LetsDefend Monitoring Alert
Unusual Network Connection Discovery Detected
May, 29, 2024, 09:53 AM
Event ID: 261
Event Time: May, 29, 2024, 09:53 AM
Rule Name: SOC285 - Unusual Network Connection Discovery Detected
Alert Type: Malware
MITRE Technique:
T1204 - Execution - User Execution,
T1057 - Discovery - Process Discovery,
T1047 - Execution - Windows Management Instrumentation,
T1547 - Persistence - Boot or Logon Autostart Execution,
T1113 - Collection - Screen Capture,
T1566.002 - Initial Access - Phishing: Spearphishing Link,
T1016 - Discovery - System Network Configuration Discovery,
T1082 - Discovery - System Information Discovery,
T1562 - Defense Evasion - Impair Defenses,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1049 - Discovery - System Network Connections Discovery,
Severity: Medium
Incident Responder