Product
medium
advisory
Suspicious DNS Queries to Remote Monitoring and Management Domains from Non-Browser Processes
1 rule 193 IOCsThis brief details the detection of DNS queries targeting commonly abused Remote Monitoring and Management (RMM) or remote access software domains, originating from non-browser processes, which is a common tactic for command and control, persistence, and lateral movement by threat actors.
01com +151
windows
command-and-control
endpoint
rmm
remote-access
1r
193i
medium
advisory
First Time Seen Remote Monitoring and Management Tool Detection
1 rule 3 TTPs 5 IOCsAdversaries are leveraging legitimate Remote Monitoring and Management (RMM) and remote access tools on Windows endpoints for command-and-control, persistence, and execution, with detection focusing on the first observed instance of these tools on a host.
AA +132
command-and-control
persistence
execution
rmm
remote-access
windows
1r
3t
5i