Sign Up for Our Newsletter
* indicates required

MITRE ATT&CK Matrix and Threatcare

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is the industry standard for simulating cyber attacks.

With information changing daily, sometimes hourly, it can be difficult to keep up with the best practices of network protection. Luckily, MITRE developed a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. This framework has quickly become the standard to see if your security controls measure up to cybercriminals.

Threatcare’s leading Breach and Attack Simulation (BAS) solution maps to this popular MITRE ATT&CK framework. BAS solutions simulate (and automate) adversary behavior in a non-malicious manner, helping your organization gain insights into areas of potential vulnerability. Learn more about Breach and Attack Simulations.

Threatcare’s desktop BAS application maps to MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CKTM) for Enterprise by focusing on techniques, tactics, and procedures (TTPs) that adversaries use to make decisions, expand access, and execute their objectives within a network. Try Threatcare for free.

Threatcare aligns with the following MITRE ATT&CK tactics and their corresponding techniques. We frequently update our library of simulations, regularly adding additional MITRE tactics and techniques to Threatcare.

You can also see how Threatcare maps to the MITRE ATT&CK framework by downloading our MITRE ATT&CK Matrix.


Command-line interface, Mshta, Powershell, Scripting, Source, Space after Filename, Trap


User Execution, Create Account, Hidden Files and Directories, Trap

Defense Evasion

Access Token Manipulation, Clear Command History, Deobfuscate/Decode Files or Information, File Deletion, HISTCONTROL, Indicator Removal on Host, Mshta, Network Share Connection Removal, Space and Filename, Timestomp, Web Service

Credential Access

Brute Force, Credential Dumping, Credentials in Files


Account Discovery, File and Directory Discovery, Network Service Scanning, Remote System Directory, Security Software Discovery

Lateral Movement

Logon Scripts, Pass the Hash, Remote Desktop Protocol


Automated Collection, Data from Local System, Screen Capture


Data Compressed, Data Encrypted, Exfiltration Over Command and Control Protocol

Command and Control

Uncommonly Used Report, Web Service


To find out how you can leverage a solution like Threatcare, check out this Breach and Attack Simulation Guide written by Mike Ripp.

Threatcare creates Breach and Attack Simulation software for humans.