LetsDefend Monitoring Alert
PsExec Service Execution Alert
Apr, 10, 2023, 02:34 PM
Event ID: 135
Event Time: Apr, 10, 2023, 02:34 PM
Rule Name: SOC185 - PsExec Service Execution Alert
Alert Type: LOLBin
MITRE Technique:
T1543.002 - Privilege Escalation - Create or Modify System Process: Systemd Service,
T1078 - Initial Access - Valid Accounts,
T1087 - Discovery - Account Discovery,
T1569 - Execution - System Services,
T1078 - Defense Evasion - Valid Accounts,
T1136 - Persistence - Create Account,
Severity: High
Incident Responder