Gentlemen Ransomware payload execution and staging

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

---

This query detects the presence, creation, or execution of known payloads involved in the EtherRAT, TukTuk, and Gentlemen ransomware intrusion chains.

Attribute	Value
Type	Hunting Query
Solution	Standalone Content
ID	95ba7476-e617-47fe-a3d8-20904ce721a0
Tactics	Execution, Persistence
Techniques	T1204.002, T1574.002
Required Connectors	MicrosoftThreatProtection
Source	[View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Campaigns/TheGentlemanRansomware/GentlemanRansomwarePayloadHashes.yaml)

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Hunting Queries