LetsDefend Monitoring Alert
Qakbot Data Theft
Jul, 14, 2023, 08:32 AM
Event ID: 166
Event Time: Jul, 14, 2023, 08:32 AM
Rule Name: SOC214 - Qakbot Data Theft
Alert Type: Data Leakage
MITRE Technique:
T1598.002 - Reconnaissance - Spearphishing Attachment,
T1566 - Initial Access - Phishing,
T1059 - Execution - Command and Scripting Interpreter,
T1204 - Execution - User Execution,
T1204.002 - Execution - User Execution: Malicious File,
T1005 - Collection - Data from Local System,
T1217 - Discovery - Browser Information Discovery,
T1489 - Impact - Service Stop,
Severity: Critical
Incident Responder