Potential OS Discovery via WMIC.exe

LetsDefend Monitoring Alert

May, 29, 2024, 12:32 PM

Event ID: 262

Event Time: May, 29, 2024, 12:32 PM

Rule Name: SOC286 - Potential OS Discovery via WMIC.exe

Alert Type: Unauthorized Access

MITRE Technique:

T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,

T1078 - Initial Access - Valid Accounts,

T1110 - Credential Access - Brute Force,

T1047 - Execution - Windows Management Instrumentation,

T1082 - Discovery - System Information Discovery,

Severity: Medium

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166