![John Hammond on X: "On at least one host, we've observed the threat actor staging persistence by opening port 3389 for RDP: netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow John Hammond on X: "On at least one host, we've observed the threat actor staging persistence by opening port 3389 for RDP: netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow](https://pbs.twimg.com/media/F7da0DpbcAA7lqB.jpg:large)
John Hammond on X: "On at least one host, we've observed the threat actor staging persistence by opening port 3389 for RDP: netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow
![Connecting using putty with Windows Remote Desktop Windows Based Remote Connections | DSLReports, ISP Information Connecting using putty with Windows Remote Desktop Windows Based Remote Connections | DSLReports, ISP Information](http://www.lazyrabbitt.com/images/bbr/puttyrd2.jpg)
Connecting using putty with Windows Remote Desktop Windows Based Remote Connections | DSLReports, ISP Information
![MWB keeps telling me that it blocked a website on port 3389? but I blocked - Malwarebytes for Windows Support Forum - Malwarebytes Forums MWB keeps telling me that it blocked a website on port 3389? but I blocked - Malwarebytes for Windows Support Forum - Malwarebytes Forums](https://content.invisioncic.com/Mmalware/monthly_2021_02/image.png.81e632db46342920a1b7eb4223199b56.png)