Product

Splashtop

4 briefs RSS

Tiflux RMM Abused in Malspam Campaign

A malspam campaign is leveraging the Tiflux RMM to gain remote access and persistence on victim machines, abusing legitimate remote management software for stealthy access and persistence.

Tiflux +3 remote-access rmm malspam persistence

2r 1t 2i May 14, 2026

medium advisory

Multiple Remote Management Tool Vendors on Same Host

2 rules

This rule identifies Windows hosts where two or more distinct remote monitoring and management (RMM) or remote-access tool vendors are observed starting processes within the same eight-minute window, potentially indicating compromise, shadow IT, or attacker staging of redundant access.

AeroAdmin +60 remote-access-tool command-and-control rmm windows

2r Jan 3, 2024

medium advisory

Detection of Windows RMM Tool Execution

3 rules 1 TTP

Detects process creation events indicative of remote management tools, potentially signifying legitimate use or malicious exploitation by threat actors abusing RMM software.

AnyDesk +28 rmm remote-access sysmon

3r 1t Jan 3, 2024

medium advisory

Multiple Remote Management Tool Vendors on Same Host

3 rules

This detection identifies a Windows host where two or more distinct remote monitoring and management (RMM) or remote-access tool vendors are observed starting processes within the same eight-minute window, potentially indicating compromise, shadow IT, or attacker staging of redundant access.

AeroAdmin +55 command-and-control rmm windows threat-detection

3r Jan 2, 2024