Profiling National State Actors and Analysis of Tactics, Techniques and Procedures based on Mitre Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) Framework /

Abstract

Within our generation we have seen that the nature of threats has slowly changed. They have now evolved to threats without borders and that is an alarming issue. With this work we have tried to solve a problem of identifying those threats for ourselves. The problem that our organizations, both civil and military face is not just the threats that exist but also their motives. The reason for making Mitre ATT&CK framework the core of this research was that it offers an advanced approach as compared to Cyber Kill Chain (CKC). That approach goes through a very thoroughly and systematically created way of not just identifying a threat but also tracing all its steps. With regards to Mitre Framework within Pakistan there is little to no research done and hence I want this to be a starting point for students to add to the work of profiling threats that exist. The reason for choosing profiling is because the best way to stop an intruder is to know where they’ll come from and how to put a stop there. That question is only answered in Mitre ATT&CK framework. With my research I have profiled approximately 800 entities with different Alias and signatures from around the world. The future of this research can be brought to fruition by continuously adding to it and utilizing the Common Knowledge platform of OpenCTI. That platform can be used to our advantage and identify and upgrade the adding amount of threats on daily basis. In short this research is not just a platform for identifying threats but also helping organizations to quickly identify one and save time which would in-turn save the precious data very dear to every entity whether individual or national.