LetsDefend Monitoring Alert

Scheduled Task Created

Mar, 12, 2024, 06:13 AM

Event ID: 236

Event Time: Mar, 12, 2024, 06:13 AM

Rule Name: SOC124 - Scheduled Task Created

Alert Type: Persistence

MITRE Technique:
T1053.005 - Persistence - Scheduled Task,
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1197 - Persistence - BITS Job,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1571 - Command and Control - Non-Standard Port,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1559.001 - Execution - Inter-Process Communication: Component Object Model,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166