Skip to content

Hide Navigation Hide TOC

Remote Access Tool - Potential MeshAgent Execution - MacOS (22c45af6-f590-4d44-bab3-b5b2d2a2b6d9)

Detects potential execution of MeshAgent which is a tool used for remote access. Historical data shows that threat actors rename MeshAgent binary to evade detection. Matching command lines with the '--meshServiceName' argument can indicate that the MeshAgent is being used for remote access.

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern Remote Access Tool - Potential MeshAgent Execution - MacOS (22c45af6-f590-4d44-bab3-b5b2d2a2b6d9) Sigma-Rules 1
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 2