LetsDefend Monitoring Alert

Hack Tool Executed

Nov, 07, 2023, 12:49 PM

Event ID: 198

Event Time: Nov, 07, 2023, 12:49 PM

Rule Name: SOC236 - Hack Tool Executed

Alert Type: Unauthorized Access

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1110 - Credential Access - Brute Force,
T1078 - Persistence - Valid Accounts,
T1133 - Initial Access - External Remote Services,
T1078 - Initial Access - Valid Accounts,
T1649 - Credential Access - Steal or Forge Authentication Certificates,
T1562 - Defense Evasion - Impair Defenses,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166