Thousands of outgoi...
 
Notifications
Clear all

Thousands of outgoing RDP sessions

3 Posts
3 Users
0 Likes
804 Views
(@slimbalato)
Posts: 4
New Member
Topic starter
 

Anyone know what would cause this in the logs? I suspect it's malware polling all of the nodes on the network but not sure of the method being used.

 
Posted : 05/12/2021 12:24 am
(@randomaccess)
Posts: 385
Reputable Member
 

Sounds like malware. Would suggest looking at persistence mechanisms, running through malicious program execution and seeing what might be causing it.

 
Posted : 05/12/2021 8:03 am
(@deltron)
Posts: 125
Estimable Member
 

What is the event ID ect.

Is it every minute/day/ect

Are they duplicate logs coming from different location?

 
Posted : 07/12/2021 3:25 am
Share:
Share to...