Home
Analytic Stories
Detections
Playbooks
Data Sources
Attack Data
Projects
Blog
About
Deprecated Detections
Name
Data Source
Technique
Type
Analytic Story
Date
CHCP Command Execution
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
T1059
Anomaly
Forest Blizzard
,
Quasar RAT
,
Azorult
,
IcedID
,
Crypto Stealer
,
Interlock Rat
2026-05-13
Sc exe Manipulating Windows Services
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
,
Windows Event Log Security 4688
T1543.003
TTP
Scattered Spider
,
Windows Drivers
,
Windows Persistence Techniques
,
NOBELIUM Group
,
Azorult
,
Disabling Security Tools
,
Windows Service Abuse
,
Orangeworm Attack Group
,
Crypto Stealer
,
DHS Report TA18-074A
2026-05-13
Processes launching netsh
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
,
Windows Event Log Security 4688
T1686
Anomaly
Hellcat Ransomware
,
Azorult
,
Netsh Abuse
,
Disabling Security Tools
,
Volt Typhoon
,
Snake Keylogger
,
ShrinkLocker
,
DHS Report TA18-074A
2026-05-13
Ivanti Sentry Authentication Bypass
Suricata
T1190
TTP
Ivanti Sentry Authentication Bypass CVE-2023-38035
2026-05-13
Attempt To Add Certificate To Untrusted Store
CrowdStrike ProcessRollup2
,
Sysmon EventID 1
,
Windows Event Log Security 4688
T1553.004
Anomaly
Disabling Security Tools
2026-05-13
Defense Impairment Detections
Discovery Detections
