<<< Hide Navigation Hide TOC >>>

Remote Access Tool - MeshAgent Command Execution via MeshCentral (74a2b202-73e0-4693-9a3a-9d36146d0775)

Detects the use of MeshAgent to execute commands on the target host, particularly when threat actors might abuse it to execute commands directly. MeshAgent can execute commands on the target host by leveraging win-console to obscure their activities and win-dispatcher to run malicious code through IPC with child processes.

Rows: 1

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Sigma-Rules		Clear Attack Pattern	Clear 1
Remote Access Tool - MeshAgent Command Execution via MeshCentral (74a2b202-73e0-4693-9a3a-9d36146d0775)	Sigma-Rules	Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	1