ATT&CK Framework

• What is the ATT&CK Framework?

  • A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations

ATT&CK and Threat Intelligence

• Threat Intelligence (TI) or Cyber Threat Intelligence (CTI)

  • The information or TTPs, attributed to the adversary

  • Used to progvide information about the threat landscape specifically adversaries and their TTPs

  • Three Types

    • Strategic

      • Assists senior management make informed decision about security budget and strategies

    • Tactical

      • Interacts with the TTPs and attack models to identify adversary attack patterns

    • Operational

      • Interact with IOCs and how the adversaries operationalize

• Information Sharing and Analysis Centers (ISACS)

  • Collect various indicators of an adversary

ATT&CK Emulation Plans

• CITD

  • Organization consisting of various companies and vendors

  • Objective is to conduct research on cyber threats and their TTPs

• Adversary Emulation Library & ATT&CK Emulation Plans

  • Three plans currently available

    • APT3

    • APT29

    • FIN6

  • Plans are step by step guide on how to mimic the specific threat group

References

• ATT&CK Framework

• ATT&CK Navigator