Thousands of outgoi...
 
Notifications
Clear all

Thousands of outgoing RDP sessions

slimbalato
(@slimbalato)
New Member

Anyone know what would cause this in the logs? I suspect it's malware polling all of the nodes on the network but not sure of the method being used.

Quote
Topic starter Posted : 05/12/2021 12:24 am
randomaccess
(@randomaccess)
Active Member

Sounds like malware. Would suggest looking at persistence mechanisms, running through malicious program execution and seeing what might be causing it.

ReplyQuote
Posted : 05/12/2021 8:03 am
Deltron
(@deltron)
Active Member

What is the event ID ect.

Is it every minute/day/ect

Are they duplicate logs coming from different location?

ReplyQuote
Posted : 07/12/2021 3:25 am
Share: