Mitre recently completed their first ATT&CK Evaluation specifically for Managed Detection and Response (MDR) vendors. Unlike many past ATT&CK Evaluations where participants were aware of the adversary Tactics, Techniques and Procedures (TTPs), this one was run as a “Black Box”, meaning participants didn’t have advanced notice on the adversary TTPs that they would be faced to defend. In this evaluation, MITRE leveraged the TTPs of OilRig, an Iranian threat group, believed to be state sponsored in funding and research by the Islamic Republic of Iran.