.RDP File Created By Uncommon Application

Rule Info

Name
.RDP File Created By Uncommon Application
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects creation of a file with an ".rdp" extension by an application that doesn't commonly create such files.
Reference
https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
Date
2023-04-18 00:00:00
Modified
2024-11-01 00:00:00
Id
fccfb43e-09a7-4bd2-8b37-a5a7df33386d
Tags
attack.stealth
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=fccfb43e-09a7-4bd2-8b37-a5a7df33386d

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #5966 from @nasbench - Update mitre tags to use attack v19
2026-04-29
34c5d66c2
Florian Roth
Merge PR #5063 from @Neo23x0 - Add & Update rules related to the suspicious creation of ".rdp" files
2024-11-01
0cb8d0e09
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Fukusuke Takahashi
Merge PR #4958 from @fukusuket - Update unreachable/broken references
2024-08-10
8ff9cd8d2
github-actions[bot]
Merge PR #4745 from @nasbench - Promote older rules status from `experimental` to `test`
2024-03-01
0108cdc34
Nasreddine Bencherchali
fix: small updates
2023-04-19
e95aaa1e5
Nasreddine Bencherchali
feat: add rules related to rogue rdp
2023-04-18
61c8364c2
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022