{"id":20398,"date":"2021-12-29T12:00:17","date_gmt":"2021-12-29T12:00:17","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=20398"},"modified":"2021-12-23T00:18:58","modified_gmt":"2021-12-23T00:18:58","slug":"use-mitre-attck-to-understand-attacker-behavior","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/","title":{"rendered":"How to Use MITRE ATT&#038;CK to Understand Attacker Behavior"},"content":{"rendered":"<p><a href=\"https:\/\/attack.mitre.org\/\" target=\"_blank\" rel=\"noopener\">MITRE ATT&amp;CK<\/a> (&#8220;miter attack&#8221;) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It\u2019s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors.<\/p>\n<p>ATT&amp;CK (Adversarial Tactics, Techniques, and Common Knowledge) documents adversary behaviors to be used by red teams (e.g., for <a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing\/\">pentesting<\/a>) but also by defenders who want to understand \u201cthe context surrounding events or artifacts generated by a technique in use.\u201d MITRE believes <a href=\"https:\/\/medium.com\/mitre-attack\/att-ck-101-17074d3bc62\" target=\"_blank\" rel=\"noopener\">offense is the best driver for defense<\/a>, so it does not focus on tools and <a href=\"https:\/\/www.esecurityplanet.com\/threats\/malware-types\/\">malware<\/a> but on how attackers behave during an operation.<\/p>\n<p>The ATT&amp;CK framework organizes information in a consistent and structured way, allowing people with varying knowledge, from beginners to advanced security teams, to use its documents. It provides advanced ability to defeat common attacks.<\/p>\n<p><em>Also see: <\/em><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-user-and-entity-behavior-analytics-ueba-tools\/\"><em>Best User and Entity Behavior Analytics (UEBA) Tools<\/em><\/a><\/p>\n<h2 role=\"presentation\">Using TTPs for Real-world Use Cases<\/h2>\n<p>MITRE started in 2013 with Windows networks only, but it now contains information for <a href=\"https:\/\/attack.mitre.org\/matrices\/enterprise\/\" target=\"_blank\" rel=\"noopener\">various platforms<\/a>, including <a href=\"https:\/\/attack.mitre.org\/matrices\/mobile\/\" target=\"_blank\" rel=\"noopener\">mobile<\/a>. The knowledge base describes tactics, techniques, and procedures (TTPs), which provide deep insight into attacker behavior, with detailed examples of tools and methods used by specific groups.<\/p>\n<p>According to MITRE, there are four primary use cases where the document base can be beneficial:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/threat-intelligence-platforms\/\">Threat intelligence<\/a><\/li>\n<li>Detection and analytics<\/li>\n<li>Adversary emulation and red teaming<\/li>\n<li>Assessment and engineering<\/li>\n<\/ul>\n<p>ATT&amp;CK is a great resource, but it can\u2019t cover every situation. For example, MITRE does not recommend ATT&amp;CK for reporting such as API calls in static malware analysis.<\/p>\n<p><em>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/products\/breach-and-attack-simulation-bas-vendors\/\">Top 11 Breach and Attack Simulation (BAS) Vendors for 2022<\/a><\/em><\/p>\n<h2 role=\"presentation\">14 Tactics to Attack Companies<\/h2>\n<p>MITRE defines <a href=\"https:\/\/attack.mitre.org\/tactics\/enterprise\/\" target=\"_blank\" rel=\"noopener\">14 tactics<\/a> (at the time of writing) adversaries use to target enterprise networks:<\/p>\n<ul>\n<li><strong>Reconnaissance:<\/strong> Collecting information for future adversary operations<\/li>\n<li><strong>Resource Development: <\/strong>Creating resources to support operations<\/li>\n<li><strong>Initial Access: <\/strong>Trying to gain unauthorized access to the network<\/li>\n<li><strong>Execution: <\/strong>Running malicious code<\/li>\n<li><strong>Persistence:<\/strong> Maintaining access to the compromised system despite classic security actions such as restarts, changed credentials, and other interruptions<\/li>\n<li><strong>Privilege Escalation: <\/strong>Trying to gain higher-level permissions on the system or the network<\/li>\n<li><strong>Defense Evasion: <\/strong>Trying to circumvent detection tools and monitoring<\/li>\n<li><strong>Credential Access: <\/strong>Trying to steal account names and passwords<\/li>\n<li><strong>Discovery: <\/strong>Attempting to figure out a corporate environment<\/li>\n<li><strong>Lateral Movement: <\/strong>Traversing a corporate environment<\/li>\n<li><strong>Collection: <\/strong>Collecting relevant data for the operation<\/li>\n<li><strong>Command and Control: <\/strong>Communicating with the compromised system<\/li>\n<li><strong>Exfiltration: <\/strong>Stealing the data<\/li>\n<li><strong>Impact: <\/strong>Manipulating, interrupting, or destroying the system and data<\/li>\n<\/ul>\n<h2 role=\"presentation\">What are MITRE Matrices?<\/h2>\n<p>MITRE organizes data into matrices\u2014large tables with links to detailed explanations\u2014which can help an organization to identify and understand adversarial behavior. Because hackers can use various techniques to achieve the same goal, MITRE categorizes them with few tactics.<\/p>\n<p>This categorization allows for visualizing the relationship between tactics and techniques. Tactics can be described as how attackers achieve their objectives, such as <a href=\"https:\/\/attack.mitre.org\/tactics\/TA0008\" target=\"_blank\" rel=\"noopener\">lateral movement<\/a>, using specific techniques like RDP hijacking or tainting shared content. Based on the relationships between the different tactics and techniques, you can learn how attackers use a specific technique to achieve a particular tactic.<\/p>\n<p><em>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/networks\/best-incident-response-tools-services\/\">Best Incident Response Tools and Software<\/a><\/em><\/p>\n<h2 role=\"presentation\">Getting Started with ATT&amp;CK<\/h2>\n<p>MITRE defines three levels for a thread-informed defense:<\/p>\n<ul>\n<li><strong>Level 1<\/strong>: Teams just starting who may not have many resources<\/li>\n<li><strong>Level 2<\/strong>: Mid-level teams starting to mature<\/li>\n<li><strong>Level 3<\/strong>: Advanced cybersecurity teams<\/li>\n<\/ul>\n<p>If you want to focus on one group (e.g., FIN7), you can get helpful information to start cyber threat intelligence (CTI) analysis.<\/p>\n<p>More advanced teams can map intelligence to ATT&amp;CK instead of using others\u2019 information. You can use your incident reports and categorize threats with one of the tactics defined by MITRE.<\/p>\n<p>If you don\u2019t know how to start, you can run a simple search on a specific command and learn more about the techniques that use it on MITRE\u2019s website. You can also search for malicious software, such as <a href=\"https:\/\/attack.mitre.org\/software\/S0154\/\" target=\"_blank\" rel=\"noopener\">Cobalt Strike<\/a>, to learn how to better prepare your business against the techniques and tactics hackers use.<\/p>\n<p>If you need easier ways to discover and use ATT&amp;CK, you can try the <a href=\"https:\/\/mitre-attack.github.io\/attack-navigator\/\" target=\"_blank\" rel=\"noopener\">MITRE ATT&amp;CK Navigator<\/a>, a free, open-source project that provides basic annotation and navigation.<\/p>\n<h2 role=\"presentation\">Going Further with Mitigations, Procedures, and Sub-techniques<\/h2>\n<p><a href=\"https:\/\/attack.mitre.org\/mitigations\/enterprise\/\" target=\"_blank\" rel=\"noopener\">Mitigations<\/a> help fight against TTPs by providing \u201csecurity concepts and classes of technologies that can be used to prevent a technique or sub-technique from being successfully executed.\u201d Many security vendors use ATT&amp;CK tactics and techniques to mitigate security threats and often map products like <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">EDR tools<\/a> to them.<\/p>\n<p>These techniques may include sub-techniques. For example, <a href=\"https:\/\/attack.mitre.org\/techniques\/T1110\/003\/\" target=\"_blank\" rel=\"noopener\">Password Spraying<\/a> is a sub-technique of the Brute Force technique and can be used to achieve credential access.<\/p>\n<p>Sub-techniques are the deepest level of detail and abstraction. MITRE uses sub-techniques to avoid overloading its model with too many techniques describing very similar things while maintaining granularity levels. You can see sub-techniques as variations in adversary actions. In other words, they are very specific techniques.<\/p>\n<p>Procedures are particular implementations of techniques and sub-techniques. MITRE defines them as the \u201cin-the-wild use of techniques.\u201d You\u2019ll find practical examples of procedures for each technique and sub-techniques:<\/p>\n<figure id=\"attachment_20401\" aria-describedby=\"caption-attachment-20401\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20401\" src=\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg\" alt=\"MITRE ATT&amp;CK\" width=\"900\" height=\"292\" \/><figcaption id=\"caption-attachment-20401\" class=\"wp-caption-text\">MITRE ATT&amp;CK procedures example<\/figcaption><\/figure>\n<h2 role=\"presentation\">Towards Threat Modeling and Risk Management<\/h2>\n<p>Threat modeling consists of identifying, measuring, and addressing security risks. It\u2019s a significant part of cybersecurity.<\/p>\n<p>ATT&amp;CK allows for a proactive defense. Indeed, it gives a good overview of the most threatening attacks and typical scenarios where they could be successful. You can also integrate it into your risk management solution. Risk quantification is not possible without understanding threats, which ATT&amp;CK can help estimate and measure.<\/p>\n<p>By utilizing the MITRE ATT&amp;CK framework, you can choose the best strategy against specific threats.<\/p>\n<p><em>Further reading: <a href=\"https:\/\/www.esecurityplanet.com\/products\/risk-management-software\/\">Best Risk Management Software<\/a><\/em><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6d610a26c4-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6d610a26c4\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6d610a26c4\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6d610a26c4\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6d610a26c4\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6d610a26c4\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6d610a26c4\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>MITRE ATT&amp;CK (&#8220;miter attack&#8221;) is an up-to-date and widely-used knowledge base that focuses on how attackers think and operate. It\u2019s based on practical use cases, so companies can better evaluate security issues and get examples of common tactics and techniques used by threat actors. ATT&amp;CK (Adversarial Tactics, Techniques, and Common Knowledge) documents adversary behaviors to [&hellip;]<\/p>\n","protected":false},"author":267,"featured_media":20401,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14,15],"tags":[13283,7575],"b2b_audience":[33,35],"b2b_industry":[],"b2b_product":[377,379],"class_list":["post-20398","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","category-threats","tag-mitre","tag-threat-intelligence","b2b_audience-awareness-and-consideration","b2b_audience-implementation-and-support","b2b_product-gateway-and-network-security","b2b_product-threats-and-vulnerabilities"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Use MITRE ATT&amp;CK to Understand Attacker Behavior | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"MITRE ATT&amp;CK is an important framework for understanding cybersecurity threats. Learn how MITRE can help your cyber defenses.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Use MITRE ATT&amp;CK to Understand Attacker Behavior | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"MITRE ATT&amp;CK is an important framework for understanding cybersecurity threats. Learn how MITRE can help your cyber defenses.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-29T12:00:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-23T00:18:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"292\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Julien Maury\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Julien Maury\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/\"},\"author\":{\"name\":\"Julien Maury\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\"},\"headline\":\"How to Use MITRE ATT&#038;CK to Understand Attacker Behavior\",\"datePublished\":\"2021-12-29T12:00:17+00:00\",\"dateModified\":\"2021-12-23T00:18:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/\"},\"wordCount\":989,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg\",\"keywords\":[\"Mitre\",\"Threat Intelligence\"],\"articleSection\":[\"Networks\",\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/\",\"name\":\"How to Use MITRE ATT&CK to Understand Attacker Behavior | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg\",\"datePublished\":\"2021-12-29T12:00:17+00:00\",\"dateModified\":\"2021-12-23T00:18:58+00:00\",\"description\":\"MITRE ATT&CK is an important framework for understanding cybersecurity threats. Learn how MITRE can help your cyber defenses.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg\",\"width\":900,\"height\":292,\"caption\":\"MITRE ATT&CK procedures example\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Use MITRE ATT&#038;CK to Understand Attacker Behavior\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\",\"name\":\"Julien Maury\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"caption\":\"Julien Maury\"},\"description\":\"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jmaury\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Use MITRE ATT&CK to Understand Attacker Behavior | eSecurity Planet","description":"MITRE ATT&CK is an important framework for understanding cybersecurity threats. Learn how MITRE can help your cyber defenses.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/","og_locale":"en_US","og_type":"article","og_title":"How to Use MITRE ATT&CK to Understand Attacker Behavior | eSecurity Planet","og_description":"MITRE ATT&CK is an important framework for understanding cybersecurity threats. Learn how MITRE can help your cyber defenses.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/","og_site_name":"eSecurity Planet","article_published_time":"2021-12-29T12:00:17+00:00","article_modified_time":"2021-12-23T00:18:58+00:00","og_image":[{"width":900,"height":292,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg","type":"image\/jpeg"}],"author":"Julien Maury","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Julien Maury","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/"},"author":{"name":"Julien Maury","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a"},"headline":"How to Use MITRE ATT&#038;CK to Understand Attacker Behavior","datePublished":"2021-12-29T12:00:17+00:00","dateModified":"2021-12-23T00:18:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/"},"wordCount":989,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg","keywords":["Mitre","Threat Intelligence"],"articleSection":["Networks","Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/","url":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/","name":"How to Use MITRE ATT&CK to Understand Attacker Behavior | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg","datePublished":"2021-12-29T12:00:17+00:00","dateModified":"2021-12-23T00:18:58+00:00","description":"MITRE ATT&CK is an important framework for understanding cybersecurity threats. Learn how MITRE can help your cyber defenses.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/12\/MITRE-brute-force-e1640218281236.jpg","width":900,"height":292,"caption":"MITRE ATT&CK procedures example"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/use-mitre-attck-to-understand-attacker-behavior\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"How to Use MITRE ATT&#038;CK to Understand Attacker Behavior"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a","name":"Julien Maury","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","caption":"Julien Maury"},"description":"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.","url":"https:\/\/www.esecurityplanet.com\/author\/jmaury\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20398"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/267"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=20398"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/20398\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/20401"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=20398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=20398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=20398"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=20398"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=20398"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=20398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}