Skip to content

Hide Navigation Hide TOC

Suspicious Mstsc.EXE Execution With Local RDP File (6e22722b-dfb1-4508-a911-49ac840b40f8)

Detects potential RDP connection via Mstsc using a local ".rdp" file located in suspicious locations.

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern Suspicious Mstsc.EXE Execution With Local RDP File (6e22722b-dfb1-4508-a911-49ac840b40f8) Sigma-Rules 1
Remote Desktop Software - T1219.002 (d4287702-e2f7-4946-bdfa-2c7f5aaa5032) Attack Pattern Remote Access Tools - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern 2