Comments (2)
ElJocko
commented on June 4, 2024
There isn't a link directly in either of the technique (attack-pattern) objects. Instead, the two techniques are linked by a revoked-by relationship object. This is the STIX specified method for linking a revoked object with the object that supersedes it. Here's that relationship with T1050 referenced in the source_ref property and T1543.003 referenced in the target_ref property:
{
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"id": "relationship--5fa955eb-63da-4281-8904-03f6c04c9d8d",
"type": "relationship",
"created": "2020-03-17T16:21:36.718Z",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"modified": "2022-04-25T14:00:00.188Z",
"relationship_type": "revoked-by",
"source_ref": "attack-pattern--478aa214-2ca7-4ec0-9978-18798e514790",
"target_ref": "attack-pattern--2959d63f-73fd-46a1-abd2-109d7dcede32",
"x_mitre_version": "1.0",
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"spec_version": "2.1",
"x_mitre_attack_spec_version": "2.1.0",
"x_mitre_domains": [
"enterprise-attack"
]
}
from attack-stix-data.
jecarr
commented on June 4, 2024
Thanks @ElJocko for the quick reply!
from attack-stix-data.
Related Issues (20)
- found registry hive typo in enterprise-mitre v11.3 json HOT 4
- Description of WMI Creation added to multiple other data sources
- CVE and ATT&CK - Question HOT 2
- Invalid UUID in enterprise-attack.json
- M1027
- Broken Links to data source entries in STIX file HOT 1
- Question: Do relationships include custom Attack properties?
- Cyclic refs in stix-capec.json
- Missing reference for x_mitre_platforms property on relationships
- Question: How to get the relevant APTs or TTPs of a certain indicator.
- Kill Chain (phase_name) may not match Tactic (x_mitre_shortname) HOT 1
- v13.0 bundle ids match in both mitre/cti and mitre-attack/attack-stix-data, but content is different
- ATT&CK's STIX Property Extensions Use Deprecated Standard HOT 1
- Please update Usage docs when introducing new fields
- Discussion: stix data terms of use can block contributions to CNCF projects HOT 3
- v13.1 having Duplicated G0097 and S0302 spanning both [enterprise-attack and mobile-attack] Stix JSON files HOT 1
- Use TAGs for the corresponding version of MITRE ATT&CK HOT 1
- Bug: All MITRE ATT&CK ICS Techniques have "x_mitre_platforms": [ "None" ] HOT 7
- Software Discovery HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attack-stix-data.