LetsDefend Monitoring Alert
Suspicious WAR File
Sep, 04, 2021, 03:07 PM
Event ID: 107
Event Time: Sep, 04, 2021, 03:07 PM
Rule Name: SOC157 - Suspicious WAR File
Alert Type: Malware
MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1059 - Execution - Command and Scripting Interpreter,
T1204 - Execution - User Execution,
T1608 - Resource Development - Stage Capabilities,
T1021 - Lateral Movement - Remote Services,
T1110 - Credential Access - Brute Force,
T1003 - Credential Access - OS Credential Dumping,
Severity: High
Incident Responder