Skip to content

Commit

Permalink
Merge PR #5110 from @Neo23x0 - Update `Remote Access Tool Services Ha…
Browse files Browse the repository at this point in the history 
…ve Been Installed - Security`

update: Remote Access Tool Services Have Been Installed - Security - Add anydesk
  • Loading branch information
@Neo23x0
Neo23x0 authored Dec 7, 2024
1 parent 58017b6 commit ee821b8
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion rules/windows/builtin/security/win_security_service_install_remote_access_software.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ references:
- https://redcanary.com/blog/misbehaving-rats/
author: Connor Martin, Nasreddine Bencherchali (Nextron Systems)
date: 2022-12-23
modified: 2023-11-15
modified: 2024-12-07
tags:
- attack.persistence
- attack.t1543.003
Expand All @@ -24,6 +24,7 @@ detection:
ServiceName|contains:
# Based on https://github.com/SigmaHQ/sigma/pull/2841
- 'AmmyyAdmin' # https://www.ammyy.com/en/
- 'AnyDesk' # https://usersince99.medium.com/windows-privilege-escalation-8214ceaf4db8
- 'Atera'
- 'BASupportExpressSrvcUpdater' # https://www.systemlookup.com/O23/6837-BASupSrvcUpdater_exe.html
- 'BASupportExpressStandaloneService' # https://www.systemlookup.com/O23/6839-BASupSrvc_exe.html
Expand Down

0 comments on commit ee821b8

Please sign in to comment.