Subtechnique

The Subtechnique object contains data about a sub-technique in the MITRE ATT&CK matrix.

Structure

Key

Type

Description

id

string

Sub-technique identifier.

name

string

Sub-technique name.

url

string

Web page at https://attack.mitre.org with the sub-technique description and other relevant information.

rules

object/null

List of triggered rules.

 

malicious

string[]

List of rules that have been triggered due to malicious activity of the sample.

 

neutral

string[]

List of rules that have been triggered due to neutral activity of the sample.

 

suspicious

string[]

List of rules that have been triggered due to suspicious activity of the sample.

Example

{

   "rules": {

       "neutral": [

           "Sets a written file as executable"

       ]

   },

   "id": "T1222.002",

   "name": "Linux and Mac File and Directory Permissions Modification",

   "url": "https://attack.mitre.org/techniques/T1222/002"

}