LetsDefend Monitoring Alert

Possible ICMP Tunneling Detected

Jan, 23, 2024, 10:15 AM

Event ID: 221

Event Time: Jan, 23, 2024, 10:15 AM

Rule Name: SOC223 - Possible ICMP Tunneling Detected

Alert Type: C2

MITRE Technique:
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1078 - Initial Access - Valid Accounts,
T1552.001 - Credential Access - Unsecured Credentials: Credentials In Files,
T1027 - Defense Evasion - Obfuscated Files or Information,
T1005 - Collection - Data from Local System,
T1595 - Reconnaissance - Active Scanning,
T1572 - Command and Control - Protocol Tunneling,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1048 - Exfiltration - Exfiltration Over Alternative Protocol,

Severity: High

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166