情境

拿著圖與主管解釋完畢後，去找其他資安團隊要求協助

你寫這手法不夠清楚啊，像是上傳惡意檔案是用什麼方式，另一個團隊表示質疑

好的，我再補上ATT&CK的編號

介紹

官方網站
https://attack.mitre.org/

以前大家針對攻擊手法說明各有各的命名，兩方可能用同一個名稱結果手法不同
為了讓大家有共同的語言，所以MITRE這個組織就出來制定ATT&CK，大家反應相當好，
因為解決了一致性問題，且定義好分類，緩解措施及檢測方式，方便查找人們閱讀及開發程式自動化

以下為官方介紹
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

REF

https://samsclass.info/152/152_F22.shtml

https://feifei.tw/attck-intro/