Attack Flow Library

Real-incident attack-flows from the Center for Threat-Informed Defense Attack Flow corpus — Black Basta, Conti, NotPetya, SolarWinds, REvil, Equifax, Target, Uber, and more, each modeled as a sequence of ATT&CK techniques and published as a STIX 2.1 bundle. This view lists the corpus from a single GitHub listing; opening a flow fetches just that one bundle on demand and renders its STIX objects + relationship graph. Apache-2.0; attribution to the Center for Threat-Informed Defense.