Tag
medium
advisory
Suspicious File Creation via OpenEDR ITSMService
3 rules 4 TTPsOpenEDR's ITSMService process, used for remote management, is being abused to create suspicious files on compromised systems, potentially leading to unauthorized file uploads, data staging, or malicious file deployment.
OpenEDR
itsmservice
file-creation
lateral-movement
3r
4t
medium
advisory
OpenEDR ssh-shellhost.exe Spawning Command Shell or PowerShell with PTY
2 rules 3 TTPsOpenEDR's ssh-shellhost.exe spawning a command shell (cmd.exe) or PowerShell with PTY capabilities may indicate remote command execution and potential abuse of OpenEDR's remote management features by threat actors for lateral movement or command-and-control.
OpenEDR
remote-access-tool
lateral-movement
2r
3t