Need help with community-threats?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

299 Stars 36 Forks MIT License 144 Commits 0 Opened issues


The largest, public library of adversary emulation plans in JSON. A place to share custom SCYTHE threats with the community. #ThreatThursday

Services available


Need anything else?

Contributors list

Adversary Emulation Plan Library

This repository is for sharing adversary emulation plans in JSON format. Currently we support SCYTHE threats and MITRE ATT&CK Navigator both of which use JSON.

How-to use the library

  1. Select the adversary folder you are interested in.
  2. Review the README if available or the #ThreatThursday blog post:
  3. Download the raw JSON file for the platform you would like to use.

Import into SCYTHE

  1. Login to the SCYTHE instance where you want to migrate the threat to
  2. Click Threat Manager - Migrate Threats
  3. Under "Import Threat" click “Choose File” and select the JSON file
  4. Click Import

Import into MITRE ATT&CK Navigator

  1. Launch MITRE ATT&CK Navigator:
  2. Click the + next to the layer on the top left.
  3. Select Open Existing Layer
  4. Upload from local - upload the JSON downloaded from the library, syntax is $ADVERSARYNAMEATT&CKNavigator.json
  5. You can also load it straight from GitHub by using raw JSON URL link and replacing the #layerurl:

Community Effort

SCYTHE believes in giving back to the community and encourages everyone to do the same. Please submit pull requests with new threats in their respective folder and we will review and approve.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.