Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Threat actors may use tools such as Curl to download additional files, communicate with C2 infrastructure, or exfiltrate data. This query looks for new files being downloaded using Curl. Curl also has legitimate uses files and hosts should be reviewed to identify potentially malicious activity. Ref: https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 96066361-e101-4c8a-ad37-b0f58d75cd2b |
| Tactics | CommandAndControl |
| Techniques | T1071 |
| Required Connectors | MicrosoftThreatProtection, SecurityEvents |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/MultipleDataSources/DownloadofNewFileUsingCurl.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊