This site has been deprecated in favor of and will remain in place until 11/1/22.


From attackics
Jump to navigation Jump to search

You can contribute to ATT&CK.

ATT&CK is in a constant state of development. We are always on the lookout for new information to help refine and extend what is covered. If you have incident data related to ICS attacks, knowledge of additional techniques or variations/refinement of ones already covered, have examples of techniques in use, or have other relevant information then we would like to hear from you.

We are looking for contributions in the areas mentioned below in particular, but if you have other information you think may be useful, please reach us at

All contributions and feedback to ATT&CK are appreciated. Due to the high volume of contributions, it may take us about a week to get back to you. We may ask you follow-up questions to help us understand your contribution and gather additional information.


We appreciate your help to let us know about what new techniques and technique variations adversaries and red teamers are using. You can start by emailing us the technique name, a brief description, and references or knowledge about how it is being used by adversaries or red teams. We suggest you take a close look at what we already have on our site, paying attention to the level of abstraction of techniques. Since we are working on adding new technique details constantly, we will deconflict what you send with what we’re working on. We’ll provide feedback and work with you to get the content added.

Threat Intelligence[edit]

We map Group and Software examples on our site, and we're constantly looking for more open source threat intelligence reporting to drive this activity. We appreciate your help with referenced information about how Groups and Software samples use ATT&CK techniques. Threat intelligence contributions are most helpful to us when they are in the specific format we have on our website, including citing techniques and group names or associated groups to publicly-available references. We ask that you provide the technique name, a brief description of how the technique is implemented, and the publicly-available reference.

Data Sources[edit]

We often don’t have direct access to endpoint or network log data for technique use in incidents. We’re always looking for partners who would be interested in sharing relevant data from logs that show how adversaries are using ATT&CK techniques beyond what appears in threat reporting.

Your Use Cases[edit]

It’s always helpful for us to hear about how you’re using ATT&CK in your organization. We appreciate any information you can share with us about your specific use case or application of ATT&CK, and particularly any success stories you’ve had as a result.

Content Errors on the Website[edit]

If you find errors or typos on the site related to content, please let us know by sending an email to with the subject Website Content Error.

Please let us know the following:

  • The url where you found the error.
  • A short description of the error.

Examples of errors:

  • Typos and syntax errors
  • Improperly formatted web pages


The following individuals or organizations have contributed information regarding tactics, techniques, details on how to detect and/or mitigate use of a technique, or threat intelligence on adversary use:

Joe Slowik - Dragos
Conrad Layne - GE Digital
Daisuke Suzuki
Dragos Threat Intelligence
ICSCoE Japan

Jos Wetzels - Midnight Blue
Marina Krotofil; Jos Wetzels - Midnight Blue
Matan Dobrushin - Otorio
Scott Dougherty

Thanks to those who have contributed to ATT&CK!