Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This query was originally published in a threat analytics report about the group known to other security researchers as APT32 or OceanLotus This tracked activity group uses a wide array of malicious documents to conduct attacks. Some of their favored techniques include sideloading dynamic link libraries, and disguising payloads as image files. The following query detects network activity that may indicate an attack by this group. See Detect malicious documents associated with group known as "Oc
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 8e2c33f5-0c00-4246-b10b-9fb43da56365 |
| Tactics | Discovery, Lateral movement, Command and control |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Campaigns/oceanlotus-apt32-network.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊