LetsDefend Monitoring Alert
Powershell Encoded Command Detected
Jun, 07, 2023, 08:20 AM
Event ID: 155
Event Time: Jun, 07, 2023, 08:20 AM
Rule Name: SOC204 - Powershell Encoded Command Detected
Alert Type: Malware
MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1059 - Execution - Command and Scripting Interpreter,
T1547 - Persistence - Boot or Logon Autostart Execution,
T1027 - Defense Evasion - Obfuscated Files or Information,
T1537 - Privilege Escalation - Boot or Logon Autostart Execution,
Severity: High
Incident Responder