The document outlines MITRE ATT&CK CTI's goals to enhance the understanding of the threat landscape, focusing on expanding geographic and actor representation. It emphasizes the importance of accurately capturing state-directed threats, crimeware groups, and critical malware, while acknowledging the challenges of covering the vast array of adversary tools. Additionally, it highlights the need to utilize campaign objects more effectively for representing long-running groups and ecrime operations.

1. MITRE ATT&CK® Updates:
CTI – Path Forward
Joe Slowik, ATT&CK CTI Lead, MITRE
@jfslowik
/joe-slowik
© 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00134-12.

2. Overall ATT&CK CTI Goals
Capture The RELEVANT Threat Landscape In A TIMELY
Fashion*
Work To Improve Coverage On Additional Geographies &
ECrime Actors
Leverage Campaign Objects For More Accurate
Representation Of How Activity Changes Over Time
© 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00134-12.

3. Defining ATT&CK CTI
Groups Software
Campaigns
© 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00134-12.

4. Group Priorities
APT
• Continue Capturing
New & Emerging State-
Directed Threats
• Ensure ATT&CK Has
Most Up-To-Date Info
As Possible
Crimeware
• Continue Expanding
Representation Of
Crimeware Entities
• Work To Disambiguate
Between Groups,
Software, & Campaigns
© 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00134-12.

5. Software Priorities
• Ensure Important, Unique Malware Is Captured In ATT&CK
• Expand Coverage Of Stealers & Intermediate Tools
• Hard Decisions Necessary Given Sheer Volume Of Adversary Tooling
Malware
• Improve Coverage Of Ransomware Families
• Actual Technical Interest Is Low As Capabilities Are Fairly Consistent
• However, High Levels Of Industry Demand
Ransomware
• Capture Relevant Non-Malware Tools Used In Intrusions
• RMM Tools Are A Tricky Area - Lots Of Them, We'll Never Cover Them
All!
Tools &
Utilities
© 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00134-12.

6. Campaign Priorities
Campaigns Remain Underutilized In ATT&CK, This Will Be Changing Including Modifying
Community Submissions Into Campaign Objects
Problem With Long-Running Groups Where They Increasingly Seem To Use "All Techniques"
As Updates Are Applied
Murky Relationships Among Multiple Actors In ECrime Operations Make Campaign Representation
Often More Applicable Than Explicit Groups
© 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00134-12.

7. https://attack.mitre.org
attack@mitre.org
@mitreattack
Joe Slowik
@jfslowik
/joe-slowik
© 2024 The MITRE Corporation. All rights reserved. Approved for public release. Distribution unlimited 24-00134-12.