Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This KQL query extracts file hash indicators associated with Trojan activity from the CyfirmaIndicators_CL table. It specifically targets indicators containing file hashes linked to Trojan behavior and retrieves MD5, SHA1, and SHA256 values. The query also includes contextual threat intelligence such as threat actors, tags, sources, and geolocation information.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Cyfirma Cyber Intelligence |
| ID | 25686f44-5f5f-4388-95e2-eea244481438 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | InitialAccess, Execution, Persistence, DefenseEvasion, CommandAndControl, CredentialAccess |
| Techniques | T1566, T1204, T1547, T1027, T1071, T1003, T1566.001, T1547.001 |
| Required Connectors | CyfirmaCyberIntelligenceDC |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CyfirmaIndicators_CL |
✓ | ✓ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Analytic Rules · Back to Cyfirma Cyber Intelligence