Advance Mitre Threat Mapping – Attack Navigator & TRAM Tools

0

OVERVIEW

Mapping and enumeration the Mitre TTP helps us to proactively secure or to harden our internal network, even after a greater evolution of cyber security, it’s been too complicated to manually map the TTP’S for recently discovered attacks.

Features of MITRE Mapping

 List of common advantages of MITRE Mapping

  • To understand the threat actors Behaviors and rely on TTP’s rather than Ioc’s ( Indicator of compromise ).
  • Indicators of attack ( IOA ) leverages security operations to clarify threats and maps to an appropriate attack accordingly.
  • Used to understand post-compromise detection and Helps to Identify, Detect, Monitor, and Respond against real-time cyber attacks
  • Red teams can simulate adversaries TTP’s and Security operations can try to detect such behaviors with correlation rules, Threat hunting.

Also Read: Latest IOCs – Threat Actor URLs , IP’s & Malware Hashes

List of tool for Mitre Mapping

  1. ATTACK NAVIGATOR
  2. TRAM

ATTACK NAVIGATOR

Mitre Attack Navigator an open source web based tool, which is typically used to visualize defensive coverage, red/blue team planning, by default it get presented with three Attack layers to map [Enterprise, Mobile, ICS]

The features of the navigator are to manually map a MITRE ATTACK TTP to virtualize before being execute it, 

TRAM

TRAM → Threat Report Attack Mapper is an open-source automated MITRE ATTACK mapper developed by ATT&CK, which basically parse the information from the given resource and generates an illustrated output, which has been used for a threat hunting report or to harden the network based on the mapped behavior.

GIT REPO → https://github.com/mitre-attack/tram

Feature & Advantage

  1. Open source tool
  2. Easy to configure & deploy
  3. Easy export in multiple format [PDF, JSON]

Also Read: Latest Cyber Security News – Hacker News !

Requirements

  • python3 (3.7+)
  • Google Chrome is our only supported/tested browser

Installation & Deployment

  1. git clone https://github.com/mitre-attack/tram.git
  1. Pip3 install -r requirement.txt

Configuring Tokenizers

To resolve the above-mentioned issue just download & configure Tokenizers as instructed below

Also Read: Advanced Hunting to Find the Ransomware

Configuring data_svc.py

Python3 tram.py

By default, tram gets executed on port 9999 

Generating an Attack MAP

The following steps are required to generate the mitre map

  1. Search for some good resource
  2. Copy the url mitre att&ck
  3. Paste it in Tram dashboard & Assign an relevant tile 
  4. Submit

The Mapping

After all the process the TRAM automatically extract the required information from the given resource and extract the TTP found on the resource 

And later it can be downloaded in two format PDF & JSON format, the JSON format help to view on Attack navigator by opening the upload existing layer option in Attack Navigator

Conclusion

Mitre mapping is considered more important in the case of  Defensive, it probably helps us to understand the attack patterns and to implement the proactive defense, in such cases Attack navigators and tramps play a vital role in it.

Previous articleMalware Analysis Use Cases with ANY.RUN Sandbox
Next articleHow to Secure S3 Bucket Misconfigurations in Amazon Cloud
Harisuthan
A Cyber Security Aspirant Security Researcher | Red-Teamer |

LEAVE A REPLY

Please enter your comment!
Please enter your name here