MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
Reconnaissance | The adversary is trying to gather information they can use to plan future operations. |
Resource Development | The adversary is trying to establish resources they can use to support operations. |
Initial Access | The adversary is trying to get into your network. |
Execution | The adversary is trying to run malicious code. |
Persistence | The adversary is trying to maintain their foothold. |
Privilege Escalation | The adversary is trying to gain higher-level permissions. |
Defense Evasion | The adversary is trying to avoid being detected. |
Credential Access | The adversary is trying to steal account names and passwords. |
Discovery | The adversary is trying to figure out your environment. |
Lateral Movement | The adversary is trying to move through your environment. |
Collection | The adversary is trying to gather data of interest to their goal. |
Command and Control | The adversary is trying to communicate with compromised systems to control them. |
Exfiltration | The adversary is trying to steal data. |
Impact | The adversary is trying to manipulate, interrupt, or destroy your systems and data. |