Detecttechnique

D3-CSPPClient-server Payload Profiling

Client-server Payload Profiling

Definition

Comparing client-server request and response payloads to a baseline profile to identify outliers.

Defends against72

TypeTargetConfidenceTier
SubTechniqueDirect Network Floodt1498.001100%live
SubTechniqueLLMNR/NBT-NS Poisoning and SMB Relayt1557.001100%live
SubTechniqueExfiltration to Code Repositoryt1567.001100%live
TechniqueNon-Standard Portt1571100%live
TechniqueDynamic Resolutiont1568100%live
TechniqueRemote Access Softwaret1219100%live
SubTechniqueExfiltration Over Unencrypted Non-C2 Protocolt1048.003100%live
SubTechniqueSpearphishing Linkt1566.002100%live
TechniqueNon-Application Layer Protocolt1095100%live
SubTechniqueExfiltration to Cloud Storaget1567.002100%live
TechniqueWindows Management Instrumentationt1047100%live
SubTechniqueApplication Access Tokent1550.001100%live
TechniqueLateral Tool Transfert1570100%live
SubTechniqueWeb Protocolst1071.001100%live
TechniqueProtocol Tunnelingt1572100%live
SubTechniqueExfiltration Over Asymmetric Encrypted Non-C2 Protocolt1048.002100%live
SubTechniqueAdditional Cloud Credentialst1098.001100%live
TechniqueExfiltration Over C2 Channelt1041100%live
SubTechniqueReflection Amplificationt1498.002100%live
SubTechniqueCredential Stuffingt1110.004100%live
TechniqueRemote Servicest1021100%live
SubTechniqueAccessibility Featurest1546.008100%live
SubTechniqueDomain Frontingt1090.004100%live
TechniqueData Encodingt1132100%live
SubTechniqueTFTP Boott1542.005100%live
SubTechniqueWindows Management Instrumentation Event Subscriptiont1546.003100%live
SubTechniqueExternal Proxyt1090.002100%live
TechniqueScheduled Transfert1029100%live
TechniqueIngress Tool Transfert1105100%live
TechniqueRemote System Discoveryt1018100%live

Showing top 30 of 72 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
IPC Traffic Analysis
Defence
Protocol Metadata Anomaly Detection
Defence
RPC Traffic Analysis
Defence
Application Protocol Command Analysis
Defence
Web Session Activity Analysis
Defence
Network Traffic Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.