Skip to content

Hide Navigation Hide TOC

Remote Access Tool - ScreenConnect Potential Suspicious Remote Command Execution (7b582f1a-b318-4c6a-bf4e-66fe49bf55a5)

Detects potentially suspicious child processes launched via the ScreenConnect client service.

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Access Tool - ScreenConnect Potential Suspicious Remote Command Execution (7b582f1a-b318-4c6a-bf4e-66fe49bf55a5) Sigma-Rules Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 1