🐾 - 🔔 Potential RDP Brute Force Attack or Scan on default port from local network - Possible Lateral Movement 🥷 - T1110

SID: 3300314Rev: 41 views
Sourcepawpatrules
CreatedMay 19, 2022
UpdatedMay 23, 2022
Classificationattempted-recon
alert tcp $HOME_NET any -> any 3389 (msg:"🐾 - 🔔 Potential RDP Brute Force Attack or Scan on default port from local network - Possible Lateral Movement 🥷 - T1110"; flow:to_server; flags:S,12; threshold:type threshold, track by_src, count 60, seconds 60; reference:url,https://en.wikipedia.org/wiki/Brute-force_attack; reference:url,https://attack.mitre.org/techniques/T1110/; classtype:attempted-recon; sid:3300314; rev:4; metadata:created_at 2022_05_19, updated_at 2022_05_23;)

References

urlhttps://en.wikipedia.org/wiki/Brute-force_attack
urlhttps://attack.mitre.org/techniques/T1110/

Metadata

created at2022_05_19
updated at2022_05_23

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!