Event ID 9007003 — AMSI script content captured
Description
AMSI script content captured — Defender-only; no Windows-native equivalent.
Fields #
| Name | Description |
|---|---|
DeviceId | — |
Timestamp | — |
AdditionalFields | — |
Detection Rules #
View all rules referencing this event →
Kusto Query Language # view in reference
- Deimos Component Execution source high: Jupyter, otherwise known as SolarMarker, is a malware family and cluster of components known for its info-stealing and backdoor capabilities that mainly proliferates through search engine optimization manipulation and malicious advertising in order to successfully encourage users to download malicious templates and documents. This malware has been popular since 2020 and currently is still active as of 2021.
References #
- Microsoft Defender XDR — advanced hunting reference https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-deviceevents-table