LetsDefend Monitoring Alert

Powershell Encoded Command Detected

Jun, 07, 2023, 08:20 AM

Event ID: 155

Event Time: Jun, 07, 2023, 08:20 AM

Rule Name: SOC204 - Powershell Encoded Command Detected

Alert Type: Malware

MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1059 - Execution - Command and Scripting Interpreter,
T1547 - Persistence - Boot or Logon Autostart Execution,
T1027 - Defense Evasion - Obfuscated Files or Information,
T1537 - Privilege Escalation - Boot or Logon Autostart Execution,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166