Prestige ransomware IOCs Oct 2022

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query looks for file hashes and AV signatures associated with Prestige ransomware payload.

Attribute	Value
Type	Analytic Rule
Solution	Standalone Content
ID	bca9c877-2afc-4246-a26d-087ab1cdcd5f
Severity	High
Kind	Scheduled
Tactics	Execution
Techniques	T1203
Required Connectors	MicrosoftThreatProtection, SecurityEvents
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
CommonSecurityLog	✓	✓	?
DeviceEvents	✓	✗	?
DeviceFileEvents	✓	✗	?
DeviceImageLoadEvents	✓	✗	?
Event	✓	✓	?
SecurityAlert	✓	✗	?

Associated Connectors

The following connectors provide data for this content item:

Connector	Solution
AzureActiveDirectoryIdentityProtection	Microsoft Entra ID Protection
AzureAdvancedThreatProtection	Microsoft Defender for Identity
AzureSecurityCenter	Microsoft Defender for Cloud
CefAma	Common Event Format
CloudNSSAuditLogs_ccp	Zscaler Internet Access
CloudNSSCASBActivityLogs_ccp	Zscaler Internet Access
CloudNSSCASBCRMLogs_ccp	Zscaler Internet Access
CloudNSSCASBCloudStorageLogs_ccp	Zscaler Internet Access
CloudNSSCASBCollabLogs_ccp	Zscaler Internet Access
CloudNSSCASBEmailLogs_ccp	Zscaler Internet Access
CloudNSSCASBFileSharingLogs_ccp	Zscaler Internet Access
CloudNSSCASBITSMLogs_ccp	Zscaler Internet Access
CloudNSSCASBRepoLogs_ccp	Zscaler Internet Access
CloudNSSDNSLogs_ccp	Zscaler Internet Access
CloudNSSEmailDLPLogs_ccp	Zscaler Internet Access
CloudNSSEndpointDLPLogs_ccp	Zscaler Internet Access
CloudNSSFWLogs_ccp	Zscaler Internet Access
CloudNSSTunnelLogs_ccp	Zscaler Internet Access
CloudNSSWebLogs_ccp	Zscaler Internet Access
IoT	IoTOTThreatMonitoringwithDefenderforIoT
MicrosoftCloudAppSecurity	Microsoft Defender for Cloud Apps
MicrosoftDefenderAdvancedThreatProtection	MicrosoftDefenderForEndpoint
MicrosoftDefenderForCloudTenantBased	Microsoft Defender for Cloud
OfficeATP	Microsoft Defender for Office 365
OfficeIRM	MicrosoftPurviewInsiderRiskManagement
VirtualMetricDirectorProxy	VirtualMetric DataStream
VirtualMetricMSSentinelConnector	VirtualMetric DataStream
VirtualMetricMSSentinelDataLakeConnector	VirtualMetric DataStream

Solutions: Common Event Format, IoTOTThreatMonitoringwithDefenderforIoT, Microsoft Defender for Cloud, Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Entra ID Protection, MicrosoftDefenderForEndpoint, MicrosoftPurviewInsiderRiskManagement, VirtualMetric DataStream, Zscaler Internet Access

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules