Qakbot Reconnaissance Activities

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Content Index

This query searches for reconnaissance and beaconing activities after code injection occurs in Qakbot infections.

Attribute Value
Type Hunting Query
Solution Microsoft Defender XDR
ID d6991ef1-b225-4780-b6a6-cfe9b5278f5e
Tactics Discovery
Required Connectors MicrosoftThreatProtection
Source View on GitHub

Tables Used

This content item queries data from the following tables:

Table Transformations Ingestion API Lake-Only
DeviceProcessEvents ?

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Hunting Queries · Back to Microsoft Defender XDR