Actor
medium
advisory
Excessive Usage of SC Service Utility
2 rules 3 TTPsDetection of anomalous usage of sc.exe, often abused by ransomware and malware to manipulate services for privilege escalation or disabling security measures.
Windows
Observed in multiple ransomware families
+1
endpoint
sc.exe
service_control
privilege_escalation
defense_evasion
ransomware
2r
3t
high
threat
Excessive Taskkill Usage for Defense Evasion
2 rules 1 TTPAdversaries use excessive calls to `taskkill.exe` (more than 10 times within a minute) to disable security tools or critical processes, evading detection and compromising systems.
Windows
Multiple threat actors (Azorult
+5
taskkill
defense-evasion
2r
1t