Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This KQL query extracts file hash indicators associated with Trojan activity from the CyfirmaIndicators_CL table. It specifically targets indicators containing file hashes linked to Trojan behavior and retrieves MD5, SHA1, and SHA256 values. The query also includes contextual threat intelligence such as threat actors, tags, sources, and geolocation information.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Cyfirma Cyber Intelligence |
| ID | 4afd8960-8bee-4cac-bb5e-a4f200b1f9f3 |
| Severity | High |
| Kind | Scheduled |
| Tactics | InitialAccess, Execution, Persistence, DefenseEvasion, CommandAndControl, CredentialAccess |
| Techniques | T1566, T1204, T1547, T1027, T1071, T1003, T1566.001, T1547.001 |
| Required Connectors | CyfirmaCyberIntelligenceDC |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CyfirmaIndicators_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Cyfirma Cyber Intelligence