| AttackMalware |
Malware represents malicious software programs that adversaries use to accomp... |
no |
| AttackIdentity |
The ATT&CK Identity object represents MITRE Corporation, the organization tha... |
no |
| Grouping |
A Grouping object explicitly asserts that the referenced STIX Objects have a ... |
no |
| Ipv6Addr |
The IPv6 Address Object represents one or more IPv6 addresses expressed using... |
no |
| Mitigation |
Mitigations describe defensive measures, security controls, and configuration... |
no |
| CourseOfAction |
A Course of Action is an action taken either to prevent an attack or to respo... |
no |
| WindowsRegistryKey |
The Registry Key Object represents the properties of a Windows registry key |
no |
| AttackCampaign |
Campaigns represent a grouping of adversary behaviors and resources with a co... |
no |
| AttackObject |
Abstract base class for all versioned ATT&CK objects (SDOs and SROs) |
no |
| CyberObservableCore |
Common properties and behavior across all Cyber Observable Objects |
yes |
| Sighting |
A Sighting denotes the belief that something in CTI (e |
no |
| Software |
The Software Object represents high-level properties associated with software... |
no |
| File |
The File Object represents the properties of a file |
no |
| Identity |
Identities can represent actual individuals, organizations, or groups (e |
no |
| Tool |
Tools are legitimate software that can be used by threat actors to perform at... |
no |
| Indicator |
Indicators contain a pattern that can be used to detect suspicious or malicio... |
no |
| MarkingDefinition |
The marking-definition object represents a specific marking |
yes |
| AttackTool |
Tools represent legitimate software programs that adversaries may abuse or re... |
no |
| Technique |
Techniques describe the specific methods adversaries use to achieve tactical ... |
no |
| Opinion |
An Opinion is an assessment of the correctness of the information in a STIX O... |
no |
| AttackRelationship |
ATT&CK Relationship objects connect ATT&CK STIX objects using typed semantic ... |
no |
| AutonomousSystem |
The AS object represents the properties of an Autonomous Systems (AS) |
no |
| MacAddr |
The MAC Address Object represents a single Media Access Control (MAC) address |
no |
| Report |
Reports are collections of threat intelligence focused on one or more topics,... |
no |
| Group |
Groups represent clusters of adversary activity attributed to a common actor,... |
no |
| Core |
Common properties and behavior across all STIX Domain Objects and STIX Relati... |
yes |
| UserAccount |
The User Account Object represents an instance of any type of user account, i... |
no |
| AttackPattern |
Attack Patterns are a type of TTP that describe ways that adversaries attempt... |
no |
| DataComponent |
Data Components represent specific types of observable events or artifacts wi... |
no |
| Matrix |
ATT&CK Matrices define the structural layout and organization of tactics and ... |
no |
| Mutex |
The Mutex Object represents the properties of a mutual exclusion (mutex) obje... |
no |
| Malware |
Malware is a type of TTP that is also known as malicious code and malicious s... |
no |
| NetworkTraffic |
The Network Traffic Object represents arbitrary network traffic that originat... |
no |
| CyberObservableObject |
|
no |
| Analytic |
Analytics contain the concrete, platform-specific detection logic implementin... |
no |
| DataSource |
DEPRECATED as of ATT&CK Specification 3 |
no |
| Relationship |
The Relationship object is used to link together two SDOs in order to describ... |
no |
| StixRelationshipObject |
|
no |
| Collection |
Collections are versioned snapshots of an ATT&CK dataset grouping all STIX ob... |
no |
| DetectionStrategy |
Detection Strategies define high-level, platform-agnostic approaches for dete... |
no |
| Directory |
The Directory Object represents the properties common to a file system direct... |
no |
| Url |
The URL Object represents the properties of a uniform resource locator (URL) |
no |
| StixDomainObject |
|
no |
| Infrastructure |
Infrastructure objects describe systems, software services, and associated ph... |
no |
| Location |
A Location represents a geographic location |
no |
| ThreatActor |
Threat Actors are actual individuals, groups, or organizations believed to be... |
no |
| LanguageContent |
The language-content object represents text content for STIX Objects represen... |
no |
| AttackMarkingDefinition |
ATT&CK Marking Definition objects apply data handling constraints to ATT&CK c... |
no |
| DomainName |
The Domain Name represents the properties of a network domain name |
no |
| ObservedData |
Observed data conveys information that was observed on systems and networks, ... |
no |
| MalwareAnalysis |
Malware Analysis captures the metadata and results of a particular analysis p... |
no |
| Asset |
Assets represent physical or logical systems, devices, and technologies withi... |
no |
| Tactic |
Tactics represent the adversary's high-level strategic objectives during an a... |
no |
| ExtensionDefinition |
The STIX Extension Definition object allows producers of threat intelligence ... |
no |
| Campaign |
A Campaign is a grouping of adversary behavior that describes a set of malici... |
no |
| Process |
The Process Object represents common properties of an instance of a computer ... |
no |
| X509Certificate |
The X509 Certificate Object represents the properties of an X |
no |
| Incident |
The Incident object in STIX 2 |
no |
| Ipv4Addr |
The IPv4 Address Object represents one or more IPv4 addresses expressed using... |
no |
| IntrusionSet |
An Intrusion Set is a grouped set of adversary behavior and resources with co... |
no |
| Artifact |
The Artifact Object permits capturing an array of bytes (8-bits), as a base64... |
no |
| Note |
A Note is a comment or note containing informative text to help explain the c... |
no |
| Vulnerability |
A Vulnerability is a mistake in software that can be directly used by a hacke... |
no |
| EmailAddr |
The Email Address Object represents a single email address |
no |
| AttackSoftware |
Abstract superclass for ATT&CK Software objects, representing both Malware an... |
no |
| EmailMessage |
The Email Message Object represents an instance of an email message |
no |