twigs / core data model / malicious-tool

A piece of software used directly by an attacker


Name Type Description
type ["malicious-tool"] Hardcoded value to indicate what type of construct this is
id string Globally unique identifier for this construct.
revision integer The revision number of this construct. MUST be omitted if this is the first version, otherwise required.
created_at string Time at which this construct was created.
external_ids array <object> A list of external identifiers by which this construct may be known.
source string The source of this ID, i.e. name of an external system.
id string ID itself
link string A link to this construct in the external system
producer_ref string ID to the information source that produced this content
marking_refs array <string> The set of markings to be applied to this construct
structured_markings array <structured-marking> The set of L2 markings to be applied to this construct
controlled_structures array <string> A list of JSONPath statements, rooted at the top-level object that the structured_markings key is contained in, that the marking_refs apply to.
marking_refs array <string> The set of markings applied to the fields selected by the controlled_structures.
title string A title for this construct
description string A description for this construct
impact impact The impact on operations if this TTP were to be realized.
level integer The estimated severity of the impact.
intended_effects array <["Military Advantage", "Economic Advantage", "Political Advantage", "Intellectual Property Theft", "Identify Theft", "Brand Damage", "Degredation of Service", "Denial and Deception", "Destruction", "Disruption", "Exposure", "Extortion", "Fraud", "Harassment", "Watch the World Burn"]>
description string A prose description of the impact.
credibility integer The credibility of this statement, using the Admirality scale
compensation_model string The type of compensation model used for this tool.
kind array <object> The type of tool being described


Relationship Name Target Type
relatedmalware, attack-pattern, exploit, victim-targeting, malicious-tool, malicious-infrastructure, persona