Subset: AttackSdos
ATT&CK STIX Domain Objects (SDOs) — the primary objects representing tactics, techniques, groups, campaigns, software, mitigations, assets, data sources, data components, matrices, collections, analytics, detection strategies, and identity.
URI: AttackSdos
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
Classes in subset
| Class | Description |
|---|---|
| Analytic | Analytics contain the concrete, platform-specific detection logic implementin... |
| Asset | Assets represent physical or logical systems, devices, and technologies withi... |
| AttackCampaign | Campaigns represent a grouping of adversary behaviors and resources with a co... |
| AttackIdentity | The ATT&CK Identity object represents MITRE Corporation, the organization tha... |
| AttackMalware | Malware represents malicious software programs that adversaries use to accomp... |
| AttackSoftware | Abstract superclass for ATT&CK Software objects, representing both Malware an... |
| AttackTool | Tools represent legitimate software programs that adversaries may abuse or re... |
| Collection | Collections are versioned snapshots of an ATT&CK dataset grouping all STIX ob... |
| DataComponent | Data Components represent specific types of observable events or artifacts wi... |
| DataSource | DEPRECATED as of ATT&CK Specification 3 |
| DetectionStrategy | Detection Strategies define high-level, platform-agnostic approaches for dete... |
| Group | Groups represent clusters of adversary activity attributed to a common actor,... |
| Matrix | ATT&CK Matrices define the structural layout and organization of tactics and ... |
| Mitigation | Mitigations describe defensive measures, security controls, and configuration... |
| Tactic | Tactics represent the adversary's high-level strategic objectives during an a... |
| Technique | Techniques describe the specific methods adversaries use to achieve tactical ... |
Slots from Analytic also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_log_source_references | * LogSourceReference |
A list of log source references that link this analytic to specific data comp... |
| x_mitre_modified_by_ref | 0..1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_mutable_elements | * MutableElement |
Environment-tunable parameters within this analytic that defenders can adjust... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_platforms | * AttackPlatformEnum |
The single target platform for this analytic |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from Asset also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 0..1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_platforms | * AttackPlatformEnum |
The set of technology platforms or operating environments to which this ATT&C... |
| x_mitre_related_assets | * RelatedAsset |
Sector-specific aliases and related device types associated with this primary... |
| x_mitre_sectors | * AttackAssetSectorEnum |
The industry sectors in which this ICS Asset is commonly observed or deployed |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from AttackCampaign also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_first_seen_citation | 1 CitationString |
One or more inline citation references documenting the original sources that ... |
| x_mitre_last_seen_citation | 1 CitationString |
One or more inline citation references documenting the original sources that ... |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from AttackIdentity also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 0..1 AttackVersionString |
Not present on ATT&CK Identity objects |
Slots from AttackMalware also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_aliases | * String |
ATT&CK-recognized alternative names or aliases for this software object (Malw... |
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_platforms | * AttackPlatformEnum |
The set of technology platforms or operating environments to which this ATT&C... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from AttackSoftware also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from AttackTool also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_aliases | * String |
ATT&CK-recognized alternative names or aliases for this software object (Malw... |
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_platforms | * AttackPlatformEnum |
The set of technology platforms or operating environments to which this ATT&C... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from Collection also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contents | 1..* ObjectVersionReference |
Ordered list of versioned references to all ATT&CK STIX objects included in t... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_modified_by_ref | 0..1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from DataComponent also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_data_source_ref | 0..1 StixIdentifier |
DEPRECATED |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_log_sources | * LogSource |
Platform-specific log collection configurations for detecting this event type |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from DataSource also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_collection_layers | 1..* AttackCollectionLayerEnum |
The technology stack layers from which telemetry for this Data Source can be ... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_platforms | * AttackPlatformEnum |
The set of technology platforms or operating environments to which this ATT&C... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from DetectionStrategy also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_analytic_refs | 1..* StixIdentifier |
STIX IDs of x-mitre-analytic objects implementing this strategy |
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | 1..* String |
People and organizations who contributed to this detection strategy |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from Group also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 0..1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from Matrix also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| tactic_refs | 1..* StixIdentifier |
Ordered list of x-mitre-tactic STIX IDs defining the column order of tactics ... |
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from Mitigation also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from Tactic also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_modified_by_ref | 1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_shortname | 1 AttackTacticShortNameEnum |
The machine-readable short identifier for an ATT&CK tactic |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots from Technique also in attack_sdos
| Name | Cardinality and Range | Description |
|---|---|---|
| x_mitre_attack_spec_version | 1 SemverString |
The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_contributors | * String |
Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_data_sources | * String |
DEPRECATED in ATT&CK Specification v3 |
| x_mitre_defense_bypassed | * AttackDefenseBypassEnum |
DEPRECATED in ATT&CK Specification v3 |
| x_mitre_deprecated | 0..1 Boolean |
Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_detection | 0..1 String |
DEPRECATED in ATT&CK Specification v3 |
| x_mitre_domains | 1..* AttackDomainEnum |
The ATT&CK technology domains to which this object belongs |
| x_mitre_effective_permissions | * AttackEffectivePermissionsEnum |
DEPRECATED in ATT&CK Specification v3 |
| x_mitre_impact_type | * AttackImpactTypeEnum |
Indicates whether this technique can be used for availability attacks, integr... |
| x_mitre_is_subtechnique | 1 Boolean |
Boolean flag indicating whether this attack-pattern is a sub-technique (true)... |
| x_mitre_modified_by_ref | 0..1 StixIdentifier |
The STIX ID of the identity object that created the current version of this o... |
| x_mitre_network_requirements | 0..1 Boolean |
Boolean indicating whether this technique requires network connectivity as a ... |
| x_mitre_old_attack_id | 0..1 String |
A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_permissions_required | * AttackPermissionsRequiredEnum |
DEPRECATED in ATT&CK Specification v3 |
| x_mitre_platforms | * AttackPlatformEnum |
The set of technology platforms or operating environments to which this ATT&C... |
| x_mitre_remote_support | 0..1 Boolean |
DEPRECATED in ATT&CK Specification v3 |
| x_mitre_system_requirements | * String |
DEPRECATED in ATT&CK Specification v3 |
| x_mitre_tactic_type | * AttackTacticTypeEnum |
Indicates the adversary's device access model for Mobile ATT&CK techniques |
| x_mitre_version | 1 AttackVersionString |
The version of this ATT&CK object content in 'major |
Slots in subset
| Slot | Description |
|---|---|
| tactic_refs | An ordered list of STIX IDs referencing x-mitre-tactic objects that constitut... |
| x_mitre_aliases | ATT&CK-recognized alternative names or aliases for this software object (Malw... |
| x_mitre_analytic_refs | An ordered array of STIX IDs referencing x-mitre-analytic objects that implem... |
| x_mitre_attack_spec_version | The version of the ATT&CK Data Model specification used to construct this obj... |
| x_mitre_collection_layers | The technology stack layers from which telemetry for this Data Source can be ... |
| x_mitre_contents | An ordered list of versioned object references specifying the exact version o... |
| x_mitre_contributors | Names of people and organizations who have contributed to the creation or enr... |
| x_mitre_data_source_ref | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_data_sources | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_defense_bypassed | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_deprecated | Boolean flag indicating that this ATT&CK object has been deprecated and shoul... |
| x_mitre_detection | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_domains | The ATT&CK technology domains to which this object belongs |
| x_mitre_effective_permissions | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_first_seen_citation | One or more inline citation references documenting the original sources that ... |
| x_mitre_impact_type | Indicates whether this technique can be used for availability attacks, integr... |
| x_mitre_is_subtechnique | Boolean flag indicating whether this attack-pattern is a sub-technique (true)... |
| x_mitre_last_seen_citation | One or more inline citation references documenting the original sources that ... |
| x_mitre_log_source_references | A list of log source references that link this analytic to specific data comp... |
| x_mitre_log_sources | Platform-specific log collection configurations for this data component |
| x_mitre_modified_by_ref | The STIX ID of the identity object that created the current version of this o... |
| x_mitre_mutable_elements | Environment-tunable parameters within this analytic that defenders can adjust... |
| x_mitre_network_requirements | Boolean indicating whether this technique requires network connectivity as a ... |
| x_mitre_old_attack_id | A legacy ATT&CK ID previously assigned to this object before a knowledge base... |
| x_mitre_permissions_required | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_platforms | The set of technology platforms or operating environments to which this ATT&C... |
| x_mitre_related_assets | Sector-specific aliases and related device types associated with this primary... |
| x_mitre_remote_support | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_sectors | The industry sectors in which this ICS Asset is commonly observed or deployed |
| x_mitre_shortname | The machine-readable short identifier for an ATT&CK tactic |
| x_mitre_system_requirements | DEPRECATED in ATT&CK Specification v3 |
| x_mitre_tactic_type | Indicates the adversary's device access model for Mobile ATT&CK techniques |
| x_mitre_version | The version of this ATT&CK object content in 'major |