,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-10T14:42:39", + "created_at": "2025-10-15T14:07:55.572854", "cves": [ "CVE-2025-36604" ], @@ -2777,7 +2799,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:22:35", + "created_at": "2025-10-15T14:07:55.576719", "cves": [ "CVE-2025-47812" ], @@ -2799,7 +2821,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-09T16:18:55", + "created_at": "2025-10-15T14:07:55.581077", "cves": [ "CVE-2025-49113" ], @@ -2821,7 +2843,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:26:41", + "created_at": "2025-10-15T14:07:55.584556", "cves": [ "CVE-2025-49132" ], @@ -2843,7 +2865,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-08-06T14:32:38", + "created_at": "2025-10-15T14:07:55.587891", "cves": [ "CVE-2025-52488" ], @@ -2865,7 +2887,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-09-19T09:43:02", + "created_at": "2025-10-15T14:07:55.591848", "cves": [ "CVE-2025-57819" ], @@ -2887,7 +2909,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-10-10T08:14:38", + "created_at": "2025-10-15T14:07:55.595724", "cves": [ "CVE-2025-61882" ], @@ -2910,7 +2932,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-21T15:28:33", + "created_at": "2025-10-15T14:07:55.598398", "cves": [ "CVE-2024-1709" ] @@ -2930,7 +2952,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T14:07:55.601012" }, "crowdsecurity/vpatch-git-config": { "name": "crowdsecurity/vpatch-git-config", @@ -2946,7 +2968,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-07-18T15:28:39" + "created_at": "2025-10-15T14:07:55.603591" }, "crowdsecurity/vpatch-laravel-debug-mode": { "name": "crowdsecurity/vpatch-laravel-debug-mode", @@ -2963,7 +2985,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-22T12:24:34", + "created_at": "2025-10-15T14:07:55.606763", "cves": [ "CVE-2017-16894", "CVE-2021-41714", @@ -2985,7 +3007,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-02-02T14:29:31" + "created_at": "2025-10-15T14:07:55.609737" }, "Dominic-Wagner/vaultwarden-bf": { "name": "Dominic-Wagner/vaultwarden-bf", @@ -3001,7 +3023,7 @@ "spoofable": 0, "cti": true, "service": "vaultwarden", - "created_at": "2022-02-15T13:18:17" + "created_at": "2025-10-15T14:07:55.613529" }, "Dominic-Wagner/vaultwarden-bf_user-enum": { "name": "Dominic-Wagner/vaultwarden-bf_user-enum", @@ -3018,40 +3040,7 @@ "spoofable": 0, "cti": true, "service": "vaultwarden", - "created_at": "2022-02-15T13:18:17" - }, - "Jgigantino31/calibre-web-bf": { - "name": "Jgigantino31/calibre-web-bf", - "description": "Detect calibre-web bruteforce", - "label": "Calibre-Web Bruteforce", - "behaviors": [ - "http:bruteforce" - ], - "mitre_attacks": [ - "TA0006:T1110" - ], - "confidence": 3, - "spoofable": 0, - "cti": true, - "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" - }, - "Jgigantino31/calibre-web-bf_user-enum": { - "name": "Jgigantino31/calibre-web-bf_user-enum", - "description": "Detect calibre-web user enum bruteforce", - "label": "Calibre-Web User Enumeration", - "behaviors": [ - "http:bruteforce" - ], - "mitre_attacks": [ - "TA0043:T1589", - "TA0006:T1110" - ], - "confidence": 3, - "spoofable": 0, - "cti": true, - "service": "calibre-web", - "created_at": "2025-10-14T08:42:34" + "created_at": "2025-10-15T14:07:55.614905" }, "Jgigantino31/ntfy-bf": { "name": "Jgigantino31/ntfy-bf", @@ -3067,7 +3056,7 @@ "spoofable": 0, "cti": true, "service": "ntfy", - "created_at": "2025-09-30T09:33:37" + "created_at": "2025-10-15T14:07:55.622443" }, "LePresidente/adguardhome-bf": { "name": "LePresidente/adguardhome-bf", @@ -3083,7 +3072,7 @@ "spoofable": 0, "cti": true, "service": "adguardhome", - "created_at": "2023-02-21T11:03:22" + "created_at": "2025-10-15T14:07:55.625087" }, "LePresidente/authelia-bf": { "name": "LePresidente/authelia-bf", @@ -3099,7 +3088,7 @@ "spoofable": 0, "cti": true, "service": "authelia", - "created_at": "2022-02-28T10:24:54" + "created_at": "2025-10-15T14:07:55.628798" }, "LePresidente/authelia-bf_user-enum": { "name": "LePresidente/authelia-bf_user-enum", @@ -3116,7 +3105,7 @@ "spoofable": 0, "cti": true, "service": "authelia", - "created_at": "2022-02-28T10:24:54" + "created_at": "2025-10-15T14:07:55.630182" }, "LePresidente/emby-bf": { "name": "LePresidente/emby-bf", @@ -3132,7 +3121,7 @@ "spoofable": 0, "cti": true, "service": "emby", - "created_at": "2022-02-28T10:11:12" + "created_at": "2025-10-15T14:07:55.632742" }, "LePresidente/gitea-bf": { "name": "LePresidente/gitea-bf", @@ -3148,7 +3137,7 @@ "spoofable": 0, "cti": true, "service": "gitea", - "created_at": "2022-03-30T09:47:59" + "created_at": "2025-10-15T14:07:55.636359" }, "LePresidente/gitea-bf_user-enum": { "name": "LePresidente/gitea-bf_user-enum", @@ -3165,7 +3154,7 @@ "spoofable": 0, "cti": true, "service": "gitea", - "created_at": "2022-03-30T09:47:59" + "created_at": "2025-10-15T14:07:55.637782" }, "LePresidente/grafana-bf": { "name": "LePresidente/grafana-bf", @@ -3181,7 +3170,7 @@ "spoofable": 0, "cti": true, "service": "grafana", - "created_at": "2023-03-16T09:39:52" + "created_at": "2025-10-15T14:07:55.640439" }, "LePresidente/harbor-bf": { "name": "LePresidente/harbor-bf", @@ -3197,7 +3186,7 @@ "spoofable": 0, "cti": true, "service": "harbor", - "created_at": "2023-05-16T15:35:43" + "created_at": "2025-10-15T14:07:55.644183" }, "LePresidente/harbor-bf_user-enum": { "name": "LePresidente/harbor-bf_user-enum", @@ -3214,7 +3203,7 @@ "spoofable": 0, "cti": true, "service": "harbor", - "created_at": "2023-05-16T15:35:43" + "created_at": "2025-10-15T14:07:55.645656" }, "LePresidente/jellyfin-bf": { "name": "LePresidente/jellyfin-bf", @@ -3230,7 +3219,7 @@ "spoofable": 0, "cti": true, "service": "jellyfin", - "created_at": "2023-02-13T11:18:24" + "created_at": "2025-10-15T14:07:55.649389" }, "LePresidente/jellyfin-bf_user-enum": { "name": "LePresidente/jellyfin-bf_user-enum", @@ -3247,7 +3236,7 @@ "spoofable": 0, "cti": true, "service": "jellyfin", - "created_at": "2023-02-13T11:18:24" + "created_at": "2025-10-15T14:07:55.650746" }, "LePresidente/jellyseerr-bf": { "name": "LePresidente/jellyseerr-bf", @@ -3263,7 +3252,7 @@ "spoofable": 0, "cti": true, "service": "jellyseerr", - "created_at": "2022-07-28T16:02:18" + "created_at": "2025-10-15T14:07:55.654434" }, "LePresidente/jellyseerr-bf_user-enum": { "name": "LePresidente/jellyseerr-bf_user-enum", @@ -3280,7 +3269,7 @@ "spoofable": 0, "cti": true, "service": "jellyseerr", - "created_at": "2022-07-28T16:02:18" + "created_at": "2025-10-15T14:07:55.655842" }, "LePresidente/ombi-bf": { "name": "LePresidente/ombi-bf", @@ -3296,7 +3285,7 @@ "spoofable": 0, "cti": true, "service": "ombi", - "created_at": "2022-02-28T10:16:46" + "created_at": "2025-10-15T14:07:55.658498" }, "LePresidente/overseerr-bf": { "name": "LePresidente/overseerr-bf", @@ -3312,7 +3301,7 @@ "spoofable": 0, "cti": true, "service": "overseerr", - "created_at": "2024-01-18T07:37:57" + "created_at": "2025-10-15T14:07:55.662369" }, "LePresidente/overseerr-bf_user-enum": { "name": "LePresidente/overseerr-bf_user-enum", @@ -3329,7 +3318,7 @@ "spoofable": 0, "cti": true, "service": "overseerr", - "created_at": "2024-01-18T07:37:57" + "created_at": "2025-10-15T14:07:55.663846" }, "LePresidente/redmine-bf": { "name": "LePresidente/redmine-bf", @@ -3345,7 +3334,7 @@ "spoofable": 0, "cti": true, "service": "redmine", - "created_at": "2023-03-13T12:00:45" + "created_at": "2025-10-15T14:07:55.667561" }, "LePresidente/redmine-bf_user-enum": { "name": "LePresidente/redmine-bf_user-enum", @@ -3362,7 +3351,7 @@ "spoofable": 0, "cti": true, "service": "redmine", - "created_at": "2023-03-13T12:00:45" + "created_at": "2025-10-15T14:07:55.668978" }, "lepresidente/ssh-bad-keyexchange-bf": { "name": "lepresidente/ssh-bad-keyexchange-bf", @@ -3378,7 +3367,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2023-06-14T14:32:14" + "created_at": "2025-10-15T14:07:55.671607" }, "LearningSpot/baserow-bf": { "name": "LearningSpot/baserow-bf", @@ -3394,7 +3383,7 @@ "spoofable": 0, "cti": true, "service": "baserow", - "created_at": "2025-05-01T11:27:22" + "created_at": "2025-10-15T14:07:55.674154" }, "LearningSpot/dockge-bf": { "name": "LearningSpot/dockge-bf", @@ -3410,7 +3399,7 @@ "spoofable": 0, "cti": true, "service": "dockge", - "created_at": "2025-03-20T08:55:10" + "created_at": "2025-10-15T14:07:55.677792" }, "LearningSpot/dockge_bf_user_enum": { "name": "LearningSpot/dockge_bf_user_enum", @@ -3427,7 +3416,7 @@ "spoofable": 0, "cti": true, "service": "dockge", - "created_at": "2025-03-20T08:55:10" + "created_at": "2025-10-15T14:07:55.679153" }, "LearningSpot/hestiacp-bf": { "name": "LearningSpot/hestiacp-bf", @@ -3443,7 +3432,7 @@ "spoofable": 0, "cti": true, "service": "hestiacp", - "created_at": "2025-05-01T10:24:27" + "created_at": "2025-10-15T14:07:55.682782" }, "LearningSpot/hestiacp-bf-user-enum": { "name": "LearningSpot/hestiacp-bf-user-enum", @@ -3460,7 +3449,7 @@ "spoofable": 0, "cti": true, "service": "hestiacp", - "created_at": "2025-05-01T10:24:27" + "created_at": "2025-10-15T14:07:55.684138" }, "LearningSpot/litellm-bf": { "name": "LearningSpot/litellm-bf", @@ -3476,7 +3465,7 @@ "spoofable": 0, "cti": true, "service": "litellm", - "created_at": "2025-05-01T11:03:17" + "created_at": "2025-10-15T14:07:55.686634" }, "MariuszKociubinski/bitwarden-bf": { "name": "MariuszKociubinski/bitwarden-bf", @@ -3492,7 +3481,7 @@ "spoofable": 0, "cti": true, "service": "bitwarden", - "created_at": "2023-05-10T11:39:42" + "created_at": "2025-10-15T14:07:55.689403" }, "MrShippeR/filebrowser-bf": { "name": "MrShippeR/filebrowser-bf", @@ -3508,7 +3497,7 @@ "spoofable": 0, "cti": true, "service": "filebrowser", - "created_at": "2025-05-01T10:29:44" + "created_at": "2025-10-15T14:07:55.691960" }, "PintjesB/technitium-bf": { "name": "PintjesB/technitium-bf", @@ -3524,7 +3513,7 @@ "spoofable": 0, "cti": true, "service": "technitium", - "created_at": "2025-10-02T10:22:05" + "created_at": "2025-10-15T14:07:55.694512" }, "a1ad/meshcentral-bf": { "name": "a1ad/meshcentral-bf", @@ -3540,7 +3529,7 @@ "spoofable": 0, "cti": true, "service": "meshcentral", - "created_at": "2023-02-13T13:22:34" + "created_at": "2025-10-15T14:07:55.698251" }, "a1ad/meshcentral-bf_user-enum": { "name": "a1ad/meshcentral-bf_user-enum", @@ -3557,7 +3546,7 @@ "spoofable": 0, "cti": true, "service": "meshcentral", - "created_at": "2023-02-13T13:22:34" + "created_at": "2025-10-15T14:07:55.699639" }, "a1ad/mikrotik-bf": { "name": "a1ad/mikrotik-bf", @@ -3573,7 +3562,7 @@ "spoofable": 0, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T14:07:55.703393" }, "a1ad/mikrotik-bf_user-enum": { "name": "a1ad/mikrotik-bf_user-enum", @@ -3590,7 +3579,7 @@ "spoofable": 0, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T14:07:55.704935" }, "a1ad/mikrotik-scan-multi_ports": { "name": "a1ad/mikrotik-scan-multi_ports", @@ -3608,7 +3597,7 @@ "spoofable": 2, "cti": true, "service": "mikrotik", - "created_at": "2023-03-22T08:45:45" + "created_at": "2025-10-15T14:07:55.707605" }, "aidalinfo/couchdb-slow-bf": { "name": "aidalinfo/couchdb-slow-bf", @@ -3622,7 +3611,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T14:07:55.711139" }, "aidalinfo/couchdb-bf": { "name": "aidalinfo/couchdb-bf", @@ -3636,7 +3625,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T14:07:55.712486" }, "aidalinfo/couchdb-crawl": { "name": "aidalinfo/couchdb-crawl", @@ -3652,7 +3641,7 @@ "spoofable": 0, "cti": true, "service": "couchdb", - "created_at": "2024-02-05T14:43:52" + "created_at": "2025-10-15T14:07:55.715187" }, "aidalinfo/tcpudp-flood-traefik": { "name": "aidalinfo/tcpudp-flood-traefik", @@ -3666,7 +3655,7 @@ "spoofable": 0, "cti": true, "service": null, - "created_at": "2024-01-18T08:01:59" + "created_at": "2025-10-15T14:07:55.717624" }, "andreasbrett/baikal-bf": { "name": "andreasbrett/baikal-bf", @@ -3682,7 +3671,7 @@ "spoofable": 0, "cti": true, "service": "baikal", - "created_at": "2023-07-05T09:55:56" + "created_at": "2025-10-15T14:07:55.721437" }, "andreasbrett/baikal-bf_user-enum": { "name": "andreasbrett/baikal-bf_user-enum", @@ -3698,7 +3687,7 @@ "spoofable": 0, "cti": true, "service": "baikal", - "created_at": "2023-07-05T09:55:56" + "created_at": "2025-10-15T14:07:55.722801" }, "andreasbrett/paperless-ngx-bf": { "name": "andreasbrett/paperless-ngx-bf", @@ -3714,7 +3703,7 @@ "spoofable": 0, "cti": true, "service": "paperless-ngx", - "created_at": "2023-07-03T10:00:29" + "created_at": "2025-10-15T14:07:55.726439" }, "andreasbrett/paperless-ngx-bf_user-enum": { "name": "andreasbrett/paperless-ngx-bf_user-enum", @@ -3730,7 +3719,7 @@ "spoofable": 0, "cti": true, "service": "paperless-ngx", - "created_at": "2023-07-03T10:00:29" + "created_at": "2025-10-15T14:07:55.727826" }, "andreasbrett/webmin-bf": { "name": "andreasbrett/webmin-bf", @@ -3746,7 +3735,7 @@ "spoofable": 0, "cti": true, "service": "webmin", - "created_at": "2023-08-09T19:16:51" + "created_at": "2025-10-15T14:07:55.731458" }, "andreasbrett/webmin-bf_user-enum": { "name": "andreasbrett/webmin-bf_user-enum", @@ -3762,7 +3751,7 @@ "spoofable": 0, "cti": true, "service": "webmin", - "created_at": "2023-08-09T19:16:51" + "created_at": "2025-10-15T14:07:55.732854" }, "barnoux/crs-anomaly-score": { "name": "barnoux/crs-anomaly-score", @@ -3779,7 +3768,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-03T21:29:58" + "created_at": "2025-10-15T14:07:55.735506" }, "baudneo/gotify-bf": { "name": "baudneo/gotify-bf", @@ -3795,7 +3784,7 @@ "spoofable": 0, "cti": true, "service": "gotify", - "created_at": "2022-03-04T14:05:06" + "created_at": "2025-10-15T14:07:55.738087" }, "baudneo/zoneminder-bf": { "name": "baudneo/zoneminder-bf", @@ -3812,7 +3801,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-03-04T14:05:06" + "created_at": "2025-10-15T14:07:55.743191" }, "baudneo/zoneminder_cve-2022-39285": { "name": "baudneo/zoneminder_cve-2022-39285", @@ -3829,7 +3818,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T14:07:55.746045", "cves": [ "CVE-2022-39285" ] @@ -3849,7 +3838,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T14:07:55.748686", "cves": [ "CVE-2022-39290" ] @@ -3869,7 +3858,7 @@ "spoofable": 0, "cti": true, "service": "zoneminder", - "created_at": "2022-12-20T10:22:03", + "created_at": "2025-10-15T14:07:55.751657", "cves": [ "CVE-2022-39291" ] @@ -3888,7 +3877,7 @@ "spoofable": 0, "cti": true, "service": "opensearch", - "created_at": "2025-03-19T18:14:43" + "created_at": "2025-10-15T14:07:55.754147" }, "corvese/apache-guacamole_bf": { "name": "corvese/apache-guacamole_bf", @@ -3904,7 +3893,7 @@ "spoofable": 0, "cti": true, "service": "apache-guacamole", - "created_at": "2023-04-06T12:46:40" + "created_at": "2025-10-15T14:07:55.756724" }, "corvese/apache-guacamole_user_enum": { "name": "corvese/apache-guacamole_user_enum", @@ -3921,7 +3910,7 @@ "spoofable": 0, "cti": true, "service": "apache-guacamole", - "created_at": "2023-04-06T12:46:40" + "created_at": "2025-10-15T14:07:55.759441" }, "crowdsecurity/CVE-2017-9841": { "name": "crowdsecurity/CVE-2017-9841", @@ -3938,7 +3927,7 @@ "spoofable": 0, "cti": true, "service": "PHP", - "created_at": "2024-02-26T09:45:44", + "created_at": "2025-10-15T14:07:55.762114", "cves": [ "CVE-2017-9841" ] @@ -3958,7 +3947,7 @@ "spoofable": 0, "cti": true, "service": "telerik", - "created_at": "2023-04-05T13:50:46", + "created_at": "2025-10-15T14:07:55.764981", "cves": [ "CVE-2019-18935" ] @@ -3977,7 +3966,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2022-01-27T12:50:03", + "created_at": "2025-10-15T14:07:55.767539", "cves": [ "CVE-2021-4034" ] @@ -3997,7 +3986,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2022-10-17T15:36:43", + "created_at": "2025-10-15T14:07:55.770144", "cves": [ "CVE-2022-26134" ] @@ -4017,7 +4006,7 @@ "spoofable": 0, "cti": true, "service": "glpi", - "created_at": "2022-10-07T12:19:09", + "created_at": "2025-10-15T14:07:55.772648", "cves": [ "CVE-2022-35914" ] @@ -4037,7 +4026,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2022-08-18T09:37:38", + "created_at": "2025-10-15T14:07:55.775285", "cves": [ "CVE-2022-37042" ] @@ -4056,7 +4045,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2022-10-14T11:48:41", + "created_at": "2025-10-15T14:07:55.777824", "cves": [ "CVE-2022-40684" ] @@ -4076,7 +4065,7 @@ "spoofable": 0, "cti": true, "service": "exchange", - "created_at": "2022-10-01T12:22:22", + "created_at": "2025-10-15T14:07:55.780368", "cves": [ "CVE-2022-41082" ] @@ -4095,7 +4084,7 @@ "spoofable": 0, "cti": true, "service": "ghost", - "created_at": "2022-12-27T14:51:55", + "created_at": "2025-10-15T14:07:55.783087", "cves": [ "CVE-2022-41697" ] @@ -4115,7 +4104,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2022-10-24T10:03:41", + "created_at": "2025-10-15T14:07:55.785798", "cves": [ "CVE-2022-42889" ] @@ -4135,7 +4124,7 @@ "spoofable": 0, "cti": true, "service": "centos", - "created_at": "2023-01-20T14:00:02", + "created_at": "2025-10-15T14:07:55.788379", "cves": [ "CVE-2022-44877" ] @@ -4154,7 +4143,7 @@ "spoofable": 0, "cti": true, "service": "cacti", - "created_at": "2023-01-18T11:13:11", + "created_at": "2025-10-15T14:07:55.792175", "cves": [ "CVE-2022-46169" ] @@ -4174,7 +4163,7 @@ "spoofable": 0, "cti": true, "service": "cacti", - "created_at": "2023-01-18T11:13:11", + "created_at": "2025-10-15T14:07:55.793559", "cves": [ "CVE-2022-46169" ] @@ -4194,7 +4183,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2023-10-06T14:39:30", + "created_at": "2025-10-15T14:07:55.796162", "cves": [ "CVE-2023-22515" ] @@ -4214,7 +4203,7 @@ "spoofable": 0, "cti": true, "service": "confluence", - "created_at": "2023-11-06T09:42:38", + "created_at": "2025-10-15T14:07:55.798751", "cves": [ "CVE-2023-22518" ] @@ -4233,7 +4222,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2023-03-31T12:33:19", + "created_at": "2025-10-15T14:07:55.801939", "cves": [ "CVE-2023-23397" ] @@ -4253,7 +4242,7 @@ "spoofable": 1, "cti": true, "service": "owncloud", - "created_at": "2023-11-28T12:43:10", + "created_at": "2025-10-15T14:07:55.804558", "cves": [ "CVE-2023-49103" ] @@ -4272,7 +4261,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-10-05T11:14:30" + "created_at": "2025-10-15T14:07:55.807171" }, "crowdsecurity/CVE-2024-0012": { "name": "crowdsecurity/CVE-2024-0012", @@ -4289,7 +4278,7 @@ "spoofable": 0, "cti": true, "service": "panos", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T14:07:55.809852", "cves": [ "CVE-2024-0012" ] @@ -4309,7 +4298,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2024-08-22T13:15:02", + "created_at": "2025-10-15T14:07:55.812649", "cves": [ "CVE-2024-38475" ] @@ -4329,7 +4318,7 @@ "spoofable": 0, "cti": true, "service": "panos", - "created_at": "2024-11-20T14:53:39", + "created_at": "2025-10-15T14:07:55.815351", "cves": [ "CVE-2024-9474" ] @@ -4347,7 +4336,7 @@ "spoofable": 0, "cti": true, "service": "amavis", - "created_at": "2024-03-26T08:37:46" + "created_at": "2025-10-15T14:07:55.817811" }, "crowdsecurity/apache_log4j2_cve-2021-44228": { "name": "crowdsecurity/apache_log4j2_cve-2021-44228", @@ -4364,7 +4353,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-12-10T16:32:21", + "created_at": "2025-10-15T14:07:55.820928", "cves": [ "CVE-2021-44228" ] @@ -4383,7 +4372,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-02-28T09:34:04" + "created_at": "2025-10-15T14:07:55.826067" }, "crowdsecurity/appsec-vpatch": { "name": "crowdsecurity/appsec-vpatch", @@ -4399,7 +4388,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T14:07:55.828819" }, "crowdsecurity/asterisk_bf": { "name": "crowdsecurity/asterisk_bf", @@ -4415,7 +4404,7 @@ "spoofable": 0, "cti": true, "service": "asterisk", - "created_at": "2021-12-22T14:08:32" + "created_at": "2025-10-15T14:07:55.831288" }, "crowdsecurity/asterisk_user_enum": { "name": "crowdsecurity/asterisk_user_enum", @@ -4433,7 +4422,7 @@ "spoofable": 0, "cti": true, "service": "asterisk", - "created_at": "2021-12-22T14:08:32" + "created_at": "2025-10-15T14:07:55.833907" }, "crowdsecurity/auditd-base64-exec-behavior": { "name": "crowdsecurity/auditd-base64-exec-behavior", @@ -4449,7 +4438,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.836816" }, "crowdsecurity/auditd-postexploit-exec-from-net": { "name": "crowdsecurity/auditd-postexploit-exec-from-net", @@ -4465,7 +4454,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.839725" }, "crowdsecurity/auditd-postexploit-pkill": { "name": "crowdsecurity/auditd-postexploit-pkill", @@ -4481,7 +4470,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.842517" }, "crowdsecurity/auditd-postexploit-rm": { "name": "crowdsecurity/auditd-postexploit-rm", @@ -4497,7 +4486,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.845337" }, "crowdsecurity/auditd-suid-crash": { "name": "crowdsecurity/auditd-suid-crash", @@ -4513,7 +4502,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-10-04T16:28:36" + "created_at": "2025-10-15T14:07:55.848265" }, "crowdsecurity/auditd-sus-exec": { "name": "crowdsecurity/auditd-sus-exec", @@ -4529,7 +4518,7 @@ "spoofable": 0, "cti": true, "service": "linux", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.850749" }, "crowdsecurity/aws-cloudtrail-bf-console-login": { "name": "crowdsecurity/aws-cloudtrail-bf-console-login", @@ -4545,7 +4534,7 @@ "spoofable": 0, "cti": true, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.853524" }, "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change": { "name": "crowdsecurity/aws-cis-benchmark-cloudtrail-config-change", @@ -4561,7 +4550,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.855962" }, "crowdsecurity/aws-cis-benchmark-config-config-change": { "name": "crowdsecurity/aws-cis-benchmark-config-config-change", @@ -4577,7 +4566,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.858417" }, "crowdsecurity/aws-cis-benchmark-console-auth-fail": { "name": "crowdsecurity/aws-cis-benchmark-console-auth-fail", @@ -4593,7 +4582,7 @@ "spoofable": 0, "cti": true, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.860753" }, "crowdsecurity/aws-cis-benchmark-iam-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-iam-policy-change", @@ -4609,7 +4598,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.863418" }, "crowdsecurity/aws-cis-benchmark-kms-deletion": { "name": "crowdsecurity/aws-cis-benchmark-kms-deletion", @@ -4625,7 +4614,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.865847" }, "crowdsecurity/aws-cis-benchmark-login-no-mfa": { "name": "crowdsecurity/aws-cis-benchmark-login-no-mfa", @@ -4642,7 +4631,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.868319" }, "crowdsecurity/aws-cis-benchmark-nacl-change": { "name": "crowdsecurity/aws-cis-benchmark-nacl-change", @@ -4658,7 +4647,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.870800" }, "crowdsecurity/aws-cis-benchmark-ngw-change": { "name": "crowdsecurity/aws-cis-benchmark-ngw-change", @@ -4674,7 +4663,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.873325" }, "crowdsecurity/aws-cis-benchmark-root-usage": { "name": "crowdsecurity/aws-cis-benchmark-root-usage", @@ -4691,7 +4680,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.875747" }, "crowdsecurity/aws-cis-benchmark-route-table-change": { "name": "crowdsecurity/aws-cis-benchmark-route-table-change", @@ -4707,7 +4696,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.878308" }, "crowdsecurity/aws-cis-benchmark-s3-policy-change": { "name": "crowdsecurity/aws-cis-benchmark-s3-policy-change", @@ -4723,7 +4712,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.880866" }, "crowdsecurity/aws-cis-benchmark-security-group-change": { "name": "crowdsecurity/aws-cis-benchmark-security-group-change", @@ -4739,7 +4728,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.883362" }, "crowdsecurity/aws-cis-benchmark-unauthorized-call": { "name": "crowdsecurity/aws-cis-benchmark-unauthorized-call", @@ -4755,7 +4744,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.885860" }, "crowdsecurity/aws-cis-benchmark-vpc-change": { "name": "crowdsecurity/aws-cis-benchmark-vpc-change", @@ -4771,7 +4760,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.888420" }, "crowdsecurity/aws-cloudtrail-postexploit": { "name": "crowdsecurity/aws-cloudtrail-postexploit", @@ -4788,7 +4777,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.891480" }, "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login": { "name": "crowdsecurity/aws-cloudtrail-nwo-nwd-console-login", @@ -4804,7 +4793,7 @@ "spoofable": 0, "cti": false, "service": "aws", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:55.894353" }, "crowdsecurity/configserver-lfd-bf": { "name": "crowdsecurity/configserver-lfd-bf", @@ -4820,7 +4809,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2024-01-05T09:54:29" + "created_at": "2025-10-15T14:07:55.897859" }, "crowdsecurity/cpanel-bf-attempt": { "name": "crowdsecurity/cpanel-bf-attempt", @@ -4836,7 +4825,7 @@ "spoofable": 0, "cti": true, "service": "cpanel", - "created_at": "2022-08-29T15:04:15" + "created_at": "2025-10-15T14:07:55.900244" }, "crowdsecurity/cpanel-bf": { "name": "crowdsecurity/cpanel-bf", @@ -4852,7 +4841,7 @@ "spoofable": 0, "cti": true, "service": "cpanel", - "created_at": "2021-06-28T11:05:18" + "created_at": "2025-10-15T14:07:55.902692" }, "crowdsecurity/crowdsec-appsec-inband": { "name": "crowdsecurity/crowdsec-appsec-inband", @@ -4868,7 +4857,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T14:07:55.905403" }, "crowdsecurity/crowdsec-appsec-outofband": { "name": "crowdsecurity/crowdsec-appsec-outofband", @@ -4884,7 +4873,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-12-15T15:51:44" + "created_at": "2025-10-15T14:07:55.908274" }, "crowdsecurity/dovecot-spam": { "name": "crowdsecurity/dovecot-spam", @@ -4900,7 +4889,7 @@ "spoofable": 0, "cti": true, "service": "dovecot", - "created_at": "2021-02-17T10:15:15" + "created_at": "2025-10-15T14:07:55.910826" }, "crowdsecurity/endlessh-bf": { "name": "crowdsecurity/endlessh-bf", @@ -4916,7 +4905,7 @@ "spoofable": 0, "cti": true, "service": "endlessh", - "created_at": "2022-02-28T10:07:59" + "created_at": "2025-10-15T14:07:55.913446" }, "crowdsecurity/exchange-bf": { "name": "crowdsecurity/exchange-bf", @@ -4932,7 +4921,7 @@ "spoofable": 0, "cti": true, "service": "exchange", - "created_at": "2022-07-21T08:37:19" + "created_at": "2025-10-15T14:07:55.915966" }, "crowdsecurity/exim-bf": { "name": "crowdsecurity/exim-bf", @@ -4948,7 +4937,7 @@ "spoofable": 0, "cti": true, "service": "smtp", - "created_at": "2023-01-09T16:38:20" + "created_at": "2025-10-15T14:07:55.919507" }, "crowdsecurity/exim-user-bf": { "name": "crowdsecurity/exim-user-bf", @@ -4964,7 +4953,7 @@ "spoofable": 0, "cti": true, "service": "smtp", - "created_at": "2023-01-09T16:38:20" + "created_at": "2025-10-15T14:07:55.920879" }, "crowdsecurity/f5-big-ip-cve-2020-5902": { "name": "crowdsecurity/f5-big-ip-cve-2020-5902", @@ -4981,7 +4970,7 @@ "spoofable": 0, "cti": true, "service": "f5", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T14:07:55.924489", "cves": [ "CVE-2020-5902" ] @@ -5001,7 +4990,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T14:07:55.927056", "cves": [ "CVE-2018-13379" ] @@ -5020,7 +5009,7 @@ "spoofable": 0, "cti": true, "service": "fortinet", - "created_at": "2024-10-23T14:07:50" + "created_at": "2025-10-15T14:07:55.929627" }, "crowdsecurity/freeswitch-acl-reject": { "name": "crowdsecurity/freeswitch-acl-reject", @@ -5036,7 +5025,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T14:07:55.932153" }, "crowdsecurity/freeswitch-bf": { "name": "crowdsecurity/freeswitch-bf", @@ -5052,7 +5041,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T14:07:55.936339" }, "crowdsecurity/freeswitch-slow-bf": { "name": "crowdsecurity/freeswitch-slow-bf", @@ -5068,7 +5057,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T14:07:55.937688" }, "crowdsecurity/freeswitch-user-enumeration": { "name": "crowdsecurity/freeswitch-user-enumeration", @@ -5084,7 +5073,7 @@ "spoofable": 0, "cti": true, "service": "freeswitch", - "created_at": "2023-03-10T13:39:52" + "created_at": "2025-10-15T14:07:55.942749" }, "crowdsecurity/grafana-cve-2021-43798": { "name": "crowdsecurity/grafana-cve-2021-43798", @@ -5101,7 +5090,7 @@ "spoofable": 0, "cti": true, "service": "grafana", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T14:07:55.945351", "cves": [ "CVE-2021-43798" ] @@ -5120,7 +5109,7 @@ "spoofable": 0, "cti": true, "service": "home-assistant", - "created_at": "2022-01-28T16:07:26" + "created_at": "2025-10-15T14:07:55.947840" }, "crowdsecurity/http-admin-interface-probing": { "name": "crowdsecurity/http-admin-interface-probing", @@ -5136,7 +5125,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-01-23T08:34:34" + "created_at": "2025-10-15T14:07:55.951037" }, "crowdsecurity/http-apiscp-bf": { "name": "crowdsecurity/http-apiscp-bf", @@ -5152,7 +5141,7 @@ "spoofable": 0, "cti": true, "service": "apisCP", - "created_at": "2022-07-28T15:22:51" + "created_at": "2025-10-15T14:07:55.953635" }, "crowdsecurity/http-backdoors-attempts": { "name": "crowdsecurity/http-backdoors-attempts", @@ -5168,7 +5157,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-02T11:09:12" + "created_at": "2025-10-15T14:07:55.956505" }, "crowdsecurity/http-bad-user-agent": { "name": "crowdsecurity/http-bad-user-agent", @@ -5184,7 +5173,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-24T18:06:23" + "created_at": "2025-10-15T14:07:55.959544" }, "crowdsecurity/http-bf-wordpress_bf": { "name": "crowdsecurity/http-bf-wordpress_bf", @@ -5200,7 +5189,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:55.962171" }, "crowdsecurity/http-bf-wordpress_bf_xmlrpc": { "name": "crowdsecurity/http-bf-wordpress_bf_xmlrpc", @@ -5216,7 +5205,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2021-10-04T16:24:05" + "created_at": "2025-10-15T14:07:55.964729" }, "crowdsecurity/http-crawl-non_statics": { "name": "crowdsecurity/http-crawl-non_statics", @@ -5232,7 +5221,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:55.967496" }, "crowdsecurity/http-cve-2021-41773": { "name": "crowdsecurity/http-cve-2021-41773", @@ -5249,7 +5238,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-10-11T16:09:41", + "created_at": "2025-10-15T14:07:55.970094", "cves": [ "CVE-2021-41773" ] @@ -5269,7 +5258,7 @@ "spoofable": 0, "cti": true, "service": "apache", - "created_at": "2021-10-12T18:03:32", + "created_at": "2025-10-15T14:07:55.972673", "cves": [ "CVE-2021-42013" ] @@ -5288,7 +5277,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2024-05-10T12:21:25" + "created_at": "2025-10-15T14:07:55.975513" }, "crowdsecurity/http-dos-bypass-cache": { "name": "crowdsecurity/http-dos-bypass-cache", @@ -5304,7 +5293,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T14:07:55.978404" }, "crowdsecurity/http-dos-invalid-http-versions": { "name": "crowdsecurity/http-dos-invalid-http-versions", @@ -5320,7 +5309,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T14:07:55.981074" }, "crowdsecurity/http-dos-random-uri": { "name": "crowdsecurity/http-dos-random-uri", @@ -5336,7 +5325,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T14:07:55.983825" }, "crowdsecurity/http-dos-swithcing-ua": { "name": "crowdsecurity/http-dos-swithcing-ua", @@ -5352,7 +5341,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-10-10T14:55:33" + "created_at": "2025-10-15T14:07:55.986506" }, "crowdsecurity/http-generic-bf": { "name": "crowdsecurity/http-generic-bf", @@ -5368,7 +5357,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T14:07:55.991192" }, "LePresidente/http-generic-401-bf": { "name": "LePresidente/http-generic-401-bf", @@ -5384,7 +5373,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T14:07:55.992568" }, "LePresidente/http-generic-403-bf": { "name": "LePresidente/http-generic-403-bf", @@ -5400,7 +5389,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-12-07T10:13:38" + "created_at": "2025-10-15T14:07:55.993940" }, "crowdsecurity/http-generic-test": { "name": "crowdsecurity/http-generic-test", @@ -5412,7 +5401,7 @@ "spoofable": 3, "cti": true, "service": "http", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T14:07:55.996359" }, "crowdsecurity/http-magento-bf": { "name": "crowdsecurity/http-magento-bf", @@ -5428,7 +5417,7 @@ "spoofable": 0, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T14:07:55.998887" }, "crowdsecurity/http-magento-ccs-by-as": { "name": "crowdsecurity/http-magento-ccs-by-as", @@ -5444,7 +5433,7 @@ "spoofable": 3, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T14:07:56.001511" }, "crowdsecurity/http-magento-ccs-by-country": { "name": "crowdsecurity/http-magento-ccs-by-country", @@ -5460,7 +5449,7 @@ "spoofable": 3, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T14:07:56.004269" }, "crowdsecurity/http-magento-ccs": { "name": "crowdsecurity/http-magento-ccs", @@ -5476,7 +5465,7 @@ "spoofable": 0, "cti": true, "service": "magento", - "created_at": "2022-10-21T14:22:08" + "created_at": "2025-10-15T14:07:56.006875" }, "crowdsecurity/http-open-proxy": { "name": "crowdsecurity/http-open-proxy", @@ -5492,7 +5481,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-09-30T09:21:12" + "created_at": "2025-10-15T14:07:56.009832" }, "crowdsecurity/http-path-traversal-probing": { "name": "crowdsecurity/http-path-traversal-probing", @@ -5508,7 +5497,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-01T13:41:04" + "created_at": "2025-10-15T14:07:56.012851" }, "crowdsecurity/http-probing": { "name": "crowdsecurity/http-probing", @@ -5524,7 +5513,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-21T13:21:12" + "created_at": "2025-10-15T14:07:56.015634" }, "crowdsecurity/http-sap-interface-probing": { "name": "crowdsecurity/http-sap-interface-probing", @@ -5540,7 +5529,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2025-06-06T11:41:26" + "created_at": "2025-10-15T14:07:56.018561" }, "crowdsecurity/http-sensitive-files": { "name": "crowdsecurity/http-sensitive-files", @@ -5556,7 +5545,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-01T14:48:05" + "created_at": "2025-10-15T14:07:56.021596" }, "crowdsecurity/http-sqli-probbing-detection": { "name": "crowdsecurity/http-sqli-probbing-detection", @@ -5572,7 +5561,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-29T10:32:32" + "created_at": "2025-10-15T14:07:56.024665" }, "crowdsecurity/http-wordpress-scan": { "name": "crowdsecurity/http-wordpress-scan", @@ -5588,7 +5577,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2024-04-22T07:58:44" + "created_at": "2025-10-15T14:07:56.027307" }, "crowdsecurity/http-wordpress_user-enum": { "name": "crowdsecurity/http-wordpress_user-enum", @@ -5606,7 +5595,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2022-02-16T10:27:10" + "created_at": "2025-10-15T14:07:56.030088" }, "crowdsecurity/http-wordpress_wpconfig": { "name": "crowdsecurity/http-wordpress_wpconfig", @@ -5622,7 +5611,7 @@ "spoofable": 0, "cti": true, "service": "wordpress", - "created_at": "2021-06-10T08:33:07" + "created_at": "2025-10-15T14:07:56.032812" }, "crowdsecurity/http-xss-probbing": { "name": "crowdsecurity/http-xss-probbing", @@ -5638,7 +5627,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-06-18T08:23:27" + "created_at": "2025-10-15T14:07:56.035864" }, "crowdsecurity/impossible-travel-user": { "name": "crowdsecurity/impossible-travel-user", @@ -5652,7 +5641,7 @@ "spoofable": 0, "cti": true, "service": "authentication", - "created_at": "2023-12-12T09:27:38" + "created_at": "2025-10-15T14:07:56.038724" }, "crowdsecurity/impossible-travel": { "name": "crowdsecurity/impossible-travel", @@ -5666,7 +5655,7 @@ "spoofable": 0, "cti": true, "service": "authentication", - "created_at": "2023-12-12T09:27:38" + "created_at": "2025-10-15T14:07:56.041388" }, "crowdsecurity/iptables-scan-multi_ports": { "name": "crowdsecurity/iptables-scan-multi_ports", @@ -5684,7 +5673,7 @@ "spoofable": 3, "cti": true, "service": null, - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:56.044020" }, "crowdsecurity/jira_cve-2021-26086": { "name": "crowdsecurity/jira_cve-2021-26086", @@ -5701,7 +5690,7 @@ "spoofable": 0, "cti": true, "service": "jira", - "created_at": "2021-12-13T17:47:03", + "created_at": "2025-10-15T14:07:56.046871", "cves": [ "CVE-2021-26086" ] @@ -5720,7 +5709,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:56.049294" }, "crowdsecurity/k8s-audit-api-server-bruteforce": { "name": "crowdsecurity/k8s-audit-api-server-bruteforce", @@ -5736,7 +5725,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:56.051987" }, "crowdsecurity/k8s-audit-pod-exec": { "name": "crowdsecurity/k8s-audit-pod-exec", @@ -5752,7 +5741,7 @@ "spoofable": 0, "cti": false, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:56.054469" }, "crowdsecurity/k8s-audit-pod-host-network": { "name": "crowdsecurity/k8s-audit-pod-host-network", @@ -5768,7 +5757,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:56.056956" }, "crowdsecurity/k8s-audit-pod-host-path-volume": { "name": "crowdsecurity/k8s-audit-pod-host-path-volume", @@ -5784,7 +5773,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:56.059868" }, "crowdsecurity/k8s-audit-privileged-pod-creation": { "name": "crowdsecurity/k8s-audit-privileged-pod-creation", @@ -5800,7 +5789,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:56.062606" }, "crowdsecurity/k8s-audit-service-account-access-denied": { "name": "crowdsecurity/k8s-audit-service-account-access-denied", @@ -5817,7 +5806,7 @@ "spoofable": 0, "cti": true, "service": "k8s", - "created_at": "2023-05-22T12:21:56" + "created_at": "2025-10-15T14:07:56.065134" }, "crowdsecurity/kasm-bruteforce": { "name": "crowdsecurity/kasm-bruteforce", @@ -5833,7 +5822,7 @@ "spoofable": 0, "cti": true, "service": "kasm", - "created_at": "2023-02-07T13:48:59" + "created_at": "2025-10-15T14:07:56.067791" }, "crowdsecurity/litespeed-admin-bf": { "name": "crowdsecurity/litespeed-admin-bf", @@ -5849,7 +5838,7 @@ "spoofable": 0, "cti": true, "service": "litespeed", - "created_at": "2022-06-10T11:47:55" + "created_at": "2025-10-15T14:07:56.070312" }, "crowdsecurity/mariadb-bf": { "name": "crowdsecurity/mariadb-bf", @@ -5865,7 +5854,7 @@ "spoofable": 0, "cti": true, "service": "mariadb", - "created_at": "2021-12-10T10:32:28" + "created_at": "2025-10-15T14:07:56.072846" }, "crowdsecurity/modsecurity": { "name": "crowdsecurity/modsecurity", @@ -5882,7 +5871,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-14T08:47:54" + "created_at": "2025-10-15T14:07:56.075376" }, "crowdsecurity/mssql-bf": { "name": "crowdsecurity/mssql-bf", @@ -5898,7 +5887,7 @@ "spoofable": 0, "cti": true, "service": "mssql", - "created_at": "2022-01-28T16:50:20" + "created_at": "2025-10-15T14:07:56.077861" }, "crowdsecurity/mysql-bf": { "name": "crowdsecurity/mysql-bf", @@ -5914,7 +5903,7 @@ "spoofable": 0, "cti": true, "service": "mysql", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:56.080348" }, "crowdsecurity/naxsi-exploit-vpatch": { "name": "crowdsecurity/naxsi-exploit-vpatch", @@ -5931,7 +5920,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:56.082763" }, "crowdsecurity/netgear_rce": { "name": "crowdsecurity/netgear_rce", @@ -5948,7 +5937,7 @@ "spoofable": 0, "cti": true, "service": "netgear", - "created_at": "2023-06-14T14:40:29", + "created_at": "2025-10-15T14:07:56.085453", "cves": [ "CVE-2024-12847" ] @@ -5967,7 +5956,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T14:07:56.090332" }, "crowdsecurity/nextcloud-bf_user_enum": { "name": "crowdsecurity/nextcloud-bf_user_enum", @@ -5983,7 +5972,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T14:07:56.091691" }, "crowdsecurity/nextcloud-bf_domain_error": { "name": "crowdsecurity/nextcloud-bf_domain_error", @@ -5999,7 +5988,7 @@ "spoofable": 0, "cti": true, "service": "nextcloud", - "created_at": "2022-02-02T15:19:42" + "created_at": "2025-10-15T14:07:56.093072" }, "crowdsecurity/nginx-req-limit-exceeded": { "name": "crowdsecurity/nginx-req-limit-exceeded", @@ -6015,7 +6004,7 @@ "spoofable": 2, "cti": true, "service": "http", - "created_at": "2022-04-22T08:47:07" + "created_at": "2025-10-15T14:07:56.095620" }, "crowdsecurity/odoo-bf": { "name": "crowdsecurity/odoo-bf", @@ -6031,7 +6020,7 @@ "spoofable": 0, "cti": true, "service": "odoo", - "created_at": "2022-04-11T14:35:05" + "created_at": "2025-10-15T14:07:56.099223" }, "crowdsecurity/odoo_user-enum": { "name": "crowdsecurity/odoo_user-enum", @@ -6047,7 +6036,7 @@ "spoofable": 0, "cti": true, "service": "odoo", - "created_at": "2022-04-11T14:35:05" + "created_at": "2025-10-15T14:07:56.100649" }, "crowdsecurity/opnsense-gui-bf": { "name": "crowdsecurity/opnsense-gui-bf", @@ -6063,7 +6052,7 @@ "spoofable": 0, "cti": true, "service": "opnsense", - "created_at": "2022-01-21T15:38:17" + "created_at": "2025-10-15T14:07:56.103199" }, "crowdsecurity/pfsense-gui-bf": { "name": "crowdsecurity/pfsense-gui-bf", @@ -6079,7 +6068,7 @@ "spoofable": 0, "cti": true, "service": "pfsense", - "created_at": "2023-10-31T11:54:38" + "created_at": "2025-10-15T14:07:56.106484" }, "crowdsecurity/pgsql-bf": { "name": "crowdsecurity/pgsql-bf", @@ -6095,7 +6084,7 @@ "spoofable": 0, "cti": true, "service": "pgsql", - "created_at": "2021-05-25T14:14:18" + "created_at": "2025-10-15T14:07:56.109045" }, "crowdsecurity/pgsql-user-enum": { "name": "crowdsecurity/pgsql-user-enum", @@ -6112,7 +6101,7 @@ "spoofable": 0, "cti": true, "service": "pgsql", - "created_at": "2023-03-21T15:05:50" + "created_at": "2025-10-15T14:07:56.111742" }, "crowdsecurity/postfix-helo-rejected": { "name": "crowdsecurity/postfix-helo-rejected", @@ -6129,7 +6118,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-09-02T09:43:16" + "created_at": "2025-10-15T14:07:56.114574" }, "crowdsecurity/postfix-non-smtp-command": { "name": "crowdsecurity/postfix-non-smtp-command", @@ -6143,7 +6132,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-10-31T13:38:47" + "created_at": "2025-10-15T14:07:56.117024" }, "crowdsecurity/postfix-relay-denied": { "name": "crowdsecurity/postfix-relay-denied", @@ -6160,7 +6149,7 @@ "spoofable": 0, "cti": true, "service": "postfix", - "created_at": "2024-09-02T09:43:16" + "created_at": "2025-10-15T14:07:56.119865" }, "crowdsecurity/proftpd-bf": { "name": "crowdsecurity/proftpd-bf", @@ -6176,7 +6165,7 @@ "spoofable": 0, "cti": true, "service": "proftpd", - "created_at": "2021-12-15T11:30:11" + "created_at": "2025-10-15T14:07:56.124570" }, "crowdsecurity/proftpd-bf_user-enum": { "name": "crowdsecurity/proftpd-bf_user-enum", @@ -6193,7 +6182,7 @@ "spoofable": 0, "cti": true, "service": "proftpd", - "created_at": "2021-12-15T11:30:11" + "created_at": "2025-10-15T14:07:56.127197" }, "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510": { "name": "crowdsecurity/pulse-secure-sslvpn-cve-2019-11510", @@ -6209,7 +6198,7 @@ "spoofable": 0, "cti": true, "service": "pulse-secure", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T14:07:56.129859", "cves": [ "CVE-2019-11510" ] @@ -6228,7 +6217,7 @@ "spoofable": 0, "cti": true, "service": "sabnzbd", - "created_at": "2024-07-22T11:40:20" + "created_at": "2025-10-15T14:07:56.133473" }, "crowdsecurity/sabnzbd-slow-bf": { "name": "crowdsecurity/sabnzbd-slow-bf", @@ -6244,7 +6233,7 @@ "spoofable": 0, "cti": true, "service": "sabnzbd", - "created_at": "2024-07-22T11:40:20" + "created_at": "2025-10-15T14:07:56.134835" }, "crowdsecurity/smb-bf": { "name": "crowdsecurity/smb-bf", @@ -6260,7 +6249,7 @@ "spoofable": 0, "cti": true, "service": "smb", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:56.137272" }, "crowdsecurity/spring4shell_cve-2022-22965": { "name": "crowdsecurity/spring4shell_cve-2022-22965", @@ -6276,7 +6265,7 @@ "spoofable": 0, "cti": true, "service": "spring", - "created_at": "2022-04-09T11:23:37", + "created_at": "2025-10-15T14:07:56.139811", "cves": [ "CVE-2022-22965" ] @@ -6295,7 +6284,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:56.143665" }, "crowdsecurity/ssh-bf_user-enum": { "name": "crowdsecurity/ssh-bf_user-enum", @@ -6311,7 +6300,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:56.145149" }, "crowdsecurity/ssh-cve-2024-6387": { "name": "crowdsecurity/ssh-cve-2024-6387", @@ -6327,7 +6316,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2024-07-01T11:57:38", + "created_at": "2025-10-15T14:07:56.147861", "cves": [ "CVE-2024-6387" ] @@ -6346,7 +6335,7 @@ "spoofable": 3, "cti": true, "service": "ssh", - "created_at": "2025-06-17T14:52:24" + "created_at": "2025-10-15T14:07:56.150316" }, "crowdsecurity/ssh-refused-conn": { "name": "crowdsecurity/ssh-refused-conn", @@ -6362,7 +6351,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2025-05-14T09:30:59" + "created_at": "2025-10-15T14:07:56.152787" }, "crowdsecurity/ssh-slow-bf": { "name": "crowdsecurity/ssh-slow-bf", @@ -6378,7 +6367,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2021-09-27T15:17:49" + "created_at": "2025-10-15T14:07:56.156542" }, "crowdsecurity/ssh-slow-bf_user-enum": { "name": "crowdsecurity/ssh-slow-bf_user-enum", @@ -6394,7 +6383,7 @@ "spoofable": 0, "cti": true, "service": "ssh", - "created_at": "2021-09-27T15:17:49" + "created_at": "2025-10-15T14:07:56.157943" }, "crowdsecurity/stirling-pdf-bf": { "name": "crowdsecurity/stirling-pdf-bf", @@ -6410,7 +6399,7 @@ "spoofable": 0, "cti": true, "service": "stirling-pdf", - "created_at": "2024-10-23T13:40:37" + "created_at": "2025-10-15T14:07:56.160491" }, "crowdsecurity/suricata-major-severity": { "name": "crowdsecurity/suricata-major-severity", @@ -6427,7 +6416,7 @@ "spoofable": 3, "cti": true, "service": "suricata", - "created_at": "2022-07-13T07:05:09" + "created_at": "2025-10-15T14:07:56.164313" }, "crowdsecurity/suricata-high-medium-severity": { "name": "crowdsecurity/suricata-high-medium-severity", @@ -6444,7 +6433,7 @@ "spoofable": 3, "cti": true, "service": "suricata", - "created_at": "2022-07-13T07:05:09" + "created_at": "2025-10-15T14:07:56.165700" }, "crowdsecurity/synology-dsm-bf": { "name": "crowdsecurity/synology-dsm-bf", @@ -6460,7 +6449,7 @@ "spoofable": 0, "cti": true, "service": "synology_dsm", - "created_at": "2022-02-15T15:53:08" + "created_at": "2025-10-15T14:07:56.168240" }, "crowdsecurity/teamspeak3-bf": { "name": "crowdsecurity/teamspeak3-bf", @@ -6476,7 +6465,7 @@ "spoofable": 0, "cti": true, "service": "teamspeak3", - "created_at": "2022-12-29T15:22:40" + "created_at": "2025-10-15T14:07:56.170784" }, "crowdsecurity/teleport-bf": { "name": "crowdsecurity/teleport-bf", @@ -6490,7 +6479,7 @@ "spoofable": 0, "cti": true, "service": "teleport", - "created_at": "2024-01-29T13:40:10" + "created_at": "2025-10-15T14:07:56.174476" }, "crowdsecurity/teleport-slow-bf": { "name": "crowdsecurity/teleport-slow-bf", @@ -6504,7 +6493,7 @@ "spoofable": 0, "cti": true, "service": "teleport", - "created_at": "2024-01-29T13:40:10" + "created_at": "2025-10-15T14:07:56.175838" }, "crowdsecurity/telnet-bf": { "name": "crowdsecurity/telnet-bf", @@ -6520,7 +6509,7 @@ "spoofable": 0, "cti": true, "service": "telnet", - "created_at": "2020-05-05T07:22:01" + "created_at": "2025-10-15T14:07:56.178309" }, "crowdsecurity/thehive-bf": { "name": "crowdsecurity/thehive-bf", @@ -6536,7 +6525,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2022-10-21T12:27:41" + "created_at": "2025-10-15T14:07:56.180929" }, "crowdsecurity/thinkphp-cve-2018-20062": { "name": "crowdsecurity/thinkphp-cve-2018-20062", @@ -6553,7 +6542,7 @@ "spoofable": 0, "cti": true, "service": "thinkphp", - "created_at": "2021-12-10T15:59:24", + "created_at": "2025-10-15T14:07:56.183930", "cves": [ "CVE-2018-20062" ] @@ -6573,7 +6562,7 @@ "spoofable": 0, "cti": true, "service": "vmware", - "created_at": "2022-04-13T15:39:38", + "created_at": "2025-10-15T14:07:56.186541", "cves": [ "CVE-2022-22954" ] @@ -6593,7 +6582,7 @@ "spoofable": 0, "cti": true, "service": "vmware", - "created_at": "2021-12-09T14:00:50", + "created_at": "2025-10-15T14:07:56.189124", "cves": [ "CVE-2021-0027" ] @@ -6612,7 +6601,7 @@ "spoofable": 0, "cti": true, "service": "vsftpd", - "created_at": "2020-05-13T07:52:02" + "created_at": "2025-10-15T14:07:56.191616" }, "crowdsecurity/CVE-2022-30190-msdt": { "name": "crowdsecurity/CVE-2022-30190-msdt", @@ -6629,7 +6618,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2022-07-21T08:48:09", + "created_at": "2025-10-15T14:07:56.194349", "cves": [ "CVE-2022-30190" ] @@ -6648,7 +6637,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2022-01-25T09:07:17" + "created_at": "2025-10-15T14:07:56.196995" }, "crowdsecurity/wireguard-auth": { "name": "crowdsecurity/wireguard-auth", @@ -6664,7 +6653,7 @@ "spoofable": 0, "cti": true, "service": "wireguard", - "created_at": "2023-08-11T15:12:59" + "created_at": "2025-10-15T14:07:56.199499" }, "darkclip/charon-ipsec-bf": { "name": "darkclip/charon-ipsec-bf", @@ -6680,7 +6669,7 @@ "spoofable": 0, "cti": true, "service": "charon_ipsec", - "created_at": "2024-02-26T14:13:43" + "created_at": "2025-10-15T14:07:56.204486" }, "firewallservices/lemonldap-ng-bf": { "name": "firewallservices/lemonldap-ng-bf", @@ -6696,7 +6685,7 @@ "spoofable": 0, "cti": true, "service": "ldap", - "created_at": "2021-03-11T14:22:58" + "created_at": "2025-10-15T14:07:56.208218" }, "firewallservices/lemonldap-ng-user-enum": { "name": "firewallservices/lemonldap-ng-user-enum", @@ -6713,7 +6702,7 @@ "spoofable": 0, "cti": true, "service": "ldap", - "created_at": "2021-03-11T14:22:58" + "created_at": "2025-10-15T14:07:56.209589" }, "firewallservices/pf-scan-multi_ports": { "name": "firewallservices/pf-scan-multi_ports", @@ -6731,7 +6720,7 @@ "spoofable": 3, "cti": true, "service": "tcp", - "created_at": "2021-05-11T09:28:41" + "created_at": "2025-10-15T14:07:56.212225" }, "firewallservices/zimbra-bf": { "name": "firewallservices/zimbra-bf", @@ -6747,7 +6736,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2021-03-08T10:51:39" + "created_at": "2025-10-15T14:07:56.215984" }, "firewallservices/zimbra-user-enum": { "name": "firewallservices/zimbra-user-enum", @@ -6764,7 +6753,7 @@ "spoofable": 0, "cti": true, "service": "zimbra", - "created_at": "2021-03-08T10:51:39" + "created_at": "2025-10-15T14:07:56.217356" }, "firix/authentik-bf": { "name": "firix/authentik-bf", @@ -6780,7 +6769,7 @@ "spoofable": 0, "cti": true, "service": "authentik", - "created_at": "2023-10-20T08:05:42" + "created_at": "2025-10-15T14:07:56.220958" }, "firix/authentik-bf_user-enum": { "name": "firix/authentik-bf_user-enum", @@ -6797,7 +6786,7 @@ "spoofable": 0, "cti": true, "service": "authentik", - "created_at": "2023-10-20T08:05:42" + "created_at": "2025-10-15T14:07:56.222396" }, "fulljackz/proxmox-bf": { "name": "fulljackz/proxmox-bf", @@ -6813,7 +6802,7 @@ "spoofable": 0, "cti": true, "service": "vm-management", - "created_at": "2022-01-19T14:51:02" + "created_at": "2025-10-15T14:07:56.226165" }, "fulljackz/proxmox-bf-user-enum": { "name": "fulljackz/proxmox-bf-user-enum", @@ -6830,7 +6819,7 @@ "spoofable": 0, "cti": true, "service": "vm-management", - "created_at": "2022-01-19T14:51:02" + "created_at": "2025-10-15T14:07:56.227613" }, "fulljackz/pureftpd-bf": { "name": "fulljackz/pureftpd-bf", @@ -6846,7 +6835,7 @@ "spoofable": 0, "cti": true, "service": "ftp", - "created_at": "2022-01-13T13:11:29" + "created_at": "2025-10-15T14:07:56.230331" }, "gauth-fr/immich-bf": { "name": "gauth-fr/immich-bf", @@ -6862,7 +6851,7 @@ "spoofable": 0, "cti": true, "service": "immich", - "created_at": "2023-08-04T08:06:05" + "created_at": "2025-10-15T14:07:56.234048" }, "gauth-fr/immich-bf_user-enum": { "name": "gauth-fr/immich-bf_user-enum", @@ -6878,7 +6867,7 @@ "spoofable": 0, "cti": true, "service": "immich", - "created_at": "2023-08-04T08:06:05" + "created_at": "2025-10-15T14:07:56.235478" }, "hitech95/email-generic-bf": { "name": "hitech95/email-generic-bf", @@ -6894,7 +6883,7 @@ "spoofable": 0, "cti": true, "service": "pop3/imap", - "created_at": "2022-04-20T13:31:56" + "created_at": "2025-10-15T14:07:56.239213" }, "hitech95/email-user-bf": { "name": "hitech95/email-user-bf", @@ -6911,7 +6900,7 @@ "spoofable": 0, "cti": true, "service": "pop3/imap", - "created_at": "2022-04-20T13:31:56" + "created_at": "2025-10-15T14:07:56.240604" }, "inherent-io/keycloak-bf": { "name": "inherent-io/keycloak-bf", @@ -6927,7 +6916,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T14:07:56.244354" }, "inherent-io/keycloak-user-enum-bf": { "name": "inherent-io/keycloak-user-enum-bf", @@ -6943,7 +6932,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T14:07:56.245718" }, "inherent-io/keycloak-slow-bf": { "name": "inherent-io/keycloak-slow-bf", @@ -6959,7 +6948,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T14:07:56.249495" }, "inherent-io/keycloak-user-enum-slow-bf": { "name": "inherent-io/keycloak-user-enum-slow-bf", @@ -6975,7 +6964,7 @@ "spoofable": 0, "cti": true, "service": "keycloak", - "created_at": "2023-06-13T14:20:53" + "created_at": "2025-10-15T14:07:56.250888" }, "jbowdre/miniflux-bf": { "name": "jbowdre/miniflux-bf", @@ -6991,7 +6980,7 @@ "spoofable": 0, "cti": true, "service": "miniflux", - "created_at": "2024-01-16T10:54:20" + "created_at": "2025-10-15T14:07:56.254455" }, "jbowdre/miniflux-bf_user-enum": { "name": "jbowdre/miniflux-bf_user-enum", @@ -7007,7 +6996,7 @@ "spoofable": 0, "cti": true, "service": "miniflux", - "created_at": "2024-01-16T10:54:20" + "created_at": "2025-10-15T14:07:56.255823" }, "jusabatier/apereo-cas-bf": { "name": "jusabatier/apereo-cas-bf", @@ -7023,7 +7012,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T14:07:56.259761" }, "jusabatier/apereo-cas-bf_user-enum": { "name": "jusabatier/apereo-cas-bf_user-enum", @@ -7040,7 +7029,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T14:07:56.261332" }, "jusabatier/cas-slow-bf": { "name": "jusabatier/cas-slow-bf", @@ -7056,7 +7045,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T14:07:56.265248" }, "jusabatier/cas-slow-bf_user-enum": { "name": "jusabatier/cas-slow-bf_user-enum", @@ -7073,7 +7062,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T14:07:56.266625" }, "jusabatier/apereo-cas-slow-bf": { "name": "jusabatier/apereo-cas-slow-bf", @@ -7090,7 +7079,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T14:07:56.270497" }, "jusabatier/apereo-cas-slow-bf_user-enum": { "name": "jusabatier/apereo-cas-slow-bf_user-enum", @@ -7107,7 +7096,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-10-20T13:43:34" + "created_at": "2025-10-15T14:07:56.272000" }, "lourys/pterodactyl-wings-bf": { "name": "lourys/pterodactyl-wings-bf", @@ -7123,7 +7112,7 @@ "spoofable": 0, "cti": true, "service": "pterodactyl", - "created_at": "2022-07-28T12:39:51" + "created_at": "2025-10-15T14:07:56.279546" }, "ltsich/http-w00tw00t": { "name": "ltsich/http-w00tw00t", @@ -7139,7 +7128,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2021-02-02T13:15:35" + "created_at": "2025-10-15T14:07:56.282081" }, "mstilkerich/bind9-refused": { "name": "mstilkerich/bind9-refused", @@ -7155,7 +7144,7 @@ "spoofable": 0, "cti": true, "service": "domain", - "created_at": "2022-11-21T12:14:27" + "created_at": "2025-10-15T14:07:56.284610" }, "mwinters-stuff/mailu-admin-bf": { "name": "mwinters-stuff/mailu-admin-bf", @@ -7171,7 +7160,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-05T13:50:17" + "created_at": "2025-10-15T14:07:56.287143" }, "openappsec/openappsec-bot-protection": { "name": "openappsec/openappsec-bot-protection", @@ -7188,7 +7177,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.289735" }, "openappsec/openappsec-cross-site-redirect": { "name": "openappsec/openappsec-cross-site-redirect", @@ -7204,7 +7193,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.292300" }, "openappsec/openappsec-csrf": { "name": "openappsec/openappsec-csrf", @@ -7220,7 +7209,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.294848" }, "openappsec/openappsec-error-disclosure": { "name": "openappsec/openappsec-error-disclosure", @@ -7237,7 +7226,7 @@ "spoofable": 1, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.297435" }, "openappsec/openappsec-error-limit": { "name": "openappsec/openappsec-error-limit", @@ -7254,7 +7243,7 @@ "spoofable": 1, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.300017" }, "openappsec/openappsec-evasion-techniques": { "name": "openappsec/openappsec-evasion-techniques", @@ -7271,7 +7260,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.302586" }, "openappsec/openappsec-general": { "name": "openappsec/openappsec-general", @@ -7288,7 +7277,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.305159" }, "openappsec/openappsec-http-limit-violation": { "name": "openappsec/openappsec-http-limit-violation", @@ -7305,7 +7294,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.307728" }, "openappsec/openappsec-http-method-violation": { "name": "openappsec/openappsec-http-method-violation", @@ -7322,7 +7311,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.310341" }, "openappsec/openappsec-ldap-injection": { "name": "openappsec/openappsec-ldap-injection", @@ -7339,7 +7328,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.312993" }, "openappsec/openappsec-open-redirect": { "name": "openappsec/openappsec-open-redirect", @@ -7356,7 +7345,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.315568" }, "openappsec/openappsec-path-traversal": { "name": "openappsec/openappsec-path-traversal", @@ -7373,7 +7362,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.318287" }, "openappsec/openappsec-probing": { "name": "openappsec/openappsec-probing", @@ -7390,7 +7379,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.321003" }, "openappsec/openappsec-rce": { "name": "openappsec/openappsec-rce", @@ -7407,7 +7396,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.323698" }, "openappsec/openappsec-request-rate-limit": { "name": "openappsec/openappsec-request-rate-limit", @@ -7423,7 +7412,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.326288" }, "openappsec/openappsec-schema-validation": { "name": "openappsec/openappsec-schema-validation", @@ -7439,7 +7428,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.328843" }, "openappsec/openappsec-sql-injection": { "name": "openappsec/openappsec-sql-injection", @@ -7456,7 +7445,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.331419" }, "openappsec/openappsec-url-instead-of-file": { "name": "openappsec/openappsec-url-instead-of-file", @@ -7473,7 +7462,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.334042" }, "openappsec/openappsec-xss": { "name": "openappsec/openappsec-xss", @@ -7491,7 +7480,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.336655" }, "openappsec/openappsec-xxe": { "name": "openappsec/openappsec-xxe", @@ -7508,7 +7497,7 @@ "spoofable": 0, "cti": true, "service": "http", - "created_at": "2023-04-04T13:22:08" + "created_at": "2025-10-15T14:07:56.339238" }, "plague-doctor/audiobookshelf-bf": { "name": "plague-doctor/audiobookshelf-bf", @@ -7524,7 +7513,7 @@ "spoofable": 0, "cti": true, "service": "audiobookshelf", - "created_at": "2024-11-15T09:28:37" + "created_at": "2025-10-15T14:07:56.341889" }, "pserranoa/openvpn-bf": { "name": "pserranoa/openvpn-bf", @@ -7538,7 +7527,7 @@ "spoofable": 0, "cti": true, "service": "openvpn", - "created_at": "2024-12-17T09:50:08" + "created_at": "2025-10-15T14:07:56.344542" }, "schiz0phr3ne/prowlarr-bf": { "name": "schiz0phr3ne/prowlarr-bf", @@ -7554,7 +7543,7 @@ "spoofable": 0, "cti": true, "service": "prowlarr", - "created_at": "2022-10-28T12:44:47" + "created_at": "2025-10-15T14:07:56.348681" }, "schiz0phr3ne/prowlarr-bf_user-enum": { "name": "schiz0phr3ne/prowlarr-bf_user-enum", @@ -7571,7 +7560,7 @@ "spoofable": 0, "cti": true, "service": "prowlarr", - "created_at": "2022-10-28T12:44:47" + "created_at": "2025-10-15T14:07:56.350322" }, "schiz0phr3ne/radarr-bf": { "name": "schiz0phr3ne/radarr-bf", @@ -7587,7 +7576,7 @@ "spoofable": 0, "cti": true, "service": "radarr", - "created_at": "2022-10-28T12:43:07" + "created_at": "2025-10-15T14:07:56.354533" }, "schiz0phr3ne/radarr-bf_user-enum": { "name": "schiz0phr3ne/radarr-bf_user-enum", @@ -7604,7 +7593,7 @@ "spoofable": 0, "cti": true, "service": "radarr", - "created_at": "2022-10-28T12:43:07" + "created_at": "2025-10-15T14:07:56.356005" }, "schiz0phr3ne/sonarr-bf": { "name": "schiz0phr3ne/sonarr-bf", @@ -7620,7 +7609,7 @@ "spoofable": 0, "cti": true, "service": "sonarr", - "created_at": "2022-10-31T18:37:18" + "created_at": "2025-10-15T14:07:56.359872" }, "schiz0phr3ne/sonarr-bf_user-enum": { "name": "schiz0phr3ne/sonarr-bf_user-enum", @@ -7637,7 +7626,7 @@ "spoofable": 0, "cti": true, "service": "sonarr", - "created_at": "2022-10-31T18:37:18" + "created_at": "2025-10-15T14:07:56.361268" }, "sdwilsh/navidrome-bf": { "name": "sdwilsh/navidrome-bf", @@ -7653,7 +7642,7 @@ "spoofable": 0, "cti": true, "service": "navidrome", - "created_at": "2025-03-13T10:01:55" + "created_at": "2025-10-15T14:07:56.363924" }, "sigmahq/proc_creation_win_addinutil_suspicious_cmdline": { "name": "sigmahq/proc_creation_win_addinutil_suspicious_cmdline", @@ -7665,7 +7654,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.367037" }, "sigmahq/proc_creation_win_adplus_memory_dump": { "name": "sigmahq/proc_creation_win_adplus_memory_dump", @@ -7677,7 +7666,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.369805" }, "sigmahq/proc_creation_win_agentexecutor_susp_usage": { "name": "sigmahq/proc_creation_win_agentexecutor_susp_usage", @@ -7689,7 +7678,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.372662" }, "sigmahq/proc_creation_win_aspnet_compiler_susp_child_process": { "name": "sigmahq/proc_creation_win_aspnet_compiler_susp_child_process", @@ -7701,7 +7690,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.375559" }, "sigmahq/proc_creation_win_aspnet_compiler_susp_paths": { "name": "sigmahq/proc_creation_win_aspnet_compiler_susp_paths", @@ -7713,7 +7702,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.378375" }, "sigmahq/proc_creation_win_at_interactive_execution": { "name": "sigmahq/proc_creation_win_at_interactive_execution", @@ -7725,7 +7714,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.380947" }, "sigmahq/proc_creation_win_attrib_system_susp_paths": { "name": "sigmahq/proc_creation_win_attrib_system_susp_paths", @@ -7737,7 +7726,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.383935" }, "sigmahq/proc_creation_win_auditpol_nt_resource_kit_usage": { "name": "sigmahq/proc_creation_win_auditpol_nt_resource_kit_usage", @@ -7749,7 +7738,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.386698" }, "sigmahq/proc_creation_win_auditpol_susp_execution": { "name": "sigmahq/proc_creation_win_auditpol_susp_execution", @@ -7761,7 +7750,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.389495" }, "sigmahq/proc_creation_win_bcdedit_boot_conf_tamper": { "name": "sigmahq/proc_creation_win_bcdedit_boot_conf_tamper", @@ -7773,7 +7762,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.392219" }, "sigmahq/proc_creation_win_bginfo_suspicious_child_process": { "name": "sigmahq/proc_creation_win_bginfo_suspicious_child_process", @@ -7785,7 +7774,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.395163" }, "sigmahq/proc_creation_win_bitsadmin_download_direct_ip": { "name": "sigmahq/proc_creation_win_bitsadmin_download_direct_ip", @@ -7797,7 +7786,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.398027" }, "sigmahq/proc_creation_win_bitsadmin_download_susp_extensions": { "name": "sigmahq/proc_creation_win_bitsadmin_download_susp_extensions", @@ -7809,7 +7798,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.401384" }, "sigmahq/proc_creation_win_bitsadmin_download_susp_targetfolder": { "name": "sigmahq/proc_creation_win_bitsadmin_download_susp_targetfolder", @@ -7821,7 +7810,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.404430" }, "sigmahq/proc_creation_win_browsers_chromium_headless_debugging": { "name": "sigmahq/proc_creation_win_browsers_chromium_headless_debugging", @@ -7833,7 +7822,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.407291" }, "sigmahq/proc_creation_win_browsers_chromium_headless_file_download": { "name": "sigmahq/proc_creation_win_browsers_chromium_headless_file_download", @@ -7845,7 +7834,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.410110" }, "sigmahq/proc_creation_win_browsers_chromium_mockbin_abuse": { "name": "sigmahq/proc_creation_win_browsers_chromium_mockbin_abuse", @@ -7857,7 +7846,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.412818" }, "sigmahq/proc_creation_win_browsers_chromium_susp_load_extension": { "name": "sigmahq/proc_creation_win_browsers_chromium_susp_load_extension", @@ -7869,7 +7858,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.415667" }, "sigmahq/proc_creation_win_browsers_tor_execution": { "name": "sigmahq/proc_creation_win_browsers_tor_execution", @@ -7881,7 +7870,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.418309" }, "sigmahq/proc_creation_win_calc_uncommon_exec": { "name": "sigmahq/proc_creation_win_calc_uncommon_exec", @@ -7893,7 +7882,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.421007" }, "sigmahq/proc_creation_win_certoc_download_direct_ip": { "name": "sigmahq/proc_creation_win_certoc_download_direct_ip", @@ -7905,7 +7894,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.423655" }, "sigmahq/proc_creation_win_certoc_load_dll_susp_locations": { "name": "sigmahq/proc_creation_win_certoc_load_dll_susp_locations", @@ -7917,7 +7906,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.426502" }, "sigmahq/proc_creation_win_certutil_download_direct_ip": { "name": "sigmahq/proc_creation_win_certutil_download_direct_ip", @@ -7929,7 +7918,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.429409" }, "sigmahq/proc_creation_win_certutil_ntlm_coercion": { "name": "sigmahq/proc_creation_win_certutil_ntlm_coercion", @@ -7941,7 +7930,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.432085" }, "sigmahq/proc_creation_win_citrix_trolleyexpress_procdump": { "name": "sigmahq/proc_creation_win_citrix_trolleyexpress_procdump", @@ -7953,7 +7942,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.434952" }, "sigmahq/proc_creation_win_cmd_assoc_tamper_exe_file_association": { "name": "sigmahq/proc_creation_win_cmd_assoc_tamper_exe_file_association", @@ -7965,7 +7954,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.437855" }, "sigmahq/proc_creation_win_cmd_copy_dmp_from_share": { "name": "sigmahq/proc_creation_win_cmd_copy_dmp_from_share", @@ -7977,7 +7966,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.440532" }, "sigmahq/proc_creation_win_cmd_curl_download_exec_combo": { "name": "sigmahq/proc_creation_win_cmd_curl_download_exec_combo", @@ -7989,7 +7978,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.443327" }, "sigmahq/proc_creation_win_cmd_mklink_osk_cmd": { "name": "sigmahq/proc_creation_win_cmd_mklink_osk_cmd", @@ -8001,7 +7990,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.446096" }, "sigmahq/proc_creation_win_cmd_mklink_shadow_copies_access_symlink": { "name": "sigmahq/proc_creation_win_cmd_mklink_shadow_copies_access_symlink", @@ -8013,7 +8002,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.448743" }, "sigmahq/proc_creation_win_cmd_net_use_and_exec_combo": { "name": "sigmahq/proc_creation_win_cmd_net_use_and_exec_combo", @@ -8025,7 +8014,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.451557" }, "sigmahq/proc_creation_win_cmd_no_space_execution": { "name": "sigmahq/proc_creation_win_cmd_no_space_execution", @@ -8037,7 +8026,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.454900" }, "sigmahq/proc_creation_win_cmd_ntdllpipe_redirect": { "name": "sigmahq/proc_creation_win_cmd_ntdllpipe_redirect", @@ -8049,7 +8038,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.457512" }, "sigmahq/proc_creation_win_cmd_path_traversal": { "name": "sigmahq/proc_creation_win_cmd_path_traversal", @@ -8061,7 +8050,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.460311" }, "sigmahq/proc_creation_win_cmd_ping_del_combined_execution": { "name": "sigmahq/proc_creation_win_cmd_ping_del_combined_execution", @@ -8073,7 +8062,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.463241" }, "sigmahq/proc_creation_win_cmd_shadowcopy_access": { "name": "sigmahq/proc_creation_win_cmd_shadowcopy_access", @@ -8085,7 +8074,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.465852" }, "sigmahq/proc_creation_win_cmd_sticky_key_like_backdoor_execution": { "name": "sigmahq/proc_creation_win_cmd_sticky_key_like_backdoor_execution", @@ -8097,7 +8086,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.468728" }, "sigmahq/proc_creation_win_cmd_sticky_keys_replace": { "name": "sigmahq/proc_creation_win_cmd_sticky_keys_replace", @@ -8109,7 +8098,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.471575" }, "sigmahq/proc_creation_win_cmdkey_recon": { "name": "sigmahq/proc_creation_win_cmdkey_recon", @@ -8121,7 +8110,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.474409" }, "sigmahq/proc_creation_win_cmstp_execution_by_creation": { "name": "sigmahq/proc_creation_win_cmstp_execution_by_creation", @@ -8133,7 +8122,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.477067" }, "sigmahq/proc_creation_win_conhost_path_traversal": { "name": "sigmahq/proc_creation_win_conhost_path_traversal", @@ -8145,7 +8134,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.479668" }, "sigmahq/proc_creation_win_control_panel_item": { "name": "sigmahq/proc_creation_win_control_panel_item", @@ -8157,7 +8146,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.482464" }, "sigmahq/proc_creation_win_createdump_lolbin_execution": { "name": "sigmahq/proc_creation_win_createdump_lolbin_execution", @@ -8169,7 +8158,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.485199" }, "sigmahq/proc_creation_win_csc_susp_parent": { "name": "sigmahq/proc_creation_win_csc_susp_parent", @@ -8181,7 +8170,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.488926" }, "sigmahq/proc_creation_win_csi_use_of_csharp_console": { "name": "sigmahq/proc_creation_win_csi_use_of_csharp_console", @@ -8193,7 +8182,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.491562" }, "sigmahq/proc_creation_win_curl_download_direct_ip_susp_extensions": { "name": "sigmahq/proc_creation_win_curl_download_direct_ip_susp_extensions", @@ -8205,7 +8194,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.495022" }, "sigmahq/proc_creation_win_curl_susp_download": { "name": "sigmahq/proc_creation_win_curl_susp_download", @@ -8217,7 +8206,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.498161" }, "sigmahq/proc_creation_win_dctask64_arbitrary_command_and_dll_execution": { "name": "sigmahq/proc_creation_win_dctask64_arbitrary_command_and_dll_execution", @@ -8229,7 +8218,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.500983" }, "sigmahq/proc_creation_win_desktopimgdownldr_susp_execution": { "name": "sigmahq/proc_creation_win_desktopimgdownldr_susp_execution", @@ -8241,7 +8230,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.503752" }, "sigmahq/proc_creation_win_dism_enable_powershell_web_access_feature": { "name": "sigmahq/proc_creation_win_dism_enable_powershell_web_access_feature", @@ -8253,7 +8242,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.506456" }, "sigmahq/proc_creation_win_dll_sideload_vmware_xfer": { "name": "sigmahq/proc_creation_win_dll_sideload_vmware_xfer", @@ -8265,7 +8254,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.509101" }, "sigmahq/proc_creation_win_dllhost_no_cli_execution": { "name": "sigmahq/proc_creation_win_dllhost_no_cli_execution", @@ -8277,7 +8266,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.511853" }, "sigmahq/proc_creation_win_dns_exfiltration_tools_execution": { "name": "sigmahq/proc_creation_win_dns_exfiltration_tools_execution", @@ -8289,7 +8278,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.514622" }, "sigmahq/proc_creation_win_dns_susp_child_process": { "name": "sigmahq/proc_creation_win_dns_susp_child_process", @@ -8301,7 +8290,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.518139" }, "sigmahq/proc_creation_win_dnscmd_install_new_server_level_plugin_dll": { "name": "sigmahq/proc_creation_win_dnscmd_install_new_server_level_plugin_dll", @@ -8313,7 +8302,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.520996" }, "sigmahq/proc_creation_win_driverquery_recon": { "name": "sigmahq/proc_creation_win_driverquery_recon", @@ -8325,7 +8314,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.524615" }, "sigmahq/proc_creation_win_dtrace_kernel_dump": { "name": "sigmahq/proc_creation_win_dtrace_kernel_dump", @@ -8337,7 +8326,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.527376" }, "sigmahq/proc_creation_win_dump64_defender_av_bypass_rename": { "name": "sigmahq/proc_creation_win_dump64_defender_av_bypass_rename", @@ -8349,7 +8338,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.530257" }, "sigmahq/proc_creation_win_dumpminitool_susp_execution": { "name": "sigmahq/proc_creation_win_dumpminitool_susp_execution", @@ -8361,7 +8350,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.533114" }, "sigmahq/proc_creation_win_esentutl_sensitive_file_copy": { "name": "sigmahq/proc_creation_win_esentutl_sensitive_file_copy", @@ -8373,7 +8362,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.536205" }, "sigmahq/proc_creation_win_eventvwr_susp_child_process": { "name": "sigmahq/proc_creation_win_eventvwr_susp_child_process", @@ -8385,7 +8374,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.538921" }, "sigmahq/proc_creation_win_explorer_nouaccheck": { "name": "sigmahq/proc_creation_win_explorer_nouaccheck", @@ -8397,7 +8386,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.541649" }, "sigmahq/proc_creation_win_findstr_gpp_passwords": { "name": "sigmahq/proc_creation_win_findstr_gpp_passwords", @@ -8409,7 +8398,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.544462" }, "sigmahq/proc_creation_win_findstr_sysmon_discovery_via_default_altitude": { "name": "sigmahq/proc_creation_win_findstr_sysmon_discovery_via_default_altitude", @@ -8421,7 +8410,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.547301" }, "sigmahq/proc_creation_win_finger_execution": { "name": "sigmahq/proc_creation_win_finger_execution", @@ -8433,7 +8422,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.550100" }, "sigmahq/proc_creation_win_fltmc_unload_driver_sysmon": { "name": "sigmahq/proc_creation_win_fltmc_unload_driver_sysmon", @@ -8445,7 +8434,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.552837" }, "sigmahq/proc_creation_win_forfiles_child_process_masquerading": { "name": "sigmahq/proc_creation_win_forfiles_child_process_masquerading", @@ -8457,7 +8446,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.555652" }, "sigmahq/proc_creation_win_format_uncommon_filesystem_load": { "name": "sigmahq/proc_creation_win_format_uncommon_filesystem_load", @@ -8469,7 +8458,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.558330" }, "sigmahq/proc_creation_win_fsutil_usage": { "name": "sigmahq/proc_creation_win_fsutil_usage", @@ -8481,7 +8470,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.561123" }, "sigmahq/proc_creation_win_googleupdate_susp_child_process": { "name": "sigmahq/proc_creation_win_googleupdate_susp_child_process", @@ -8493,7 +8482,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.563742" }, "sigmahq/proc_creation_win_gpg4win_susp_location": { "name": "sigmahq/proc_creation_win_gpg4win_susp_location", @@ -8505,7 +8494,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.566639" }, "sigmahq/proc_creation_win_gup_download": { "name": "sigmahq/proc_creation_win_gup_download", @@ -8517,7 +8506,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.569310" }, "sigmahq/proc_creation_win_gup_suspicious_execution": { "name": "sigmahq/proc_creation_win_gup_suspicious_execution", @@ -8529,7 +8518,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.572055" }, "sigmahq/proc_creation_win_hh_html_help_susp_child_process": { "name": "sigmahq/proc_creation_win_hh_html_help_susp_child_process", @@ -8541,7 +8530,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.575354" }, "sigmahq/proc_creation_win_hh_susp_execution": { "name": "sigmahq/proc_creation_win_hh_susp_execution", @@ -8553,7 +8542,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.578520" }, "sigmahq/proc_creation_win_hktl_adcspwn": { "name": "sigmahq/proc_creation_win_hktl_adcspwn", @@ -8565,7 +8554,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.581167" }, "sigmahq/proc_creation_win_hktl_bloodhound_sharphound": { "name": "sigmahq/proc_creation_win_hktl_bloodhound_sharphound", @@ -8577,7 +8566,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.584303" }, "sigmahq/proc_creation_win_hktl_c3_rundll32_pattern": { "name": "sigmahq/proc_creation_win_hktl_c3_rundll32_pattern", @@ -8589,7 +8578,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.586979" }, "sigmahq/proc_creation_win_hktl_certify": { "name": "sigmahq/proc_creation_win_hktl_certify", @@ -8601,7 +8590,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.589842" }, "sigmahq/proc_creation_win_hktl_certipy": { "name": "sigmahq/proc_creation_win_hktl_certipy", @@ -8613,7 +8602,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.592868" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_cmd": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_cmd", @@ -8625,7 +8614,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.595729" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_modules": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_bloopers_modules", @@ -8637,7 +8626,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.598475" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_load_by_rundll32": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_load_by_rundll32", @@ -8649,7 +8638,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.601177" }, "sigmahq/proc_creation_win_hktl_cobaltstrike_process_patterns": { "name": "sigmahq/proc_creation_win_hktl_cobaltstrike_process_patterns", @@ -8661,7 +8650,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.604015" }, "sigmahq/proc_creation_win_hktl_covenant": { "name": "sigmahq/proc_creation_win_hktl_covenant", @@ -8673,7 +8662,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.606848" }, "sigmahq/proc_creation_win_hktl_crackmapexec_execution": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_execution", @@ -8685,7 +8674,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.610165" }, "sigmahq/proc_creation_win_hktl_crackmapexec_execution_patterns": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_execution_patterns", @@ -8697,7 +8686,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.613010" }, "sigmahq/proc_creation_win_hktl_crackmapexec_patterns": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_patterns", @@ -8709,7 +8698,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.616036" }, "sigmahq/proc_creation_win_hktl_crackmapexec_powershell_obfuscation": { "name": "sigmahq/proc_creation_win_hktl_crackmapexec_powershell_obfuscation", @@ -8721,7 +8710,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.619010" }, "sigmahq/proc_creation_win_hktl_createminidump": { "name": "sigmahq/proc_creation_win_hktl_createminidump", @@ -8733,7 +8722,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.621755" }, "sigmahq/proc_creation_win_hktl_dinjector": { "name": "sigmahq/proc_creation_win_hktl_dinjector", @@ -8745,7 +8734,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.624434" }, "sigmahq/proc_creation_win_hktl_dumpert": { "name": "sigmahq/proc_creation_win_hktl_dumpert", @@ -8757,7 +8746,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.627068" }, "sigmahq/proc_creation_win_hktl_edrsilencer": { "name": "sigmahq/proc_creation_win_hktl_edrsilencer", @@ -8769,7 +8758,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.629729" }, "sigmahq/proc_creation_win_hktl_empire_powershell_launch": { "name": "sigmahq/proc_creation_win_hktl_empire_powershell_launch", @@ -8781,7 +8770,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.632505" }, "sigmahq/proc_creation_win_hktl_empire_powershell_uac_bypass": { "name": "sigmahq/proc_creation_win_hktl_empire_powershell_uac_bypass", @@ -8793,7 +8782,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.635163" }, "sigmahq/proc_creation_win_hktl_execution_via_imphashes": { "name": "sigmahq/proc_creation_win_hktl_execution_via_imphashes", @@ -8805,7 +8794,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.641473" }, "sigmahq/proc_creation_win_hktl_execution_via_pe_metadata": { "name": "sigmahq/proc_creation_win_hktl_execution_via_pe_metadata", @@ -8817,7 +8806,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.644130" }, "sigmahq/proc_creation_win_hktl_gmer": { "name": "sigmahq/proc_creation_win_hktl_gmer", @@ -8829,7 +8818,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.646812" }, "sigmahq/proc_creation_win_hktl_handlekatz": { "name": "sigmahq/proc_creation_win_hktl_handlekatz", @@ -8841,7 +8830,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.649592" }, "sigmahq/proc_creation_win_hktl_hashcat": { "name": "sigmahq/proc_creation_win_hktl_hashcat", @@ -8853,7 +8842,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.652242" }, "sigmahq/proc_creation_win_hktl_htran_or_natbypass": { "name": "sigmahq/proc_creation_win_hktl_htran_or_natbypass", @@ -8865,7 +8854,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.654858" }, "sigmahq/proc_creation_win_hktl_hydra": { "name": "sigmahq/proc_creation_win_hktl_hydra", @@ -8877,7 +8866,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.657499" }, "sigmahq/proc_creation_win_hktl_impacket_lateral_movement": { "name": "sigmahq/proc_creation_win_hktl_impacket_lateral_movement", @@ -8889,7 +8878,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.660394" }, "sigmahq/proc_creation_win_hktl_impacket_tools": { "name": "sigmahq/proc_creation_win_hktl_impacket_tools", @@ -8901,7 +8890,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.663655" }, "sigmahq/proc_creation_win_hktl_inveigh": { "name": "sigmahq/proc_creation_win_hktl_inveigh", @@ -8913,7 +8902,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.666355" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_clip": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_clip", @@ -8925,7 +8914,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.669047" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_obfuscated_iex_commandline": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_obfuscated_iex_commandline", @@ -8937,7 +8926,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.671901" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_stdin": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_stdin", @@ -8949,7 +8938,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.674528" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_var": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_var", @@ -8961,7 +8950,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.677157" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_stdin": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_stdin", @@ -8973,7 +8962,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.679780" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_clip": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_clip", @@ -8985,7 +8974,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.682386" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta", @@ -8997,7 +8986,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.685068" }, "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_var": { "name": "sigmahq/proc_creation_win_hktl_invoke_obfuscation_via_var", @@ -9009,7 +8998,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.687798" }, "sigmahq/proc_creation_win_hktl_koadic": { "name": "sigmahq/proc_creation_win_hktl_koadic", @@ -9021,7 +9010,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.690514" }, "sigmahq/proc_creation_win_hktl_krbrelay": { "name": "sigmahq/proc_creation_win_hktl_krbrelay", @@ -9033,7 +9022,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.694409" }, "sigmahq/proc_creation_win_hktl_krbrelayup": { "name": "sigmahq/proc_creation_win_hktl_krbrelayup", @@ -9045,7 +9034,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.697327" }, "sigmahq/proc_creation_win_hktl_localpotato": { "name": "sigmahq/proc_creation_win_hktl_localpotato", @@ -9057,7 +9046,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.700013" }, "sigmahq/proc_creation_win_hktl_meterpreter_getsystem": { "name": "sigmahq/proc_creation_win_hktl_meterpreter_getsystem", @@ -9069,7 +9058,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.702875" }, "sigmahq/proc_creation_win_hktl_mimikatz_command_line": { "name": "sigmahq/proc_creation_win_hktl_mimikatz_command_line", @@ -9081,7 +9070,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.706036" }, "sigmahq/proc_creation_win_hktl_pchunter": { "name": "sigmahq/proc_creation_win_hktl_pchunter", @@ -9093,7 +9082,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.709271" }, "sigmahq/proc_creation_win_hktl_powersploit_empire_default_schtasks": { "name": "sigmahq/proc_creation_win_hktl_powersploit_empire_default_schtasks", @@ -9105,7 +9094,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.712065" }, "sigmahq/proc_creation_win_hktl_powertool": { "name": "sigmahq/proc_creation_win_hktl_powertool", @@ -9117,7 +9106,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.714743" }, "sigmahq/proc_creation_win_hktl_purplesharp_indicators": { "name": "sigmahq/proc_creation_win_hktl_purplesharp_indicators", @@ -9129,7 +9118,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.717379" }, "sigmahq/proc_creation_win_hktl_pypykatz": { "name": "sigmahq/proc_creation_win_hktl_pypykatz", @@ -9141,7 +9130,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.720128" }, "sigmahq/proc_creation_win_hktl_quarks_pwdump": { "name": "sigmahq/proc_creation_win_hktl_quarks_pwdump", @@ -9153,7 +9142,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.722748" }, "sigmahq/proc_creation_win_hktl_redmimicry_winnti_playbook": { "name": "sigmahq/proc_creation_win_hktl_redmimicry_winnti_playbook", @@ -9165,7 +9154,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.725546" }, "sigmahq/proc_creation_win_hktl_relay_attacks_tools": { "name": "sigmahq/proc_creation_win_hktl_relay_attacks_tools", @@ -9177,7 +9166,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.728581" }, "sigmahq/proc_creation_win_hktl_rubeus": { "name": "sigmahq/proc_creation_win_hktl_rubeus", @@ -9189,7 +9178,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.731563" }, "sigmahq/proc_creation_win_hktl_safetykatz": { "name": "sigmahq/proc_creation_win_hktl_safetykatz", @@ -9201,7 +9190,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.734203" }, "sigmahq/proc_creation_win_hktl_secutyxploded": { "name": "sigmahq/proc_creation_win_hktl_secutyxploded", @@ -9213,7 +9202,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.736822" }, "sigmahq/proc_creation_win_hktl_selectmyparent": { "name": "sigmahq/proc_creation_win_hktl_selectmyparent", @@ -9225,7 +9214,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.739869" }, "sigmahq/proc_creation_win_hktl_sharp_chisel": { "name": "sigmahq/proc_creation_win_hktl_sharp_chisel", @@ -9237,7 +9226,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.742489" }, "sigmahq/proc_creation_win_hktl_sharp_impersonation": { "name": "sigmahq/proc_creation_win_hktl_sharp_impersonation", @@ -9249,7 +9238,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.745309" }, "sigmahq/proc_creation_win_hktl_sharpersist": { "name": "sigmahq/proc_creation_win_hktl_sharpersist", @@ -9261,7 +9250,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.748047" }, "sigmahq/proc_creation_win_hktl_sharpevtmute": { "name": "sigmahq/proc_creation_win_hktl_sharpevtmute", @@ -9273,7 +9262,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.750686" }, "sigmahq/proc_creation_win_hktl_sharpldapwhoami": { "name": "sigmahq/proc_creation_win_hktl_sharpldapwhoami", @@ -9285,7 +9274,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.753428" }, "sigmahq/proc_creation_win_hktl_sharpup": { "name": "sigmahq/proc_creation_win_hktl_sharpup", @@ -9297,7 +9286,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.756291" }, "sigmahq/proc_creation_win_hktl_sharpview": { "name": "sigmahq/proc_creation_win_hktl_sharpview", @@ -9309,7 +9298,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.760878" }, "sigmahq/proc_creation_win_hktl_silenttrinity_stager": { "name": "sigmahq/proc_creation_win_hktl_silenttrinity_stager", @@ -9321,7 +9310,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.763933" }, "sigmahq/proc_creation_win_hktl_sliver_c2_execution_pattern": { "name": "sigmahq/proc_creation_win_hktl_sliver_c2_execution_pattern", @@ -9333,7 +9322,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.766575" }, "sigmahq/proc_creation_win_hktl_stracciatella_execution": { "name": "sigmahq/proc_creation_win_hktl_stracciatella_execution", @@ -9345,7 +9334,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.769472" }, "sigmahq/proc_creation_win_hktl_sysmoneop": { "name": "sigmahq/proc_creation_win_hktl_sysmoneop", @@ -9357,7 +9346,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.772274" }, "sigmahq/proc_creation_win_hktl_trufflesnout": { "name": "sigmahq/proc_creation_win_hktl_trufflesnout", @@ -9369,7 +9358,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.775023" }, "sigmahq/proc_creation_win_hktl_uacme": { "name": "sigmahq/proc_creation_win_hktl_uacme", @@ -9381,7 +9370,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.778265" }, "sigmahq/proc_creation_win_hktl_wce": { "name": "sigmahq/proc_creation_win_hktl_wce", @@ -9393,7 +9382,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.780973" }, "sigmahq/proc_creation_win_hktl_winpeas": { "name": "sigmahq/proc_creation_win_hktl_winpeas", @@ -9405,7 +9394,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.783999" }, "sigmahq/proc_creation_win_hktl_winpwn": { "name": "sigmahq/proc_creation_win_hktl_winpwn", @@ -9417,7 +9406,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.786960" }, "sigmahq/proc_creation_win_hktl_wmiexec_default_powershell": { "name": "sigmahq/proc_creation_win_hktl_wmiexec_default_powershell", @@ -9429,7 +9418,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.789477" }, "sigmahq/proc_creation_win_hktl_xordump": { "name": "sigmahq/proc_creation_win_hktl_xordump", @@ -9441,7 +9430,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.792168" }, "sigmahq/proc_creation_win_hwp_exploits": { "name": "sigmahq/proc_creation_win_hwp_exploits", @@ -9453,7 +9442,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.794884" }, "sigmahq/proc_creation_win_ieexec_download": { "name": "sigmahq/proc_creation_win_ieexec_download", @@ -9465,7 +9454,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.797484" }, "sigmahq/proc_creation_win_iis_appcmd_http_logging": { "name": "sigmahq/proc_creation_win_iis_appcmd_http_logging", @@ -9477,7 +9466,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.800154" }, "sigmahq/proc_creation_win_iis_appcmd_service_account_password_dumped": { "name": "sigmahq/proc_creation_win_iis_appcmd_service_account_password_dumped", @@ -9489,7 +9478,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.802982" }, "sigmahq/proc_creation_win_iis_connection_strings_decryption": { "name": "sigmahq/proc_creation_win_iis_connection_strings_decryption", @@ -9501,7 +9490,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.805667" }, "sigmahq/proc_creation_win_iis_susp_module_registration": { "name": "sigmahq/proc_creation_win_iis_susp_module_registration", @@ -9513,7 +9502,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.808378" }, "sigmahq/proc_creation_win_imagingdevices_unusual_parents": { "name": "sigmahq/proc_creation_win_imagingdevices_unusual_parents", @@ -9525,7 +9514,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.811059" }, "sigmahq/proc_creation_win_imewbdld_download": { "name": "sigmahq/proc_creation_win_imewbdld_download", @@ -9537,7 +9526,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.813664" }, "sigmahq/proc_creation_win_java_keytool_susp_child_process": { "name": "sigmahq/proc_creation_win_java_keytool_susp_child_process", @@ -9549,7 +9538,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.816605" }, "sigmahq/proc_creation_win_java_manageengine_susp_child_process": { "name": "sigmahq/proc_creation_win_java_manageengine_susp_child_process", @@ -9561,7 +9550,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.819692" }, "sigmahq/proc_creation_win_kavremover_uncommon_execution": { "name": "sigmahq/proc_creation_win_kavremover_uncommon_execution", @@ -9573,7 +9562,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.822361" }, "sigmahq/proc_creation_win_logman_disable_eventlog": { "name": "sigmahq/proc_creation_win_logman_disable_eventlog", @@ -9585,7 +9574,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.825148" }, "sigmahq/proc_creation_win_lolbin_devtoolslauncher": { "name": "sigmahq/proc_creation_win_lolbin_devtoolslauncher", @@ -9597,7 +9586,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.827699" }, "sigmahq/proc_creation_win_lolbin_manage_bde": { "name": "sigmahq/proc_creation_win_lolbin_manage_bde", @@ -9609,7 +9598,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.830402" }, "sigmahq/proc_creation_win_lolbin_mavinject_process_injection": { "name": "sigmahq/proc_creation_win_lolbin_mavinject_process_injection", @@ -9621,7 +9610,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.833073" }, "sigmahq/proc_creation_win_lolbin_mpiexec": { "name": "sigmahq/proc_creation_win_lolbin_mpiexec", @@ -9633,7 +9622,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.835706" }, "sigmahq/proc_creation_win_lolbin_msdt_answer_file": { "name": "sigmahq/proc_creation_win_lolbin_msdt_answer_file", @@ -9645,7 +9634,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.838411" }, "sigmahq/proc_creation_win_lolbin_openwith": { "name": "sigmahq/proc_creation_win_lolbin_openwith", @@ -9657,7 +9646,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.840967" }, "sigmahq/proc_creation_win_lolbin_pcwrun_follina": { "name": "sigmahq/proc_creation_win_lolbin_pcwrun_follina", @@ -9669,7 +9658,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.843798" }, "sigmahq/proc_creation_win_lolbin_printbrm": { "name": "sigmahq/proc_creation_win_lolbin_printbrm", @@ -9681,7 +9670,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.846593" }, "sigmahq/proc_creation_win_lolbin_settingsynchost": { "name": "sigmahq/proc_creation_win_lolbin_settingsynchost", @@ -9693,7 +9682,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.849520" }, "sigmahq/proc_creation_win_lolbin_susp_certreq_download": { "name": "sigmahq/proc_creation_win_lolbin_susp_certreq_download", @@ -9705,7 +9694,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.852264" }, "sigmahq/proc_creation_win_lolbin_susp_grpconv": { "name": "sigmahq/proc_creation_win_lolbin_susp_grpconv", @@ -9717,7 +9706,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.854914" }, "sigmahq/proc_creation_win_lolbin_tttracer_mod_load": { "name": "sigmahq/proc_creation_win_lolbin_tttracer_mod_load", @@ -9729,7 +9718,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.857579" }, "sigmahq/proc_creation_win_lolbin_visual_basic_compiler": { "name": "sigmahq/proc_creation_win_lolbin_visual_basic_compiler", @@ -9741,7 +9730,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.860206" }, "sigmahq/proc_creation_win_lsass_process_clone": { "name": "sigmahq/proc_creation_win_lsass_process_clone", @@ -9753,7 +9742,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.862927" }, "sigmahq/proc_creation_win_mmc_mmc20_lateral_movement": { "name": "sigmahq/proc_creation_win_mmc_mmc20_lateral_movement", @@ -9765,7 +9754,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.865565" }, "sigmahq/proc_creation_win_mmc_susp_child_process": { "name": "sigmahq/proc_creation_win_mmc_susp_child_process", @@ -9777,7 +9766,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.868305" }, "sigmahq/proc_creation_win_mofcomp_execution": { "name": "sigmahq/proc_creation_win_mofcomp_execution", @@ -9789,7 +9778,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.871362" }, "sigmahq/proc_creation_win_mpcmdrun_dll_sideload_defender": { "name": "sigmahq/proc_creation_win_mpcmdrun_dll_sideload_defender", @@ -9801,7 +9790,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.874166" }, "sigmahq/proc_creation_win_mpcmdrun_download_arbitrary_file": { "name": "sigmahq/proc_creation_win_mpcmdrun_download_arbitrary_file", @@ -9813,7 +9802,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.876872" }, "sigmahq/proc_creation_win_mpcmdrun_remove_windows_defender_definition": { "name": "sigmahq/proc_creation_win_mpcmdrun_remove_windows_defender_definition", @@ -9825,7 +9814,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.879539" }, "sigmahq/proc_creation_win_msdt_arbitrary_command_execution": { "name": "sigmahq/proc_creation_win_msdt_arbitrary_command_execution", @@ -9837,7 +9826,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.882281" }, "sigmahq/proc_creation_win_msdt_susp_parent": { "name": "sigmahq/proc_creation_win_msdt_susp_parent", @@ -9849,7 +9838,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.885134" }, "sigmahq/proc_creation_win_mshta_http": { "name": "sigmahq/proc_creation_win_mshta_http", @@ -9861,7 +9850,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.887789" }, "sigmahq/proc_creation_win_mshta_javascript": { "name": "sigmahq/proc_creation_win_mshta_javascript", @@ -9873,7 +9862,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.890388" }, "sigmahq/proc_creation_win_mshta_lethalhta_technique": { "name": "sigmahq/proc_creation_win_mshta_lethalhta_technique", @@ -9885,7 +9874,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.892975" }, "sigmahq/proc_creation_win_mshta_susp_child_processes": { "name": "sigmahq/proc_creation_win_mshta_susp_child_processes", @@ -9897,7 +9886,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.895784" }, "sigmahq/proc_creation_win_mshta_susp_execution": { "name": "sigmahq/proc_creation_win_mshta_susp_execution", @@ -9909,7 +9898,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.898570" }, "sigmahq/proc_creation_win_mshta_susp_pattern": { "name": "sigmahq/proc_creation_win_mshta_susp_pattern", @@ -9921,7 +9910,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.901525" }, "sigmahq/proc_creation_win_msiexec_masquerading": { "name": "sigmahq/proc_creation_win_msiexec_masquerading", @@ -9933,7 +9922,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.904202" }, "sigmahq/proc_creation_win_msra_process_injection": { "name": "sigmahq/proc_creation_win_msra_process_injection", @@ -9945,7 +9934,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.907001" }, "sigmahq/proc_creation_win_mssql_susp_child_process": { "name": "sigmahq/proc_creation_win_mssql_susp_child_process", @@ -9957,7 +9946,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.909975" }, "sigmahq/proc_creation_win_mssql_veaam_susp_child_processes": { "name": "sigmahq/proc_creation_win_mssql_veaam_susp_child_processes", @@ -9969,7 +9958,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.913014" }, "sigmahq/proc_creation_win_mstsc_rdp_hijack_shadowing": { "name": "sigmahq/proc_creation_win_mstsc_rdp_hijack_shadowing", @@ -9981,7 +9970,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.915710" }, "sigmahq/proc_creation_win_mstsc_run_local_rdp_file_susp_location": { "name": "sigmahq/proc_creation_win_mstsc_run_local_rdp_file_susp_location", @@ -9993,7 +9982,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.918682" }, "sigmahq/proc_creation_win_mstsc_run_local_rpd_file_susp_parent": { "name": "sigmahq/proc_creation_win_mstsc_run_local_rpd_file_susp_parent", @@ -10005,7 +9994,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.921534" }, "sigmahq/proc_creation_win_msxsl_remote_execution": { "name": "sigmahq/proc_creation_win_msxsl_remote_execution", @@ -10017,7 +10006,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.924203" }, "sigmahq/proc_creation_win_net_use_mount_internet_share": { "name": "sigmahq/proc_creation_win_net_use_mount_internet_share", @@ -10029,7 +10018,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.926896" }, "sigmahq/proc_creation_win_net_user_add_never_expire": { "name": "sigmahq/proc_creation_win_net_user_add_never_expire", @@ -10041,7 +10030,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.929582" }, "sigmahq/proc_creation_win_net_user_default_accounts_manipulation": { "name": "sigmahq/proc_creation_win_net_user_default_accounts_manipulation", @@ -10053,7 +10042,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.933026" }, "sigmahq/proc_creation_win_netsh_fw_allow_program_in_susp_location": { "name": "sigmahq/proc_creation_win_netsh_fw_allow_program_in_susp_location", @@ -10065,7 +10054,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.936425" }, "sigmahq/proc_creation_win_netsh_fw_allow_rdp": { "name": "sigmahq/proc_creation_win_netsh_fw_allow_rdp", @@ -10077,7 +10066,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.939210" }, "sigmahq/proc_creation_win_netsh_port_forwarding_3389": { "name": "sigmahq/proc_creation_win_netsh_port_forwarding_3389", @@ -10089,7 +10078,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.941915" }, "sigmahq/proc_creation_win_node_abuse": { "name": "sigmahq/proc_creation_win_node_abuse", @@ -10101,7 +10090,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.944619" }, "sigmahq/proc_creation_win_nslookup_domain_discovery": { "name": "sigmahq/proc_creation_win_nslookup_domain_discovery", @@ -10113,7 +10102,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.947292" }, "sigmahq/proc_creation_win_odbcconf_driver_install_susp": { "name": "sigmahq/proc_creation_win_odbcconf_driver_install_susp", @@ -10125,7 +10114,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.949989" }, "sigmahq/proc_creation_win_odbcconf_exec_susp_locations": { "name": "sigmahq/proc_creation_win_odbcconf_exec_susp_locations", @@ -10137,7 +10126,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.953244" }, "sigmahq/proc_creation_win_odbcconf_register_dll_regsvr_susp": { "name": "sigmahq/proc_creation_win_odbcconf_register_dll_regsvr_susp", @@ -10149,7 +10138,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.955965" }, "sigmahq/proc_creation_win_office_arbitrary_cli_download": { "name": "sigmahq/proc_creation_win_office_arbitrary_cli_download", @@ -10161,7 +10150,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.958650" }, "sigmahq/proc_creation_win_office_excel_dcom_lateral_movement": { "name": "sigmahq/proc_creation_win_office_excel_dcom_lateral_movement", @@ -10173,7 +10162,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.961406" }, "sigmahq/proc_creation_win_office_exec_from_trusted_locations": { "name": "sigmahq/proc_creation_win_office_exec_from_trusted_locations", @@ -10185,7 +10174,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.964380" }, "sigmahq/proc_creation_win_office_onenote_embedded_script_execution": { "name": "sigmahq/proc_creation_win_office_onenote_embedded_script_execution", @@ -10197,7 +10186,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.967194" }, "sigmahq/proc_creation_win_office_onenote_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_onenote_susp_child_processes", @@ -10209,7 +10198,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.971146" }, "sigmahq/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules": { "name": "sigmahq/proc_creation_win_office_outlook_enable_unsafe_client_mail_rules", @@ -10221,7 +10210,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.973817" }, "sigmahq/proc_creation_win_office_outlook_execution_from_temp": { "name": "sigmahq/proc_creation_win_office_outlook_execution_from_temp", @@ -10233,7 +10222,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.976397" }, "sigmahq/proc_creation_win_office_outlook_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_outlook_susp_child_processes", @@ -10245,7 +10234,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.979337" }, "sigmahq/proc_creation_win_office_outlook_susp_child_processes_remote": { "name": "sigmahq/proc_creation_win_office_outlook_susp_child_processes_remote", @@ -10257,7 +10246,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.982033" }, "sigmahq/proc_creation_win_office_spawn_exe_from_users_directory": { "name": "sigmahq/proc_creation_win_office_spawn_exe_from_users_directory", @@ -10269,7 +10258,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.984984" }, "sigmahq/proc_creation_win_office_susp_child_processes": { "name": "sigmahq/proc_creation_win_office_susp_child_processes", @@ -10281,7 +10270,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.988887" }, "sigmahq/proc_creation_win_ping_hex_ip": { "name": "sigmahq/proc_creation_win_ping_hex_ip", @@ -10293,7 +10282,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.991517" }, "sigmahq/proc_creation_win_plink_port_forwarding": { "name": "sigmahq/proc_creation_win_plink_port_forwarding", @@ -10305,7 +10294,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.994210" }, "sigmahq/proc_creation_win_plink_susp_tunneling": { "name": "sigmahq/proc_creation_win_plink_susp_tunneling", @@ -10317,7 +10306,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.996874" }, "sigmahq/proc_creation_win_powershell_aadinternals_cmdlets_execution": { "name": "sigmahq/proc_creation_win_powershell_aadinternals_cmdlets_execution", @@ -10329,7 +10318,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:56.999912" }, "sigmahq/proc_creation_win_powershell_amsi_init_failed_bypass": { "name": "sigmahq/proc_creation_win_powershell_amsi_init_failed_bypass", @@ -10341,7 +10330,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.002631" }, "sigmahq/proc_creation_win_powershell_base64_encoded_cmd": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_cmd", @@ -10353,7 +10342,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.005497" }, "sigmahq/proc_creation_win_powershell_base64_encoded_cmd_patterns": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_cmd_patterns", @@ -10365,7 +10354,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.008714" }, "sigmahq/proc_creation_win_powershell_base64_encoded_obfusc": { "name": "sigmahq/proc_creation_win_powershell_base64_encoded_obfusc", @@ -10377,7 +10366,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.011987" }, "sigmahq/proc_creation_win_powershell_base64_frombase64string": { "name": "sigmahq/proc_creation_win_powershell_base64_frombase64string", @@ -10389,7 +10378,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.015032" }, "sigmahq/proc_creation_win_powershell_base64_hidden_flag": { "name": "sigmahq/proc_creation_win_powershell_base64_hidden_flag", @@ -10401,7 +10390,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.018990" }, "sigmahq/proc_creation_win_powershell_base64_iex": { "name": "sigmahq/proc_creation_win_powershell_base64_iex", @@ -10413,7 +10402,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.022353" }, "sigmahq/proc_creation_win_powershell_base64_invoke": { "name": "sigmahq/proc_creation_win_powershell_base64_invoke", @@ -10425,7 +10414,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.025166" }, "sigmahq/proc_creation_win_powershell_base64_mppreference": { "name": "sigmahq/proc_creation_win_powershell_base64_mppreference", @@ -10437,7 +10426,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.028472" }, "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load": { "name": "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load", @@ -10449,7 +10438,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.031687" }, "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load_obfusc": { "name": "sigmahq/proc_creation_win_powershell_base64_reflection_assembly_load_obfusc", @@ -10461,7 +10450,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.034846" }, "sigmahq/proc_creation_win_powershell_base64_wmi_classes": { "name": "sigmahq/proc_creation_win_powershell_base64_wmi_classes", @@ -10473,7 +10462,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.038356" }, "sigmahq/proc_creation_win_powershell_cmdline_reversed_strings": { "name": "sigmahq/proc_creation_win_powershell_cmdline_reversed_strings", @@ -10485,7 +10474,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.041577" }, "sigmahq/proc_creation_win_powershell_cmdline_special_characters": { "name": "sigmahq/proc_creation_win_powershell_cmdline_special_characters", @@ -10497,7 +10486,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.044489" }, "sigmahq/proc_creation_win_powershell_decrypt_pattern": { "name": "sigmahq/proc_creation_win_powershell_decrypt_pattern", @@ -10509,7 +10498,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.047355" }, "sigmahq/proc_creation_win_powershell_defender_disable_feature": { "name": "sigmahq/proc_creation_win_powershell_defender_disable_feature", @@ -10521,7 +10510,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.052320" }, "sigmahq/proc_creation_win_powershell_disable_defender_av_security_monitoring": { "name": "sigmahq/proc_creation_win_powershell_disable_defender_av_security_monitoring", @@ -10533,7 +10522,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.055172" }, "sigmahq/proc_creation_win_powershell_disable_ie_features": { "name": "sigmahq/proc_creation_win_powershell_disable_ie_features", @@ -10545,7 +10534,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.057897" }, "sigmahq/proc_creation_win_powershell_download_cradle_obfuscated": { "name": "sigmahq/proc_creation_win_powershell_download_cradle_obfuscated", @@ -10557,7 +10546,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.061542" }, "sigmahq/proc_creation_win_powershell_download_iex": { "name": "sigmahq/proc_creation_win_powershell_download_iex", @@ -10569,7 +10558,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.065348" }, "sigmahq/proc_creation_win_powershell_email_exfil": { "name": "sigmahq/proc_creation_win_powershell_email_exfil", @@ -10581,7 +10570,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.068182" }, "sigmahq/proc_creation_win_powershell_frombase64string": { "name": "sigmahq/proc_creation_win_powershell_frombase64string", @@ -10593,7 +10582,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.070878" }, "sigmahq/proc_creation_win_powershell_getprocess_lsass": { "name": "sigmahq/proc_creation_win_powershell_getprocess_lsass", @@ -10605,7 +10594,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.073508" }, "sigmahq/proc_creation_win_powershell_hide_services_via_set_service": { "name": "sigmahq/proc_creation_win_powershell_hide_services_via_set_service", @@ -10617,7 +10606,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.076252" }, "sigmahq/proc_creation_win_powershell_iex_patterns": { "name": "sigmahq/proc_creation_win_powershell_iex_patterns", @@ -10629,7 +10618,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.079100" }, "sigmahq/proc_creation_win_powershell_import_cert_susp_locations": { "name": "sigmahq/proc_creation_win_powershell_import_cert_susp_locations", @@ -10641,7 +10630,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.081892" }, "sigmahq/proc_creation_win_powershell_mailboxexport_share": { "name": "sigmahq/proc_creation_win_powershell_mailboxexport_share", @@ -10653,7 +10642,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.084492" }, "sigmahq/proc_creation_win_powershell_obfuscation_via_utf8": { "name": "sigmahq/proc_creation_win_powershell_obfuscation_via_utf8", @@ -10665,7 +10654,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.087136" }, "sigmahq/proc_creation_win_powershell_public_folder": { "name": "sigmahq/proc_creation_win_powershell_public_folder", @@ -10677,7 +10666,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.089999" }, "sigmahq/proc_creation_win_powershell_remotefxvgpudisablement_abuse": { "name": "sigmahq/proc_creation_win_powershell_remotefxvgpudisablement_abuse", @@ -10689,7 +10678,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.092666" }, "sigmahq/proc_creation_win_powershell_remove_mppreference": { "name": "sigmahq/proc_creation_win_powershell_remove_mppreference", @@ -10701,7 +10690,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.095372" }, "sigmahq/proc_creation_win_powershell_reverse_shell_connection": { "name": "sigmahq/proc_creation_win_powershell_reverse_shell_connection", @@ -10713,7 +10702,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.098084" }, "sigmahq/proc_creation_win_powershell_run_script_from_ads": { "name": "sigmahq/proc_creation_win_powershell_run_script_from_ads", @@ -10725,7 +10714,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.100738" }, "sigmahq/proc_creation_win_powershell_run_script_from_input_stream": { "name": "sigmahq/proc_creation_win_powershell_run_script_from_input_stream", @@ -10737,7 +10726,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.103423" }, "sigmahq/proc_creation_win_powershell_sam_access": { "name": "sigmahq/proc_creation_win_powershell_sam_access", @@ -10749,7 +10738,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.106095" }, "sigmahq/proc_creation_win_powershell_service_dacl_modification_set_service": { "name": "sigmahq/proc_creation_win_powershell_service_dacl_modification_set_service", @@ -10761,7 +10750,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.108921" }, "sigmahq/proc_creation_win_powershell_set_acl": { "name": "sigmahq/proc_creation_win_powershell_set_acl", @@ -10773,7 +10762,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.111534" }, "sigmahq/proc_creation_win_powershell_set_acl_susp_location": { "name": "sigmahq/proc_creation_win_powershell_set_acl_susp_location", @@ -10785,7 +10774,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.114222" }, "sigmahq/proc_creation_win_powershell_shadowcopy_deletion": { "name": "sigmahq/proc_creation_win_powershell_shadowcopy_deletion", @@ -10797,7 +10786,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.117002" }, "sigmahq/proc_creation_win_powershell_snapins_hafnium": { "name": "sigmahq/proc_creation_win_powershell_snapins_hafnium", @@ -10809,7 +10798,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.119911" }, "sigmahq/proc_creation_win_powershell_susp_download_patterns": { "name": "sigmahq/proc_creation_win_powershell_susp_download_patterns", @@ -10821,7 +10810,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.122686" }, "sigmahq/proc_creation_win_powershell_susp_parameter_variation": { "name": "sigmahq/proc_creation_win_powershell_susp_parameter_variation", @@ -10833,7 +10822,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.127370" }, "sigmahq/proc_creation_win_powershell_susp_parent_process": { "name": "sigmahq/proc_creation_win_powershell_susp_parent_process", @@ -10845,7 +10834,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.131812" }, "sigmahq/proc_creation_win_powershell_susp_ps_downloadfile": { "name": "sigmahq/proc_creation_win_powershell_susp_ps_downloadfile", @@ -10857,7 +10846,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.135419" }, "sigmahq/proc_creation_win_powershell_token_obfuscation": { "name": "sigmahq/proc_creation_win_powershell_token_obfuscation", @@ -10869,7 +10858,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.138120" }, "sigmahq/proc_creation_win_powershell_webclient_casing": { "name": "sigmahq/proc_creation_win_powershell_webclient_casing", @@ -10881,7 +10870,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.143951" }, "sigmahq/proc_creation_win_provlaunch_susp_child_process": { "name": "sigmahq/proc_creation_win_provlaunch_susp_child_process", @@ -10893,7 +10882,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.146852" }, "sigmahq/proc_creation_win_pua_3proxy_execution": { "name": "sigmahq/proc_creation_win_pua_3proxy_execution", @@ -10905,7 +10894,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.149472" }, "sigmahq/proc_creation_win_pua_adfind_enumeration": { "name": "sigmahq/proc_creation_win_pua_adfind_enumeration", @@ -10917,7 +10906,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.152237" }, "sigmahq/proc_creation_win_pua_adfind_susp_usage": { "name": "sigmahq/proc_creation_win_pua_adfind_susp_usage", @@ -10929,7 +10918,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.155280" }, "sigmahq/proc_creation_win_pua_advancedrun_priv_user": { "name": "sigmahq/proc_creation_win_pua_advancedrun_priv_user", @@ -10941,7 +10930,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.158063" }, "sigmahq/proc_creation_win_pua_chisel": { "name": "sigmahq/proc_creation_win_pua_chisel", @@ -10953,7 +10942,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.160796" }, "sigmahq/proc_creation_win_pua_cleanwipe": { "name": "sigmahq/proc_creation_win_pua_cleanwipe", @@ -10965,7 +10954,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.163484" }, "sigmahq/proc_creation_win_pua_crassus": { "name": "sigmahq/proc_creation_win_pua_crassus", @@ -10977,7 +10966,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.166112" }, "sigmahq/proc_creation_win_pua_csexec": { "name": "sigmahq/proc_creation_win_pua_csexec", @@ -10989,7 +10978,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.168712" }, "sigmahq/proc_creation_win_pua_defendercheck": { "name": "sigmahq/proc_creation_win_pua_defendercheck", @@ -11001,7 +10990,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.171358" }, "sigmahq/proc_creation_win_pua_ditsnap": { "name": "sigmahq/proc_creation_win_pua_ditsnap", @@ -11013,7 +11002,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.174056" }, "sigmahq/proc_creation_win_pua_frp": { "name": "sigmahq/proc_creation_win_pua_frp", @@ -11025,7 +11014,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.176971" }, "sigmahq/proc_creation_win_pua_iox": { "name": "sigmahq/proc_creation_win_pua_iox", @@ -11037,7 +11026,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.179813" }, "sigmahq/proc_creation_win_pua_netcat": { "name": "sigmahq/proc_creation_win_pua_netcat", @@ -11049,7 +11038,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.182688" }, "sigmahq/proc_creation_win_pua_ngrok": { "name": "sigmahq/proc_creation_win_pua_ngrok", @@ -11061,7 +11050,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.185578" }, "sigmahq/proc_creation_win_pua_nimgrab": { "name": "sigmahq/proc_creation_win_pua_nimgrab", @@ -11073,7 +11062,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.188342" }, "sigmahq/proc_creation_win_pua_nircmd_as_system": { "name": "sigmahq/proc_creation_win_pua_nircmd_as_system", @@ -11085,7 +11074,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.190940" }, "sigmahq/proc_creation_win_pua_nps": { "name": "sigmahq/proc_creation_win_pua_nps", @@ -11097,7 +11086,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.193719" }, "sigmahq/proc_creation_win_pua_nsudo": { "name": "sigmahq/proc_creation_win_pua_nsudo", @@ -11109,7 +11098,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.196548" }, "sigmahq/proc_creation_win_pua_rclone_execution": { "name": "sigmahq/proc_creation_win_pua_rclone_execution", @@ -11121,7 +11110,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.199571" }, "sigmahq/proc_creation_win_pua_runxcmd": { "name": "sigmahq/proc_creation_win_pua_runxcmd", @@ -11133,7 +11122,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.202183" }, "sigmahq/proc_creation_win_pua_seatbelt": { "name": "sigmahq/proc_creation_win_pua_seatbelt", @@ -11145,7 +11134,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.205267" }, "sigmahq/proc_creation_win_pua_wsudo_susp_execution": { "name": "sigmahq/proc_creation_win_pua_wsudo_susp_execution", @@ -11157,7 +11146,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.208106" }, "sigmahq/proc_creation_win_python_pty_spawn": { "name": "sigmahq/proc_creation_win_python_pty_spawn", @@ -11169,7 +11158,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.210848" }, "sigmahq/proc_creation_win_rar_compression_with_password": { "name": "sigmahq/proc_creation_win_rar_compression_with_password", @@ -11181,7 +11170,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.213616" }, "sigmahq/proc_creation_win_rar_susp_greedy_compression": { "name": "sigmahq/proc_creation_win_rar_susp_greedy_compression", @@ -11193,7 +11182,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.216598" }, "sigmahq/proc_creation_win_rdrleakdiag_process_dumping": { "name": "sigmahq/proc_creation_win_rdrleakdiag_process_dumping", @@ -11205,7 +11194,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.219563" }, "sigmahq/proc_creation_win_reg_add_safeboot": { "name": "sigmahq/proc_creation_win_reg_add_safeboot", @@ -11217,7 +11206,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.222294" }, "sigmahq/proc_creation_win_reg_bitlocker": { "name": "sigmahq/proc_creation_win_reg_bitlocker", @@ -11229,7 +11218,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.225189" }, "sigmahq/proc_creation_win_reg_delete_safeboot": { "name": "sigmahq/proc_creation_win_reg_delete_safeboot", @@ -11241,7 +11230,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.227908" }, "sigmahq/proc_creation_win_reg_delete_services": { "name": "sigmahq/proc_creation_win_reg_delete_services", @@ -11253,7 +11242,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.230598" }, "sigmahq/proc_creation_win_reg_disable_sec_services": { "name": "sigmahq/proc_creation_win_reg_disable_sec_services", @@ -11265,7 +11254,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.233478" }, "sigmahq/proc_creation_win_reg_dumping_sensitive_hives": { "name": "sigmahq/proc_creation_win_reg_dumping_sensitive_hives", @@ -11277,7 +11266,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.236550" }, "sigmahq/proc_creation_win_reg_lsa_disable_restricted_admin": { "name": "sigmahq/proc_creation_win_reg_lsa_disable_restricted_admin", @@ -11289,7 +11278,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.239347" }, "sigmahq/proc_creation_win_reg_lsa_ppl_protection_disabled": { "name": "sigmahq/proc_creation_win_reg_lsa_ppl_protection_disabled", @@ -11301,7 +11290,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.242048" }, "sigmahq/proc_creation_win_reg_nolmhash": { "name": "sigmahq/proc_creation_win_reg_nolmhash", @@ -11313,7 +11302,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.244685" }, "sigmahq/proc_creation_win_reg_rdp_keys_tamper": { "name": "sigmahq/proc_creation_win_reg_rdp_keys_tamper", @@ -11325,7 +11314,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.247747" }, "sigmahq/proc_creation_win_reg_susp_paths": { "name": "sigmahq/proc_creation_win_reg_susp_paths", @@ -11337,7 +11326,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.250570" }, "sigmahq/proc_creation_win_reg_volsnap_disable": { "name": "sigmahq/proc_creation_win_reg_volsnap_disable", @@ -11349,7 +11338,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.253153" }, "sigmahq/proc_creation_win_reg_windows_defender_tamper": { "name": "sigmahq/proc_creation_win_reg_windows_defender_tamper", @@ -11361,7 +11350,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.256575" }, "sigmahq/proc_creation_win_regedit_export_critical_keys": { "name": "sigmahq/proc_creation_win_regedit_export_critical_keys", @@ -11373,7 +11362,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.259388" }, "sigmahq/proc_creation_win_regedit_import_keys_ads": { "name": "sigmahq/proc_creation_win_regedit_import_keys_ads", @@ -11385,7 +11374,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.262386" }, "sigmahq/proc_creation_win_regedit_trustedinstaller": { "name": "sigmahq/proc_creation_win_regedit_trustedinstaller", @@ -11397,7 +11386,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.265132" }, "sigmahq/proc_creation_win_regini_ads": { "name": "sigmahq/proc_creation_win_regini_ads", @@ -11409,7 +11398,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.267916" }, "sigmahq/proc_creation_win_registry_ie_security_zone_protocol_defaults_downgrade": { "name": "sigmahq/proc_creation_win_registry_ie_security_zone_protocol_defaults_downgrade", @@ -11421,7 +11410,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.270609" }, "sigmahq/proc_creation_win_registry_install_reg_debugger_backdoor": { "name": "sigmahq/proc_creation_win_registry_install_reg_debugger_backdoor", @@ -11433,7 +11422,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.273366" }, "sigmahq/proc_creation_win_registry_logon_script": { "name": "sigmahq/proc_creation_win_registry_logon_script", @@ -11445,7 +11434,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.276044" }, "sigmahq/proc_creation_win_registry_new_network_provider": { "name": "sigmahq/proc_creation_win_registry_new_network_provider", @@ -11457,7 +11446,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.278676" }, "sigmahq/proc_creation_win_registry_office_disable_python_security_warnings": { "name": "sigmahq/proc_creation_win_registry_office_disable_python_security_warnings", @@ -11469,7 +11458,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.281407" }, "sigmahq/proc_creation_win_registry_privilege_escalation_via_service_key": { "name": "sigmahq/proc_creation_win_registry_privilege_escalation_via_service_key", @@ -11481,7 +11470,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.284288" }, "sigmahq/proc_creation_win_registry_provlaunch_provisioning_command": { "name": "sigmahq/proc_creation_win_registry_provlaunch_provisioning_command", @@ -11493,7 +11482,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.287021" }, "sigmahq/proc_creation_win_registry_set_unsecure_powershell_policy": { "name": "sigmahq/proc_creation_win_registry_set_unsecure_powershell_policy", @@ -11505,7 +11494,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.289813" }, "sigmahq/proc_creation_win_regsvr32_http_ip_pattern": { "name": "sigmahq/proc_creation_win_regsvr32_http_ip_pattern", @@ -11517,7 +11506,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.293189" }, "sigmahq/proc_creation_win_regsvr32_remote_share": { "name": "sigmahq/proc_creation_win_regsvr32_remote_share", @@ -11529,7 +11518,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.295888" }, "sigmahq/proc_creation_win_regsvr32_susp_child_process": { "name": "sigmahq/proc_creation_win_regsvr32_susp_child_process", @@ -11541,7 +11530,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.298736" }, "sigmahq/proc_creation_win_regsvr32_susp_exec_path_2": { "name": "sigmahq/proc_creation_win_regsvr32_susp_exec_path_2", @@ -11553,7 +11542,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.302084" }, "sigmahq/proc_creation_win_regsvr32_susp_extensions": { "name": "sigmahq/proc_creation_win_regsvr32_susp_extensions", @@ -11565,7 +11554,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.305017" }, "sigmahq/proc_creation_win_remote_access_tools_anydesk_silent_install": { "name": "sigmahq/proc_creation_win_remote_access_tools_anydesk_silent_install", @@ -11577,7 +11566,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.307615" }, "sigmahq/proc_creation_win_remote_access_tools_anydesk_susp_exec": { "name": "sigmahq/proc_creation_win_remote_access_tools_anydesk_susp_exec", @@ -11589,7 +11578,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.310503" }, "sigmahq/proc_creation_win_renamed_adfind": { "name": "sigmahq/proc_creation_win_renamed_adfind", @@ -11601,7 +11590,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.313789" }, "sigmahq/proc_creation_win_renamed_autoit": { "name": "sigmahq/proc_creation_win_renamed_autoit", @@ -11613,7 +11602,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.316690" }, "sigmahq/proc_creation_win_renamed_binary_highly_relevant": { "name": "sigmahq/proc_creation_win_renamed_binary_highly_relevant", @@ -11625,7 +11614,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.319749" }, "sigmahq/proc_creation_win_renamed_browsercore": { "name": "sigmahq/proc_creation_win_renamed_browsercore", @@ -11637,7 +11626,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.322523" }, "sigmahq/proc_creation_win_renamed_cloudflared": { "name": "sigmahq/proc_creation_win_renamed_cloudflared", @@ -11649,7 +11638,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.326920" }, "sigmahq/proc_creation_win_renamed_createdump": { "name": "sigmahq/proc_creation_win_renamed_createdump", @@ -11661,7 +11650,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.329758" }, "sigmahq/proc_creation_win_renamed_dctask64": { "name": "sigmahq/proc_creation_win_renamed_dctask64", @@ -11673,7 +11662,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.332908" }, "sigmahq/proc_creation_win_renamed_gpg4win": { "name": "sigmahq/proc_creation_win_renamed_gpg4win", @@ -11685,7 +11674,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.335532" }, "sigmahq/proc_creation_win_renamed_jusched": { "name": "sigmahq/proc_creation_win_renamed_jusched", @@ -11697,7 +11686,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.338128" }, "sigmahq/proc_creation_win_renamed_mavinject": { "name": "sigmahq/proc_creation_win_renamed_mavinject", @@ -11709,7 +11698,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.340900" }, "sigmahq/proc_creation_win_renamed_megasync": { "name": "sigmahq/proc_creation_win_renamed_megasync", @@ -11721,7 +11710,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.343504" }, "sigmahq/proc_creation_win_renamed_msdt": { "name": "sigmahq/proc_creation_win_renamed_msdt", @@ -11733,7 +11722,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.346143" }, "sigmahq/proc_creation_win_renamed_netsupport_rat": { "name": "sigmahq/proc_creation_win_renamed_netsupport_rat", @@ -11745,7 +11734,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.348737" }, "sigmahq/proc_creation_win_renamed_office_processes": { "name": "sigmahq/proc_creation_win_renamed_office_processes", @@ -11757,7 +11746,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.351533" }, "sigmahq/proc_creation_win_renamed_paexec": { "name": "sigmahq/proc_creation_win_renamed_paexec", @@ -11769,7 +11758,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.354343" }, "sigmahq/proc_creation_win_renamed_plink": { "name": "sigmahq/proc_creation_win_renamed_plink", @@ -11781,7 +11770,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.356965" }, "sigmahq/proc_creation_win_renamed_rundll32_dllregisterserver": { "name": "sigmahq/proc_creation_win_renamed_rundll32_dllregisterserver", @@ -11793,7 +11782,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.359694" }, "sigmahq/proc_creation_win_renamed_sysinternals_debugview": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_debugview", @@ -11805,7 +11794,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.362433" }, "sigmahq/proc_creation_win_renamed_sysinternals_procdump": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_procdump", @@ -11817,7 +11806,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.365569" }, "sigmahq/proc_creation_win_renamed_sysinternals_psexec_service": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_psexec_service", @@ -11829,7 +11818,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.368291" }, "sigmahq/proc_creation_win_renamed_sysinternals_sdelete": { "name": "sigmahq/proc_creation_win_renamed_sysinternals_sdelete", @@ -11841,7 +11830,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.370967" }, "sigmahq/proc_creation_win_renamed_vmnat": { "name": "sigmahq/proc_creation_win_renamed_vmnat", @@ -11853,7 +11842,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.373549" }, "sigmahq/proc_creation_win_renamed_whoami": { "name": "sigmahq/proc_creation_win_renamed_whoami", @@ -11865,7 +11854,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.376171" }, "sigmahq/proc_creation_win_rundll32_ads_stored_dll_execution": { "name": "sigmahq/proc_creation_win_rundll32_ads_stored_dll_execution", @@ -11877,7 +11866,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.378797" }, "sigmahq/proc_creation_win_rundll32_advpack_obfuscated_ordinal_call": { "name": "sigmahq/proc_creation_win_rundll32_advpack_obfuscated_ordinal_call", @@ -11889,7 +11878,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.381411" }, "sigmahq/proc_creation_win_rundll32_inline_vbs": { "name": "sigmahq/proc_creation_win_rundll32_inline_vbs", @@ -11901,7 +11890,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.384048" }, "sigmahq/proc_creation_win_rundll32_keymgr": { "name": "sigmahq/proc_creation_win_rundll32_keymgr", @@ -11913,7 +11902,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.386643" }, "sigmahq/proc_creation_win_rundll32_mshtml_runhtmlapplication": { "name": "sigmahq/proc_creation_win_rundll32_mshtml_runhtmlapplication", @@ -11925,7 +11914,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.389233" }, "sigmahq/proc_creation_win_rundll32_no_params": { "name": "sigmahq/proc_creation_win_rundll32_no_params", @@ -11937,7 +11926,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.391873" }, "sigmahq/proc_creation_win_rundll32_ntlmrelay": { "name": "sigmahq/proc_creation_win_rundll32_ntlmrelay", @@ -11949,7 +11938,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.394649" }, "sigmahq/proc_creation_win_rundll32_process_dump_via_comsvcs": { "name": "sigmahq/proc_creation_win_rundll32_process_dump_via_comsvcs", @@ -11961,7 +11950,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.397531" }, "sigmahq/proc_creation_win_rundll32_registered_com_objects": { "name": "sigmahq/proc_creation_win_rundll32_registered_com_objects", @@ -11973,7 +11962,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.400160" }, "sigmahq/proc_creation_win_rundll32_shell32_susp_execution": { "name": "sigmahq/proc_creation_win_rundll32_shell32_susp_execution", @@ -11985,7 +11974,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.402905" }, "sigmahq/proc_creation_win_rundll32_spawn_explorer": { "name": "sigmahq/proc_creation_win_rundll32_spawn_explorer", @@ -11997,7 +11986,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.405531" }, "sigmahq/proc_creation_win_rundll32_susp_control_dll_load": { "name": "sigmahq/proc_creation_win_rundll32_susp_control_dll_load", @@ -12009,7 +11998,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.408225" }, "sigmahq/proc_creation_win_rundll32_susp_execution_with_image_extension": { "name": "sigmahq/proc_creation_win_rundll32_susp_execution_with_image_extension", @@ -12021,7 +12010,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.411100" }, "sigmahq/proc_creation_win_rundll32_susp_shellexec_execution": { "name": "sigmahq/proc_creation_win_rundll32_susp_shellexec_execution", @@ -12033,7 +12022,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.413847" }, "sigmahq/proc_creation_win_rundll32_susp_shimcache_flush": { "name": "sigmahq/proc_creation_win_rundll32_susp_shimcache_flush", @@ -12045,7 +12034,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.416520" }, "sigmahq/proc_creation_win_rundll32_sys": { "name": "sigmahq/proc_creation_win_rundll32_sys", @@ -12057,7 +12046,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.419212" }, "sigmahq/proc_creation_win_rundll32_unc_path": { "name": "sigmahq/proc_creation_win_rundll32_unc_path", @@ -12069,7 +12058,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.421877" }, "sigmahq/proc_creation_win_rundll32_webdav_client_susp_execution": { "name": "sigmahq/proc_creation_win_rundll32_webdav_client_susp_execution", @@ -12081,7 +12070,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.425053" }, "sigmahq/proc_creation_win_rundll32_without_parameters": { "name": "sigmahq/proc_creation_win_rundll32_without_parameters", @@ -12093,7 +12082,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.427866" }, "sigmahq/proc_creation_win_sc_change_sevice_image_path_by_non_admin": { "name": "sigmahq/proc_creation_win_sc_change_sevice_image_path_by_non_admin", @@ -12105,7 +12094,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.430679" }, "sigmahq/proc_creation_win_sc_sdset_allow_service_changes": { "name": "sigmahq/proc_creation_win_sc_sdset_allow_service_changes", @@ -12117,7 +12106,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.433546" }, "sigmahq/proc_creation_win_sc_sdset_deny_service_access": { "name": "sigmahq/proc_creation_win_sc_sdset_deny_service_access", @@ -12129,7 +12118,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.436334" }, "sigmahq/proc_creation_win_sc_sdset_hide_sevices": { "name": "sigmahq/proc_creation_win_sc_sdset_hide_sevices", @@ -12141,7 +12130,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.439014" }, "sigmahq/proc_creation_win_sc_service_path_modification": { "name": "sigmahq/proc_creation_win_sc_service_path_modification", @@ -12153,7 +12142,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.442038" }, "sigmahq/proc_creation_win_schtasks_appdata_local_system": { "name": "sigmahq/proc_creation_win_schtasks_appdata_local_system", @@ -12165,7 +12154,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.444915" }, "sigmahq/proc_creation_win_schtasks_change": { "name": "sigmahq/proc_creation_win_schtasks_change", @@ -12177,7 +12166,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.448338" }, "sigmahq/proc_creation_win_schtasks_creation_temp_folder": { "name": "sigmahq/proc_creation_win_schtasks_creation_temp_folder", @@ -12189,7 +12178,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.451050" }, "sigmahq/proc_creation_win_schtasks_delete": { "name": "sigmahq/proc_creation_win_schtasks_delete", @@ -12201,7 +12190,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.453967" }, "sigmahq/proc_creation_win_schtasks_delete_all": { "name": "sigmahq/proc_creation_win_schtasks_delete_all", @@ -12213,7 +12202,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.456643" }, "sigmahq/proc_creation_win_schtasks_disable": { "name": "sigmahq/proc_creation_win_schtasks_disable", @@ -12225,7 +12214,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.459521" }, "sigmahq/proc_creation_win_schtasks_folder_combos": { "name": "sigmahq/proc_creation_win_schtasks_folder_combos", @@ -12237,7 +12226,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.462364" }, "sigmahq/proc_creation_win_schtasks_one_time_only_midnight_task": { "name": "sigmahq/proc_creation_win_schtasks_one_time_only_midnight_task", @@ -12249,7 +12238,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.465178" }, "sigmahq/proc_creation_win_schtasks_powershell_persistence": { "name": "sigmahq/proc_creation_win_schtasks_powershell_persistence", @@ -12261,7 +12250,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.468035" }, "sigmahq/proc_creation_win_schtasks_reg_loader_encoded": { "name": "sigmahq/proc_creation_win_schtasks_reg_loader_encoded", @@ -12273,7 +12262,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.470876" }, "sigmahq/proc_creation_win_schtasks_schedule_type": { "name": "sigmahq/proc_creation_win_schtasks_schedule_type", @@ -12285,7 +12274,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.473743" }, "sigmahq/proc_creation_win_schtasks_system": { "name": "sigmahq/proc_creation_win_schtasks_system", @@ -12297,7 +12286,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.476654" }, "sigmahq/proc_creation_win_scrcons_susp_child_process": { "name": "sigmahq/proc_creation_win_scrcons_susp_child_process", @@ -12309,7 +12298,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.479473" }, "sigmahq/proc_creation_win_sdiagnhost_susp_child": { "name": "sigmahq/proc_creation_win_sdiagnhost_susp_child", @@ -12321,7 +12310,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.482427" }, "sigmahq/proc_creation_win_servu_susp_child_process": { "name": "sigmahq/proc_creation_win_servu_susp_child_process", @@ -12333,7 +12322,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.485307" }, "sigmahq/proc_creation_win_setres_uncommon_child_process": { "name": "sigmahq/proc_creation_win_setres_uncommon_child_process", @@ -12345,7 +12334,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.488072" }, "sigmahq/proc_creation_win_splwow64_cli_anomaly": { "name": "sigmahq/proc_creation_win_splwow64_cli_anomaly", @@ -12357,7 +12346,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.490635" }, "sigmahq/proc_creation_win_spoolsv_susp_child_processes": { "name": "sigmahq/proc_creation_win_spoolsv_susp_child_processes", @@ -12369,7 +12358,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.494001" }, "sigmahq/proc_creation_win_sqlcmd_veeam_dump": { "name": "sigmahq/proc_creation_win_sqlcmd_veeam_dump", @@ -12381,7 +12370,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.496620" }, "sigmahq/proc_creation_win_sqlite_chromium_profile_data": { "name": "sigmahq/proc_creation_win_sqlite_chromium_profile_data", @@ -12393,7 +12382,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.499524" }, "sigmahq/proc_creation_win_sqlite_firefox_gecko_profile_data": { "name": "sigmahq/proc_creation_win_sqlite_firefox_gecko_profile_data", @@ -12405,7 +12394,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.502426" }, "sigmahq/proc_creation_win_ssh_rdp_tunneling": { "name": "sigmahq/proc_creation_win_ssh_rdp_tunneling", @@ -12417,7 +12406,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.505112" }, "sigmahq/proc_creation_win_stordiag_susp_child_process": { "name": "sigmahq/proc_creation_win_stordiag_susp_child_process", @@ -12429,7 +12418,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.507824" }, "sigmahq/proc_creation_win_susp_abusing_debug_privilege": { "name": "sigmahq/proc_creation_win_susp_abusing_debug_privilege", @@ -12441,7 +12430,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.510711" }, "sigmahq/proc_creation_win_susp_add_user_privileged_group": { "name": "sigmahq/proc_creation_win_susp_add_user_privileged_group", @@ -12453,7 +12442,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.514015" }, "sigmahq/proc_creation_win_susp_add_user_remote_desktop_group": { "name": "sigmahq/proc_creation_win_susp_add_user_remote_desktop_group", @@ -12465,7 +12454,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.516924" }, "sigmahq/proc_creation_win_susp_archiver_iso_phishing": { "name": "sigmahq/proc_creation_win_susp_archiver_iso_phishing", @@ -12477,7 +12466,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.519682" }, "sigmahq/proc_creation_win_susp_child_process_as_system_": { "name": "sigmahq/proc_creation_win_susp_child_process_as_system_", @@ -12489,7 +12478,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.522468" }, "sigmahq/proc_creation_win_susp_cli_obfuscation_unicode_img": { "name": "sigmahq/proc_creation_win_susp_cli_obfuscation_unicode_img", @@ -12501,7 +12490,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.525452" }, "sigmahq/proc_creation_win_susp_copy_system_dir_lolbin": { "name": "sigmahq/proc_creation_win_susp_copy_system_dir_lolbin", @@ -12513,7 +12502,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.528517" }, "sigmahq/proc_creation_win_susp_crypto_mining_monero": { "name": "sigmahq/proc_creation_win_susp_crypto_mining_monero", @@ -12525,7 +12514,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.531471" }, "sigmahq/proc_creation_win_susp_data_exfiltration_via_cli": { "name": "sigmahq/proc_creation_win_susp_data_exfiltration_via_cli", @@ -12537,7 +12526,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.534615" }, "sigmahq/proc_creation_win_susp_disable_raccine": { "name": "sigmahq/proc_creation_win_susp_disable_raccine", @@ -12549,7 +12538,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.537333" }, "sigmahq/proc_creation_win_susp_double_extension": { "name": "sigmahq/proc_creation_win_susp_double_extension", @@ -12561,7 +12550,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.540717" }, "sigmahq/proc_creation_win_susp_double_extension_parent": { "name": "sigmahq/proc_creation_win_susp_double_extension_parent", @@ -12573,7 +12562,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.544149" }, "sigmahq/proc_creation_win_susp_download_office_domain": { "name": "sigmahq/proc_creation_win_susp_download_office_domain", @@ -12585,7 +12574,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.547118" }, "sigmahq/proc_creation_win_susp_dumpstack_log_evasion": { "name": "sigmahq/proc_creation_win_susp_dumpstack_log_evasion", @@ -12597,7 +12586,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.549653" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_1": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_1", @@ -12609,7 +12598,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.567859" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_2": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_2", @@ -12621,7 +12610,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.587001" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_3": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_3", @@ -12633,7 +12622,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.605202" }, "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_4": { "name": "sigmahq/proc_creation_win_susp_emoji_usage_in_cli_4", @@ -12645,7 +12634,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.620412" }, "sigmahq/proc_creation_win_susp_etw_modification_cmdline": { "name": "sigmahq/proc_creation_win_susp_etw_modification_cmdline", @@ -12657,7 +12646,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.623172" }, "sigmahq/proc_creation_win_susp_etw_trace_evasion": { "name": "sigmahq/proc_creation_win_susp_etw_trace_evasion", @@ -12669,7 +12658,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.626081" }, "sigmahq/proc_creation_win_susp_eventlog_clear": { "name": "sigmahq/proc_creation_win_susp_eventlog_clear", @@ -12681,7 +12670,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.629120" }, "sigmahq/proc_creation_win_susp_execution_from_public_folder_as_parent": { "name": "sigmahq/proc_creation_win_susp_execution_from_public_folder_as_parent", @@ -12693,7 +12682,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.632220" }, "sigmahq/proc_creation_win_susp_execution_path": { "name": "sigmahq/proc_creation_win_susp_execution_path", @@ -12705,7 +12694,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.635339" }, "sigmahq/proc_creation_win_susp_gather_network_info_execution": { "name": "sigmahq/proc_creation_win_susp_gather_network_info_execution", @@ -12717,7 +12706,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.638174" }, "sigmahq/proc_creation_win_susp_image_missing": { "name": "sigmahq/proc_creation_win_susp_image_missing", @@ -12729,7 +12718,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.640859" }, "sigmahq/proc_creation_win_susp_inline_base64_mz_header": { "name": "sigmahq/proc_creation_win_susp_inline_base64_mz_header", @@ -12741,7 +12730,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.643471" }, "sigmahq/proc_creation_win_susp_inline_win_api_access": { "name": "sigmahq/proc_creation_win_susp_inline_win_api_access", @@ -12753,7 +12742,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.647058" }, "sigmahq/proc_creation_win_susp_lsass_dmp_cli_keywords": { "name": "sigmahq/proc_creation_win_susp_lsass_dmp_cli_keywords", @@ -12765,7 +12754,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.649933" }, "sigmahq/proc_creation_win_susp_non_priv_reg_or_ps": { "name": "sigmahq/proc_creation_win_susp_non_priv_reg_or_ps", @@ -12777,7 +12766,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.652695" }, "sigmahq/proc_creation_win_susp_ntds": { "name": "sigmahq/proc_creation_win_susp_ntds", @@ -12789,7 +12778,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.655709" }, "sigmahq/proc_creation_win_susp_nteventlogfile_usage": { "name": "sigmahq/proc_creation_win_susp_nteventlogfile_usage", @@ -12801,7 +12790,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.658488" }, "sigmahq/proc_creation_win_susp_parents": { "name": "sigmahq/proc_creation_win_susp_parents", @@ -12813,7 +12802,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.661326" }, "sigmahq/proc_creation_win_susp_powershell_execution_via_dll": { "name": "sigmahq/proc_creation_win_susp_powershell_execution_via_dll", @@ -12825,7 +12814,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.664222" }, "sigmahq/proc_creation_win_susp_priv_escalation_via_named_pipe": { "name": "sigmahq/proc_creation_win_susp_priv_escalation_via_named_pipe", @@ -12837,7 +12826,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.666967" }, "sigmahq/proc_creation_win_susp_progname": { "name": "sigmahq/proc_creation_win_susp_progname", @@ -12849,7 +12838,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.670280" }, "sigmahq/proc_creation_win_susp_recycle_bin_fake_execution": { "name": "sigmahq/proc_creation_win_susp_recycle_bin_fake_execution", @@ -12861,7 +12850,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.672810" }, "sigmahq/proc_creation_win_susp_redirect_local_admin_share": { "name": "sigmahq/proc_creation_win_susp_redirect_local_admin_share", @@ -12873,7 +12862,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.675429" }, "sigmahq/proc_creation_win_susp_right_to_left_override": { "name": "sigmahq/proc_creation_win_susp_right_to_left_override", @@ -12885,7 +12874,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.678051" }, "sigmahq/proc_creation_win_susp_script_exec_from_env_folder": { "name": "sigmahq/proc_creation_win_susp_script_exec_from_env_folder", @@ -12897,7 +12886,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.681093" }, "sigmahq/proc_creation_win_susp_script_exec_from_temp": { "name": "sigmahq/proc_creation_win_susp_script_exec_from_temp", @@ -12909,7 +12898,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.684154" }, "sigmahq/proc_creation_win_susp_sensitive_file_access_shadowcopy": { "name": "sigmahq/proc_creation_win_susp_sensitive_file_access_shadowcopy", @@ -12921,7 +12910,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.686930" }, "sigmahq/proc_creation_win_susp_service_creation": { "name": "sigmahq/proc_creation_win_susp_service_creation", @@ -12933,7 +12922,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.689914" }, "sigmahq/proc_creation_win_susp_service_dir": { "name": "sigmahq/proc_creation_win_susp_service_dir", @@ -12945,7 +12934,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.692731" }, "sigmahq/proc_creation_win_susp_service_tamper": { "name": "sigmahq/proc_creation_win_susp_service_tamper", @@ -12957,7 +12946,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.699915" }, "sigmahq/proc_creation_win_susp_shadow_copies_deletion": { "name": "sigmahq/proc_creation_win_susp_shadow_copies_deletion", @@ -12969,7 +12958,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.702887" }, "sigmahq/proc_creation_win_susp_shell_spawn_susp_program": { "name": "sigmahq/proc_creation_win_susp_shell_spawn_susp_program", @@ -12981,7 +12970,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.706218" }, "sigmahq/proc_creation_win_susp_system_user_anomaly": { "name": "sigmahq/proc_creation_win_susp_system_user_anomaly", @@ -12993,7 +12982,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.710072" }, "sigmahq/proc_creation_win_susp_task_folder_evasion": { "name": "sigmahq/proc_creation_win_susp_task_folder_evasion", @@ -13005,7 +12994,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.712972" }, "sigmahq/proc_creation_win_susp_whoami_as_param": { "name": "sigmahq/proc_creation_win_susp_whoami_as_param", @@ -13017,7 +13006,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.715678" }, "sigmahq/proc_creation_win_susp_workfolders": { "name": "sigmahq/proc_creation_win_susp_workfolders", @@ -13029,7 +13018,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.718327" }, "sigmahq/proc_creation_win_svchost_execution_with_no_cli_flags": { "name": "sigmahq/proc_creation_win_svchost_execution_with_no_cli_flags", @@ -13041,7 +13030,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.721023" }, "sigmahq/proc_creation_win_svchost_termserv_proc_spawn": { "name": "sigmahq/proc_creation_win_svchost_termserv_proc_spawn", @@ -13053,7 +13042,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.723811" }, "sigmahq/proc_creation_win_sysinternals_adexplorer_susp_execution": { "name": "sigmahq/proc_creation_win_sysinternals_adexplorer_susp_execution", @@ -13065,7 +13054,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.726667" }, "sigmahq/proc_creation_win_sysinternals_procdump_evasion": { "name": "sigmahq/proc_creation_win_sysinternals_procdump_evasion", @@ -13077,7 +13066,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.729472" }, "sigmahq/proc_creation_win_sysinternals_procdump_lsass": { "name": "sigmahq/proc_creation_win_sysinternals_procdump_lsass", @@ -13089,7 +13078,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.732277" }, "sigmahq/proc_creation_win_sysinternals_psexec_paexec_escalate_system": { "name": "sigmahq/proc_creation_win_sysinternals_psexec_paexec_escalate_system", @@ -13101,7 +13090,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.738217" }, "sigmahq/proc_creation_win_sysinternals_psexec_remote_execution": { "name": "sigmahq/proc_creation_win_sysinternals_psexec_remote_execution", @@ -13113,7 +13102,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.740910" }, "sigmahq/proc_creation_win_sysinternals_psexesvc_as_system": { "name": "sigmahq/proc_creation_win_sysinternals_psexesvc_as_system", @@ -13125,7 +13114,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.743526" }, "sigmahq/proc_creation_win_sysinternals_pssuspend_susp_execution": { "name": "sigmahq/proc_creation_win_sysinternals_pssuspend_susp_execution", @@ -13137,7 +13126,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.746261" }, "sigmahq/proc_creation_win_sysinternals_sdelete": { "name": "sigmahq/proc_creation_win_sysinternals_sdelete", @@ -13149,7 +13138,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.748970" }, "sigmahq/proc_creation_win_sysinternals_susp_psexec_paexec_flags": { "name": "sigmahq/proc_creation_win_sysinternals_susp_psexec_paexec_flags", @@ -13161,7 +13150,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.754829" }, "sigmahq/proc_creation_win_sysinternals_sysmon_uninstall": { "name": "sigmahq/proc_creation_win_sysinternals_sysmon_uninstall", @@ -13173,7 +13162,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.757669" }, "sigmahq/proc_creation_win_systemsettingsadminflows_turn_on_dev_features": { "name": "sigmahq/proc_creation_win_systemsettingsadminflows_turn_on_dev_features", @@ -13185,7 +13174,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.760325" }, "sigmahq/proc_creation_win_taskkill_sep": { "name": "sigmahq/proc_creation_win_taskkill_sep", @@ -13197,7 +13186,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.763203" }, "sigmahq/proc_creation_win_taskmgr_localsystem": { "name": "sigmahq/proc_creation_win_taskmgr_localsystem", @@ -13209,7 +13198,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.765853" }, "sigmahq/proc_creation_win_tscon_localsystem": { "name": "sigmahq/proc_creation_win_tscon_localsystem", @@ -13221,7 +13210,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.768588" }, "sigmahq/proc_creation_win_tscon_rdp_redirect": { "name": "sigmahq/proc_creation_win_tscon_rdp_redirect", @@ -13233,7 +13222,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.771272" }, "sigmahq/proc_creation_win_uac_bypass_changepk_slui": { "name": "sigmahq/proc_creation_win_uac_bypass_changepk_slui", @@ -13245,7 +13234,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.773975" }, "sigmahq/proc_creation_win_uac_bypass_cleanmgr": { "name": "sigmahq/proc_creation_win_uac_bypass_cleanmgr", @@ -13257,7 +13246,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.776605" }, "sigmahq/proc_creation_win_uac_bypass_cmstp": { "name": "sigmahq/proc_creation_win_uac_bypass_cmstp", @@ -13269,7 +13258,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.779358" }, "sigmahq/proc_creation_win_uac_bypass_cmstp_com_object_access": { "name": "sigmahq/proc_creation_win_uac_bypass_cmstp_com_object_access", @@ -13281,7 +13270,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.782270" }, "sigmahq/proc_creation_win_uac_bypass_computerdefaults": { "name": "sigmahq/proc_creation_win_uac_bypass_computerdefaults", @@ -13293,7 +13282,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.784966" }, "sigmahq/proc_creation_win_uac_bypass_consent_comctl32": { "name": "sigmahq/proc_creation_win_uac_bypass_consent_comctl32", @@ -13305,7 +13294,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.787743" }, "sigmahq/proc_creation_win_uac_bypass_dismhost": { "name": "sigmahq/proc_creation_win_uac_bypass_dismhost", @@ -13317,7 +13306,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.790493" }, "sigmahq/proc_creation_win_uac_bypass_eventvwr_recentviews": { "name": "sigmahq/proc_creation_win_uac_bypass_eventvwr_recentviews", @@ -13329,7 +13318,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.793101" }, "sigmahq/proc_creation_win_uac_bypass_fodhelper": { "name": "sigmahq/proc_creation_win_uac_bypass_fodhelper", @@ -13341,7 +13330,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.795747" }, "sigmahq/proc_creation_win_uac_bypass_icmluautil": { "name": "sigmahq/proc_creation_win_uac_bypass_icmluautil", @@ -13353,7 +13342,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.798485" }, "sigmahq/proc_creation_win_uac_bypass_idiagnostic_profile": { "name": "sigmahq/proc_creation_win_uac_bypass_idiagnostic_profile", @@ -13365,7 +13354,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.801170" }, "sigmahq/proc_creation_win_uac_bypass_ieinstal": { "name": "sigmahq/proc_creation_win_uac_bypass_ieinstal", @@ -13377,7 +13366,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.803833" }, "sigmahq/proc_creation_win_uac_bypass_msconfig_gui": { "name": "sigmahq/proc_creation_win_uac_bypass_msconfig_gui", @@ -13389,7 +13378,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.806474" }, "sigmahq/proc_creation_win_uac_bypass_ntfs_reparse_point": { "name": "sigmahq/proc_creation_win_uac_bypass_ntfs_reparse_point", @@ -13401,7 +13390,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.809325" }, "sigmahq/proc_creation_win_uac_bypass_pkgmgr_dism": { "name": "sigmahq/proc_creation_win_uac_bypass_pkgmgr_dism", @@ -13413,7 +13402,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.812055" }, "sigmahq/proc_creation_win_uac_bypass_trustedpath": { "name": "sigmahq/proc_creation_win_uac_bypass_trustedpath", @@ -13425,7 +13414,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.814659" }, "sigmahq/proc_creation_win_uac_bypass_winsat": { "name": "sigmahq/proc_creation_win_uac_bypass_winsat", @@ -13437,7 +13426,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.817345" }, "sigmahq/proc_creation_win_uac_bypass_wmp": { "name": "sigmahq/proc_creation_win_uac_bypass_wmp", @@ -13449,7 +13438,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.820154" }, "sigmahq/proc_creation_win_uac_bypass_wsreset": { "name": "sigmahq/proc_creation_win_uac_bypass_wsreset", @@ -13461,7 +13450,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.822761" }, "sigmahq/proc_creation_win_uac_bypass_wsreset_integrity_level": { "name": "sigmahq/proc_creation_win_uac_bypass_wsreset_integrity_level", @@ -13473,7 +13462,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.825335" }, "sigmahq/proc_creation_win_ultravnc_susp_execution": { "name": "sigmahq/proc_creation_win_ultravnc_susp_execution", @@ -13485,7 +13474,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.827969" }, "sigmahq/proc_creation_win_uninstall_crowdstrike_falcon": { "name": "sigmahq/proc_creation_win_uninstall_crowdstrike_falcon", @@ -13497,7 +13486,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.830590" }, "sigmahq/proc_creation_win_userinit_uncommon_child_processes": { "name": "sigmahq/proc_creation_win_userinit_uncommon_child_processes", @@ -13509,7 +13498,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.833537" }, "sigmahq/proc_creation_win_vmware_toolbox_cmd_persistence_susp": { "name": "sigmahq/proc_creation_win_vmware_toolbox_cmd_persistence_susp", @@ -13521,7 +13510,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.836364" }, "sigmahq/proc_creation_win_vmware_vmtoolsd_susp_child_process": { "name": "sigmahq/proc_creation_win_vmware_vmtoolsd_susp_child_process", @@ -13533,7 +13522,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.839407" }, "sigmahq/proc_creation_win_vscode_tunnel_renamed_execution": { "name": "sigmahq/proc_creation_win_vscode_tunnel_renamed_execution", @@ -13545,7 +13534,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.842366" }, "sigmahq/proc_creation_win_w32tm": { "name": "sigmahq/proc_creation_win_w32tm", @@ -13557,7 +13546,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.845165" }, "sigmahq/proc_creation_win_wab_execution_from_non_default_location": { "name": "sigmahq/proc_creation_win_wab_execution_from_non_default_location", @@ -13569,7 +13558,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.847794" }, "sigmahq/proc_creation_win_wab_unusual_parents": { "name": "sigmahq/proc_creation_win_wab_unusual_parents", @@ -13581,7 +13570,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.850420" }, "sigmahq/proc_creation_win_wbadmin_delete_all_backups": { "name": "sigmahq/proc_creation_win_wbadmin_delete_all_backups", @@ -13593,7 +13582,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.853154" }, "sigmahq/proc_creation_win_webshell_chopper": { "name": "sigmahq/proc_creation_win_webshell_chopper", @@ -13605,7 +13594,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.856010" }, "sigmahq/proc_creation_win_webshell_hacking": { "name": "sigmahq/proc_creation_win_webshell_hacking", @@ -13617,7 +13606,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.859695" }, "sigmahq/proc_creation_win_webshell_recon_commands_and_processes": { "name": "sigmahq/proc_creation_win_webshell_recon_commands_and_processes", @@ -13629,7 +13618,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.863308" }, "sigmahq/proc_creation_win_webshell_susp_process_spawned_from_webserver": { "name": "sigmahq/proc_creation_win_webshell_susp_process_spawned_from_webserver", @@ -13641,7 +13630,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.866943" }, "sigmahq/proc_creation_win_webshell_tool_recon": { "name": "sigmahq/proc_creation_win_webshell_tool_recon", @@ -13653,7 +13642,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.869942" }, "sigmahq/proc_creation_win_werfault_lsass_shtinkering": { "name": "sigmahq/proc_creation_win_werfault_lsass_shtinkering", @@ -13665,7 +13654,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.872741" }, "sigmahq/proc_creation_win_wermgr_susp_exec_location": { "name": "sigmahq/proc_creation_win_wermgr_susp_exec_location", @@ -13677,7 +13666,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.875330" }, "sigmahq/proc_creation_win_wget_download_direct_ip": { "name": "sigmahq/proc_creation_win_wget_download_direct_ip", @@ -13689,7 +13678,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.878430" }, "sigmahq/proc_creation_win_whoami_execution_from_high_priv_process": { "name": "sigmahq/proc_creation_win_whoami_execution_from_high_priv_process", @@ -13701,7 +13690,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.881097" }, "sigmahq/proc_creation_win_whoami_priv_discovery": { "name": "sigmahq/proc_creation_win_whoami_priv_discovery", @@ -13713,7 +13702,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.883742" }, "sigmahq/proc_creation_win_winget_add_insecure_custom_source": { "name": "sigmahq/proc_creation_win_winget_add_insecure_custom_source", @@ -13725,7 +13714,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.886469" }, "sigmahq/proc_creation_win_winrm_susp_child_process": { "name": "sigmahq/proc_creation_win_winrm_susp_child_process", @@ -13737,7 +13726,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.889242" }, "sigmahq/proc_creation_win_wmi_backdoor_exchange_transport_agent": { "name": "sigmahq/proc_creation_win_wmi_backdoor_exchange_transport_agent", @@ -13749,7 +13738,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.891925" }, "sigmahq/proc_creation_win_wmic_eventconsumer_creation": { "name": "sigmahq/proc_creation_win_wmic_eventconsumer_creation", @@ -13761,7 +13750,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.894539" }, "sigmahq/proc_creation_win_wmic_namespace_defender": { "name": "sigmahq/proc_creation_win_wmic_namespace_defender", @@ -13773,7 +13762,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.897178" }, "sigmahq/proc_creation_win_wmic_susp_execution_via_office_process": { "name": "sigmahq/proc_creation_win_wmic_susp_execution_via_office_process", @@ -13785,7 +13774,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.900300" }, "sigmahq/proc_creation_win_wmic_susp_process_creation": { "name": "sigmahq/proc_creation_win_wmic_susp_process_creation", @@ -13797,7 +13786,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.903344" }, "sigmahq/proc_creation_win_wmic_uninstall_security_products": { "name": "sigmahq/proc_creation_win_wmic_uninstall_security_products", @@ -13809,7 +13798,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.906874" }, "sigmahq/proc_creation_win_wmiprvse_susp_child_processes": { "name": "sigmahq/proc_creation_win_wmiprvse_susp_child_processes", @@ -13821,7 +13810,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.909897" }, "sigmahq/proc_creation_win_wpbbin_potential_persistence": { "name": "sigmahq/proc_creation_win_wpbbin_potential_persistence", @@ -13833,7 +13822,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.912540" }, "sigmahq/proc_creation_win_wscript_cscript_uncommon_extension_exec": { "name": "sigmahq/proc_creation_win_wscript_cscript_uncommon_extension_exec", @@ -13845,7 +13834,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.915426" }, "sigmahq/proc_creation_win_wuauclt_dll_loading": { "name": "sigmahq/proc_creation_win_wuauclt_dll_loading", @@ -13857,7 +13846,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.918268" }, "sigmahq/proc_creation_win_wuauclt_no_cli_flags_execution": { "name": "sigmahq/proc_creation_win_wuauclt_no_cli_flags_execution", @@ -13869,7 +13858,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.921000" }, "sigmahq/proc_creation_win_wusa_cab_files_extraction_from_susp_paths": { "name": "sigmahq/proc_creation_win_wusa_cab_files_extraction_from_susp_paths", @@ -13881,7 +13870,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.923683" }, "sigmahq/proc_creation_win_xwizard_execution_non_default_location": { "name": "sigmahq/proc_creation_win_xwizard_execution_non_default_location", @@ -13893,7 +13882,7 @@ "spoofable": 0, "cti": true, "service": "windows", - "created_at": "2024-12-05T13:55:42" + "created_at": "2025-10-15T14:07:57.926439" }, "thespad/sshesame-bf": { "name": "thespad/sshesame-bf", @@ -13909,7 +13898,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T14:07:57.931248" }, "thespad/sshesame-cmd": { "name": "thespad/sshesame-cmd", @@ -13925,7 +13914,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T14:07:57.932806" }, "thespad/sshesame-input": { "name": "thespad/sshesame-input", @@ -13941,7 +13930,7 @@ "spoofable": 0, "cti": true, "service": "sshesame", - "created_at": "2022-04-25T09:53:37" + "created_at": "2025-10-15T14:07:57.934211" }, "timokoessler/gitlab-bf": { "name": "timokoessler/gitlab-bf", @@ -13957,7 +13946,7 @@ "spoofable": 0, "cti": true, "service": "gitlab", - "created_at": "2022-07-26T15:59:43" + "created_at": "2025-10-15T14:07:57.937974" }, "timokoessler/gitlab-bf_user-enum": { "name": "timokoessler/gitlab-bf_user-enum", @@ -13974,7 +13963,7 @@ "spoofable": 0, "cti": true, "service": "gitlab", - "created_at": "2022-07-26T15:59:43" + "created_at": "2025-10-15T14:07:57.939375" }, "timokoessler/mongodb-bf": { "name": "timokoessler/mongodb-bf", @@ -13990,7 +13979,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T14:07:57.944303" }, "timokoessler/mongodb-bf_user-enum": { "name": "timokoessler/mongodb-bf_user-enum", @@ -14007,7 +13996,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T14:07:57.945665" }, "timokoessler/mongodb-bf_auth-db-enum": { "name": "timokoessler/mongodb-bf_auth-db-enum", @@ -14024,7 +14013,7 @@ "spoofable": 0, "cti": true, "service": "mongodb", - "created_at": "2022-08-18T12:58:43" + "created_at": "2025-10-15T14:07:57.947060" }, "timokoessler/uptime-kuma-bf": { "name": "timokoessler/uptime-kuma-bf", @@ -14040,7 +14029,7 @@ "spoofable": 0, "cti": true, "service": "uptime-kuma", - "created_at": "2022-07-04T13:09:30" + "created_at": "2025-10-15T14:07:57.950866" }, "timokoessler/uptime-kuma-bf_user-enum": { "name": "timokoessler/uptime-kuma-bf_user-enum", @@ -14057,7 +14046,7 @@ "spoofable": 0, "cti": true, "service": "uptime-kuma", - "created_at": "2022-07-04T13:09:30" + "created_at": "2025-10-15T14:07:57.952245" }, "xs539/bookstack-bf": { "name": "xs539/bookstack-bf", @@ -14073,7 +14062,7 @@ "spoofable": 0, "cti": true, "service": "bookstack", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T14:07:57.955730" }, "xs539/bookstack-bf_user-enum": { "name": "xs539/bookstack-bf_user-enum", @@ -14089,7 +14078,7 @@ "spoofable": 0, "cti": true, "service": "bookstack", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T14:07:57.957119" }, "xs539/joplin-server-bf": { "name": "xs539/joplin-server-bf", @@ -14105,7 +14094,7 @@ "spoofable": 0, "cti": true, "service": "joplin", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T14:07:57.960804" }, "xs539/joplin-server-bf_user-enum": { "name": "xs539/joplin-server-bf_user-enum", @@ -14121,6 +14110,6 @@ "spoofable": 0, "cti": true, "service": "joplin", - "created_at": "2023-10-02T18:23:03" + "created_at": "2025-10-15T14:07:57.962178" } } \ No newline at end of file