Intel Name: Remote access tool – meshagent command execution via meshcentral
Date of Scan: September 23, 2024
Impact: Medium
Summary: Identifies the use of MeshAgent for executing commands on the target host, especially when threat actors exploit it for direct command execution. MeshAgent can leverage win-console to conceal their actions and use win-dispatcher to run malicious code via IPC with child processes.