phantinuss
25 lines
814 B
YAML
25 lines
814 B
YAML
title: Use of UltraVNC Remote Access Software
|
|
id: 145322e4-0fd3-486b-81ca-9addc75736d8
|
|
status: test
|
|
description: An adversary may use legitimate desktop support and remote access software,to establish an interactive command and control channel to target systems within networks
|
|
references:
|
|
- https://github.com/redcanaryco/atomic-red-team/blob/9e5b12c4912c07562aec7500447b11fa3e17e254/atomics/T1219/T1219.md
|
|
author: frack113
|
|
date: 2022-10-02
|
|
tags:
|
|
- attack.command-and-control
|
|
- attack.t1219.002
|
|
logsource:
|
|
category: process_creation
|
|
product: windows
|
|
detection:
|
|
selection:
|
|
- Description: VNCViewer
|
|
- Product: UltraVNC VNCViewer
|
|
- Company: UltraVNC
|
|
- OriginalFileName: VNCViewer.exe
|
|
condition: selection
|
|
falsepositives:
|
|
- Legitimate use
|
|
level: medium
|