Sightings Ecosystem v2.0.0

The Sightings Ecosystem gives cyber defenders visibility into what adversaries are actually doing in the wild. With your help, we are tracking MITRE ATT&CK® techniques observed to give defenders real data on technique prevalence. With this data, we can analyze trends in evolving adversary behaviors and provide a data-driven resource to support prioritizing defensive operations. This project ingests ATT&CK technique sightings and processes them to produce useful datasets and reporting.

This project is created and maintained by the MITRE Engenuity Center for Threat-Informed Defense in futherance of our mission to advance the state of the art and the state of the practice in threat-informed defense globally. The project is funded by our research participants. You can be a part of the success of this project by contributing your Sightings data and help advance the state of cybersecurity at large. Email ctid@mitre-engenuity.org for details.

Contents

• Introduction
  • Background
  • Framing our Analysis
• Key Results
  • Key Figures
  • What’s in the Data
  • Top 15 Techniques
  • Top 10 NIST 800-53 Controls
  • Download Data
• Top 15 Techniques
  • 1. T1059 – Command and Scripting Interpreter
  • 2. T1027 – Obfuscated Files or Information
  • 3. T1105 – Ingress Tool Transfer
  • 4. T1112 – Modify Registry
  • 5. T1070 – Indicator Removal
  • 6. T1204 – User Execution
  • 7. T1564 – Hide Artifacts
  • 8. T1055 – Process Injection
  • 9. T1003 – OS Credential Dumping
  • 10. T1021 – Remote Services
  • 11. T1486 – Data Encrypted for Impact
  • 12. T1091 – Replication Through Removable Media
  • 13. T1082 – System Information Discovery
  • 14. T1047 – Windows Management Instrumentation
  • 15. T1562 – Impair Defenses
• Technique Co-Occurrences
• Additional Analysis
  • Top 15 Techniques by Year
  • Sectors
  • Regions
  • Software
  • Techniques by Platform
  • Techniques by Privilege Level
  • Missing Techniques
• Defenses in Summary
• Lessons Learned
• Data Model
  • Specfication
  • Examples
  • JSON Schema
• Data contributors
• Get Involved
  • About the Center for Threat Informed Defense

Notice

© 2024 MITRE Engenuity. Approved for public release. Document number(s) CT0103.

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This project makes use of ATT&CK®: ATT&CK Terms of Use