Remote Access Tool - AnyDesk Incoming Connection

Rule Info

Name
Remote Access Tool - AnyDesk Incoming Connection
Author
@d4ns4n_ (Wuerth-Phoenix)
Description
Detects incoming connections to AnyDesk. This could indicate a potential remote attacker trying to connect to a listening instance of AnyDesk and use it as potential command and control channel.
Date
2024-09-02 00:00:00
Modified
None
Id
d58ba5c6-0ed7-4b9d-a433-6878379efda9
Tags
attack.persistence attack.command-and-control attack.t1219 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
dan21san
Merge PR #4990 from @dan21san - Add `Remote Access Tool - AnyDesk Incoming Connection`
2024-09-02