Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query was originally published in the threat analytics report, Cypherpunk ransomware leaves wake of tampered AVs. Cypherpunk is a human-operated ransomware campaign named after the unusual .cypherpunk extension given to encrypted files. The query below surfaces commands that follow the distinctive pattern Cypherpunk operators would use to remotely execute code.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 2affa440-24b5-48b2-a377-d5968a499658 |
| Tactics | Execution, Ransomware |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Campaigns/cypherpunk-exclusive-commands.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊