| ID | Name |
|---|---|
| ATAGS-T1194.001 | IDE Tunneling |
| ATAGS-T1194.002 | Remote Desktop Software |
| ATAGS-T1194.003 | Remote Access Hardware |
Threat Actors may use legitimate desktop support software to establish an interactive command and control channel to target systems within networks. Desktop support software provides a graphical interface for remotely controlling another computer, transmitting the display output, keyboard input, and mouse control between devices using various protocols. Desktop support software, such as VNC, Team Viewer, AnyDesk, ScreenConnect, LogMein, AmmyyAdmin, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.