@mitre-attack/attack-data-model

import { z } from 'zod/v4'; /** * Naming convention for OV variables: * Open vocabularies MUST * - use singular tense: MalwareType as opposed to MalwareType~s~ * - use the suffix: "OV" * - Follow ProperCase */ declare const MalwareTypeOV: z.ZodEnum<{ unknown: "unknown"; adware: "adware"; backdoor: "backdoor"; bot: "bot"; bootkit: "bootkit"; ddos: "ddos"; downloader: "downloader"; dropper: "dropper"; "exploit-kit": "exploit-kit"; keylogger: "keylogger"; ransomware: "ransomware"; "remote-access-trojan": "remote-access-trojan"; "resource-exploitation": "resource-exploitation"; "rogue-security-software": "rogue-security-software"; rootkit: "rootkit"; "screen-capture": "screen-capture"; spyware: "spyware"; trojan: "trojan"; virus: "virus"; webshell: "webshell"; wiper: "wiper"; worm: "worm"; }>; declare const ProcessorArchitectureOV: z.ZodEnum<{ alpha: "alpha"; arm: "arm"; "ia-64": "ia-64"; mips: "mips"; powerpc: "powerpc"; sparc: "sparc"; x86: "x86"; "x86-64": "x86-64"; }>; declare const ImplementationLanguageOV: z.ZodEnum<{ "x86-64": "x86-64"; applescript: "applescript"; bash: "bash"; c: "c"; "c++": "c++"; "c#": "c#"; go: "go"; java: "java"; javascript: "javascript"; lua: "lua"; "objective-c": "objective-c"; perl: "perl"; php: "php"; powershell: "powershell"; python: "python"; ruby: "ruby"; scala: "scala"; swift: "swift"; typescript: "typescript"; "visual-basic": "visual-basic"; "x86-32": "x86-32"; }>; declare const MalwareCapabilityOV: z.ZodEnum<{ "accesses-remote-machines": "accesses-remote-machines"; "anti-debugging": "anti-debugging"; "anti-disassembly": "anti-disassembly"; "anti-emulation": "anti-emulation"; "anti-memory-forensics": "anti-memory-forensics"; "anti-sandbox": "anti-sandbox"; "anti-vm": "anti-vm"; "captures-input-peripherals": "captures-input-peripherals"; "captures-output-peripherals": "captures-output-peripherals"; "captures-system-state-data": "captures-system-state-data"; "cleans-traces-of-infection": "cleans-traces-of-infection"; "commits-fraud": "commits-fraud"; "communicates-with-c2": "communicates-with-c2"; "compromises-data-integrity": "compromises-data-integrity"; "compromises-data-availability": "compromises-data-availability"; "compromises-system-availability": "compromises-system-availability"; "controls-local-machine": "controls-local-machine"; "degrades-security-software": "degrades-security-software"; "degrades-system-updates": "degrades-system-updates"; "determines-c2-server": "determines-c2-server"; "emails-spam": "emails-spam"; "escalates-privileges": "escalates-privileges"; "evades-av": "evades-av"; "exfiltrates-data": "exfiltrates-data"; "fingerprints-host": "fingerprints-host"; "hides-artifacts": "hides-artifacts"; "hides-executing-code": "hides-executing-code"; "infects-files": "infects-files"; "infects-remote-machines": "infects-remote-machines"; "installs-other-components": "installs-other-components"; "persists-after-system-reboot": "persists-after-system-reboot"; "prevents-artifact-access": "prevents-artifact-access"; "prevents-artifact-deletion": "prevents-artifact-deletion"; "probes-network-environment": "probes-network-environment"; "self-modifies": "self-modifies"; "steals-authentication-credentials": "steals-authentication-credentials"; "violates-system-operational-integrity": "violates-system-operational-integrity"; }>; declare const ToolTypeOV: z.ZodEnum<{ unknown: "unknown"; "denial-of-service": "denial-of-service"; exploitation: "exploitation"; "information-gathering": "information-gathering"; "network-capture": "network-capture"; "credential-exploitation": "credential-exploitation"; "remote-access": "remote-access"; "vulnerability-scanning": "vulnerability-scanning"; }>; declare const IdentityClassOV: z.ZodEnum<{ group: "group"; individual: "individual"; system: "system"; organization: "organization"; class: "class"; unspecified: "unspecified"; }>; /** * 10.2 Attack Motivation Vocabulary * * Vocabulary Name: attack-motivation-ov * * The attack motivation vocabulary is currently used in the following SDO(s): * * Intrusion Set * * Threat Actor * * Knowing a Threat Actor or Intrusion Set's motivation may allow an analyst or * defender to better understand likely targets and behaviors. */ declare const AttackMotivationOV: z.ZodEnum<{ accidental: "accidental"; coercion: "coercion"; dominance: "dominance"; ideology: "ideology"; notoriety: "notoriety"; "organizational-gain": "organizational-gain"; "personal-gain": "personal-gain"; "personal-satisfaction": "personal-satisfaction"; revenge: "revenge"; unpredictable: "unpredictable"; }>; /** * 10.3 Attack Resource Level Vocabulary * * Vocabulary Name: attack-resource-level-ov * * The attack resource level vocabulary is currently used in the following SDO(s): * * Intrusion Set * * Threat Actor * * Attack Resource Level is an open vocabulary that captures the general level of * resources that a threat actor, intrusion set, or campaign might have access to. * It ranges from individual, a person acting alone, to government, the resources * of a national government. * * This section including vocabulary items and their descriptions is based on the * Threat Agent Library publication from Intel Corp in September 2007 [Casey 2007]. */ declare const AttackResourceLevelOV: z.ZodEnum<{ individual: "individual"; organization: "organization"; club: "club"; contest: "contest"; team: "team"; government: "government"; }>; /** * 10.11 Industry Sector Vocabulary * * Vocabulary Name: industry-sector-ov * * The industry sector vocabulary is currently used in the following SDO(s): * * Identity * * Industry sector is an open vocabulary that describes industrial and commercial sectors. * It is intended to be holistic; it has been derived from several other lists and is not * limited to "critical infrastructure" sectors. */ declare const IndustrySectorOV: z.ZodEnum<{ government: "government"; agriculture: "agriculture"; aerospace: "aerospace"; automotive: "automotive"; chemical: "chemical"; commercial: "commercial"; communications: "communications"; construction: "construction"; defense: "defense"; education: "education"; energy: "energy"; entertainment: "entertainment"; "financial-services": "financial-services"; "government-emergency-services": "government-emergency-services"; "government-local": "government-local"; "government-national": "government-national"; "government-public-services": "government-public-services"; "government-regional": "government-regional"; healthcare: "healthcare"; "hospitality-leisure": "hospitality-leisure"; infrastructure: "infrastructure"; "infrastructure-dams": "infrastructure-dams"; "infrastructure-nuclear": "infrastructure-nuclear"; "infrastructure-water": "infrastructure-water"; insurance: "insurance"; manufacturing: "manufacturing"; mining: "mining"; "non-profit": "non-profit"; pharmaceuticals: "pharmaceuticals"; retail: "retail"; technology: "technology"; telecommunications: "telecommunications"; transportation: "transportation"; utilities: "utilities"; }>; declare const MitreCollectionLayerOV: z.ZodEnum<{ "Cloud Control Plane": "Cloud Control Plane"; Host: "Host"; Report: "Report"; Container: "Container"; Device: "Device"; OSINT: "OSINT"; Network: "Network"; }>; declare const PatternTypeOV: z.ZodEnum<{ spl: "spl"; stix: "stix"; pcre: "pcre"; sigma: "sigma"; snort: "snort"; suricata: "suricata"; yara: "yara"; }>; declare const IndicatorTypeOV: z.ZodEnum<{ unknown: "unknown"; "anomalous-activity": "anomalous-activity"; anonymization: "anonymization"; benign: "benign"; compromised: "compromised"; "malicious-activity": "malicious-activity"; attribution: "attribution"; }>; export { AttackMotivationOV, AttackResourceLevelOV, IdentityClassOV, ImplementationLanguageOV, IndicatorTypeOV, IndustrySectorOV, MalwareCapabilityOV, MalwareTypeOV, MitreCollectionLayerOV, PatternTypeOV, ProcessorArchitectureOV, ToolTypeOV };