LetsDefend Monitoring Alert

Unauthorized Proxy Modification Attempt

Nov, 10, 2023, 09:30 AM

Event ID: 199

Event Time: Nov, 10, 2023, 09:30 AM

Rule Name: SOC237 - Unauthorized Proxy Modification Attempt

Alert Type: C2

MITRE Technique:
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1078 - Initial Access - Valid Accounts,
T1136 - Persistence - Create Account,
T1090 - Command and Control - Proxy,
T1059.004 - Execution - Command and Scripting Interpreter: Unix Shell,
T1222.002 - Defense Evasion - File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modificati,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166