Rule Info
Name
.RDP File Created by Outlook Process
Author
Florian Roth
Description
Detects the creation of files with the ".rdp" extensions in the temporary directory that Outlook uses when opening attachments.
This can be used to detect spear-phishing campaigns that use RDP files as attachments.
Date
2024-11-01 00:00:00
Modified
None
Id
f748c45a-f8d3-4e6f-b617-fe176f695b8f
Tags
attack.defense-evasion DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Florian Roth
Merge PR #5063 from @Neo23x0 - Add & Update rules related to the suspicious creation of ".rdp" files
2024-11-01