Potentially Malicious Process Started from Shortcut

LetsDefend Monitoring Alert

Dec, 04, 2023, 12:22 PM

Event ID: 206

Event Time: Dec, 04, 2023, 12:22 PM

Rule Name: SOC244 - Potentially Malicious Process Started from Shortcut

Alert Type: Malware

MITRE Technique:

T1071 - Command and Control - Application Layer Protocol,

T1204.002 - Execution - User Execution: Malicious File,

T1566.001 - Initial Access - Phishing: Spearphishing Attachment,

T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,

T1129 - Execution - Shared Modules,

T1106 - Execution - Native API,

T1562.001 - Defense Evasion - Impair Defenses: Disable or Modify Tools,

Severity: Medium

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166