The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base advances our collective understanding of the technical mechanisms that insider threats use. With this knowledge, Insider Threat Programs and Security Operations Centers can detect, mitigate, and emulate insider actions on IT …
Sensor Mappings to ATT&CK gives cyber defenders the information they need to identify and understand cyber incidents occurring in their environment. Various tools and services are available to collect system or network information, but it is not always clear how to use those tools to provide …
OceanLotus (aka APT32, SeaLotus, APT-C-00) is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists. This project adds the first macOS and Linux focused …
The cybersecurity community has been working for years to automatically identify adversary tactics, techniques, and procedures (TTPs) in cyber threat intelligence (CTI) reports. With some advances in machine learning and artificial intelligence, TRAM is a solution that is measurably effective at …
The Workbench project expands the functionality of the current platform to enable teams to explore, create, annotate, and share extensions of the ATT&CK knowledge base. This work increases the utility of using Workbench as a local knowledge base that can be extended with a team’s new or updated …
This project developed an approach and prototype tool for creating narrative cyber threat intel reports that analysts need in the form they need them. Reports produced using CTI Blueprints include structured STIX content, are tagged with ATT&CK reference, and enable operational defensive cyber …
The ATT&CK Sync project streamlines upgrades to new versions of MITRE ATT&CK® by providing tools and resources to migrate existing projects to current ATT&CK versions in a timely and efficient manner. The ATT&CK knowledge base is updated twice per year and with each new ATT&CK …
This project updates and expands the translation layer between VERIS and ATT&CK allowing ATT&CK to describe the adversary behaviors that were observed in an incident coded in VERIS. These connections allow for joint analysis of the information that ATT&CK describes well alongside the …
Defending IaaS with ATT&CK developed an ATT&CK matrix that enables users to easily understand and work with the techniques applicable to Infrastructure-as-a-Service (IaaS) environments, regardless of whether the attacks target the cloud management layer, the container technology, or the …
Micro Emulation Plans help organizations validate their defenses quickly and easily by building smaller scale adversary emulation plans that are fully automated using compatible tools and focused on common threats. The Micro Emulation Plans help scale the impact of the Adversary Emulation Library …
