Detecttechnique

D3-RTSDRemote Terminal Session Detection

Remote Terminal Session Detection

Definition

Detection of an unauthorized remote live terminal console session by examining network traffic to a network host.

Defends against72

TypeTargetConfidenceTier
TechniqueExploitation of Remote Servicest1210100%live
SubTechniqueSSHt1021.004100%live
SubTechniqueSpearphishing Attachmentt1566.001100%live
SubTechniqueTransmitted Data Manipulationt1565.002100%live
SubTechniqueFile Transfer Protocolst1071.002100%live
TechniqueDrive-by Compromiset1189100%live
SubTechniqueDomain Frontingt1090.004100%live
TechniqueRemote Servicest1021100%live
SubTechniqueInternal Proxyt1090.001100%live
SubTechniqueCMSTPt1218.003100%live
TechniqueRogue Domain Controllert1207100%live
TechniqueMulti-Stage Channelst1104100%live
TechniqueWindows Management Instrumentationt1047100%live
SubTechniqueMulti-hop Proxyt1090.003100%live
TechniqueExploit Public-Facing Applicationt1190100%live
SubTechniqueSpearphishing Linkt1566.002100%live
SubTechniqueTFTP Boott1542.005100%live
SubTechniqueExternal Proxyt1090.002100%live
TechniqueExfiltration Over Web Servicet1567100%live
SubTechniqueMalicious Linkt1204.001100%live
TechniqueData Obfuscationt1001100%live
TechniqueExfiltration Over Other Network Mediumt1011100%live
SubTechniqueWeb Protocolst1071.001100%live
TechniqueAdversary-in-the-Middlet1557100%live
TechniqueScheduled Transfert1029100%live
SubTechniqueMail Protocolst1071.003100%live
SubTechniqueCredential Stuffingt1110.004100%live
SubTechniqueExfiltration Over Unencrypted Non-C2 Protocolt1048.003100%live
SubTechniqueAccessibility Featurest1546.008100%live
TechniqueLateral Tool Transfert1570100%live

Showing top 30 of 72 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
RPC Traffic Analysis
Defence
Network Traffic Analysis
Defence
Session Duration Analysis
Defence
Network Traffic Filtering
Defence
Network Traffic Signature Analysis
Defence
Session Termination
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.