This research introduces a framework to map Android malware behavior to specific adversarial tactics and techniques, enabling more sophisticated threat intelligence.

• Bridges the gap between binary malware detection and understanding specific attack behaviors
• Leverages the MITRE ATT&CK framework to classify malware based on tactical objectives
• Provides actionable intelligence for security teams to develop targeted defenses
• Demonstrates effectiveness through analysis of real-world Android malware samples

This approach matters because it transforms malware detection from simple yes/no classification to comprehensive behavioral profiling, allowing security professionals to understand attacker methodologies and develop more effective countermeasures.

DroidTTP: Mapping Android Applications with TTP for Cyber Threat Intelligence