@inproceedings{10dc0752d3f44961a76cd4e358c1390a,
title = "SoK: ATT&CK techniques and trends in windows malware",
abstract = "In an ever-changing landscape of adversary tactics, techniques and procedures (TTPs), malware remains the tool of choice for attackers to gain a foothold on target systems. The Mitre ATT&CK framework is a taxonomy of adversary TTPs. It is meant to advance cyber threat intelligence (CTI) by establishing a generic vocabulary to describe post-compromise adversary behavior. This paper discusses the results of automated analysis of a sample of 951 Windows malware families, which have been plotted on the ATT&CK framework. Based on the framework{\textquoteright}s tactics and techniques we provide an overview of established techniques within Windows malware and techniques which have seen increased adoption over recent years. Within our dataset we have observed an increase in techniques applied for fileless execution of malware, discovery of security software and DLL side-loading for defense evasion. We also show how a sophisticated technique, command and control (C&C) over IPC named pipes, is getting adopted by less sophisticated actor groups. Through these observations we have identified how malware authors are innovating techniques in order to bypass established defenses.",
keywords = "Advanced persistent threats, ATT&CK framework, Classification, Cyber threat intelligence, Malware analysis",
author = "Kris Oosthoek and Christian Doerr",
year = "2019",
doi = "10.1007/978-3-030-37228-6_20",
language = "English",
isbn = "9783030372279",
volume = "304",
series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",
publisher = "Springer",
pages = "406--425",
editor = "Songqing Chen and Choo, {Kim-Kwang Raymond} and Xinwen Fu and Wenjing Lou and Aziz Mohaisen",
booktitle = "Security and Privacy in Communication Networks - 15th EAI International Conference, SecureComm 2019, Proceedings",
note = "15th International Conference on Security and Privacy in Communication Networks, SecureComm 2019 ; Conference date: 23-10-2019 Through 25-10-2019",
}