Question: How to get the relevant apts of an indicator

[fear-the-reaper]

Hi! I'm trying to query mitre to get the relevant APTs or TTPs of a certain indicator. I've tried to use Filter where my query is basically indicator.value = <my-indicator-value but I get nothing back. If anyone can help me out or point me in the right direction that would be great!

[clenk]

Hi, Indicators in STIX don't have a value property; you might want to use indicator.pattern instead. I'm not sure what you mean by "query mitre" - if you are querying the MITRE ATT&CK data represented in STIX, you may want to post your question to https://github.com/mitre-attack/attack-stix-data. I don't think that dataset includes any indicators though.

[fear-the-reaper]

@clenk Yeah asked there as well. Plus just found out indicators aren't in their dataset. By "query mitre" I meant I just want to get the IoC's relevant TTPs, APTs, and Campaigns. Since MITRE is the biggest knowledge base for APT-based information thought I might see that. If there's any other way or resource you could guide me on that would be great!