twigs / core data model / exploit

Action or process to achieve an attack

Fields

Name Type Description
type ["exploit"] Hardcoded value to indicate what type of construct this is
id string Globally unique identifier for this construct.
revision integer The revision number of this construct. MUST be omitted if this is the first version, otherwise required.
created_at string Time at which this construct was created.
external_ids array <object> A list of external identifiers by which this construct may be known.
source string The source of this ID, i.e. name of an external system.
id string ID itself
link string A link to this construct in the external system
producer_ref string ID to the information source that produced this content
marking_refs array <string> The set of markings to be applied to this construct
structured_markings array <structured-marking> The set of L2 markings to be applied to this construct
controlled_structures array <string> A list of JSONPath statements, rooted at the top-level object that the structured_markings key is contained in, that the marking_refs apply to.
marking_refs array <string> The set of markings applied to the fields selected by the controlled_structures.
title string A title for this construct
description string A description for this construct
impact impact The impact on operations if this TTP were to be realized.
level integer The estimated severity of the impact.
intended_effects array <["Military Advantage", "Economic Advantage", "Political Advantage", "Intellectual Property Theft", "Identify Theft", "Brand Damage", "Degredation of Service", "Denial and Deception", "Destruction", "Disruption", "Exposure", "Extortion", "Fraud", "Harassment", "Watch the World Burn"]>
description string A prose description of the impact.
credibility integer The credibility of this statement, using the Admirality scale

Relationships

Relationship Name Target Type
relatedmalware, attack-pattern, exploit, victim-targeting, malicious-tool, malicious-infrastructure, persona
kill-chain-phaseskill-chain-phase
exploitsexploit-target
duplicate-ofexploit