Skip to content

Hide Navigation Hide TOC

New PDQDeploy Service - Server Side (ee9ca27c-9bd7-4cee-9b01-6e906be7cae3)

Detects a PDQDeploy service installation which indicates that PDQDeploy was installed on the machines. PDQDeploy can be abused by attackers to remotely install packages or execute commands on target machines

Cluster A Galaxy A Cluster B Galaxy B Level
New PDQDeploy Service - Server Side (ee9ca27c-9bd7-4cee-9b01-6e906be7cae3) Sigma-Rules Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2