Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Snip3 is a family of related remote access trojans. Although the malware in this family contain numerous small variations, they all exhibit similar behaviors and techniques. The following query looks for potentially hollowed processes that may be used to facilitate command-and-control or exfiltration by Snip3 malware. This technique has been used in recent cases to exfiltrate data, including credentials. The query may return additional malware or campaigns not necessarily associated with Snip3.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | c65bea99-26b2-4c48-a114-02eccc2023c0 |
| Tactics | Command and control, Exfiltration |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceNetworkEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊