Archived Projects

ATT&CK for Containers

Project Summary

This project investigated the viability of adding container-related techniques into MITRE ATT&CK, leading to the development of an ATT&CK for Containers matrix. This work covers both orchestration-level (e.g., Kubernetes) and container-level (e.g., Docker) adversary behaviors in a single Containers platform which has been incorporated in version 9 of ATT&CK. The project team worked with contributors from around the world to identify and refine both existing ATT&CK techniques as well as completely new container-specific ones.

Problem

Defenders lack visibility into adversary behaviors in and against container technologies leaving their organizations exposed to emerging threats.

Solution

Expand MITRE ATT&CK to describe adversary behaviors in and against container technologies including Docker and Kubernetes.

Impact

Brings focus to adversary behaviors in an emergent domain leveraging the well-understood and widely adopted ATT&CK methodology.

Project Resources:

Project Announcement Project Website

Funding Research Participants

Explore More of Our Work:

Jul 2025

Attack Flow v3

With Attack Flow, you will capture the entire attack and communicate what matters!

Continue reading

Jun 2025

Threat-Informed Defense for the Financial Sector

Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute …

Continue reading

May 2025

Ambiguous Techniques

Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign …

Continue reading

Stay Informed

Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.