An analyst is reviewing a security incident and needs to map the adversary's actions to the MITRE ATT&CK framework. The attack involved an initial spear phishing email with an attachment that, when opened, executed a malicious payload to establish persistence on the victim's system. What is the BEST classification for this tactic within the MITRE ATT&CK framework?
The correct answer is Persistence. The MITRE ATT&CK framework categorizes 'Persistence' as the tactic used by an adversary to maintain their foothold on a system across restarts, changed credentials, and other interruptions that could cut off their access. The action of establishing persistence on the victim's system after executing a malicious payload from a spear phishing email attack is aligned with this tactic. Other answer choices represent different tactics: 'Reconnaissance' refers to gathering information about the target, 'Defense Evasion' covers techniques an adversary uses to avoid detection, and 'Lateral Movement' involves moving through a network in search of key assets and data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the MITRE ATT&CK framework?
Open an interactive chat with Bash
What are examples of techniques under the 'Persistence' tactic?
Open an interactive chat with Bash
How does 'Persistence' differ from 'Defense Evasion' in the MITRE ATT&CK framework?