Analyzing Threat Actor Ttps With Mitre Attack

Name: Analyzing Threat Actor Ttps With Mitre Attack
Author: mukul975

mukul975/anthropic-cybersecurity-skills

Produce structured MITRE ATT&CK threat-actor TTP analysis reports with detection coverage gaps and prioritized remediation for solo security-minded builders.

Install

npx skills add https://github.com/mukul975/anthropic-cybersecurity-skills --skill analyzing-threat-actor-ttps-with-mitre-attack

What is this skill?

Full threat actor profile table (aliases, motivation, sectors, malware associations)
14-tactic TTP summary grid aligned to MITRE ATT&CK enterprise tactics
Detailed technique mapping with ATT&CK IDs, sub-techniques, and procedure examples
Detection coverage breakdown: detected, partial, and gap percentages
Prioritized detection gap queue with required data sources and effort estimates

Adoption & trust: 1 installs on skills.sh; 14.9k GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Threat modeling and ATT&CK mapping are canonical security work before and after release, anchored on Ship security for pre-launch hardening. TTP analysis, detection gap tables, and TLP classifications map directly to security subphase deliverables rather than generic documentation.

Common Questions / FAQ

Is Analyzing Threat Actor Ttps With Mitre Attack safe to install?

skills.sh reports 2 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.

SKILL.md

READMESKILL.md - Analyzing Threat Actor Ttps With Mitre Attack

# Threat Actor TTP Analysis Report Template

## Report Metadata
| Field | Value |
|-------|-------|
| Report ID | TTP-YYYY-NNNN |
| Date | YYYY-MM-DD |
| Threat Actor | [Group Name] |
| ATT&CK ID | G[NNNN] |
| Classification | TLP:AMBER |
| Analyst | [Name] |

## Threat Actor Profile

| Attribute | Detail |
|-----------|--------|
| Name | |
| Aliases | |
| Suspected Origin | |
| Motivation | Espionage / Financial / Disruption |
| Active Since | |
| Targeted Sectors | |
| Targeted Regions | |
| Associated Malware | |

## TTP Summary

| Tactic | Technique Count | Key Techniques |
|--------|----------------|----------------|
| Reconnaissance | | |
| Resource Development | | |
| Initial Access | | |
| Execution | | |
| Persistence | | |
| Privilege Escalation | | |
| Defense Evasion | | |
| Credential Access | | |
| Discovery | | |
| Lateral Movement | | |
| Collection | | |
| Command and Control | | |
| Exfiltration | | |
| Impact | | |

## Detailed Technique Mapping

### [Tactic Name]

| ATT&CK ID | Technique | Sub-technique | Procedure Example |
|-----------|-----------|---------------|-------------------|
| T1566.001 | Phishing | Spearphishing Attachment | Actor sends macro-enabled documents |
| | | | |

## Detection Coverage

| Status | Count | Percentage |
|--------|-------|-----------|
| Detected | | % |
| Partial Detection | | % |
| No Detection (Gap) | | % |

## Detection Gaps (Priority Order)

| Priority | ATT&CK ID | Technique | Required Data Source | Effort |
|----------|-----------|-----------|---------------------|--------|
| 1 | | | | Low/Med/High |
| 2 | | | | |

## Recommended Data Sources

| Data Source | Techniques Covered | Current Status |
|------------|-------------------|----------------|
| Process Creation | X techniques | Collecting/Not Collecting |
| Network Traffic Flow | X techniques | |
| File Monitoring | X techniques | |

## ATT&CK Navigator Layer

Layer file: `[group]_navigator_layer.json`

Load at: https://mitre-attack.github.io/attack-navigator/

## Recommendations

1. **Immediate**: Deploy detections for [top 3 gap techniques]
2. **Short-term**: Enable [data source] collection to cover N techniques
3. **Long-term**: Build behavioral analytics for [tactic] coverage



                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions.

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or

What is this skill?

Full threat actor profile table (aliases, motivation, sectors, malware associations)

14-tactic TTP summary grid aligned to MITRE ATT&CK enterprise tactics

Detailed technique mapping with ATT&CK IDs, sub-techniques, and procedure examples

Detection coverage breakdown: detected, partial, and gap percentages

Prioritized detection gap queue with required data sources and effort estimates

Adoption & trust: 1 installs on skills.sh; 14.9k GitHub stars; 2/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Analyzing Threat Actor Ttps With Mitre Attack

# Threat Actor TTP Analysis Report Template

## Report Metadata
| Field | Value |
|-------|-------|
| Report ID | TTP-YYYY-NNNN |
| Date | YYYY-MM-DD |
| Threat Actor | [Group Name] |
| ATT&CK ID | G[NNNN] |
| Classification | TLP:AMBER |
| Analyst | [Name] |

## Threat Actor Profile

| Attribute | Detail |
|-----------|--------|
| Name | |
| Aliases | |
| Suspected Origin | |
| Motivation | Espionage / Financial / Disruption |
| Active Since | |
| Targeted Sectors | |
| Targeted Regions | |
| Associated Malware | |

## TTP Summary

| Tactic | Technique Count | Key Techniques |
|--------|----------------|----------------|
| Reconnaissance | | |
| Resource Development | | |
| Initial Access | | |
| Execution | | |
| Persistence | | |
| Privilege Escalation | | |
| Defense Evasion | | |
| Credential Access | | |
| Discovery | | |
| Lateral Movement | | |
| Collection | | |
| Command and Control | | |
| Exfiltration | | |
| Impact | | |

## Detailed Technique Mapping

### [Tactic Name]

| ATT&CK ID | Technique | Sub-technique | Procedure Example |
|-----------|-----------|---------------|-------------------|
| T1566.001 | Phishing | Spearphishing Attachment | Actor sends macro-enabled documents |
| | | | |

## Detection Coverage

| Status | Count | Percentage |
|--------|-------|-----------|
| Detected | | % |
| Partial Detection | | % |
| No Detection (Gap) | | % |

## Detection Gaps (Priority Order)

| Priority | ATT&CK ID | Technique | Required Data Source | Effort |
|----------|-----------|-----------|---------------------|--------|
| 1 | | | | Low/Med/High |
| 2 | | | | |

## Recommended Data Sources

| Data Source | Techniques Covered | Current Status |
|------------|-------------------|----------------|
| Process Creation | X techniques | Collecting/Not Collecting |
| Network Traffic Flow | X techniques | |
| File Monitoring | X techniques | |

## ATT&CK Navigator Layer

Layer file: `[group]_navigator_layer.json`

Load at: https://mitre-attack.github.io/attack-navigator/

## Recommendations

1. **Immediate**: Deploy detections for [top 3 gap techniques]
2. **Short-term**: Enable [data source] collection to cover N techniques
3. **Long-term**: Build behavioral analytics for [tactic] coverage



                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/

   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

   1. Definitions.

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.

      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.

      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.

      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.

      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or

Install

What is this skill?

Recommended Skills

Journey fit

Is Analyzing Threat Actor Ttps With Mitre Attack safe to install?

SKILL.md

This week for builders

Install

What is this skill?

Recommended Skills

Journey fit

Is Analyzing Threat Actor Ttps With Mitre Attack safe to install?

SKILL.md