Enhancing the STIX Representation of MITRE ATT&CK for Group Filtering and Technique Prioritization
DOI:
https://doi.org/10.34190/eccws.21.1.349Keywords:
Cyber Threat Intelligence, MITRE ATT&CK, CTI, Threat Actor, Knowledge Representation, TTPs, STIXAbstract
In this paper, we enhance the machine-readable representation of the ATT&CK Groups knowledge base provided by MITRE in STIX 2.1 format to make available and queryable additional types of contextual information. Such information includes the motivations of activity groups, the countries they have originated from, and the sectors and countries they have targeted. We demonstrate how to utilize the enhanced model to construct intelligible queries to filter activity groups of interest and retrieve relevant tactical intelligence.
Downloads
Published
Issue
Section
License
Copyright (c) 2022 European Conference on Cyber Warfare and Security

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.