Read the information provided from LetsDefend for answer.

Read the information provided from LetsDefend for answer.

1958 

2013

Not a fan of this question. A better question would be what is the name of the format that the tactics and techniques are displayed in? or open the framework at MITRE ATT&CK framework and fill in the blank below.

ATT&CK ______ for Enterprise?

Read the information provided from LetsDefend for answer. Options are Mobile, ICS, Enterprise.

Not a fan of this question. A better question would be what is the name of the format that the tactics and techniques are displayed in? or open the framework at MITRE ATT&CK framework and fill in the blank below.

ATT&CK ______ for Enterprise?

Matrix 

Enterprise 

Mobile 

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework

Step 2: Hover over the “Lateral Movement” tactic label and note the answer.

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework

Step 2: Switch to “Mobile” matrices under the “Matrices” tab across the top of the webpage.

Step 3: Hover over the “Persistence” tactic column label and click it.

Step 4: Note the created date in the upper right of the web page for the answer.

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Enterprise” on the “tactics” tab at the top of the webpage.

Step 3: Read through the descriptions of the tactics to find the one that matches the question and note the tactic name for teh answer.

TA0008 

17 October 2018 

Privilege Escalation 

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Enterprise” on the “techniques” tab at the top of the webpage.

Step 3: Search this page for the “T1055” ID name. My suggestion would be to use CTRL-F for this.

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Enterprise” on the “techniques” tab at the top of the webpage.

Step 3: Search this page for the “T1112” ID name. My suggestion would be to use CTRL+F for this.

Step 4: Click on the “T1112” label to be taken to more information on that technique.

Step 5: Note the “Platforms” in the upper right for the answer.

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Search for the “Supply Chain Compromise” within all the techniques listed on this page. Once found look at the column label for the answer. My suggestion would be to use CTRL+F for searching for this.

Process Injection 

Windows

Inital Access

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Mitigations” on the “Defenses” tab at the top of the webpage. Then select “Enterprise” from the options.

Step 3: Search for the “M1032” within all the mitigations listed on this page. Once found look at the name to the right for the answer. My suggestion would be to use CTRL+F for searching for this.

This question seems a little outdated since the quote from the above question is not exactly the same anymore.

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Mitigations” on the “Defenses” tab at the top of the webpage. Then select “Enterprise” from the options.

Step 3: Search for the “Digital Signature Verification” within all the mitigations listed on this page. Once found look at the name to the left for the answer. My suggestion would be to use CTRL+F for searching for this.

Multi-factor Authentication 

Code Signing 

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Groups” under the “CTI” tab at the top of the webpage.

Step 3: Search all groups for the APT named “Oilrig”. CTRL + F

Step 4: Click on the Oilrig name to within the left side panel to be taken to their information page.

Step 5: Search the page for “System Information Discovery” . CTRL + F

Step 6: One of the two commands on the right is the answer. Notice that the question states “associated only with the system information”.

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Groups” under the “CTI” tab at the top of the webpage.

Step 3: Search all groups for the APT named “GOLD NIAGARA”. CTRL + F

Step 4: Make sure the search result also has “ITG14” and “Carbon Spider” listed within the associated groups. The answer is the name of the group to the left.

Systeminfo 

FIN7 

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Software” under the “CTI” tab at the top of the webpage.

Step 3: Search all software for “Cryptoistic” and click on it when found. CTRL + F

Step 4: The answer is in the upper right information. Look for the platform name to the right of “Platforms”

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Software” under the “CTI” tab at the top of the webpage.

Step 3: Search all software for “Rotexy” and click on it when found. CTRL + F

Step 4: The answer is in the upper right information. Look for the type name to the right of “Type”

Step 1: Open the enterprise Matrix at MITRE ATT&CK framework.

Step 2: Select “Software” under the “CTI” tab at the top of the webpage.

Step 3: Search all software for “PUNCHBUGGY”. CTRL + F

Step 4: The answer is in the text to the right.

macOS 

Malware 

FIN8