Hash of known malware detected

Classification:

attack

Goal

Detect malicious files observed in threat intelligence feeds.

Strategy

Hashes are collected and compared to a database of known malicious files.

Triage & Response

  1. Verify the file {{ @file.path }} is unexpected and does not have a business purpose.
  2. Pause or isolate the affected container.
  3. Review related signals and relevant logs to identify additional malicious activity.
  4. Follow your organization’s internal processes for investigating and remediating compromised systems.

Requires Agent version 7.49 or later