Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
This detection will identify network requests in HTTP proxy data that contains Base64 encoded usernames from machines in the DeviceEvents table. This technique was seen usee by POLONIUM in their RunningRAT tool.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 6e715730-82c0-496c-983b-7a20c4590bd9 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | Exfiltration, CommandAndControl |
| Techniques | T1041, T1071.001 |
| Required Connectors | Zscaler, Fortinet, CheckPoint, PaloAltoNetworks, MicrosoftThreatProtection |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊