Skip to content

Hide Navigation Hide TOC

Remote Task Creation via ATSVC Named Pipe - Zeek (dde85b37-40cd-4a94-b00c-0b8794f956b5)

Detects remote task creation via at.exe or API interacting with ATSVC namedpipe

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Task Creation via ATSVC Named Pipe - Zeek (dde85b37-40cd-4a94-b00c-0b8794f956b5) Sigma-Rules At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 1
At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2