Suspicious Mstsc.EXE Execution With Local RDP File (6e22722b-dfb1-4508-a911-49ac840b40f8)
Detects potential RDP connection via Mstsc using a local ".rdp" file located in suspicious locations.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Mstsc.EXE Execution With Local RDP File (6e22722b-dfb1-4508-a911-49ac840b40f8) | Sigma-Rules | Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) | Attack Pattern | 1 |