Advance Mitre Threat Mapping – Attack Navigator & TRAM Tools



Mapping and enumeration the Mitre TTP helps us to proactively secure or to harden our internal network, even after a greater evolution of cyber security, it’s been too complicated to manually map the TTP’S for recently discovered attacks.

Features of MITRE Mapping

 List of common advantages of MITRE Mapping

  • To understand the threat actors Behaviors and rely on TTP’s rather than Ioc’s ( Indicator of compromise ).
  • Indicators of attack ( IOA ) leverages security operations to clarify threats and maps to an appropriate attack accordingly.
  • Used to understand post-compromise detection and Helps to Identify, Detect, Monitor, and Respond against real-time cyber attacks
  • Red teams can simulate adversaries TTP’s and Security operations can try to detect such behaviors with correlation rules, Threat hunting.

Also Read: Latest IOCs – Threat Actor URLs , IP’s & Malware Hashes

List of tool for Mitre Mapping

  2. TRAM


Mitre Attack Navigator an open source web based tool, which is typically used to visualize defensive coverage, red/blue team planning, by default it get presented with three Attack layers to map [Enterprise, Mobile, ICS]

The features of the navigator are to manually map a MITRE ATTACK TTP to virtualize before being execute it, 


TRAM → Threat Report Attack Mapper is an open-source automated MITRE ATTACK mapper developed by ATT&CK, which basically parse the information from the given resource and generates an illustrated output, which has been used for a threat hunting report or to harden the network based on the mapped behavior.


Feature & Advantage

  1. Open source tool
  2. Easy to configure & deploy
  3. Easy export in multiple format [PDF, JSON]

Also Read: Latest Cyber Security News – Hacker News !


  • python3 (3.7+)
  • Google Chrome is our only supported/tested browser

Installation & Deployment

  1. git clone
  1. Pip3 install -r requirement.txt

Configuring Tokenizers

To resolve the above-mentioned issue just download & configure Tokenizers as instructed below

Also Read: Advanced Hunting to Find the Ransomware



By default, tram gets executed on port 9999 

Generating an Attack MAP

The following steps are required to generate the mitre map

  1. Search for some good resource
  2. Copy the url mitre att&ck
  3. Paste it in Tram dashboard & Assign an relevant tile 
  4. Submit

The Mapping

After all the process the TRAM automatically extract the required information from the given resource and extract the TTP found on the resource 

And later it can be downloaded in two format PDF & JSON format, the JSON format help to view on Attack navigator by opening the upload existing layer option in Attack Navigator


Mitre mapping is considered more important in the case of  Defensive, it probably helps us to understand the attack patterns and to implement the proactive defense, in such cases Attack navigators and tramps play a vital role in it.

Previous articleMalware Analysis Use Cases with ANY.RUN Sandbox
Next articleHow to Secure S3 Bucket Misconfigurations in Amazon Cloud
A Cyber Security Aspirant Security Researcher | Red-Teamer |


Please enter your comment!
Please enter your name here