LoFP / legitimate deployment of anydesk

Techniques

• t1219

Sample rules

Remote Access Tool - AnyDesk Silent Installation

• source: sigma
• technicques:
  • t1219

Description

Detects AnyDesk Remote Desktop silent installation. Which can be used by attackers to gain remote access.

Detection logic

condition: selection
selection:
  CommandLine|contains|all:
  - --install
  - --start-with-win
  - --silent