PreATTCK

PREATTACK, commonly written PRE-ATT&CK, is a knowledge base published by MITRE that documents attacker behaviors and techniques that occur before an initial compromise of a target organization. It is designed to capture the activities threat actors perform prior to gaining access to systems or networks, including information gathering, target selection, and capability development.

Scope and structure: The framework organizes pre-attack techniques into categories describing stages before initial access. Each

Relation to ATT&CK and usage: PRE-ATT&CK complements ATT&CK by filling the pre-incident gap, and mapping between

Examples and scope: Common pre-attack activities described include reconnaissance, resource development (acquiring infrastructure and tools), social

Accessibility and context: PRE-ATT&CK is publicly available through MITRE and is used by researchers and practitioners