Enterprise networks have been a frequent target of data breaches and sabotage. In a widely used method, attackers establish a foothold in the target network by compromising a single computer or account. They then move laterally between computers to access valuable resources and information located deeper inside the network. To move laterally, attackers often steal valid user credentials. This paper is based on the observation that an attackers' pattern of access characteristics of the stolen credentials in the form of <User, Source, Destination> deviates from benign patterns and can be used to detect malicious logins. In this paper, we present APT-Hunter1, a visualization tool that helps security analysts to explore login data for discovering patterns and detecting malicious logins. To evaluate the proposed system, a pilot study was conducted over an open dataset of more than one billion logins of an enterprise network, provided by Los Alamos National Lab (LANL). Using APT-Hunter, security analysts (unfamiliar with the dataset) were able to detect 349 of 749 malicious logins related to lateral movements performed by a Red Team during a penetration test conducted at LANL. APT-Hunter is currently deployed in a global financial company and helps security analysts detect account compromises.