The CapabilityType captures details of a Capability that may be implemented in the malware instance, along with its child Strategic and Tactical Objectives.
| Field Name | Type | Description |
|---|---|---|
| @idrequired | QName |
The required id field specifies a unique ID for this MAEC Capability. |
| @nameoptional | MalwareCapabilityEnum-1.0 |
The name field captures the name of the Capability. It uses the MalwareCapabilityEnum-1.0 enumeration from the MAEC Vocabularies schema. |
| Description0..1 | string |
The Description field captures a basic textual description of the Capability. |
| Property0..n | CapabilityPropertyType |
The Property field permits the capture of a single property of the Capability, as a key/value pair. More than one property can be specified via multiple occurrences of this field. |
| Strategic_Objective0..n | CapabilityObjectiveType |
The Strategic_Objective field captures a single Strategic Objective that the Capability attempts to achieve. It can be considered as a more granular way of capturing the Capabilities present in the malware instance. |
| Tactical_Objective0..n | CapabilityObjectiveType |
The Tactical_Objective field captures a single Tactical Objective that the Capability attempts to achieve, typically in the context of a broader Strategic Objective. It can be considered as a way of expounding upon Strategic Objectives to capture the Capabilities of the malware instance in more detail. |
| Behavior_Reference0..n | BehaviorReferenceType |
The Behavior_Reference field captures a reference to a Behavior that serves as an implementation of the Capability. For Behaviors that serve as implementations of specific Strategic or Tactical Objectives, the Behavior_Reference field under the Strategic_Objective or Tactical_Objective fields should be used, respectively. |
| Relationship0..n | CapabilityRelationshipType |
The Relationship field captures a relationship from the Capability to one or more other Capabilities. |
