LetsDefend Monitoring Alert

Powershell Encoded Command Detected

Mar, 26, 2024, 09:24 AM

Event ID: 243

Event Time: Mar, 26, 2024, 09:24 AM

Rule Name: SOC204 - Powershell Encoded Command Detected

Alert Type: Malware

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1071 - Command and Control - Application Layer Protocol,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1140 - Defense Evasion - Deobfuscate/Decode Files or Information,
T1001.002 - Command and Control - Data Obfuscation: Steganography,
T1059.005 - Execution - Command and Scripting Interpreter: Visual Basic,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166