Knowledge base of adversary tactics, techniques and procedures (TTPs) drawn from real-world observations.
MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) is a globally accessible knowledge base of adversary behaviour. The framework organises observed real-world attacks into a matrix of Tactics (the adversary's goal, e.g. Initial Access, Execution, Defense Evasion) and Techniques (the means, e.g. T1059 Command and Scripting Interpreter, T1078 Valid Accounts).
Sub-techniques (e.g. T1059.001 PowerShell, T1078.004 Cloud Accounts) refine a parent technique with platform or method-specific variants. The current Enterprise matrix covers 14 tactics and several hundred techniques and is updated quarterly.
ATT&CK is the de-facto vocabulary detection engineers use to describe what an attack does and what coverage exists against it. SIEM rules, EDR detections and threat-intel reports almost universally reference ATT&CK technique IDs.