Get all techniques used by specific software/malware.
This shows what ATT&CK techniques a given software (tool/malware) is
capable of performing.
Args:
software_stix_id: STIX ID of the software object
(e.g., "malware--UUID", "tool--UUID").
domain: ATT&CK domain ("enterprise", "mobile", "ics").
include_description: Whether to include technique descriptions.
Returns:
{
"software": {
"attack_id": "SXXXX or similar" | null,
"name": "<software name or null>",
"stix_id": "<software STIX ID>",
"type": "<malware|tool|...> or null",
"description": "<text or null>",
} | null,
"count": <number of techniques>,
"techniques": [
{
"attack_id": "TXXXX or TXXXX.YYY" | null,
"name": "<technique name>",
"stix_id": "<attack-pattern--UUID>",
"description": "<text or null>",
"relationships": [
{
"stix_id": "<relationship--UUID>",
"relationship_type": "uses",
"description": "<relationship description or null>",
"source_ref": "<source STIX ID>",
"target_ref": "<target STIX ID>",
},
...
]
},
...
],
"formatted": "<human-readable list of techniques>",
"message": "<status summary>"
}