<<< Hide Navigation Hide TOC >>>
RDP Over Reverse SSH Tunnel (5f699bc5-5446-4a4a-a0b7-5ef2885a3eb4)
Detects svchost hosting RDP termsvcs communicating with the loopback address and on TCP port 3389
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
RDP Over Reverse SSH Tunnel (5f699bc5-5446-4a4a-a0b7-5ef2885a3eb4) | Sigma-Rules | Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) | Attack Pattern | 1 |
RDP Over Reverse SSH Tunnel (5f699bc5-5446-4a4a-a0b7-5ef2885a3eb4) | Sigma-Rules | Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) | Attack Pattern | 1 |
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) | Attack Pattern | Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) | Attack Pattern | 2 |