attack-stix-data
attack-stix-data copied to clipboard
STIX data representing MITRE ATT&CK
File enterprise-attack, the following 2 IDs are referenced in relationship objects but are not defined in the file: malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878
WMI Creation's description [Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)] has been added to other data sources: Network...
#3 #close This is a follow-on for #3. The previous invalid UUID4 used for the ID for `x-mitre-collection`: ``` x-mitre-collection--23320f4-22ad-8467-3b73-ed0c869a12838 x-mitre-collection--12345678-1234-4321-1234-1234567890ab x-mitre-collection--xxxxxxxx-xxxx-4xxx-xxxx-xxxxxxxxxxxx ``` ...was updated in #13 to be: ```...
1.) In Release v13.1 : "external_id": "G0097" -- appearing in both "x_mitre_domains": "mobile-attack" and "enerprise-attack" mobile-attack-13.1.json 17685: "external_id": "G0097", 17687: "url": "https://attack.mitre.org/groups/G0097" 17697: "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign...
Hi, Just a heads-up I found a new field/property in the latest version, which is not reported in the USAGE.md file. I caught it because my input python classes (extensions...
Object property extensions are currently being implemented under the depreciated 2.0 standard. Where custom properties are inserted into the object's json, with 'x_' appended to the property name. This mode...
v13.0 bundle ids match in both mitre/cti and mitre-attack/attack-stix-data, but content is different
when we build a copy of the attack website for our sneakernet enclave, we typically use the mitre/cti copy of the stix. But our mirror of this site is behind...
In the 13.0 release, some techniques in the ICS bundle have `kill_chain_phases.phase_name` that don't match the `x_mitre_shortname` in any of the tactics in the bundle. [Relevant documentation here.](https://github.com/mitre-attack/attack-stix-data/blob/master/USAGE.md#tactics) For example,...
Hi! I'm trying to query mitre to get the relevant APTs or TTPs of a certain indicator. I've tried to use Filter where my query is basically indicator.value =
Hi, I am not 100% sure, whether relationships used in Attack, both existing Stix ones and new Attack ones, have additional attack-specific fields. Can you advise please? I note that...