![]() ![]() Remote Access Tool - AnyDesk Silent Installation.Remote Access Tool - AnyDesk Piped Password Via CLI. ![]() Remote Access Tool - Anydesk Execution From Suspicious Folder.(Citation: Symantec Living off the Land) 8 references : 9 - 10 author : frack113 11 date : 2022 /09/25 12 tags : 13 - mand_and_control 14 - attack.t1219 15 logsource : 16 category : process_creation 17 product : windows 18 detection : 19 selection : 20 - Product : UltraViewer 21 - Company : DucFabulous Co,ltd 22 - OriginalFileName : UltraViewer_Desktop.exe 23 condition : selection 24 falsepositives : 25 - Legitimate use 26 level : medium Related rules 1 title : Use of UltraViewer Remote Access Software 2 id : 88656cec-6c3b-487c-82c0-f73ebb805503 3 status : experimental 4 description : | 5 An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks.Ħ These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment.ħ Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
0 Comments
Leave a Reply. |