Skip to content

Hide Navigation Hide TOC

Outbound RDP Connections Over Non-Standard Tools (ed74fe75-7594-4b4b-ae38-e38e3fd2eb23)

Detects Non-Standard tools initiating a connection over port 3389 indicating possible lateral movement. An initial baseline is required before using this utility to exclude third party RDP tooling that you might use.

Cluster A Galaxy A Cluster B Galaxy B Level
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Outbound RDP Connections Over Non-Standard Tools (ed74fe75-7594-4b4b-ae38-e38e3fd2eb23) Sigma-Rules 1
Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2