Tag
high
advisory
Detecting Windows Remote Image Loading for Malicious Activities
2 rules 5 TTPsThis analytic detects instances where a process loads a file from a remote share path, potentially indicating execution, defense evasion, or lateral movement by attackers loading code from attacker-controlled infrastructure.
Windows +3
remote-image-load
defense-evasion
lateral-movement
sysmon
2r
5t
medium
advisory
Detection of Windows RMM Tool Execution
3 rules 1 TTPDetects process creation events indicative of remote management tools, potentially signifying legitimate use or malicious exploitation by threat actors abusing RMM software.
AnyDesk +28
rmm
remote-access
sysmon
3r
1t