Possible C2 Connection Detected from Non-Standard Port

LetsDefend Monitoring Alert

Oct, 12, 2023, 01:37 PM

Event ID: 191

Event Time: Oct, 12, 2023, 01:37 PM

Rule Name: SOC229 - Possible C2 Connection Detected from Non-Standard Port

Alert Type: C2

MITRE Technique:

T1053.005 - Persistence - Scheduled Task,

T1566 - Initial Access - Phishing,

T1059 - Execution - Command and Scripting Interpreter,

T1105 - Command and Control - Ingress Tool Transfer,

T1204.002 - Execution - User Execution: Malicious File,

T1566.001 - Initial Access - Phishing: Spearphishing Attachment,

T1571 - Command and Control - Non-Standard Port,

T1104 - Command and Control - Multi-Stage Channels,

Severity: Medium

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166