| AttackMalware |
Malware represents malicious software programs that adversaries use to accomp... |
yes |
| AttackIdentity |
The ATT&CK Identity object represents MITRE Corporation, the organization tha... |
no |
| Grouping |
A Grouping object explicitly asserts that the referenced STIX Objects have a ... |
no |
| CourseOfAction |
A Course of Action is an action taken either to prevent an attack or to respo... |
no |
| Mitigation |
Mitigations describe defensive measures, security controls, and configuration... |
yes |
| AttackCampaign |
Campaigns represent a grouping of adversary behaviors and resources with a co... |
yes |
| AttackObject |
Abstract base class for all versioned ATT&CK objects (SDOs and SROs) |
yes |
| Sighting |
A Sighting denotes the belief that something in CTI (e |
no |
| Identity |
Identities can represent actual individuals, organizations, or groups (e |
no |
| Tool |
Tools are legitimate software that can be used by threat actors to perform at... |
no |
| Indicator |
Indicators contain a pattern that can be used to detect suspicious or malicio... |
no |
| MarkingDefinition |
The marking-definition object represents a specific marking |
no |
| AttackTool |
Tools represent legitimate software programs that adversaries may abuse or re... |
yes |
| Technique |
Techniques describe the specific methods adversaries use to achieve tactical ... |
no |
| Opinion |
An Opinion is an assessment of the correctness of the information in a STIX O... |
no |
| AttackRelationship |
ATT&CK Relationship objects connect ATT&CK STIX objects using typed semantic ... |
no |
| Report |
Reports are collections of threat intelligence focused on one or more topics,... |
no |
| Group |
Groups represent clusters of adversary activity attributed to a common actor,... |
no |
| Core |
Common properties and behavior across all STIX Domain Objects and STIX Relati... |
no |
| AttackPattern |
Attack Patterns are a type of TTP that describe ways that adversaries attempt... |
no |
| DataComponent |
Data Components represent specific types of observable events or artifacts wi... |
yes |
| Matrix |
ATT&CK Matrices define the structural layout and organization of tactics and ... |
yes |
| Malware |
Malware is a type of TTP that is also known as malicious code and malicious s... |
no |
| Analytic |
Analytics contain the concrete, platform-specific detection logic implementin... |
yes |
| DataSource |
DEPRECATED as of ATT&CK Specification 3 |
yes |
| Relationship |
The Relationship object is used to link together two SDOs in order to describ... |
no |
| StixRelationshipObject |
|
no |
| Collection |
Collections are versioned snapshots of an ATT&CK dataset grouping all STIX ob... |
yes |
| DetectionStrategy |
Detection Strategies define high-level, platform-agnostic approaches for dete... |
yes |
| Infrastructure |
Infrastructure objects describe systems, software services, and associated ph... |
no |
| StixDomainObject |
|
no |
| Location |
A Location represents a geographic location |
no |
| ThreatActor |
Threat Actors are actual individuals, groups, or organizations believed to be... |
no |
| LanguageContent |
The language-content object represents text content for STIX Objects represen... |
no |
| AttackMarkingDefinition |
ATT&CK Marking Definition objects apply data handling constraints to ATT&CK c... |
yes |
| ObservedData |
Observed data conveys information that was observed on systems and networks, ... |
no |
| MalwareAnalysis |
Malware Analysis captures the metadata and results of a particular analysis p... |
no |
| Asset |
Assets represent physical or logical systems, devices, and technologies withi... |
yes |
| Tactic |
Tactics represent the adversary's high-level strategic objectives during an a... |
yes |
| ExtensionDefinition |
The STIX Extension Definition object allows producers of threat intelligence ... |
no |
| Campaign |
A Campaign is a grouping of adversary behavior that describes a set of malici... |
no |
| Incident |
The Incident object in STIX 2 |
no |
| IntrusionSet |
An Intrusion Set is a grouped set of adversary behavior and resources with co... |
no |
| Note |
A Note is a comment or note containing informative text to help explain the c... |
no |
| Vulnerability |
A Vulnerability is a mistake in software that can be directly used by a hacke... |
no |
| AttackSoftware |
Abstract superclass for ATT&CK Software objects, representing both Malware an... |
no |