Archived Projects

ATT&CK for Containers

Project Summary

This project investigated the viability of adding container-related techniques into MITRE ATT&CK, leading to the development of an ATT&CK for Containers matrix. This work covers both orchestration-level (e.g., Kubernetes) and container-level (e.g., Docker) adversary behaviors in a single Containers platform which has been incorporated in version 9 of ATT&CK. The project team worked with contributors from around the world to identify and refine both existing ATT&CK techniques as well as completely new container-specific ones.

Problem

Defenders lack visibility into adversary behaviors in and against container technologies leaving their organizations exposed to emerging threats.

Solution

Expand MITRE ATT&CK to describe adversary behaviors in and against container technologies including Docker and Kubernetes.

Impact

Brings focus to adversary behaviors in an emergent domain leveraging the well-understood and widely adopted ATT&CK methodology.

Project Resources:

Project Announcement Project Website

Funding Research Participants

Explore More of Our Work:

Jun 2025

Threat-Informed Defense for the Financial Sector

Connect adversarial threat mitigations to cybersecurity program resources tailored to the financial sector, namely the Cyber Risk Institute …

Continue reading

May 2025

Ambiguous Techniques

Building upon the research of Summiting the Pyramid, Ambiguous Techniques is a methodology to determine malicious intent behind seemingly benign …

Continue reading

Feb 2025

Prioritize Known Exploited Vulnerabilities

Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.

Continue reading

Stay Informed

Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.