Gentlemen Ransomware C2 domain connection

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query identifies outbound connections to decentralized Web3 C2s, TryCloudflare tunnels, and abused SaaS platforms associated with the EtherRAT, TukTuk, and Gentlemen ransomware intrusion chains.

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	8dda012e-8628-41ca-b09f-31a2a849a40e
Tactics	CommandAndControl, Exfiltration
Techniques	T1568.002, T1567.002
Required Connectors	MicrosoftThreatProtection
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Campaigns/TheGentlemanRansomware/GentlemanRansomwareC2DomainConnection.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries