Managed Sentinel – Alert 144
| Alert ID | MS-A144 |
| Alert Name | Malware detected in the local recycle bin |
| Description | Identifies malware that has been hidden in the recycle bin. References: https://azure.microsoft.com/en-us/blog/how-azure-security-center-helps-reveal-a-cyberattack/. |
| Severity Level | Medium |
| Threat Indicator | Compromised host |
| MITRE ATT&CK Tactics | Defense Evasion |
| Log sources | Windows |
| False Positives | |
| Recommendations | 1. Run a full EDR scan on the affected host 2. Empty recycle bin content 3. Perform an investigation in Azure Sentinel for the impacted host to understand any related traffic going outboard from the machine inside your corporate network (lateral movement) |