Detect Files with Ramsomware Extensions

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This hunting query identifies cretion of files with ransomware extensions. Ransomware file extensions are defined in a watchlist named RansomwareFileExtensions.

Attribute	Value
Type	Hunting Query
Solution	Malware Protection Essentials
ID	595aea5c-74c7-415b-8b12-10af1a338cdf
Tactics	Execution, Impact
Techniques	T1204, T1486
Required Connectors	CrowdStrikeFalconEndpointProtection, MicrosoftThreatProtection, SentinelOne, VMwareCarbonBlack, CiscoSecureEndpoint, TrendMicroApexOne, TrendMicroApexOneAma
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to Malware Protection Essentials