Alert Information
High
- Alert ID
ind:561559e2fcea400ba3601b74d64aa30b:150656857314-10291-21204240- Composite ID
84393bf974fd44bda943a25a6a7bc27f:ind:561559e2fcea400ba3601b74d64aa30b:150656857314-10291-21204240- 설명
- A command line indicates an attempt to hijack a remote desktop protocol session. Review the process tree.
- 호스트
- DESKTOP-FNUMV3U
- 상태
- new
- 생성 시간
- 2025-12-22 07:50:31
- 업데이트 시간
- 2025-12-22 08:49:31
MITRE ATT&CK
- Tactic
- Lateral Movement
- Technique
- Remote Desktop Protocol
Command Line
tscon 1 /dest:rdp-tcp#0
Raw JSON Data
{"id":"ind:561559e2fcea400ba3601b74d64aa30b:150656857314-10291-21204240","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:561559e2fcea400ba3601b74d64aa30b:150656857314-10291-21204240","agent_id":"561559e2fcea400ba3601b74d64aa30b","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A command line indicates an attempt to hijack a remote desktop protocol session. Review the process tree.","severity":70,"severity_name":"High","confidence":80,"tactic":"Lateral Movement","tactic_id":"TA0008","technique":"Remote Desktop Protocol","technique_id":"T1021.001","cmdline":"tscon 1 /dest:rdp-tcp#0","filename":"tscon.exe","filepath":"\\Device\\HarddiskVolume1\\Windows\\System32\\tscon.exe","sha256":"15e3a70fd3f2972cd8d7826dfe4058255b0fbb974969828644d93256f7fb9c12","status":"new","type":"ldt","created_timestamp":"2025-12-21T22:50:31.859797911Z","updated_timestamp":"2025-12-21T23:49:31.848487565Z","device":{"device_id":"561559e2fcea400ba3601b74d64aa30b","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"DESKTOP-FNUMV3U","local_ip":"172.26.224.1","external_ip":"14.47.49.244","mac_address":"00-15-5d-52-e9-ba","platform_name":"Windows","os_version":"Windows 10"},"aggregate_id":"aggind:561559e2fcea400ba3601b74d64aa30b:4509232372","CreatedAt":"2025-12-22T07:50:31.8597979+09:00","UpdatedAt":"2025-12-22T08:49:31.8484876+09:00"}
Quick Info
- Severity High
- Score 70
-
Agent ID
561559e2fcea400ba3601b74d64aa30b
Actions