CINXE.COM
Contribute | MITRE ATT&CK®
<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href="/versions/v9/theme/favicon.ico" type='image/x-icon'> <title>Contribute | MITRE ATT&CK®</title> <!-- Bootstrap CSS --> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-glyphicon.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-tourist.css" /> <link rel="stylesheet" type="text/css" href="/versions/v9/theme/style.min.css?426cc53a"> </head> <body> <!--stopindex--> <header> <nav class='navbar navbar-expand-lg navbar-dark fixed-top'> <a class='navbar-brand' href="/versions/v9/"><img src="/versions/v9/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item"> <a href="/versions/v9/matrices/" class="nav-link" ><b>Matrices</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/tactics/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/techniques/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/mitigations/mobile/">Mobile</a> </div> </li> <li class="nav-item"> <a href="/versions/v9/groups" class="nav-link" ><b>Groups</b></a> </li> <li class="nav-item"> <a href="/versions/v9/software/" class="nav-link" ><b>Software</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/resources/">General Information</a> <a class="dropdown-item" href="/versions/v9/resources/getting-started/">Getting Started</a> <a class="dropdown-item" href="/versions/v9/resources/training/">Training</a> <a class="dropdown-item" href="/versions/v9/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/versions/v9/resources/working-with-attack/">Working with ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/updates/">Updates</a> <a class="dropdown-item" href="/resources/versions/">Versions of ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/related-projects/">Related Projects</a> </div> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b> <img src="/versions/v9/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <a href="/versions/v9/resources/contribute/" class="nav-link active" ><b>Contribute</b></a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div class="search-icon"></div></button> </li> </ul> </div> </nav> </header> <!-- don't edit or remove the line below even though it's commented out, it gets parsed and replaced by the versioning feature --> <div class="container-fluid version-banner"><div class="icon-inline baseline mr-1"><img src="/versions/v9/theme/images/icon-warning-24px.svg"></div>Currently viewing <a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v9.0" target="_blank">ATT&CK v9.0</a> which was live between April 29, 2021 and October 20, 2021. <a href="/resources/versions/">Learn more about the versioning system</a> or <a href="/">see the live site</a>.</div> <div id='content' class="maincontent"> <!--start-indexing-for-search--> <div class="container"> <div class="container-fluid"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/versions/v9/">Home</a></li> <li class="breadcrumb-item"><a href="/versions/v9/resources/">Resources</a></li> <li class="breadcrumb-item">Contribute</li> </ol> <div class="blog-post p-3"> <div class="card mb-4 danger-card"> <div class="card-header"> <h5 class="mb-0">July 2020 Contribution Update</h5> </div> <div class="card-body"> <!-- <div class="card-title"> </div> --> <p class="card-text"> We recently released an update to Enterprise ATT&CK implementing sub-techniques and published <a href="https://medium.com/mitre-attack/attack-with-sub-techniques-is-now-just-attack-8fc20997d8de">a blog post</a> describing the resulting changes. As stated in our blog post, <b>any new content in Enterprise ATT&CK will only be added to the current (sub-technique) version.</b> If you are contributing techniques we'd ask that you consider if the behavior might be an appropriate sub-technique <a href="https://attack.mitre.org/techniques/enterprise/"> of an existing technique</a>. If you are contributing groups or software entries, we'd ask you to leverage <a href="https://attack.mitre.org/">the latest version of ATT&CK</a>. </p> </div> </div> <h1 class="blog-post-title mb-4">Contribute</h1> <p> You can help contribute to ATT&CK. </p> <p> ATT&CK is in a constant state of development. We are always on the lookout for new information to help refine and extend what is covered. If you have additional techniques, know about variations on one already covered, have examples of techniques in use, or have other relevant information, then we would like to hear from you. </p> <p> We are looking for contributions in the following areas in particular, but if you have other information you think may be useful, please reach us at <a href="mailto:attack@mitre.org">attack@mitre.org</a>. </p> <p> All contributions and feedback to ATT&CK are appreciated. Due to the high volume of contributions, it may take us about a week to get back to you. We may ask you follow-up questions to help us understand your contribution and gather additional information. We recommend you read our <a href="/versions/v9/docs/ATTACK_Design_and_Philosophy_March_2020.pdf">philosophy paper</a> to understand our approach to maintaining ATT&CK so that we get the right details up front. If we find the contribution fills a gap, then we will make edits and send you a draft version of the technique or Group/Software page for your review prior to it being published, listing you as a contributor if desired. Content updates happen roughly every 3-6 months. </p> <h4 class="contribution-headers">Contributing to ATT&CK</h4> <div class="bs-callout bs-callout-success"> <h5 class="contribution-headers">Sub-Techniques and Techniques</h5> <p> We appreciate your help to let us know about what new techniques and technique variations adversaries are using in the wild. You can start by emailing us the technique name, a brief description, and references or knowledge about how it is being used by adversaries. We suggest you take a close look at what we already have on our site, paying attention to the level of abstraction of techniques and sub-techniques. Since we are working on adding new technique details constantly, we will deconflict what you send with what we’re working on. We’ll provide feedback and work with you to get the content added. </p> </div> <div class="bs-callout bs-callout-primary"> <h5 class="contribution-headers">macOS, Linux, cloud, and ICS</h5> <p> While we also cover the Windows and mobile platforms, we are particularly interested in new macOS, Linux, cloud, and ICS techniques since there is a lack of publicly available threat intel for techniques used against those platforms. This leads to gaps in the knowledge base that you can help fill. </p> </div> <div class="bs-callout bs-callout-info"> <h5 class="contribution-headers">Threat Intelligence</h5> <p> We map Group and Software examples on our site, and there is too much open source threat intelligence reporting for us to keep up on everything. We appreciate your help with referenced information about how Groups and Software samples use ATT&CK techniques. Threat intelligence contributions are most helpful to us when they are in the specific format we have on our website, including citing techniques and group names or associated groups to publicly-available references. We ask that you provide the sub-technique or technique name, a brief description of how the technique is implemented, and the publicly-available reference. </p> </div> <div class="bs-callout bs-callout-warning"> <h5 class="contribution-headers">Data Sources</h5> <p> We often don’t have direct access to endpoint or network log data for technique use in incidents. We’re always looking for partners who would be interested in sharing relevant data from logs that show how adversaries are using ATT&CK techniques beyond what appears in threat reporting. </p> </div> <div class="bs-callout bs-callout-danger"> <h5 class="contribution-headers">Your Use Cases</h5> <p> It’s always helpful for us to hear about how you’re using ATT&CK in your organization. We appreciate any information you can share with us about your specific use case or application of ATT&CK, and particularly any success stories you’ve had as a result. </p> </div> <h4 class="contribution-headers">Contribution Examples</h4> <div class="new-examples"> <h5>New Technique Example</h5> <div class="example-container"> <div class="examples-div"> <h6 class="example-fields">(Sub-)Technique Name:</h6> <p class="examples-p mr-0">COM, ROM, & BE GONE </p> <h6 class="margin-contribute-a example-fields">Tactic:</h6> <p class="examples-p">Persistence</p> </div> <div class="examples-div"> <h6 class="example-fields">Platform:</h6> <p class="examples-p mr-0">Windows </p> <h6 class="margin-contribute-b example-fields">Required Permissions:</h6> <p class="examples-p mr-0">User</p> </div> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Sub-techniques:</span> This is a sub-technique of T1XXX, or this would have T1XXX as a sub-technique </p> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Data Sources:</span> Windows API, Process monitoring, or other sources that can be used to detect this activity </p> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Description:</span> Component Object Model (COM) servers associated with Graphics Interchange Format (JIF) image viewers can be abused to corrupt arbitrary memory banks. Adversaries may leverage this opportunity to modify, mux, and maliciously annoy (MMA) read-only memory (ROM) regularly accessed during normal system operations. </p> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Detection:</span> Monitor the JIF viewers for muxing and malicious annoyance. Use event ID 423420 and 234222 to detect changes. </p> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Mitigation:</span> Configure the Registry key HKLM\SYSTEM\ControlSet\001\Control\WindowsJIFControl\ to 0 to disable MMA access if not needed within the environment. </p> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Adversary Use:</span> Here is a publicly-available reference about FUZZYSNUGGLYDUCK using this technique: (www[.]awesomeThreatReports[.]org/FUZZYSNUGGLYDUCK_NOMS _ON_ROM_VIA_COM). Additionally, our red team uses this in our operations. </p> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Additional References:</span> Here is a reference from the researcher who discovered this technique: (www[.]crazySmartResearcher[.]net/POC_DETECTIONS_&_MITIGATIONS_4_WHEN_COM_RAMS_ROM) </p> </div> </div> <div class="new-examples second-example"> <h5>Group & Software Example</h5> <div class="example-container"> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Group Name:</span> FUZZYSNUGGLYDUCK (www[.]sourceX[.]com) </p> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Associated Groups:</span> APT1337 (www[.]sourceY[.]com) </p> <div class="nested-examples-div"> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Description:</span> FUZZYSNUGGLYDUCK is a Great Lakes-based threat group that has been active since at least May 2018. The group focuses on targeting the aviation sector. (www[.]sourceY[.]com) </p> </div> <h6 class="nested-examples-div example-fields">Techniques:</h6> <ul> <li> Phishing: Spearphishing Attachment (T1566.001) – FUZZYSNUGGLYDUCK has used spearphishing email attachments containing images of stale bread to deliver malware. (www[.]sourceX[.]com) </li> <li> File and Directory Discovery (T1083) – FUZZYSNUGGLYDUCK has searched files and directories for the string *quack*. (www[.]sourceY[.]com) </li> </ul> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Software Name:</span> FLYINGV (www[.]sourceX[.]com) (wwwVsourceZ[.]com) </p> <div class="nested-examples-div"> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Group Association:</span> FLYINGV has been used by FUZZYSNUGGLYDUCK. (www[.]sourceZ[.]com) </p> </div> <div class="nested-examples-div"> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Description:</span> FLYINGV is custom malware used by FUZZYSNUGGLYDUCK as a second-stage RAT. (www[.]sourceZ[.]com) </p> </div> <div class="nested-examples-div"> <p class="examples-p mr-0 ml-0"> <span class="example-fields">Platform:</span> Windows </p> </div> <h6 class="example-fields">Techniques:</h6> <ul> <li> Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder (T1547.001) – FLYINGV has added the Registry Run key “HueyDeweyLouie” to establish persistence. (www[.]sourceX[.]com) </li> <li> File and Directory Discovery (T1083) – FLYINGV has used rundll32.exe to load its malicious dll file, estevez.dll. (www[.]sourceX[.]com) </li> </ul> </div> </div> <h4 class="contribution-headers">Content Errors on the Website</h4> <p> If you find errors or typos on the site related to content, please let us know by sending an email to <a href="mailto:attack@mitre.org?subject=Website Content Error">attack@mitre.org</a> with the subject <strong>Website Content Error</strong>. </p> <p>Please let us know the following:</p> <ol> <li> The url where you found the error. </li> <li> A short description of the error. </li> </ol> <p>Examples of errors:</p> <ul> <li> Typos and syntax errors </li> <li> Improperly formatted web pages </li> <li> 404 errors when links are clicked </li> </ul> <h4 class="contribution-headers">Contributors</h4> <p> The following individuals or organizations have contributed information regarding the existence of a technique, details on how to detect and/or mitigate use of a technique, or threat intelligence on adversary use: </p> <div> <div class="row"> <div class="col"> <ul> <li> Christoffer Strömblad </li> <li> Abel Morales, Exabeam </li> <li> Alain Homewood, Insomnia Security </li> <li> Alan Neville, @abnev </li> <li> Alex Hinchliffe, Palo Alto Networks </li> <li> Alex Soler, AttackIQ </li> <li> Alexandros Pappas </li> <li> Alfredo Abarca </li> <li> Alfredo Oliveira, Trend Micro </li> <li> Allen DeRyke, ICE </li> <li> Anastasios Pingios </li> <li> Andrew Smith, @jakx_ </li> <li> Antonio Villani, @LDO_CyberSec, Leonardo's Cyber Security Division </li> <li> Arie Olshtein, Check Point </li> <li> Ariel Shuper, Cisco </li> <li> Assaf Morag, @MoragAssaf, Team Nautilus Aqua Security </li> <li> Aviran Hazum, Check Point </li> <li> Avneet Singh </li> <li> Barry Shteiman, Exabeam </li> <li> Bart Parys </li> <li> Bartosz Jerzman </li> <li> Bencherchali Nasreddine, @nas_bench, ELIT Security Team (DSSD) </li> <li> Bernaldo Penas Antelo </li> <li> Blake Strom, Microsoft 365 Defender </li> <li> Bobby, Filar, Elastic </li> <li> Brad Geesaman, @bradgeesaman </li> <li> Brent Murphy, Elastic </li> <li> Brian Prange </li> <li> Brian Wiltse @evalstrings </li> <li> Bryan Lee </li> <li> Carlos Borges, @huntingneo, CIP </li> <li> Carrie Roberts, @OrOneEqualsOne </li> <li> Casey Smith </li> <li> Center for Threat-Informed Defense (CTID) </li> <li> Chen Erlich, @chen_erlich, enSilo </li> <li> Chris Roffe </li> <li> Chris Ross @xorrior </li> <li> Christiaan Beek, @ChristiaanBeek </li> <li> Christopher Glyer, FireEye, @cglyer </li> <li> Cody Thomas, SpecterOps </li> <li> Craig Aitchison </li> <li> CrowdStrike Falcon OverWatch </li> <li> Cybereason Nocturnus, @nocturnus </li> <li> Dan Nutting, @KerberToast </li> <li> Daniel Oakley </li> <li> Daniel Stepanic, Elastic </li> <li> Daniil Yugoslavskiy, @yugoslavskiy, Atomic Threat Coverage project </li> <li> Daniyal Naeem, BT Security </li> <li> Darren Spruell </li> <li> Dave Westgard </li> <li> David Ferguson, CyberSponse </li> <li> David Fiser, @anu4is, Trend Micro </li> <li> David French, Elastic </li> <li> David Lu, Tripwire </li> <li> David Routin </li> <li> Deloitte Threat Library Team </li> <li> Diogo Fernandes </li> <li> Doron Karmi, @DoronKarmi </li> <li> Drew Church, Splunk </li> <li> Ed Williams, Trustwave, SpiderLabs </li> <li> Edward Millington </li> <li> Elastic </li> <li> Elger Vinicius S. Rodrigues, @elgervinicius, CYBINT Centre </li> <li> Elia Florio, Microsoft </li> <li> Elly Searle, CrowdStrike — contributed to tactic definitions </li> <li> Emile Kenning, Sophos </li> <li> Emily Ratliff, IBM </li> <li> Eric Kuehn, Secure Ideas </li> <li> Erik Schamper, @Schamperr, Fox-IT </li> <li> Erika Noerenberg, @gutterchurl, Carbon Black </li> <li> Erye Hernandez, Palo Alto Networks </li> <li> ESET </li> <li> Expel </li> <li> ExtraHop </li> <li> Felipe Espósito, @Pr0teus </li> <li> Filip Kafka, ESET </li> <li> FIRST.ORG's Cyber Threat Intelligence SIG </li> <li> FS-ISAC </li> <li> Gal Singer, @galsinger29, Team Nautilus Aqua Security </li> <li> George Allen, VMware Carbon Black </li> <li> Hans Christoffer Gaardløs </li> <li> Harry Kim, CODEMIZE </li> <li> Harry, CODEMIZE </li> <li> Harshal Tupsamudre, Qualys </li> <li> Heather Linn </li> <li> Hiroki Nagahama, NEC Corporation </li> <li> Ibrahim Ali Khan </li> <li> Idan Frimark, Cisco </li> <li> Idan Revivo, @idanr86, Team Nautilus Aqua Security </li> <li> Itamar Mizrahi, Cymptom </li> <li> Itzik Kotler, SafeBreach </li> <li> Ivan Sinyakov </li> <li> Jacob Wilkin, Trustwave, SpiderLabs </li> <li> Jacques Pluviose, @Jacqueswildy_IT </li> <li> James Dunn, @jamdunnDFW, EY </li> <li> Jan Miller, CrowdStrike </li> <li> Jan Petrov, Citi </li> <li> Janantha Marasinghe </li> <li> Jannie Li, Microsoft Threat Intelligence Center (MSTIC) </li> <li> Jared Atkinson, @jaredcatkinson </li> <li> Jay Chen, Palo Alto Networks </li> <li> Jean-Ian Boutin, ESET </li> <li> Jeff Sakowicz, Microsoft Identity Developer Platform Services (IDPM Services) </li> <li> Jeremy Galloway </li> <li> Jesse Brown, Red Canary </li> <li> Jimmy Astle, @AstleJimmy, Carbon Black </li> <li> Joas Antonio dos Santos, @C0d3Cr4zy, Inmetrics </li> <li> Johann Rehberger </li> <li> John Lambert, Microsoft Threat Intelligence Center </li> <li> John Strand </li> <li> Jon Sternstein, Stern Security </li> <li> Jonathan Shimonovich, Check Point </li> <li> Jose Luis Sánchez Martinez </li> <li> Josh Abraham </li> <li> Josh Campbell, Cyborg Security, @cyb0rgsecur1ty </li> <li> Josh Day, Gigamon </li> <li> Justin Warner, ICEBRG </li> <li> Jörg Abraham, EclecticIQ </li> <li> Kaspersky </li> <li> Katie Nickels, Red Canary </li> <li> Kobi Eisenkraft, Check Point </li> <li> Kobi Haimovich, CardinalOps </li> <li> Kyaw Pyiyt Htet, @KyawPyiytHtet </li> <li> Lab52 by S2 Grupo </li> <li> Lacework Labs </li> <li> Lee Christensen, SpecterOps </li> <li> Leo Loobeek, @leoloobeek </li> <li> Leo Zhang, Trend Micro </li> </ul> </div> <div class="col"> <ul> <li> Loic Jaquemet </li> <li> Lorin Wu, Trend Micro </li> <li> Lucas da Silva Pereira, @vulcanunsec, CIP </li> <li> Lukáš Štefanko, ESET </li> <li> Maarten van Dantzig, @MaartenVDantzig, Fox-IT </li> <li> Magno Logan, @magnologan, Trend Micro </li> <li> Manikantan Srinivasan, NEC Corporation India </li> <li> Marc-Etienne M.Léveillé, ESET </li> <li> Mark Wee </li> <li> Martin Jirkal, ESET </li> <li> Martin Smolár, ESET </li> <li> Martin Sohn Christensen, Improsec </li> <li> Mathieu Tartare, ESET </li> <li> Matias Nicolas Porolli, ESET </li> <li> Matt Brenton, Zurich Insurance Group </li> <li> Matt Burrough, @mattburrough, Microsoft </li> <li> Matt Graeber, @mattifestation, SpecterOps </li> <li> Matt Kelly, @breakersall </li> <li> Matt Snyder, VMware </li> <li> Matthew Demaske, Adaptforward </li> <li> Matthew Molyett, @s1air, Cisco Talos </li> <li> Matthieu Faou, ESET </li> <li> Mayuresh Dani, Qualys </li> <li> McAfee </li> <li> Menachem Shafran, XM Cyber </li> <li> Michael Cox </li> <li> Michael Katchinskiy, @michael64194968, Team Nautilus Aqua Security </li> <li> Michal Dida, ESET </li> <li> Microsoft Threat Intelligence Center (MSTIC) </li> <li> Mike Kemmerer </li> <li> Milos Stojadinovic </li> <li> Mnemonic </li> <li> Mugdha Peter Bansode </li> <li> Nathaniel Quist, Palo Alto Networks </li> <li> Netskope </li> <li> Nick Carr, FireEye </li> <li> Nik Seetharaman, Palantir </li> <li> Nino Verde, @LDO_CyberSec, Leonardo's Cyber Security Division </li> <li> Nishan Maharjan, @loki248 </li> <li> Oddvar Moe, @oddvarmoe </li> <li> Ofir Almkias, Cybereason </li> <li> Ohad Mana, Check Point </li> <li> Oleg Kolesnikov, Securonix </li> <li> Oleg Skulkin, Group-IB </li> <li> Oleksiy Gayda </li> <li> Omkar Gudhate </li> <li> Patrick Campbell, @pjcampbe11 </li> <li> Paul Speulstra, AECOM Global Security Operations Center </li> <li> Pawan Kinger, @kingerpawan, Trend Micro </li> <li> Pedro Harrison </li> <li> Phil Stokes, SentinelOne </li> <li> Philip Winther </li> <li> Pooja Natarajan, NEC Corporation India </li> <li> Praetorian </li> <li> Prasad Somasamudram, McAfee </li> <li> Prashant Verma, Paladion </li> <li> Rahmat Nurfauzi, @infosecn1nja, PT Xynexis International </li> <li> Red Canary </li> <li> RedHuntLabs, @redhuntlabs </li> <li> Ricardo Dias </li> <li> Richard Gold, Digital Shadows </li> <li> Richie Cyrus, SpecterOps </li> <li> Rick Cole, FireEye </li> <li> Rob Smith </li> <li> Robby Winchester, @robwinchester3 </li> <li> Robert Falcone </li> <li> Robert Simmons, @MalwareUtkonos </li> <li> Robert Wilson </li> <li> Rodrigo Garcia, Red Canary </li> <li> Roi Kol, @roykol1, Team Nautilus Aqua Security </li> <li> Romain Dumont, ESET </li> <li> Rory McCune, Aqua Security </li> <li> Ryan Becwar </li> <li> Ryan Benson, Exabeam </li> <li> Ryo Tamura, SecureBrain Corporation </li> <li> Sahar Shukrun </li> <li> Saisha Agrawal, Microsoft Threat Intelligent Center (MSTIC) </li> <li> SarathKumar Rajendran, Trimble Inc </li> <li> Scott Knight, @sdotknight, VMware Carbon Black </li> <li> Scott Lundgren, @5twenty9, Carbon Black </li> <li> Sebastian Salla, McAfee </li> <li> Sekhar Sarukkai, McAfee </li> <li> Sergey Persikov, Check Point </li> <li> Shailesh Tiwary (Indian Army) </li> <li> Shane Tully, @securitygypsy </li> <li> Shotaro Hamamoto, NEC Solution Innovators, Ltd </li> <li> Shuhei Sasada, Cyber Defense Institute, Inc </li> <li> Silvio La Porta, @LDO_CyberSec, Leonardo's Cyber Security Division </li> <li> Stefan Kanthak </li> <li> Steven Du, Trend Micro </li> <li> Sudhanshu Chauhan, @Sudhanshu_C </li> <li> Sunny Neo </li> <li> Suzy Schapperle - Microsoft Azure Red Team </li> <li> Swapnil Kumbhar </li> <li> Swetha Prabakaran, Microsoft Threat Intelligence Center (MSTIC) </li> <li> Syed Ummar Farooqh, McAfee </li> <li> Sylvain Gil, Exabeam </li> <li> Sébastien Ruel, CGI </li> <li> Takuma Matsumoto, LAC Co., Ltd </li> <li> Tatsuya Daitoku, Cyber Defense Institute, Inc. </li> <li> Teodor Cimpoesu </li> <li> The DFIR Report, @TheDFIRReport </li> <li> Thijn Bukkems, Amazon </li> <li> Tim MalcomVetter </li> <li> Toby Kohlenberg </li> <li> Tom Ueltschi @c_APT_ure </li> <li> Tony Lambert, Red Canary </li> <li> Travis Smith, Tripwire </li> <li> Trend Micro Incorporated </li> <li> Tristan Bennett, Seamless Intelligence </li> <li> Valerii Marchuk, Cybersecurity Help s.r.o. </li> <li> Varonis Threat Labs </li> <li> Veeral Patel </li> <li> Vikas Singh, Sophos </li> <li> Vinayak Wadhwa, Lucideus </li> <li> Vincent Le Toux </li> <li> Vishwas Manral, McAfee </li> <li> Walker Johnson </li> <li> Wayne Silva, F-Secure Countercept </li> <li> Wes Hurd </li> <li> Yaniv Agman, @AgmanYaniv, Team Nautilus Aqua Security </li> <li> Ye Yint Min Thu Htut, Offensive Security Team, DBS Bank </li> <li> Yonatan Gotlib, Deep Instinct </li> <li> Yossi Weizman, Azure Defender Research Team </li> <li> Yusuke Niwa, ITOCHU Corporation </li> <li> Yuval Avrahami, Palo Alto Networks </li> <li> Ziv Karliner, @ziv_kr, Team Nautilus Aqua Security </li> </ul> </div> </div> </div> <p> Thanks to those who have contributed to ATT&CK! </p> </div> </div> <!--stop-indexing-for-search--> <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner"> <!-- text input for searching --> <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">×</div> </div> </div> <!-- results and controls for loading more results --> <div id="search-body" class="search-body"> <div class="results" id="search-results"> <!-- content will be appended here on search --> </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <footer class="footer p-3"> <div class="container-fluid"> <div class="row"> <div class="col-4 col-sm-4 col-md-3"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/versions/v9/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="col-6 col-sm-6 text-center"> <p> © 2015-2021, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </p> <div class="row"> <div class="col text-right"> <small> <a href="/versions/v9/resources/privacy" class="footer-link">Privacy Policy</a> </small> </div> <div class="col text-center"> <small> <a href="/versions/v9/resources/terms-of-use" class="footer-link">Terms of Use</a> </small> </div> <div class="col text-left "> <small> <a href="/versions/v9/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" title="ATT&CK content version 9.0
Website version 3.3.1">ATT&CK v9.0</a> </small> </div> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col"> <div class="footer-float-right-responsive-brand"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-primary w-100"> <!-- <i class="fa fa-twitter"></i> --> <img src="/versions/v9/theme/images/twitter.png" class="mr-1 twitter-icon"> <b>@MITREattack</b> </a> </div> <div class=""> <a href="/versions/v9/contact" class="btn btn-primary w-100"> Contact </a> </div> </div> </div> </div> </div> </div> </footer> </div> <!--SCRIPTS--> <script src="/versions/v9/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/versions/v9/theme/scripts/popper.min.js"></script> <script src="/versions/v9/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/versions/v9/theme/scripts/site.js"></script> <script src="/versions/v9/theme/scripts/flexsearch.es5.js"></script> <script src="/versions/v9/theme/scripts/localforage.min.js"></script> <script src="/versions/v9/theme/scripts/settings.js?7248"></script> <script src="/versions/v9/theme/scripts/search_babelized.js"></script> <script src="/versions/v9/theme/scripts/tables.js"></script></body> </html>