Accelerating Incident Response with VMRay & MITRE ATT&CK

Feb 21st 2020

In this short video, we will demonstrate how security teams can leverage the mapping of VMRay’s analysis results to the MITRE ATT&CK framework for more effective incident response.

ATT&CK is the industry-standard framework and knowledge base of adversary tactics and techniques, threat groups, and related software and tools.

The entire MITRE ATT&CK framework is mapped to VMRay Threat Identifiers (VTIs). This allows security teams to understand the scale and impact of an incident fast, leading to actionable mitigation measures.

In this analysis of a malicious RTF document we will use VTI matches and the MITRE ATT&CK framework to answer the following questions:

  • What application was targeted?
  • What file was stolen?
  • What API call was used?