Product
high
threat
Trigona Ransomware Employing Custom Data Exfiltration Tool
2 rules 4 TTPs 1 IOCTrigona ransomware is using a custom data exfiltration tool named 'uploader_client.exe' to steal data from compromised environments, enhancing speed and evasion.
Windows +3
Trigona
ransomware
data exfiltration
custom tool
2r
4t
1i
medium
advisory
Multiple Remote Management Tool Vendors on Same Host
2 rulesThis rule identifies Windows hosts where two or more distinct remote monitoring and management (RMM) or remote-access tool vendors are observed starting processes within the same eight-minute window, potentially indicating compromise, shadow IT, or attacker staging of redundant access.
AeroAdmin +60
remote-access-tool
command-and-control
rmm
windows
2r
medium
advisory
Multiple Remote Management Tool Vendors on Same Host
3 rulesThis detection identifies a Windows host where two or more distinct remote monitoring and management (RMM) or remote-access tool vendors are observed starting processes within the same eight-minute window, potentially indicating compromise, shadow IT, or attacker staging of redundant access.
AeroAdmin +55
command-and-control
rmm
windows
threat-detection
3r