anydesk_usage

Explanation

The anydesk_usage NDM is designed to detect any usage of the AnyDesk software within the network. AnyDesk is a remote desktop application that can be used to gain unauthorized access to systems, steal data or conduct other illicit activities. The NDM is triggered whenever there is a connection attempt or data transfer over the AnyDesk protocol.

What to Look For

If the anydesk_usage NDM is triggered, you should examine the results to identify the source and destination of the AnyDesk connection attempt or data transfer. Additionally, you should check the endpoint for any signs of malicious activity, such as unauthorized access or data theft. This NDM is designed to help you identify and remediate potential security threats arising from the use of AnyDesk on your network.

Related MITRE ATT&CK Categories

Remote Services, Technique T1021 - Enterprise

Exfiltration Over C2 Channel, Technique T1041 - Enterprise