LoFP
/
t1090.002
t1090.002
Title
Tags
legitimate use of portmap.io domains
t1041
t1090
t1090.002
windows
sigma
legitimate users and applications may use these domains for benign purposes such as file transfers, collaborative development, or storing public content. developer tools, browser extensions, or open-source software may connect to githubusercontent.com or cdn.discordapp.com as part of normal operation. it is recommended to review the associated process (`eve_process`), user behavior, and frequency of access before classifying the activity as suspicious.
t1071.001
t1090.002
t1105
t1567.002
t1588.002
network
splunk
programs that connect locally to the rdp port
t1021
t1021.001
t1090
t1090.001
t1090.002
windows
sigma
LoFP
/
t1090.002