MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
| Reconnaissance | The adversary is trying to gather information they can use to plan future operations. |
| Resource Development | The adversary is trying to establish resources they can use to support operations. |
| Initial Access | The adversary is trying to get into your network. |
| Execution | The adversary is trying to run malicious code. |
| Persistence | The adversary is trying to maintain their foothold. |
| Privilege Escalation | The adversary is trying to gain higher-level permissions. |
| Defense Evasion | The adversary is trying to avoid being detected. |
| Credential Access | The adversary is trying to steal account names and passwords. |
| Discovery | The adversary is trying to figure out your environment. |
| Lateral Movement | The adversary is trying to move through your environment. |
| Collection | The adversary is trying to gather data of interest to their goal. |
| Command and Control | The adversary is trying to communicate with compromised systems to control them. |
| Exfiltration | The adversary is trying to steal data. |
| Impact | The adversary is trying to manipulate, interrupt, or destroy your systems and data. |