@mitre-attack/attack-data-model
Version:
A TypeScript API for the MITRE ATT&CK data model
353 lines (351 loc) • 12.1 kB
JavaScript
import "../chunk-ZGQS5FG2.js";
import "../chunk-BVLTOUXM.js";
import "../chunk-CSADRGVR.js";
import "../chunk-ZLHEXSCV.js";
import "../chunk-HEP7FZZF.js";
import "../chunk-KATTROA4.js";
import "../chunk-2IOMDLCJ.js";
import "../chunk-2RATGBIX.js";
import "../chunk-CS5ZWOZQ.js";
import "../chunk-2JWTU7IT.js";
import "../chunk-GXIR2SFM.js";
import "../chunk-VYLYNBMT.js";
import "../chunk-QV7Q63XN.js";
import "../chunk-ZHQVMLOZ.js";
import "../chunk-HJZAYO6P.js";
import "../chunk-772VGHM5.js";
import "../chunk-JHF4PVSU.js";
import "../chunk-VOGK6XDT.js";
import "../chunk-QVEHTIAE.js";
import "../chunk-ZGH5O4ZC.js";
import "../chunk-LWI27AHG.js";
import "../chunk-Y24HOPQL.js";
import "../chunk-S3URW6XG.js";
import "../chunk-7GRR66XR.js";
import "../chunk-BUEHDLBB.js";
import "../chunk-DNIVZ2SM.js";
import "../chunk-UP3ZMB5U.js";
import "../chunk-U55YRJAX.js";
import "../chunk-E3OY6DRE.js";
import "../chunk-PFSYT437.js";
import "../chunk-ZEHAFUHO.js";
import "../chunk-SAFNV2G2.js";
import "../chunk-KFUJRXYX.js";
import "../chunk-3VOOG6SX.js";
// src/generator/index.ts
var minimalSdo = {
spec_version: "2.1",
created: "2021-01-01T00:00:00.000Z",
modified: "2021-01-01T00:00:00.000Z",
x_mitre_version: "1.0",
created_by_ref: "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
object_marking_refs: ["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
x_mitre_attack_spec_version: "3.2.0",
x_mitre_modified_by_ref: "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
};
var minimalAsset = {
id: "x-mitre-asset--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "x-mitre-asset",
name: "Test Asset",
x_mitre_domains: ["ics-attack"],
external_references: [
{
source_name: "mitre-attack",
external_id: "A1234"
}
]
};
var minimalAnalytic = {
type: "x-mitre-analytic",
id: "x-mitre-analytic--1a2b3c4d-5e6f-789a-bcde-123456789abc",
name: "Suspicious PowerShell Activity",
external_references: [
{
source_name: "mitre-attack",
url: "https://attack.mitre.org/analytics/AN0001",
external_id: "AN0001"
}
],
x_mitre_domains: ["enterprise-attack"],
x_mitre_platforms: ["Windows"],
description: "Adversary execution of PowerShell commands with suspicious parameters"
};
var minimalCampaign = {
type: "campaign",
id: "campaign--1a2b3c4d-5e6f-789a-bcde-123456789abc",
name: "Operation Dream Job",
description: "Operation Dream Job was a cyber espionage operation...",
external_references: [
{
source_name: "mitre-attack",
url: "https://attack.mitre.org/campaigns/C0022",
external_id: "C0022"
},
{
source_name: "ESET Lazarus Jun 2020",
description: "Breitenbacher, D and Osis, K. (2020, June 17). OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies. Retrieved December 20, 2021.",
url: "https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf"
},
{
source_name: "ClearSky Lazarus Aug 2020",
description: "ClearSky Research Team. (2020, August 13). Operation 'Dream Job' Widespread North Korean Espionage Campaign. Retrieved December 20, 2021.",
url: "https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf"
}
],
x_mitre_domains: ["enterprise-attack"],
x_mitre_deprecated: false,
revoked: false,
aliases: ["Operation Dream Job", "Operation North Star", "Operation Interception"],
first_seen: "2019-09-01T04:00:00.000Z",
last_seen: "2020-08-01T04:00:00.000Z",
x_mitre_first_seen_citation: "(Citation: ESET Lazarus Jun 2020)",
x_mitre_last_seen_citation: "(Citation: ClearSky Lazarus Aug 2020)"
};
var minimalCollection = {
type: "x-mitre-collection",
id: "x-mitre-collection--1a2b3c4d-5e6f-789a-bcde-123456789abc",
name: "Enterprise ATT&CK",
description: "Version 6.2 of the Enterprise ATT&CK dataset",
x_mitre_contents: [
{
object_ref: "attack-pattern--01a5a209-b94c-450b-b7f9-946497d91055",
object_modified: "2017-05-31T21:32:29.203Z"
}
]
};
var minimalDataComponent = {
type: "x-mitre-data-component",
id: "x-mitre-data-component--1a2b3c4d-5e6f-789a-bcde-123456789abc",
description: "A user requested active directory credentials, such as a ticket or token.",
name: "Network Connection Creation",
x_mitre_data_source_ref: "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
x_mitre_domains: ["enterprise-attack"],
x_mitre_log_sources: [
{
name: "WinEventLog:Security",
channel: "EventCode=4769"
},
{
name: "WinEventLog:Security",
channel: "EventCode=4768"
}
]
};
var minimalDataSource = {
type: "x-mitre-data-source",
id: "x-mitre-data-source--1a2b3c4d-5e6f-789a-bcde-123456789abc",
description: "Test log source description",
name: "Network Connection Creation",
external_references: [
{
source_name: "mitre-attack",
url: "https://attack.mitre.org/datasources/DS0014",
external_id: "DS0014"
}
],
x_mitre_domains: ["enterprise-attack"],
x_mitre_collection_layers: ["Host"]
};
var minimalDetectionStrategy = {
type: "x-mitre-detection-strategy",
id: "x-mitre-detection-strategy--1a2b3c4d-5e6f-789a-bcde-123456789abc",
name: "PowerShell Command Line Detection",
x_mitre_contributors: ["John Doe", "Jane Smith"],
external_references: [
{
source_name: "mitre-attack",
url: "https://attack.mitre.org/detection-strategies/DET0001",
external_id: "DET0001"
}
],
x_mitre_domains: ["enterprise-attack"],
x_mitre_analytic_refs: ["x-mitre-analytic--1a2b3c4d-5e6f-789a-bcde-123456789abc"]
};
var minimalGroup = {
id: "intrusion-set--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "intrusion-set",
name: "Test Name",
x_mitre_domains: ["enterprise-attack"],
external_references: [
{
source_name: "mitre-attack",
external_id: "G1000",
url: "https://attack.mitre.org/groups/G1000"
},
{
source_name: "Dragos",
url: "https://dragos.com/resource/allanite/",
description: "Dragos Allanite Retrieved. 2019/10/27"
}
]
};
var minimalIdentity = {
type: "identity",
id: "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
name: "The MITRE Corporation",
identity_class: "organization",
spec_version: "2.1",
created: "2021-01-01T00:00:00.000Z",
modified: "2021-01-01T00:00:00.000Z",
created_by_ref: "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
object_marking_refs: ["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
x_mitre_attack_spec_version: "3.2.0"
};
var minimalMalware = {
type: "malware",
id: "malware--1a2b3c4d-5e6f-789a-bcde-123456789abc",
name: "HAMMERTOSS",
description: "[HAMMERTOSS](https://attack.mitre.org/software/S0037) is a backdoor that was used by [APT29](https://attack.mitre.org/groups/G0016) in 2015. (Citation: FireEye APT29) (Citation: F-Secure The Dukes)",
external_references: [
{
source_name: "mitre-attack",
url: "https://attack.mitre.org/software/S0037",
external_id: "S0037"
}
],
x_mitre_domains: ["enterprise-attack"],
is_family: false
};
var minimalMarkingDefinition = {
definition: {
statement: "Copyright 2015-2024, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation."
},
id: "marking-definition--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "marking-definition",
created: "2017-06-01T00:00:00.000Z",
created_by_ref: "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
definition_type: "statement",
spec_version: "2.1"
};
var minimalMatrix = {
id: "x-mitre-matrix--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "x-mitre-matrix",
name: "Test Matrix",
x_mitre_domains: ["ics-attack"],
description: "The full ATT&CK for ICS Matrix includes techniques spanning various ICS assets and can be used to navigate through the knowledge base.",
external_references: [
{
source_name: "mitre-attack",
external_id: "ics-attack",
url: "https://attack.mitre.org/matrices/ics/"
}
],
tactic_refs: ["x-mitre-tactic--69da72d2-f550-41c5-ab9e-e8255707f28a"]
};
var minimalMitigation = {
id: "course-of-action--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "course-of-action",
name: "Test Mitigation",
description: "Test description",
x_mitre_domains: ["ics-attack"],
external_references: [
{
source_name: "mitre-attack",
url: "https://attack.mitre.org/mitigations/M0948",
external_id: "M0000"
}
]
};
var minimalRelationship = {
id: "relationship--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "relationship",
spec_version: "2.1",
created: "2021-01-01T00:00:00.000Z",
modified: "2021-01-01T00:00:00.000Z",
relationship_type: "uses",
source_ref: "intrusion-set--1a2b3c4d-5e6f-789a-bcde-123456789abc",
target_ref: "malware--1a2b3c4d-5e6f-789a-bcde-123456789abc",
object_marking_refs: ["marking-definition--1a2b3c4d-5e6f-789a-bcde-123456789abc"],
x_mitre_attack_spec_version: "2.1.0",
x_mitre_modified_by_ref: "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
};
var minimalTactic = {
type: "x-mitre-tactic",
id: "x-mitre-tactic--1a2b3c4d-5e6f-789a-bcde-123456789abc",
name: "Execution",
description: "The adversary is trying to run malicious code.",
external_references: [
{
external_id: "TA0002",
url: "https://attack.mitre.org/tactics/TA0002",
source_name: "mitre-attack"
}
],
x_mitre_shortname: "execution",
x_mitre_domains: ["enterprise-attack"]
};
var minimalTool = {
id: "tool--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "tool",
name: "Sliver",
description: "[Sliver](https://attack.mitre.org/software/S0633) is an open source, cross-platform, red team command and control framework written in Golang.(Citation: Bishop Fox Sliver Framework August 2019)",
external_references: [
{
source_name: "mitre-attack",
url: "https://attack.mitre.org/software/S0049",
external_id: "S0049"
},
{
source_name: "F-Secure The Dukes",
description: "F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.",
url: "https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf"
}
],
x_mitre_domains: ["enterprise-attack"]
};
var minimalTechnique = {
id: "attack-pattern--1a2b3c4d-5e6f-789a-bcde-123456789abc",
type: "attack-pattern",
name: "Test Technique",
x_mitre_domains: ["enterprise-attack"],
x_mitre_is_subtechnique: false,
external_references: [
{
source_name: "mitre-attack",
external_id: "T1234"
}
]
};
function createSyntheticStixObject(stixType) {
switch (stixType) {
case "x-mitre-asset":
return { ...minimalSdo, ...minimalAsset };
case "campaign":
return { ...minimalSdo, ...minimalCampaign };
case "x-mitre-collection":
return { ...minimalSdo, ...minimalCollection };
case "x-mitre-data-component":
return { ...minimalSdo, ...minimalDataComponent };
case "x-mitre-data-source":
return { ...minimalSdo, ...minimalDataSource };
case "intrusion-set":
return { ...minimalSdo, ...minimalGroup };
case "identity":
return minimalIdentity;
case "malware":
return { ...minimalSdo, ...minimalMalware };
case "x-mitre-matrix":
return { ...minimalSdo, ...minimalMatrix };
case "course-of-action":
return { ...minimalSdo, ...minimalMitigation };
case "x-mitre-tactic":
return { ...minimalSdo, ...minimalTactic };
case "attack-pattern":
return { ...minimalSdo, ...minimalTechnique };
case "tool":
return { ...minimalSdo, ...minimalTool };
case "marking-definition":
return minimalMarkingDefinition;
case "relationship":
return minimalRelationship;
case "x-mitre-detection-strategy":
return { ...minimalSdo, ...minimalDetectionStrategy };
case "x-mitre-analytic":
return { ...minimalSdo, ...minimalAnalytic };
default:
return void 0;
}
}
export {
createSyntheticStixObject
};