STIX Wiki
STIX Wiki

Overview

IntroductionGetting StartedWalkthrough

Reference

Domain Objects
Attack PatternCampaignCourse of ActionGroupingIdentityIncidentIndicatorInfrastructureIntrusion SetLocationMalware AnalysisMalwareNoteObserved DataOpinionReportThreat ActorToolVulnerability
Relationship Objects
Cyber-observable Objects
Meta Objects
Bundle Object
Domain Objects

Attack Pattern

Attack Patterns are a type of TTP that describe ways that adversaries attempt to compromise targets. Attack Patterns are used to help categorize attacks, generalize specific attacks to the patterns that they follow, and provide detailed information about how attacks are performed. An example of an attack pattern is "spear phishing": a common type of attack where an attacker sends a carefully crafted e-mail message to a party with the intent of getting them to click a link or open an attachment to deliver malware. Attack Patterns can also be more specific; spear phishing as practiced by a particular threat actor (e.g., they might generally say that the target won a contest) can also be an Attack Pattern.

The Attack Pattern SDO contains textual descriptions of the pattern along with references to externally-defined taxonomies of attacks such as CAPEC or MITRE.

Properties

Required Common Properties
typespec_versionidcreatedmodifiedname
Optional Common Properties
created_by_reflabelsrevokedconfidencelangexternal_referencesobject_marking_refsgranular_markingsextensions
Not Applicable
defanged
Attack Pattern Specific
aliasesnamedescriptionkill_chain_phases
PropertyTypeDescription
typeoptional
stringThe type of this object, which MUST be the literal `attack-pattern`.
aliasesoptional
list of stringAlternative names used to identify this Attack Pattern.
namerequired
stringThe name used to identify the Attack Pattern.
descriptionoptional
stringA description that provides more details and context about the Attack Pattern, potentially including its purpose and its key characteristics.
kill_chain_phasesoptional
list of objectThe list of kill chain phases for which this attack pattern is used.

Relationships

These are the relationships explicitly defined between the Attack Pattern object and other STIX Objects. The first section lists the embedded relationships by property name along with their corresponding target. The rest of the table identifies the relationships that can be made from this object type to another object type by way of the Relationship object. The reverse relationships section illustrates the relationships targeting this object type from another object type. They are included here for convenience. For their definitions, please see the "Source" object.

Relationships are not restricted to those listed below. Relationships can be created between any objects using the related-to relationship type or, as with open vocabularies, user-defined names.

Common Relationships
duplicate-ofderived-fromrelated-to

Embedded Relationships

created_by_ref
identifier(of typeidentity)
object_marking_refs
listof typeidentifier(of typemarking-definition)

Forward Relationships

SourceRelationshipTargetDescription
attack-patterndelivers
malware
This Relationship describes that this Attack Pattern is used to deliver this malware instance (or family).
attack-patterntargets
identity, location, vulnerability
This Relationship describes that this Attack Pattern typically targets the type of victim, location, or vulnerability represented by the related Identity, Location, or Vulnerability object.
attack-patternuses
malware, tool
This Relationship describes that the related Malware or Tool is used to perform the behavior identified in the Attack Pattern.

Reverse Relationships

SourceRelationship TypeTargetDescription
indicator
indicatesattack-patternSee forward relationship for definition.
course-of-action
mitigatesattack-patternSee forward relationship for definition.
campaign, intrusion-set, malware, threat-actor
usesattack-patternSee forward relationship for definition.

Domain Objects

Previous Page

Campaign

Next Page

On this page

PropertiesRelationships