LetsDefend Monitoring Alert

Malicious Macro has been executed

Feb, 28, 2024, 08:42 AM

Event ID: 231

Event Time: Feb, 28, 2024, 08:42 AM

Rule Name: SOC205 - Malicious Macro has been executed

Alert Type: Malware

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1071 - Command and Control - Application Layer Protocol,
T1105 - Command and Control - Ingress Tool Transfer,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1571 - Command and Control - Non-Standard Port,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,

Severity: Medium

Security Analyst

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166