Rule Info
Name
Remote Access Tool - AnyDesk Named Pipe Createed
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the creation of the "adprinterpipe" named pipe which is used by AnyDesk during installation.
An adversary may use legitimate desktop support and remote access software, such as Anydesk to establish an interactive command and control channel to target systems within networks.
These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment.
Date
2024-08-06 00:00:00
Modified
None
Id
b0e901fe-4c54-4fbf-b922-62cdec084b02
Tags
attack.privilege-escalation
Type
Nextron Sigma feed only (private)