Which of the following tactic and technique combinations is sourced from MITRE ATT&CK information?

Which of the following tactic and technique combinations is sourced from MITRE ATT&CK information?
A . Falcon Intel via Intelligence Indicator – Domain
B . Machine Learning via Cloud-Based ML
C . Malware via PUP
D . Credential Access via OS Credential Dumping

View Answer

Answer: D

Explanation:

According to the [MITRE ATT&CK website], MITRE ATT&CK is a knowledge base of adversary behaviors and techniques based on real-world observations. The knowledge base is organized into tactics and techniques, where tactics are the high-level goals of an adversary, such as initial access, persistence, lateral movement, etc., and techniques are the specific ways an adversary can achieve those goals, such as phishing, credential dumping, remote file copy, etc. Credential Access via OS Credential Dumping is an example of a tactic and technique combination sourced from MITRE ATT&CK information, which describes how adversaries can obtain credentials from operating system memory or disk storage by using tools such as Mimikatz or ProcDump.