MITRE ATT&CK for the Software Supply Chain

MITRE ATT&CK is a community catalogue of adversary tactics (the why, e.g. Initial Access, Execution, Persistence, Exfiltration) and techniques (the how). Mapping package malware to ATT&CK gives everyone a shared language and makes detections comparable.

How package attacks map

Why tag findings with ATT&CK

Verifi tags findings with ATT&CK techniques automatically so they slot into the tooling your SOC already uses. The platform →