Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Detects PowerShell commands downloading and execute code hosted on Pastebin and other services. This technique has been used by malicious actors to distribute malware, in particular it has been used by the EvilCorp Ransomware variants such as Sodinokibi.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Cyborg Security HUNTER |
| ID | e186a8af-3d4a-4003-93b7-9b199e0b1dd1 |
| Tactics | CommandandControl |
| Techniques | T1102 |
| Required Connectors | SecurityEvent |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊