Home
Analytic Stories
Detections
Playbooks
Data Sources
Attack Data
Projects
Blog
About
Deprecated Detections
Name
Data Source
Technique
Type
Analytic Story
Date
CHCP Command Execution
Sysmon EventID 1
,
CrowdStrike ProcessRollup2
T1059
Anomaly
IcedID
,
Crypto Stealer
,
Forest Blizzard
,
Interlock Rat
,
Quasar RAT
,
Azorult
2026-05-13
Sc exe Manipulating Windows Services
Windows Event Log Security 4688
,
Sysmon EventID 1
,
CrowdStrike ProcessRollup2
T1543.003
TTP
Windows Drivers
,
Disabling Security Tools
,
DHS Report TA18-074A
,
Crypto Stealer
,
Windows Persistence Techniques
,
Orangeworm Attack Group
,
Azorult
,
Windows Service Abuse
,
Scattered Spider
,
NOBELIUM Group
2026-05-13
Processes launching netsh
Windows Event Log Security 4688
,
Sysmon EventID 1
,
CrowdStrike ProcessRollup2
T1686
Anomaly
Disabling Security Tools
,
DHS Report TA18-074A
,
Volt Typhoon
,
Azorult
,
Snake Keylogger
,
Netsh Abuse
,
ShrinkLocker
,
Hellcat Ransomware
2026-05-13
Ivanti Sentry Authentication Bypass
Suricata
T1190
TTP
Ivanti Sentry Authentication Bypass CVE-2023-38035
2026-05-13
Attempt To Add Certificate To Untrusted Store
Windows Event Log Security 4688
,
Sysmon EventID 1
,
CrowdStrike ProcessRollup2
T1553.004
Anomaly
Disabling Security Tools
2026-05-13
Defense Impairment Detections
Discovery Detections
