Skip to content
/ MicrosoftDefender-Kaseya_IOCs Public

Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

McL0vinn/MicrosoftDefender-Kaseya_IOCs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

KQL_query

KQL_query

 
 

README.md

README.md

 
 

Repository files navigation

Kaseya_IOC

Simple KQL query that can be run either in MD for Endpoint (Threat hunting or custom indicator) or in Azure Sentinel (Threat hunting or analytics rule) It's looking for 4 known IOCs related to the Kaseya attack Its the SHA256 hashes of the below files

agent.crt - 2093c195b6c1fd6ab9e1110c13096c5fe130b75a84a27748007ae52d9e951643

agent.exe - d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e

mpsvc.dll - e2a24ab94f865caeacdf2c3ad015f31f23008ac6db8312c2cbfb32e4a5466ea2

mpsvc.dll - 8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd

https://www.bleepingcomputer.com/news/security/kaseya-roughly-1-500-businesses-hit-by-revil-ransomware-attack/

About

Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack

Topics

azure ransomware threat-hunting kaseya kusto kql azure-sentinel microsoft-defender microsoft-defender-for-endopoint

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published