LetsDefend Monitoring Alert

Possible Creation or Modification of /rc.local was Detected

Nov, 02, 2023, 09:11 AM

Event ID: 196

Event Time: Nov, 02, 2023, 09:11 AM

Rule Name: SOC234 - Possible Creation or Modification of /rc.local was Detected

Alert Type: Persistence

MITRE Technique:
T1571 - Command and Control - Non-Standard Port,
T1566.002 - Initial Access - Phishing: Spearphishing Link,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1037.004 - Persistence - Boot or Logon Initialization Scripts,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166