Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Utilizes a list of commonly abused LOLB an attacker or malware would execute in quick succession. The presence of multiple executions of the programs within the list can be indicative of an infection or malicious activity occurring on a victim host.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Cyborg Security HUNTER |
| ID | 6d1c9f13-e43e-4b52-a443-5799465d573b |
| Tactics | Discovery |
| Techniques | T1016 |
| Required Connectors | SecurityEvent |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityEvent |
NewProcessName has_any "arp.exe" |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊