Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

MITRE ATT&CK™ is a globally accessible knowledge base of adversarial tactics and techniques based on real-world observations, MITRE ATT&CK provides a powerful means of classifying and studying your adversary's techniques and intentions. Only MITRE ATT&CK tools relevant to the current search are displayed. You can use MITRE ATT&CK to enhance, analyze, and test your threat hunting and detection efforts. All content © 2018 The MITRE Corporation. This work is reproduced and distributed with the permission of the MITRE Corporation.

The MITRE ATT&CK report provides comprehensive information on the threat indicator currently being searched. The MITRE ATT&CK report includes the following information:

  • Initial Access: The technique or techniques used to gain an initial foothold within your network.

  • Execution: The technique or techniques used, resulting in malicious code running on a system residing in your network.

  • Persistence: The technique or techniques used to maintain access to systems during systems restarts, credential changes, and other service interruptions which would cut off access to systems in your network.

  • Privilege Escalation: The technique or techniques used to gain higher-level permission levels on your system running in your network.

  • Defense Evasion: The technique or techniques used to avoid detection and compromise of a system residing in your network.

  • Credential Access: The technique or techniques used to steal credentials such as account names and passwords for systems residing in your network.

  • Discovery: The technique or techniques used to gain information and intelligence about a system in your network.

  • Lateral Movement: The technique or techniques used to enter and control a system residing on your network. Controlling a system often involves pivoting through multiple systems and accounts to gain access.

  • Collection: The technique or techniques used to gather data after gaining access to a system in your network. Frequently, the next goal after collecting the data is to steal (exfiltrate) the data. 

  • Command and Control: The technique or techniques used to communicate with other compromised systems in your network.

  • Exfiltration: The technique or techniques used to steal data from your system or network.

  • Impact: The technique or techniques used to manipulate, interrupt, or destroy your systems and data residing on your network.

Image: Sample MITRE ATT&CK report


The Dossier MITRE ATT&CK report contains the following features:

Search Field

The search field is located at the top of the page and is used to search for threat indicators. You can run a search based on the domain name, IP address, hostname, URL, email, or hash value. 

Resources

Click Resources located in the top right-hand side of the Summary page to display a drop-down list containing additional Dossier and TIDE resources.

Resources include the following:

  • Dossier & TIDE Quick Start Guide 

  • Dossier User Guide 

  • Dossier API Calls Reference 

  • Dossier Source Descriptions 

  • Threat Classification Guide 

Add to Custom List 

Dossier allows you to perform custom list management. Domains and IP addresses can be added directly to your custom lists through any of Dossier’s reports pages, including the MITRE ATT&CK report page.

Adding a Domain or IP Address to a Custom List in Dossier

To add a domain or IP address to a custom list in Dossier, complete the following:

  1. From the Cloud Services Portal, click Research -> Dossier.
  2. Run a Dossier search on the domain name or IP address.
  3. On the Dossier MITRE ATT&CK report page, click Add to Custom List located at the top, right-hand side of the Action bar.
  4. On the Add to Custom List page, select what custom list or lists from among the list of available custom lists to add the domain or IP address by clicking the blue arrowassociated with the custom list. If you cannot locate the custom list you want to add the domain or IP address to, you can use the search feature to search for the custom list. Alternatively, you can clickto add the domain or IP address to all custom lists. If you inadvertently add the domain or IP address, in the Selected column of custom lists, you can click the blue arrow associated with the custom list to remove the domain or IP address from it.
  5. Once you have added the domain or IP address to your custom list or lists, you can save your configuration by clicking Add.
  6. You should now see the name of the custom list or lists where the domain or IP address has been added populating the Custom Lists section of the MITRE ATT&CK report page.

Export

Click Export to export the Dossier Report file. You can choose to include any or all of the report sections by placing a check in the box associated with a specific section of the report. You can choose from among the following sections:

  • Summary
  • Impacted Devices
  • Current DNS
  • Related Domains
  • Related URLS
  • Related IPs
  • Related File Samples
  • Related Contacts
  • Reports
  • Timeline
  • Threat Actor
  • MITRE ATT&CK
  • WHOIS Record
  • Raw Whois

When you have finished selecting what sections of the report to export, click Export in the bottom right-hand corner of the dialogue box. Your report will be exported in PDF format.

Close

Click Close to close the Summary Report page. Closing the Summary Report page returns you to the default Dossier search page.  


Click here to return to the main Dossier Threat Indicator Report page.

  • No labels