Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in the threat analytics report, Ransomware continues to hit healthcare, critical services. There is also a related blog. In April of 2020, security researchers observed multiple ransomware campaigns using the same set of techniques. The following query detects the use of the tool cipher.exe to delete indicators of malicious activity right before encrypting a drive. The See also section below lists more queries related to techniques shared by these campaigns. R
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | ccf00363-6636-4748-9df5-a22f6cb977bd |
| Tactics | Defense evasion |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊