Skip to content

Hide Navigation Hide TOC

New PDQDeploy Service - Client Side (b98a10af-1e1e-44a7-bab2-4cc026917648)

Detects PDQDeploy service installation on the target system. When a package is deployed via PDQDeploy it installs a remote service on the target machine with the name "PDQDeployRunner-X" where "X" is an integer starting from 1

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern New PDQDeploy Service - Client Side (b98a10af-1e1e-44a7-bab2-4cc026917648) Sigma-Rules 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2