Threat Finding
CrowdStrike Intelligence Indicator ...main During DuckDB Library Download
CrowdStrike Intelligence Indicator Match on GitHub CDN Domain During DuckDB Library Download
Priority
P3
Severity
High
ID
ind:0041e732...4900-1761305
ind:0041e732098e4719a127d6849fa8a2c6:671158239309499937-4900-1761305
Assignee
N/A
Status
Closed
Resolution
False positive
Recommendation
False Positive
Confidence
High
Data Source
Crowdstrike
Crowdstrike
Finding Source
EPP
EPP
Account
Exaforce Tags
MdrAuto : Processed
MdrAuto : Processed
EPP Summary
CrowdStrike Falcon detected a domain intelligence indicator match when user bill executed a curl command to download the DuckDB database library version 1.4.4 from GitHub's official releases repository. The detection was triggered by the domain release-assets.githubusercontent.com, which appears in CrowdStrike's threat intelligence database due to historical use in targeted attacks. The activity occurred on March 12, 2026 at 10:49 UTC from a private network address. This was a detection-only alert with no blocking action taken (pattern disposition 0). This finding is part of a composite group.
Exabot Search
Exabot Search