Level.io

The creation of the 'Level Watchdog' task, indicative of the Level remote management tool installation, is detected, highlighting the potential abuse of legitimate RMM tools for persistence and execution by threat actors on Windows systems.

This brief details the detection of the Level remote management tool PowerShell installer on Windows endpoints, which can be exploited by threat actors for malicious purposes to maintain persistence and execute commands, although it's a legitimate IT tool.