Potential Remote Desktop Tunneling (8a3038e8-9c9d-46f8-b184-66234a160f6f)
Detects potential use of an SSH utility to establish RDP over a reverse SSH Tunnel. This can be used by attackers to enable routing of network packets that would otherwise not reach their intended destination.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Potential Remote Desktop Tunneling (8a3038e8-9c9d-46f8-b184-66234a160f6f) | Sigma-Rules | Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) | Attack Pattern | 1 |