New Stories:
- Trusted Developer Utilities Proxy Execution
- Trusted Developer Utilities Proxy Execution MSBuild
New Detections
- Trusted Developer Utilities Proxy Execution MSBuild
- Suspicious MSBuild Rename
- Suspicious MSBuild Spawn
- Suspicious msbuild path
- Trusted Developer Utilities Proxy Execution
- Suspicious microsoft workflow compiler rename
- Suspicious microsoft workflow compiler usage
- Suspicious MSHTA Activity
- Suspicious mshta child process
- Detect MSHTA Url in Command Line
- Detect Rundll32 Inline HTA Execution
- Suspicious mshta spawn
- Detect mshta inline hta execution
- Ryuk Ransomware
- NLTest Domain Trust Discovery
- WBAdmin Delete System Backups
Other
- Update to generate code to output correct Response Tasks
- Added a new tag "product" to the detection spec
- New badges introduced to README that highlights: Release version, Build Status, number of detection
- Introduced new back end tool to report detection testing coverage