Matrix

Key	Type	Description
id	string	Tactic identifier.
name	string	Tactic name.
url	string	Web page at https://attack.mitre.org with the tactic description and other relevant information.
techniques	array [Technique]	The list of techniques.

"id": "TA0005",

"name": "Defense Evasion",

"url": "https://attack.mitre.org/tactics/TA0005",

"techniques": [

{

"rules": null,

"id": "T1070",

"name": "Indicator Removal",

"url": "https://attack.mitre.org/techniques/T1070",

"subtechniques": [

{

"rules": {

"neutral": ["Changes the time when the file was created, accessed, or modified"]

"id": "T1070.006",

"name": "Timestomp",

"url": "https://attack.mitre.org/techniques/T1070/006"

}

]

{

"rules": null,

"id": "T1222",

"name": "File and Directory Permissions Modification",

"url": "https://attack.mitre.org/techniques/T1222",

"subtechniques": [

{

"rules": {

"neutral": ["Sets a written file as executable"]

"id": "T1222.002",

"name": "Linux and Mac File and Directory Permissions Modification",

"url": "https://attack.mitre.org/techniques/T1222/002"

}

]

{

"rules": {

"suspicious": ["Writes files to system directory"]

"id": "T1574",

"name": "Hijack Execution Flow",

"url": "https://attack.mitre.org/techniques/T1574"

{

"rules": null,

"id": "T1036",

"name": "Masquerading",

"url": "https://attack.mitre.org/techniques/T1036",

"subtechniques": [

{

"rules": {

"suspicious": ["Substitutes an application name"]

"id": "T1036.004",

"name": "Masquerade Task or Service",

"url": "https://attack.mitre.org/techniques/T1036/004"

}

]

}

]