LetsDefend Monitoring Alert

Windows Defender Evasion Attempt

Sep, 12, 2024, 07:09 AM

Event ID: 299

Event Time: Sep, 12, 2024, 07:09 AM

Rule Name: SOC321 - Windows Defender Evasion Attempt

Alert Type: Malware

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1078 - Initial Access - Valid Accounts,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1211 - Defense Evasion - Exploitation for Defense Evasion,

Real World Example:https://www.exploit-db.com/exploits/51802

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166