MITRE Corporation has released the tenth version of ATT&CK, its globally accessible knowledge base of cyber adversary tactics and techniques based on real-world observations.
Version ten comes with new Data Source objects, new and changed techniques in its various matrices, key changes to facilitate hunting in ICS environments, and more.
The most prominent change in this newest version of the framework is new objects with aggregated information about data sources.
The data source object features the name of the data source as well as key details and metadata, including an ID, a definition, where it can be collected (collection layer), what platform(s) it can be found on, and the data components highlighting relevant values/properties that comprise the data source
These data sources are available for all platforms of Enterprise ATT&CK, including our newest additions that cover OSINT related data sources mapped to PRE platform techniques.
Also Read : MITRE ATT&CK V9
Changes in ATT&CK for ICS and the Mobile matrices are focused on providing all the features currently provided in the Enterprise matrices.
It includes cross-domain mappings of Enterprise techniques to software that were previously only represented in the ICS Matrix, including Stuxnet, Industroyer, and several others. The fact that adversaries don’t respect theoretical boundaries is something we’ve consistently emphasized, and we think it’s crucial to feature Enterprise-centric mappings for more comprehensive coverage of all the behaviors exhibited by the software.
The complete release notes for MITRE ATT&CK v10 can be found here.