What is the authoritative source for D3-NTCD?

Network Traffic Community Deviation (D3-NTCD) is catalogued in MITRE D3FEND and curated for EU compliance use cases by SQUR.

Detecttechnique

D3-NTCDNetwork Traffic Community Deviation

Network Traffic Community Deviation

Establishing baseline communities of network hosts and identifying statistically divergent inter-community communication.

Type	Target	Confidence	Tier
Technique	Ingress Tool Transfert1105	100%	live
Technique	Data Encodingt1132	100%	live
Technique	Dynamic Resolutiont1568	100%	live
SubTechnique	Exfiltration to Cloud Storaget1567.002	100%	live
Technique	Data Transfer Size Limitst1030	100%	live
Technique	Automated Exfiltrationt1020	100%	live
Technique	Data Obfuscationt1001	100%	live
SubTechnique	Credential Stuffingt1110.004	100%	live
Technique	Drive-by Compromiset1189	100%	live
Technique	Exfiltration Over Web Servicet1567	100%	live
SubTechnique	Web Session Cookiet1550.004	100%	live
Technique	Fallback Channelst1008	100%	live
Technique	Browser Session Hijackingt1185	100%	live
Technique	Application Layer Protocolt1071	100%	live
Technique	Protocol Tunnelingt1572	100%	live
SubTechnique	Exfiltration to Code Repositoryt1567.001	100%	live
SubTechnique	Windows Management Instrumentation Event Subscriptiont1546.003	100%	live
SubTechnique	DNSt1071.004	100%	live
Technique	Adversary-in-the-Middlet1557	100%	live
SubTechnique	Internal Proxyt1090.001	100%	live
SubTechnique	Kerberoastingt1558.003	100%	live
Technique	Scheduled Transfert1029	100%	live
SubTechnique	Asymmetric Cryptographyt1573.002	100%	live
SubTechnique	SSHt1021.004	100%	live
Technique	Web Servicet1102	100%	live
SubTechnique	Direct Network Floodt1498.001	100%	live
Technique	Remote Service Session Hijackingt1563	100%	live
SubTechnique	Additional Cloud Credentialst1098.001	100%	live
SubTechnique	Mail Protocolst1071.003	100%	live
Technique	Exfiltration Over C2 Channelt1041	100%	live