HC3 TLP White Threat Intelligence Briefing - ATT&CK for Emotet, January 28, 2021

ATT&CK framework developed by the MITRE Corporation
in 2013 and released to the public in May 2015

  • Stands for “Adversarial Tactics, Techniques, and Common Knowledge”
  • Comprehensive matrix of tactics and techniques associated with malware families and threat groups
  • Leveraged by cybersecurity professionals to better classify attacks and assess an organization’s risk
  • Platforms: Windows, macOS, Linux, Cloud, Network
  • Three different matrices:
    • Enterprise ATT&CK
    • Pre-ATT&CK
    • Mobile ATT&CK
  • 14 tactics correspond to attack stages
  • 177 techniques and 348 sub-techniques
  • 42 enterprise mitigations
  • 512 software / malware
  • 109 groups
  • And growing!

Key Resources

Related Resources

Guides/Reports
HC3 TLP Clear: Privileged User Compromise
Public
Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Guides/Reports
CLEAR Crisis Leadership Tip Sheets