v2026.04.17-22a68a5

feat: add ClickFix TTP (Verbose) as separate rule, restore original Clickfix TTP detected

v2026.04.02-cb48e92

fix: use correct endpoint.os value "osx" for macOS queries

v2026.04.02-bf42012

feat: add macOS LOOBins detection query (16 high-confidence patterns across 13 binaries)

v2026.03.28-68c4537

fix: drop ambiguous option chars (dashes) from ArgFuscator detection to reduce FPs

v2026.03.28-4e9db7c

feat: add Ligolo-ng and Ligolo-IWA browser pivot detection query

v2026.03.27-f6b07cd

fix: add ClickFix alias evasion detection and rework Storyline ID helper aggregation

v2026.03.27-f4109c5

fix: comprehensive ArgFuscator detection covering all 5 obfuscation families

v2026.03.27-bc62d87

fix: rework indicator.metadata/description aggregation for readability and accuracy

v2026.03.27-85b280c

feat: add ArgFuscator command-line obfuscation detection query (T1027.010)

v2026.03.23-7a6eb04

Update s1_powerquery_hunting.json