Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This hunting query helps to detect attempts to create proxies on compromised systems using the built-in netsh portproxy command. VoltTyphoon has been seen creating these proxies on compromised hosts to manage command and control communications.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Windows Security Events |
| ID | ce38c16c-a560-46c0-88d6-7757b88f08e9 |
| Tactics | CommandandControl |
| Techniques | T1090 |
| Required Connectors | WindowsSecurityEvents, WindowsForwardedEvents |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityEvent |
✓ | ✓ | ? |
WindowsEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊