Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This detection will alert when RunningRAT URI parameters or paths are detect in an HTTP request. Id the device blocked this communication presence of this alert means the RunningRAT implant is likely still executing on the source host.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | baedfdf4-7cc8-45a1-81a9-065821628b83 |
| Severity | High |
| Kind | Scheduled |
| Tactics | Exfiltration, CommandAndControl |
| Techniques | T1041, T1071.001 |
| Required Connectors | Zscaler, Fortinet, CheckPoint, PaloAltoNetworks |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊