← Back to Explore
sigmamediumHunting
PUA - Radmin Viewer Utility Execution
Detects the execution of Radmin which can be abused by an adversary to remotely control Windows machines
Detection Query
selection:
- Description: Radmin Viewer
- Product: Radmin Viewer
- OriginalFileName: Radmin.exe
condition: selection
Author
frack113
Created
2022-01-22
Data Sources
windowsProcess Creation Events
Platforms
windows
References
Tags
attack.executionattack.lateral-movementattack.t1072
Raw Content
title: PUA - Radmin Viewer Utility Execution
id: 5817e76f-4804-41e6-8f1d-5fa0b3ecae2d
status: test
description: Detects the execution of Radmin which can be abused by an adversary to remotely control Windows machines
references:
- https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1072/T1072.md
- https://www.radmin.fr/
author: frack113
date: 2022-01-22
modified: 2023-12-11
tags:
- attack.execution
- attack.lateral-movement
- attack.t1072
logsource:
category: process_creation
product: windows
detection:
selection:
- Description: 'Radmin Viewer'
- Product: 'Radmin Viewer'
- OriginalFileName: 'Radmin.exe'
condition: selection
falsepositives:
- Unknown
level: medium