MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
/Mythic/Payload_Types/[agent name]/mythic/agent_functions[cmd_name].py
attackmapping
that takes an array of MITRE's T#
values. For example, looking at the apfell
agent's download
command:download
command, Mythic does a lookup to see if there's any MITRE ATT&CK associations with the command, and if there are, Mythic creates entries for the "Tasks by ATT&CK" mappings. This is why you're able to see the exact command associated.sudo ./mythic-cli payload start [agent name]
. That'll restart the agent's container and trigger a re-sync of information.