MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally accessible knowledge base of adversary behaviors across the cyberattack lifecycle. Developed in 2013 from MITRE's Fort Meade Experiment, it provides a comprehensive, structured framework cataloging the tactics, techniques, and procedures (TTPs) that real-world threat actors use to compromise systems and networks.
The MITRE ATT&CK framework provides a detailed map of attacker goals (tactics) and the specific methods (techniques) they use to achieve those goals, based on real investigations conducted by researchers and incident responders.
Key Components
Tactics: Tactics represent the "why" of an attack—the adversary's objectives at each stage of an intrusion. Tactics include Reconnaissance (collecting information about targets), Resource Development (acquiring tools, infrastructure, or accounts needed to carry out attacks), Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, and Impact.
Techniques and Sub-Techniques: Techniques represent the "how"—the specific methods attackers use to achieve each tactic. Each technique is documented with real-world examples, detection guidance, and mitigation recommendations.
Threat Groups: The framework catalogs known threat actor groups (APTs and cybercriminal organizations), mapping their TTPs to help analysts identify behavioral patterns and compare current attacks with historical campaigns.
Practical Applications
Mapping observed techniques to known threat actors
Threat detection and hunt hypothesis development
Security gap analysis and red team planning
Comparing current attacks with historical campaigns from documented threat groups
Security teams use MITRE ATT&CK to enhance threat detection, streamline incident response, and refine defensive strategies. Pangratis leverages behavioral AI to detect attack techniques catalogued in the MITRE ATT&CK framework, providing organizations with defense against modern threat actors.