Rule Info
Name
.RDP File Created by Outlook Process
Author
Florian Roth
Description
Detects the creation of files with the ".rdp" extensions in the temporary directory that Outlook uses when opening attachments.
This can be used to detect spear-phishing campaigns that use RDP files as attachments.
Date
2024-11-01 00:00:00
Modified
2024-11-03 00:00:00
Id
f748c45a-f8d3-4e6f-b617-fe176f695b8f
Tags
attack.defense-evasion
Type
Community Rule
Link to Public Repo