Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Process executed from binary hidden in Base64 encoded file. Encoding malicious software is a. Technique to obfuscate files from detection. The first and second ProcessCommandLine component is looking for Python decoding base64. The third ProcesssCommandLine component is looking for the Bash/sh commandline base64 decoding tool. The fourth one is looking for Ruby decoding base64.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 0c068643-049c-4c10-8771-ef3865627aa2 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊