Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in a threat analytics report about the group known to other security researchers as APT32 or OceanLotus This tracked activity group uses a wide array of malicious documents to conduct attacks. Some of their favorite techniques include sideloading dynamic link libraries, and disguising payloads as image files. The group has weaponized files with exploits for the following vulnerabilities: 1. CVE-2017-11882 - Software update 2. CVE-2017-0199 - Software update T
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | d868871c-bdd6-45e9-9e9d-e3c4521654a7 |
| Tactics | Execution, Persistence, Defense evasion, Discovery, Malware, component |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceFileEvents |
✓ | ✗ | ? |
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊