Merge pull request #2418 from splunk/10_ba_lolbas_plez

9 ba lolbas plez

bin/lolba_enrichment/output/ssa___acccheckconsole_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Acccheckconsole exe LOLBAS in Non Standard Path
-id: a8289f22-2df9-4d67-9913-de8fc0954d02
+id: c842931e-661f-42bc-a4df-0460d93cfb69
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___adplus_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Adplus exe LOLBAS in Non Standard Path
-id: 32134938-37d4-4ec5-8714-46ca49769d20
+id: ecaaf956-c516-4980-b08e-8c01c19614ca
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___advpack_dll.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Advpack dll LOLBAS in Non Standard Path
-id: 56061a68-08af-4d8a-b0c3-e3e4477d2264
+id: 3284e4f4-67f7-49b6-ad5e-a8fcead2eef8
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___agentexecutor_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Agentexecutor exe LOLBAS in Non Standard Path
-id: 0327b45f-3531-4efc-9b51-46e716eb454a
+id: e124f71f-11bc-47e4-9931-6046d256005d
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___appinstaller_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Appinstaller exe LOLBAS in Non Standard Path
-id: 0f97913c-5aa4-443d-b111-676da584db6e
+id: 057c06c7-ef31-4749-b5c9-199152e53a06
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___appvlp_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Appvlp exe LOLBAS in Non Standard Path
-id: da9de3e2-66ab-43ec-bbc8-4875d2115fec
+id: 93862a89-abe0-4094-909a-08ec390aa5e3
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___aspnet_compiler_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Aspnet_compiler exe LOLBAS in Non Standard Path
-id: 41218a31-e6b8-4ea3-88dc-d588e1b45a5f
+id: d75cc561-3828-4d0a-92c4-0eb93bfe0929
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___at_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities At exe LOLBAS in Non Standard Path
-id: 51fd491e-b38a-4657-b5c8-7f6410b9bbcf
+id: 6401d583-0052-4dc5-a713-68b510826d2b
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___atbroker_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Atbroker exe LOLBAS in Non Standard Path
-id: 09d6531d-b55b-4d46-8e7a-9b455563fd03
+id: b8da7ea5-8c16-4eff-9787-54ec271159e0
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___bash_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Bash exe LOLBAS in Non Standard Path
-id: d47efd9c-2e31-4d38-ab95-c7db6908106b
+id: 57bb8624-26b3-4d23-a35c-17d5b2fa03b2
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___bitsadmin_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Bitsadmin exe LOLBAS in Non Standard Path
-id: 69e7e9bb-e08e-4972-9140-9adb08ebe199
+id: 919cfed5-71e3-4b56-8468-bfa0f8e48763
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cdb_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cdb exe LOLBAS in Non Standard Path
-id: 4f0445e8-3d5a-470b-925c-b76f3eff60ee
+id: 438a17bb-ffad-4540-a92b-c82177b6c584
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___certoc_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Certoc exe LOLBAS in Non Standard Path
-id: 6e8f20ff-265a-46b8-9681-e8442178b09c
+id: 46e1d51f-2979-42e4-8397-63abb398fe71
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___certreq_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Certreq exe LOLBAS in Non Standard Path
-id: 6c0ab09e-2be3-4fd0-b887-60240a68fb16
+id: 3b322498-f89c-4407-a43d-3218f5debbc5
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___certutil_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Certutil exe LOLBAS in Non Standard Path
-id: 8402b60f-0a97-4d58-a927-bc4b1b04112c
+id: 9de4a1d7-65bf-4a6f-b25f-c926570c6543
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cl_invocation_ps1.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cl_invocation ps1 LOLBAS in Non Standard Path
-id: 49630b63-7407-4a0b-b9c1-13741db4a2e4
+id: b84023f7-4fc9-429e-bb10-ab19095041f1
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cl_loadassembly_ps1.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cl_loadassembly ps1 LOLBAS in Non Standard Path
-id: 80dae1e3-ed8e-4abf-b62b-b322d4d7eb3b
+id: a32d2585-a516-4808-a130-92f480c55988
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cl_mutexverifiers_ps1.yml

@@ -1,8 +1,8 @@
 name: Windows Rename System Utilities Cl_mutexverifiers ps1 LOLBAS in Non Standard
   Path
-id: 4a98b0d1-88c0-4234-8d2a-44cbfe7f70b6
+id: 53c3b8a2-9e6c-4b34-8bf3-c76fd4fcacf3
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cmd_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cmd exe LOLBAS in Non Standard Path
-id: eddf68bb-7442-465f-aca6-d6be8c029781
+id: 90784ffc-3576-45d7-bb16-d62f6120c4e5
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cmdkey_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cmdkey exe LOLBAS in Non Standard Path
-id: 3a46ac20-f603-40e3-a4f3-a77aded3305b
+id: 304b4002-dfad-422e-93b7-bb6e9a490513
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cmdl32_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cmdl32 exe LOLBAS in Non Standard Path
-id: f9ea7424-1805-4b7c-828e-97564b96a08d
+id: 10de5e76-a676-4149-a949-1132b117a11a
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cmstp_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cmstp exe LOLBAS in Non Standard Path
-id: f473e060-a390-4567-9a4d-99cbde81da79
+id: c7cb13df-b234-4654-86c6-9a35c930de42
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___comsvcs_dll.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Comsvcs dll LOLBAS in Non Standard Path
-id: 8035fb1d-f610-4b54-9d1e-dcaca3ca06af
+id: 3b4d71e9-ceb0-48ea-b1c1-a62dd66b9f66
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___configsecuritypolicy_exe.yml

@@ -1,8 +1,8 @@
 name: Windows Rename System Utilities Configsecuritypolicy exe LOLBAS in Non Standard
   Path
-id: 28427e48-405d-4d0d-8bb5-851dbe3a14f2
+id: 2212344c-5a19-4907-b561-b91832c54fa8
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___conhost_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Conhost exe LOLBAS in Non Standard Path
-id: 18c2d6d3-8712-49d2-b3ff-3950131ce8da
+id: d1c99845-9762-4da4-b30e-7fbf05304baf
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___control_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Control exe LOLBAS in Non Standard Path
-id: de93877e-1926-4a57-93c7-ccc9110177ad
+id: 8f4b0432-e5cd-434e-a87d-bffa2e936adb
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___coregen_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Coregen exe LOLBAS in Non Standard Path
-id: 3557c88c-e036-47b2-9516-cad111189568
+id: 5964991e-0c6e-4fb1-b9f3-acae15fd9858
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___csc_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Csc exe LOLBAS in Non Standard Path
-id: acfeacea-5688-4f5a-b71a-572eccb9ea0b
+id: ea783c88-d20f-461b-a295-cf1a87bd8502
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___cscript_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Cscript exe LOLBAS in Non Standard Path
-id: afe8315c-ada9-4156-b26c-f64e7bcc6644
+id: dfcc58d1-4f59-42a6-85f9-7ea2085ae8fe
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___csi_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Csi exe LOLBAS in Non Standard Path
-id: d72eb4a1-d1bd-430e-ac81-54b85e62706b
+id: 5258b32a-b811-4323-9e98-4701b8a6295c
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___datasvcutil_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Datasvcutil exe LOLBAS in Non Standard Path
-id: 83f76c3f-8f26-4e75-9841-706b93550561
+id: cf1686f6-516f-4e58-ae86-524e162def2f
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___defaultpack_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Defaultpack exe LOLBAS in Non Standard Path
-id: 1f0f4073-a44b-4d0a-831c-8678ad0ba107
+id: 640aa341-73f5-4958-8d44-7d4171af8862
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___desk_cpl.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Desk cpl LOLBAS in Non Standard Path
-id: e6b350d8-a238-4a31-8521-1353c9639aa0
+id: 7f6caf3f-0f0f-4c3e-ba8b-04664bc12771
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___desktopimgdownldr_exe.yml

@@ -1,8 +1,8 @@
 name: Windows Rename System Utilities Desktopimgdownldr exe LOLBAS in Non Standard
   Path
-id: 3a77606b-d07b-4aff-8901-8337b72b1597
+id: c9f3d074-f077-4d98-9eec-f9e3629e5e58
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___devtoolslauncher_exe.yml

@@ -1,8 +1,8 @@
 name: Windows Rename System Utilities Devtoolslauncher exe LOLBAS in Non Standard
   Path
-id: c502882c-44ab-4556-ba3c-c9bec806ff3f
+id: 989eef3d-36d4-4b83-a004-94f7f171e529
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___dfshim_dll.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Dfshim dll LOLBAS in Non Standard Path
-id: 31d997d3-d28b-4bd5-b368-066fe410c699
+id: 2615f2e9-0f34-4106-b649-7a5ff5644f9f
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___dfsvc_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Dfsvc exe LOLBAS in Non Standard Path
-id: 91272b91-c17a-4be7-a85e-6fae80ef124a
+id: 0bf3fa5b-e25a-476b-8474-61ad82e4d82c
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___diantz_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Diantz exe LOLBAS in Non Standard Path
-id: 118c96e6-f3bf-4217-a2ee-9eba800eb91d
+id: 09bcd983-9735-45e7-9bdd-a78f4557954d
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel:

bin/lolba_enrichment/output/ssa___diskshadow_exe.yml

@@ -1,7 +1,7 @@
 name: Windows Rename System Utilities Diskshadow exe LOLBAS in Non Standard Path
-id: 3c2a10c5-bb47-49f8-bc2e-1894291e2526
+id: 38ce0449-88f2-47c6-b6bd-0619f674a33d
 version: 1
-date: '2022-10-17'
+date: '2022-10-18'
 author: Splunk Threat Research Bot, Splunk
 type: Anomaly
 datamodel: