Skip to content

Hide Navigation Hide TOC

Remote Task Creation via ATSVC Named Pipe (f6de6525-4509-495a-8a82-1f8b0ed73a00)

Detects remote task creation via at.exe or API interacting with ATSVC namedpipe

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Task Creation via ATSVC Named Pipe (f6de6525-4509-495a-8a82-1f8b0ed73a00) Sigma-Rules At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 1
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern At - T1053.002 (f3d95a1f-bba2-44ce-9af7-37866cd63fd0) Attack Pattern 2