Detecttechnique

D3-UGLPAUser Geolocation Logon Pattern Analysis

User Geolocation Logon Pattern Analysis

Definition

Monitoring geolocation data of user logon attempts and comparing it to a baseline user behavior profile to identify anomalies in logon location.

Defends against72

TypeTargetConfidenceTier
SubTechniqueAccessibility Featurest1546.008100%live
SubTechniqueAdditional Cloud Credentialst1098.001100%live
SubTechniqueWindows Management Instrumentation Event Subscriptiont1546.003100%live
TechniqueExfiltration Over Other Network Mediumt1011100%live
SubTechniqueWeb Session Cookiet1550.004100%live
TechniqueRemote System Discoveryt1018100%live
SubTechniqueSymmetric Cryptographyt1573.001100%live
SubTechniqueExfiltration Over Unencrypted Non-C2 Protocolt1048.003100%live
TechniqueProtocol Tunnelingt1572100%live
SubTechniqueExfiltration Over Symmetric Encrypted Non-C2 Protocolt1048.001100%live
SubTechniqueLLMNR/NBT-NS Poisoning and SMB Relayt1557.001100%live
SubTechniqueExfiltration to Code Repositoryt1567.001100%live
TechniqueExfiltration Over C2 Channelt1041100%live
TechniqueTraffic Signalingt1205100%live
SubTechniqueExfiltration to Cloud Storaget1567.002100%live
SubTechniqueApplication Access Tokent1550.001100%live
TechniqueExploit Public-Facing Applicationt1190100%live
TechniqueData Obfuscationt1001100%live
TechniqueApplication Layer Protocolt1071100%live
TechniqueData Encodingt1132100%live
SubTechniquePort Knockingt1205.001100%live
TechniqueRemote Service Session Hijackingt1563100%live
SubTechniqueSpearphishing Attachmentt1566.001100%live
TechniqueExploitation of Remote Servicest1210100%live
TechniqueRogue Domain Controllert1207100%live
SubTechniqueCMSTPt1218.003100%live
TechniqueDrive-by Compromiset1189100%live
TechniqueMulti-Stage Channelst1104100%live
TechniqueNon-Application Layer Protocolt1095100%live
SubTechniqueReflection Amplificationt1498.002100%live

Showing top 30 of 72 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
Local Account Monitoring
Defence
Job Function Access Pattern Analysis
Defence
Web Session Activity Analysis
Defence
Script Execution Analysis
Defence
Application Protocol Command Analysis
Defence
User Behavior Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.