Techniques
Sample rules
Remote Access Tool - AnyDesk Incoming Connection
- source: sigma
- technicques:
- t1219
Description
Detects incoming connections to AnyDesk. This could indicate a potential remote attacker trying to connect to a listening instance of AnyDesk and use it as potential command and control channel.
Detection logic
condition: selection
selection:
Image|endswith: \AnyDesk.exe
Initiated: 'false'