Thousands of outgoing RDP sessions

General Discussion

Last Post by Deltron 2 years ago

3 Posts

3 Users

0 Likes

804 Views

RSS

slimbalato

(@slimbalato)

Posts: 4

New Member

Topic starter

Anyone know what would cause this in the logs? I suspect it's malware polling all of the nodes on the network but not sure of the method being used.

Posted : 05/12/2021 12:24 am

Topic Tags

randomaccess

(@randomaccess)

Posts: 385

Reputable Member

Sounds like malware. Would suggest looking at persistence mechanisms, running through malicious program execution and seeing what might be causing it.

Posted : 05/12/2021 8:03 am

Deltron

(@deltron)

Posts: 125

Estimable Member

What is the event ID ect.

Is it every minute/day/ect

Are they duplicate logs coming from different location?

Posted : 07/12/2021 3:25 am

8 Forums
15.4 K Topics
91.7 K Posts
3 Online
39.4 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed