ExtSentry
diff --git a/‎feeds/elastic_threat_intel.ndjson‎
Lines changed: 1946 additions & 1946 deletions b/‎feeds/elastic_threat_intel.ndjson‎
Lines changed: 1946 additions & 1946 deletions
diff --git a/‎feeds/extsentry_feed.json‎
Lines changed: 1 addition & 1 deletion b/‎feeds/extsentry_feed.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎feeds/extsentry_ioc_feed.csv‎
Lines changed: 1946 additions & 1946 deletions b/‎feeds/extsentry_ioc_feed.csv‎
Lines changed: 1946 additions & 1946 deletions
diff --git a/‎feeds/misp_event.json‎
Lines changed: 2 additions & 2 deletions b/‎feeds/misp_event.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎feeds/misp_warninglist.json‎
Lines changed: 1 addition & 1 deletion b/‎feeds/misp_warninglist.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎feeds/opencti_import.csv‎
Lines changed: 1946 additions & 1946 deletions b/‎feeds/opencti_import.csv‎
Lines changed: 1946 additions & 1946 deletions
diff --git a/‎feeds/openioc_browser_extensions.ioc‎
Lines changed: 2 additions & 2 deletions b/‎feeds/openioc_browser_extensions.ioc‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎feeds/sentinel_analytics_rule.kql‎
Lines changed: 1 addition & 1 deletion b/‎feeds/sentinel_analytics_rule.kql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎feeds/sigma_rules_browser_extensions.yml‎
Lines changed: 30 additions & 30 deletions b/‎feeds/sigma_rules_browser_extensions.yml‎
Lines changed: 30 additions & 30 deletions
@@ -1,7 +1,7 @@
 {
   "feed_name": "ExtSentry - Browser Extension Threat Intelligence",
   "feed_version": "1.0",
-  "generated": "2026-05-20T23:52:45Z",
+  "generated": "2026-05-21T02:47:23Z",
   "source": "https://github.com/mthcht/awesome-lists",
   "license": "TLP:CLEAR",
   "total_indicators": 1946,
 
@@ -4,8 +4,8 @@
     "threat_level_id": "2",
     "analysis": "2",
     "distribution": "3",
-    "date": "2026-05-20",
-    "timestamp": "1779321165",
+    "date": "2026-05-21",
+    "timestamp": "1779331643",
     "published": false,
     "uuid": "41ef2090-fab5-547e-9eb6-2aa8f195c66f",
     "Orgc": {
 
@@ -1,6 +1,6 @@
 {
   "name": "ExtSentry - Known Malicious/Suspicious Browser Extension IDs",
-  "version": 20260520,
+  "version": 20260521,
   "description": "List of known malicious, suspicious, and potentially unwanted browser extension IDs. Maintained by mthcht.",
   "type": "string",
   "matching_attributes": [
 
@@ -1,8 +1,8 @@
 <?xml version="1.0" ?>
-<ioc xmlns="http://schemas.mandiant.com/2010/ioc" id="3678fd2f-03b8-5532-a002-c96e7c7abd1e" last-modified="2026-05-20T23:52:45Z">
+<ioc xmlns="http://schemas.mandiant.com/2010/ioc" id="3678fd2f-03b8-5532-a002-c96e7c7abd1e" last-modified="2026-05-21T02:47:23Z">
   <short_description>ExtSentry - Malicious Browser Extension IOCs</short_description>
   <description>Browser extension IDs flagged as malicious/suspicious. Matches extension IDs in file paths and registry entries. Source: github.com/mthcht/awesome-lists</description>
-  <authored_date>2026-05-20T23:52:45Z</authored_date>
+  <authored_date>2026-05-21T02:47:23Z</authored_date>
   <definition>
     <Indicator operator="OR" id="5fd27988-48b0-53ea-88c2-7e57099fd433">
       <IndicatorItem id="9b5ec8dd-9fe4-5c27-a835-533c05dcf7b0" condition="contains">
 
@@ -1,6 +1,6 @@
 // ExtSentry - Browser Extension Threat Detection for Microsoft Sentinel
 // Source: https://github.com/mthcht/awesome-lists
-// Generated: 2026-05-20T23:52:45Z
+// Generated: 2026-05-21T02:47:23Z
 // Total extension IDs: 1946 in 10 chunks
 //
 // RECOMMENDATION: For production, import the IOC list as a Sentinel Watchlist
 
@@ -8,8 +8,8 @@ description: |
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -1981,8 +1981,8 @@ description: |
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -3953,8 +3953,8 @@ description: |
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -5922,8 +5922,8 @@ description: Detects browser extensions categorized as 'malware' in the ExtSentr
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -7680,8 +7680,8 @@ description: Detects browser extensions categorized as 'PUP' in the ExtSentry fe
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -7708,8 +7708,8 @@ description: Detects browser extensions categorized as 'compromised' in the ExtS
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -7823,8 +7823,8 @@ description: Detects browser extensions categorized as 'cryptocurrency' in the E
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -7936,8 +7936,8 @@ description: Detects browser extensions categorized as 'Credential Access' in th
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -7961,8 +7961,8 @@ description: Detects browser extensions categorized as 'Defense Evasion' in the
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -7985,8 +7985,8 @@ description: Detects browser extensions categorized as 'scam' in the ExtSentry f
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -8013,8 +8013,8 @@ description: Detects browser extensions categorized as 'RMM' in the ExtSentry fe
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -8037,8 +8037,8 @@ description: Detects browser extensions categorized as 'password manager' in the
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -8069,8 +8069,8 @@ description: Detects browser extensions categorized as 'PROXY/VPN' in the ExtSen
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -8097,8 +8097,8 @@ description: Detects browser extensions categorized as 'metadata_category' in th
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry / mthcht
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
@@ -8123,8 +8123,8 @@ description: |
 references:
     - https://github.com/mthcht/awesome-lists
 author: ExtSentry
-date: 2026-05-20
-modified: 2026-05-20
+date: 2026-05-21
+modified: 2026-05-21
 tags:
     - attack.persistence
     - attack.t1176
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"feed_name": "ExtSentry - Browser Extension Threat Intelligence",`
`3`	`3`	`"feed_version": "1.0",`
`4`		`- "generated": "2026-05-20T23:52:45Z",`
	`4`	`+ "generated": "2026-05-21T02:47:23Z",`
`5`	`5`	`"source": "https://github.com/mthcht/awesome-lists",`
`6`	`6`	`"license": "TLP:CLEAR",`
`7`	`7`	`"total_indicators": 1946,`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "ExtSentry - Known Malicious/Suspicious Browser Extension IDs",`
`3`		`- "version": 20260520,`
	`3`	`+ "version": 20260521,`
`4`	`4`	`"description": "List of known malicious, suspicious, and potentially unwanted browser extension IDs. Maintained by mthcht.",`
`5`	`5`	`"type": "string",`
`6`	`6`	`"matching_attributes": [`