| Sub-technique Name |
sub_technique_name |
Recommended |
String |
The name of the attack sub-technique, as defined by ATT&CK MatrixTM. |
| Sub-technique ID |
sub_technique_uid |
Recommended |
String |
The unique identifier of the attack sub-technique, as defined by ATT&CK MatrixTM. |
| Tactics |
tactic_ids |
Recommended |
Integer Array |
The tactics that are associated with the attack technique (To be deprecated, use tactic_uids).
| 1 | Enterprise: Initial Access | | |
| 2 | Enterprise: Execution | | |
| 3 | Enterprise: Persistence | | |
| 4 | Enterprise: Privilege Escalation | | |
| 5 | Enterprise: Defense Evasion | | |
| 6 | Enterprise: Credential Access | | |
| 7 | Enterprise: Discovery | | |
| 8 | Enterprise: Lateral Movement | | |
| 9 | Enterprise: Collection | | |
| 10 | Enterprise: Exfiltration | | |
| 11 | Enterprise: Command and Control | | |
| 12 | PRE-ATT&CK: Priority Definition Planning | | |
| 13 | PRE-ATT&CK: Priority Definition Direction | | |
| 14 | PRE-ATT&CK: Target Selection | | |
| 15 | PRE-ATT&CK: Technical Information Gathering | | |
| 16 | PRE-ATT&CK: People Information Gathering | | |
| 17 | PRE-ATT&CK: Organizational Information Gathering | | |
| 18 | PRE-ATT&CK: Technical Weakness Identification | | |
| 19 | PRE-ATT&CK: People Weakness Identification | | |
| 20 | PRE-ATT&CK: Organizational Weakness Identification | | |
| 21 | PRE-ATT&CK: Adversary OPSEC | | |
| 22 | PRE-ATT&CK: Establish & Maintain Infrastructure | | |
| 23 | PRE-ATT&CK: Persona Development | | |
| 24 | PRE-ATT&CK: Build Capabilities | | |
| 25 | PRE-ATT&CK: Test Capabilities | | |
| 26 | PRE-ATT&CK: Stage Capabilities | | |
| 27 | Mobile: Initial Access | | |
| 28 | Mobile: Persistence | | |
| 29 | Mobile: Privilege Escalation | | |
| 30 | Mobile: Defense Evasion | | |
| 31 | Mobile: Credential Access | | |
| 32 | Mobile: Discovery | | |
| 33 | Mobile: Lateral Movement | | |
| 34 | Mobile: Effects | | |
| 35 | Mobile: Collection | | |
| 36 | Mobile: Exfiltration | | |
| 37 | Mobile: Command and Control | | |
| 38 | Mobile: Network Effects | | |
| 39 | Mobile: Remote Service Effects | | |
| 40 | Enterprise: Impact | | |
|
| Tactics |
tactic_uids |
Recommended |
String Array |
The tactics that are associated with the attack technique, as defined by ATT&CK MatrixTM. |
| Technique Name |
technique_name |
Recommended |
String |
The name of the attack technique, as defined by ATT&CK MatrixTM. For example: Drive-by Compromise. |
| Technique ID |
technique_uid |
Recommended |
String |
The unique identifier of the attack technique, as defined by ATT&CK MatrixTM. For example: T1189. |