Skip to content

Hide Navigation Hide TOC

Potentially Suspicious File Creation by OpenEDR's ITSMService (9e4b7d3a-6f2c-4e9a-8d1b-3c5e7a9f2b4d)

Detects the creation of potentially suspicious files by OpenEDR's ITSMService process. The ITSMService is responsible for remote management operations and can create files on the system through the Process Explorer or file management features. While legitimate for IT operations, creation of executable or script files could indicate unauthorized file uploads, data staging, or malicious file deployment.

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern Potentially Suspicious File Creation by OpenEDR's ITSMService (9e4b7d3a-6f2c-4e9a-8d1b-3c5e7a9f2b4d) Sigma-Rules 1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Potentially Suspicious File Creation by OpenEDR's ITSMService (9e4b7d3a-6f2c-4e9a-8d1b-3c5e7a9f2b4d) Sigma-Rules 1
Potentially Suspicious File Creation by OpenEDR's ITSMService (9e4b7d3a-6f2c-4e9a-8d1b-3c5e7a9f2b4d) Sigma-Rules Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1