LetsDefend Monitoring Alert

System Service Discovery Detected

May, 06, 2024, 06:16 AM

Event ID: 254

Event Time: May, 06, 2024, 06:16 AM

Rule Name: SOC278 - System Service Discovery Detected

Alert Type: C2

MITRE Technique:
T1041 - Exfiltration - Exfiltration Over C2 Channel,
T1105 - Command and Control - Ingress Tool Transfer,
T1087 - Discovery - Account Discovery,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1005 - Collection - Data from Local System,
T1082 - Discovery - System Information Discovery,
T1485 - Impact - Data Destruction,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1007 - Discovery - System Service Discovery,
T1049 - Discovery - System Network Connections Discovery,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166