PDQ Deploy Remote Adminstartion Tool Execution

Aug 12, 2024 · attack.execution attack.lateral-movement attack.t1072 ·

Detect use of PDQ Deploy remote admin tool

Sigma rule (View on GitHub)

 1title: PDQ Deploy Remote Adminstartion Tool Execution
 2id: d679950c-abb7-43a6-80fb-2a480c4fc450
 3related:
 4    - id: 12b8e9f5-96b2-41e1-9a42-8c6779a5c184
 5      type: similar
 6status: test
 7description: Detect use of PDQ Deploy remote admin tool
 8references:
 9    - https://github.com/redcanaryco/atomic-red-team/blob/9e5b12c4912c07562aec7500447b11fa3e17e254/atomics/T1072/T1072.md
10    - https://www.pdq.com/pdq-deploy/
11author: frack113
12date: 2022-10-01
13modified: 2023-01-30
14tags:
15    - attack.execution
16    - attack.lateral-movement
17    - attack.t1072
18logsource:
19    category: process_creation
20    product: windows
21detection:
22    selection:
23        - Description: PDQ Deploy Console
24        - Product: PDQ Deploy
25        - Company: PDQ.com
26        - OriginalFileName: PDQDeployConsole.exe
27    condition: selection
28falsepositives:
29    - Legitimate use
30level: medium

References

atomic-red-team/atomics/T1072/T1072.md at 9e5b12c4912c07562aec7500447b11fa3e17e254 · redcanaryco/atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK. - redcanaryco/atomic-red-team

Read More
PDQ Deploy | PDQ

Ready to save time & automate your deployments? Learn how you can update software, deploy custom scripts, & make configuration changes in minutes with PDQ Deploy.

Read More

PDQ Deploy Remote Adminstartion Tool Execution

Sigma rule (View on GitHub)

References

atomic-red-team/atomics/T1072/T1072.md at 9e5b12c4912c07562aec7500447b11fa3e17e254 · redcanaryco/atomic-red-team

PDQ Deploy | PDQ

Related rules