.RDP File Created by Outlook Process

Rule Info

Name
.RDP File Created by Outlook Process
Author
Florian Roth
Description
Detects the creation of files with the ".rdp" extensions in the temporary directory that Outlook uses when opening attachments. This can be used to detect spear-phishing campaigns that use RDP files as attachments.
Date
2024-11-01 00:00:00
Modified
2024-11-03 00:00:00
Id
f748c45a-f8d3-4e6f-b617-fe176f695b8f
Tags
attack.defense-evasion
Type
Community Rule

Rule History

Author
Title
Date
Commit
Florian Roth
Merge PR #5070 from @Neo23x0 - Update `.RDP File Created by Outlook Process`
2024-11-04
Florian Roth
Merge PR #5063 from @Neo23x0 - Add & Update rules related to the suspicious creation of ".rdp" files
2024-11-01