Network Connection Detected from Unauthorized Port

LetsDefend Monitoring Alert

Aug, 02, 2023, 02:11 PM

Event ID: 173

Event Time: Aug, 02, 2023, 02:11 PM

Rule Name: SOC208 - Network Connection Detected from Unauthorized Port

Alert Type: Malware

MITRE Technique:

T1053.005 - Persistence - Scheduled Task,

T1071 - Command and Control - Application Layer Protocol,

T1547 - Persistence - Boot or Logon Autostart Execution,

T1189 - Initial Access - Drive-by Compromise,

T1571 - Command and Control - Non-Standard Port,

T1537 - Privilege Escalation - Boot or Logon Autostart Execution,

Severity: High

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166