Unusual Geolocation of Communication Destination

Description

Triggered when an organziation, user, device, or peer group generates network traffic destined for a rare or unique Country destination. This anomaly requires destinationCountry (or similar) to be populated.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Account Compromise, Data Exfiltration, Lateral Movement

Alert Volume

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Command and Control
Exfiltration

MITRE ATT&CK Techniques

Application Layer Protocol
Non-Application Layer Protocol
Custom Command and Control Protocol
Exfiltration Over Alternative Protocol
Exfiltration Over C2 Channel

MITRE Threat Groups

APT29
APT3
APT32
APT37
Dragonfly 2.0
FIN6
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
Magic Hound
MuddyWater
OilRig
PLATINUM
Rocke
Sandworm Team
Soft Cell
Stealth Falcon
Wizard Spider

Data Sources

Network Communication