The Malware object has a property named sample_refs, which is an embedded relationship from malware to an SCO that is related to it. The specification states that this property could contain the identifier of an artifact or a file.
In the ATT&CK framework, as represented in STIX, Malware is represented using a Malware object with the (non-STIX) Software object mentioned in the description property and as external reference back to the ATT&CK website.
This could be simpler more robust if the sample_refs property allowed an identifier to the Software object
The Malware object has a property named sample_refs, which is an embedded relationship from malware to an SCO that is related to it. The specification states that this property could contain the identifier of an artifact or a file.
In the ATT&CK framework, as represented in STIX, Malware is represented using a Malware object with the (non-STIX) Software object mentioned in the description property and as external reference back to the ATT&CK website.
This could be simpler more robust if the sample_refs property allowed an identifier to the Software object