Thousands of outgoing RDP sessions
Anyone know what would cause this in the logs? I suspect it's malware polling all of the nodes on the network but not sure of the method being used.
Posted : 05/12/2021 12:24 am
Sounds like malware. Would suggest looking at persistence mechanisms, running through malicious program execution and seeing what might be causing it.
Posted : 05/12/2021 8:03 am
What is the event ID ect.
Is it every minute/day/ect
Are they duplicate logs coming from different location?
Posted : 07/12/2021 3:25 am