An analyst is reviewing a security incident and needs to map the adversary's actions to the MITRE ATT&CK framework. The attack involved an initial spear phishing email with an attachment that, when opened, executed a malicious payload to establish persistence on the victim's system. What is the BEST classification for this tactic within the MITRE ATT&CK framework?
The correct answer is Persistence. The MITRE ATT&CK framework categorizes 'Persistence' as the tactic used by an adversary to maintain their foothold on a system across restarts, changed credentials, and other interruptions that could cut off their access. The action of establishing persistence on the victim's system after executing a malicious payload from a spear phishing email attack is aligned with this tactic. Other answer choices represent different tactics: 'Reconnaissance' refers to gathering information about the target, 'Defense Evasion' covers techniques an adversary uses to avoid detection, and 'Lateral Movement' involves moving through a network in search of key assets and data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common techniques used for Persistence in cyber attacks?
Open an interactive chat with Bash
Can you explain the differences between Persistence and Defense Evasion within the MITRE ATT&CK framework?
Open an interactive chat with Bash
How does the MITRE ATT&CK framework help in incident response and threat detection?