|
Attempt To Add Certificate To Untrusted Store
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Install Root Certificate
|
Anomaly
|
Disabling Security Tools
|
2026-03-26
|
|
CHCP Command Execution
|
CrowdStrike ProcessRollup2, Sysmon EventID 1
|
Command and Scripting Interpreter
|
Anomaly
|
Azorult, Crypto Stealer, Forest Blizzard, IcedID, Interlock Rat, Quasar RAT
|
2026-03-23
|
|
Ivanti Sentry Authentication Bypass
|
Suricata
|
Exploit Public-Facing Application
|
TTP
|
Ivanti Sentry Authentication Bypass CVE-2023-38035
|
2026-03-27
|
|
Processes launching netsh
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Disable or Modify System Firewall
|
Anomaly
|
Azorult, DHS Report TA18-074A, Disabling Security Tools, Hellcat Ransomware, Netsh Abuse, ShrinkLocker, Snake Keylogger, Volt Typhoon
|
2026-03-26
|
|
Sc exe Manipulating Windows Services
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Windows Service
|
TTP
|
Azorult, Crypto Stealer, DHS Report TA18-074A, Disabling Security Tools, NOBELIUM Group, Orangeworm Attack Group, Scattered Spider, Windows Drivers, Windows Persistence Techniques, Windows Service Abuse
|
2026-03-26
|
