MITRE ATT&CK Framework
Adversary tactics and techniques framework for threat detection, hunting, and incident response
Threat Intelligence
Detection Engineering
Threat Hunting
Incident Response
Framework Overview
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The framework is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and cybersecurity product and service community.
14
Tactics
193
Techniques
401
Sub-techniques
ATT&CK Tactics
The 14 tactics represent the "why" of an ATT&CK technique or sub-technique
Initial Access
9
Gaining initial foothold
Execution
12
Running malicious code
Persistence
19
Maintaining access
Privilege Escalation
13
Gaining higher permissions
Defense Evasion
40
Avoiding detection
Credential Access
15
Stealing credentials
Discovery
29
Learning about environment
Lateral Movement
9
Moving through network
Collection
17
Gathering data
Command and Control
16
Communicating with systems
Exfiltration
9
Stealing data
Impact
13
Manipulating, interrupting, or destroying systems