all InfoSec news
SOC134 EventID:81 — Suspicious WMI Activity — letsdefend.io
Aug. 29, 2023, 6:42 p.m. | Enes Adışen
System Weakness - Medium systemweakness.com
SOC134 EventID:81 — Suspicious WMI Activity — letsdefend.io
In this article we continue where we left off with letsdefend.io alert solutions, with SOC134 EventID:81 — Suspicious WMI Activity.
Let’s take a look at the alert first.
EventID :81
Event Time :Mar, 15, 2021, 10:57 PM
Rule :SOC134 - Suspicious WMI Activity
Level :Security Analyst
Source Address :172.16.20.3
Source Hostname :Exchange Server
File Name :lunch.exe
File Hash :f2b7074e1543720a9a98fda660e02688
File Size :6.66 Mb
Device Action :Cleaned
The alert suggests a potential security …
address alert article blue team continue cybersecurity exchange letsdefendio malware analysis security soc solutions wmi
More from systemweakness.com / System Weakness - Medium
Analyzing WSH RAT
1 day, 15 hours ago |
systemweakness.com
The Essential Cybersecurity Mindset
1 day, 15 hours ago |
systemweakness.com
Secure Architecture: Infrastructure Controls
1 day, 15 hours ago |
systemweakness.com
Data Breaching in Secure Companies
1 day, 15 hours ago |
systemweakness.com
How Prompt Injection Can Steal Your Data
3 days, 19 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC