Enum: AttackPlatformEnum
Closed enumeration of all technology platforms supported across ATT&CK domains. Platforms represent specific operating environments or technology stacks within which adversary techniques are applicable. Values must be unique within any x_mitre_platforms array; duplicates are not permitted.
URI: attack:AttackPlatformEnum
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| Windows | None | Microsoft Windows desktop and server operating systems |
| Linux | None | Linux-based operating systems (all distributions) |
| macOS | None | Apple macOS operating system |
| Android | None | Google Android mobile operating system |
| iOS | None | Apple iOS and iPadOS mobile operating systems |
| Azure AD | None | Microsoft Azure Active Directory — cloud identity and access management |
| Google Workspace | None | Google Workspace productivity suite (formerly G Suite), including Gmail, Driv... |
| Office Suite | None | Office productivity suites (Microsoft 365, etc |
| SaaS | None | Software-as-a-Service cloud applications accessible via a web browser |
| IaaS | None | Infrastructure-as-a-Service cloud platforms (AWS, Azure, GCP compute, storage... |
| Containers | None | Container runtimes and orchestration platforms (Docker, Kubernetes, etc |
| ESXi | None | VMware ESXi hypervisor platform |
| Identity Provider | None | Identity and Access Management (IAM) provider systems |
| Network Devices | None | Network infrastructure devices such as routers, switches, and firewalls |
| PRE | None | Pre-compromise activities such as reconnaissance and resource development |
| None | None | No specific platform dependency; technique applies generically |
| Field Controller/RTU/PLC/IED | None | ICS field controllers, Remote Terminal Units (RTUs), Programmable Logic Contr... |
| Data Historian | None | ICS data historian systems that record and store process data over time |
| Engineering Workstation | None | ICS engineering workstations used to program and configure field devices |
| Control Server | None | ICS supervisory control servers including SCADA and DCS master stations |
| Human-Machine Interface | None | ICS HMI systems providing operator visualization and control interfaces |
| Input/Output Server | None | ICS Input/Output servers that interface between control networks and field de... |
| Safety Instrumented System/Protection Relay | None | ICS safety systems including Safety Instrumented Systems (SIS) and protection... |
| Embedded | None | Embedded systems and firmware environments in specialized hardware |
Slots
| Name | Description |
|---|---|
| x_mitre_platforms | The set of technology platforms or operating environments to which this ATT&C... |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
LinkML Source
name: AttackPlatformEnum
description: Closed enumeration of all technology platforms supported across ATT&CK
domains. Platforms represent specific operating environments or technology stacks
within which adversary techniques are applicable. Values must be unique within any
x_mitre_platforms array; duplicates are not permitted.
from_schema: https://w3id.org/lmodel/attack
rank: 1000
permissible_values:
Windows:
text: Windows
description: Microsoft Windows desktop and server operating systems.
Linux:
text: Linux
description: Linux-based operating systems (all distributions).
macOS:
text: macOS
description: Apple macOS operating system.
Android:
text: Android
description: Google Android mobile operating system.
iOS:
text: iOS
description: Apple iOS and iPadOS mobile operating systems.
Azure AD:
text: Azure AD
description: Microsoft Azure Active Directory — cloud identity and access management.
Google Workspace:
text: Google Workspace
description: Google Workspace productivity suite (formerly G Suite), including
Gmail, Drive, etc.
Office Suite:
text: Office Suite
description: Office productivity suites (Microsoft 365, etc.).
SaaS:
text: SaaS
description: Software-as-a-Service cloud applications accessible via a web browser.
IaaS:
text: IaaS
description: Infrastructure-as-a-Service cloud platforms (AWS, Azure, GCP compute,
storage, etc.).
Containers:
text: Containers
description: Container runtimes and orchestration platforms (Docker, Kubernetes,
etc.).
ESXi:
text: ESXi
description: VMware ESXi hypervisor platform.
Identity Provider:
text: Identity Provider
description: Identity and Access Management (IAM) provider systems.
Network Devices:
text: Network Devices
description: Network infrastructure devices such as routers, switches, and firewalls.
PRE:
text: PRE
description: Pre-compromise activities such as reconnaissance and resource development.
None:
text: None
description: No specific platform dependency; technique applies generically.
Field Controller/RTU/PLC/IED:
text: Field Controller/RTU/PLC/IED
description: ICS field controllers, Remote Terminal Units (RTUs), Programmable
Logic Controllers (PLCs), and Intelligent Electronic Devices (IEDs).
Data Historian:
text: Data Historian
description: ICS data historian systems that record and store process data over
time.
Engineering Workstation:
text: Engineering Workstation
description: ICS engineering workstations used to program and configure field
devices.
Control Server:
text: Control Server
description: ICS supervisory control servers including SCADA and DCS master stations.
Human-Machine Interface:
text: Human-Machine Interface
description: ICS HMI systems providing operator visualization and control interfaces.
Input/Output Server:
text: Input/Output Server
description: ICS Input/Output servers that interface between control networks
and field devices.
Safety Instrumented System/Protection Relay:
text: Safety Instrumented System/Protection Relay
description: ICS safety systems including Safety Instrumented Systems (SIS) and
protection relays.
Embedded:
text: Embedded
description: Embedded systems and firmware environments in specialized hardware.