Compact MITRE ATT&CK v18.1 STIX 2.1 lookup data with helper functions for technique, software, relationship, and detection object queries.
Project description
attack-stix-lookup
Compact MITRE ATT&CK v18.1 STIX 2.1 lookup data with Python helper functions.
Extracted from mitre-attack/attack-stix-data enterprise-attack-18.1.json using attack-stix-splitter-v1.0.py.
Installation
pip install attack-stix-lookup
Quick Start
from attack_stix_lookup import AttackLookup
db = AttackLookup()
# Look up a technique by ATT&CK ID
t1490 = db.technique("T1490")
print(t1490["stix_id"]) # attack-pattern--f5d8eed6-...
print(t1490["name"]) # Inhibit System Recovery
print(t1490["tactics"]) # ['impact']
# Look up software by ATT&CK ID
revil = db.software("S0496")
print(revil["stix_id"]) # malware--ac61f1f9-...
print(revil["aliases"]) # ['REvil', 'Sodinokibi']
# Find all techniques a piece of software uses
techs = db.relationships_for(source_id=revil["stix_id"], rel_type="uses")
for rel in techs:
t = db.technique_by_stix_id(rel["target_ref"])
if t:
print(f" {t['external_id']} {t['name']}")
# Look up detection strategies for a technique
strategies = db.detection_strategies_for_technique(t1490["stix_id"])
for s in strategies:
print(f" {s['name']} -> {len(s['analytic_refs'])} analytics")
# Look up an analytic and its mutable elements
analytic = db.analytic("AN0001") # by external_id
# or by STIX ID:
analytic = db.analytic_by_stix_id("x-mitre-analytic--aaaaaaaa-...")
# Look up a data component
dc = db.data_component("Process Creation") # by name
# Look up groups and campaigns
apt29 = db.group("G0016")
campaign = db.campaign("C0001")
# Get a mitigation
m1053 = db.mitigation("M1053")
# Look up a tactic
impact = db.tactic("TA0040")
# Search by name substring (case-insensitive)
results = db.search_techniques("shadow")
results = db.search_software("sodinokibi")
Data Files
The package bundles 7 JSON lookup files:
| File | Contents |
|---|---|
attack-patterns-lookup-v18.1.json |
Techniques & sub-techniques |
software-lookup-v18.1.json |
Malware & tools |
groups-campaigns-lookup-v18.1.json |
Intrusion sets & campaigns |
detection-objects-lookup-v18.1.json |
Detection strategies, analytics, data components |
relationships-lookup-v18.1.json |
All STIX Relationship Objects |
mitigations-lookup-v18.1.json |
Courses of action |
infrastructure-lookup-v18.1.json |
Tactics, matrices, identities, markings |
Direct JSON Access
from attack_stix_lookup import load_raw
attack_patterns = load_raw("attack-patterns-lookup-v18.1.json")
relationships = load_raw("relationships-lookup-v18.1.json")
ATT&CK Data Version
- ATT&CK Version: v18.1 (Enterprise)
- ATT&CK Spec Version: 3.3.0
- Source:
enterprise-attack-18.1.json
License
MIT. ATT&CK data is Copyright © The MITRE Corporation, used under ATT&CK Terms of Use.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attack_stix_lookup-0.1.0.tar.gz.
File metadata
- Download URL: attack_stix_lookup-0.1.0.tar.gz
- Upload date:
- Size: 2.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e323b2f71679a65641892a2ed889896fc35e8e004745c344f5661b30e513121
|
|
| MD5 |
a72f80e51ea809922ef61f94cb8afaa5
|
|
| BLAKE2b-256 |
e9fec36f343ab6211fe88894c9c0675f24fbe98cae8162fcc726b29d729b4927
|
File details
Details for the file attack_stix_lookup-0.1.0-py3-none-any.whl.
File metadata
- Download URL: attack_stix_lookup-0.1.0-py3-none-any.whl
- Upload date:
- Size: 2.7 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d1b2c96056a61364aaddb1f76175fb8aff3cbeb32bd9d817cc14f630f48696fa
|
|
| MD5 |
60d8a6eca718119ce819f076fdaedd2b
|
|
| BLAKE2b-256 |
53e08ad1965a355370a8aec7f3e6d5b4ee4e141d1e7f044571d0a01b88e5ee1a
|
