Contribute

ATT&CK is in a constant state of development. We are always on the lookout for new information to help refine and extend what is covered. If you have additional techniques, know about variations on one already covered, have examples of techniques in use, or have other relevant information, then we would like to hear from you.

We are looking for contributions in the following areas, but all contributions and feedback to ATT&CK are appreciated. If you have other information you think may be useful, please reach us at attack@mitre.org.

Due to the high volume of contributions, it may take us about a week to get back to you. We recommend you read our philosophy paper to understand our approach to maintaining ATT&CK so that we get the right details up front. Content updates happen roughly every 6 months.

What we're looking for

Sub-Techniques and Techniques

Let us know what new variations of behaviors real adversaries are using in the wild! Please share a brief description of the behavior, any references or knowledge about how it works and was used, and how this behavior is not already captured in ATT&CK.
To understand the process of how the MITRE team develops techniques, refer to the video below.

Threat Intelligence

We map Group and Software examples on our site, and appreciate your help with referenced information about how Groups and Software samples use ATT&CK techniques. Please share the sub-technique or technique name, group or associated group name, a brief description of how the technique is implemented, and the publicly-available reference.

Website Content Errors

If you find errors or typos on the site related to content, please let us know by submitting the url where you found the error and a short description. Examples include typos and syntax errors, improperly formatted web pages, and 404 errors when links are clicked.

Contributors

The following individuals or organizations have contributed information regarding the existence of a technique, details on how to detect and/or mitigate use of a technique, or threat intelligence on adversary use:

@_montysecurity
@ionstorm
Aagam Shah, @neutrinoguy, ABB
Aaron Jornet
Abel Morales, Exabeam
Abhijit Mohanta, @abhijit_mohanta, Uptycs
Achute Sharma, Keysight
Adam Lichters
Adam Mashinchi
Adrien Bataille
Ai Kimura, NEC Corporation
Akiko To, NEC Corporation
Akshat Pradhan, Qualys
Alain Homewood
Alain Homewood, Insomnia Security
Alan Neville, @abnev
Alex Hinchliffe, Palo Alto Networks
Alex Parsons, Crowdstrike
Alex Soler, AttackIQ
Alex Spivakovsky, Pentera
Alexander Rodchenko
Alexandros Pappas
Alfredo Abarca
Alfredo Oliveira, Trend Micro
Allen DeRyke, ICE
Ami Holeston
Amir Gharib, Microsoft Threat Intelligence
Anastasios Pingios
Anders Vejlby
Andrea Serrano Urea, Telefónica Tech
Andrew Allen, @whitehat_zero
Andrew Northern, @ex_raritas
Andrew Smith, @jakx_
Antonio Piazza, @antman1p
Antonio Villani, @LDO_CyberSec, Leonardo's Cyber Security Division
AppOmni
Arad Inbar, Fidelis Security
Arie Olshtein, Check Point
Ariel Shuper, Cisco
Arnim Rupp, Deutsche Lufthansa AG
Assaf Morag, @MoragAssaf, Team Nautilus Aqua Security
Atul Nair, Qualys
Austin Clark, @c2defense
Austin Herrin
Aviran Hazum, Check Point
Avneet Singh
Awake Security
Ayan Saha, Keysight
Barry Shteiman, Exabeam
Bartosz Jerzman
Ben Smith, @ezaspy
Bencherchali Nasreddine, @nas_bench, ELIT Security Team (DSSD)
Bernaldo Penas Antelo
Bilal Bahadır Yenici
Blake Strom, Microsoft 365 Defender
Blake Strom, Microsoft Threat Intelligence
Bobby, Filar, Elastic
Boominathan Sundaram
Brad Geesaman, @bradgeesaman
Brandon Dalton @PartyD0lphin
Brent Murphy, Elastic
Brian Donohue
Brian Wiltse @evalstrings
Bryan Campbell, @bry_campbell
Bryan Lee
Bryan Onel
BT Security
Caio Silva
Carlos Borges, @huntingneo, CIP
Carrie Roberts, @OrOneEqualsOne
Casey Smith
Catherine Williams, BT Security
Center for Threat-Informed Defense (CTID)
Chen Erlich, @chen_erlich, enSilo
Chris Heald
Chris Roffe
Chris Romano, Crowdstrike
Chris Ross @xorrior
Christiaan Beek, @ChristiaanBeek
Christoffer Strömblad
Christopher Glyer, Mandiant, @cglyer
Christopher Peacock
Cian Heasley
Cisco
Clément Notin, Tenable
Cody Thomas, SpecterOps
Conrad Layne - GE Digital
Craig Aitchison
Craig Smith, BT Security
CrowdStrike
CrowdStrike Falcon OverWatch
Csaba Fitzl @theevilbit of Offensive Security
Cybereason Nocturnus, @nocturnus
Daisuke Suzuki
Dan Borges, @1njection
Dan Nutting, @KerberToast
Daniel Acevedo, @darmad0, ARMADO
Daniel Feichter, @VirtualAllocEx, Infosec Tirol
Daniel Fernando Soriano Espinosa
Daniel Oakley
Daniel Prizmant, Palo Alto Networks
Daniel Stepanic, Elastic
Daniil Yugoslavskiy, @yugoslavskiy, Atomic Threat Coverage project
Daniyal Naeem, BT Security
Darin Smith, Cisco
Darren Spruell
Dave Westgard
David Ferguson, CyberSponse
David Fiser, @anu4is, Trend Micro
David French, Elastic
David Galazin @themalwareman1
David Hughes, BT Security
David Lu, Tripwire
David Routin
David Tayouri
Debabrata Sharma
Deloitte Threat Library Team
Denise Tan
Diogo Fernandes
Diyar Saadi Ali
Dongwook Kim, KISA
Dor Edry, Microsoft
Doron Karmi, @DoronKarmi
Douglas Weir
Dragos Threat Intelligence
Dray Agha, @Purp1eW0lf, Huntress Labs
Drew Church, Splunk
Dror Alon, Palo Alto Networks
Duane Michael
Dylan Silva, AWS Security
Ed Williams, Trustwave, SpiderLabs
Eduardo Chavarro Ovalle
Edward Millington
Edward Stevens
Edward Stevens, BT Security
Elastic
Elger Vinicius S. Rodrigues, @elgervinicius, CYBINT Centre
Eli Salem, @elisalem9
Elia Florio, Microsoft
Eliav Livneh
Eliraz Levi, Hunters
Elly Searle, CrowdStrike — contributed to tactic definitions
Elpidoforos Maragkos, @emaragkos
Elvis Veliz, Citi
Emad Al-Mousa, Saudi Aramco
Emile Kenning, Sophos
Emily Ratliff, IBM
ENDGAME
Eran Ayalon, Cybereason
Eric Kaiser @ideologysec
Eric Kuehn, Secure Ideas
Erik Schamper, @Schamperr, Fox-IT
Erika Noerenberg, @gutterchurl, Carbon Black
Erye Hernandez, Palo Alto Networks
ESET
Expel
ExtraHop
Felipe Espósito, @Pr0teus
Felix Eberstaller
Filip Kafka, ESET
FIRST.ORG's Cyber Threat Intelligence SIG
Flavio Costa, Cisco
Ford Qin, Trend Micro
Francesco Bigarella
FS-ISAC
Gabriel Currie
Gaetan van Diemen, ThreatFabric
Gal Singer, @galsinger29, Team Nautilus Aqua Security
Gareth Phillips, Seek Ltd.
Gavin Knapp
George Allen, VMware Carbon Black
George Thomas
Giorgi Gurgenidze, ISAC
Goldstein Menachem
Gordon Long, Box, Inc., @ethicalhax
Gregory Lesnewich, @greglesnewich
Gunji Satoshi, NEC Corporation
Hannah Simes, BT Security
Hans Christoffer Gaardløs
Harjot Shah Singh

Harry Hill, BT Security
Harry Kim, CODEMIZE
Harshal Tupsamudre, Qualys
Harun Küßner
Heather Linn
Hen Porcilan
Hiroki Nagahama, NEC Corporation
Hubert Mank
Ian Davila, Tidal Cyber
Ian McKay
Ibrahim Ali Khan
ICSCoE Japan
Idan Frimark, Cisco
Idan Revivo, @idanr86, Team Nautilus Aqua Security
Ilan Sokol, Cybereason
Inna Danilevich, U.S. Bank
Isif Ibrahima, Mandiant
Itamar Mizrahi, Cymptom
Itzik Kotler, SafeBreach
Ivan Sinyakov
Ivy Bostock
Jack Burns, HubSpot
Jacob Wilkin, Trustwave, SpiderLabs
Jacques Pluviose, @Jacqueswildy_IT
Jai Minton
Jai Minton, @Cyberraiju
James Dunn, @jamdunnDFW, EY
James_inthe_box, Me
Jan Miller, CrowdStrike
Jan Petrov, Citi
Janantha Marasinghe
Jannie Li, Microsoft Threat Intelligence Center (MSTIC)
Jared Atkinson, @jaredcatkinson
Jared Wilson
Jaron Bradley @jbradley89
Jason Sevilla
Jay Chen, Palo Alto Networks
Jean-Ian Boutin, ESET
Jeff Felling, Red Canary
Jeff Sakowicz, Microsoft Identity Developer Platform Services (IDPM Services)
Jeffrey Barto
Jennifer Kim Roman, CrowdStrike
Jeremy Galloway
Jeremy Hedges
Jeremy Kennelly
Jesse Brown, Red Canary
Jimmy Astle, @AstleJimmy, Carbon Black
Jimmy Wylie, Dragos, Inc.
Jiraput Thamsongkrah
Joas Antonio dos Santos, @C0d3Cr4zy
Joas Antonio dos Santos, @C0d3Cr4zy, Inmetrics
Joe Gervais
Joe Gumke, U.S. Bank
Joe Slowik - Dragos
Joe Wise
Joey Lei
Johann Rehberger
John Lambert, Microsoft Threat Intelligence Center
John Page (aka hyp3rlinx), ApparitionSec
John Strand
Jon Sheedy
Jon Sternstein, Stern Security
Jonathan Boucher, @crash_wave, Bank of Canada
Jonathan Shimonovich, Check Point
Jonhnathan Ribeiro, 3CORESec, @_w0rk3r
Jonny Johnson
Jorell Magtibay, National Australia Bank Limited
Jorge Orchilles, SCYTHE
Jos Wetzels - Midnight Blue
Jose Luis Sánchez Martinez
Josh Abraham
Josh Arenas, Trustwave Spiderlabs
Josh Campbell, Cyborg Security, @cyb0rgsecur1ty
Josh Day, Gigamon
Josh Liburdi, @jshlbrd
Joshua Penny
João Paulo de A. Filho, @Hug1nN__
Juan Carlos Campuzano - Mnemo-CERT
Juan Tapiador
Justin Warner, ICEBRG
Jörg Abraham, EclecticIQ
Karim Hasanen, @_karimhasanen
Kaspersky
Katie Nickels, Red Canary
Kiyohito Yamamoto, RedLark, NTT Communications
Kobi Eisenkraft, Check Point
Kobi Haimovich, CardinalOps
Kostya Vasilkov
Krishnan Subramanian, @krish203
Kyaw Pyiyt Htet, @KyawPyiytHtet
Kyoung-ju Kwak (S2W)
Lab52 by S2 Grupo
Lacework Labs
Lee Christensen, SpecterOps
Leo Loobeek, @leoloobeek
Leo Zhang, Trend Micro
Lior Ribak, SentinelOne
Liora Itkin
Liran Ravich, CardinalOps
Loic Jaquemet
Lorin Wu, Trend Micro
Lucas da Silva Pereira, @vulcanunsec, CIP
Lucas Heiligenstein
Lukáš Štefanko, ESET
Maarten van Dantzig, @MaartenVDantzig, Fox-IT
Magno Logan, @magnologan, Trend Micro
Manikantan Srinivasan, NEC Corporation India
Marc-Etienne M.Léveillé, ESET
Marcus Weeks
Maril Vernon @shewhohacks
Marina Krotofil
Marina Liang
Mark Tsipershtein
Mark Wee
Martin Jirkal, ESET
Martin McCloskey, Datadog
Martin Smolár, ESET
Martin Sohn Christensen, Improsec
Massimiliano Romano, BT Security
Matan Dobrushin - Otorio
Mathieu Hinse
Mathieu Tartare, ESET
Matias Nicolas Porolli, ESET
Matt Brenton, Zurich Global Information Security
Matt Brenton, Zurich Insurance Group
Matt Burrough, @mattburrough, Microsoft
Matt Graeber, @mattifestation, SpecterOps
Matt Green, @mgreen27
Matt Kelly, @breakersall
Matt Mullins
Matt Snyder, VMware
Matthew Demaske, Adaptforward
Matthew Molyett, @s1air, Cisco Talos
Matthieu Faou, ESET
Mayan Arora aka Mayan Mohan
Mayuresh Dani, Qualys
McAfee
Menachem Goldstein
Menachem Shafran, XM Cyber
Michael Cox
Michael Katchinskiy, @michael64194968, Team Nautilus Aqua Security
Michael Raggi @aRtAGGI
Michal Dida, ESET
Microsoft Detection and Response Team (DART)
Microsoft Security
Microsoft Threat Intelligence Center (MSTIC)
Mike Burns, Mandiant
Mike Kemmerer
Mike Moran
Milos Stojadinovic
Mindaugas Gudzis, BT Security
Miriam Wiesner, @miriamxyra, Microsoft Security
Mnemonic
Mnemonic AS
Mohamed Kmal
Mohit Rathore
Monty
Mugdha Peter Bansode
Muhammad Moiz Arshad, @5T34L7H
Nader Zaveri
Nathaniel Quist, Palo Alto Networks
Naveen Devaraja, bolttech
Naveen Vijayaraghavan, Nilesh Dherange (Gurucul)
NEC
Netskope
Nichols Jasper
Nick Cairns, @grotezinfosec
Nick Carr, Mandiant
Nik Seetharaman, Palantir
Nikita Rostovcev, Group-IB
Nikola Kovac
Nino Verde, @LDO_CyberSec, Leonardo's Cyber Security Division
Nishan Maharjan, @loki248
Noam Lifshitz, Sygnia
NST Assure Research Team, NetSentries Technologies
Obsidian Security
Oddvar Moe, @oddvarmoe
Ofir Almkias, Cybereason
Ohad Mana, Check Point
Ohad Zaidenberg, @ohad_mz

Olaf Hartong, Falcon Force
Oleg Kolesnikov, Securonix
Oleg Skulkin, Group-IB
Oleksiy Gayda
Omkar Gudhate
Or Kliger, Palo Alto Networks
Oren Biderman, Sygnia
Oren Ofer, Cybereason
Ozan Olali
Ozer Sarilar, @ozersarilar, STM
Pallavi Sivakumaran, WithSecure
Patrick Campbell, @pjcampbe11
Patrick Sungbahadoor
Paul Speulstra, AECOM Global Security Operations Center
Pawan Kinger, @kingerpawan, Trend Micro
Pawel Partyka, Microsoft 365 Defender
Pawel Partyka, Microsoft Threat Intelligence
Pedro Harrison
Phil Stokes, SentinelOne
Philip Winther
Phill Taylor, BT Security
Phyo Paing Htun (ChiLai), I-Secure Co.,Ltd
Pià Consigny, Tenable
Pooja Natarajan, NEC Corporation India
Praetorian
Prasad Somasamudram, McAfee
Prasanth Sadanala, Cigna Information Protection (CIP) - Threat Response Engineering Team
Prashant Verma, Paladion
Rahmat Nurfauzi, @infosecn1nja, PT Xynexis International
Ram Pliskin, Microsoft Azure Security Center
Raphaël Lheureux
Red Canary
RedHuntLabs, @redhuntlabs
Regina Elwell
Rex Guo, @Xiaofei_REX, Confluera
Ricardo Dias
Richard Gold, Digital Shadows
Richard Julian, Citi
Richie Cyrus, SpecterOps
Rick Cole, Mandiant
Rob Smith
Robby Winchester, @robwinchester3
Robert Falcone
Robert Simmons, @MalwareUtkonos
Robert Wilson
Rodrigo Garcia, Red Canary
Roi Kol, @roykol1, Team Nautilus Aqua Security
Romain Dumont, ESET
Rory McCune, Aqua Security
Ross Brittain
Ruben Dodge, @shotgunner101
Runa Sandvik
Ryan Becwar
Ryan Benson, Exabeam
Ryo Tamura, SecureBrain Corporation
Sahar Shukrun
Saisha Agrawal, Microsoft Threat Intelligent Center (MSTIC)
Sam Seabrook, Duke Energy
Sarathkumar Rajendran, Microsoft Defender365
SarathKumar Rajendran, Trimble Inc
SCILabs
Scott Cook, Capital One
Scott Dougherty
Scott Knight, @sdotknight, VMware Carbon Black
Scott Lundgren, @5twenty9, Carbon Black
Sebastian Salla, McAfee
Sebastian Showell-Westrip, BT Security
Sekhar Sarukkai, McAfee
Selena Larson, @selenalarson
Sergey Persikov, Check Point
Serhii Melnyk, Trustwave SpiderLabs
Shailesh Tiwary (Indian Army)
Shane Tully, @securitygypsy
Shanief Webb
Shankar Raman, Amrita University, Gen Digital, Traboda
Shankar Raman, Gen Digital and Abhinand, Amrita University
Shaul Vilkomir-Preisman
Shilpesh Trivedi, Uptycs
Shlomi Salem, SentinelOne
Shotaro Hamamoto, NEC Solution Innovators, Ltd
Shuhei Sasada, Cyber Defense Institute, Inc
Silvio La Porta, @LDO_CyberSec, Leonardo's Cyber Security Division
Simona David
Sittikorn Sangrattanapitak
SOCCRATES
Stan Hegt, Outflank
Stefan Kanthak
Steven Du, Trend Micro
Sudhanshu Chauhan, @Sudhanshu_C
Sunders Bruskin, Microsoft Threat Intelligence
Sunny Neo
Suzy Schapperle - Microsoft Azure Red Team
Swapnil Kumbhar
Swasti Bhushan Deb, IBM India Pvt. Ltd.
Swetha Prabakaran, Microsoft Threat Intelligence Center (MSTIC)
Syed Ummar Farooqh, McAfee
Sylvain Gil, Exabeam
Sébastien Ruel, CGI
Taewoo Lee, KISA
Tahseen Bin Taj
Takahashi Wataru, NEC Corporation
Takuma Matsumoto, LAC Co., Ltd
Tamir Yehuda
Tatsuya Daitoku, Cyber Defense Institute, Inc.
Ted Samuels, Rapid7
Teodor Cimpoesu
Thanabodi Phrakhun, @naikordian
Thanabodi Phrakhun, I-SECURE
The DFIR Report
The DFIR Report, @TheDFIRReport
The Wover, @TheRealWover
Thijn Bukkems, Amazon
Thirumalai Natarajan, Mandiant
Thomas B
Tiago Faria, 3CORESec
Tim (Wadhwa-)Brown
Tim MalcomVetter
Tim Peck
Toby Kohlenberg
Tom Hegel
Tom Simpson, CrowdStrike Falcon OverWatch
Tom Ueltschi @c_APT_ure
Tony Lambert, Red Canary
Tony Lee
Travis Smith, Qualys
Travis Smith, Tripwire
Trend Micro Incorporated
Tristan Bennett, Seamless Intelligence
Tristan Madani
Tristan Madani (Cybereason)
TruKno
Tsubasa Matsuda, NEC Corporation
Uriel Kosayev
Vadim Khrykov
Valerii Marchuk, Cybersecurity Help s.r.o.
Varonis Threat Labs
Vectra AI
Veeral Patel
Vijay Lalwani
Vikas Singh, Sophos
Vinay Pidathala
Vinayak Wadhwa, Lucideus
Vinayak Wadhwa, SAFE Security
Vincent Le Toux
Viren Chaudhari, Qualys
Vishwas Manral, McAfee
Walker Johnson
Wataru Takahashi, NEC Corporation
Wayne Silva, F-Secure Countercept
Wes Hurd
Wietze Beukema, @wietze
Will Alexander
Will Jolliffe
Will Thomas, Cyjax
Will Thomas, Equinix
Will Thomas, Equinix Threat Analysis Center (ETAC)
William Cain
Wirapong Petshagun
Wojciech Lesicki
Xavier Rousseau
Yaniv Agman, @AgmanYaniv, Team Nautilus Aqua Security
Yasuhito Kawanishi, NEC Corporation
Ye Yint Min Thu Htut, Offensive Security Team, DBS Bank
Yinon Engelsman, Talon Cyber Security
Yonatan Gotlib, Deep Instinct
Yonatan Gotlib, Talon Cyber Security
Yoshihiro Kori, NEC Corporation
Yossi Nisani, Cymptom
Yossi Weizman, Azure Defender Research Team
Yossi Weizman, Microsoft Threat Intelligence
Yusuke Kubo, RedLark, NTT Communications
Yusuke Niwa, ITOCHU Corporation
Yuval Avrahami, Palo Alto Networks
Yves Yonan
Zachary Abzug, @ZackDoesML
Zachary Stanford, @svch0st
Zaw Min Htun, @Z3TAE
Ziv Karliner, @ziv_kr, Team Nautilus Aqua Security
Ziv Kaspersky, Cymptom
Zur Ulianitzky, XM Cyber

Thanks to those who have contributed to ATT&CK!