Vendor

Zoho

3 briefs RSS

First Time Seen Remote Monitoring and Management Tool Execution

Detects the execution of previously unseen remote monitoring and management (RMM) tools or remote access software on compromised Windows endpoints, often leveraged for command-and-control, persistence, and execution of malicious commands.

Elastic Defend +101 remote-access rmm command-and-control persistence

3r Jan 24, 2024

medium advisory

Suspicious DNS Queries to RMM Domains from Non-Browser Processes

2 rules

Detection of DNS queries to remote monitoring and management (RMM) domains from non-browser processes indicating potential misuse of legitimate remote access tools for command and control.

Elastic Endpoint +1 command-and-control remote-access windows

2r Jan 3, 2024

critical advisory

ManageEngine Applications Manager Authenticated RCE via File Upload (CVE-2020-14008)

2 rules 3 TTPs 1 CVE

CVE-2020-14008 is an unrestricted file upload vulnerability in Zoho ManageEngine Applications Manager that allows an authenticated attacker to upload a malicious JAR file containing a reverse shell to achieve remote code execution.

ManageEngine Applications Manager rce file upload manageengine

2r 3t 1c Jan 3, 2024