Suspicious Base64 download activity detected

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Query detects Base64 obfuscated scripts for malicious file execution. This technique is used by attackers to exploit a remote code execution vulnerability in the Apache Log4j to evade detection.

Attribute	Value
Type	Hunting Query
Solution	Apache Log4j Vulnerability Detection
ID	78882f9a-f3ef-4010-973c-3f6336f5bef7
Tactics	Persistence, Execution
Techniques	T1059, T1053
Required Connectors	Syslog
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
Syslog	Facility == "user" SyslogMessage has "AUOMS_EXECVE"	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Apache Log4j Vulnerability Detection