Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
CreepyDrive uses OneDrive for command and control, however, it makes regular requests to predicatable paths. This detecton will alert when over 20 sequences are observed in a single day.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | eda260eb-f4a1-4379-ad98-452604da9b3e |
| Severity | High |
| Kind | Scheduled |
| Tactics | Exfiltration, CommandAndControl |
| Techniques | T1567.002, T1102.002 |
| Required Connectors | Zscaler, Fortinet, CheckPoint, PaloAltoNetworks |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊