Notifications

Clear all

Thousands of outgoing RDP sessions

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Deltron 3 years ago

3 Posts

3 Users

0 Reactions

1,325 Views

RSS

slimbalato

(@slimbalato)

New Member

Joined: 8 years ago

Posts: 4

Topic starter 05/12/2021 1:24 am

Anyone know what would cause this in the logs? I suspect it's malware polling all of the nodes on the network but not sure of the method being used.

Quote

Topic Tags

randomaccess

(@randomaccess)

Reputable Member

Joined: 13 years ago

Posts: 385

05/12/2021 9:03 am

Sounds like malware. Would suggest looking at persistence mechanisms, running through malicious program execution and seeing what might be causing it.

ReplyQuote

Deltron

(@deltron)

Estimable Member

Joined: 11 years ago

Posts: 125

07/12/2021 4:25 am

What is the event ID ect.

Is it every minute/day/ect

Are they duplicate logs coming from different location?

ReplyQuote

8 Forums
15.7 K Topics
92.2 K Posts
15 Online
41 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed