Detecttechnique

D3-RPARelay Pattern Analysis

Relay Pattern Analysis

Definition

The detection of an internal host relaying traffic between the internal network and the external network.

Defends against31

TypeTargetConfidenceTier
SubTechniqueExfiltration Over Asymmetric Encrypted Non-C2 Protocolt1048.002100%live
TechniqueProtocol Tunnelingt1572100%live
SubTechniqueExfiltration Over Unencrypted Non-C2 Protocolt1048.003100%live
SubTechniqueSymmetric Cryptographyt1573.001100%live
TechniqueWeb Servicet1102100%live
SubTechniqueMalicious Linkt1204.001100%live
TechniqueEncrypted Channelt1573100%live
TechniqueNon-Application Layer Protocolt1095100%live
TechniqueDrive-by Compromiset1189100%live
TechniqueRemote Access Softwaret1219100%live
SubTechniqueMail Protocolst1071.003100%live
SubTechniqueExfiltration Over Symmetric Encrypted Non-C2 Protocolt1048.001100%live
SubTechniqueDNSt1071.004100%live
SubTechniqueMulti-hop Proxyt1090.003100%live
SubTechniqueExfiltration to Cloud Storaget1567.002100%live
SubTechniqueFile Transfer Protocolst1071.002100%live
TechniqueData Obfuscationt1001100%live
SubTechniqueDomain Frontingt1090.004100%live
TechniqueNon-Standard Portt1571100%live
SubTechniqueWeb Protocolst1071.001100%live
SubTechniqueExfiltration to Code Repositoryt1567.001100%live
SubTechniqueExternal Proxyt1090.002100%live
TechniqueBITS Jobst1197100%live
TechniqueApplication Layer Protocolt1071100%live
TechniqueIngress Tool Transfert1105100%live
TechniqueDynamic Resolutiont1568100%live
TechniqueData Encodingt1132100%live
TechniqueMulti-Stage Channelst1104100%live
TechniqueFallback Channelst1008100%live
TechniqueExfiltration Over Web Servicet1567100%live

Showing top 30 of 31 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
RPC Traffic Analysis
Defence
IP Reputation Analysis
Defence
Network Traffic Analysis
Defence
Resource Access Pattern Analysis
Defence
IPC Traffic Analysis
Defence
Application Protocol Command Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.