LetsDefend Monitoring Alert

Obfuscated Data Exfiltration Attempt Detected

Nov, 23, 2023, 01:16 PM

Event ID: 203

Event Time: Nov, 23, 2023, 01:16 PM

Rule Name: SOC241 - Obfuscated Data Exfiltration Attempt Detected

Alert Type: C2

MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1041 - Exfiltration - Exfiltration Over C2 Channel,
T1133 - Initial Access - External Remote Services,
T1001 - Command and Control - Data Obfuscation,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166