Ngrok Usage with Remote Desktop Service (64d51a51-32a6-49f0-9f3d-17e34d640272)
Detects cases in which ngrok, a reverse proxy tool, forwards events to the local RDP port, which could be a sign of malicious behaviour
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) | Attack Pattern | Ngrok Usage with Remote Desktop Service (64d51a51-32a6-49f0-9f3d-17e34d640272) | Sigma-Rules | 1 |