SEV0218 0 Posted May 8 Share Posted May 8 I'm getting a large number of "RDP communication over nonstandard port" with a wide range of parent processes and commandline entries as well as inconsistent ports. Some examples include process of dns.exe on port 53 (making it sound like RDP over DNS), Java.exe on port 80, and even port 445 with no process. It will occasionally give me the commandline that triggered the detection, but most of the time I get nothing more than what I gave in my examples. Is there a better way for me to dig into this? I'm kind of coming up empty on most of my usual resources like MITRE and various threat DBs. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.