Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Medium |
Description
A Microsoft Office process created a scheduled task via file access. Attackers may create scheduled tasks for execution and to establish persistence.
Attacker's Goals
An attacker may gain persistence and execute malicious tools via scheduled tasks.
Investigative actions
Check the created task file and look for the action triggered by the task.