Vendor
medium
advisory
First Time Seen Remote Monitoring and Management Tool Execution
3 rulesDetects the execution of previously unseen remote monitoring and management (RMM) tools or remote access software on compromised Windows endpoints, often leveraged for command-and-control, persistence, and execution of malicious commands.
Elastic Defend +101
remote-access
rmm
command-and-control
persistence
3r
medium
advisory
LSASS Loading Suspicious DLL
2 rules 2 TTPs 9 IOCsDetection of LSASS loading an unsigned or untrusted DLL, which can indicate credential access attempts by malicious actors targeting sensitive information stored in the LSASS process.
Windows
credential-access
lsass
dll-injection
2r
2t
9i