Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Process executed from binary hidden in Base64 encoded file. Encoding malicious software is a. Technique to obfuscate files from detection. The first and second ProcessCommandLine component is looking for Python decoding base64. The third ProcesssCommandLine component is looking for the Bash/sh commandline base64 decoding tool. The fourth one is looking for Ruby decoding base64.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 0c068643-049c-4c10-8771-ef3865627aa2 |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Execution/ExecuteBase64DecodedPayload.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊