diff --git a/yml/OSBinaries/sftp.yml b/yml/OSBinaries/sftp.yml
index 22396c9..7159022 100644
--- a/yml/OSBinaries/sftp.yml
+++ b/yml/OSBinaries/sftp.yml
@@ -11,10 +11,25 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows 10, Windows 11
+  - Command: "sftp -S c:\\windows\\system32\\notepad.exe localhost"
+    Description: Execute notepad.exe with sftp.exe as parent process
+    Usecase: Use sftp.exe as a proxy binary to evade defensive counter-measures
+    Category: Execute
+    Privileges: User
+    MitreID: T1202
+    OperatingSystem: Windows 10, Windows 11
+  - Command: "sftp <ftp_user>@<ftp_Server_ip>:<path_of_file_to_download> <path_to_save_file>"
+    Description: Download file with sftp.exe from an FTP server
+    Usecase: Use sftp.exe as a proxy binary to evade defensive counter-measures. If needed, you will be asked to submit a password for the sFTP session.
+    Category: Download
+    Privileges: User
+    MitreID: T1202
+    OperatingSystem: Windows 10, Windows 11
 Full_Path:
   - Path: c:\windows\system32\OpenSSH\sftp.exe
 Detection:
   - IOC: sftp.exe spawning unexpected processes
+  - IOC: Suspicious sFTP internet/network traffic
 Acknowledgement:
   - Person: 'Nir Chako (Pentera)'
     Handle: '@C_h4ck_0'