LetsDefend Monitoring Alert
Suspicious WMI Activity Detected
Apr, 06, 2023, 09:50 AM
Event ID: 133
Event Time: Apr, 06, 2023, 09:50 AM
Rule Name: SOC183 - Suspicious WMI Activity Detected
Alert Type: Malware
MITRE Technique:
T1047 - Execution - Windows Management Instrumentation,
T1189 - Initial Access - Drive-by Compromise,
Severity: High
Incident Responder