Most cyber security practitioners are by now aware of the Mitre ATT&CK framework and the tremendous potential it holds for increasing the understanding and mitigation of adversary TTPs. Within the Computer Science realm however, the framework has caught less altitude than in the infosec blogosphere. Also, in academia mental models for cyber security seem to be less of an discussion (or concern perhaps). In theory, there is no difference between theory and practice.
So, my research paper on the applicability of the ATT&CK framework for malware analysis got accepted into SecureComm 2019. The analysis of a corpus of 900+ Windows malware families for this paper returned some interesting results, about which I will be blogging here over the next couple of months. Apart from lots of ATT&CK technique trends, we have also have some interesting APT-related findings and we have identified important lessons for CTI.