Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query was originally published in the threat analytics report, Qakbot blight lingers, seeds ransomware Qakbot is malware that steals login credentials from banking and financial services. It has been deployed against small businesses as well as major corporations. Some outbreaks have involved targeted ransomware campaigns that use a similar set of techniques. Links to related queries are listed under See also. The following query detects registry entries that may indicate that an operator i
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 3f305589-cde2-4509-8204-63cb2a00117c |
| Tactics | Persistence |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DeviceRegistryEvents |
ActionType == "RegistryValueSet" |
✓ | ✗ | ? |
The following connectors provide data for this content item:
| Connector | Solution |
|---|---|
| MicrosoftThreatProtection | Microsoft Defender XDR |
Solutions: Microsoft Defender XDR
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊