Product

ScreenConnect

4 briefs RSS

Suspicious ScreenConnect Client Child Process Activity

This rule identifies suspicious child processes spawned by ScreenConnect client processes, potentially indicating unauthorized access and command execution abusing ScreenConnect remote access software to perform malicious activities such as data exfiltration or establishing persistence.

Elastic Defend +3 command-and-control defense-evasion execution persistence screenconnect

2r 11t 2c May 16, 2024

critical advisory

ConnectWise ScreenConnect Path Traversal Vulnerability (CVE-2024-1708)

2 rules 1 TTP 1 CVE

CVE-2024-1708 is a path traversal vulnerability in ConnectWise ScreenConnect that could allow an attacker to execute remote code or directly impact confidential data and critical systems.

ScreenConnect path-traversal remote-code-execution cve-2024-1708 connectwise

2r 1t 1c Apr 29, 2024

medium advisory

Multiple Remote Management Tool Vendors on Same Host

2 rules

This rule identifies Windows hosts where two or more distinct remote monitoring and management (RMM) or remote-access tool vendors are observed starting processes within the same eight-minute window, potentially indicating compromise, shadow IT, or attacker staging of redundant access.

AeroAdmin +60 remote-access-tool command-and-control rmm windows

2r Jan 3, 2024

medium advisory

Multiple Remote Management Tool Vendors on Same Host

3 rules

This detection identifies a Windows host where two or more distinct remote monitoring and management (RMM) or remote-access tool vendors are observed starting processes within the same eight-minute window, potentially indicating compromise, shadow IT, or attacker staging of redundant access.

AeroAdmin +55 command-and-control rmm windows threat-detection

3r Jan 2, 2024