Hash of known malware detected

Classification:

attack

Tactic:

TA0002-execution

Technique:

T1059-command-and-scripting-interpreter

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

What happened

The file {{ @file.path }} was identified as malware based on its hash.

Goal

Detect malicious files observed in threat intelligence feeds.

Strategy

Hashes are collected and compared to a database of known malicious files. In some cases fuzzy hashing is used to match files similar to known malware.

For more details see our blog post.

Triage & Response

  1. Verify the file {{ @file.path }} is unexpected and does not have a business purpose.
  2. Pause or isolate the affected container.
  3. Review related signals and relevant logs to identify additional malicious activity.
  4. Follow your organization’s internal processes for investigating and remediating compromised systems.

Requires Agent version 7.49 or later