Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in the threat analytics report, Ransomware continues to hit healthcare, critical services. There is also a related blog. In April of 2020, security researchers observed multiple ransomware campaigns using the same set of techniques. The following query detects attempts to use fsutil.exe to clear system logs and delete forensic artifacts. The See also section below lists more queries related to techniques shared by these campaigns. Reference - https://www.micro
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 5aa2b168-ab4f-44ab-8668-7845c7defcb1 |
| Tactics | Defense evasion |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊