LetsDefend Monitoring Alert

Suspicious Powershell Script Executed

Jan, 11, 2024, 07:33 AM

Event ID: 218

Event Time: Jan, 11, 2024, 07:33 AM

Rule Name: SOC153 - Suspicious Powershell Script Executed

Alert Type: Malware

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1204 - Execution - User Execution,
T1571 - Command and Control - Non-Standard Port,
T1566.002 - Initial Access - Phishing: Spearphishing Link,
T1106 - Execution - Native API,
T1003.001 - Credential Access - OS Credential Dumping: LSASS Memory,
T1134.004 - Privilege Escalation - Access Token Manipulation: Parent PID Spoofing,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166