@mitre-attack/attack-data-model
Version:
A TypeScript API for the MITRE ATT&CK data model
246 lines (244 loc) • 6.24 kB
JavaScript
;
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from))
if (!__hasOwnProp.call(to, key) && key !== except)
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
}
return to;
};
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
// src/schemas/common/open-vocabulary.ts
var open_vocabulary_exports = {};
__export(open_vocabulary_exports, {
AttackMotivationOV: () => AttackMotivationOV,
AttackResourceLevelOV: () => AttackResourceLevelOV,
IdentityClassOV: () => IdentityClassOV,
ImplementationLanguageOV: () => ImplementationLanguageOV,
IndicatorTypeOV: () => IndicatorTypeOV,
IndustrySectorOV: () => IndustrySectorOV,
MalwareCapabilityOV: () => MalwareCapabilityOV,
MalwareTypeOV: () => MalwareTypeOV,
MitreCollectionLayerOV: () => MitreCollectionLayerOV,
PatternTypeOV: () => PatternTypeOV,
ProcessorArchitectureOV: () => ProcessorArchitectureOV,
ToolTypeOV: () => ToolTypeOV
});
module.exports = __toCommonJS(open_vocabulary_exports);
var import_v4 = require("zod/v4");
var MalwareTypeOV = import_v4.z.enum([
"adware",
"backdoor",
"bot",
"bootkit",
"ddos",
"downloader",
"dropper",
"exploit-kit",
"keylogger",
"ransomware",
"remote-access-trojan",
"resource-exploitation",
"rogue-security-software",
"rootkit",
"screen-capture",
"spyware",
"trojan",
"virus",
"webshell",
"wiper",
"worm",
"unknown"
]);
var ProcessorArchitectureOV = import_v4.z.enum([
"alpha",
"arm",
"ia-64",
"mips",
"powerpc",
"sparc",
"x86",
"x86-64"
]);
var ImplementationLanguageOV = import_v4.z.enum([
"applescript",
"bash",
"c",
"c++",
"c#",
"go",
"java",
"javascript",
"lua",
"objective-c",
"perl",
"php",
"powershell",
"python",
"ruby",
"scala",
"swift",
"typescript",
"visual-basic",
"x86-32",
"x86-64"
]);
var MalwareCapabilityOV = import_v4.z.enum([
"accesses-remote-machines",
"anti-debugging",
"anti-disassembly",
"anti-emulation",
"anti-memory-forensics",
"anti-sandbox",
"anti-vm",
"captures-input-peripherals",
"captures-output-peripherals",
"captures-system-state-data",
"cleans-traces-of-infection",
"commits-fraud",
"communicates-with-c2",
"compromises-data-integrity",
"compromises-data-availability",
"compromises-system-availability",
"controls-local-machine",
"degrades-security-software",
"degrades-system-updates",
"determines-c2-server",
"emails-spam",
"escalates-privileges",
"evades-av",
"exfiltrates-data",
"fingerprints-host",
"hides-artifacts",
"hides-executing-code",
"infects-files",
"infects-remote-machines",
"installs-other-components",
"persists-after-system-reboot",
"prevents-artifact-access",
"prevents-artifact-deletion",
"probes-network-environment",
"self-modifies",
"steals-authentication-credentials",
"violates-system-operational-integrity"
]);
var ToolTypeOV = import_v4.z.enum([
"denial-of-service",
"exploitation",
"information-gathering",
"network-capture",
"credential-exploitation",
"remote-access",
"vulnerability-scanning",
"unknown"
]);
var IdentityClassOV = import_v4.z.enum([
"individual",
"group",
"system",
"organization",
"class",
"unspecified"
]);
var AttackMotivationOV = import_v4.z.enum([
"accidental",
"coercion",
"dominance",
"ideology",
"notoriety",
"organizational-gain",
"personal-gain",
"personal-satisfaction",
"revenge",
"unpredictable"
]);
var AttackResourceLevelOV = import_v4.z.enum([
"individual",
"club",
"contest",
"team",
"organization",
"government"
]);
var IndustrySectorOV = import_v4.z.enum([
"agriculture",
"aerospace",
"automotive",
"chemical",
"commercial",
"communications",
"construction",
"defense",
"education",
"energy",
"entertainment",
"financial-services",
"government",
"government-emergency-services",
"government-local",
"government-national",
"government-public-services",
"government-regional",
"healthcare",
"hospitality-leisure",
"infrastructure",
"infrastructure-dams",
"infrastructure-nuclear",
"infrastructure-water",
"insurance",
"manufacturing",
"mining",
"non-profit",
"pharmaceuticals",
"retail",
"technology",
"telecommunications",
"transportation",
"utilities"
]);
var MitreCollectionLayerOV = import_v4.z.enum([
"Cloud Control Plane",
"Host",
"Report",
"Container",
"Device",
"OSINT",
"Network"
]);
var PatternTypeOV = import_v4.z.enum(["spl", "stix", "pcre", "sigma", "snort", "suricata", "yara"]).meta({
description: "This is a non-exhaustive, open vocabulary that covers common pattern languages and is intended to characterize the pattern language that the indicator pattern is expressed in."
});
var IndicatorTypeOV = import_v4.z.enum([
"anomalous-activity",
"anonymization",
"benign",
"compromised",
"malicious-activity",
"attribution",
"unknown"
]).meta({
description: "Indicator type is an open vocabulary used to categorize Indicators. It is intended to be high-level to promote consistent practices. Indicator types should not be used to capture information that can be better captured via related Malware or Attack Pattern objects. It is better to link an Indicator to a Malware object describing Poison Ivy rather than simply providing a type or label of 'poison-ivy.'"
});
// Annotate the CommonJS export names for ESM import in node:
0 && (module.exports = {
AttackMotivationOV,
AttackResourceLevelOV,
IdentityClassOV,
ImplementationLanguageOV,
IndicatorTypeOV,
IndustrySectorOV,
MalwareCapabilityOV,
MalwareTypeOV,
MitreCollectionLayerOV,
PatternTypeOV,
ProcessorArchitectureOV,
ToolTypeOV
});