TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

MITRE ATT&CK: What It Is, How it Works, Who Uses It and Why

2021-06-10 · Read original ↗

ATT&CK techniques detected

9 predictions
T1566.002Spearphishing Link
99%
“##dotal indication of how “ popular ” ( successful ) this sub - technique is with attackers. figure 8. a partial view of the phishing : spearphishing link detail page for the initial access tactic shows 12 of the 45 total procedures observed in the wild. this is a good place to p…”
T1566.002Spearphishing Link
98%
“a general description of the tactic and a list of all techniques and associated sub - techniques. metadata to the right of the description lists the tactic id number, date created, and date last modified. figure 5 provides a partial view of the initial access detail page, showing…”
T1588.002Tool
97%
“practices, characteristics, and specific attack attributions. att & ck also provides an extensive list of software used in attacks ( both malware and commercially available and open - source code that can be used legitimately or maliciously ). all information captured in att & ck…”
T1566.002Spearphishing Link
93%
“for detecting the use of this technique in your environment. figure 6. detail page for the phishing tactic under initial access. exploring sub - technique detail pages returning to the full matrix, clicking the gray bar to the right of any technique exposes its sub - techniques. …”
T1069.002Domain Groups
82%
“##tions shows the id number, name, and a brief description for each. clicking a mitigation entry provides a list of techniques and sub - techniques that mitigation addresses ( see figure 13 ). again, the technique ids and names listed on mitigation pages are clickable, taking you…”
T1588.002Tool
60%
“the tools adversaries use the software page in att & ck includes an extensive list — 585 entries — of software apts are known to use. in this context, the term software is used broadly and primarily consists of malware. but it also includes commercially available, custom, and ope…”
T1598Phishing for Information
35%
“of all columns like in a spreadsheet. once you realize the 14 independent columns are structured more like individual organization charts ( see figure 2 ), the full matrix becomes far less daunting. associated techniques and sub - techniques appear beneath each tactic. figure 2. …”
T1566Phishing
34%
“access ( a tactic ). phishing ’ s three associated sub - techniques are spearphishing attachment, spearphishing link, and spearphishing via [ a ] service. - procedures : describes the specific implementations of that techniques and sub - techniques apts have used ( sometimes in c…”
T1566.002Spearphishing Link
34%
“of all columns like in a spreadsheet. once you realize the 14 independent columns are structured more like individual organization charts ( see figure 2 ), the full matrix becomes far less daunting. associated techniques and sub - techniques appear beneath each tactic. figure 2. …”

Summary

MITRE ATT&CK, a framework that uniquely describes cyberattacks from the attacker’s perspective, is quickly being adopted by organizations worldwide as a tool for analyzing threats and improving security defenses.