Suspicious RDP Redirect Using TSCON (f72aa3e8-49f9-4c7d-bd74-f8ab84ff9bbb)

Detects a suspicious RDP session redirect using tscon.exe

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	Suspicious RDP Redirect Using TSCON (f72aa3e8-49f9-4c7d-bd74-f8ab84ff9bbb)	Sigma-Rules	1
Suspicious RDP Redirect Using TSCON (f72aa3e8-49f9-4c7d-bd74-f8ab84ff9bbb)	Sigma-Rules	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	1
RDP Hijacking - T1563.002 (e0033c16-a07e-48aa-8204-7c3ca669998c)	Attack Pattern	Remote Service Session Hijacking - T1563 (5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5)	Attack Pattern	2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	Remote Desktop Protocol - T1021.001 (eb062747-2193-45de-8fa2-e62549c37ddf)	Attack Pattern	2