path	# lines of code	# active days	days since first update	days since last update	# commits	# contributors	first updated	last updated	first contributor	last contributor
behavior/rules/cross-platform/execution_potential_reverse_shell_activity_via_terminal.toml	59	4	308	51	4	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/execution_privilege_escalation_enumeration_via_linpeas.toml	41	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/defense_evasion_tampering_of_bash_command_line_history.toml	51	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/defense_evasion_kill_command_executed_from_a_hidden_process.toml	60	2	265	182	2	1	2024-08-22	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/execution_empire_stager_execution.toml	56	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/impact_darkradiation_ransomware_infection.toml	42	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/execution_eggshell_backdoor_execution.toml	34	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/persistence_potential_persistence_via_direct_crontab_modification.toml	81	7	238	15	7	1	2024-09-18	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/privilege_escalation_sudo_heap_based_buffer_overflow_attempt.toml	57	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/impact_suspicious_recursive_file_deletion_via_built_in_utilities.toml	47	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/cross-platform/execution_kill_command_executed_from_binary_in_unusual_location.toml	61	10	238	15	10	1	2024-09-18	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_defender_exclusions_by_path.toml	50	2	308	113	2	1	2024-07-10	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_script_execution_via_msxsl.toml	55	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_powershell_empire_script_execution.toml	41	1	6	6	1	1	2025-05-08	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unusual_registry_modification_via_wmi.toml	73	2	308	251	2	1	2024-07-10	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_process_creation_via_reflection.toml	45	2	308	238	2	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_library_loaded_via_thread_fiber_callback.toml	45	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_startup_persistence_via_unusual_process.toml	63	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_direct_syscall_via_assembly_bytes.toml	100	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_potential_crypto_mining_activity.toml	84	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_execution_via_microsoft_common_console.toml	101	2	308	259	3	1	2024-07-10	2024-08-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_windows_api_call_from_virtual_disk_or_usb.toml	59	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_scheduled_task_creation_via_masqueraded_xml_file.toml	69	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_rundll32_regsvr32_loads_a_dll_downloaded_via_bits.toml	56	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_execution_via_a_callback_function.toml	71	1	197	197	1	1	2024-10-29	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_beacon_masking_from_a_stomped_module.toml	34	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_vss_service_disabled_followed_by_a_suspicious_file_rename.toml	54	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_common_log_file_system_vulnerability_exploitation.toml	39	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_credential_files_creation_via_kerberos.toml	68	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_microsoft_office_loaded_a_dropped_executable_file.toml	69	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_image_hollow_from_unusual_stack.toml	78	6	308	15	6	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_via_invalid_code_signature.toml	79	6	308	15	7	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_via_outlook_application_com_object.toml	102	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unbacked_shellcode_from_unsigned_module.toml	138	6	154	15	6	1	2024-12-11	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_dll_loaded_from_a_macro_enabled_document.toml	79	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_execution_from_mssql_service.toml	63	2	308	238	2	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_via_oversized_image_load.toml	61	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_oversized_dll_creation_followed_by_sideload.toml	72	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_execution_of_commonly_abused_utilities_via_explorer_trampoline.toml	110	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_binary_proxy_execution_via_appvlp.toml	35	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_from_zip_file_via_explorer.toml	81	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_via_windows_command_shell.toml	76	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_powershell_script_with_passwords_vault_access_capability.toml	56	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_execution_via_ihxhelppaneserver.toml	77	2	251	238	2	1	2024-09-05	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_privilege_escalation_via_named_pipe_impersonation.toml	44	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_network_activity_from_a_reflected_process.toml	38	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_access_to_windows_vault_files.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_wps_office_exploit_via_dll_hijack.toml	50	1	238	238	1	1	2024-09-18	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_powershell_execution_via_named_pipe.toml	58	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_via_renamed_utilities.toml	57	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_potential_reverse_shell_via_java.toml	59	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_suspicious_windows_ldap_image_load.toml	67	2	289	154	2	1	2024-07-29	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_unsigned_dll_loaded_from_fake_windows_directory.toml	63	1	209	209	1	1	2024-10-17	2024-10-17	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_privilege_escalation_via_windir_or_systemroot_environment_variable.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_shortcut_modification.toml	85	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_potential_ransomware_note_file.toml	88	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_potential_virtual_machine_fingerprinting_via_vmdetect.toml	40	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_file_written_by_windows_script_host.toml	65	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_protected_process_light_bypass_via_dll_tampering.toml	101	9	308	15	9	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_kernel32_memory_protection.toml	50	3	308	113	3	1	2024-07-10	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_with_ieditionupgrademanager_elevated_com_interface.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_executable_image_tampering_attempt.toml	47	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_microsoft_office_fetching_remote_content.toml	56	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_windows_script_executed_from_a_suspicious_path.toml	78	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_windows_script_file_written_by_a_suspicious_process.toml	107	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_execution_via_shellbrowserwindow_shellwindow_com.toml	112	2	308	238	2	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_ntdll_memory_write.toml	42	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_lsa_dump_via_windows_error_reporting.toml	42	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_browser_exploit_via_fake_rpc_messages.toml	60	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_unsafe_deserialization_in_event_viewer.toml	58	2	308	113	2	1	2024-07-10	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystroke_input_capture_via_directinput.toml	57	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_explorer_device_access_by_unusual_process.toml	54	1	251	251	1	1	2024-09-05	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_image_load_by_system_protected_process.toml	50	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_potential_execution_via_sliver_framework.toml	73	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_connection_to_webservice_by_an_unsigned_binary.toml	193	7	308	99	7	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_powershell_script_with_.net_reflection.toml	75	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_protected_process_dll_injection_via_rpc.toml	43	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_script_file_written_by_microsoft_office_process.toml	98	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_shortcut_file_creation_or_modification.toml	94	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_attempt_to_mount_a_remote_webdav_share.toml	62	4	308	167	5	1	2024-07-10	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_rundll32_with_unusual_arguments.toml	156	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_potential_traffic_tunneling_with_qemu.toml	36	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_injection_from_mounted_device.toml	49	2	99	15	2	1	2025-02-04	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_disabling_hypervisor_protected_code_integrity_via_registry.toml	52	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_access_to_lsa_secrets_registry.toml	78	2	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_execution_from_an_oversized_executable.toml	79	2	308	182	2	1	2024-07-10	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_potential_execution_via_zipexec.toml	55	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_powershell_obfuscation_spawned_via_microsoft_office.toml	114	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_injection_via_the_console_window_class.toml	43	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_sensitive_file_access_system_admin_utilities.toml	89	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_dll_loaded_from_webdav_share.toml	41	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_potential_known_tcp_port_traffic_tunneling.toml	78	4	154	12	4	1	2024-12-11	2025-05-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_image_load_from_smb_shares.toml	75	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_operation_via_direct_syscall.toml	90	5	308	15	5	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_imageload_via_windows_certoc.toml	36	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_library_loaded_via_a_callback_function.toml	53	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_persistence_via_extensible_firmware_modification.toml	79	2	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_waasmedicsvc_com_type_lib_hijack.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_potential_protocol_tunneling_via_legit_utilities.toml	45	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_uac_bypass_via_ielevatedfactoryserver.toml	59	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_windows_script_execution_from_archive_file.toml	68	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_unusual_startup_shell_folder_modification.toml	70	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_via_program_compatibility_assistant.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_trojan_zloader.toml	46	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_cdssync_scheduled_task_hijack.toml	60	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_powershell_console_history_deletion.toml	50	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_dll_side_loading_of_a_file_dropped_by_microsoft_office.toml	83	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_via_dotnet_framework_installation_utility.toml	72	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_suspicious_command_and_control_via_internet_explorer.toml	112	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_api_call_via_windows_script_interpreter.toml	78	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_microsoft_onenote_child_process.toml	84	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_suspicious_registry_symbolic_link.toml	52	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_null_terminated_call_stack.toml	91	7	308	51	7	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_process_injection_via_python.toml	40	4	289	15	4	1	2024-07-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_windows_schedule_child_process.toml	167	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_malicious_mmc_snap_in_execution.toml	47	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_credential_access_via_rubeus.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_memory_allocation_from_a_high_entropy_module.toml	74	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_creation_from_backed_rwx_memory.toml	81	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_startup_persistence_from_a_browser_or_compression_utility_descendant.toml	100	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_api_call_from_a_powershell_script.toml	66	4	121	15	4	1	2025-01-13	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_network_module_loaded_from_suspicious_unbacked_memory.toml	249	16	308	15	17	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_browser_native_messaging_registry_modification.toml	56	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_powershell_execution.toml	179	8	308	51	8	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_missing_dll.toml	97	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_potential_hawkeyes_stealer_infection.toml	50	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_lateral_execution_via_dcom_office_application.toml	41	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_process_creation_via_secondary_logon.toml	58	1	154	154	1	1	2024-12-11	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_suspicious_file_rename_from_unbacked_memory.toml	76	2	308	238	2	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_suspicious_impersonation_as_trusted_installer.toml	113	8	308	51	9	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_module_stomping_from_a_copied_library.toml	53	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_rundll32_regsvr32_loads_dropped_executable.toml	124	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_potential_reverse_shell_via_powershell.toml	54	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_via_asp.net_compiler.toml	39	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_command_shell_execution.toml	144	10	308	51	10	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_via_suspicious_javascript_updates.toml	84	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_execution_via_microsoft_excel_xll_add_in.toml	61	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_potential_lateral_movement_via_smbexec.toml	58	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_self_injection_via_appdomain_manager_assembly.toml	79	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_suspicious_security_product_enumeration.toml	136	6	238	51	6	1	2024-09-18	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_script_base64_encoding.toml	55	2	83	15	2	1	2025-02-20	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_unusual_ldap_client_process.toml	77	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_netntlmv1_downgrade_attack.toml	34	1	6	6	1	1	2025-05-08	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_creation_from_a_stomped_module.toml	65	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_.net_com_object_created_in_non_standard_windows_script_interpreter.toml	82	4	308	15	5	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_process_creation_from_an_unusual_wmi_client.toml	71	5	197	15	5	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_vault_files_access_via_rpc.toml	68	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_unusual_desktop_window_manager_child_process.toml	44	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_creation_with_unusual_mitigation.toml	88	6	308	15	6	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_failed_access_attempt_to_web_browser_files.toml	157	5	308	71	6	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_evasion_via_ldrpkernel32_overwrite.toml	48	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_windows_script_execution_via_mmc_console_file.toml	68	3	308	259	4	1	2024-07-10	2024-08-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_connection_to_dynamic_dns_provider_by_a_signed_binary_proxy.toml	100	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_scheduled_task_from_a_browser_or_compression_utility_descendant.toml	68	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_of_a_binary_dropped_via_microsoft_bsdtar_archive_tool.toml	53	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_managed_.net_code_execution_via_powershell.toml	72	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_network_connect_api_from_unbacked_memory.toml	115	9	289	83	9	1	2024-07-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_cve_2024_21338_exploitation.toml	60	4	289	121	4	1	2024-07-29	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_api_call_via_indirect_random_syscall.toml	108	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_access_to_windows_passwords_vault_via_powershell.toml	64	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_creation_from_unbacked_memory_via_unsigned_parent.toml	60	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_wsreset_execution_hijack.toml	53	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_attempt_to_hide_files_via_registry_modification.toml	67	2	223	15	2	1	2024-10-03	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_suspicious_execution_as_system_via_windows_command_shell.toml	48	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_attempt_to_disable_windows_driver_blocklist_via_registry.toml	41	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_installer_execution_via_explorer.toml	41	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_injection_via_module_stomping.toml	76	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_python_script_interpreter.toml	113	2	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_via_stopping_backup_services.toml	81	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_masquerading_as_svchost.toml	95	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_browser_preferences_file_modification.toml	59	1	251	251	1	1	2024-09-05	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_execution_from_a_downloaded_iso_file.toml	52	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_web_browser_credential_access_via_unsigned_process.toml	76	3	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_logonuser_api_hooking.toml	42	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_memory_page_protection.toml	112	4	83	15	4	1	2025-02-20	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_persistence_via_autodialdll_registry_modification.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_via_renamed_signed_binary_proxy.toml	95	3	308	121	4	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_dllregisterserver_execution_via_msiexec.toml	44	2	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_windows_directory_masquerading.toml	45	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_dll_side_loading_via_a_copied_microsoft_executable.toml	78	3	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_component_object_model_via_dllhost.toml	172	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_indirect_command_execution_via_console_window_host.toml	44	2	308	51	2	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_netwire_rat_registry_modification.toml	51	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_external_ip_address_discovery_via_a_trusted_program.toml	90	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_privilege_escalation_via_windows_installer_hijack.toml	64	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_persistence_via_a_process_from_a_removable_or_mounted_iso_device.toml	92	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_api_call_from_a_process_with_a_spoofed_parent.toml	64	1	113	113	1	1	2025-01-21	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_defense_evasion_via_registry_modification.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_image_load_via_windows_scripts.toml	54	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_msiexec_execution_via_a_windows_script_interpreter.toml	76	3	308	51	4	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_startup_persistence_by_a_low_reputation_process.toml	105	5	308	182	5	1	2024-07-10	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_access_to_web_browser_credential_stores.toml	63	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_api_call_via_jump_rop_gadget.toml	64	2	51	15	2	1	2025-03-24	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_binary_proxy_execution_via_ttdinject.toml	38	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_vault_client_image_load.toml	102	2	308	154	2	1	2024-07-10	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_memory_write_to_trusted_target_process.toml	195	3	99	15	3	1	2025-02-04	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_virtualprotect_via_vectored_exception_handling.toml	49	3	308	197	3	1	2024-07-10	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_remote_process_suspend_activity.toml	142	9	308	99	9	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_api_call_via_timer_callback_event.toml	36	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_msi_repair.toml	45	2	223	154	2	1	2024-10-03	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_library_load_via_rop_gadgets.toml	57	9	308	15	10	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_parent_process_pid_spoofing.toml	148	6	308	15	6	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_autologons_access_attempt_via_registry.toml	60	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_networkcleartext_logon_by_a_suspicious_process.toml	65	3	154	121	3	1	2024-12-11	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_unsigned_dll_loaded_by_a_trusted_process.toml	64	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_potential_execution_via_shortcut_modification.toml	62	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_shortcut_file_modification_via_macro_enabled_document.toml	69	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_common_language_runtime_loaded_via_an_unsigned_module.toml	52	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_getasynckeystate_api_call_from_suspicious_process.toml	73	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_binary_masquerading_via_untrusted_path.toml	214	5	308	15	5	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_computerdefaults_execution_hijack.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_shellcode_injection_via_a_webshell.toml	51	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_initial_access_via_rogue_rdp_server.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unusual_process_running_as_antimalware_protected.toml	127	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_injection_via_pyinstaller_executable.toml	44	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_microsoft_office_child_process.toml	118	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_network_library_load_via_ldrloaddll.toml	66	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_user_account_control_disabled_via_registry.toml	64	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_scriptlet_proxy_execution_via_pubprn.toml	60	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_elastic_tampering_via_pendingfilerename.toml	47	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_windows_nt_api_hooking.toml	51	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_dll_redirection.toml	63	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_suspicious_dns_lookup_by_remote_utilities_rmm.toml	39	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_windows_core_module_change.toml	90	2	15	6	2	1	2025-04-29	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_initial_access_via_dll_search_order_hijacking.toml	70	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_unusual_child_process_integrity_level.toml	59	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_imageload_from_an_iso_mounted_device.toml	49	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_elevation_via_common_log_file_system_exploitation.toml	44	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_renamed_windows_automaton_script_interpreter.toml	83	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_system_bootkey_registry_access.toml	59	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_via_obfuscated_windows_script.toml	96	2	83	15	2	1	2025-02-20	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_command_and_scripting_interpreter_from_suspicious_parent.toml	69	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_security_account_manager_(sam)_file_access.toml	79	2	308	238	2	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_logonui.toml	41	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_file_execution_via_microsoft_html_help.toml	54	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_potential_obfuscated_script_execution.toml	91	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_via_microsoft_office_process.toml	83	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_component_object_model_registry_modification_by_a_low_reputation_process.toml	52	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_via_inline_execute_assembly.toml	52	2	308	113	2	1	2024-07-10	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_via_signed_binary_proxy.toml	118	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_privilege_escalation_via_seimpersonateprivilege.toml	94	11	308	15	11	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_via_windows_installer_transforms.toml	55	2	167	83	2	1	2024-11-28	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_java_application_execution_from_suspicious_paths.toml	52	1	238	238	1	1	2024-09-18	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_file_delivery_via_html_smuggling.toml	73	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_browser_debugging_from_unusual_parent.toml	84	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_microsoft_office_file_execution_via_wmi.toml	57	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_windows_script_downloaded_via_a_lolbin.toml	80	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_execution_via_token_theft.toml	110	7	308	83	8	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_access_to_browser_credentials_from_suspicious_memory.toml	134	7	308	15	8	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_dll_sideload_via_a_microsoft_signed_binary.toml	60	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_registry_hive_dump.toml	57	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_of_a_dnguard_protected_program.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_remote_code_injection.toml	109	3	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_from_unusual_microsoft_signed_module.toml	61	1	121	121	1	1	2025-01-13	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_memory_protection_modification_of_an_unsigned_dll_v1.toml	61	1	289	289	1	1	2024-07-29	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_regsvr32_scriptlet_execution.toml	60	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_via_intel_gfxdownloadwrapper.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_msi_rollback_script_file_by_unusual_process.toml	60	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_file_downloaded_via_windows_openssh.toml	77	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_windows_command_shell_spawned_via_microsoft_office.toml	93	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_microsoft_outlook_remote_code_execution.toml	66	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_dll_hollowing_from_a_writable_image.toml	44	2	251	223	2	1	2024-09-05	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_kernel_driver_registered_via_ntloaddriver.toml	53	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_injection_via_dotnet_debugging.toml	57	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_okta_agent_cross_process_activity.toml	50	2	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_appdomain_manager_configuration_file.toml	76	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_discovery_of_windows_credential_manager_store.toml	85	2	308	209	3	1	2024-07-10	2024-10-17	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_suspicious_file_rename_by_an_unusual_process.toml	77	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_shellcode_fluctuation_v1.toml	121	2	238	15	2	1	2024-09-18	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_file_execution_via_msiexec.toml	105	9	308	51	9	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_access_attempt_to_non_existing_cryptocurrency_wallet.toml	76	4	308	99	5	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystrokes_input_capture_from_suspicious_callstack.toml	81	5	308	71	6	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_localpotato_exploit.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_amsi_or_wldp_bypass_via_memory_patching.toml	77	9	308	6	9	1	2024-07-10	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_image_load_via_ldrloaddll.toml	61	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_windows_authentication_registry_modification.toml	99	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_microsoft_office_file_execution_via_script_interpreter.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_untrusted_dll_loaded_by_a_system_windows_process.toml	69	4	308	167	4	1	2024-07-10	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_process_creation_via_shellcode.toml	46	4	308	51	4	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_potential_data_wiping_attack_behavior.toml	57	2	308	99	2	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_library_loaded_from_a_spoofed_call_stack.toml	47	2	251	83	2	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_security_account_manager_(sam)_registry_access.toml	79	5	308	15	5	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_creation_via_rop_gadgets.toml	59	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_api_call_via_a_windows_installer_module.toml	55	1	167	167	1	1	2024-11-28	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_network_connection_from_microsoft_equation_editor.toml	56	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_windows_installer_via_windows_script.toml	77	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_injection_with_parent_as_provenance.toml	79	3	154	83	3	1	2024-12-11	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_suspended_process_creation.toml	61	3	308	259	3	1	2024-07-10	2024-08-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_self_deletion_of_a_running_executable.toml	48	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_dll_execution_via_visual_studio_live_share.toml	37	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_memory_protection_fluctuation.toml	87	7	308	15	8	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_execution_via_python_script.toml	40	4	238	15	4	1	2024-09-18	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_potential_pentesting_powershell_script.toml	95	3	83	15	3	1	2025-02-20	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_msi_package_installation_via_msiexec.toml	51	2	308	99	2	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_execution_of_file_written_or_modified_by_microsoft_equation_editor.toml	61	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_suspicious_executable_file_creation.toml	92	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_amsi_bypass_via_unbacked_memory.toml	47	2	167	6	2	1	2024-11-28	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_oversized_script_execution.toml	68	1	308	308	2	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_sensitive_file_access_cloud_credentials.toml	72	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_image_load_via_transactional_ntfs.toml	49	3	289	83	3	1	2024-07-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_shellcode_injection_via_node.js.toml	41	10	289	15	10	1	2024-07-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_suspicious_kernel_mode_address_manipulation.toml	42	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_dll_dropped_by_msiexec_followed_by_sideload.toml	114	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_lsass_access_attempt_from_unbacked_memory.toml	65	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_internet_activity_from_suspicious_unbacked_memory.toml	93	2	308	251	2	1	2024-07-10	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_rogue_winrm.toml	56	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_via_msiexec_downloadandexecute_customaction.toml	49	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_process_termination_from_an_unusual_wmi_client.toml	62	3	197	51	3	1	2024-10-29	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_execution_from_a_mounted_device.toml	76	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_imageload_via_odbc_driver_configuration_program.toml	44	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_evasion_via_multiple_memory_section_mapping.toml	39	2	209	121	2	1	2024-10-17	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_evasion_via_sleep_api_hooking.toml	38	1	6	6	1	1	2025-05-08	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_windows_explorer_execution.toml	83	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_chromium_extension_loaded_from_unusual_parent.toml	74	3	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_evasion_via_event_tracing_for_windows_patching.toml	52	3	308	182	4	1	2024-07-10	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_execution_from_suspicious_stack_trailing_bytes.toml	122	5	308	15	5	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_dll_side_loading_from_windows_media_player_folder.toml	59	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_dll_injection_via_mavinject_utility.toml	45	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_ingress_dll_transfer_followed_by_dll_sideloading.toml	64	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_execution_from_inet_cache.toml	71	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_thread_suspension_from_unbacked_memory.toml	51	1	154	154	1	1	2024-12-11	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_via_stack_rumbling.toml	61	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_remcos_rat_registry_or_file_modification.toml	56	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_wmi_library_load.toml	35	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_windows_script_downloaded_from_the_internet.toml	74	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_untrusted_process_writing_to_commonly_abused_persistence_locations.toml	71	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_windows_activation_execution_hijack.toml	54	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_stared_via_remote_thread.toml	42	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_windows_firewall_snap_in_hijack.toml	64	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_execution_via_a_mounted_image_file.toml	47	1	308	308	2	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_shellcode_injection_via_clr.toml	125	3	113	15	3	1	2025-01-21	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unsigned_dll_from_suspicious_directory.toml	140	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_rundll32_or_regsvr32_loaded_a_dll_from_unbacked_memory.toml	100	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_webshell_via_screenconnect_server.toml	52	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_unexpected_smb_connection_from_user_mode_process.toml	71	3	308	238	4	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_activity_from_a_control_panel_applet.toml	59	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_dll_hijacking_via_environment_paths.toml	98	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_cmd_execution_via_wmi.toml	53	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_execution_via_microsoft_officecmd_url_handler.toml	36	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_remote_access_to_sensitive_registry_keys.toml	56	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_embedded_executable_via_windows_shortcut_file.toml	79	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_dccw_dll_search_order_hijacking.toml	76	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_registry_persistence_via_microsoft_office_descendant_process.toml	98	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_connection_to_webservice_by_a_signed_binary_proxy.toml	231	12	308	15	12	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_via_wmi_commandline_event_consumer.toml	45	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_execution_via_windows_management_instrumentation.toml	123	4	308	121	5	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_thread_context_manipulation.toml	100	3	308	154	4	1	2024-07-10	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_payload_decoded_via_certutil.toml	47	3	308	154	3	1	2024-07-10	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_execution_from_a_macro_enabled_office_document.toml	99	6	308	51	6	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_network_activity_from_a_stomped_module.toml	95	9	308	15	10	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_network_connection_via_startup_item.toml	87	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_windows_service_dll_creation.toml	82	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_image_load_via_transactional_ntfs.toml	41	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_virtualprotect_via_jscript9_from_internet_explorer.toml	112	1	182	182	1	1	2024-11-13	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_library_load_of_a_file_written_by_a_signed_binary_proxy.toml	68	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_renamed_third_party_administrator_tools.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_control_panel_process_with_unusual_arguments.toml	63	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_untrusted_dll_loaded_by_a_persistent_program.toml	175	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_unusual_kerberos_client_process.toml	47	2	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_windows_shortcut_file_embedded_object_execution.toml	104	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_script_interpreter_child_process.toml	91	3	308	51	3	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_script_interpreter_process_writing_to_commonly_abused_persistence_locations.toml	91	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shadow_copy_service_disabled_via_registry_modification.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_execution_via_winrar_exploitation.toml	65	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_crashdump_disabled_via_registry_modification.toml	42	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_suspicious_execution_via_windows_services.toml	200	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_netsupport_execution_form_unusual_path.toml	39	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_delayed_common_language_runtime_load.toml	62	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_unsigned_file_execution_via_network_logon.toml	58	3	308	71	3	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_injection_via_nsis_installer.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_suspicious_nullsessionpipe_registry_modification.toml	64	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_dns_query_to_suspicious_top_level_domain.toml	126	11	308	51	12	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_cve_2022_38028.toml	45	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_malicious_reputation_of_executable_download.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_suspicious_ntoskrnl_image_load.toml	44	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_scheduled_task_registry_modification.toml	54	3	308	154	3	1	2024-07-10	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_console_execution_from_unbacked_memory.toml	128	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_chrome_browser_spawned_from_an_unusual_parent.toml	62	1	197	197	1	1	2024-10-29	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_sensitive_file_access_remote_desktop_connection_manager.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_executable_stored_in_the_registry.toml	36	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_downloaded_executable_with_low_or_unknown_reputation.toml	47	1	99	99	1	1	2025-02-04	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_script_file_written_to_startup_folder.toml	41	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_microsoft_office_process_setting_persistence_via_startup.toml	56	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_system_binary_proxy_execution_via_scriptrunner.toml	37	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_via_obfuscated_commands.toml	104	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_process_creation_via_direct_syscall.toml	40	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_ntdll_memory_protection_change_via_unsigned_dll.toml	80	1	6	6	1	1	2025-05-08	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_exploit_via_fake_rpc_messages.toml	43	2	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_microsoft_common_language_runtime_loaded_from_suspicious_memory.toml	58	3	308	71	3	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_potential_remote_desktop_protocol_tunneling.toml	52	4	154	6	4	1	2024-12-11	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_endpoint_security_evasion_via_firewallrules.toml	47	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_via_windows_command_line_debugging_utility.toml	39	1	251	251	1	1	2024-09-05	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_attempt_to_disable_windows_defender_services.toml	47	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_binary_proxy_execution_via_rundll32.toml	92	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_unusual_file_written_or_modified_in_startup_folder.toml	90	2	308	251	2	1	2024-07-10	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_registry_modification_via_wmi_stdregprov.toml	58	4	197	15	4	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_powershell_execution_via_windows_scripts.toml	128	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_image_file_execution_options_modification.toml	81	3	308	182	4	1	2024-07-10	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_hijacking_winmgmt_mmc.toml	66	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_unusual_privilege_escalation_to_system.toml	59	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_access_to_active_directory_database_file.toml	51	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_via_internet_explorer_exporter.toml	41	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_anti_debug_via_memory_patching.toml	58	1	308	308	2	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_browser_credentials_stealer.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_file_dropped_by_a_macro_enabled_document.toml	47	4	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_api_from_an_unsigned_service_dll.toml	53	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_defender_exclusions_via_wmi.toml	57	2	197	121	2	1	2024-10-29	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_control_panel_execution_hijack.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_defender_exclusions_by_extension.toml	49	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_registry_run_key_prefixed_with_asterisk.toml	63	2	308	154	2	1	2024-07-10	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_indirect_command_execution_via_forfiles.toml	44	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_powershell_engine_loaded_via_injection.toml	65	2	308	99	2	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_execution_from_a_pdf_documents.toml	45	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_msbuild_with_unusual_arguments.toml	57	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_suspicious_windows_service_execution.toml	47	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_regsvr32_with_unusual_arguments.toml	92	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_suspicious_remote_security_product_enumeration.toml	35	1	209	209	1	1	2024-10-17	2024-10-17	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_silentcleanup_task_dll_search_order_hijacking.toml	57	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_amsi_bypass_via_com_registry_modification.toml	40	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_microsoft_office_addin_loaded.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_windows_defender_exclusions_added_via_powershell.toml	82	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_suspicious_dns_query_by_msiexec.toml	56	2	197	182	2	1	2024-10-29	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_potential_plugx_registry_modification.toml	69	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_com_to_.net_redirection_via_registry.toml	50	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_java_application_with_unusual_file_extension.toml	58	4	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_newcredential_logon_by_a_suspicious_process.toml	73	6	154	12	6	1	2024-12-11	2025-05-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_suspicious_dns_query_from_mounted_virtual_disk.toml	225	4	308	167	4	1	2024-07-10	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_php_script_execution.toml	69	1	6	6	1	1	2025-05-08	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_scheduled_task_creation_by_an_unusual_process.toml	160	7	308	83	7	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystroke_messages_hooking_via_setwindowshookex.toml	94	3	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unsigned_dll_loaded_by_an_elastic_signed_binary.toml	45	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_via_untrusted_parent_process.toml	48	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_script_execution_from_webdav.toml	56	1	113	113	1	1	2025-01-21	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_scriptlet_execution_via_cmstp.toml	59	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_script_file_name.toml	125	3	308	51	4	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_renamed_autoit_scripts_interpreter.toml	40	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_script_execution_via_vbsedit_launcher.toml	48	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_ingress_tool_transfer_via_inet_cache.toml	46	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_lsa_dump_via_silentprocessexit.toml	41	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_ingress_transfer_via_windows_utility.toml	37	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_writeprocessmemory_to_suspicious_memory_location.toml	68	3	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_ntdll_loaded_from_an_unusual_path.toml	55	7	308	113	7	1	2024-07-10	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_google_credentials_phishing.toml	58	1	197	197	1	1	2024-10-29	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystrokes_input_capture_from_a_suspicious_module.toml	52	3	308	182	3	1	2024-07-10	2024-11-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_ntdll_image_load.toml	57	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_execution_via_sql_powershell.toml	36	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_execution_of_file_written_or_modified_by_microsoft_office.toml	53	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_powershell_execution_via_runscripthelper.toml	35	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_virtualprotect_call_via_nttestalert.toml	42	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_bcdedit_safe_mode_command_execution.toml	85	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_sensitive_file_access_ssh_saved_keys.toml	101	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_office_application_startup_via_template_file_modification.toml	57	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_mmc_dll_search_order_hijacking.toml	65	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_lsass_access_attempt_from_an_unsigned_executable.toml	45	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_persistence_via_winsock_name_space_dll.toml	49	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_suspended_via_ttd_monitor_driver.toml	52	1	251	251	1	1	2024-09-05	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_scheduled_task_creation_from_suspicious_parent.toml	63	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_string_value_written_to_registry_run_key.toml	146	3	308	167	4	1	2024-07-10	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_potential_powershell_empire_execution.toml	43	1	6	6	1	1	2025-05-08	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unusual_windows_system_service_disabled.toml	53	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_call_stack_trailing_bytes.toml	45	5	308	15	5	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_registry_or_file_modification_from_suspicious_memory.toml	135	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_javascript_execution_via_node.js.toml	57	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_shell_execution_via_windows_shortcut_file.toml	90	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_parent_process_pid_spoofing_via_malseclogon.toml	66	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_managed_.net_code_execution_via_windows_script_interpreter.toml	76	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_executable_memory_mapping.toml	87	3	154	15	3	1	2024-12-11	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_process_injection_via_mapping.toml	45	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_scheduled_task_by_a_low_reputation_process.toml	55	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_service_imagepath_value.toml	42	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_token_impersonation.toml	91	3	308	71	3	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_wmi_enumeration_via_windows_scripts.toml	74	2	83	51	2	1	2025-02-20	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_wmic_xsl_script_execution.toml	62	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_ntdll_memory_unhooking.toml	85	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_credential_access_via_known_utilities.toml	94	4	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_dual_persistence_via_startup_and_scheduled_task.toml	86	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_encoded_powershell_execution_via_msiexec.toml	59	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_icmluautil_elevated_com_interface.toml	53	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_dll_search_order_hijacking_of_an_existing_program.toml	68	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_persistence_via_bits_setnotifycmdline_method.toml	58	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_injection_via_asynchronous_procedure_call.toml	46	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_privilege_escalation_via_ntlmrelay2self.toml	50	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_sdclt.toml	50	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_privilege_escalation_via_extended_startupinfo.toml	108	6	308	71	6	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_registry_run_key_modified_by_unusual_process.toml	142	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_suspicious_process_execution_via_network_logon.toml	356	7	308	12	8	1	2024-07-10	2025-05-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_control_panel_dll_loaded_by_explorer.toml	63	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_downloaded_windows_script_via_explorer.toml	90	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_command_shell_execution_via_windows_run.toml	71	2	51	15	2	1	2025-03-24	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_interactive_logon_by_a_suspicious_process.toml	84	5	154	15	5	1	2024-12-11	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_java_execution_via_a_windows_script.toml	45	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_browser_debugging_via_localhost.toml	69	3	154	15	3	1	2024-12-11	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_firewall_exception_list_modified_via_untrusted_process.toml	52	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_startup_persistence_via_microsoft_office_descendant_process.toml	75	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_delegateexecute_registry_modification.toml	66	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_scriptlet_execution_via_rundll32.toml	60	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_execution_via_dcom.toml	171	3	308	167	3	1	2024-07-10	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystrokes_input_capture_via_setwindowshookex.toml	52	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_parallel_ntdll_loaded_from_unbacked_memory.toml	51	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_from_archive_or_removable_media_via_unbacked_code.toml	64	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_microsoft_equation_editor_child_process.toml	55	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_diskcleanup_scheduled_task_hijack.toml	50	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_suspicious_communication_via_mail_protocol.toml	102	5	308	99	6	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_unusual_remote_desktop_client_process.toml	62	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_winrar_cve_2023_38831_exploitation.toml	61	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_script_process_execution.toml	85	1	308	308	2	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_scheduled_task_from_a_removable_or_mounted_iso_device.toml	69	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_attempt_to_disable_driver_via_hvcidisallowedimages.toml	39	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_microsoft_office_embedded_object.toml	54	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_rundll32_or_regsvr32_executing_an_oversized_file.toml	49	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystrokes_input_capture_from_unsigned_dll.toml	71	4	308	99	4	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_connection_to_dynamic_dns_provider_by_an_unsigned_binary.toml	98	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_scheduled_task_creation.toml	66	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_execution_of_a_file_dropped_from_smb_via_services.toml	181	2	113	15	2	1	2025-01-21	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_signed_binary_execution_via_microsoft_office.toml	107	3	308	51	3	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_remote_memory_allocation.toml	103	7	308	15	8	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_unbacked_memory_content_masking.toml	37	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_binary_proxy_execution_via_windows_openssh.toml	44	4	308	121	4	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystrokes_input_capture_from_a_managed_application.toml	59	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_execution_of_a_file_dropped_from_smb.toml	172	5	308	51	5	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_dismcore_dll_side_loading.toml	70	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_external_ip_address_discovery_via_untrusted_program.toml	111	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_direct_syscall_from_unsigned_module.toml	80	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_credential_access_via_windows_credential_history.toml	59	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_discovery_of_dpapi_master_keys.toml	89	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_dll_hollowing_with_transactional_ntfs.toml	37	1	121	121	1	1	2025-01-13	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_amsi_bypass_via_powershell.toml	74	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_svchost_registry_modification.toml	57	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_consent_dll_search_order_hijacking.toml	75	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_firewall_policy_changed_by_a_suspicious_process.toml	55	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_unusual_powershell_engine_imageload.toml	139	2	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_command_shell_activity_started_via_rundll32.toml	75	4	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_process_with_a_spoofed_parent.toml	102	7	308	51	7	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_windows_script_downloaded_from_the_internet.toml	94	2	113	99	2	1	2025-01-21	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_transacted_file_activity_via_an_unsigned_dll.toml	42	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_memory_write_to_a_non_child_process.toml	71	3	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_suspicious_file_rename_via_smb.toml	46	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_execution_via_compiled_html_file.toml	73	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_injection_from_a_lua_script.toml	45	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_common_log_file_system_exploit.toml	37	1	167	167	1	1	2024-11-28	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_parent_child_relationship.toml	116	3	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_registry_modification_via_microsoft_office.toml	92	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_dynwrapx_image_load_via_windows_scripts.toml	50	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_script_execution_via_microsoft_html_application.toml	85	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_file_redirection.toml	99	4	308	121	4	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_injection_via_powershell.toml	78	3	289	15	3	1	2024-07-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_uncommon_persistence_via_registry_modification.toml	72	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_registry_modification_via_wmi.toml	197	2	308	238	2	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unusual_dll_extension_loaded_by_rundll32_or_regsvr32.toml	78	4	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_inhibit_system_recovery_followed_by_a_suspicious_file_rename.toml	59	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_service_communication_via_mail_protocol.toml	56	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_defense_evasion_via_filter_manager_control_program.toml	35	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_powershell_downloads.toml	119	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_potential_credential_access_via_mimikatz.toml	63	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/discovery_potential_browser_information_discovery.toml	77	1	308	308	2	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_scheduled_task_creation_via_unsigned_parent.toml	55	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unusual_network_connection_via_rundll32.toml	47	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_ingress_tool_transfer_via_powershell.toml	76	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_exploitation_via_comdotnet_exploit.toml	49	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_wow64_logger_dll_side_loading.toml	65	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_shadow_copy_deletion_via_windows_management_instrumentation.toml	47	3	209	121	3	1	2024-10-17	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_masquerading_as_windows_error_manager.toml	85	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_via_wmi_followed_by_network_connection.toml	52	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_virtualalloc_api_call_from_an_unsigned_dll.toml	110	6	308	15	6	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_remcos_rat_exepath_registry_modification.toml	51	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_evasion_via_device_credential_deployment.toml	41	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_bitsadmin_activity.toml	108	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_suspicious_access_to_cryptocurrency_wallet_files.toml	111	2	308	51	2	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_from_a_password_protected_self_extracting_archive.toml	41	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_self_service_persistence_by_an_unsigned_process.toml	93	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_microsoft_iis_worker_descendant.toml	83	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_from_suspicious_directory.toml	123	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_windows_service_configuration_hjack.toml	47	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_fodhelper_execution_hijack.toml	46	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_execution_via_microsoft_exchange_transport_agent.toml	38	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_suspended_process_code_injection.toml	116	7	308	15	7	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_error_manager_reporting_masquerading.toml	44	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_untrusted_file_execution_via_microsoft_office.toml	49	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_api_via_a_callback_function.toml	54	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_process_creation_via_microsoft_office_add_ins.toml	65	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_failed_attempts_to_access_sensitive_files.toml	92	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_memory_size_protection_via_virtualprotect.toml	64	1	113	113	1	1	2025-01-21	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_network_connection_via_process_with_unusual_arguments.toml	78	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_binary_proxy_execution_via_pester.toml	38	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_ingress_tool_transfer_via_curl.toml	53	2	308	99	2	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_microsoft_office_addin_creation.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_execution_of_a_file_written_by_a_signed_binary_proxy.toml	57	2	308	99	2	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_execution_with_unusual_file_extension.toml	44	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_wmi_event_consumer_subscription.toml	41	1	209	209	1	1	2024-10-17	2024-10-17	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_imageload_via_windows_update_auto_update_client.toml	56	3	308	209	3	1	2024-07-10	2024-10-17	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_evasion_with_hardware_breakpoints.toml	92	7	308	15	7	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_suspicious_execution_from_a_windows_script.toml	73	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_of_a_windows_script_with_unusual_file_extension.toml	61	2	308	259	2	1	2024-07-10	2024-08-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_autoconfigurl_settings_hijack.toml	42	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_keystroke_input_capture_via_registerrawinputdevices.toml	52	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_browser_files_modification.toml	55	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_oversized_windows_script_execution.toml	66	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_suspicious_netsupport_execution.toml	40	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_cve_2024_21412_exploitation.toml	56	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_startup_persistence_via_windows_script_interpreter.toml	97	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_potential_remote_execution_via_imsiserver.toml	54	1	113	113	1	1	2025-01-21	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_via_syncappvpublishingserver.toml	62	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_execution_via_foxmail_exploitation.toml	51	1	238	238	1	1	2024-09-18	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_command_shell_execution_from_untrusted_origin.toml	88	1	83	83	1	1	2025-02-20	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_windows_lua_script_execution.toml	44	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_windows_defender_registry_modification.toml	72	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_startup_persistence_via_a_windows_installer.toml	71	2	289	15	2	1	2024-07-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_dll_hijack_via_directory_spoofing.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_sensitive_hive_access_via_registry_backup.toml	72	2	289	223	2	1	2024-07-29	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_execution_via_a_suspicious_wmi_client.toml	110	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_privilege_escalation_via_microsoft_exchange_dll_hijacking.toml	43	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_potential_decoy_document_via_user_execution.toml	87	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_unsigned_dll_loaded_by_rundll32_via_com.toml	58	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/impact_potential_ransomware_note_file_via_smb.toml	44	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_download_activity_via_a_headless_browser.toml	43	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_shell_extension_handler_registry_modification.toml	67	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_wmi_image_load_via_microsoft_office.toml	85	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/collection_getasynckeystate_api_call_from_unusual_process.toml	74	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_execution_of_a_file_dropped_from_kernel_mode.toml	40	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_from_unusual_directory.toml	189	5	308	15	5	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_behavior_from_suspicious_rwx_provenance.toml	74	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_execution_from_low_reputation_module.toml	123	11	308	15	12	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_startup_persistence_from_backed_rwx_memory.toml	65	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/persistence_suspicious_component_object_model_registry_modification.toml	79	2	197	154	2	1	2024-10-29	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_allowprotectedrenames_registry_modification.toml	48	2	308	259	2	1	2024-07-10	2024-08-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_dll_sideload_via_a_renamed_signed_binary.toml	53	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_process_memory_write_to_a_non_child_process.toml	184	3	99	15	3	1	2025-02-04	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_ms_office_execution_via_dcom.toml	65	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/command_and_control_remcos_rat_inetcookies_file_deletion.toml	48	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_api_behavior_from_a_signed_module.toml	248	2	71	51	2	1	2025-03-04	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_windows_system_module_remote_hooking.toml	57	3	308	15	3	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_driver_dropped_by_untrusted_executable.toml	65	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_remote_registry_modification.toml	75	5	308	6	5	1	2024-07-10	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_binary_proxy_execution_via_runexehelper.toml	44	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_microsoft_html_help_descendant.toml	75	2	167	83	2	1	2024-11-28	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_potential_image_load_with_a_spoofed_creation_time.toml	97	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_execution_via_wmi_activescript_event_consumer.toml	76	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_asynchronous_procedure_call_from_unusual_module.toml	62	1	6	6	1	1	2025-05-08	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_image_load_via_synthetic_stack_spoofing.toml	53	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_msiexec_child_process.toml	95	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_executable_memory_permission_modification.toml	55	5	308	121	6	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_lsass_memory_dump_via_minidumpwritedump.toml	42	2	308	238	2	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_shellcode_fluctuation_via_callback.toml	40	2	223	167	2	1	2024-10-03	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_suspicious_execution_via_dotnet_remoting.toml	49	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_untrusted_document_opened_via_microsoft_office.toml	121	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_access_token_manipulation_via_child_process.toml	97	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/initial_access_suspicious_shortcut_file_overwrite.toml	61	2	259	251	2	1	2024-08-28	2024-09-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_sensitive_file_access_unattended_panther.toml	78	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_remote_process_memory_write_by_low_reputation_module.toml	177	3	83	15	3	1	2025-02-20	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_via_event_viewer.toml	65	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_potential_privilege_escalation_via_elevated_ifileoperation.toml	87	2	308	223	2	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_potential_command_and_control_via_windows_scripts.toml	62	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/lateral_movement_imageload_of_a_file_dropped_via_smb.toml	84	1	113	113	1	1	2025-01-21	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/credential_access_lsass_access_attempt_via_ppl_bypass.toml	72	6	308	15	7	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/execution_script_execution_via_apds_xss_injection.toml	64	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_evasion_via_file_name_masquerading.toml	91	2	308	15	2	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/privilege_escalation_uac_bypass_attempt_via_elevated_com_internet_explorer_add_on_installer.toml	45	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/windows/defense_evasion_dll_control_panel_items_registry_modification.toml	47	2	308	71	2	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_cron_tab_creation_or_modification_via_shell_command.toml	60	2	113	83	2	1	2025-01-21	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_to_suspicious_top_level_domain.toml	51	2	71	51	2	1	2025-03-04	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_osascript_execution_via_piped_applescript.toml	41	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_potential_persistence_via_emond.toml	68	4	308	121	4	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_execution_via_apple_installer_package.toml	40	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_untrusted_or_unsigned_binary_execution_via_osascript.toml	42	2	113	83	2	1	2025-01-21	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_unsigned_or_untrusted_process_execution_and_immediate_self_deletion.toml	44	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_ssh_keys_accessed_by_osascript.toml	40	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_tccutil_reset_via_suspicious_binary.toml	41	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/privilege_escalation_potential_privilege_escalation_via_root_crontab_file_modification.toml	40	2	308	197	2	1	2024-07-10	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/privilege_escalation_suspicious_privilegedhelpertool_activity.toml	58	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_audio_unit_plug_in_file_access.toml	45	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_keychain_dump_via_native_security_tool.toml	50	6	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/discovery_suspicious_sip_check_by_macos_application.toml	49	5	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/privilege_escalation_potential_privilege_escalation_via_tcc_bypass_with_fake_tcc.db.toml	57	5	308	121	5	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_execution_of_javascript_payload_via_python.toml	46	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_cloud_credential_files_accessed_by_process_in_suspicious_directory.toml	63	4	289	83	4	1	2024-07-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_dock_tile_plug_in_load.toml	39	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_powershell_encoded_command.toml	51	6	308	15	6	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_embedded_payload_dropped_and_executed.toml	44	5	280	83	5	1	2024-08-07	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_user_tcc_db_access_by_unsigned_or_untrusted_process.toml	50	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_unsigned_application_execution_via_shell.toml	44	3	238	83	3	1	2024-09-18	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_network_connection_to_gmail_via_nodejs.toml	58	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_file_made_executable_via_package_install_script.toml	63	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_dscl_execution_via_osascript.toml	49	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/discovery_potential_virtual_machine_fingerprinting_via_grep.toml	46	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_crypto_wallet_file_access_via_commandline.toml	61	5	308	71	5	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_executable_file_creation_via_base64.toml	44	4	265	83	4	1	2024-08-22	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_unusually_large_script_executed_by_osascript.toml	42	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_execution_via_automator_application.toml	42	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_python_initial_access_via_google_drive.toml	62	3	113	83	3	1	2025-01-21	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_binary_aws_s3_connection.toml	41	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_stop_of_tccd_via_launchctl.toml	54	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_curl_from_macos_application.toml	48	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_cloud_credential_files_accessed_by_osascript.toml	41	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_nohup_execution_followed_by_outbound_network_connection.toml	77	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_suspicious_apple_mail_rule_plist_creation_or_modification.toml	45	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_unusual_bundle_execution_via_shell.toml	44	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_terminal_window_hidden_or_closed_via_osascript.toml	42	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_unsigned_or_untrusted_binary_execution_via_cron.toml	54	1	113	113	1	1	2025-01-21	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_manual_loading_of_a_suspicious_chromium_extension.toml	48	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_volume_muted_via_osascript.toml	40	3	251	83	3	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_shlayer_malware_infection.toml	42	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_archive_file_download_via_curl.toml	50	3	148	83	3	1	2024-12-17	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_decoy_document_creation_via_curl.toml	41	7	251	83	7	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_quarantine_attribute_removal_via_textedit.toml	52	2	121	83	2	1	2025-01-13	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_terminal_child_process_execution.toml	57	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_electron_command_execution.toml	44	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_telegram_data_accessed_by_osascript.toml	41	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_persistence_via_a_hidden_plist_filename.toml	73	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_curl_to_oast_domain.toml	37	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_installer_remote_plugin_service_child_process.toml	44	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_potential_binary_masquerading_via_invalid_code_signature.toml	51	5	308	121	5	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_payload_decoded_and_decrypted_via_built_in_utilities.toml	70	4	308	121	4	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_operating_system_security_updates_disabled.toml	39	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/exfiltration_potential_data_exfiltration_via_curl.toml	55	6	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_python_package_child_process_execution.toml	57	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_unusual_dylib_load_from_users_shared_directory.toml	37	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_suspicious_file_creation_via_pkg_install_script.toml	69	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_terminal_closed_with_pkill_or_killall.toml	45	5	223	83	5	1	2024-10-03	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_potential_masquerading_as_system_binary.toml	55	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_to_ftp_server_via_raw_ip.toml	34	2	113	83	2	1	2025-01-21	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_potential_tcc_bypass_via_electron_web_inspector_api.toml	44	3	280	83	3	1	2024-08-07	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_macos_application_hidden_executable_file.toml	41	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_executable_download_via_curl.toml	37	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_suspicious_startupitem_plist_creation_or_modification.toml	43	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_potential_xcsset_malware_infection.toml	36	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_disown_execution_via_shell_command_from_volume_mount.toml	44	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_crypto_wallet_or_web_browser_file_access_via_nodejs.toml	66	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_macos_interactive_shell_spawned_via_hidden_process.toml	42	2	121	83	2	1	2025-01-13	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_unusually_large_osa_script_execution_via_shell_command.toml	50	4	280	83	4	1	2024-08-07	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_child_process_execution_via_interactive_shell.toml	53	5	308	51	5	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_download_and_osascript_payload_execution_via_node.toml	44	2	121	83	2	1	2025-01-13	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_hidden_file_network_connection_and_executable_download.toml	38	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_web_browser_credential_data_accessed_by_osascript.toml	45	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_script_compilation_via_osacompile.toml	43	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_macos_hidden_file_mounted.toml	50	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_execution_via_env_binary.toml	42	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_xpc_service_child_process.toml	68	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_unload_of_elastic_agent_via_launchctl.toml	74	6	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_file_attribute_clearing.toml	44	6	251	15	6	1	2024-09-05	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_to_telegram_api.toml	43	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_file_hidden_via_setfile.toml	44	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_deobfuscation_via_shell_script.toml	43	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_reflective_dylib_load.toml	73	7	308	83	7	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/initial_access_suspicious_execution_via_macos_script_editor.toml	81	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_untrusted_process_execution_with_invalid_plist_or_code_signature.toml	46	6	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_crypto_wallet_or_web_browser_file_access_via_osascript.toml	65	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_modification_of_safari_settings_via_defaults_command.toml	38	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_interactive_shell_execution.toml	47	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_potential_wizardupdate_malware_infection.toml	36	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_file_download_via_google_drive.toml	62	2	113	83	2	1	2025-01-21	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_elevated_command_execution.toml	44	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_osa_script_execution_via_unsigned_or_untrusted_parent.toml	44	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_network_connection_via_installer_package.toml	63	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_user_discovery_command_execution_from_volume_mount.toml	55	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/initial_access_initial_access_or_execution_via_microsoft_office_application.toml	172	4	308	121	4	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_crypto_wallet_file_access_by_unsigned_or_untrusted_binary.toml	62	6	308	71	6	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/privilege_escalation_potential_sip_bypass_via_the_shoveservice.toml	37	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_quarantine_attribute_deleted_via_untrusted_binary.toml	51	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_suspicious_user_keychain_access_via_nodejs.toml	48	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_potential_payload_download_via_applescript_applet.toml	59	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_large_script_execution_via_shell_command.toml	47	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_openssl_execution_via_macos_application.toml	74	6	308	15	6	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_url_as_process_argument_via_installer_package.toml	49	5	308	71	5	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_automator_workflows_execution.toml	39	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/discovery_external_ip_address_discovery_via_curl.toml	93	8	289	83	8	1	2024-07-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_screensaver_plist_file_modified_by_unexpected_process.toml	58	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_mach_o_file_with_unusual_extension.toml	46	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_user_keychain_db_access_by_osascript.toml	39	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_telegram_data_accessed_by_unsigned_or_untrusted_process.toml	41	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_local_file_read_or_write_via_osascript.toml	35	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_initial_access_discovery_via_applet_executable.toml	48	5	308	6	5	1	2024-07-10	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_file_overwrite_and_modification_via_echo.toml	69	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/lateral_movement_potential_kerberos_attack_via_bifrost.toml	55	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_unsigned_or_untrusted_binary_execution_via_zshrc.toml	53	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_initial_access_via_audio_unit_plug_in.toml	55	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_web_browser_credential_data_accessed_by_unsigned_or_untrusted_process.toml	48	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_launchpad_hijack.toml	56	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_potential_decoy_document_via_open.toml	47	5	251	83	5	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_exfiltration_data_staging_in_temporary_directory_via_osascript.toml	40	4	265	83	4	1	2024-08-22	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_slack_workspace_files_accessed_by_unsigned_or_untrusted_process.toml	45	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_command_execution_via_screen_session.toml	43	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_applescript_decoded_via_base64.toml	43	5	251	83	5	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_task_for_pid_system_call.toml	62	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_executable_file_extracted_to_temporary_directory.toml	56	10	308	83	10	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_keychain_credential_files_collected_via_archive_utility.toml	71	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_suspicious_archive_creation_via_ditto.toml	49	6	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/privilege_escalation_executewithprivileges_prompt_via_unsigned_or_untrusted_application.toml	58	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_kerberos_config_file_accessed_by_untrusted_or_unsigned_process.toml	38	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_cocoa_applet_binary_execution.toml	45	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_reading_or_modifying_downloaded_files_database_via_sqlite_utility.toml	31	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_osascript_payload_drop_and_execute.toml	45	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_in_memory_jxa_execution_via_scriptingadditions.toml	50	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/privilege_escalation_elevated_apple_script_execution_via_unsigned_parent.toml	50	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_tclsh_execution_followed_by_immediate_network_connection.toml	41	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_potential_data_collection_in_temporary_directory_by_hidden_executable.toml	45	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_executable_file_access_or_modification_via_osascript.toml	33	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_initial_access_staging_via_installer_package.toml	55	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_dumping_account_hashes_via_built_in_commands.toml	37	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_decoded_or_decrypted_payload_written_to_suspicious_directory.toml	94	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_unsigned_or_untrusted_process_execution_via_installer.toml	43	4	308	71	4	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_child_process_of_expect.toml	45	5	280	83	5	1	2024-08-07	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_persistence_via_suspicious_launch_agent_or_launch_daemon.toml	128	7	308	121	7	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_default_application_hijacking.toml	41	4	251	83	4	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_slack_workspace_files_accessed_by_osascript.toml	45	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_at_job_creation_or_modification_via_shell_command.toml	60	2	113	83	2	1	2025-01-21	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_file_quarantine_removal_via_find.toml	44	3	251	83	3	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_python_script_execution_via_shell_and_remote_network_connection.toml	58	3	182	83	3	1	2024-11-13	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_execution_of_non_executable_file_via_shell.toml	53	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_url_as_argument_to_self_signed_binary.toml	48	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_notificationcenter_silenced_via_killall_binary.toml	45	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_background_process_execution_via_shell.toml	57	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_systemkey_access_via_command_line.toml	43	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_kerberos_config_file_accessed_by_osascript.toml	37	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_execution_via_commandline_shell_script.toml	49	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_executable_download_via_ruby.toml	43	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_executable_file_download_via_osascript.toml	37	4	238	83	4	1	2024-09-18	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_url_as_argument_to_python_script_and_immediate_network_connection.toml	49	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_hidden_executable_and_immediate_network_connection.toml	45	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_dylib_load_via_ssh_keygen.toml	32	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_initial_access_via_osa_shell_script_piped_to_python_interpreter.toml	57	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_execution_of_unsigned_or_untrusted_process_via_sudo.toml	47	5	238	83	5	1	2024-09-18	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_dylib_injection_via_process_environment_variables.toml	100	8	308	51	8	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_payload_piped_to_script_interpreter.toml	55	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_new_system_kext_file_and_immediate_load_via_kextload.toml	59	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_shell_script_execution_from_abnormal_volume_mount_path.toml	49	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_execution_via_application_shell_script.toml	54	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_abnormal_auval_child_process_execution.toml	51	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_osascript_download_cradle_spawned.toml	44	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_user_keychain_access_in_unusual_location.toml	44	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_pbpaste_execution_via_unusual_parent.toml	37	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_network_file_unzipped_via_unsigned_or_untrusted_binary.toml	56	5	251	83	5	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_untrusted_or_unsigned_binary_executed_via_launch_service.toml	46	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_potential_privacy_control_bypass_via_localhost_secure_copy.toml	48	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_hidden_python_script_execution_via_nodejs.toml	58	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_execution_of_a_file_dropped_by_openssl.toml	53	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_unusual_launch_service_creation_via_unsigned_or_untrusted_binary.toml	50	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_possible_java_reverse_shell.toml	50	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_suspicious_image_creation_via_screencapture.toml	49	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_hidden_folder_or_file_access_in_tmp_via_python.toml	49	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_payload_delivery_via_curl_and_immediate_execution.toml	55	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_automator_application_execution.toml	45	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_suspicious_user_keychain_db_access_by_unsigned_binary.toml	42	3	280	83	3	1	2024-08-07	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_execution_of_hidden_file_from_the_shared_directory.toml	46	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_curl_from_volume_mount.toml	41	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_killall_execution_via_python.toml	32	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_clipboard_accessed_by_unsigned_or_untrusted_binary.toml	41	2	182	121	2	1	2024-11-13	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_elastic_endpoint_security_kernel_extension_unload.toml	51	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_temporary_binary_execution_via_osascript.toml	41	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_file_cloned_by_unsigned_or_untrusted_process.toml	36	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_discovery_result_written_to_a_suspicious_file_via_discovery_process.toml	54	4	113	15	4	1	2025-01-21	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_file_hidden_via_chflags.toml	39	2	113	71	2	1	2025-01-21	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_apple_script_execution.toml	46	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_dmg_file_creation_in_tmp_directory.toml	53	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/privilege_escalation_potential_code_injection_via_remote_thread.toml	41	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_dylib_load_from_temporary_directory.toml	51	3	238	83	3	1	2024-09-18	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_lone_binary_execution_from_volume_mount.toml	36	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_dscl_auth_validation.toml	55	5	251	83	5	1	2024-09-05	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_user_keychain_db_access_by_self_signed_binary.toml	51	3	308	71	3	1	2024-07-10	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/discovery_security_software_discovery_via_grep.toml	66	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_quarantine_attribute_removed_by_unsigned_or_unstrusted_process.toml	55	2	238	121	2	1	2024-09-18	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_potential_credentials_phishing_via_osascript.toml	54	7	308	83	7	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_script_or_process_execution_from_mounted_device.toml	67	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_potential_access_to_kerberos_cached_credentials.toml	41	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_user_keychain_copied_via_shell_interpreter.toml	44	3	265	83	3	1	2024-08-22	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_dylib_loaded_by_process_in_suspicious_location.toml	51	6	308	121	6	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_potential_python_reverse_shell.toml	57	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/collection_sensitive_file_access_followed_by_compression.toml	55	7	308	15	7	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_vscode_extension_child_process.toml	41	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_python_script_execution_and_network_connection.toml	55	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_initial_access_via_macos_installer_package.toml	202	4	308	121	5	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_finder_cache_file_modification.toml	38	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_code_editor_untrusted_or_unsigned_child_process_execution.toml	52	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_execution_of_javascript_payload_via_osascript.toml	45	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_persistence_via_a_masqueraded_plist_filename.toml	75	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_network_connection_to_oast_domain_via_package_service_or_script.toml	39	1	15	15	1	1	2025-04-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_curl_to_google_app_script_endpoint.toml	40	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_arbitrary_python_code_execution_via_nodejs.toml	39	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/persistence_unexpected_child_process_of_macos_screensaver_engine.toml	41	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_python_outbound_network_connection_over_ftp.toml	40	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_execution_of_self_signed_binary_from_volume_mount.toml	45	3	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_powershell_child_process.toml	42	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_web_browsers_password_access_via_command_line.toml	46	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_suspicious_executable_copied_from_volume_mount.toml	47	4	280	83	4	1	2024-08-07	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_unsigned_or_untrusted_binary_execution_via_xpc_call.toml	51	3	308	121	3	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_user_tcc_db_access_by_osascript.toml	52	3	280	83	3	1	2024-08-07	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/command_and_control_suspicious_curl_file_download_from_raw_ip.toml	45	1	71	71	1	1	2025-03-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_curl_download_and_execution_of_javascript_payload.toml	51	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_powershell_outbound_network_connection.toml	47	4	308	83	4	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_execution_via_electron_child_process_node.js_module.toml	55	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_suspicious_codesign_execution_via_osacompile.toml	44	6	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/execution_unsigned_or_untrusted_application_launch_via_xpc.toml	55	2	308	121	2	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/defense_evasion_base64_encoded_string_execution_via_osascript.toml	59	5	238	83	5	1	2024-09-18	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/macos/credential_access_crypto_wallet_or_web_browser_file_access_via_python.toml	65	1	51	51	1	1	2025-03-24	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_cron(d)_service_started_by_unusual_parent.toml	71	4	197	83	4	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_renice_or_ulimit_execution_from_unusual_parent.toml	51	4	197	15	4	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_netcat_reverse_shell_via_busybox.toml	72	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_binary_executed_from_shared_memory_directory.toml	42	2	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_file_creation_by_foomatic_rip_child.toml	51	3	197	83	3	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_system_v_init_(init.d)_executed_binary_from_unusual_location.toml	46	4	280	197	4	1	2024-08-07	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_masquerading_via__proc_self_exe.toml	36	1	99	99	1	1	2025-02-04	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_system_binary_preload_and_immediate_network_connection.toml	70	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_process_injection_via_dd.toml	54	2	223	83	2	1	2024-10-03	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/privilege_escalation_potential_privilege_escalation_via_cve_2023_4911.toml	37	1	238	238	1	1	2024-09-18	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_potential_multi_architecture_file_downloads.toml	56	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_at_utility_launched_through_udevadm.toml	62	2	280	223	2	1	2024-08-07	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_linux_payload_decoded_and_decrypted_via_built_in_utility.toml	84	3	99	15	3	1	2025-02-04	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_suspicious_execution_via_setsid_and_nohup.toml	50	2	280	223	2	1	2024-08-07	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_network_connection_by_foomatic_rip_child.toml	65	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/credential_access_manual_memory_password_searching_activity.toml	41	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/discovery_linux_external_ip_address_discovery_via_curl.toml	62	6	238	15	6	1	2024-09-18	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_execution_of_in_memory_file_via_interactive_session.toml	63	7	308	51	8	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_foomatic_rip_shell_execution.toml	51	3	197	83	3	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_network_activity_detected_via_cat.toml	52	3	308	99	3	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_shell_via_networkmanager_dispatcher_script.toml	51	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_base64_or_xxd_decode_argument_evasion.toml	66	2	223	83	2	1	2024-10-03	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_reverse_shell_via_networkmanager_dispatcher_script.toml	64	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_chattr_execution_with_unusual_target_file.toml	71	8	223	83	8	1	2024-10-03	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_suspicious_command_execution_via_busybox_proxy.toml	73	1	99	99	1	1	2025-02-04	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_curl_socks_proxy_activity_from_unusual_parent.toml	50	2	99	51	2	1	2025-02-04	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_potential_linux_reverse_shell_via_java.toml	81	2	308	99	2	1	2024-07-10	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_scheduled_task_unusual_command_execution.toml	115	6	308	15	6	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/impact_potential_mining_pool_command_detection.toml	73	3	197	83	3	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_python_network_connection_followed_by_file_creation.toml	86	6	197	15	6	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_php.toml	68	4	197	51	4	1	2024-10-29	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_suspicious_download_and_redirect_by_web_server.toml	92	3	197	99	3	1	2024-10-29	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_egress_network_connection_from_deleted_executable.toml	60	5	99	15	5	1	2025-02-04	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_linux_shared_object_load_via_ssh_keygen.toml	39	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_defense_evasion_via_hidepid_mount.toml	52	2	223	83	2	1	2024-10-03	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_hidden_executable_initiated_egress_network_connection.toml	49	1	238	238	1	1	2024-09-18	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_systemd_execution_followed_by_network_connection.toml	113	10	238	15	10	1	2024-09-18	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/privilege_escalation_potential_sudo_privilege_escalation_via_cve_2019_14287.toml	34	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_potential_web_server_directory_traversal.toml	82	1	99	99	1	1	2025-02-04	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_file_downloaded_to_suspicious_location_by_web_server.toml	90	2	113	15	2	1	2025-01-21	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_process_masquerading_via_exec.toml	68	6	197	15	6	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/privilege_escalation_cve_2023_0386_exploitation_attempt.toml	41	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_shared_object_file_creation_and_immediate_preload.toml	77	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_suspicious_echo_execution.toml	165	10	223	15	10	1	2024-10-03	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_apt_package_manager_egress_network_connection.toml	90	3	280	15	3	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_bind_shell_via_node.toml	51	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_base64_shebang_payload_decoded_via_built_in_utility.toml	81	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_script_executed_through_unusual_parent_process.toml	56	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_pidstat.toml	51	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_printer_user_(lp)_shell_execution.toml	53	3	197	83	3	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_sysctl.toml	51	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_potential_linux_hack_tool_launched.toml	44	5	308	121	5	1	2024-07-10	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_egress_network_connection_from_default_dpkg_directory.toml	96	7	280	15	7	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/impact_potential_coin_miner_execution_via_shell.toml	68	4	99	15	4	1	2025-02-04	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_sed.toml	55	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_reverse_or_bind_shell_via_suspicious_utility.toml	58	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_file_downloaded_via_curl_or_wget_to_hidden_directory.toml	63	5	197	15	5	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/privilege_escalation_potential_privilege_escalation_via_overlayfs.toml	39	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_process_path_symbolic_link_manipulation.toml	37	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_bind_shell_via_netcat_traditional.toml	53	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_suspicious_file_creation_via_web_server.toml	94	2	113	15	2	1	2025-01-21	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_potential_gsocket_activity.toml	58	4	197	83	4	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_linux_file_made_executable_by_suspicious_parent.toml	46	3	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_suspicious_execution_from_foomatic_rip_or_cupsd_parent.toml	68	5	197	15	5	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_network_connection_followed_by_file_creation.toml	83	3	238	99	3	1	2024-09-18	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_system_binary_proxy_execution_via_ld.so.toml	55	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_linux_compilation_in_suspicious_directory.toml	40	1	238	238	1	1	2024-09-18	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_proxy_shell_execution_via_busybox.toml	54	2	238	121	2	1	2024-09-18	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_systemd_run.toml	70	7	197	15	7	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_suspicious_base64_string_command_line.toml	94	3	99	51	3	1	2025-02-04	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_interactive_shell_spawned_via_hidden_process.toml	50	1	121	121	1	1	2025-01-13	2025-01-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/credential_access_potential_linux_credential_dumping_via_unshadow.toml	39	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_suspicious_mining_process_events.toml	46	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_powershell_suspicious_child_process.toml	43	2	265	15	2	1	2024-08-22	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_shell_command_execution_via_kworker.toml	55	4	308	197	4	1	2024-07-10	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_hidden_process_execution_followed_by_network_connection.toml	48	5	308	51	5	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_suspicious_process_spawned_from_motd_detected.toml	64	4	308	223	5	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_process_masquerading_as_kernel_process.toml	57	3	197	15	3	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_global_dynamic_linker_file_copied.toml	73	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_unusual_execution_from__dev_parent.toml	47	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_scheduled_job_executing_binary_in_unusual_location.toml	91	4	280	15	4	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/credential_access_potential_linux_credential_dumping_via_proc_filesystem.toml	44	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_udev_execution_followed_by_egress_network_connection.toml	86	7	280	15	7	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_suspicious_execution_via_a_hidden_process.toml	63	2	280	223	2	1	2024-08-07	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_unusual_command_executed_by_web_server.toml	119	7	113	6	7	1	2025-01-21	2025-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_python_network_connection_followed_by_command_execution.toml	91	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_suspicious_d_bus_method_call.toml	55	1	99	99	1	1	2025-02-04	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_crash.toml	52	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_egress_network_connection_by_motd_child.toml	80	2	280	223	2	1	2024-08-07	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_shell_execution_of_non_executable_file.toml	52	3	308	238	3	1	2024-07-10	2024-09-18	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_egress_network_connection_followed_by_command_execution.toml	83	4	238	15	4	1	2024-09-18	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/impact_potential_coin_miner_execution.toml	72	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_reverse_shell_via_setsid_and_nohup.toml	60	2	280	223	2	1	2024-08-07	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_hidden_folder_or_file_execution_via_python.toml	43	4	308	15	4	1	2024-07-10	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_reverse_shell_via_suspicious_utility.toml	79	5	308	83	6	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/privilege_escalation_privilege_escalation_via_pkexec_exploitation.toml	40	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_reverse_shell_via_netcat.toml	60	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_network_connection_through_shell_profile.toml	89	12	280	15	12	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_egress_connection_by_a_yum_package_manager_descendant.toml	81	4	280	15	4	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/initial_access_remote_code_execution_via_confluence_ognl_injection.toml	41	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_shared_object_load_via_lolbin.toml	71	4	197	15	4	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_reverse_shell_via_child.toml	53	3	308	223	3	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_defense_evasion_via_bind_mount.toml	48	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_user_discovery_command_execution_from_shared_memory.toml	47	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_decode_activity_via_web_server.toml	108	4	113	15	4	1	2025-01-21	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_reverse_shell.toml	60	4	308	223	4	1	2024-07-10	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_hidden_payload_executed_via_scheduled_job.toml	121	12	280	15	12	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_split.toml	51	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_background_process_execution_via_shell.toml	42	3	308	51	3	1	2024-07-10	2025-03-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_run_parts.toml	75	1	197	197	1	1	2024-10-29	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/command_and_control_potential_vsingle_malware_infection.toml	36	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_linux_backdoor_network_access_via_unusual_process.toml	57	5	308	83	5	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_apt_package_manager_command_execution.toml	93	6	280	15	6	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_auditctl_disabled_via_shell_process.toml	41	2	99	83	2	1	2025-02-04	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_egress_network_connection_from_rpm_package.toml	99	5	280	15	5	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_timestomping_detected_via_touch.toml	68	5	99	15	5	1	2025-02-04	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_nologin_ssh_backdoor.toml	40	1	113	113	1	1	2025-01-21	2025-01-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_suspicious_message_of_the_day_execution.toml	68	3	280	223	3	1	2024-08-07	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_file_downloaded_and_piped_to_interpreter_by_web_server.toml	80	2	197	167	2	1	2024-10-29	2024-11-28	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/lateral_movement_potential_ssh_it_ssh_worm_downloaded.toml	48	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_bind_shell_via_socket.toml	51	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_network_activity_from_in_memory_file.toml	67	2	308	83	3	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_motd_execution_followed_by_egress_network_connection.toml	90	6	280	15	6	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_shared_object_injection_via_process_environment_variable.toml	114	6	197	15	6	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_chattr_execution_from_unusual_parent.toml	45	4	238	154	4	1	2024-09-18	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/credential_access_linux_init_(pid_1)_secret_dump_via_gdb.toml	38	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_potential_reverse_shell_via_named_pipe.toml	84	2	99	71	2	1	2025-02-04	2025-03-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_potential_proxy_execution_via_tcpdump.toml	53	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_curl_or_wget_egress_network_connection_via_lolbin.toml	108	5	197	83	5	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_egress_connection_by_a_dnf_package_manager_descendant.toml	92	6	280	15	6	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_file_downloaded_from_suspicious_source_by_web_server.toml	82	2	197	154	2	1	2024-10-29	2024-12-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_reverse_shell_executed_via_web_server.toml	91	1	197	197	1	1	2024-10-29	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/privilege_escalation_privilege_escalation_via_polkit_system_service.toml	49	2	308	83	2	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/privilege_escalation_potential_privilege_escalation_via_fuse_binary.toml	38	1	308	308	1	1	2024-07-10	2024-07-10	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_powershell_encoded_command.toml	48	7	308	83	7	1	2024-07-10	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_suspicious_child_process_execution_via_interactive_shell.toml	57	5	280	99	5	1	2024-08-07	2025-02-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_linux_base64_descendant_egress_network_connection.toml	82	2	223	15	2	1	2024-10-03	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/defense_evasion_linux_hidden_file_mounted.toml	50	2	308	289	2	1	2024-07-10	2024-07-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/impact_msr_write_access_enabled.toml	53	2	197	83	2	1	2024-10-29	2025-02-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_binary_execution_from_unusual_location_through_shell_profile.toml	62	3	280	223	3	1	2024-08-07	2024-10-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/persistence_system_v_init_(init.d)_egress_network_connection.toml	66	4	280	15	4	1	2024-08-07	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
behavior/rules/linux/execution_linux_powershell_egress_network_connection.toml	81	6	197	15	6	1	2024-10-29	2025-04-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
ransomware/artifact.lua	3044	1	818	818	1	1	2023-02-16	2023-02-16	88641171+ayfaouzi@users.noreply.github.com	88641171+ayfaouzi@users.noreply.github.com
ransomware/testing/mock_ransomware.py	61	4	296	283	5	2	2024-07-22	2024-08-04	mark.mager@elastic.co	mark.mager@elastic.co
ransomware/testing/mock_ransomware.ps1	78	2	296	294	2	2	2024-07-22	2024-07-24	mark.mager@elastic.co	42077975+magermark@users.noreply.github.com
yara/rules/Windows_Trojan_RudeBird.yar	19	2	701	460	2	1	2023-06-13	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Abrox.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Backdoor_Tinyshell.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sshdkit.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Babuk.yar	20	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Backdoor_Fakeflashlxk.yar	21	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Rbot.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_FinalDraft.yar	28	1	98	98	1	1	2025-02-05	2025-02-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Shellcode_Rdi.yar	58	3	672	92	3	1	2023-07-12	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Downloader_Generic.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_AttackSimulation_Blindspot.yar	18	2	1002	968	2	1	2022-08-16	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Babylonrat.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SysJoker.yar	47	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Monti.yar	22	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Virus_Vsearch.yar	36	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Gozi.yar	59	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PlugX.yar	71	3	597	92	3	1	2023-09-25	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2016_5195.yar	304	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Dridex.yar	39	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Hacktool_Stowaway.yar	27	1	288	288	1	1	2024-07-30	2024-07-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_ProcExp.yar	21	3	968	895	3	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Eggshell.yar	23	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Pumakit.yar	30	1	153	153	1	1	2024-12-12	2024-12-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Dharma.yar	83	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Local.yar	228	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DownTown.yar	43	3	701	460	3	1	2023-06-13	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Godlua.yar	18	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Vmdrv.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Vhd.yar	22	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_LimpDemon.yar	22	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Nighthawk.yar	72	2	688	672	2	1	2023-06-26	2023-07-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2018_10561.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Fickerstealer.yar	39	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Getshell.yar	19	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Trojan_Coreimpact.yar	23	1	958	958	1	1	2022-09-29	2022-09-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Parallax.yar	54	2	958	460	2	1	2022-09-29	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DBatLoader.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SadBridge.yar	19	1	156	156	1	1	2024-12-09	2024-12-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Melofee.yar	27	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_VBox.yar	41	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Hellokitty.yar	21	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_ModPipe.yar	21	1	597	597	1	1	2023-09-25	2023-09-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Sythe.yar	22	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_ArkeiStealer.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Clop.yar	89	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DarkVNC.yar	23	1	833	833	1	1	2023-02-01	2023-02-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Iox.yar	23	1	471	471	1	1	2024-01-29	2024-01-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Swrort.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Pornoasset.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_ChromeKatz.yar	28	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Marut.yar	18	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_FlawedGrace.yar	23	1	558	558	1	1	2023-11-03	2023-11-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_PowerProfiler.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Wiper_CaddyWiper.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Mumblehard.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_BITSloth.yar	27	1	288	288	1	1	2024-07-30	2024-07-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Wiper_DoubleZero.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpWMI.yar	27	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_PUP_Veriato.yar	21	1	958	958	1	1	2022-09-29	2022-09-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Backdoor_Generic.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Roopre.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_RingQ.yar	25	1	288	288	1	1	2024-07-30	2024-07-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Deimos.yar	43	3	1020	460	3	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2021_3156.yar	44	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_RentDrv.yar	20	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Infostealer_Generic.yar	23	1	202	202	1	1	2024-10-24	2024-10-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_Perfusion.yar	22	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Xmrig.yar	225	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2017_100011.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_BlackHunt.yar	25	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Maze.yar	91	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_RtCore.yar	20	2	968	92	2	1	2022-09-19	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Dcsyncer.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_EchoRaix.yar	39	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Blister.yar	106	6	1020	202	6	2	2022-07-29	2024-10-24	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_WhisperGate.yar	42	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Packer_Patched_UPX.yar	20	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Ramen.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Mata.yar	19	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_Eternalblue.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Behinder.yar	22	2	701	460	2	1	2023-06-13	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_DinvokeRust.yar	24	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_SugarLoader.yar	23	1	568	568	1	1	2023-10-24	2023-10-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_ServHelper.yar	39	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_GuidLoader.yar	23	1	91	91	1	1	2025-02-12	2025-02-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PikaBot.yar	100	3	695	447	3	1	2023-06-19	2024-02-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_MicroStar.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Stealc.yar	68	2	419	316	2	1	2024-03-21	2024-07-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpStay.yar	23	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Uwamson.yar	76	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_IcedID.yar	357	9	1020	460	9	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Ransomware_Akira.yar	19	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_STRRAT.yar	20	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_EagerBee.yar	44	3	701	460	3	1	2023-06-13	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PizzaPotion.yar	24	1	597	597	1	1	2023-09-25	2023-09-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_ShelbyLoader.yar	25	1	41	41	1	1	2025-04-03	2025-04-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Carberp.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Backdoor_Python.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Pony.yar	25	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Wiper_IsaacWiper.yar	24	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SomniRecord.yar	29	2	786	460	2	1	2023-03-20	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Backdoor_TeamViewer.yar	25	1	876	876	1	1	2022-12-20	2022-12-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sdbot.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Doppelpaymer.yar	61	3	1020	835	3	2	2022-07-29	2023-01-30	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_RemoteAdmin_UltraVNC.yar	25	1	751	751	1	1	2023-04-24	2023-04-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Formbook.yar	65	4	1020	460	4	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_LigoloNG.yar	21	1	191	191	1	1	2024-11-04	2024-11-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_CpuLocker.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Dnsamp.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Moogrey.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_MassLogger.yar	24	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Clop.yar	22	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Bumblebee.yar	45	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Crytox.yar	19	1	460	460	1	1	2024-02-09	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Nanocore.yar	29	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2017_16995.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Ransomexx.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Mech.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Zam.yar	41	2	968	225	2	1	2022-09-19	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_SFile.yar	20	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Rootkit_AbyssWorker.yar	23	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_CheatEngine.yar	20	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Kronos.yar	27	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_ToshibaBios.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Malxmr.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_HiddenWasp.yar	34	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Xhide.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Virus_Pirrit.yar	19	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Havoc.yar	104	4	714	371	4	1	2023-05-31	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Agent64.yar	25	1	488	488	1	1	2024-01-12	2024-01-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_MtcBsv.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Generic_MalCert.yar	2224	3	92	41	3	1	2025-02-11	2025-04-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_WinFlash.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Blackmatter.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Iqvw.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpUp.yar	25	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Kovid.yar	47	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Squirrelwaffle.yar	41	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Fplayer.yar	19	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Bedevil.yar	29	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Backconnect.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Pandora.yar	21	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Zloader.yar	76	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Hacktool_Gsocket.yar	32	1	191	191	1	1	2024-11-04	2024-11-04	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2009_1897.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Segwin.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Badbee.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sqlexp.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Creddump_KeychainAccess.yar	25	2	385	265	2	1	2024-04-24	2024-08-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Lumma.yar	59	3	336	163	3	1	2024-06-12	2024-12-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Cleanlog.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Azeela.yar	20	3	1020	170	3	2	2022-07-29	2024-11-25	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Mechbot.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Haron.yar	40	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_IoBitUnlocker.yar	25	1	488	488	1	1	2024-01-12	2024-01-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_EDRWFP.yar	22	1	316	316	1	1	2024-07-02	2024-07-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Rtkio.yar	80	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Conti.yar	41	2	910	456	2	1	2022-11-16	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Flystudio.yar	37	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Backdoor_Goldbackdoor.yar	50	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_KandyKorn.yar	29	2	568	385	2	1	2023-10-24	2024-04-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_FalseFont.yar	26	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Ddostf.yar	94	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Cpuz.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Infostealer_MdQueryToken.yar	19	1	265	265	1	1	2024-08-22	2024-08-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_ShelbyC2.yar	23	1	41	41	1	1	2025-04-03	2025-04-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Amifldrv.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_GlckIo.yar	38	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Stak.yar	94	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Biostar.yar	82	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Ircbot.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Springtail.yar	24	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_XZBackdoor.yar	23	2	409	336	2	1	2024-03-31	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SourShark.yar	40	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Ebury.yar	18	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Lurker.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Metasploit.yar	355	5	1020	488	5	2	2022-07-29	2024-01-12	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Amadey.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Masan.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Backdoor_DragonCastling.yar	27	1	876	876	1	1	2022-12-20	2022-12-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DoubleBack.yar	31	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_HotPage.yar	25	1	288	288	1	1	2024-07-30	2024-07-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Virus_Thebe.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Hacktool_Bifrost.yar	27	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Fidpci.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_NoEscape.yar	21	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Thiefquest.yar	117	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Prochide.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_COFFLoader.yar	43	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_TwistedTinsel.yar	20	1	488	488	1	1	2024-01-12	2024-01-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Roboto.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Hacktool_Swiftbelt.yar	44	3	1020	385	3	2	2022-07-29	2024-04-24	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_AveMaria.yar	31	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Shellbot.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_HrSword.yar	20	2	701	225	2	1	2023-06-13	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Generic_Threat.yar	19	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Donutloader.yar	56	4	1020	460	4	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Metasploit.yar	261	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Virus_Rst.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Electrorat.yar	22	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_BlackShades.yar	45	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SystemBC.yar	48	3	1020	371	3	2	2022-07-29	2024-05-08	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DarkCloud.yar	20	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_ATSZIO.yar	20	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Fileseclab.yar	24	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Darkcomet.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Wiper_HermeticWiper.yar	25	3	1020	460	3	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Dakkatoni.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Trojan_Mythic.yar	87	2	597	265	2	1	2023-09-25	2024-08-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Rhadamanthys.yar	132	5	751	41	5	1	2023-04-24	2025-04-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Generic.yar	855	4	1020	191	4	2	2022-07-29	2024-11-04	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Babble.yar	20	1	163	163	1	1	2024-12-02	2024-12-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PrivateLoader.yar	22	1	833	833	1	1	2023-02-01	2023-02-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Kinsing.yar	75	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Infostealer_Strela.yar	25	2	371	225	2	1	2024-05-08	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Lotoor.yar	304	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Zpevdo.yar	18	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Asrock.yar	60	4	968	488	4	1	2022-09-19	2024-01-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Diceloader.yar	45	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Azorult.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Revengerat.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Hawkeye.yar	47	3	1020	751	3	2	2022-07-29	2023-04-24	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_BlackBasta.yar	27	2	1002	968	2	1	2022-08-16	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_HijackLoader.yar	24	1	488	488	1	1	2024-01-12	2024-01-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Patpooty.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Psybnc.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Bulz.yar	36	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_AttackSimulation_Hovercraft.yar	20	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_XTier.yar	84	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Agenda.yar	22	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_BloodAlchemy.yar	102	3	594	460	3	1	2023-09-28	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Egregor.yar	47	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Erebus.yar	21	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Pandastealer.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_HpPortIo.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Foda.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_FidDrv.yar	23	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Raccoon.yar	61	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Backdoor_Keyboardrecord.yar	23	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Truncpx.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_ShadowPad.yar	47	2	833	460	2	1	2023-02-01	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_AsIo.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DCRat.yar	24	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Backdoor_Fontonlake.yar	29	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Shark.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Cuba.yar	43	3	1020	460	3	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Guloader.yar	68	4	1020	460	4	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_WarmCookie.yar	56	3	371	225	3	1	2024-05-08	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Proxy_Frp.yar	28	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Quasarrat.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sfloost.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Gafgyt.yar	1392	4	1020	336	4	2	2022-07-29	2024-06-12	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Virus_Gmon.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Ursu.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_HLoader.yar	21	1	568	568	1	1	2023-10-24	2023-10-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Lokibot.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Setag.yar	37	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_Generic.yar	85	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2009_2908.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Subsevux.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Hive.yar	63	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Infostealer_MdQueryTCC.yar	19	1	265	265	1	1	2024-08-22	2024-08-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Loudminer.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Earthworm.yar	57	4	1020	98	4	2	2022-07-29	2025-02-05	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SolarMarker.yar	41	2	488	336	2	1	2024-01-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Ngioweb.yar	170	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Nuker.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpHound.yar	23	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Exploitscan.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Lockbit.yar	45	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Snapekit.yar	56	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_P8Loader.yar	26	2	714	460	2	1	2023-05-31	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_MicroBackdoor.yar	43	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Seatbelt.yar	26	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Gvci.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_WikiLoader.yar	38	1	460	460	1	1	2024-02-09	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_CobaltStrike.yar	1041	5	1020	645	5	2	2022-07-29	2023-08-08	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_AskCreds.yar	20	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Capcom.yar	20	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Perl.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Cornelgen.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Godropper.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpChromium.yar	23	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Conti.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Backoff.yar	23	1	958	958	1	1	2022-09-29	2022-09-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SafetyKatz.yar	23	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Generic.yar	328	5	1020	191	5	2	2022-07-29	2024-11-04	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Infostealer_MdQueryPassw.yar	19	1	265	265	1	1	2024-08-22	2024-08-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_RedAlert.yar	23	2	1002	968	2	1	2022-08-16	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Generic.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Bitpaymer.yar	47	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Snessik.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Esxiargs.yar	23	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_MsIo.yar	38	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Ganiw.yar	37	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Generic.yar	19	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_MagicRat.yar	26	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_RedLineStealer.yar	200	8	1020	371	8	2	2022-07-29	2024-05-08	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Limerat.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_WineLoader.yar	21	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Macos_Infostealer_Wallets.yar	111	1	261	261	1	1	2024-08-26	2024-08-26	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DreamJob.yar	25	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Ccminer.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2021_3490.yar	30	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DiamondFox.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Aduh.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Camelot.yar	282	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Metasploit.yar	425	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Stop.yar	20	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Hacktool_Rakshasa.yar	24	1	471	471	1	1	2024-01-29	2024-01-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_ExecuteAssembly.yar	20	1	751	751	1	1	2023-04-24	2023-04-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Pgminer.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_GhostEngine.yar	26	1	365	365	1	1	2024-05-14	2024-05-14	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_ClrOxide.yar	25	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Connectback.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Njrat.yar	43	3	1020	701	3	2	2022-07-29	2023-06-13	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Hive.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Xpertrat.yar	21	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_NukeSped.yar	24	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Shellcode_Generic.yar	54	4	1020	701	4	2	2022-07-29	2023-06-13	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Akira.yar	24	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_BrokePKG.yar	38	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Infostealer_PhemedroneStealer.yar	30	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Nightsky.yar	41	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Ipstorm.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Trojan_Gosar.yar	25	1	156	156	1	1	2024-12-09	2024-12-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_GDrv.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_BlackSuit.yar	21	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Grief.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Pingpull.yar	25	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Worm_Generic.yar	76	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Arkd.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Dropperl.yar	133	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_PUP_Generic.yar	20	1	597	597	1	1	2023-09-25	2023-09-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Mirai.yar	1862	6	1020	336	6	2	2022-07-29	2024-06-12	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_DirectIo.yar	40	2	968	225	2	1	2022-09-19	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Wipelog.yar	29	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Adore.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Ksmdbot.yar	23	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Agenda.yar	22	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SVCReady.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Lala.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Rootkit_R77.yar	136	4	1020	460	4	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_PhysMem.yar	39	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sckit.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Bluez.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Danabot.yar	26	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_ElRawDisk.yar	19	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Infostealer_MdQuerySecret.yar	19	1	265	265	1	1	2024-08-22	2024-08-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Adlibrary.yar	19	2	1020	910	2	2	2022-07-29	2022-11-16	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Bscope.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Ransomware_BlackCat.yar	129	6	1002	265	6	1	2022-08-16	2024-08-22	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Courier.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Cryptbot.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Mhyprot.yar	22	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DTrack.yar	27	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_CCProtect.yar	21	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Log4j.yar	25	3	1020	456	3	2	2022-07-29	2024-02-13	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Fontonlake.yar	30	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Sliver.yar	59	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_HazelCobra.yar	22	1	560	560	1	1	2023-11-01	2023-11-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Mespinoza.yar	21	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_BlackBone.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpRDP.yar	23	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Minertr.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Virus_Maxofferdeal.yar	76	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Ragnarok.yar	92	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Intfour.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Generic.yar	177	2	170	153	2	1	2024-11-25	2024-12-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Bitrat.yar	42	3	1020	958	3	2	2022-07-29	2022-09-29	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_XtremeRAT.yar	28	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Sandra.yar	41	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Ryuk.yar	152	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_EDRrecon.yar	114	1	316	316	1	1	2024-07-02	2024-07-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Quantum.yar	20	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Grandoreiro.yar	23	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Azov.yar	23	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Generic_Threat.yar	3502	8	488	41	8	1	2024-01-12	2025-04-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Speedfan.yar	20	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sysrv.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpMove.yar	23	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_BPFDoor.yar	169	4	1020	456	4	2	2022-07-29	2024-02-13	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Wuftpd.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Criscras.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_EICAR.yar	18	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Race.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Perfctl.yar	23	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Elby.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Webshell_Generic.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2012_0056.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_MyloBot.yar	25	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Lobshot.yar	30	2	751	460	2	1	2023-04-24	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Genieo.yar	76	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Maui.yar	29	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Cryptominer_Xmrig.yar	25	1	68	68	1	1	2025-03-07	2025-03-07	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Torii.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Sorso.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Virus_Floxif.yar	19	1	558	558	1	1	2023-11-03	2023-11-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Vmsplice.yar	95	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Suterusu.yar	60	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Snowlight.yar	20	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Xeno.yar	44	2	202	163	2	1	2024-10-24	2024-12-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharPersist.yar	23	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Fabookie.yar	20	1	672	672	1	1	2023-07-12	2023-07-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Merlin.yar	57	3	1020	910	3	2	2022-07-29	2022-11-16	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Fontonlake.yar	26	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_StumpZarus.yar	24	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Remcos.yar	48	4	1020	460	4	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_NetFilter.yar	76	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Attribute.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2016_4557.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Cerbu.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DoubleLoader.yar	27	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_FakePipe.yar	22	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_WannaCry.yar	26	1	958	958	1	1	2022-09-29	2022-09-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Hacktool_SuperShell.yar	22	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Blackwood.yar	26	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Hancitor.yar	21	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_GodPotato.yar	28	1	316	316	1	1	2024-07-02	2024-07-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Octopus.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Merlin.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Beam.yar	41	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Miancha.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Snake.yar	45	4	1020	98	4	2	2022-07-29	2025-02-05	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Medusa.yar	24	1	92	92	1	1	2025-02-11	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Afdk.yar	40	1	488	488	1	1	2024-01-12	2024-01-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Meterpreter.yar	73	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpDump.yar	23	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Makop.yar	43	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Hiddad.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Zerobot.yar	50	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_RustBucket.yar	22	2	685	385	2	1	2023-06-29	2024-04-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Zeus.yar	25	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Backegmm.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Generic_Threat.yar	1174	2	456	336	2	1	2024-02-13	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Tofsee.yar	20	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Asacub.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Clipbanker.yar	84	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_GandCrab.yar	21	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_ThreatFire.yar	20	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Gh0st.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Magniber.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Gmer.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Qbot.yar	132	5	1020	447	5	2	2022-07-29	2024-02-22	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Darkside.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_MetaStealer.yar	55	2	371	197	2	1	2024-05-08	2024-10-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Bazar.yar	76	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Macos_Infostealer_EncodedOsascript.yar	21	1	261	261	1	1	2024-08-26	2024-08-26	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DarkGate.yar	41	2	488	460	2	1	2024-01-12	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Ransomware_Luna.yar	27	3	1002	456	3	1	2022-08-16	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Trickbot.yar	937	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_DinodasRAT.yar	24	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Ladvix.yar	75	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Virus_Expiro.yar	20	1	558	558	1	1	2023-11-03	2023-11-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SiestaGraph.yar	77	3	881	460	3	1	2022-12-15	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SnakeKeylogger.yar	32	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Dirtycow.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Orbit.yar	40	2	1002	968	2	1	2022-08-16	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Akira.yar	41	2	456	170	2	1	2024-02-13	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Packer_ScrubCrypt.yar	20	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Outlaw.yar	84	1	68	68	1	1	2025-03-07	2025-03-07	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Chinaz.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Viragt.yar	42	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpGPOAbuse.yar	26	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_RpcJunction.yar	21	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Adload.yar	57	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_PowerTool.yar	20	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_WinPEAS_ng.yar	340	1	833	833	1	1	2023-02-01	2023-02-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Cryptominer_Generic.yar	38	3	1020	336	3	2	2022-07-29	2024-06-12	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sshdoor.yar	133	4	1020	191	4	2	2022-07-29	2024-11-04	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Xpmmap.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Tsunami.yar	512	3	1020	336	3	2	2022-07-29	2024-06-12	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Shellcode_Generic.yar	152	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Rozena.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_EchoDrv.yar	19	1	558	558	1	1	2023-11-03	2023-11-03	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Trojan_Merlin.yar	28	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Revcoderat.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Trojan_FinalDraft.yar	46	1	98	98	1	1	2025-02-05	2025-02-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_BlackBasta.yar	25	2	1002	968	2	1	2022-08-16	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SuddenIcon.yar	94	3	776	92	4	1	2023-03-30	2025-02-11	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpView.yar	34	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PathLoader.yar	22	1	98	98	1	1	2025-02-05	2025-02-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpLAPS.yar	26	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Bedevil.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_EneIo.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Sodinokibi.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Smokeloader.yar	139	5	1020	225	5	2	2022-07-29	2024-10-01	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Mobidash.yar	243	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Lockfile.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Rotajakiro.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PipeDance.yar	27	2	811	460	2	1	2023-02-23	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_NapListener.yar	45	1	786	786	1	1	2023-03-20	2023-03-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_CVE_2022_38028.yar	19	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_CaesarKbd.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Nimplant.yar	21	1	672	672	1	1	2023-07-12	2023-07-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Rook.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Dofloo.yar	57	3	1020	910	3	2	2022-07-29	2022-11-16	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Openssl.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Flooder.yar	607	4	1020	569	4	2	2022-07-29	2023-10-23	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_DBUtil.yar	38	3	968	688	3	1	2022-09-19	2023-06-26	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Helloxd.yar	26	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SleepObfLoader.yar	22	1	471	471	1	1	2024-01-29	2024-01-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_RoyalPest.yar	22	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_DarkLoadLibrary.yar	29	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_Gonnacry.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Cryptominer_Xmrig.yar	22	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Asyncrat.yar	24	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_MarvinHW.yar	22	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_Log4j.yar	24	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Getshell.yar	76	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_RWEverything.yar	20	1	645	645	1	1	2023-08-08	2023-08-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Jynx.yar	29	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_CyberGate.yar	62	3	1020	701	3	2	2022-07-29	2023-06-13	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DustyWarehouse.yar	42	2	558	336	2	1	2023-11-03	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DodgeBox.yar	23	1	288	288	1	1	2024-07-30	2024-07-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Mountlocker.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Bughatch.yar	50	3	1020	460	3	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Cicada3301.yar	23	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Reptile.yar	115	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Melofee.yar	24	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2010_3301.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Bish.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Pnscan.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PoshC2.yar	26	1	751	751	1	1	2023-04-24	2023-04-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Kaiji.yar	76	3	1020	910	3	2	2022-07-29	2022-11-16	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_WhisperGate.yar	24	3	1020	460	3	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Exploit_Log4j.yar	24	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_FinalDraft.yar	33	1	98	98	1	1	2025-02-05	2025-02-05	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Iroffer.yar	95	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_ProtectS.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Portscan.yar	76	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_SpectralViper.yar	52	2	714	460	2	1	2023-05-31	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Alie.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Generic.yar	316	8	1020	419	8	2	2022-07-29	2024-03-21	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Royal.yar	22	1	876	876	1	1	2022-12-20	2022-12-20	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Tcpscan.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2019_13272.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_JesterStealer.yar	44	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_ProcId.yar	19	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_AgentTesla.yar	144	5	1020	460	5	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Avoslocker.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Netwire.yar	87	4	1020	460	4	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Certify.yar	27	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Ransomware_RansomHub.yar	26	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Enoket.yar	114	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Aobokeylogger.yar	19	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Matanbuchus.yar	60	3	1020	83	3	2	2022-07-29	2025-02-20	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Lha.yar	20	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Backdoor_Useragent.yar	23	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Xpaj.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Trojan_SparkRat.yar	21	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Clickfraud_LuckySlots.yar	25	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Atillk.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Zexaf.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Mimikatz.yar	170	4	1020	701	4	2	2022-07-29	2023-06-13	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_BruteRatel.yar	198	7	1020	371	7	2	2022-07-29	2024-05-08	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Sambashell.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Phoreal.yar	23	3	1020	460	3	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Farfli.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Cryptominer_Generic.yar	59	3	1020	385	3	2	2022-07-29	2024-04-24	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_XWorm.yar	68	1	202	202	1	1	2024-10-24	2024-10-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Bruteforce.yar	57	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_ProcessHacker.yar	19	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Amcleaner.yar	57	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2009_2698.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_OnlyLogger.yar	45	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Backdoor_Applejeus.yar	19	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_ArPot.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Gognt.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Virus_Staffcounter.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Rubeus.yar	27	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Lady.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_OskiStealer.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_LLAccess.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Backdoor_Bash.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_Dcom.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Xmrminer.yar	226	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Lightning.yar	70	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Casdet.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_WinDivert.yar	19	1	316	316	1	1	2024-07-02	2024-07-02	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_LeiGod.yar	38	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Sodinokibi.yar	89	3	1020	460	3	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpSCCM.yar	31	1	371	371	1	1	2024-05-08	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_ItsSoEasy.yar	20	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Xorddos.yar	453	4	1020	191	4	2	2022-07-29	2024-11-04	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Winnti.yar	76	3	1020	895	3	2	2022-07-29	2022-12-01	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Rootkit_Diamorphine.yar	53	1	170	170	1	1	2024-11-25	2024-11-25	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DoorMe.yar	25	2	881	460	2	1	2022-12-15	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_PowerSeal.yar	43	4	751	460	4	1	2023-04-24	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Exploit_IoRing.yar	22	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2014_3153.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Virus_Neshta.yar	20	1	460	460	1	1	2024-02-09	2024-02-09	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpAppLocker.yar	22	1	835	835	1	1	2023-01-30	2023-01-30	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Emotet.yar	160	4	1020	460	4	2	2022-07-29	2024-02-09	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Trojan_Sliver.yar	86	3	968	568	3	1	2022-09-19	2023-10-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Backdoor_Kagent.yar	25	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_Ryzen.yar	42	3	968	701	3	1	2022-09-19	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Jupyter.yar	22	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_PUP_MediaArena.yar	25	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_M0yv.yar	21	1	701	701	1	1	2023-06-13	2023-06-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Banload.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Presenoker.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Hellokitty.yar	78	3	1020	835	3	2	2022-07-29	2023-01-30	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_RaspberryRobin.yar	19	1	488	488	1	1	2024-01-12	2024-01-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_WinIo.yar	38	1	968	968	1	1	2022-09-19	2022-09-19	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2021_4034.yar	20	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Garble.yar	19	1	958	958	1	1	2022-09-29	2022-09-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Macos_Hacktool_JokerSpy.yar	25	2	694	385	2	1	2023-06-20	2024-04-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_BSMI.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_Phant0m.yar	24	1	419	419	1	1	2024-03-21	2024-03-21	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/MacOS_Trojan_Bundlore.yar	209	2	1020	908	2	2	2022-07-29	2022-11-18	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Rooter.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_IOUring.yar	21	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Glupteba.yar	43	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_GhostPulse.yar	141	6	566	202	6	1	2023-10-26	2024-10-24	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_StormKitty.yar	24	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Skidmap.yar	56	3	1020	170	3	2	2022-07-29	2024-11-25	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_DragonBreath.yar	21	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_A310logger.yar	23	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Latrodectus.yar	26	2	419	371	2	1	2024-03-21	2024-05-08	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Rekoobe.yar	133	3	1020	910	3	2	2022-07-29	2022-11-16	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Hacktool_SharpShares.yar	30	1	895	895	1	1	2022-12-01	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Ransomware_RagnarLocker.yar	21	1	456	456	1	1	2024-02-13	2024-02-13	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_LegionLoader.yar	19	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Buerloader.yar	24	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Cryptominer_Malxmr.yar	303	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Vidar.yar	110	4	1020	202	4	2	2022-07-29	2024-10-24	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_TrueSight.yar	20	1	225	225	1	1	2024-10-01	2024-10-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Hacktool_Infectionmonkey.yar	19	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Trojan_Bandook.yar	24	1	958	958	1	1	2022-09-29	2022-09-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_CVE_2022_0847.yar	27	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Trojan_Mettle.yar	79	1	336	336	1	1	2024-06-12	2024-06-12	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Multi_Hacktool_Nps.yar	49	1	471	471	1	1	2024-01-29	2024-01-29	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_Ransomware_Lockbit.yar	65	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Linux_Exploit_Pulse.yar	38	2	1020	968	2	2	2022-07-29	2022-09-19	mika.ayenson@elastic.co	72879786+protectionsmachine@users.noreply.github.com
yara/rules/Windows_VulnDriver_TmComm.yar	21	2	968	895	2	1	2022-09-19	2022-12-01	72879786+protectionsmachine@users.noreply.github.com	72879786+protectionsmachine@users.noreply.github.com