Microsoft-365-Defender-Hunting-Queries

tali-ash dd66127d30 Update IcedId attachments.md	2022-01-16 17:15:32 +02:00
..
Backup deletion.md	Create Backup deletion.md	2021-02-15 15:39:38 +02:00
Check for multiple signs of ransomware activity.md	Create Check for multiple signs of ransomware activity.md	2021-02-15 15:41:30 +02:00
Clearing of forensic evidence from event logs using wevtutil.md	Create Clearing of forensic evidence from event logs using wevtutil.md	2021-02-15 15:36:38 +02:00
DarkSide.md	Update DarkSide.md	2021-06-03 13:46:27 -07:00
Deletion of data on multiple drives using cipher exe.md	Create Deletion of data on multiple drives using cipher exe.md	2021-02-15 15:35:49 +02:00
Discovery for highly-privileged accounts.md	Create Discovery for highly-privileged accounts.md	2021-06-03 13:44:11 -07:00
Distribution from remote location.md	Update Distribution from remote location.md	2021-06-03 13:46:49 -07:00
Fake Replies.md	Create Fake Replies.md	2021-06-03 13:42:00 -07:00
File Backup Deletion Alerts.md	Update File Backup Deletion Alerts.md	2021-06-03 13:47:12 -07:00
Gootkit File Delivery.md	Update Gootkit File Delivery.md	2021-06-03 13:47:29 -07:00
HTA Startup Persistence.md	Create HTA Startup Persistence.md	2021-06-03 13:45:10 -07:00
IcedId Delivery.md	Update IcedId Delivery.md	2022-01-16 17:14:14 +02:00
IcedId attachments.md	Update IcedId attachments.md	2022-01-16 17:15:32 +02:00
IcedId email delivery.md	Create IcedId email delivery.md	2021-06-03 13:35:27 -07:00
LaZagne Credential Theft.md	Update LaZagne Credential Theft.md	2021-06-03 13:48:13 -07:00
Potential ransomware activity related to Cobalt Strike.md	Update Potential ransomware activity related to Cobalt Strike.md	2021-06-03 13:24:07 -07:00
Qakbot discovery activies.md	Create Qakbot discovery activies.md	2021-06-03 13:46:08 -07:00
Sticky Keys.md	Create Sticky Keys.md	2021-06-03 13:40:56 -07:00
Stopping multiple processes using taskkill.md	Create Stopping multiple processes using taskkill.md	2021-02-15 15:13:57 +02:00
Stopping processes using net stop.md	Create Stopping processes using net stop.md	2021-02-15 15:34:39 +02:00
Suspicious Bitlocker Encryption.md	Update Suspicious Bitlocker Encryption.md	2021-06-03 13:48:37 -07:00
Suspicious Google Doc Links.md	Create Suspicious Google Doc Links.md	2021-06-03 13:43:07 -07:00
Suspicious Image Load related to IcedId.md	Create Suspicious Image Load related to IcedId.md	2021-06-03 13:37:45 -07:00
Turning off System Restore.md	Create Turning off System Restore.md	2021-02-15 15:38:46 +02:00
Turning off services using sc exe.md	Create Turning off services using sc exe.md	2021-02-15 15:37:50 +02:00

Backup deletion.md

Create Backup deletion.md

2021-02-15 15:39:38 +02:00

Check for multiple signs of ransomware activity.md

Create Check for multiple signs of ransomware activity.md

2021-02-15 15:41:30 +02:00

Clearing of forensic evidence from event logs using wevtutil.md

Create Clearing of forensic evidence from event logs using wevtutil.md

2021-02-15 15:36:38 +02:00

DarkSide.md

Update DarkSide.md

2021-06-03 13:46:27 -07:00

Deletion of data on multiple drives using cipher exe.md

Create Deletion of data on multiple drives using cipher exe.md

2021-02-15 15:35:49 +02:00

Discovery for highly-privileged accounts.md

Create Discovery for highly-privileged accounts.md

2021-06-03 13:44:11 -07:00

Distribution from remote location.md

Update Distribution from remote location.md

2021-06-03 13:46:49 -07:00

Fake Replies.md

Create Fake Replies.md

2021-06-03 13:42:00 -07:00

File Backup Deletion Alerts.md

Update File Backup Deletion Alerts.md

2021-06-03 13:47:12 -07:00

Gootkit File Delivery.md

Update Gootkit File Delivery.md

2021-06-03 13:47:29 -07:00

HTA Startup Persistence.md

Create HTA Startup Persistence.md

2021-06-03 13:45:10 -07:00

IcedId Delivery.md

Update IcedId Delivery.md

2022-01-16 17:14:14 +02:00

IcedId attachments.md

Update IcedId attachments.md

2022-01-16 17:15:32 +02:00

IcedId email delivery.md

Create IcedId email delivery.md

2021-06-03 13:35:27 -07:00

LaZagne Credential Theft.md

Update LaZagne Credential Theft.md

2021-06-03 13:48:13 -07:00

Potential ransomware activity related to Cobalt Strike.md

Update Potential ransomware activity related to Cobalt Strike.md

2021-06-03 13:24:07 -07:00

Qakbot discovery activies.md

Create Qakbot discovery activies.md

2021-06-03 13:46:08 -07:00

Sticky Keys.md

Create Sticky Keys.md

2021-06-03 13:40:56 -07:00

Stopping multiple processes using taskkill.md

Create Stopping multiple processes using taskkill.md

2021-02-15 15:13:57 +02:00

Stopping processes using net stop.md

Create Stopping processes using net stop.md

2021-02-15 15:34:39 +02:00

Suspicious Bitlocker Encryption.md

Update Suspicious Bitlocker Encryption.md

2021-06-03 13:48:37 -07:00

Suspicious Google Doc Links.md

Create Suspicious Google Doc Links.md

2021-06-03 13:43:07 -07:00

Suspicious Image Load related to IcedId.md

Create Suspicious Image Load related to IcedId.md

2021-06-03 13:37:45 -07:00

Turning off System Restore.md

Create Turning off System Restore.md

2021-02-15 15:38:46 +02:00

Turning off services using sc exe.md

Create Turning off services using sc exe.md

2021-02-15 15:37:50 +02:00