Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in the threat analytics report, Cypherpunk ransomware leaves wake of tampered AVs. Cypherpunk is a human-operated ransomware campaign named after the unusual .cypherpunk extension given to encrypted files. The query below surfaces commands that follow the distinctive pattern Cypherpunk operators would use to remotely execute code.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 2affa440-24b5-48b2-a377-d5968a499658 |
| Tactics | Execution, Ransomware |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceProcessEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊