Skip to content

Hide Navigation Hide TOC

Publicly Accessible RDP Service (1fc0809e-06bf-4de3-ad52-25e5263b7623)

Detects connections from routable IPs to an RDP listener. Which is indicative of a publicly-accessible RDP service.

Cluster A Galaxy A Cluster B Galaxy B Level
Publicly Accessible RDP Service (1fc0809e-06bf-4de3-ad52-25e5263b7623) Sigma-Rules Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 1
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern 2