Managed Sentinel – Alert 144

Alert IDMS-A144
Alert NameMalware detected in the local recycle bin
DescriptionIdentifies malware that has been hidden in the recycle bin.
References: https://azure.microsoft.com/en-us/blog/how-azure-security-center-helps-reveal-a-cyberattack/.
Severity LevelMedium
Threat IndicatorCompromised host
MITRE ATT&CK TacticsDefense Evasion
Log sourcesWindows
False Positives
Recommendations1. Run a full EDR scan on the affected host
2. Empty recycle bin content
3. Perform an investigation in Azure Sentinel for the impacted host to understand any related traffic going outboard from the machine inside your corporate network (lateral movement)