LetsDefend Monitoring Alert

Suspicious MSI Installation

Jul, 25, 2023, 08:19 AM

Event ID: 170

Event Time: Jul, 25, 2023, 08:19 AM

Rule Name: SOC216 - Suspicious MSI Installation

Alert Type: Data Leakage

MITRE Technique:
T1566 - Initial Access - Phishing,
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1059 - Execution - Command and Scripting Interpreter,
T1204 - Execution - User Execution,
T1204.002 - Execution - User Execution: Malicious File,
T1113 - Collection - Screen Capture,
T1564 - Defense Evasion - Hide Artifacts,
T1564.001 - Defense Evasion - Hidden Files and Directories,

Severity: Medium

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166