CTID
MITRE formed an organization named The Center of Threat-Informed Defense (CTID). This organization consists of various companies and vendors from around the globe. Their objective is to conduct research on cyber threats and their TTPs and share this research to improve cyber defense for all.
Some of the companies and vendors who are participants of CTID:
- AttackIQ (founder)
- Verizon
- Microsoft (founder)
- Red Canary (founder)
- Splunk
Per the website, “Together with Participant organizations, we cultivate solutions for a safer world and advance threat-informed defense with open-source software, methodologies, and frameworks. By expanding upon the MITRE ATT&CK knowledge base, our work expands the global understanding of cyber adversaries and their tradecraft with the public release of data sets critical to better understanding adversarial behavior and their movements.”
Adversary Emulation Library & ATT&CK® Emulations Plans
The Adversary Emulation Library is a public library making adversary emulation plans a free resource for blue/red teamers. The library and the emulations are a contribution from CTID. There are several ATT&CK® Emulation Plans currently available: APT3, APT29, and FIN6. The emulation plans are a step-by-step guide on how to mimic the specific threat group. If any of the C-Suite were to ask, “how would we fare if APT29 hits us?” This can easily be answered by referring to the results of the execution of the emulation plan.