diff --git a/CODE/generate_DISARM_pages.py b/CODE/generate_DISARM_pages.py
index 4f860d6..6c10938 100644
--- a/CODE/generate_DISARM_pages.py
+++ b/CODE/generate_DISARM_pages.py
@@ -107,6 +107,8 @@ class Disarm:
self.df_techniques = metadata['techniques']
self.df_tasks = metadata['tasks']
self.df_incidents = metadata['incidents']
+ self.df_urls = metadata['urls']
+ #self.df_urls['url_id'] = self.df_urls['url_id'].str.rstrip # strip trailing spaces from urls to allow merge to work
self.df_externalgroups = metadata['externalgroups']
self.df_tools = metadata['tools']
self.df_examples = metadata['examples']
@@ -210,19 +212,43 @@ class Disarm:
GENERATED_PAGES_FUDGE, techstring)
return incidentstr
-
- def create_incident_urls_string(self, incidentid):
+# def create_technique_counters_string(self, technique_id):
+# table_string = '''
+#| Counters | Response types |
+#| -------- | -------------- |
+#'''
+# technique_counters = self.cross_counterid_techniqueid[self.cross_counterid_techniqueid['technique_id']==technique_id]
+# technique_counters = pd.merge(technique_counters, self.df_counters[['disarm_id', 'name', 'responsetype']])
+# row_string = '| [{0} {1}]({2}counters/{0}.md) | {3} |\n'
+# for index, row in technique_counters.sort_values('disarm_id').iterrows():
+# table_string += row_string.format(row['disarm_id'], row['name'], GENERATED_PAGES_FUDGE, row['responsetype'])
+# return table_string
+ def create_incident_urls_string(self, incidentid):
+
urlsstr = '''
-| Reference(s) |
-| --------- |
+| Reference | Pub Date | Authors | Org | Archive |
+| --------- | -------- | ------- | --- | ------- |
'''
-
- urlsrow = '| [{0}]({0}) |\n'
incidentid_urls = self.cross_incidentid_urls[self.cross_incidentid_urls['disarm_id']==incidentid]
+ incidentid_urls = pd.merge(incidentid_urls, self.df_urls[['url_id', 'pub_date', 'authors', 'org', 'archive_link']])
+ urlsrow = '| [{0}]({0}) | {1} | {2} | {3} | [{4}]({4}) |\n'
for index, row in incidentid_urls.iterrows():
- urlsstr += urlsrow.format(row['url_id'])
- return urlsstr
+ urlsstr += urlsrow.format(row['url_id'], row['pub_date'], row['authors'], row['org'], row['archive_link'])
+ return urlsstr
+
+ #def create_incident_urls_string(self, incidentid, pub_date, authors, org, archive_link):
+
+# urlsstr = '''
+#| Reference | Pub Date | Authors | Org | Archive |
+#| --------- | -------- | ------- | --- | ------- |
+#'''
+
+# urlsrow = '| [{0}]({0}) | {1} | {2} | {3} | [{4}]({4}) |\n'
+# incidentid_urls = self.cross_incidentid_urls[self.cross_incidentid_urls['disarm_id']==incidentid]
+# for index, row in incidentid_urls.iterrows():
+# urlsstr += urlsrow.format(row['url_id'], pub_date, authors, org, archive_link)
+# return urlsstr
def create_incident_techniques_string(self, incidentid):
diff --git a/DISARM_MASTER_DATA/DISARM_DATA_MASTER.xlsx b/DISARM_MASTER_DATA/DISARM_DATA_MASTER.xlsx
index e626dea..d1b4acc 100644
Binary files a/DISARM_MASTER_DATA/DISARM_DATA_MASTER.xlsx and b/DISARM_MASTER_DATA/DISARM_DATA_MASTER.xlsx differ
diff --git a/DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx b/DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx
index 89e6e0c..4123a13 100644
Binary files a/DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx and b/DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx differ
diff --git a/generated_files/DISARM_STIX/DISARM.json b/generated_files/DISARM_STIX/DISARM.json
index 93d7ab5..83d4768 100644
--- a/generated_files/DISARM_STIX/DISARM.json
+++ b/generated_files/DISARM_STIX/DISARM.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c3dfd6f0-fdc8-4288-a642-3ab03eb1a94e",
+ "id": "bundle--d51cac73-5edf-4cff-81e4-3c08d7e6efd4",
"objects": [
{
"type": "x-mitre-tactic",
"spec_version": "2.1",
"id": "x-mitre-tactic--b03163eb-7e81-4fed-9819-641bf7c99507",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.327787Z",
- "modified": "2024-03-13T22:04:00.327787Z",
+ "created": "2024-08-02T17:12:32.315732Z",
+ "modified": "2024-08-02T17:12:32.315732Z",
"name": "Plan Strategy",
"description": "Define the desired end state, i.e. the set of required conditions that defines achievement of all objectives.",
"external_references": [
@@ -28,8 +28,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--431af018-56ae-406c-9648-4857f074fffc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.328093Z",
- "modified": "2024-03-13T22:04:00.328093Z",
+ "created": "2024-08-02T17:12:32.316693Z",
+ "modified": "2024-08-02T17:12:32.316693Z",
"name": "Plan Objectives",
"description": "Set clearly defined, measurable, and achievable objectives. In some cases achieving objectives ties execution of tactical tasks to reaching the desired strategic end state. In other cases, where there is no clearly defined strategic end state, the tactical objective may stand on its own. The objective statement should not specify the way and means of accomplishment but rather the goal the threat actor wishes to achieve. ",
"external_references": [
@@ -49,8 +49,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--acaf8903-418f-425a-93dc-8e1bfb626876",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.328269Z",
- "modified": "2024-03-13T22:04:00.328269Z",
+ "created": "2024-08-02T17:12:32.317385Z",
+ "modified": "2024-08-02T17:12:32.317385Z",
"name": "Microtarget",
"description": "Actions taken which help target content to specific audiences identified and analysed as part of TA13: Target Audience Analysis.",
"external_references": [
@@ -70,8 +70,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--82039146-59a3-4353-b328-a422da34db6b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.32843Z",
- "modified": "2024-03-13T22:04:00.32843Z",
+ "created": "2024-08-02T17:12:32.318087Z",
+ "modified": "2024-08-02T17:12:32.318087Z",
"name": "Develop Content",
"description": "Create or acquire text, images, and other content",
"external_references": [
@@ -91,8 +91,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--3c73d309-b066-44f9-ad81-866a64e438c9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.328595Z",
- "modified": "2024-03-13T22:04:00.328595Z",
+ "created": "2024-08-02T17:12:32.319152Z",
+ "modified": "2024-08-02T17:12:32.319152Z",
"name": "Select Channels and Affordances",
"description": "Selecting platforms and affordances assesses which online or offline platforms and their associated affordances maximise an influence operation\u2019s ability to reach its target audience. To select the most appropriate platform(s), an operation may assess the technological affordances including platform algorithms, terms of service, permitted content types, or other attributes that determine platform usability and accessibility. Selecting platforms includes both choosing platforms on which the operation will publish its own content and platforms on which the operation will attempt to restrict adversarial content.",
"external_references": [
@@ -112,8 +112,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--8a96b3ce-332e-4685-8ec6-5140eef192a4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.328764Z",
- "modified": "2024-03-13T22:04:00.328764Z",
+ "created": "2024-08-02T17:12:32.319623Z",
+ "modified": "2024-08-02T17:12:32.319623Z",
"name": "Conduct Pump Priming",
"description": "Release content on a targetted small scale, prior to general release, including releasing seed. Used for preparation before broader release, and as message honing. Used for preparation before broader release, and as message honing.",
"external_references": [
@@ -133,8 +133,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--4a9c3d11-801b-4ee9-a5bc-b5bc042a92f9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.329342Z",
- "modified": "2024-03-13T22:04:00.329342Z",
+ "created": "2024-08-02T17:12:32.319893Z",
+ "modified": "2024-08-02T17:12:32.319893Z",
"name": "Deliver Content",
"description": "Release content to general public or larger population",
"external_references": [
@@ -154,8 +154,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--3fa1ad18-ca09-40ed-be45-f210b9c07e0b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.329481Z",
- "modified": "2024-03-13T22:04:00.329481Z",
+ "created": "2024-08-02T17:12:32.320208Z",
+ "modified": "2024-08-02T17:12:32.320208Z",
"name": "Drive Offline Activity",
"description": "Move incident/campaign from online to offline. Encouraging users to move from the platform on which they initially viewed operation content and engage in the physical information space or offline world. This may include operation-aligned rallies or protests, radio, newspaper, or billboards. An influence operation may drive to physical forums to diversify its information channels and facilitate spaces where the target audience can engage with both operation content and like-minded individuals offline.",
"external_references": [
@@ -175,8 +175,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--dffcf337-d4d9-449b-aa9c-6a97a891c5a9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.329598Z",
- "modified": "2024-03-13T22:04:00.329598Z",
+ "created": "2024-08-02T17:12:32.320492Z",
+ "modified": "2024-08-02T17:12:32.320492Z",
"name": "Persist in the Information Environment",
"description": "Persist in the Information Space refers to taking measures that allow an operation to maintain its presence and avoid takedown by an external entity. Techniques in Persist in the Information Space help campaigns operate without detection and appear legitimate to the target audience and platform monitoring services. Influence operations on social media often persist online by varying the type of information assets and platforms used throughout the campaign.",
"external_references": [
@@ -196,8 +196,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--19886784-0e07-474f-803c-30c443e65347",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.32971Z",
- "modified": "2024-03-13T22:04:00.32971Z",
+ "created": "2024-08-02T17:12:32.320822Z",
+ "modified": "2024-08-02T17:12:32.320822Z",
"name": "Assess Effectiveness",
"description": "Assess effectiveness of action, for use in future plans",
"external_references": [
@@ -217,8 +217,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--1e005da9-56cc-4802-af90-b267d17a1ad1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.329821Z",
- "modified": "2024-03-13T22:04:00.329821Z",
+ "created": "2024-08-02T17:12:32.321082Z",
+ "modified": "2024-08-02T17:12:32.321082Z",
"name": "Target Audience Analysis",
"description": "Identifying and analysing the target audience examines target audience member locations, political affiliations, financial situations, and other attributes that an influence operation may incorporate into its messaging strategy. During this tactic, influence operations may also identify existing similarities and differences between target audience members to unite like groups and divide opposing groups. Identifying and analysing target audience members allows influence operations to tailor operation strategy and content to their analysis.",
"external_references": [
@@ -238,8 +238,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--fd1e7dd3-63d0-4040-808e-3e61b9ddca86",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.329933Z",
- "modified": "2024-03-13T22:04:00.329933Z",
+ "created": "2024-08-02T17:12:32.32137Z",
+ "modified": "2024-08-02T17:12:32.32137Z",
"name": "Develop Narratives",
"description": "The promotion of beneficial master narratives is perhaps the most effective method for achieving long-term strategic narrative dominance. From a \"\"whole of society\"\" perspective the promotion of the society's core master narratives should occupy a central strategic role. From a misinformation campaign / cognitive security perpectve the tactics around master narratives centre more precisely on the day-to-day promotion and reinforcement of this messaging. In other words, beneficial, high-coverage master narratives are a central strategic goal and their promotion constitutes an ongoing tactical struggle carried out at a whole-of-society level. Tactically, their promotion covers a broad spectrum of activities both on- and offline.",
"external_references": [
@@ -257,10 +257,10 @@
{
"type": "x-mitre-tactic",
"spec_version": "2.1",
- "id": "x-mitre-tactic--8fc5e05d-c61d-41bc-a009-c9235ec420fb",
+ "id": "x-mitre-tactic--c6c75568-5369-4f9e-89c1-43307702a19c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.330044Z",
- "modified": "2024-03-13T22:04:00.330044Z",
+ "created": "2024-08-02T17:12:32.322106Z",
+ "modified": "2024-08-02T17:12:32.322106Z",
"name": "Establish Assets",
"description": "Establishing information assets generates messaging tools, including social media accounts, operation personnel, and organisations, including directly and indirectly managed assets. For assets under their direct control, the operation can add, change, or remove these assets at will. Establishing information assets allows an influence operation to promote messaging directly to the target audience without navigating through external entities. Many online influence operations create or compromise social media accounts as a primary vector of information dissemination.\n\nThis Tactic was previously called Establish Social Assets.",
"external_references": [
@@ -280,8 +280,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--8f32bafc-edb2-4d3c-9b7e-e42a9147123b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.33016Z",
- "modified": "2024-03-13T22:04:00.33016Z",
+ "created": "2024-08-02T17:12:32.323279Z",
+ "modified": "2024-08-02T17:12:32.323279Z",
"name": "Establish Legitimacy",
"description": "Establish assets that create trust",
"external_references": [
@@ -299,10 +299,10 @@
{
"type": "x-mitre-tactic",
"spec_version": "2.1",
- "id": "x-mitre-tactic--51a3f349-b77f-4e84-9fa8-765f8aa8b695",
+ "id": "x-mitre-tactic--03e4259c-83fc-40d6-9e20-1269a7adaac8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.33027Z",
- "modified": "2024-03-13T22:04:00.33027Z",
+ "created": "2024-08-02T17:12:32.324177Z",
+ "modified": "2024-08-02T17:12:32.324177Z",
"name": "Maximise Exposure",
"description": "Maximise exposure of the target audience to incident/campaign content via flooding, amplifying, and cross-posting.",
"external_references": [
@@ -322,8 +322,8 @@
"spec_version": "2.1",
"id": "x-mitre-tactic--f0505ac9-8979-49e4-a87c-d1109536a7db",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.330414Z",
- "modified": "2024-03-13T22:04:00.330414Z",
+ "created": "2024-08-02T17:12:32.324963Z",
+ "modified": "2024-08-02T17:12:32.324963Z",
"name": "Drive Online Harms",
"description": "Actions taken by an influence operation to harm their opponents in online spaces through harassment, suppression, releasing private information, and controlling the information space through offensive cyberspace operations.",
"external_references": [
@@ -343,8 +343,8 @@
"spec_version": "2.1",
"id": "attack-pattern--70717452-f7e3-4ce8-956f-39a4d34c5cfb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.331247Z",
- "modified": "2024-03-13T22:04:00.331247Z",
+ "created": "2024-08-02T17:12:32.328302Z",
+ "modified": "2024-08-02T17:12:32.328302Z",
"name": "Facilitate State Propaganda",
"description": "Organise citizens around pro-state messaging. Coordinate paid or volunteer groups to push state propaganda.",
"kill_chain_phases": [
@@ -376,8 +376,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9cf02828-bd4c-4b04-a9f0-bb67ec3b0493",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.331576Z",
- "modified": "2024-03-13T22:04:00.331576Z",
+ "created": "2024-08-02T17:12:32.329903Z",
+ "modified": "2024-08-02T17:12:32.329903Z",
"name": "Leverage Existing Narratives",
"description": "Use or adapt existing narrative themes, where narratives are the baseline stories of a target audience. Narratives form the bedrock of our worldviews. New information is understood through a process firmly grounded in this bedrock. If new information is not consitent with the prevailing narratives of an audience, it will be ignored. Effective campaigns will frame their misinformation in the context of these narratives. Highly effective campaigns will make extensive use of audience-appropriate archetypes and meta-narratives throughout their content creation and amplifiction practices.",
"kill_chain_phases": [
@@ -409,8 +409,8 @@
"spec_version": "2.1",
"id": "attack-pattern--75a5c211-2590-498c-ad3a-129c912d5cd2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.331775Z",
- "modified": "2024-03-13T22:04:00.331775Z",
+ "created": "2024-08-02T17:12:32.331268Z",
+ "modified": "2024-08-02T17:12:32.331268Z",
"name": "Develop Competing Narratives",
"description": "Advance competing narratives connected to same issue ie: on one hand deny incident while at same time expresses dismiss. Suppressing or discouraging narratives already spreading requires an alternative. The most simple set of narrative techniques in response would be the construction and promotion of contradictory alternatives centred on denial, deflection, dismissal, counter-charges, excessive standards of proof, bias in prohibition or enforcement, and so on. These competing narratives allow loyalists cover, but are less compelling to opponents and fence-sitters than campaigns built around existing narratives or highly explanatory master narratives. Competing narratives, as such, are especially useful in the \"firehose of misinformation\" approach.",
"kill_chain_phases": [
@@ -442,8 +442,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d1ad0738-1f52-4fab-b0d1-640b551d7f6a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.332045Z",
- "modified": "2024-03-13T22:04:00.332045Z",
+ "created": "2024-08-02T17:12:32.33212Z",
+ "modified": "2024-08-02T17:12:32.33212Z",
"name": "Create Inauthentic Social Media Pages and Groups",
"description": "Create key social engineering assets needed to amplify content, manipulate algorithms, fool public and/or specific incident/campaign targets. Computational propaganda depends substantially on false perceptions of credibility and acceptance. By creating fake users and groups with a variety of interests and commitments, attackers can ensure that their messages both come from trusted sources and appear more widely adopted than they actually are.",
"kill_chain_phases": [
@@ -470,79 +470,13 @@
],
"x_mitre_version": "2.1"
},
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--7981d39a-01be-46f6-b9f9-507d0c03e919",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.332349Z",
- "modified": "2024-03-13T22:04:00.332349Z",
- "name": "Create Fake Experts",
- "description": "Stories planted or promoted in computational propaganda operations often make use of experts fabricated from whole cloth, sometimes specifically for the story itself.",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0009.md",
- "external_id": "T0009"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": false,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--ec740173-f964-47cc-b849-06a1b134ee4f",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.332592Z",
- "modified": "2024-03-13T22:04:00.332592Z",
- "name": "Utilise Academic/Pseudoscientific Justifications",
- "description": "Utilise Academic/Pseudoscientific Justifications",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0009.001.md",
- "external_id": "T0009.001"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": true,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bacbdfd3-f8c2-4126-a9f3-1b75576fa5e7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.332778Z",
- "modified": "2024-03-13T22:04:00.332778Z",
+ "created": "2024-08-02T17:12:32.333012Z",
+ "modified": "2024-08-02T17:12:32.333012Z",
"name": "Cultivate Ignorant Agents",
"description": "Cultivate propagandists for a cause, the goals of which are not fully comprehended, and who are used cynically by the leaders of the cause. Independent actors use social media and specialised web sites to strategically reinforce and spread messages compatible with their own. Their networks are infiltrated and used by state media disinformation organisations to amplify the state\u2019s own disinformation strategies against target populations. Many are traffickers in conspiracy theories or hoaxes, unified by a suspicion of Western governments and mainstream media. Their narratives, which appeal to leftists hostile to globalism and military intervention and nationalists against immigration, are frequently infiltrated and shaped by state-controlled trolls and altered news items from agencies such as RT and Sputnik. Also know as \"useful idiots\" or \"unwitting agents\".",
"kill_chain_phases": [
@@ -574,8 +508,8 @@
"spec_version": "2.1",
"id": "attack-pattern--95e3e261-2f42-4ff0-a1f9-4eb2c5998284",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.332915Z",
- "modified": "2024-03-13T22:04:00.332915Z",
+ "created": "2024-08-02T17:12:32.333954Z",
+ "modified": "2024-08-02T17:12:32.333954Z",
"name": "Create Inauthentic Websites",
"description": "Create media assets to support inauthentic organisations (e.g. think tank), people (e.g. experts) and/or serve as sites to distribute malware/launch phishing operations.",
"kill_chain_phases": [
@@ -607,8 +541,8 @@
"spec_version": "2.1",
"id": "attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.333337Z",
- "modified": "2024-03-13T22:04:00.333337Z",
+ "created": "2024-08-02T17:12:32.335027Z",
+ "modified": "2024-08-02T17:12:32.335027Z",
"name": "Prepare Fundraising Campaigns",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns (see: Develop Information Pathways) to promote operation messaging while raising money to support its activities.",
"kill_chain_phases": [
@@ -640,8 +574,8 @@
"spec_version": "2.1",
"id": "attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.333792Z",
- "modified": "2024-03-13T22:04:00.333792Z",
+ "created": "2024-08-02T17:12:32.335422Z",
+ "modified": "2024-08-02T17:12:32.335422Z",
"name": "Raise Funds from Malign Actors",
"description": "Raising funds from malign actors may include contributions from foreign agents, cutouts or proxies, shell companies, dark money groups, etc.",
"kill_chain_phases": [
@@ -673,8 +607,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e0b7c795-eae2-4494-a3c9-52bc68c6df06",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.334386Z",
- "modified": "2024-03-13T22:04:00.334386Z",
+ "created": "2024-08-02T17:12:32.335744Z",
+ "modified": "2024-08-02T17:12:32.335744Z",
"name": "Raise Funds from Ignorant Agents",
"description": "Raising funds from ignorant agents may include scams, donations intended for one stated purpose but then used for another, etc.",
"kill_chain_phases": [
@@ -706,8 +640,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e0acfceb-4541-438f-ba33-734f9a666c7d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.334691Z",
- "modified": "2024-03-13T22:04:00.334691Z",
+ "created": "2024-08-02T17:12:32.335938Z",
+ "modified": "2024-08-02T17:12:32.335938Z",
"name": "Create Hashtags and Search Artefacts",
"description": "Create one or more hashtags and/or hashtag groups. Many incident-based campaigns will create hashtags to promote their fabricated event. Creating a hashtag for an incident can have two important effects: 1. Create a perception of reality around an event. Certainly only \"real\" events would be discussed in a hashtag. After all, the event has a name!, and 2. Publicise the story more widely through trending lists and search behaviour. Asset needed to direct/control/manage \"conversation\" connected to launching new incident/campaign with new hashtag for applicable social media sites).",
"kill_chain_phases": [
@@ -739,8 +673,8 @@
"spec_version": "2.1",
"id": "attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.334826Z",
- "modified": "2024-03-13T22:04:00.334826Z",
+ "created": "2024-08-02T17:12:32.336169Z",
+ "modified": "2024-08-02T17:12:32.336169Z",
"name": "Create Clickbait",
"description": "Create attention grabbing headlines (outrage, doubt, humour) required to drive traffic & engagement. This is a key asset.",
"kill_chain_phases": [
@@ -772,8 +706,8 @@
"spec_version": "2.1",
"id": "attack-pattern--61df6490-ca2c-41b7-a251-ded790a03a71",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.335181Z",
- "modified": "2024-03-13T22:04:00.335181Z",
+ "created": "2024-08-02T17:12:32.336388Z",
+ "modified": "2024-08-02T17:12:32.336388Z",
"name": "Conduct Fundraising",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services166 on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns to promote operation messaging while raising money to support its activities.",
"kill_chain_phases": [
@@ -805,8 +739,8 @@
"spec_version": "2.1",
"id": "attack-pattern--72207f73-5b54-4cd4-b453-746a61eb3e28",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.335407Z",
- "modified": "2024-03-13T22:04:00.335407Z",
+ "created": "2024-08-02T17:12:32.336655Z",
+ "modified": "2024-08-02T17:12:32.336655Z",
"name": "Conduct Crowdfunding Campaigns",
"description": "An influence operation may Conduct Crowdfunding Campaigns on platforms such as GoFundMe, GiveSendGo, Tipeee, Patreon, etc.",
"kill_chain_phases": [
@@ -838,8 +772,8 @@
"spec_version": "2.1",
"id": "attack-pattern--eef34262-0822-4727-83f5-2e608babc396",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.335607Z",
- "modified": "2024-03-13T22:04:00.335607Z",
+ "created": "2024-08-02T17:12:32.336982Z",
+ "modified": "2024-08-02T17:12:32.336982Z",
"name": "Purchase Targeted Advertisements",
"description": "Create or fund advertisements targeted at specific populations",
"kill_chain_phases": [
@@ -871,8 +805,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ea0d5988-af73-4b09-8040-7bb2fbadaa3c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.335906Z",
- "modified": "2024-03-13T22:04:00.335906Z",
+ "created": "2024-08-02T17:12:32.337504Z",
+ "modified": "2024-08-02T17:12:32.337504Z",
"name": "Trial Content",
"description": "Iteratively test incident performance (messages, content etc), e.g. A/B test headline/content enagagement metrics; website and/or funding campaign conversion rates",
"kill_chain_phases": [
@@ -904,8 +838,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ea788455-90c6-4f47-97b1-862d30ef7d12",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.336137Z",
- "modified": "2024-03-13T22:04:00.336137Z",
+ "created": "2024-08-02T17:12:32.337907Z",
+ "modified": "2024-08-02T17:12:32.337907Z",
"name": "Leverage Conspiracy Theory Narratives",
"description": "\"Conspiracy narratives\" appeal to the human desire for explanatory order, by invoking the participation of poweful (often sinister) actors in pursuit of their own political goals. These narratives are especially appealing when an audience is low-information, marginalised or otherwise inclined to reject the prevailing explanation. Conspiracy narratives are an important component of the \"firehose of falsehoods\" model.",
"kill_chain_phases": [
@@ -937,8 +871,8 @@
"spec_version": "2.1",
"id": "attack-pattern--b4ed63e5-e8db-4057-989b-3ff5ad8c000c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.336281Z",
- "modified": "2024-03-13T22:04:00.336281Z",
+ "created": "2024-08-02T17:12:32.341425Z",
+ "modified": "2024-08-02T17:12:32.341425Z",
"name": "Amplify Existing Conspiracy Theory Narratives",
"description": "An influence operation may amplify an existing conspiracy theory narrative that aligns with its incident or campaign goals. By amplifying existing conspiracy theory narratives, operators can leverage the power of the existing communities that support and propagate those theories without needing to expend resources creating new narratives or building momentum and buy in around new narratives.",
"kill_chain_phases": [
@@ -970,8 +904,8 @@
"spec_version": "2.1",
"id": "attack-pattern--eb63894c-aad1-47f0-98ee-0fa5e07ed3f3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.336553Z",
- "modified": "2024-03-13T22:04:00.336553Z",
+ "created": "2024-08-02T17:12:32.341849Z",
+ "modified": "2024-08-02T17:12:32.341849Z",
"name": "Develop Original Conspiracy Theory Narratives",
"description": "While this requires more resources than amplifying existing conspiracy theory narratives, an influence operation may develop original conspiracy theory narratives in order to achieve greater control and alignment over the narrative and their campaign goals. Prominent examples include the USSR's Operation INFEKTION disinformation campaign run by the KGB in the 1980s to plant the idea that the United States had invented HIV/AIDS as part of a biological weapons research project at Fort Detrick, Maryland. More recently, Fort Detrick featured prominently in a new conspiracy theory narratives around the origins of the COVID-19 outbreak and pandemic.",
"kill_chain_phases": [
@@ -1003,8 +937,8 @@
"spec_version": "2.1",
"id": "attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.336918Z",
- "modified": "2024-03-13T22:04:00.336918Z",
+ "created": "2024-08-02T17:12:32.342026Z",
+ "modified": "2024-08-02T17:12:32.342026Z",
"name": "Distort Facts",
"description": "Change, twist, or exaggerate existing facts to construct a narrative that differs from reality. Examples: images and ideas can be distorted by being placed in an improper content",
"kill_chain_phases": [
@@ -1036,8 +970,8 @@
"spec_version": "2.1",
"id": "attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.337054Z",
- "modified": "2024-03-13T22:04:00.337054Z",
+ "created": "2024-08-02T17:12:32.34226Z",
+ "modified": "2024-08-02T17:12:32.34226Z",
"name": "Reframe Context",
"description": "Reframing context refers to removing an event from its surrounding context to distort its intended meaning. Rather than deny that an event occurred, reframing context frames an event in a manner that may lead the target audience to draw a different conclusion about its intentions.",
"kill_chain_phases": [
@@ -1069,8 +1003,8 @@
"spec_version": "2.1",
"id": "attack-pattern--84e0fdf7-3bba-4e66-a575-6a32a7f8eca6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.337189Z",
- "modified": "2024-03-13T22:04:00.337189Z",
+ "created": "2024-08-02T17:12:32.342508Z",
+ "modified": "2024-08-02T17:12:32.342508Z",
"name": "Edit Open-Source Content",
"description": "An influence operation may edit open-source content, such as collaborative blogs or encyclopaedias, to promote its narratives on outlets with existing credibility and audiences. Editing open-source content may allow an operation to post content on platforms without dedicating resources to the creation and maintenance of its own assets.",
"kill_chain_phases": [
@@ -1102,8 +1036,8 @@
"spec_version": "2.1",
"id": "attack-pattern--77cb282d-d6e6-4d86-87bf-08a2483bdbb6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.337655Z",
- "modified": "2024-03-13T22:04:00.337655Z",
+ "created": "2024-08-02T17:12:32.342854Z",
+ "modified": "2024-08-02T17:12:32.342854Z",
"name": "Online Polls",
"description": "Create fake online polls, or manipulate existing online polls. Data gathering tactic to target those who engage, and potentially their networks of friends/followers as well",
"kill_chain_phases": [
@@ -1135,10 +1069,10 @@
"spec_version": "2.1",
"id": "attack-pattern--5d4cafe2-42cc-4c41-8ce7-41256e1383f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.338088Z",
- "modified": "2024-03-13T22:04:00.338088Z",
+ "created": "2024-08-02T17:12:32.343367Z",
+ "modified": "2024-08-02T17:12:32.343367Z",
"name": "Bait Influencer",
- "description": "Influencers are people on social media platforms who have large audiences.\u00a0\n\nThreat Actors can try to trick Influencers such as celebrities, journalists, or local leaders who aren\u2019t associated with their campaign into amplifying campaign content. This gives them access to the Influencer\u2019s audience without having to go through the effort of building it themselves, and it helps legitimise their message by associating it with the Influencer, benefitting from their audience\u2019s trust in them.",
+ "description": "Influencers are people on social media platforms who have large audiences.
Threat Actors can try to trick Influencers such as celebrities, journalists, or local leaders who aren\u2019t associated with their campaign into amplifying campaign content. This gives them access to the Influencer\u2019s audience without having to go through the effort of building it themselves, and it helps legitimise their message by associating it with the Influencer, benefitting from their audience\u2019s trust in them.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -1168,8 +1102,8 @@
"spec_version": "2.1",
"id": "attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.338343Z",
- "modified": "2024-03-13T22:04:00.338343Z",
+ "created": "2024-08-02T17:12:32.343565Z",
+ "modified": "2024-08-02T17:12:32.343565Z",
"name": "Demand Insurmountable Proof",
"description": "Campaigns often leverage tactical and informational asymmetries on the threat surface, as seen in the Distort and Deny strategies, and the \"firehose of misinformation\". Specifically, conspiracy theorists can be repeatedly wrong, but advocates of the truth need to be perfect. By constantly escalating demands for proof, propagandists can effectively leverage this asymmetry while also priming its future use, often with an even greater asymmetric advantage. The conspiracist is offered freer rein for a broader range of \"questions\" while the truth teller is burdened with higher and higher standards of proof.",
"kill_chain_phases": [
@@ -1201,8 +1135,8 @@
"spec_version": "2.1",
"id": "attack-pattern--bd1295e0-67b2-419d-b2b4-a832552dbcc6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.338862Z",
- "modified": "2024-03-13T22:04:00.338862Z",
+ "created": "2024-08-02T17:12:32.343749Z",
+ "modified": "2024-08-02T17:12:32.343749Z",
"name": "Seed Kernel of Truth",
"description": "Wrap lies or altered context/facts around truths. Influence campaigns pursue a variety of objectives with respect to target audiences, prominent among them: 1. undermine a narrative commonly referenced in the target audience; or 2. promote a narrative less common in the target audience, but preferred by the attacker. In both cases, the attacker is presented with a heavy lift. They must change the relative importance of various narratives in the interpretation of events, despite contrary tendencies. When messaging makes use of factual reporting to promote these adjustments in the narrative space, they are less likely to be dismissed out of hand; when messaging can juxtapose a (factual) truth about current affairs with the (abstract) truth explicated in these narratives, propagandists can undermine or promote them selectively. Context matters.",
"kill_chain_phases": [
@@ -1234,8 +1168,8 @@
"spec_version": "2.1",
"id": "attack-pattern--23fc4de3-6f2c-4080-b8ed-13e996b1a4b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.339417Z",
- "modified": "2024-03-13T22:04:00.339417Z",
+ "created": "2024-08-02T17:12:32.343925Z",
+ "modified": "2024-08-02T17:12:32.343925Z",
"name": "Chat Apps",
"description": "Direct messaging via chat app is an increasing method of delivery. These messages are often automated and new delivery and storage methods make them anonymous, viral, and ephemeral. This is a difficult space to monitor, but also a difficult space to build acclaim or notoriety.",
"kill_chain_phases": [
@@ -1267,8 +1201,8 @@
"spec_version": "2.1",
"id": "attack-pattern--36f4dc58-e164-4819-83f8-52875377ff16",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.339879Z",
- "modified": "2024-03-13T22:04:00.339879Z",
+ "created": "2024-08-02T17:12:32.344084Z",
+ "modified": "2024-08-02T17:12:32.344084Z",
"name": "Use Encrypted Chat Apps",
"description": "Examples include Signal, WhatsApp, Discord, Wire, etc.",
"kill_chain_phases": [
@@ -1300,8 +1234,8 @@
"spec_version": "2.1",
"id": "attack-pattern--2d540add-b708-402a-93ff-f5aa50d30eb9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.340388Z",
- "modified": "2024-03-13T22:04:00.340388Z",
+ "created": "2024-08-02T17:12:32.344274Z",
+ "modified": "2024-08-02T17:12:32.344274Z",
"name": "Use Unencrypted Chats Apps",
"description": "Examples include SMS, etc.",
"kill_chain_phases": [
@@ -1333,8 +1267,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6b23206e-6a5a-4173-ab1a-17e6cc9a9d2d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.340846Z",
- "modified": "2024-03-13T22:04:00.340846Z",
+ "created": "2024-08-02T17:12:32.344511Z",
+ "modified": "2024-08-02T17:12:32.344511Z",
"name": "Seed Distortions",
"description": "Try a wide variety of messages in the early hours surrounding an incident or event, to give a misleading account or impression.",
"kill_chain_phases": [
@@ -1366,8 +1300,8 @@
"spec_version": "2.1",
"id": "attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.341356Z",
- "modified": "2024-03-13T22:04:00.341356Z",
+ "created": "2024-08-02T17:12:32.344715Z",
+ "modified": "2024-08-02T17:12:32.344715Z",
"name": "Use Fake Experts",
"description": "Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give \"credility\" to misinformation. Take advantage of credential bias",
"kill_chain_phases": [
@@ -1399,8 +1333,8 @@
"spec_version": "2.1",
"id": "attack-pattern--50f92bc8-f6ad-4267-bd00-f4c572370a72",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.34181Z",
- "modified": "2024-03-13T22:04:00.34181Z",
+ "created": "2024-08-02T17:12:32.344897Z",
+ "modified": "2024-08-02T17:12:32.344897Z",
"name": "Use Search Engine Optimisation",
"description": "Manipulate content engagement metrics (ie: Reddit & Twitter) to influence/impact news search results (e.g. Google), also elevates RT & Sputnik headline into Google news alert emails. aka \"Black-hat SEO\"",
"kill_chain_phases": [
@@ -1432,8 +1366,8 @@
"spec_version": "2.1",
"id": "attack-pattern--90ca8c39-a644-4007-b3d6-68fabc90b531",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.342476Z",
- "modified": "2024-03-13T22:04:00.342476Z",
+ "created": "2024-08-02T17:12:32.345087Z",
+ "modified": "2024-08-02T17:12:32.345087Z",
"name": "Censor Social Media as a Political Force",
"description": "Use political influence or the power of state to stop critical social media comments. Government requested/driven content take downs (see Google Transperancy reports).",
"kill_chain_phases": [
@@ -1465,8 +1399,8 @@
"spec_version": "2.1",
"id": "attack-pattern--bc2a6754-44d0-4fe3-8461-e3a4af895835",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.342863Z",
- "modified": "2024-03-13T22:04:00.342863Z",
+ "created": "2024-08-02T17:12:32.34527Z",
+ "modified": "2024-08-02T17:12:32.34527Z",
"name": "Harass",
"description": "Threatening or harassing believers of opposing narratives refers to the use of intimidation techniques, including cyberbullying and doxing, to discourage opponents from voicing their dissent. An influence operation may threaten or harass believers of the opposing narratives to deter individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [
@@ -1498,8 +1432,8 @@
"spec_version": "2.1",
"id": "attack-pattern--7d5ba27c-12c7-4a30-8624-e1ea6670f0f8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.343006Z",
- "modified": "2024-03-13T22:04:00.343006Z",
+ "created": "2024-08-02T17:12:32.345448Z",
+ "modified": "2024-08-02T17:12:32.345448Z",
"name": "Boycott/\"Cancel\" Opponents",
"description": "Cancel culture refers to the phenomenon in which individuals collectively refrain from supporting an individual, organisation, business, or other entity, usually following a real or falsified controversy. An influence operation may exploit cancel culture by emphasising an adversary\u2019s problematic or disputed behaviour and presenting its own content as an alternative.",
"kill_chain_phases": [
@@ -1531,8 +1465,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e47ae747-d83d-433d-a69a-f6d0970fed5e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.343143Z",
- "modified": "2024-03-13T22:04:00.343143Z",
+ "created": "2024-08-02T17:12:32.345613Z",
+ "modified": "2024-08-02T17:12:32.345613Z",
"name": "Harass People Based on Identities",
"description": "Examples include social identities like gender, sexuality, race, ethnicity, religion, ability, nationality, etc. as well as roles and occupations like journalist or activist.",
"kill_chain_phases": [
@@ -1564,8 +1498,8 @@
"spec_version": "2.1",
"id": "attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.343278Z",
- "modified": "2024-03-13T22:04:00.343278Z",
+ "created": "2024-08-02T17:12:32.346525Z",
+ "modified": "2024-08-02T17:12:32.346525Z",
"name": "Threaten to Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [
@@ -1597,8 +1531,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5bc895e8-eb26-43ec-8469-ab665092970d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.343413Z",
- "modified": "2024-03-13T22:04:00.343413Z",
+ "created": "2024-08-02T17:12:32.347214Z",
+ "modified": "2024-08-02T17:12:32.347214Z",
"name": "Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [
@@ -1630,10 +1564,10 @@
"spec_version": "2.1",
"id": "attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.343811Z",
- "modified": "2024-03-13T22:04:00.343811Z",
+ "created": "2024-08-02T17:12:32.347894Z",
+ "modified": "2024-08-02T17:12:32.347894Z",
"name": "Flood Information Space",
- "description": "Flooding sources of information (e.g. Social Media feeds) with a high volume of inauthentic content.\n\nThis can be done to control/shape online conversations, drown out opposing points of view, or make it harder to find legitimate information.\u00a0\n\nBots and/or patriotic trolls are effective tools to achieve this effect.\n\nThis Technique previously used the name Flooding the Information Space.",
+ "description": "Flooding sources of information (e.g. Social Media feeds) with a high volume of inauthentic content.
This can be done to control/shape online conversations, drown out opposing points of view, or make it harder to find legitimate information.
Bots and/or patriotic trolls are effective tools to achieve this effect.
This Technique previously used the name Flooding the Information Space.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -1663,8 +1597,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.343965Z",
- "modified": "2024-03-13T22:04:00.343965Z",
+ "created": "2024-08-02T17:12:32.348471Z",
+ "modified": "2024-08-02T17:12:32.348471Z",
"name": "Trolls Amplify and Manipulate",
"description": "Use trolls to amplify narratives and/or manipulate narratives. Fake profiles/sockpuppets operating to support individuals/narratives from the entire political spectrum (left/right binary). Operating with increased emphasis on promoting local content and promoting real Twitter users generating their own, often divisive political content, as it's easier to amplify existing content than create new/original content. Trolls operate where ever there's a socially divisive issue (issues that can/are be politicized).",
"kill_chain_phases": [
@@ -1696,10 +1630,10 @@
"spec_version": "2.1",
"id": "attack-pattern--bfce790b-dfd6-46ca-8fab-c2d72f21bba2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.344104Z",
- "modified": "2024-03-13T22:04:00.344104Z",
+ "created": "2024-08-02T17:12:32.349076Z",
+ "modified": "2024-08-02T17:12:32.349076Z",
"name": "Flood Existing Hashtag",
- "description": "Hashtags can be used by communities to collate information they post about particular topics (such as their interests, or current events) and users can find communities to join by exploring hashtags they\u2019re interested in.\u00a0\n\nThreat actors can flood an existing hashtag to try to ruin hashtag functionality, posting content unrelated to the hashtag alongside it, making it a less reliable source of relevant information. They may also try to flood existing hashtags with campaign content, with the intent of maximising exposure to users.\n\nThis Technique covers cases where threat actors flood existing hashtags with campaign content.\n\nThis Technique covers behaviours previously documented by T0019.002: Hijack Hashtags, which has since been deprecated. This Technique was previously called Hijack Existing Hashtag.",
+ "description": "Hashtags can be used by communities to collate information they post about particular topics (such as their interests, or current events) and users can find communities to join by exploring hashtags they\u2019re interested in.
Threat actors can flood an existing hashtag to try to ruin hashtag functionality, posting content unrelated to the hashtag alongside it, making it a less reliable source of relevant information. They may also try to flood existing hashtags with campaign content, with the intent of maximising exposure to users.
This Technique covers cases where threat actors flood existing hashtags with campaign content.
This Technique covers behaviours previously documented by T0019.002: Hijack Hashtags, which has since been deprecated. This Technique was previously called Hijack Existing Hashtag.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -1729,8 +1663,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e6ab2793-a059-4354-bb60-045afb019833",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.34424Z",
- "modified": "2024-03-13T22:04:00.34424Z",
+ "created": "2024-08-02T17:12:32.349745Z",
+ "modified": "2024-08-02T17:12:32.349745Z",
"name": "Bots Amplify via Automated Forwarding and Reposting",
"description": "Automated forwarding and reposting refer to the proliferation of operation content using automated means, such as artificial intelligence or social media bots. An influence operation may use automated activity to increase content exposure without dedicating the resources, including personnel and time, traditionally required to forward and repost content. Use bots to amplify narratives above algorithm thresholds. Bots are automated/programmed profiles designed to amplify content (ie: automatically retweet or like) and give appearance it's more \"popular\" than it is. They can operate as a network, to function in a coordinated/orchestrated manner. In some cases (more so now) they are an inexpensive/disposable assets used for minimal deployment as bot detection tools improve and platforms are more responsive.",
"kill_chain_phases": [
@@ -1762,8 +1696,8 @@
"spec_version": "2.1",
"id": "attack-pattern--4282febe-c8a6-46da-863c-f19081615d80",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.344376Z",
- "modified": "2024-03-13T22:04:00.344376Z",
+ "created": "2024-08-02T17:12:32.350087Z",
+ "modified": "2024-08-02T17:12:32.350087Z",
"name": "Utilise Spamoflauge",
"description": "Spamoflauge refers to the practice of disguising spam messages as legitimate. Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk. Simple methods of spamoflauge include replacing letters with numbers to fool keyword-based email spam filters, for example, \"you've w0n our jackp0t!\". Spamoflauge may extend to more complex techniques such as modifying the grammar or word choice of the language, casting messages as images which spam detectors cannot automatically read, or encapsulating messages in password protected attachments, such as .pdf or .zip files. Influence operations may use spamoflauge to avoid spam filtering systems and increase the likelihood of the target audience receiving operation messaging.",
"kill_chain_phases": [
@@ -1795,8 +1729,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ce5b400c-6f82-4095-936b-617857800da8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.344523Z",
- "modified": "2024-03-13T22:04:00.344523Z",
+ "created": "2024-08-02T17:12:32.350548Z",
+ "modified": "2024-08-02T17:12:32.350548Z",
"name": "Conduct Swarming",
"description": "Swarming refers to the coordinated use of accounts to overwhelm the information space with operation content. Unlike information flooding, swarming centres exclusively around a specific event or actor rather than a general narrative. Swarming relies on \u201chorizontal communication\u201d between information assets rather than a top-down, vertical command-and-control approach.",
"kill_chain_phases": [
@@ -1828,8 +1762,8 @@
"spec_version": "2.1",
"id": "attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.344667Z",
- "modified": "2024-03-13T22:04:00.344667Z",
+ "created": "2024-08-02T17:12:32.350844Z",
+ "modified": "2024-08-02T17:12:32.350844Z",
"name": "Conduct Keyword Squatting",
"description": "Keyword squatting refers to the creation of online content, such as websites, articles, or social media accounts, around a specific search engine-optimized term to overwhelm the search results of that term. An influence may keyword squat to increase content exposure to target audience members who query the exploited term in a search engine and manipulate the narrative around the term.",
"kill_chain_phases": [
@@ -1861,8 +1795,8 @@
"spec_version": "2.1",
"id": "attack-pattern--cec91e97-76c8-4a1f-8397-a06939a558ef",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.344928Z",
- "modified": "2024-03-13T22:04:00.344928Z",
+ "created": "2024-08-02T17:12:32.35121Z",
+ "modified": "2024-08-02T17:12:32.35121Z",
"name": "Inauthentic Sites Amplify News and Narratives",
"description": "Inauthentic sites circulate cross-post stories and amplify narratives. Often these sites have no masthead, bylines or attribution.",
"kill_chain_phases": [
@@ -1892,12 +1826,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--ad48b850-c73d-470a-ab8f-bdc7bfcb8ae6",
+ "id": "attack-pattern--3a2f96fa-c3d0-4f54-a041-6807f0ea4955",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.345085Z",
- "modified": "2024-03-13T22:04:00.345085Z",
+ "created": "2024-08-02T17:12:32.351504Z",
+ "modified": "2024-08-02T17:12:32.351504Z",
"name": "Generate Information Pollution",
- "description": "Information Pollution occurs when threat actors attempt to ruin a source of information by flooding it with lots of inauthentic or unreliable content, intending to make it harder for legitimate users to find the information they\u2019re looking for.\u00a0\n\nThis subtechnique's objective is to reduce exposure to target information, rather than promoting exposure to campaign content, for which the parent technique T0049 can be used.\u00a0\n\nAnalysts will need to infer what the motive for flooding an information space was when deciding whether to use T0049 or T0049.008 to tag a case when an information space is flooded. If such inference is not possible, default to T0049.\n\nThis Technique previously used the ID T0019.",
+ "description": "Information Pollution occurs when threat actors attempt to ruin a source of information by flooding it with lots of inauthentic or unreliable content, intending to make it harder for legitimate users to find the information they\u2019re looking for.
This sub-technique\u2019s objective is to reduce exposure to target information, rather than promoting exposure to campaign content, for which the parent Technique T0049 can be used.
Analysts will need to infer what the motive for flooding an information space was when deciding whether to use T0049 or T0049.008 to tag a case when an information space is flooded. If such inference is not possible, default to T0049.
This Technique previously used the ID T0019.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -1927,8 +1861,8 @@
"spec_version": "2.1",
"id": "attack-pattern--0102376a-e896-4191-b3fb-e58188301822",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.345227Z",
- "modified": "2024-03-13T22:04:00.345227Z",
+ "created": "2024-08-02T17:12:32.351843Z",
+ "modified": "2024-08-02T17:12:32.351843Z",
"name": "Organise Events",
"description": "Coordinate and promote real-world events across media platforms, e.g. rallies, protests, gatherings in support of incident narratives.",
"kill_chain_phases": [
@@ -1960,8 +1894,8 @@
"spec_version": "2.1",
"id": "attack-pattern--7b32abce-e101-4dc3-98db-30b79c0c8397",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.345385Z",
- "modified": "2024-03-13T22:04:00.345385Z",
+ "created": "2024-08-02T17:12:32.352216Z",
+ "modified": "2024-08-02T17:12:32.352216Z",
"name": "Pay for Physical Action",
"description": "Paying for physical action occurs when an influence operation pays individuals to act in the physical realm. An influence operation may pay for physical action to create specific situations and frame them in a way that supports operation narratives, for example, paying a group of people to burn a car to later post an image of the burning car and frame it as an act of protest.",
"kill_chain_phases": [
@@ -1993,8 +1927,8 @@
"spec_version": "2.1",
"id": "attack-pattern--f601eb03-79d0-4c00-b07d-4b4647c37efd",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.345583Z",
- "modified": "2024-03-13T22:04:00.345583Z",
+ "created": "2024-08-02T17:12:32.352658Z",
+ "modified": "2024-08-02T17:12:32.352658Z",
"name": "Conduct Symbolic Action",
"description": "Symbolic action refers to activities specifically intended to advance an operation\u2019s narrative by signalling something to the audience, for example, a military parade supporting a state\u2019s narrative of military superiority. An influence operation may use symbolic action to create falsified evidence supporting operation narratives in the physical information space.",
"kill_chain_phases": [
@@ -2026,8 +1960,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d1f55d22-f487-48ec-a810-a9f74220c02e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.345806Z",
- "modified": "2024-03-13T22:04:00.345806Z",
+ "created": "2024-08-02T17:12:32.35304Z",
+ "modified": "2024-08-02T17:12:32.35304Z",
"name": "Play the Long Game",
"description": "Play the long game refers to two phenomena: 1. To plan messaging and allow it to grow organically without conducting your own amplification. This is methodical and slow and requires years for the message to take hold 2. To develop a series of seemingly disconnected messaging narratives that eventually combine into a new narrative.",
"kill_chain_phases": [
@@ -2059,8 +1993,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ad410829-2fb3-490b-b470-f5f859d45942",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.346172Z",
- "modified": "2024-03-13T22:04:00.346172Z",
+ "created": "2024-08-02T17:12:32.3534Z",
+ "modified": "2024-08-02T17:12:32.3534Z",
"name": "Continue to Amplify",
"description": "continue narrative or message amplification after the main incident work has finished",
"kill_chain_phases": [
@@ -2092,8 +2026,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ddc9d571-88a9-4246-bbbf-075bfed721f8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.346436Z",
- "modified": "2024-03-13T22:04:00.346436Z",
+ "created": "2024-08-02T17:12:32.353767Z",
+ "modified": "2024-08-02T17:12:32.353767Z",
"name": "Sell Merchandise",
"description": "Sell mechandise refers to getting the message or narrative into physical space in the offline world while making money",
"kill_chain_phases": [
@@ -2125,8 +2059,8 @@
"spec_version": "2.1",
"id": "attack-pattern--b3bb61ca-5472-42b0-807e-bd8657fc05b2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.346573Z",
- "modified": "2024-03-13T22:04:00.346573Z",
+ "created": "2024-08-02T17:12:32.354177Z",
+ "modified": "2024-08-02T17:12:32.354177Z",
"name": "Prepare Physical Broadcast Capabilities",
"description": "Create or coopt broadcast capabilities (e.g. TV, radio etc).",
"kill_chain_phases": [
@@ -2158,8 +2092,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d696b89b-9686-42ff-b3c4-5a4d5ecaa17a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.346712Z",
- "modified": "2024-03-13T22:04:00.346712Z",
+ "created": "2024-08-02T17:12:32.354685Z",
+ "modified": "2024-08-02T17:12:32.354685Z",
"name": "Degrade Adversary",
"description": "Plan to degrade an adversary\u2019s image or ability to act. This could include preparation and use of harmful information about the adversary\u2019s actions or reputation.",
"kill_chain_phases": [
@@ -2191,8 +2125,8 @@
"spec_version": "2.1",
"id": "attack-pattern--b2a7561a-28ad-426c-a249-f415b5f11cee",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.346847Z",
- "modified": "2024-03-13T22:04:00.346847Z",
+ "created": "2024-08-02T17:12:32.355029Z",
+ "modified": "2024-08-02T17:12:32.355029Z",
"name": "Respond to Breaking News Event or Active Crisis",
"description": "Media attention on a story or event is heightened during a breaking news event, where unclear facts and incomplete information increase speculation, rumours, and conspiracy theories, which are all vulnerable to manipulation.",
"kill_chain_phases": [
@@ -2224,8 +2158,8 @@
"spec_version": "2.1",
"id": "attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.346983Z",
- "modified": "2024-03-13T22:04:00.346983Z",
+ "created": "2024-08-02T17:12:32.355426Z",
+ "modified": "2024-08-02T17:12:32.355426Z",
"name": "Segment Audiences",
"description": "Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.",
"kill_chain_phases": [
@@ -2257,8 +2191,8 @@
"spec_version": "2.1",
"id": "attack-pattern--77574742-25a0-4375-a2c8-d5b54e1360aa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.347169Z",
- "modified": "2024-03-13T22:04:00.347169Z",
+ "created": "2024-08-02T17:12:32.355793Z",
+ "modified": "2024-08-02T17:12:32.355793Z",
"name": "Geographic Segmentation",
"description": "An influence operation may target populations in a specific geographic location, such as a region, state, or city. An influence operation may use geographic segmentation to Create Localised Content (see: Establish Legitimacy).",
"kill_chain_phases": [
@@ -2290,8 +2224,8 @@
"spec_version": "2.1",
"id": "attack-pattern--694bafc2-bd74-40c9-89f2-2ad033f079f4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.347464Z",
- "modified": "2024-03-13T22:04:00.347464Z",
+ "created": "2024-08-02T17:12:32.356167Z",
+ "modified": "2024-08-02T17:12:32.356167Z",
"name": "Demographic Segmentation",
"description": "An influence operation may target populations based on demographic segmentation, including age, gender, and income. Demographic segmentation may be useful for influence operations aiming to change state policies that affect a specific population sector. For example, an influence operation attempting to influence Medicare funding in the United States would likely target U.S. voters over 65 years of age.",
"kill_chain_phases": [
@@ -2323,8 +2257,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1d917530-027d-4f82-b380-404c320dc783",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.347701Z",
- "modified": "2024-03-13T22:04:00.347701Z",
+ "created": "2024-08-02T17:12:32.356564Z",
+ "modified": "2024-08-02T17:12:32.356564Z",
"name": "Economic Segmentation",
"description": "An influence operation may target populations based on their income bracket, wealth, or other financial or economic division.",
"kill_chain_phases": [
@@ -2356,8 +2290,8 @@
"spec_version": "2.1",
"id": "attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.347851Z",
- "modified": "2024-03-13T22:04:00.347851Z",
+ "created": "2024-08-02T17:12:32.356931Z",
+ "modified": "2024-08-02T17:12:32.356931Z",
"name": "Psychographic Segmentation",
"description": "An influence operation may target populations based on psychographic segmentation, which uses audience values and decision-making processes. An operation may individually gather psychographic data with its own surveys or collection tools or externally purchase data from social media companies or online surveys, such as personality quizzes.",
"kill_chain_phases": [
@@ -2389,8 +2323,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a468ff54-27eb-4e6d-b709-a9830017df86",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.348089Z",
- "modified": "2024-03-13T22:04:00.348089Z",
+ "created": "2024-08-02T17:12:32.357307Z",
+ "modified": "2024-08-02T17:12:32.357307Z",
"name": "Political Segmentation",
"description": "An influence operation may target populations based on their political affiliations, especially when aiming to manipulate voting or change policy.",
"kill_chain_phases": [
@@ -2422,8 +2356,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6faf71ca-1e32-4134-8a7c-79b25f7f3615",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.34842Z",
- "modified": "2024-03-13T22:04:00.34842Z",
+ "created": "2024-08-02T17:12:32.357634Z",
+ "modified": "2024-08-02T17:12:32.357634Z",
"name": "Determine Target Audiences",
"description": "Determining the target audiences (segments of the population) who will receive campaign narratives and artefacts intended to achieve the strategic ends.",
"kill_chain_phases": [
@@ -2455,8 +2389,8 @@
"spec_version": "2.1",
"id": "attack-pattern--bef6392b-f5a2-4a40-8b53-9a9377bea159",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.348703Z",
- "modified": "2024-03-13T22:04:00.348703Z",
+ "created": "2024-08-02T17:12:32.358298Z",
+ "modified": "2024-08-02T17:12:32.358298Z",
"name": "Determine Strategic Ends",
"description": "These are the long-term end-states the campaign aims to bring about. They typically involve an advantageous position vis-a-vis competitors in terms of power or influence. The strategic goal may be to improve or simply to hold one\u2019s position. Competition occurs in the public sphere in the domains of war, diplomacy, politics, economics, and ideology, and can play out between armed groups, nation-states, political parties, corporations, interest groups, or individuals. ",
"kill_chain_phases": [
@@ -2486,10 +2420,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--f3a240cc-d8bd-4e0e-8076-8ca89c09b638",
+ "id": "attack-pattern--030976e3-fce8-434e-9ea8-a36ee2c0192e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.348867Z",
- "modified": "2024-03-13T22:04:00.348867Z",
+ "created": "2024-08-02T17:12:32.358684Z",
+ "modified": "2024-08-02T17:12:32.358684Z",
"name": "Geopolitical Advantage",
"description": "Favourable position on the international stage in terms of great power politics or regional rivalry. Geopolitics plays out in the realms of foreign policy, national security, diplomacy, and intelligence. It involves nation-state governments, heads of state, foreign ministers, intergovernmental organisations, and regional security alliances.",
"kill_chain_phases": [
@@ -2519,10 +2453,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--ec0442ff-f447-4f22-bd34-9167f50b0fe7",
+ "id": "attack-pattern--6c001f2c-b143-4d9b-91d7-5a663152cdb5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.349018Z",
- "modified": "2024-03-13T22:04:00.349018Z",
+ "created": "2024-08-02T17:12:32.359091Z",
+ "modified": "2024-08-02T17:12:32.359091Z",
"name": "Domestic Political Advantage",
"description": "Favourable position vis-\u00e0-vis national or sub-national political opponents such as political parties, interest groups, politicians, candidates. ",
"kill_chain_phases": [
@@ -2552,10 +2486,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--4ecb18af-7e16-4eba-b2c3-40d43f737fdf",
+ "id": "attack-pattern--2b1270a6-d432-453f-88cf-17fa38ec6f40",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.349163Z",
- "modified": "2024-03-13T22:04:00.349163Z",
+ "created": "2024-08-02T17:12:32.359451Z",
+ "modified": "2024-08-02T17:12:32.359451Z",
"name": "Economic Advantage",
"description": "Favourable position domestically or internationally in the realms of commerce, trade, finance, industry. Economics involves nation-states, corporations, banks, trade blocs, industry associations, cartels. ",
"kill_chain_phases": [
@@ -2585,10 +2519,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--97c51e13-0bcf-45f6-9e8a-6d8e89c8e6f4",
+ "id": "attack-pattern--d6681707-afcc-4656-91ca-779bc303d944",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.349306Z",
- "modified": "2024-03-13T22:04:00.349306Z",
+ "created": "2024-08-02T17:12:32.359885Z",
+ "modified": "2024-08-02T17:12:32.359885Z",
"name": "Ideological Advantage",
"description": "Favourable position domestically or internationally in the market for ideas, beliefs, and world views. Competition plays out among faith systems, political systems, and value systems. It can involve sub-national, national or supra-national movements. ",
"kill_chain_phases": [
@@ -2620,8 +2554,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5414f74d-0b10-4562-ad9d-e5e1093e255a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.349529Z",
- "modified": "2024-03-13T22:04:00.349529Z",
+ "created": "2024-08-02T17:12:32.360306Z",
+ "modified": "2024-08-02T17:12:32.360306Z",
"name": "Dismiss",
"description": "Push back against criticism by dismissing your critics. This might be arguing that the critics use a different standard for you than with other actors or themselves; or arguing that their criticism is biassed.",
"kill_chain_phases": [
@@ -2653,8 +2587,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9b66eaf5-5b03-46b8-b076-cf1da3593745",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.349855Z",
- "modified": "2024-03-13T22:04:00.349855Z",
+ "created": "2024-08-02T17:12:32.360819Z",
+ "modified": "2024-08-02T17:12:32.360819Z",
"name": "Discredit Credible Sources",
"description": "Plan to delegitimize the media landscape and degrade public trust in reporting, by discrediting credible sources. This makes it easier to promote influence operation content.",
"kill_chain_phases": [
@@ -2686,8 +2620,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.350132Z",
- "modified": "2024-03-13T22:04:00.350132Z",
+ "created": "2024-08-02T17:12:32.361233Z",
+ "modified": "2024-08-02T17:12:32.361233Z",
"name": "Distort",
"description": "Twist the narrative. Take information, or artefacts like images, and change the framing around them.",
"kill_chain_phases": [
@@ -2719,8 +2653,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9e80abf9-0991-47c3-982c-b33e66640d10",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.350357Z",
- "modified": "2024-03-13T22:04:00.350357Z",
+ "created": "2024-08-02T17:12:32.361644Z",
+ "modified": "2024-08-02T17:12:32.361644Z",
"name": "Distract",
"description": "Shift attention to a different narrative or actor, for instance by accusing critics of the same activity that they\u2019ve accused you of (e.g. police brutality).",
"kill_chain_phases": [
@@ -2752,8 +2686,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8ad58740-d5c1-40bb-9091-f98adfe8d89f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.350647Z",
- "modified": "2024-03-13T22:04:00.350647Z",
+ "created": "2024-08-02T17:12:32.362029Z",
+ "modified": "2024-08-02T17:12:32.362029Z",
"name": "Dismay",
"description": "Threaten the critic or narrator of events. For instance, threaten journalists or news outlets reporting on a story.",
"kill_chain_phases": [
@@ -2785,8 +2719,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.350927Z",
- "modified": "2024-03-13T22:04:00.350927Z",
+ "created": "2024-08-02T17:12:32.362521Z",
+ "modified": "2024-08-02T17:12:32.362521Z",
"name": "Divide",
"description": "Create conflict between subgroups, to widen divisions in a community",
"kill_chain_phases": [
@@ -2818,8 +2752,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8289a941-c379-4628-916a-2ddc12f4e531",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.351162Z",
- "modified": "2024-03-13T22:04:00.351162Z",
+ "created": "2024-08-02T17:12:32.362876Z",
+ "modified": "2024-08-02T17:12:32.362876Z",
"name": "Map Target Audience Information Environment",
"description": "Mapping the target audience information environment analyses the information space itself, including social media analytics, web traffic, and media surveys. Mapping the information environment may help the influence operation determine the most realistic and popular information channels to reach its target audience. Mapping the target audience information environment aids influence operations in determining the most vulnerable areas of the information space to target with messaging.",
"kill_chain_phases": [
@@ -2851,8 +2785,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9ec25bd4-7dcd-4bbf-9e2f-6170af84e166",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.351403Z",
- "modified": "2024-03-13T22:04:00.351403Z",
+ "created": "2024-08-02T17:12:32.363333Z",
+ "modified": "2024-08-02T17:12:32.363333Z",
"name": "Monitor Social Media Analytics",
"description": "An influence operation may use social media analytics to determine which factors will increase the operation content\u2019s exposure to its target audience on social media platforms, including views, interactions, and sentiment relating to topics and content types. The social media platform itself or a third-party tool may collect the metrics.",
"kill_chain_phases": [
@@ -2884,8 +2818,8 @@
"spec_version": "2.1",
"id": "attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.351675Z",
- "modified": "2024-03-13T22:04:00.351675Z",
+ "created": "2024-08-02T17:12:32.363691Z",
+ "modified": "2024-08-02T17:12:32.363691Z",
"name": "Evaluate Media Surveys",
"description": "An influence operation may evaluate its own or third-party media surveys to determine what type of content appeals to its target audience. Media surveys may provide insight into an audience\u2019s political views, social class, general interests, or other indicators used to tailor operation messaging to its target audience.",
"kill_chain_phases": [
@@ -2917,8 +2851,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5a279d23-6ba2-425c-bf72-20c6411ca5a7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.351922Z",
- "modified": "2024-03-13T22:04:00.351922Z",
+ "created": "2024-08-02T17:12:32.364042Z",
+ "modified": "2024-08-02T17:12:32.364042Z",
"name": "Identify Trending Topics/Hashtags",
"description": "An influence operation may identify trending hashtags on social media platforms for later use in boosting operation content. A hashtag40 refers to a word or phrase preceded by the hash symbol (#) on social media used to identify messages and posts relating to a specific topic. All public posts that use the same hashtag are aggregated onto a centralised page dedicated to the word or phrase and sorted either chronologically or by popularity.",
"kill_chain_phases": [
@@ -2950,8 +2884,8 @@
"spec_version": "2.1",
"id": "attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.352229Z",
- "modified": "2024-03-13T22:04:00.352229Z",
+ "created": "2024-08-02T17:12:32.364425Z",
+ "modified": "2024-08-02T17:12:32.364425Z",
"name": "Conduct Web Traffic Analysis",
"description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.",
"kill_chain_phases": [
@@ -2983,8 +2917,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c729368d-246a-47eb-8e4b-ab5b0a3510ec",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.352481Z",
- "modified": "2024-03-13T22:04:00.352481Z",
+ "created": "2024-08-02T17:12:32.364767Z",
+ "modified": "2024-08-02T17:12:32.364767Z",
"name": "Assess Degree/Type of Media Access",
"description": "An influence operation may survey a target audience\u2019s Internet availability and degree of media freedom to determine which target audience members will have access to operation content and on which platforms. An operation may face more difficulty targeting an information environment with heavy restrictions and media control than an environment with independent media, freedom of speech and of the press, and individual liberties.",
"kill_chain_phases": [
@@ -3016,8 +2950,8 @@
"spec_version": "2.1",
"id": "attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.352692Z",
- "modified": "2024-03-13T22:04:00.352692Z",
+ "created": "2024-08-02T17:12:32.365103Z",
+ "modified": "2024-08-02T17:12:32.365103Z",
"name": "Identify Social and Technical Vulnerabilities",
"description": "Identifying social and technical vulnerabilities determines weaknesses within the target audience information environment for later exploitation. Vulnerabilities include decisive political issues, weak cybersecurity infrastructure, search engine data voids, and other technical and non technical weaknesses in the target information environment. Identifying social and technical vulnerabilities facilitates the later exploitation of the identified weaknesses to advance operation objectives.",
"kill_chain_phases": [
@@ -3049,8 +2983,8 @@
"spec_version": "2.1",
"id": "attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.352828Z",
- "modified": "2024-03-13T22:04:00.352828Z",
+ "created": "2024-08-02T17:12:32.365448Z",
+ "modified": "2024-08-02T17:12:32.365448Z",
"name": "Find Echo Chambers",
"description": "Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with.",
"kill_chain_phases": [
@@ -3082,8 +3016,8 @@
"spec_version": "2.1",
"id": "attack-pattern--55ff2ec4-8d1b-49f8-b774-d5996bc33648",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.352963Z",
- "modified": "2024-03-13T22:04:00.352963Z",
+ "created": "2024-08-02T17:12:32.36588Z",
+ "modified": "2024-08-02T17:12:32.36588Z",
"name": "Identify Data Voids",
"description": "A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) \u201cBreaking news\u201d data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a \u201cstrategic new terms\u201d data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on \u201coutdated terms\u201d that have decreased in popularity, capitalising on most search engines\u2019 preferences for recency. (4) \u201cFragmented concepts\u201d data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use \u201cproblematic queries\u201d that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.",
"kill_chain_phases": [
@@ -3115,8 +3049,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8ecbc28c-36e9-4d9a-8578-b9e20552d732",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.353147Z",
- "modified": "2024-03-13T22:04:00.353147Z",
+ "created": "2024-08-02T17:12:32.366252Z",
+ "modified": "2024-08-02T17:12:32.366252Z",
"name": "Identify Existing Prejudices",
"description": "An influence operation may exploit existing racial, religious, demographic, or social prejudices to further polarise its target audience from the rest of the public.",
"kill_chain_phases": [
@@ -3148,8 +3082,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d13ff5af-16fd-4b32-8e14-f2e0980c15fb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.353349Z",
- "modified": "2024-03-13T22:04:00.353349Z",
+ "created": "2024-08-02T17:12:32.366531Z",
+ "modified": "2024-08-02T17:12:32.366531Z",
"name": "Identify Existing Fissures",
"description": "An influence operation may identify existing fissures to pit target populations against one another or facilitate a \u201cdivide-and-conquer\" approach to tailor operation narratives along the divides.",
"kill_chain_phases": [
@@ -3181,8 +3115,8 @@
"spec_version": "2.1",
"id": "attack-pattern--625fe1a6-ee9d-45c8-9912-9e9f6e87dc85",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.353568Z",
- "modified": "2024-03-13T22:04:00.353568Z",
+ "created": "2024-08-02T17:12:32.366827Z",
+ "modified": "2024-08-02T17:12:32.366827Z",
"name": "Identify Existing Conspiracy Narratives/Suspicions",
"description": "An influence operation may assess preexisting conspiracy theories or suspicions in a population to identify existing narratives that support operational objectives.",
"kill_chain_phases": [
@@ -3214,8 +3148,8 @@
"spec_version": "2.1",
"id": "attack-pattern--594993b4-86a3-455b-af59-61f167d7fd93",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.353765Z",
- "modified": "2024-03-13T22:04:00.353765Z",
+ "created": "2024-08-02T17:12:32.367108Z",
+ "modified": "2024-08-02T17:12:32.367108Z",
"name": "Identify Wedge Issues",
"description": "A wedge issue is a divisive political issue, usually concerning a social phenomenon, that divides individuals along a defined line. An influence operation may exploit wedge issues by intentionally polarising the public along the wedge issue line and encouraging opposition between factions.",
"kill_chain_phases": [
@@ -3247,8 +3181,8 @@
"spec_version": "2.1",
"id": "attack-pattern--7d69d231-78a6-4a98-a715-c0edd9adafce",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.353902Z",
- "modified": "2024-03-13T22:04:00.353902Z",
+ "created": "2024-08-02T17:12:32.367396Z",
+ "modified": "2024-08-02T17:12:32.367396Z",
"name": "Identify Target Audience Adversaries",
"description": "An influence operation may identify or create a real or imaginary adversary to centre operation narratives against. A real adversary may include certain politicians or political parties while imaginary adversaries may include falsified \u201cdeep state\u201d62 actors that, according to conspiracies, run the state behind public view.",
"kill_chain_phases": [
@@ -3280,8 +3214,8 @@
"spec_version": "2.1",
"id": "attack-pattern--bb8da71f-108a-4c46-a1ef-d24ef1c8a661",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.354054Z",
- "modified": "2024-03-13T22:04:00.354054Z",
+ "created": "2024-08-02T17:12:32.367712Z",
+ "modified": "2024-08-02T17:12:32.367712Z",
"name": "Identify Media System Vulnerabilities",
"description": "An influence operation may exploit existing weaknesses in a target\u2019s media system. These weaknesses may include existing biases among media agencies, vulnerability to false news agencies on social media, or existing distrust of traditional media sources. An existing distrust among the public in the media system\u2019s credibility holds high potential for exploitation by an influence operation when establishing alternative news agencies to spread operation content.",
"kill_chain_phases": [
@@ -3313,8 +3247,8 @@
"spec_version": "2.1",
"id": "attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.354296Z",
- "modified": "2024-03-13T22:04:00.354296Z",
+ "created": "2024-08-02T17:12:32.368028Z",
+ "modified": "2024-08-02T17:12:32.368028Z",
"name": "Develop New Narratives",
"description": "Actors may develop new narratives to further strategic or tactical goals, especially when existing narratives adequately align with the campaign goals. New narratives provide more control in terms of crafting the message to achieve specific goals. However, new narratives may require more effort to disseminate than adapting or adopting existing narratives.",
"kill_chain_phases": [
@@ -3346,8 +3280,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c254c765-c83d-4ae3-880e-7a253ef02d37",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.354512Z",
- "modified": "2024-03-13T22:04:00.354512Z",
+ "created": "2024-08-02T17:12:32.368347Z",
+ "modified": "2024-08-02T17:12:32.368347Z",
"name": "Integrate Target Audience Vulnerabilities into Narrative",
"description": "An influence operation may seek to exploit the preexisting weaknesses, fears, and enemies of the target audience for integration into the operation\u2019s narratives and overall strategy. Integrating existing vulnerabilities into the operational approach conserves resources by exploiting already weak areas of the target information environment instead of forcing the operation to create new vulnerabilities in the environment.",
"kill_chain_phases": [
@@ -3379,8 +3313,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9636ae57-0b93-41a0-8323-85109ee34877",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.354684Z",
- "modified": "2024-03-13T22:04:00.354684Z",
+ "created": "2024-08-02T17:12:32.368664Z",
+ "modified": "2024-08-02T17:12:32.368664Z",
"name": "Reuse Existing Content",
"description": "When an operation recycles content from its own previous operations or plagiarises from external operations. An operation may launder information to conserve resources that would have otherwise been utilised to develop new content.",
"kill_chain_phases": [
@@ -3412,8 +3346,8 @@
"spec_version": "2.1",
"id": "attack-pattern--4cd719a9-e817-4acc-9581-6b6a60e42f35",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.35482Z",
- "modified": "2024-03-13T22:04:00.35482Z",
+ "created": "2024-08-02T17:12:32.369011Z",
+ "modified": "2024-08-02T17:12:32.369011Z",
"name": "Use Copypasta",
"description": "Copypasta refers to a piece of text that has been copied and pasted multiple times across various online platforms. A copypasta\u2019s final form may differ from its original source text as users add, delete, or otherwise edit the content as they repost the text.",
"kill_chain_phases": [
@@ -3445,8 +3379,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a3fe7752-dbfa-4918-912f-c492c8593c68",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.354989Z",
- "modified": "2024-03-13T22:04:00.354989Z",
+ "created": "2024-08-02T17:12:32.369332Z",
+ "modified": "2024-08-02T17:12:32.369332Z",
"name": "Plagiarise Content",
"description": "An influence operation may take content from other sources without proper attribution. This content may be either misinformation content shared by others without malicious intent but now leveraged by the campaign as disinformation or disinformation content from other sources.",
"kill_chain_phases": [
@@ -3478,8 +3412,8 @@
"spec_version": "2.1",
"id": "attack-pattern--7475b7e6-1095-4ae1-a995-10ab1a6c838a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.355206Z",
- "modified": "2024-03-13T22:04:00.355206Z",
+ "created": "2024-08-02T17:12:32.369661Z",
+ "modified": "2024-08-02T17:12:32.369661Z",
"name": "Deceptively Labelled or Translated",
"description": "An influence operation may take authentic content from other sources and add deceptive labels or deceptively translate the content into other langauges.",
"kill_chain_phases": [
@@ -3511,8 +3445,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e27cf6aa-69bc-434b-ac68-b0164d0b3421",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.355407Z",
- "modified": "2024-03-13T22:04:00.355407Z",
+ "created": "2024-08-02T17:12:32.370006Z",
+ "modified": "2024-08-02T17:12:32.370006Z",
"name": "Appropriate Content",
"description": "An influence operation may take content from other sources with proper attribution. This content may be either misinformation content shared by others without malicious intent but now leveraged by the campaign as disinformation or disinformation content from other sources. Examples include the appropriation of content from one inauthentic news site to another inauthentic news site or network in ways that align with the originators licencing or terms of service.",
"kill_chain_phases": [
@@ -3544,8 +3478,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8ea2fcce-e27e-4019-a773-70f3dddfab34",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.355624Z",
- "modified": "2024-03-13T22:04:00.355624Z",
+ "created": "2024-08-02T17:12:32.370419Z",
+ "modified": "2024-08-02T17:12:32.370419Z",
"name": "Develop Text-Based Content",
"description": "Creating and editing false or misleading text-based artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign.",
"kill_chain_phases": [
@@ -3577,10 +3511,10 @@
"spec_version": "2.1",
"id": "attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.35582Z",
- "modified": "2024-03-13T22:04:00.35582Z",
+ "created": "2024-08-02T17:12:32.370771Z",
+ "modified": "2024-08-02T17:12:32.370771Z",
"name": "Develop AI-Generated Text",
- "description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.",
+ "description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.
Associated Techniques and Sub-techniques: T0085.008: Machine Translated Text: Use this sub-technique when AI has been used to generate a translation of a piece of text.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -3610,8 +3544,8 @@
"spec_version": "2.1",
"id": "attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.355959Z",
- "modified": "2024-03-13T22:04:00.355959Z",
+ "created": "2024-08-02T17:12:32.371128Z",
+ "modified": "2024-08-02T17:12:32.371128Z",
"name": "Develop Inauthentic News Articles",
"description": "An influence operation may develop false or misleading news articles aligned to their campaign goals or narratives.",
"kill_chain_phases": [
@@ -3641,10 +3575,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--594af720-6df6-4d82-97c5-cf165d5c81db",
+ "id": "attack-pattern--9f99239e-f22e-4db4-9681-c20e511b4c35",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.356126Z",
- "modified": "2024-03-13T22:04:00.356126Z",
+ "created": "2024-08-02T17:12:32.371475Z",
+ "modified": "2024-08-02T17:12:32.371475Z",
"name": "Develop Document",
"description": "Produce text in the form of a document.",
"kill_chain_phases": [
@@ -3674,12 +3608,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--e8571474-253f-4a8f-9087-a2a3e5b187d2",
+ "id": "attack-pattern--df5189cc-29b5-41d1-a20f-bd641f5946be",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.356271Z",
- "modified": "2024-03-13T22:04:00.356271Z",
+ "created": "2024-08-02T17:12:32.371835Z",
+ "modified": "2024-08-02T17:12:32.371835Z",
"name": "Develop Book",
- "description": "Produce text content in the form of a book.\u00a0\n\nThis technique covers both e-books and physical books, however, the former is more easily deployed by threat actors given the lower cost to develop.",
+ "description": "Produce text content in the form of a book.\u00a0
This technique covers both e-books and physical books, however, the former is more easily deployed by threat actors given the lower cost to develop.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -3707,12 +3641,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--a54ce69b-fad5-48ec-a238-4bc3afd1d3e1",
+ "id": "attack-pattern--269dbccd-0cff-4f60-a0bf-253eba9bcc63",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.356433Z",
- "modified": "2024-03-13T22:04:00.356433Z",
+ "created": "2024-08-02T17:12:32.372218Z",
+ "modified": "2024-08-02T17:12:32.372218Z",
"name": "Develop Opinion Article",
- "description": "Opinion articles (aka \u201cOp-Eds\u201d or \u201cEditorials\u201d) are articles or regular columns flagged as \u201copinion\u201d posted to news sources, and can be contributed by people outside the organisation.\u00a0\n\nFlagging articles as opinions allow news organisations to distinguish them from the typical expectations of objective news reporting while distancing the presented opinion from the organisation or its employees.\n\nThe use of this technique is not by itself an indication of malicious or inauthentic content; Op-eds are a common format in media. However, threat actors exploit op-eds to, for example, submit opinion articles to local media to promote their narratives.\n\nExamples from the perspective of a news site involve publishing op-eds from perceived prestigious voices to give legitimacy to an inauthentic publication, or supporting causes by hosting op-eds from actors aligned with the organisation\u2019s goals.",
+ "description": "Opinion articles (aka \u201cOp-Eds\u201d or \u201cEditorials\u201d) are articles or regular columns flagged as \u201copinion\u201d posted to news sources, and can be contributed by people outside the organisation.\u00a0
Flagging articles as opinions allow news organisations to distinguish them from the typical expectations of objective news reporting while distancing the presented opinion from the organisation or its employees.
The use of this technique is not by itself an indication of malicious or inauthentic content; Op-eds are a common format in media. However, threat actors exploit op-eds to, for example, submit opinion articles to local media to promote their narratives.
Examples from the perspective of a news site involve publishing op-eds from perceived prestigious voices to give legitimacy to an inauthentic publication, or supporting causes by hosting op-eds from actors aligned with the organisation\u2019s goals.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -3740,12 +3674,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--de28e1be-a5e8-4031-ae6c-cdc570020a1f",
+ "id": "attack-pattern--0b662d26-ea3d-45d2-87e8-b32296ad9227",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.356663Z",
- "modified": "2024-03-13T22:04:00.356663Z",
+ "created": "2024-08-02T17:12:32.372647Z",
+ "modified": "2024-08-02T17:12:32.372647Z",
"name": "Create Fake Research",
- "description": "Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx.\n\nThis Technique previously used the ID T0019.001",
+ "description": "Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx.
This Technique previously used the ID T0019.001.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -3770,13 +3704,46 @@
],
"x_mitre_version": "2.1"
},
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--1e817a7b-5f96-48d0-a2f9-7ba53c168397",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.373021Z",
+ "modified": "2024-08-02T17:12:32.373021Z",
+ "name": "Machine Translated Text",
+ "description": "Text which has been translated into another language using machine translation tools, such as AI.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "develop-content"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.008.md",
+ "external_id": "T0085.008"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5f8a5d7e-fc17-48f2-a6fa-38fcf7843bdf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.356861Z",
- "modified": "2024-03-13T22:04:00.356861Z",
+ "created": "2024-08-02T17:12:32.3734Z",
+ "modified": "2024-08-02T17:12:32.3734Z",
"name": "Develop Image-Based Content",
"description": "Creating and editing false or misleading visual artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include photographing staged real-life situations, repurposing existing digital images, or using image creation and editing technologies.",
"kill_chain_phases": [
@@ -3808,8 +3775,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a60b4d87-cca8-4e17-a51c-f9c2af96aef4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.357048Z",
- "modified": "2024-03-13T22:04:00.357048Z",
+ "created": "2024-08-02T17:12:32.373732Z",
+ "modified": "2024-08-02T17:12:32.373732Z",
"name": "Develop Memes",
"description": "Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.",
"kill_chain_phases": [
@@ -3841,10 +3808,10 @@
"spec_version": "2.1",
"id": "attack-pattern--7b6c328e-b050-4d76-8e11-ff3b3fe7dea3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.357237Z",
- "modified": "2024-03-13T22:04:00.357237Z",
+ "created": "2024-08-02T17:12:32.374151Z",
+ "modified": "2024-08-02T17:12:32.374151Z",
"name": "Develop AI-Generated Images (Deepfakes)",
- "description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
+ "description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.
Associated Techniques and Sub-techniques: T0145.002: AI-Generated Account Imagery: Analysts should use this sub-technique to document use of AI generated imagery in accounts\u2019 profile pictures or other account imagery.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -3874,8 +3841,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e4ad5ad8-f52d-48a0-8fce-33157f885a3e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.35738Z",
- "modified": "2024-03-13T22:04:00.35738Z",
+ "created": "2024-08-02T17:12:32.374513Z",
+ "modified": "2024-08-02T17:12:32.374513Z",
"name": "Deceptively Edit Images (Cheap Fakes)",
"description": "Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
@@ -3907,8 +3874,8 @@
"spec_version": "2.1",
"id": "attack-pattern--58b169c1-7e9a-4300-a98f-eb7baee8967f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.357518Z",
- "modified": "2024-03-13T22:04:00.357518Z",
+ "created": "2024-08-02T17:12:32.374865Z",
+ "modified": "2024-08-02T17:12:32.374865Z",
"name": "Aggregate Information into Evidence Collages",
"description": "Image files that aggregate positive evidence (Joan Donovan)",
"kill_chain_phases": [
@@ -3940,8 +3907,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ce4a9eee-7437-43ce-ac86-c1921f5c01a7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.357721Z",
- "modified": "2024-03-13T22:04:00.357721Z",
+ "created": "2024-08-02T17:12:32.375242Z",
+ "modified": "2024-08-02T17:12:32.375242Z",
"name": "Develop Video-Based Content",
"description": "Creating and editing false or misleading video artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include staging videos of purportedly real situations, repurposing existing video artefacts, or using AI-generated video creation and editing technologies (including deepfakes).",
"kill_chain_phases": [
@@ -3973,8 +3940,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c4e7d976-071a-4973-833e-3badef32b8c5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.357915Z",
- "modified": "2024-03-13T22:04:00.357915Z",
+ "created": "2024-08-02T17:12:32.375552Z",
+ "modified": "2024-08-02T17:12:32.375552Z",
"name": "Develop AI-Generated Videos (Deepfakes)",
"description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
"kill_chain_phases": [
@@ -4006,8 +3973,8 @@
"spec_version": "2.1",
"id": "attack-pattern--57f82c4a-4db0-47f4-b4a2-03cd2792b6dc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.358087Z",
- "modified": "2024-03-13T22:04:00.358087Z",
+ "created": "2024-08-02T17:12:32.37578Z",
+ "modified": "2024-08-02T17:12:32.37578Z",
"name": "Deceptively Edit Video (Cheap Fakes)",
"description": "Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
@@ -4039,8 +4006,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5b6aaad5-7166-4321-ae82-b9300a2ddad7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.358249Z",
- "modified": "2024-03-13T22:04:00.358249Z",
+ "created": "2024-08-02T17:12:32.375987Z",
+ "modified": "2024-08-02T17:12:32.375987Z",
"name": "Develop Audio-Based Content",
"description": "Creating and editing false or misleading audio artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include creating completely new audio content, repurposing existing audio artefacts (including cheap fakes), or using AI-generated audio creation and editing technologies (including deepfakes).",
"kill_chain_phases": [
@@ -4072,8 +4039,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e60f54a3-9972-43b8-8359-ee21d781acae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.358419Z",
- "modified": "2024-03-13T22:04:00.358419Z",
+ "created": "2024-08-02T17:12:32.376186Z",
+ "modified": "2024-08-02T17:12:32.376186Z",
"name": "Develop AI-Generated Audio (Deepfakes)",
"description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
"kill_chain_phases": [
@@ -4105,8 +4072,8 @@
"spec_version": "2.1",
"id": "attack-pattern--779fe6e8-44ee-4f36-ab93-9daa867001d4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.35863Z",
- "modified": "2024-03-13T22:04:00.35863Z",
+ "created": "2024-08-02T17:12:32.376384Z",
+ "modified": "2024-08-02T17:12:32.376384Z",
"name": "Deceptively Edit Audio (Cheap Fakes)",
"description": "Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
@@ -4138,8 +4105,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8c7832cb-8877-4f54-8e05-7e6df9a3d2b4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.358826Z",
- "modified": "2024-03-13T22:04:00.358826Z",
+ "created": "2024-08-02T17:12:32.376603Z",
+ "modified": "2024-08-02T17:12:32.376603Z",
"name": "Obtain Private Documents",
"description": "Procuring documents that are not publicly available, by whatever means -- whether legal or illegal, highly-resourced or less so. These documents can include authentic non-public documents, authentic non-public documents have been altered, or inauthentic documents intended to appear as if they are authentic non-public documents. All of these types of documents can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [
@@ -4171,8 +4138,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ec8424e6-c7de-4543-b943-f0c4cc9ac63d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.359017Z",
- "modified": "2024-03-13T22:04:00.359017Z",
+ "created": "2024-08-02T17:12:32.376796Z",
+ "modified": "2024-08-02T17:12:32.376796Z",
"name": "Obtain Authentic Documents",
"description": "Procure authentic documents that are not publicly available, by whatever means -- whether legal or illegal, highly-resourced or less so. These documents can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [
@@ -4204,8 +4171,8 @@
"spec_version": "2.1",
"id": "attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.359363Z",
- "modified": "2024-03-13T22:04:00.359363Z",
+ "created": "2024-08-02T17:12:32.37699Z",
+ "modified": "2024-08-02T17:12:32.37699Z",
"name": "Alter Authentic Documents",
"description": "Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic and can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [
@@ -4237,8 +4204,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6f020d80-d267-4e2a-8cd0-6d0dabe84f3a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.359596Z",
- "modified": "2024-03-13T22:04:00.359596Z",
+ "created": "2024-08-02T17:12:32.377225Z",
+ "modified": "2024-08-02T17:12:32.377225Z",
"name": "Create Inauthentic Accounts",
"description": "Inauthentic accounts include bot accounts, cyborg accounts, sockpuppet accounts, and anonymous accounts.",
"kill_chain_phases": [
@@ -4270,8 +4237,8 @@
"spec_version": "2.1",
"id": "attack-pattern--283453fd-36c5-4d66-b24d-f29ea35fa8a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.35974Z",
- "modified": "2024-03-13T22:04:00.35974Z",
+ "created": "2024-08-02T17:12:32.377423Z",
+ "modified": "2024-08-02T17:12:32.377423Z",
"name": "Create Anonymous Accounts",
"description": "Anonymous accounts or anonymous users refer to users that access network resources without providing a username or password. An influence operation may use anonymous accounts to spread content without direct attribution to the operation.",
"kill_chain_phases": [
@@ -4303,8 +4270,8 @@
"spec_version": "2.1",
"id": "attack-pattern--db93e285-c516-40b0-bb5a-36bbaf5c08b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.359881Z",
- "modified": "2024-03-13T22:04:00.359881Z",
+ "created": "2024-08-02T17:12:32.377614Z",
+ "modified": "2024-08-02T17:12:32.377614Z",
"name": "Create Cyborg Accounts",
"description": "Cyborg accounts refer to partly manned, partly automated social media accounts. Cyborg accounts primarily act as bots, but a human operator periodically takes control of the account to engage with real social media users by responding to comments and posting original content. Influence operations may use cyborg accounts to reduce the amount of direct human input required to maintain a regular account but increase the apparent legitimacy of the cyborg account by occasionally breaking its bot-like behaviour with human interaction.",
"kill_chain_phases": [
@@ -4336,8 +4303,8 @@
"spec_version": "2.1",
"id": "attack-pattern--b2695cde-5f12-4e6a-b55a-e31220cb4bd7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.360018Z",
- "modified": "2024-03-13T22:04:00.360018Z",
+ "created": "2024-08-02T17:12:32.377807Z",
+ "modified": "2024-08-02T17:12:32.377807Z",
"name": "Create Bot Accounts",
"description": "Bots refer to autonomous internet users that interact with systems or other users while imitating traditional human behaviour. Bots use a variety of tools to stay active without direct human operation, including artificial intelligence and big data analytics. For example, an individual may programme a Twitter bot to retweet a tweet every time it contains a certain keyword or hashtag. An influence operation may use bots to increase its exposure and artificially promote its content across the internet without dedicating additional time or human resources. Amplifier bots promote operation content through reposts, shares, and likes to increase the content\u2019s online popularity. Hacker bots are traditionally covert bots running on computer scripts that rarely engage with users and work primarily as agents of larger cyberattacks, such as a Distributed Denial of Service attacks. Spammer bots are programmed to post content on social media or in comment sections, usually as a supplementary tool. Impersonator bots102 pose as real people by mimicking human behaviour, complicating their detection.",
"kill_chain_phases": [
@@ -4369,8 +4336,8 @@
"spec_version": "2.1",
"id": "attack-pattern--81abb4fa-705e-430f-ba54-34bf7bd467f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.360159Z",
- "modified": "2024-03-13T22:04:00.360159Z",
+ "created": "2024-08-02T17:12:32.377997Z",
+ "modified": "2024-08-02T17:12:32.377997Z",
"name": "Create Sockpuppet Accounts",
"description": "Sockpuppet accounts refer to falsified accounts that either promote the influence operation\u2019s own material or attack critics of the material online. Individuals who control sockpuppet accounts also man at least one other user account.67 Sockpuppet accounts help legitimise operation narratives by providing an appearance of external support for the material and discrediting opponents of the operation.",
"kill_chain_phases": [
@@ -4402,8 +4369,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9a4a16c5-a671-4469-a854-ef45cb0e38ab",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.36031Z",
- "modified": "2024-03-13T22:04:00.36031Z",
+ "created": "2024-08-02T17:12:32.378342Z",
+ "modified": "2024-08-02T17:12:32.378342Z",
"name": "Recruit Malign Actors",
"description": "Operators recruit bad actors paying recruiting, or exerting control over individuals includes trolls, partisans, and contractors.",
"kill_chain_phases": [
@@ -4435,8 +4402,8 @@
"spec_version": "2.1",
"id": "attack-pattern--58643f4a-7699-4cd7-aafa-76a3e6e09e99",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.360488Z",
- "modified": "2024-03-13T22:04:00.360488Z",
+ "created": "2024-08-02T17:12:32.378557Z",
+ "modified": "2024-08-02T17:12:32.378557Z",
"name": "Recruit Contractors",
"description": "Operators recruit paid contractor to support the campaign.",
"kill_chain_phases": [
@@ -4468,8 +4435,8 @@
"spec_version": "2.1",
"id": "attack-pattern--fe5cf0f2-3792-4cab-b546-a9af7a5aa319",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.360652Z",
- "modified": "2024-03-13T22:04:00.360652Z",
+ "created": "2024-08-02T17:12:32.378752Z",
+ "modified": "2024-08-02T17:12:32.378752Z",
"name": "Recruit Partisans",
"description": "Operators recruit partisans (ideologically-aligned individuals) to support the campaign.",
"kill_chain_phases": [
@@ -4501,8 +4468,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ef3dcdcd-bd97-48e0-9d15-3e482a72c979",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.360815Z",
- "modified": "2024-03-13T22:04:00.360815Z",
+ "created": "2024-08-02T17:12:32.378944Z",
+ "modified": "2024-08-02T17:12:32.378944Z",
"name": "Enlist Troll Accounts",
"description": "An influence operation may hire trolls, or human operators of fake accounts that aim to provoke others by posting and amplifying content about controversial issues. Trolls can serve to discredit an influence operation\u2019s opposition or bring attention to the operation\u2019s cause through debate. Classic trolls refer to regular people who troll for personal reasons, such as attention-seeking or boredom. Classic trolls may advance operation narratives by coincidence but are not directly affiliated with any larger operation. Conversely, hybrid trolls act on behalf of another institution, such as a state or financial organisation, and post content with a specific ideological goal. Hybrid trolls may be highly advanced and institutionalised or less organised and work for a single individual.",
"kill_chain_phases": [
@@ -4534,8 +4501,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c4213e65-a7cc-42a5-a3a7-2d8040258625",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.361012Z",
- "modified": "2024-03-13T22:04:00.361012Z",
+ "created": "2024-08-02T17:12:32.379162Z",
+ "modified": "2024-08-02T17:12:32.379162Z",
"name": "Build Network",
"description": "Operators build their own network, creating links between accounts -- whether authentic or inauthentic -- in order amplify and promote narratives and artefacts, and encourage further growth of ther network, as well as the ongoing sharing and engagement with operational content.",
"kill_chain_phases": [
@@ -4567,8 +4534,8 @@
"spec_version": "2.1",
"id": "attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.361186Z",
- "modified": "2024-03-13T22:04:00.361186Z",
+ "created": "2024-08-02T17:12:32.379547Z",
+ "modified": "2024-08-02T17:12:32.379547Z",
"name": "Create Organisations",
"description": "Influence operations may establish organisations with legitimate or falsified hierarchies, staff, and content to structure operation assets, provide a sense of legitimacy to the operation, or provide institutional backing to operation activities.",
"kill_chain_phases": [
@@ -4600,8 +4567,8 @@
"spec_version": "2.1",
"id": "attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.361358Z",
- "modified": "2024-03-13T22:04:00.361358Z",
+ "created": "2024-08-02T17:12:32.379779Z",
+ "modified": "2024-08-02T17:12:32.379779Z",
"name": "Use Follow Trains",
"description": "A follow train is a group of people who follow each other on a social media platform, often as a way for an individual or campaign to grow its social media following. Follow trains may be a violation of platform Terms of Service. They are also known as follow-for-follow groups.",
"kill_chain_phases": [
@@ -4633,8 +4600,8 @@
"spec_version": "2.1",
"id": "attack-pattern--abb6518d-50fe-4428-9bca-a6e3c6ed4de4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.361594Z",
- "modified": "2024-03-13T22:04:00.361594Z",
+ "created": "2024-08-02T17:12:32.379974Z",
+ "modified": "2024-08-02T17:12:32.379974Z",
"name": "Create Community or Sub-Group",
"description": "When there is not an existing community or sub-group that meets a campaign's goals, an influence operation may seek to create a community or sub-group.",
"kill_chain_phases": [
@@ -4666,8 +4633,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c1182f49-4318-486f-81be-d44b99300343",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.36177Z",
- "modified": "2024-03-13T22:04:00.36177Z",
+ "created": "2024-08-02T17:12:32.380189Z",
+ "modified": "2024-08-02T17:12:32.380189Z",
"name": "Acquire/Recruit Network",
"description": "Operators acquire an existing network by paying, recruiting, or exerting control over the leaders of the existing network.",
"kill_chain_phases": [
@@ -4699,8 +4666,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d522f417-ba0e-4e2d-ae96-df2c1fd607e6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.361966Z",
- "modified": "2024-03-13T22:04:00.361966Z",
+ "created": "2024-08-02T17:12:32.380386Z",
+ "modified": "2024-08-02T17:12:32.380386Z",
"name": "Fund Proxies",
"description": "An influence operation may fund proxies, or external entities that work for the operation. An operation may recruit/train users with existing sympathies towards the operation\u2019s narratives and/or goals as proxies. Funding proxies serves various purposes including: - Diversifying operation locations to complicate attribution - Reducing the workload for direct operation assets",
"kill_chain_phases": [
@@ -4732,8 +4699,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c7017017-4965-4dad-a970-e748b7080a19",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.36214Z",
- "modified": "2024-03-13T22:04:00.36214Z",
+ "created": "2024-08-02T17:12:32.380585Z",
+ "modified": "2024-08-02T17:12:32.380585Z",
"name": "Acquire Botnets",
"description": "A botnet is a group of bots that can function in coordination with each other.",
"kill_chain_phases": [
@@ -4765,8 +4732,8 @@
"spec_version": "2.1",
"id": "attack-pattern--adaaa726-50fe-47e2-b92d-de0d65c9250c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.362286Z",
- "modified": "2024-03-13T22:04:00.362286Z",
+ "created": "2024-08-02T17:12:32.38078Z",
+ "modified": "2024-08-02T17:12:32.38078Z",
"name": "Infiltrate Existing Networks",
"description": "Operators deceptively insert social assets into existing networks as group members in order to influence the members of the network and the wider information environment that the network impacts.",
"kill_chain_phases": [
@@ -4798,8 +4765,8 @@
"spec_version": "2.1",
"id": "attack-pattern--4cb308a9-073c-49d3-81ed-894cf9b95acc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.362475Z",
- "modified": "2024-03-13T22:04:00.362475Z",
+ "created": "2024-08-02T17:12:32.380974Z",
+ "modified": "2024-08-02T17:12:32.380974Z",
"name": "Identify Susceptible Targets in Networks",
"description": "When seeking to infiltrate an existing network, an influence operation may identify individuals and groups that might be susceptible to being co-opted or influenced.",
"kill_chain_phases": [
@@ -4831,8 +4798,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8f545c7e-f2ba-4541-9004-dbe50fcc0b0f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.362675Z",
- "modified": "2024-03-13T22:04:00.362675Z",
+ "created": "2024-08-02T17:12:32.381311Z",
+ "modified": "2024-08-02T17:12:32.381311Z",
"name": "Utilise Butterfly Attacks",
"description": "Butterfly attacks occur when operators pretend to be members of a certain social group, usually a group that struggles for representation. An influence operation may mimic a group to insert controversial statements into the discourse, encourage the spread of operation content, or promote harassment among group members. Unlike astroturfing, butterfly attacks aim to infiltrate and discredit existing grassroots movements, organisations, and media campaigns.",
"kill_chain_phases": [
@@ -4864,8 +4831,8 @@
"spec_version": "2.1",
"id": "attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.362873Z",
- "modified": "2024-03-13T22:04:00.362873Z",
+ "created": "2024-08-02T17:12:32.381825Z",
+ "modified": "2024-08-02T17:12:32.381825Z",
"name": "Develop Owned Media Assets",
"description": "An owned media asset refers to an agency or organisation through which an influence operation may create, develop, and host content and narratives. Owned media assets include websites, blogs, social media pages, forums, and other platforms that facilitate the creation and organisation of content.",
"kill_chain_phases": [
@@ -4897,8 +4864,8 @@
"spec_version": "2.1",
"id": "attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.363115Z",
- "modified": "2024-03-13T22:04:00.363115Z",
+ "created": "2024-08-02T17:12:32.382258Z",
+ "modified": "2024-08-02T17:12:32.382258Z",
"name": "Leverage Content Farms",
"description": "Using the services of large-scale content providers for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [
@@ -4930,8 +4897,8 @@
"spec_version": "2.1",
"id": "attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.363311Z",
- "modified": "2024-03-13T22:04:00.363311Z",
+ "created": "2024-08-02T17:12:32.382597Z",
+ "modified": "2024-08-02T17:12:32.382597Z",
"name": "Create Content Farms",
"description": "An influence operation may create an organisation for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [
@@ -4963,8 +4930,8 @@
"spec_version": "2.1",
"id": "attack-pattern--64bcccb9-4d10-4eed-8c49-8816ecfd78a3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.363461Z",
- "modified": "2024-03-13T22:04:00.363461Z",
+ "created": "2024-08-02T17:12:32.382901Z",
+ "modified": "2024-08-02T17:12:32.382901Z",
"name": "Outsource Content Creation to External Organisations",
"description": "An influence operation may outsource content creation to external companies to avoid attribution, increase the rate of content creation, or improve content quality, i.e., by employing an organisation that can create content in the target audience\u2019s native language. Employed organisations may include marketing companies for tailored advertisements or external content farms for high volumes of targeted media.",
"kill_chain_phases": [
@@ -4996,10 +4963,10 @@
"spec_version": "2.1",
"id": "attack-pattern--90b7e29e-1b62-485e-88b0-a4052cabafa4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.363599Z",
- "modified": "2024-03-13T22:04:00.363599Z",
- "name": "Create Personas",
- "description": "Creating fake people, often with accounts across multiple platforms. These personas can be as simple as a name, can contain slightly more background like location, profile pictures, backstory, or can be effectively backstopped with indicators like fake identity documents.",
+ "created": "2024-08-02T17:12:32.383296Z",
+ "modified": "2024-08-02T17:12:32.383296Z",
+ "name": "Present Persona",
+ "description": "This Technique contains different types of personas commonly taken on by threat actors during influence operations.
Analysts should use T0097\u2019s sub-techniques to document the type of persona which an account is presenting. For example, an account which describes itself as being a journalist can be tagged with T0097.102: Journalist Persona.
Personas presented by individuals include:
T0097.100: Individual Persona T0097.101: Local Persona T0097.102: Journalist Persona T0097.103: Activist Persona T0097.104: Hacktivist Persona T0097.105: Military Personnel Persona T0097.106: Recruiter Persona T0097.107: Researcher Persona T0097.108: Expert Persona T0097.109: Romantic Suitor Persona T0097.110: Party Official Persona T0097.111: Government Official Persona T0097.112: Government Employee Persona
This Technique also houses institutional personas commonly taken on by threat actors:
T0097.200: Institutional Persona T0097.201: Local Institution Persona T0097.202: News Outlet Persona T0097.203: Fact Checking Organisation Persona T0097.204: Think Tank Persona T0097.205: Business Persona T0097.206: Government Institution Persona T0097.207: NGO Persona T0097.208: Social Cause Persona
By using a persona, a threat actor is adding the perceived legitimacy of the persona to their narratives and activities.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -5027,12 +4994,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--8f3f1d6f-beda-4f20-b1a7-2d087ae453f7",
+ "id": "attack-pattern--39f767f7-bc22-4611-8a39-3584c5bbdd5a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.363736Z",
- "modified": "2024-03-13T22:04:00.363736Z",
- "name": "Produce Evidence for Persona",
- "description": "People may produce evidence which supports the persona they are deploying (T0097) (aka \u201cbackstopping\u201d the persona).\n\nThis Technique covers situations where evidence is developed or produced as part of an influence operation to increase the perceived legitimacy of a persona used during IO, including creating accounts for the same persona on multiple platforms.\n\nThe use of personas (T0097), and providing evidence to improve people\u2019s perception of one\u2019s persona (T0097.001), are not necessarily malicious or inauthentic. However, sometimes people use personas to increase the perceived legitimacy of narratives for malicious purposes.\n\nThis Technique was previously called Backstop Personas.",
+ "created": "2024-08-02T17:12:32.383638Z",
+ "modified": "2024-08-02T17:12:32.383638Z",
+ "name": "Individual Persona",
+ "description": "This sub-technique can be used to indicate that an entity is presenting itself as an individual. If the person is presenting themselves as having one of the personas listed below then these sub-techniques should be used instead, as they indicate both the type of persona they presented and that the entity presented itself as an individual:
T0097.101: Local Persona T0097.102: Journalist Persona T0097.103: Activist Persona T0097.104: Hacktivist Persona T0097.105: Military Personnel Persona T0097.106: Recruiter Persona T0097.107: Researcher Persona T0097.108: Expert Persona T0097.109: Romantic Suitor Persona T0097.110: Party Official Persona T0097.111: Government Official Persona T0097.112: Government Employee Persona",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -5042,8 +5009,701 @@
"external_references": [
{
"source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.001.md",
- "external_id": "T0097.001"
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.100.md",
+ "external_id": "T0097.100"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--a62e0c69-0c29-4c71-a326-1a7c3e19b74d",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.384037Z",
+ "modified": "2024-08-02T17:12:32.384037Z",
+ "name": "Local Persona",
+ "description": "A person with a local persona presents themselves as living in a particular geography or having local knowledge relevant to a narrative.
While presenting as a local is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as local to a target area. Threat actors can fabricate locals (T0143.002: Fabricated Persona, T0097.101: Local Persona) to add credibility to their narratives, or to misrepresent the real opinions of locals in the area.
People who are legitimate locals (T0143.001: Authentic Persona, T0097.101: Local Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a local to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.201: Local Institution Persona: Analysts should use this sub-technique to catalogue cases where an institution is presenting as a local, such as a local news organisation or local business.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.101.md",
+ "external_id": "T0097.101"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--930ddf1d-7dc9-4fb2-9f5c-be928d2eb909",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.384404Z",
+ "modified": "2024-08-02T17:12:32.384404Z",
+ "name": "Journalist Persona",
+ "description": "A person with a journalist persona presents themselves as a reporter or journalist delivering news, conducting interviews, investigations etc.
While presenting as a journalist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as journalists. Threat actors can fabricate journalists to give the appearance of legitimacy, justifying the actor\u2019s requests for interviews, etc (T0143.002: Fabricated Persona, T0097.102: Journalist Persona).
People who have legitimately developed a persona as a journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a trusted journalist to provide legitimacy to a false narrative or be tricked into doing so without the journalist\u2019s knowledge.
Associated Techniques and Sub-techniques T0097.202: News Organisation Persona: People with a journalist persona may present as being part of a news organisation. T0097.101: Local Persona: People with a journalist persona may present themselves as local reporters.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.102.md",
+ "external_id": "T0097.102"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--001e2693-c7a6-4615-b06a-90ae22d7b353",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.384802Z",
+ "modified": "2024-08-02T17:12:32.384802Z",
+ "name": "Activist Persona",
+ "description": "A person with an activist persona presents themselves as an activist; an individual who campaigns for a political cause, organises related events, etc.
While presenting as an activist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as activists. Threat actors can fabricate activists to give the appearance of popular support for an evolving grassroots movement (see T0143.002: Fabricated Persona, T0097.103: Activist Persona).
People who are legitimate activists can use this persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an activist to provide visibility to a false narrative or be tricked into doing so without their knowledge (T0143.001: Authentic Persona, T0097.103: Activist Persona).
Associated Techniques and Sub-techniques T0097.104: Hacktivist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism who uses technical tools and methods, including building technical infrastructure and conducting offensive cyber operations, to achieve their goals. T0097.207: NGO Persona: People with an activist persona may present as being part of an NGO. T0097.208: Social Cause Persona: Analysts should use this sub-technique to catalogue cases where an online account is presenting as posting content related to a particular social cause, while not presenting as an individual.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.103.md",
+ "external_id": "T0097.103"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--976faac5-b7e1-4a1d-b52f-4878109e2dc9",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.385218Z",
+ "modified": "2024-08-02T17:12:32.385218Z",
+ "name": "Hacktivist Persona",
+ "description": "A person with a hacktivist persona presents themselves as an activist who conducts offensive cyber operations or builds technical infrastructure for political purposes, rather than the financial motivations commonly attributed to hackers; hacktivists are hacker activists who use their technical knowledge to take political action.
Hacktivists can build technical infrastructure to support other activists, including secure communication channels and surveillance and censorship circumvention. They can also conduct DDOS attacks and other offensive cyber operations, aiming to take down digital assets or gain access to proprietary information. An influence operation may use hacktivist personas to support their operational narratives and legitimise their operational activities.
Fabricated Hacktivists are sometimes referred to as \u201cFaketivists\u201d.
Associated Techniques and Sub-techniques T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism but doesn\u2019t present themselves as using technical tools and methods to achieve their goals.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.104.md",
+ "external_id": "T0097.104"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--dde28850-4198-4223-81b5-ff9b30b4e04f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.385665Z",
+ "modified": "2024-08-02T17:12:32.385665Z",
+ "name": "Military Personnel Persona",
+ "description": "A person with a military personnel persona presents themselves as a serving member or veteran of a military organisation operating in an official capacity on behalf of a government.
While presenting as military personnel is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as military personnel. Threat actors can fabricate military personnel (T0143.002: Fabricated Persona, T0097.105: Military Personnel Persona) to pose as experts on military topics, or to discredit geopolitical adversaries by pretending to be one of their military personnel and spreading discontent.
People who have legitimately developed a military persona (T0143.001: Authentic Persona, T0097.105: Military Personnel Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a member of the military to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.105.md",
+ "external_id": "T0097.105"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d3e83913-e2d5-4dad-b917-2363100c6ca0",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.386035Z",
+ "modified": "2024-08-02T17:12:32.386035Z",
+ "name": "Recruiter Persona",
+ "description": "A person with a recruiter persona presents themselves as a potential employer or provider of freelance work.
While presenting as a recruiter is not an indication of inauthentic behaviour, threat actors fabricate recruiters (T0143.002: Fabricated Persona, T0097.106: Recruiter Persona) to justify asking for personal information from their targets or to trick targets into working for the threat actors (without revealing who they are).
Associated Techniques and Sub-techniques T0097.205: Business Persona: People with a recruiter persona may present as being part of a business which they are recruiting for.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.106.md",
+ "external_id": "T0097.106"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--e4ea9ed6-b158-4cdc-95c2-749383d2a388",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.386542Z",
+ "modified": "2024-08-02T17:12:32.386542Z",
+ "name": "Researcher Persona",
+ "description": "A person with a researcher persona presents themselves as conducting research (e.g. for academic institutions, or think tanks), or having previously conducted research.
While presenting as a researcher is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as researchers. Threat actors can fabricate researchers (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate researchers (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a Researcher to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.204: Think Tank Persona: People with a researcher persona may present as being part of a think tank. T0097.108: Expert Persona: People who present as researching a given topic are likely to also present as having expertise in the area.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.107.md",
+ "external_id": "T0097.107"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d9381123-f2ef-419a-b895-8f2147e26b15",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.386986Z",
+ "modified": "2024-08-02T17:12:32.386986Z",
+ "name": "Expert Persona",
+ "description": "A person with an expert persona presents themselves as having expertise or experience in a field. Commonly the persona\u2019s expertise will be called upon to add credibility to a given narrative.
While presenting as an expert is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as experts. Threat actors can fabricate experts (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate experts (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can make mistakes, use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an expert to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.107: Researcher Persona: People who present as experts may also present as conducting or having conducted research into their specialist subject. T0097.204: Think Tank Persona: People with an expert persona may present as being part of a think tank.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.108.md",
+ "external_id": "T0097.108"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--6270bd3c-efcf-4778-8512-065abffe9a88",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.387376Z",
+ "modified": "2024-08-02T17:12:32.387376Z",
+ "name": "Romantic Suitor Persona",
+ "description": "A person with a romantic suitor persona presents themselves as seeking a romantic or physical connection with another person.
While presenting as seeking a romantic or physical connection is not an indication of inauthentic behaviour, threat actors can use dating apps, social media channels or dating websites to fabricate romantic suitors to lure targets they can blackmail, extract information from, deceive or trick into giving them money (T0143.002: Fabricated Persona, T0097.109: Romantic Suitor Persona).
Honeypotting in espionage and Big Butchering in scamming are commonly associated with romantic suitor personas.
Associated Techniques and Sub-techniques T0104.002: Dating App: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.109.md",
+ "external_id": "T0097.109"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--fa4e9051-46d7-45b4-a65b-9376b003ad2a",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.387783Z",
+ "modified": "2024-08-02T17:12:32.387783Z",
+ "name": "Party Official Persona",
+ "description": "A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.
Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government.\u00a0
Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party.
Some party officials won\u2019t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff).",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.110.md",
+ "external_id": "T0097.110"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--e41b04e4-b8c2-4f66-93d7-c148f3378008",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.38815Z",
+ "modified": "2024-08-02T17:12:32.38815Z",
+ "name": "Government Official Persona",
+ "description": "A person who presents as an active or previous government official has the government official persona. These are officials serving in government, such as heads of government departments, leaders of countries, and members of government selected to represent constituents.
Presenting as a government official is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.111: Government Official Persona). They may also impersonate existing members of government (T0143.003: Impersonated Persona, T0097.111: Government Official Persona).
Legitimate government officials could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.111: Government Official Persona). For example, a government official could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.110: Party Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a political party.\u00a0
Not all government officials are political party officials (such as outside experts brought into government) and not all political party officials are government officials (such as people standing for office who are not yet working in government).
T0097.206: Government Institution Persona: People presenting as members of a government may also represent a government institution which they are associated with.
T0097.112: Government Employee Persona: Analysts should use this sub-technique to document people presenting as professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.111.md",
+ "external_id": "T0097.111"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--66e1a3b9-d837-4eaa-9cdf-900663a8708d",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.388554Z",
+ "modified": "2024-08-02T17:12:32.388554Z",
+ "name": "Government Employee Persona",
+ "description": "A person who presents as an active or previous civil servant has the government employee persona. These are professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).
Presenting as a government employee is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.112: Government Employee Persona). They may also impersonate existing government employees (T0143.003: Impersonated Persona, T0097.112: Government Employee Persona).
Legitimate government employees could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.112: Government Employee Persona). For example, a government employee could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Analysts should use this technique to document people who present as an active or previous government official, such as heads of government departments, leaders of countries, and members of government selected to represent constituents. T0097.206: Government Institution Persona: People presenting as members of a government may also present a government institution which they are associated with.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.112.md",
+ "external_id": "T0097.112"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--63ed1a5a-835e-4a51-9b95-0f0525a95186",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.388973Z",
+ "modified": "2024-08-02T17:12:32.388973Z",
+ "name": "Institutional Persona",
+ "description": "This Technique can be used to indicate that an entity is presenting itself as an institution. If the organisation is presenting itself as having one of the personas listed below then these Techniques should be used instead, as they indicate both that the entity presented itself as an institution, and the type of persona they presented:
T0097.201: Local Institution Persona T0097.202: News Outlet Persona T0097.203: Fact Checking Organisation Persona T0097.204: Think Tank Persona T0097.205: Business Persona T0097.206: Government Institution Persona T0097.207: NGO Persona T0097.208: Social Cause Persona",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.200.md",
+ "external_id": "T0097.200"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--a5ef7a55-8c38-4210-ad39-ccb22c9dd70c",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.390107Z",
+ "modified": "2024-08-02T17:12:32.390107Z",
+ "name": "Local Institution Persona",
+ "description": "Institutions which present themselves as operating in a particular geography, or as having local knowledge relevant to a narrative, are presenting a local institution persona.
While presenting as a local institution is not an indication of inauthentic behaviour, threat actors may present themselves as such (T0143.002: Fabricated Persona, T0097.201: Local Institution Persona) to add credibility to their narratives, or misrepresent the real opinions of locals in the area.
Legitimate local institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.201: Local Institution Persona). For example, a local institution could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.101: Local Persona: Institutions presenting as local may also present locals working within the organisation.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.201.md",
+ "external_id": "T0097.201"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--72268aef-baf4-4606-a3ba-837950a54f52",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.390521Z",
+ "modified": "2024-08-02T17:12:32.390521Z",
+ "name": "News Outlet Persona",
+ "description": "An institution with a news outlet persona presents itself as an organisation which delivers new information to its target audience.
While presenting as a news outlet is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by news organisations. Threat actors can fabricate news organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing news outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate news organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniquesT0097.102: Journalist Persona: Institutions presenting as news outlets may also present journalists working within the organisation. T0097.201: Local Institution Persona: Institutions presenting as news outlets may present as being a local news outlet. T0097.203: Fact Checking Organisation Persona: Institutions presenting as news outlets may also deliver a fact checking service (e.g. The UK\u2019s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.202.md",
+ "external_id": "T0097.202"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--97ba7c89-f5d0-49a4-a661-f8317b44cf20",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.390969Z",
+ "modified": "2024-08-02T17:12:32.390969Z",
+ "name": "Fact Checking Organisation Persona",
+ "description": "An institution with a fact checking organisation persona presents itself as an organisation which produces reports which assess the validity of others\u2019 reporting / statements.
While presenting as a fact checking organisation is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by fact checking organisations. Threat actors can fabricate fact checking organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing fact checking outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate fact checking organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniquesT0097.102: Journalist Persona: Institutions presenting as fact checking organisations may also present journalists working within the organisation. T0097.202: News Outlet Persona: Fact checking organisations may present as operating as part of a larger news outlet (e.g. The UK\u2019s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.203.md",
+ "external_id": "T0097.203"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--15ca8e62-e179-4dd8-9f5e-427771e915a3",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.391349Z",
+ "modified": "2024-08-02T17:12:32.391349Z",
+ "name": "Think Tank Persona",
+ "description": "An institution with a think tank persona presents itself as a think tank; an organisation that aims to conduct original research and propose new policies or solutions, especially for social and scientific problems.
While presenting as a think tank is not an indication of inauthentic behaviour, think tank personas are commonly used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.204: Think Tank Persona). They may be created to give legitimacy to narratives and allow them to suggest politically beneficial solutions to societal issues.
Legitimate think tanks could have a political bias that they may not be transparent about, they could use their persona for malicious purposes, or they could be exploited by threat actors (T0143.001: Authentic Persona, T0097.204: Think Tank Persona). For example, a think tank could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.107: Researcher Persona: Institutions presenting as think tanks may also present researchers working within the organisation.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.204.md",
+ "external_id": "T0097.204"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--faa5450d-6d1f-4700-93bd-fd2d59a79e60",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.391786Z",
+ "modified": "2024-08-02T17:12:32.391786Z",
+ "name": "Business Persona",
+ "description": "An institution with a business persona presents itself as a for-profit organisation which provides goods or services for a price.
While presenting as a business is not an indication of inauthentic behaviour, business personas may be used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.205: Business Persona).
Threat actors may also impersonate existing businesses (T0143.003: Impersonated Persona, T0097.205: Business Persona) to exploit their brand or cause reputational damage.
Legitimate businesses could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.205: Business Persona). For example, a business could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.205.md",
+ "external_id": "T0097.205"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--7e812f7d-f8a5-4636-b354-3d93561eda49",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.392145Z",
+ "modified": "2024-08-02T17:12:32.392145Z",
+ "name": "Government Institution Persona",
+ "description": "Institutions which present themselves as governments, or government ministries, are presenting a government institution persona.
While presenting as a government institution is not an indication of inauthentic behaviour, threat actors may impersonate existing government institutions as part of their operation (T0143.003: Impersonated Persona, T0097.206: Government Institution Persona), to add legitimacy to their narratives, or discredit the government.
Legitimate government institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.206: Government Institution Persona). For example, a government institution could be used by elected officials to spread inauthentic narratives.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Institutions presenting as governments may also present officials working within the organisation. T0097.112: Government Employee Persona: Institutions presenting as governments may also present employees working within the organisation.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.206.md",
+ "external_id": "T0097.206"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--f99e6f94-8c7d-42d7-8343-8d959643f721",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.392573Z",
+ "modified": "2024-08-02T17:12:32.392573Z",
+ "name": "NGO Persona",
+ "description": "Institutions which present themselves as an NGO (Non-Governmental Organisation), an organisation which provides services or advocates for public policy (while not being directly affiliated with any government), are presenting an NGO persona.
While presenting as an NGO is not an indication of inauthentic behaviour, NGO personas are commonly used by threat actors (such as intelligence services) as a front for their operational activity (T0143.002: Fabricated Persona, T0097.207: NGO Persona). They are created to give legitimacy to the influence operation and potentially infiltrate grassroots movements
Legitimate NGOs could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.207: NGO Persona). For example, an NGO could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques: T0097.103: Activist Persona: Institutions presenting as activist groups may also present activists working within the organisation.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.207.md",
+ "external_id": "T0097.207"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--422b6ba9-3ad0-4e6f-9f00-b044e5d657a1",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.392983Z",
+ "modified": "2024-08-02T17:12:32.392983Z",
+ "name": "Social Cause Persona",
+ "description": "Online accounts which present themselves as focusing on a social cause are presenting the Social Cause Persona. Examples include accounts which post about current affairs, such as discrimination faced by minorities.
While presenting as an account invested in a social cause is not an indication of inauthentic behaviour, such personas have been used by threat actors to exploit peoples\u2019 legitimate emotional investment regarding social causes that matter to them (T0143.002: Fabricated Persona, T0097.208: Social Cause Persona).
Legitimate accounts focused on a social cause could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.208: Social Cause Persona). For example, the account holders could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques: T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as an activist related to a social cause. Accounts with social cause personas do not present themselves as individuals, but may have activists controlling the accounts.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.208.md",
+ "external_id": "T0097.208"
}
],
"object_marking_refs": [
@@ -5062,8 +5722,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6db47704-ba87-402d-933a-de90f5aa8965",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.363873Z",
- "modified": "2024-03-13T22:04:00.363873Z",
+ "created": "2024-08-02T17:12:32.3934Z",
+ "modified": "2024-08-02T17:12:32.3934Z",
"name": "Establish Inauthentic News Sites",
"description": "Modern computational propaganda makes use of a cadre of imposter news sites spreading globally. These sites, sometimes motivated by concerns other than propaganda--for instance, click-based revenue--often have some superficial markers of authenticity, such as naming and site-design. But many can be quickly exposed with reference to their owenership, reporting history and adverstising details.",
"kill_chain_phases": [
@@ -5095,8 +5755,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e0f07568-5a2b-429d-94b9-b1ff3c17adea",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.364072Z",
- "modified": "2024-03-13T22:04:00.364072Z",
+ "created": "2024-08-02T17:12:32.393803Z",
+ "modified": "2024-08-02T17:12:32.393803Z",
"name": "Create Inauthentic News Sites",
"description": "Create Inauthentic News Sites",
"kill_chain_phases": [
@@ -5128,8 +5788,8 @@
"spec_version": "2.1",
"id": "attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.364263Z",
- "modified": "2024-03-13T22:04:00.364263Z",
+ "created": "2024-08-02T17:12:32.394405Z",
+ "modified": "2024-08-02T17:12:32.394405Z",
"name": "Leverage Existing Inauthentic News Sites",
"description": "Leverage Existing Inauthentic News Sites",
"kill_chain_phases": [
@@ -5156,211 +5816,13 @@
],
"x_mitre_version": "2.1"
},
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--3ae4fb28-4864-468d-8085-cb8035cbb272",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.364458Z",
- "modified": "2024-03-13T22:04:00.364458Z",
- "name": "Impersonate Existing Entity",
- "description": "An influence operation may prepare assets impersonating existing entities (both organisations and people) to further conceal its network identity and add a layer of legitimacy to its operation content. Existing entities may include authentic news outlets, public figures, organisations, or state entities.\u00a0\n\nUsers will more likely believe and less likely fact-check news from recognisable sources rather than unknown sites.\u00a0\n\nAn influence operation may use a wide variety of cyber techniques to impersonate a legitimate entity\u2019s website or social media account.\u00a0\n\nThis Technique was previously called Prepare Assets Impersonating Legitimate Entities.",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0099.md",
- "external_id": "T0099"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": false,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--9b3efc53-3a9e-45e7-8a26-dd2c4a305fd2",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.36465Z",
- "modified": "2024-03-13T22:04:00.36465Z",
- "name": "Spoof/Parody Account/Site",
- "description": "An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognisable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organisations, or state entities.",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0099.002.md",
- "external_id": "T0099.002"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": true,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--4e7d967e-4b48-49a6-b54a-4555a98a2473",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.364847Z",
- "modified": "2024-03-13T22:04:00.364847Z",
- "name": "Impersonate Existing Organisation",
- "description": "A situation where a threat actor styles their online assets or content to mimic an existing organisation.\n\nThis can be done to take advantage of peoples\u2019 trust in the organisation to increase narrative believability, to smear the organisation, or to make the organisation less trustworthy.",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0099.003.md",
- "external_id": "T0099.003"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": true,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--17fe025d-9876-4c14-8ac9-ea0de1ef26c7",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.365069Z",
- "modified": "2024-03-13T22:04:00.365069Z",
- "name": "Impersonate Existing Media Outlet",
- "description": "A situation where a threat actor styles their online assets or content to mimic an existing media outlet.\n\nThis can be done to take advantage of peoples\u2019 trust in the outlet to increase narrative believability, to smear the outlet, or to make the outlet less trustworthy.",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0099.004.md",
- "external_id": "T0099.004"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": true,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--8da4166c-99f6-4dd9-ab94-c61450d2be63",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.365273Z",
- "modified": "2024-03-13T22:04:00.365273Z",
- "name": "Impersonate Existing Official",
- "description": "A situation where a threat actor styles their online assets or content to impersonate an official (including government officials, organisation officials, etc).",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0099.005.md",
- "external_id": "T0099.005"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": true,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
- {
- "type": "attack-pattern",
- "spec_version": "2.1",
- "id": "attack-pattern--6147c1f4-4cb8-4edd-a875-aaf8e9d39fbd",
- "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.365526Z",
- "modified": "2024-03-13T22:04:00.365526Z",
- "name": "Impersonate Existing Influencer",
- "description": "A situation where a threat actor styles their online assets or content to impersonate an influencer or celebrity, typically to exploit users\u2019 existing faith in the impersonated target.",
- "kill_chain_phases": [
- {
- "kill_chain_name": "mitre-attack",
- "phase_name": "establish-legitimacy"
- }
- ],
- "external_references": [
- {
- "source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0099.006.md",
- "external_id": "T0099.006"
- }
- ],
- "object_marking_refs": [
- "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ],
- "x_mitre_is_subtechnique": true,
- "x_mitre_platforms": [
- "Windows",
- "Linux",
- "Mac"
- ],
- "x_mitre_version": "2.1"
- },
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--283333f5-e161-4195-9070-5a7c22505adf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.365751Z",
- "modified": "2024-03-13T22:04:00.365751Z",
+ "created": "2024-08-02T17:12:32.394819Z",
+ "modified": "2024-08-02T17:12:32.394819Z",
"name": "Co-Opt Trusted Sources",
"description": "An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites",
"kill_chain_phases": [
@@ -5392,8 +5854,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a50d7269-9365-46f0-ba81-27964e422faa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.365944Z",
- "modified": "2024-03-13T22:04:00.365944Z",
+ "created": "2024-08-02T17:12:32.395176Z",
+ "modified": "2024-08-02T17:12:32.395176Z",
"name": "Co-Opt Trusted Individuals",
"description": "Co-Opt Trusted Individuals",
"kill_chain_phases": [
@@ -5425,8 +5887,8 @@
"spec_version": "2.1",
"id": "attack-pattern--b43dbee2-e1e2-40e5-bea1-45630d55d30b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.366135Z",
- "modified": "2024-03-13T22:04:00.366135Z",
+ "created": "2024-08-02T17:12:32.395629Z",
+ "modified": "2024-08-02T17:12:32.395629Z",
"name": "Co-Opt Grassroots Groups",
"description": "Co-Opt Grassroots Groups",
"kill_chain_phases": [
@@ -5458,8 +5920,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9b081fd3-0714-483e-bd7b-a30defc85cd2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.366273Z",
- "modified": "2024-03-13T22:04:00.366273Z",
+ "created": "2024-08-02T17:12:32.396005Z",
+ "modified": "2024-08-02T17:12:32.396005Z",
"name": "Co-Opt Influencers",
"description": "Co-opt Influencers",
"kill_chain_phases": [
@@ -5491,8 +5953,8 @@
"spec_version": "2.1",
"id": "attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.366438Z",
- "modified": "2024-03-13T22:04:00.366438Z",
+ "created": "2024-08-02T17:12:32.396562Z",
+ "modified": "2024-08-02T17:12:32.396562Z",
"name": "Create Localised Content",
"description": "Localised content refers to content that appeals to a specific community of individuals, often in defined geographic areas. An operation may create localised content using local language and dialects to resonate with its target audience and blend in with other local news and social media. Localised content may help an operation increase legitimacy, avoid detection, and complicate external attribution.",
"kill_chain_phases": [
@@ -5524,8 +5986,8 @@
"spec_version": "2.1",
"id": "attack-pattern--4a1d1dad-6784-42be-a7cd-1653cf8f34cc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.366633Z",
- "modified": "2024-03-13T22:04:00.366633Z",
+ "created": "2024-08-02T17:12:32.397193Z",
+ "modified": "2024-08-02T17:12:32.397193Z",
"name": "Leverage Echo Chambers/Filter Bubbles",
"description": "An echo chamber refers to an internet subgroup, often along ideological lines, where individuals only engage with \u201cothers with which they are already in agreement.\u201d A filter bubble refers to an algorithm's placement of an individual in content that they agree with or regularly engage with, possibly entrapping the user into a bubble of their own making. An operation may create these isolated areas of the internet by match existing groups, or aggregating individuals into a single target audience based on shared interests, politics, values, demographics, and other characteristics. Echo chambers and filter bubbles help to reinforce similar biases and content to the same target audience members.",
"kill_chain_phases": [
@@ -5557,8 +6019,8 @@
"spec_version": "2.1",
"id": "attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.366825Z",
- "modified": "2024-03-13T22:04:00.366825Z",
+ "created": "2024-08-02T17:12:32.398558Z",
+ "modified": "2024-08-02T17:12:32.398558Z",
"name": "Use Existing Echo Chambers/Filter Bubbles",
"description": "Use existing Echo Chambers/Filter Bubbles",
"kill_chain_phases": [
@@ -5590,8 +6052,8 @@
"spec_version": "2.1",
"id": "attack-pattern--bb25b4aa-9223-40ea-a28a-0dd675e91e46",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.367014Z",
- "modified": "2024-03-13T22:04:00.367014Z",
+ "created": "2024-08-02T17:12:32.399125Z",
+ "modified": "2024-08-02T17:12:32.399125Z",
"name": "Create Echo Chambers/Filter Bubbles",
"description": "Create Echo Chambers/Filter Bubbles",
"kill_chain_phases": [
@@ -5623,8 +6085,8 @@
"spec_version": "2.1",
"id": "attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.367203Z",
- "modified": "2024-03-13T22:04:00.367203Z",
+ "created": "2024-08-02T17:12:32.399364Z",
+ "modified": "2024-08-02T17:12:32.399364Z",
"name": "Exploit Data Voids",
"description": "A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) \u201cBreaking news\u201d data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a \u201cstrategic new terms\u201d data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on \u201coutdated terms\u201d that have decreased in popularity, capitalising on most search engines\u2019 preferences for recency. (4) \u201cFragmented concepts\u201d data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use \u201cproblematic queries\u201d that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.",
"kill_chain_phases": [
@@ -5656,8 +6118,8 @@
"spec_version": "2.1",
"id": "attack-pattern--0ec5ae10-b99b-4d5a-a7e9-7b7c3533e8c9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.367392Z",
- "modified": "2024-03-13T22:04:00.367392Z",
+ "created": "2024-08-02T17:12:32.399545Z",
+ "modified": "2024-08-02T17:12:32.399545Z",
"name": "Livestream",
"description": "A livestream refers to an online broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [
@@ -5689,8 +6151,8 @@
"spec_version": "2.1",
"id": "attack-pattern--00a91e2d-2e09-4e94-bae6-cef6102eae99",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.367606Z",
- "modified": "2024-03-13T22:04:00.367606Z",
+ "created": "2024-08-02T17:12:32.39972Z",
+ "modified": "2024-08-02T17:12:32.39972Z",
"name": "Video Livestream",
"description": "A video livestream refers to an online video broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [
@@ -5722,8 +6184,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6d75e3ac-e923-4815-8e9b-3e6af9e1baa0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.367798Z",
- "modified": "2024-03-13T22:04:00.367798Z",
+ "created": "2024-08-02T17:12:32.399894Z",
+ "modified": "2024-08-02T17:12:32.399894Z",
"name": "Audio Livestream",
"description": "An audio livestream refers to an online audio broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [
@@ -5755,8 +6217,8 @@
"spec_version": "2.1",
"id": "attack-pattern--78a2af04-ac4a-430b-b233-6223715a76f5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.367988Z",
- "modified": "2024-03-13T22:04:00.367988Z",
+ "created": "2024-08-02T17:12:32.400087Z",
+ "modified": "2024-08-02T17:12:32.400087Z",
"name": "Social Networks",
"description": "Social media are interactive digital channels that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks.",
"kill_chain_phases": [
@@ -5788,8 +6250,8 @@
"spec_version": "2.1",
"id": "attack-pattern--404f0dd5-81d8-4d96-ad36-875a58c27271",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.368177Z",
- "modified": "2024-03-13T22:04:00.368177Z",
+ "created": "2024-08-02T17:12:32.400306Z",
+ "modified": "2024-08-02T17:12:32.400306Z",
"name": "Mainstream Social Networks",
"description": "Examples include Facebook, Twitter, LinkedIn, etc.",
"kill_chain_phases": [
@@ -5821,10 +6283,10 @@
"spec_version": "2.1",
"id": "attack-pattern--7f338181-2e4b-435b-a190-7044f3867aa3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.368366Z",
- "modified": "2024-03-13T22:04:00.368366Z",
+ "created": "2024-08-02T17:12:32.400595Z",
+ "modified": "2024-08-02T17:12:32.400595Z",
"name": "Dating App",
- "description": "\u201cDating App\u201d refers to any platform (or platform feature) in which the ostensive purpose is for users to develop a physical/romantic relationship with other users.\n\nThreat Actors can exploit users\u2019 quest for love to trick them into doing things like revealing sensitive information or giving them money.\n\nExamples include Tinder, Bumble, Grindr, Facebook Dating, Tantan, Badoo, Plenty of Fish, hinge, LOVOO, OkCupid, happn, and Mamba.",
+ "description": "\u201cDating App\u201d refers to any platform (or platform feature) in which the ostensive purpose is for users to develop a physical/romantic relationship with other users.
Threat Actors can exploit users\u2019 quest for love to trick them into doing things like revealing sensitive information or giving them money.
Examples include Tinder, Bumble, Grindr, Facebook Dating, Tantan, Badoo, Plenty of Fish, hinge, LOVOO, OkCupid, happn, and Mamba.
Associated Techniques and Sub-techniques T0097.109: Romantic Suitor Persona: Analysts can use this sub-technique for tagging cases where an account presents itself as seeking a romantic or physical connection with another person.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -5854,8 +6316,8 @@
"spec_version": "2.1",
"id": "attack-pattern--0461a925-3bb7-466c-a7ae-40aee015f403",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.368578Z",
- "modified": "2024-03-13T22:04:00.368578Z",
+ "created": "2024-08-02T17:12:32.400959Z",
+ "modified": "2024-08-02T17:12:32.400959Z",
"name": "Private/Closed Social Networks",
"description": "Social networks that are not open to people outside of family, friends, neighbours, or co-workers. Non-work-related examples include Couple, FamilyWall, 23snaps, and Nextdoor. Some of the larger social network platforms enable closed communities: examples are Instagram Close Friends and Twitter (X) Circle. Work-related examples of private social networks include LinkedIn, Facebook Workplace, and enterprise communication platforms such as Slack or Microsoft Teams.",
"kill_chain_phases": [
@@ -5887,8 +6349,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a24e779c-0f44-493b-862d-00693bf34ca4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.368767Z",
- "modified": "2024-03-13T22:04:00.368767Z",
+ "created": "2024-08-02T17:12:32.40143Z",
+ "modified": "2024-08-02T17:12:32.40143Z",
"name": "Interest-Based Networks",
"description": "Examples include smaller and niche networks including Gettr, Truth Social, Parler, etc.",
"kill_chain_phases": [
@@ -5920,8 +6382,8 @@
"spec_version": "2.1",
"id": "attack-pattern--62036130-6083-43e3-b1e0-8ab0822bedda",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.368977Z",
- "modified": "2024-03-13T22:04:00.368977Z",
+ "created": "2024-08-02T17:12:32.401797Z",
+ "modified": "2024-08-02T17:12:32.401797Z",
"name": "Use Hashtags",
"description": "Use a dedicated, existing hashtag for the campaign/incident.",
"kill_chain_phases": [
@@ -5953,8 +6415,8 @@
"spec_version": "2.1",
"id": "attack-pattern--35d89673-deef-482e-b30d-bb6883e47b12",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.369192Z",
- "modified": "2024-03-13T22:04:00.369192Z",
+ "created": "2024-08-02T17:12:32.402241Z",
+ "modified": "2024-08-02T17:12:32.402241Z",
"name": "Create Dedicated Hashtag",
"description": "Create a campaign/incident specific hashtag.",
"kill_chain_phases": [
@@ -5986,8 +6448,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6e525f48-d8d6-4484-8838-208eb00bd2a8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.369386Z",
- "modified": "2024-03-13T22:04:00.369386Z",
+ "created": "2024-08-02T17:12:32.402812Z",
+ "modified": "2024-08-02T17:12:32.402812Z",
"name": "Media Sharing Networks",
"description": "Media sharing networks refer to services whose primary function is the hosting and sharing of specific forms of media. Examples include Instagram, Snapchat, TikTok, Youtube, SoundCloud.",
"kill_chain_phases": [
@@ -6019,8 +6481,8 @@
"spec_version": "2.1",
"id": "attack-pattern--78ff99d8-dce8-4f4e-9dc2-3f37f154a39d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.369576Z",
- "modified": "2024-03-13T22:04:00.369576Z",
+ "created": "2024-08-02T17:12:32.40304Z",
+ "modified": "2024-08-02T17:12:32.40304Z",
"name": "Photo Sharing",
"description": "Examples include Instagram, Snapchat, Flickr, etc",
"kill_chain_phases": [
@@ -6052,8 +6514,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1d8c14ac-9be0-4835-b379-45549267e8f8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.369769Z",
- "modified": "2024-03-13T22:04:00.369769Z",
+ "created": "2024-08-02T17:12:32.403282Z",
+ "modified": "2024-08-02T17:12:32.403282Z",
"name": "Video Sharing",
"description": "Examples include Youtube, TikTok, ShareChat, Rumble, etc",
"kill_chain_phases": [
@@ -6085,8 +6547,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c26749da-f15d-48d7-ac1f-e2a2a49b9930",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.370017Z",
- "modified": "2024-03-13T22:04:00.370017Z",
+ "created": "2024-08-02T17:12:32.403485Z",
+ "modified": "2024-08-02T17:12:32.403485Z",
"name": "Audio Sharing",
"description": "Examples include podcasting apps, Soundcloud, etc.",
"kill_chain_phases": [
@@ -6118,8 +6580,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9b6b3dea-54ac-4e00-bd92-380555205afe",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.370233Z",
- "modified": "2024-03-13T22:04:00.370233Z",
+ "created": "2024-08-02T17:12:32.403681Z",
+ "modified": "2024-08-02T17:12:32.403681Z",
"name": "Discussion Forums",
"description": "Platforms for finding, discussing, and sharing information and opinions. Examples include Reddit, Quora, Digg, message boards, interest-based discussion forums, etc.",
"kill_chain_phases": [
@@ -6151,8 +6613,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8432d382-0ce8-4507-97ea-95be10de3488",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.370426Z",
- "modified": "2024-03-13T22:04:00.370426Z",
+ "created": "2024-08-02T17:12:32.403875Z",
+ "modified": "2024-08-02T17:12:32.403875Z",
"name": "Anonymous Message Boards",
"description": "Examples include the Chans",
"kill_chain_phases": [
@@ -6184,8 +6646,8 @@
"spec_version": "2.1",
"id": "attack-pattern--b69275ef-ba3d-409f-a857-40d4d1870dca",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.37062Z",
- "modified": "2024-03-13T22:04:00.37062Z",
+ "created": "2024-08-02T17:12:32.404069Z",
+ "modified": "2024-08-02T17:12:32.404069Z",
"name": "Bookmarking and Content Curation",
"description": "Platforms for searching, sharing, and curating content and media. Examples include Pinterest, Flipboard, etc.",
"kill_chain_phases": [
@@ -6217,8 +6679,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d4e35ba1-f83d-41b4-a862-caabb634cc3e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.370813Z",
- "modified": "2024-03-13T22:04:00.370813Z",
+ "created": "2024-08-02T17:12:32.404285Z",
+ "modified": "2024-08-02T17:12:32.404285Z",
"name": "Blogging and Publishing Networks",
"description": "Examples include WordPress, Blogger, Weebly, Tumblr, Medium, etc.",
"kill_chain_phases": [
@@ -6250,8 +6712,8 @@
"spec_version": "2.1",
"id": "attack-pattern--da4ae172-c8c8-4eb1-bc03-c5198624c8a2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.371029Z",
- "modified": "2024-03-13T22:04:00.371029Z",
+ "created": "2024-08-02T17:12:32.404483Z",
+ "modified": "2024-08-02T17:12:32.404483Z",
"name": "Consumer Review Networks",
"description": "Platforms for finding, reviewing, and sharing information about brands, products, services, restaurants, travel destinations, etc. Examples include Yelp, TripAdvisor, etc.",
"kill_chain_phases": [
@@ -6283,8 +6745,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d4813d4a-2afe-4c0e-8ddb-b21973bb283a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.371221Z",
- "modified": "2024-03-13T22:04:00.371221Z",
+ "created": "2024-08-02T17:12:32.404679Z",
+ "modified": "2024-08-02T17:12:32.404679Z",
"name": "Formal Diplomatic Channels",
"description": "Leveraging formal, traditional, diplomatic channels to communicate with foreign governments (written documents, meetings, summits, diplomatic visits, etc). This type of diplomacy is conducted by diplomats of one nation with diplomats and other officials of another nation or international organisation.",
"kill_chain_phases": [
@@ -6316,8 +6778,8 @@
"spec_version": "2.1",
"id": "attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.371448Z",
- "modified": "2024-03-13T22:04:00.371448Z",
+ "created": "2024-08-02T17:12:32.404876Z",
+ "modified": "2024-08-02T17:12:32.404876Z",
"name": "Traditional Media",
"description": "Examples include TV, Newspaper, Radio, etc.",
"kill_chain_phases": [
@@ -6349,8 +6811,8 @@
"spec_version": "2.1",
"id": "attack-pattern--db9eafc0-261b-48d0-97a2-1c92dcb4026a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.371638Z",
- "modified": "2024-03-13T22:04:00.371638Z",
+ "created": "2024-08-02T17:12:32.405072Z",
+ "modified": "2024-08-02T17:12:32.405072Z",
"name": "TV",
"description": "TV",
"kill_chain_phases": [
@@ -6382,8 +6844,8 @@
"spec_version": "2.1",
"id": "attack-pattern--eb66afed-6c29-4947-a422-c380c5caeda5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.371827Z",
- "modified": "2024-03-13T22:04:00.371827Z",
+ "created": "2024-08-02T17:12:32.405316Z",
+ "modified": "2024-08-02T17:12:32.405316Z",
"name": "Newspaper",
"description": "Newspaper",
"kill_chain_phases": [
@@ -6415,8 +6877,8 @@
"spec_version": "2.1",
"id": "attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.372061Z",
- "modified": "2024-03-13T22:04:00.372061Z",
+ "created": "2024-08-02T17:12:32.405517Z",
+ "modified": "2024-08-02T17:12:32.405517Z",
"name": "Radio",
"description": "Radio",
"kill_chain_phases": [
@@ -6448,8 +6910,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c54dd9c4-5b7b-47a9-bb40-e63967b2ec33",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.37226Z",
- "modified": "2024-03-13T22:04:00.37226Z",
+ "created": "2024-08-02T17:12:32.405713Z",
+ "modified": "2024-08-02T17:12:32.405713Z",
"name": "Email",
"description": "Delivering content and narratives via email. This can include using list management or high-value individually targeted messaging.",
"kill_chain_phases": [
@@ -6481,8 +6943,8 @@
"spec_version": "2.1",
"id": "attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.37247Z",
- "modified": "2024-03-13T22:04:00.37247Z",
+ "created": "2024-08-02T17:12:32.405913Z",
+ "modified": "2024-08-02T17:12:32.405913Z",
"name": "Employ Commercial Analytic Firms",
"description": "Commercial analytic firms collect data on target audience activities and evaluate the data to detect trends, such as content receiving high click-rates. An influence operation may employ commercial analytic firms to facilitate external collection on its target audience, complicating attribution efforts and better tailoring the content to audience preferences.",
"kill_chain_phases": [
@@ -6514,8 +6976,8 @@
"spec_version": "2.1",
"id": "attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.372645Z",
- "modified": "2024-03-13T22:04:00.372645Z",
+ "created": "2024-08-02T17:12:32.406119Z",
+ "modified": "2024-08-02T17:12:32.406119Z",
"name": "Deliver Ads",
"description": "Delivering content via any form of paid media or advertising.",
"kill_chain_phases": [
@@ -6547,8 +7009,8 @@
"spec_version": "2.1",
"id": "attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.372788Z",
- "modified": "2024-03-13T22:04:00.372788Z",
+ "created": "2024-08-02T17:12:32.406496Z",
+ "modified": "2024-08-02T17:12:32.406496Z",
"name": "Social Media",
"description": "Social Media",
"kill_chain_phases": [
@@ -6580,8 +7042,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8f83d6b8-01f4-406c-a3da-48a040e46139",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.372966Z",
- "modified": "2024-03-13T22:04:00.372966Z",
+ "created": "2024-08-02T17:12:32.406729Z",
+ "modified": "2024-08-02T17:12:32.406729Z",
"name": "Traditional Media",
"description": "Examples include TV, Radio, Newspaper, billboards",
"kill_chain_phases": [
@@ -6613,8 +7075,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1997947a-7e08-4ea9-802c-85391d561266",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.373158Z",
- "modified": "2024-03-13T22:04:00.373158Z",
+ "created": "2024-08-02T17:12:32.406924Z",
+ "modified": "2024-08-02T17:12:32.406924Z",
"name": "Post Content",
"description": "Delivering content by posting via owned media (assets that the operator controls).",
"kill_chain_phases": [
@@ -6646,8 +7108,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9a5261b8-5051-47ed-a4f6-bdbb7b6edcb4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.37335Z",
- "modified": "2024-03-13T22:04:00.37335Z",
+ "created": "2024-08-02T17:12:32.40712Z",
+ "modified": "2024-08-02T17:12:32.40712Z",
"name": "Share Memes",
"description": "Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.",
"kill_chain_phases": [
@@ -6679,8 +7141,8 @@
"spec_version": "2.1",
"id": "attack-pattern--fb6f8352-c368-49a3-b7d4-f1ee5a3fb370",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.373636Z",
- "modified": "2024-03-13T22:04:00.373636Z",
+ "created": "2024-08-02T17:12:32.407338Z",
+ "modified": "2024-08-02T17:12:32.407338Z",
"name": "Post Violative Content to Provoke Takedown and Backlash",
"description": "Post Violative Content to Provoke Takedown and Backlash.",
"kill_chain_phases": [
@@ -6712,8 +7174,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5daa2f8a-2460-4cdd-ae55-b70f439a9f51",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.373909Z",
- "modified": "2024-03-13T22:04:00.373909Z",
+ "created": "2024-08-02T17:12:32.407532Z",
+ "modified": "2024-08-02T17:12:32.407532Z",
"name": "One-Way Direct Posting",
"description": "Direct posting refers to a method of posting content via a one-way messaging service, where the recipient cannot directly respond to the poster\u2019s messaging. An influence operation may post directly to promote operation narratives to the target audience without allowing opportunities for fact-checking or disagreement, creating a false sense of support for the narrative.",
"kill_chain_phases": [
@@ -6745,8 +7207,8 @@
"spec_version": "2.1",
"id": "attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.374136Z",
- "modified": "2024-03-13T22:04:00.374136Z",
+ "created": "2024-08-02T17:12:32.407759Z",
+ "modified": "2024-08-02T17:12:32.407759Z",
"name": "Comment or Reply on Content",
"description": "Delivering content by replying or commenting via owned media (assets that the operator controls).",
"kill_chain_phases": [
@@ -6778,8 +7240,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5251f6d0-6820-4617-afef-a0d8acafd3c1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.3743Z",
- "modified": "2024-03-13T22:04:00.3743Z",
+ "created": "2024-08-02T17:12:32.408023Z",
+ "modified": "2024-08-02T17:12:32.408023Z",
"name": "Post Inauthentic Social Media Comment",
"description": "Use government-paid social media commenters, astroturfers, chat bots (programmed to reply to specific key words/hashtags) influence online conversations, product reviews, web-site comment forums.",
"kill_chain_phases": [
@@ -6811,8 +7273,8 @@
"spec_version": "2.1",
"id": "attack-pattern--72df7e55-dc60-4a7e-9928-ed41ac0e1581",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.374569Z",
- "modified": "2024-03-13T22:04:00.374569Z",
+ "created": "2024-08-02T17:12:32.408236Z",
+ "modified": "2024-08-02T17:12:32.408236Z",
"name": "Attract Traditional Media",
"description": "Deliver content by attracting the attention of traditional media (earned media).",
"kill_chain_phases": [
@@ -6844,8 +7306,8 @@
"spec_version": "2.1",
"id": "attack-pattern--836e9eef-b446-4f68-805f-0f10116d6e7f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.374771Z",
- "modified": "2024-03-13T22:04:00.374771Z",
+ "created": "2024-08-02T17:12:32.408436Z",
+ "modified": "2024-08-02T17:12:32.408436Z",
"name": "Amplify Existing Narrative",
"description": "An influence operation may amplify existing narratives that align with its narratives to support operation objectives.",
"kill_chain_phases": [
@@ -6877,8 +7339,8 @@
"spec_version": "2.1",
"id": "attack-pattern--872f0dc3-202e-4e9a-a4fc-0457252aecae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.374914Z",
- "modified": "2024-03-13T22:04:00.374914Z",
+ "created": "2024-08-02T17:12:32.408629Z",
+ "modified": "2024-08-02T17:12:32.408629Z",
"name": "Cross-Posting",
"description": "Cross-posting refers to posting the same message to multiple internet discussions, social media platforms or accounts, or news groups at one time. An influence operation may post content online in multiple communities and platforms to increase the chances of content exposure to the target audience.",
"kill_chain_phases": [
@@ -6910,8 +7372,8 @@
"spec_version": "2.1",
"id": "attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.375056Z",
- "modified": "2024-03-13T22:04:00.375056Z",
+ "created": "2024-08-02T17:12:32.408822Z",
+ "modified": "2024-08-02T17:12:32.408822Z",
"name": "Post across Groups",
"description": "An influence operation may post content across groups to spread narratives and content to new communities within the target audiences or to new target audiences.",
"kill_chain_phases": [
@@ -6943,8 +7405,8 @@
"spec_version": "2.1",
"id": "attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.375196Z",
- "modified": "2024-03-13T22:04:00.375196Z",
+ "created": "2024-08-02T17:12:32.409015Z",
+ "modified": "2024-08-02T17:12:32.409015Z",
"name": "Post across Platform",
"description": "An influence operation may post content across platforms to spread narratives and content to new communities within the target audiences or to new target audiences. Posting across platforms can also remove opposition and context, helping the narrative spread with less opposition on the cross-posted platform.",
"kill_chain_phases": [
@@ -6976,8 +7438,8 @@
"spec_version": "2.1",
"id": "attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.375339Z",
- "modified": "2024-03-13T22:04:00.375339Z",
+ "created": "2024-08-02T17:12:32.409219Z",
+ "modified": "2024-08-02T17:12:32.409219Z",
"name": "Post across Disciplines",
"description": "Post Across Disciplines",
"kill_chain_phases": [
@@ -7009,8 +7471,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5e7541d8-2b43-4443-89d9-7362ca78944c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.375523Z",
- "modified": "2024-03-13T22:04:00.375523Z",
+ "created": "2024-08-02T17:12:32.409423Z",
+ "modified": "2024-08-02T17:12:32.409423Z",
"name": "Incentivize Sharing",
"description": "Incentivizing content sharing refers to actions that encourage users to share content themselves, reducing the need for the operation itself to post and promote its own content.",
"kill_chain_phases": [
@@ -7042,8 +7504,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5bbea132-9da6-42f7-93e9-71f0a9cf311d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.375691Z",
- "modified": "2024-03-13T22:04:00.375691Z",
+ "created": "2024-08-02T17:12:32.409621Z",
+ "modified": "2024-08-02T17:12:32.409621Z",
"name": "Use Affiliate Marketing Programmes",
"description": "Use Affiliate Marketing Programmes",
"kill_chain_phases": [
@@ -7075,8 +7537,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ddc4a9e6-a371-4f16-91b6-c71139a154ce",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.375855Z",
- "modified": "2024-03-13T22:04:00.375855Z",
+ "created": "2024-08-02T17:12:32.409853Z",
+ "modified": "2024-08-02T17:12:32.409853Z",
"name": "Use Contests and Prizes",
"description": "Use Contests and Prizes",
"kill_chain_phases": [
@@ -7108,8 +7570,8 @@
"spec_version": "2.1",
"id": "attack-pattern--7e3a06ee-c109-4901-8720-69c46fe04a76",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.376028Z",
- "modified": "2024-03-13T22:04:00.376028Z",
+ "created": "2024-08-02T17:12:32.410054Z",
+ "modified": "2024-08-02T17:12:32.410054Z",
"name": "Manipulate Platform Algorithm",
"description": "Manipulating a platform algorithm refers to conducting activity on a platform in a way that intentionally targets its underlying algorithm. After analysing a platform\u2019s algorithm (see: Select Platforms), an influence operation may use a platform in a way that increases its content exposure, avoids content removal, or otherwise benefits the operation\u2019s strategy. For example, an influence operation may use bots to amplify its posts so that the platform\u2019s algorithm recognises engagement with operation content and further promotes the content on user timelines.",
"kill_chain_phases": [
@@ -7141,8 +7603,8 @@
"spec_version": "2.1",
"id": "attack-pattern--89b88c22-0686-4d28-9c2b-e0c6ac31a4ab",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.376185Z",
- "modified": "2024-03-13T22:04:00.376185Z",
+ "created": "2024-08-02T17:12:32.410247Z",
+ "modified": "2024-08-02T17:12:32.410247Z",
"name": "Bypass Content Blocking",
"description": "Bypassing content blocking refers to actions taken to circumvent network security measures that prevent users from accessing certain servers, resources, or other online spheres. An influence operation may bypass content blocking to proliferate its content on restricted areas of the internet. Common strategies for bypassing content blocking include: - Altering IP addresses to avoid IP filtering - Using a Virtual Private Network (VPN) to avoid IP filtering - Using a Content Delivery Network (CDN) to avoid IP filtering - Enabling encryption to bypass packet inspection blocking - Manipulating text to avoid filtering by keywords - Posting content on multiple platforms to avoid platform-specific removals - Using local facilities or modified DNS servers to avoid DNS filtering",
"kill_chain_phases": [
@@ -7174,8 +7636,8 @@
"spec_version": "2.1",
"id": "attack-pattern--690761b6-8afd-4dd5-954e-174de362d1b0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.376326Z",
- "modified": "2024-03-13T22:04:00.376326Z",
+ "created": "2024-08-02T17:12:32.41053Z",
+ "modified": "2024-08-02T17:12:32.41053Z",
"name": "Direct Users to Alternative Platforms",
"description": "Direct users to alternative platforms refers to encouraging users to move from the platform on which they initially viewed operation content and engage with content on alternate information channels, including separate social media channels and inauthentic websites. An operation may drive users to alternative platforms to diversify its information channels and ensure the target audience knows where to access operation content if the initial platform suspends, flags, or otherwise removes original operation assets and content.",
"kill_chain_phases": [
@@ -7207,8 +7669,8 @@
"spec_version": "2.1",
"id": "attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.376498Z",
- "modified": "2024-03-13T22:04:00.376498Z",
+ "created": "2024-08-02T17:12:32.410743Z",
+ "modified": "2024-08-02T17:12:32.410743Z",
"name": "Control Information Environment through Offensive Cyberspace Operations",
"description": "Controlling the information environment through offensive cyberspace operations uses cyber tools and techniques to alter the trajectory of content in the information space to either prioritise operation messaging or block opposition messaging.",
"kill_chain_phases": [
@@ -7240,8 +7702,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d65af8b6-91ce-490e-8978-014ff995a2ac",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.376644Z",
- "modified": "2024-03-13T22:04:00.376644Z",
+ "created": "2024-08-02T17:12:32.410935Z",
+ "modified": "2024-08-02T17:12:32.410935Z",
"name": "Delete Opposing Content",
"description": "Deleting opposing content refers to the removal of content that conflicts with operational narratives from selected platforms. An influence operation may delete opposing content to censor contradictory information from the target audience, allowing operation narratives to take priority in the information space.",
"kill_chain_phases": [
@@ -7273,8 +7735,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9b667c6e-5bc3-4c1e-b114-6f679a662b5d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.376786Z",
- "modified": "2024-03-13T22:04:00.376786Z",
+ "created": "2024-08-02T17:12:32.411168Z",
+ "modified": "2024-08-02T17:12:32.411168Z",
"name": "Block Content",
"description": "Content blocking refers to actions taken to restrict internet access or render certain areas of the internet inaccessible. An influence operation may restrict content based on both network and content attributes.",
"kill_chain_phases": [
@@ -7306,8 +7768,8 @@
"spec_version": "2.1",
"id": "attack-pattern--556fa171-ffd0-4787-84fa-171b99c703b5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.376964Z",
- "modified": "2024-03-13T22:04:00.376964Z",
+ "created": "2024-08-02T17:12:32.411369Z",
+ "modified": "2024-08-02T17:12:32.411369Z",
"name": "Destroy Information Generation Capabilities",
"description": "Destroying information generation capabilities refers to actions taken to limit, degrade, or otherwise incapacitate an actor\u2019s ability to generate conflicting information. An influence operation may destroy an actor\u2019s information generation capabilities by physically dismantling the information infrastructure, disconnecting resources needed for information generation, or redirecting information generation personnel. An operation may destroy an adversary\u2019s information generation capabilities to limit conflicting content exposure to the target audience and crowd the information space with its own narratives.",
"kill_chain_phases": [
@@ -7339,8 +7801,8 @@
"spec_version": "2.1",
"id": "attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.377159Z",
- "modified": "2024-03-13T22:04:00.377159Z",
+ "created": "2024-08-02T17:12:32.411564Z",
+ "modified": "2024-08-02T17:12:32.411564Z",
"name": "Conduct Server Redirect",
"description": "A server redirect, also known as a URL redirect, occurs when a server automatically forwards a user from one URL to another using server-side or client-side scripting languages. An influence operation may conduct a server redirect to divert target audience members from one website to another without their knowledge. The redirected website may pose as a legitimate source, host malware, or otherwise aid operation objectives.",
"kill_chain_phases": [
@@ -7372,8 +7834,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e22e3d7d-40fc-4a5e-8d6c-d528b9f78e8e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.377343Z",
- "modified": "2024-03-13T22:04:00.377343Z",
+ "created": "2024-08-02T17:12:32.411758Z",
+ "modified": "2024-08-02T17:12:32.411758Z",
"name": "Suppress Opposition",
"description": "Operators can suppress the opposition by exploiting platform content moderation tools and processes like reporting non-violative content to platforms for takedown and goading opposition actors into taking actions that result in platform action or target audience disapproval.",
"kill_chain_phases": [
@@ -7405,8 +7867,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c31542d3-d9c4-4fe4-ac5d-47632225a425",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.377512Z",
- "modified": "2024-03-13T22:04:00.377512Z",
+ "created": "2024-08-02T17:12:32.41195Z",
+ "modified": "2024-08-02T17:12:32.41195Z",
"name": "Report Non-Violative Opposing Content",
"description": "Reporting opposing content refers to notifying and providing an instance of a violation of a platform\u2019s guidelines and policies for conduct on the platform. In addition to simply reporting the content, an operation may leverage copyright regulations to trick social media and web platforms into removing opposing content by manipulating the content to appear in violation of copyright laws. Reporting opposing content facilitates the suppression of contradictory information and allows operation narratives to take priority in the information space.",
"kill_chain_phases": [
@@ -7438,8 +7900,8 @@
"spec_version": "2.1",
"id": "attack-pattern--651a5188-f38a-42be-a253-d1b90cbd28e1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.377682Z",
- "modified": "2024-03-13T22:04:00.377682Z",
+ "created": "2024-08-02T17:12:32.412165Z",
+ "modified": "2024-08-02T17:12:32.412165Z",
"name": "Goad People into Harmful Action (Stop Hitting Yourself)",
"description": "Goad people into actions that violate terms of service or will lead to having their content or accounts taken down.",
"kill_chain_phases": [
@@ -7471,8 +7933,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d615efdc-7296-4254-90f5-99d2986d97fa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.37787Z",
- "modified": "2024-03-13T22:04:00.37787Z",
+ "created": "2024-08-02T17:12:32.412541Z",
+ "modified": "2024-08-02T17:12:32.412541Z",
"name": "Exploit Platform TOS/Content Moderation",
"description": "Exploit Platform TOS/Content Moderation",
"kill_chain_phases": [
@@ -7504,8 +7966,8 @@
"spec_version": "2.1",
"id": "attack-pattern--fd04fba0-0e20-40f9-868d-e8effcf6dab6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.378108Z",
- "modified": "2024-03-13T22:04:00.378108Z",
+ "created": "2024-08-02T17:12:32.412744Z",
+ "modified": "2024-08-02T17:12:32.412744Z",
"name": "Platform Filtering",
"description": "Platform filtering refers to the decontextualization of information as claims cross platforms (from Joan Donovan https://www.hks.harvard.edu/publications/disinformation-design-use-evidence-collages-and-platform-filtering-media-manipulation)",
"kill_chain_phases": [
@@ -7537,8 +7999,8 @@
"spec_version": "2.1",
"id": "attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.378303Z",
- "modified": "2024-03-13T22:04:00.378303Z",
+ "created": "2024-08-02T17:12:32.412914Z",
+ "modified": "2024-08-02T17:12:32.412914Z",
"name": "Encourage Attendance at Events",
"description": "Operation encourages attendance at existing real world event.",
"kill_chain_phases": [
@@ -7570,8 +8032,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.378491Z",
- "modified": "2024-03-13T22:04:00.378491Z",
+ "created": "2024-08-02T17:12:32.413057Z",
+ "modified": "2024-08-02T17:12:32.413057Z",
"name": "Call to Action to Attend",
"description": "Call to action to attend an event",
"kill_chain_phases": [
@@ -7603,8 +8065,8 @@
"spec_version": "2.1",
"id": "attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.378681Z",
- "modified": "2024-03-13T22:04:00.378681Z",
+ "created": "2024-08-02T17:12:32.413199Z",
+ "modified": "2024-08-02T17:12:32.413199Z",
"name": "Facilitate Logistics or Support for Attendance",
"description": "Facilitate logistics or support for travel, food, housing, etc.",
"kill_chain_phases": [
@@ -7636,8 +8098,8 @@
"spec_version": "2.1",
"id": "attack-pattern--56a35df8-3bda-4ee3-8be0-23b20b69fe63",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.37887Z",
- "modified": "2024-03-13T22:04:00.37887Z",
+ "created": "2024-08-02T17:12:32.413349Z",
+ "modified": "2024-08-02T17:12:32.413349Z",
"name": "Physical Violence",
"description": "Physical violence refers to the use of force to injure, abuse, damage, or destroy. An influence operation may conduct or encourage physical violence to discourage opponents from promoting conflicting content or draw attention to operation narratives using shock value.",
"kill_chain_phases": [
@@ -7669,8 +8131,8 @@
"spec_version": "2.1",
"id": "attack-pattern--570ba169-9d18-41ac-89ae-46b1376cdb82",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.379089Z",
- "modified": "2024-03-13T22:04:00.379089Z",
+ "created": "2024-08-02T17:12:32.413648Z",
+ "modified": "2024-08-02T17:12:32.413648Z",
"name": "Conduct Physical Violence",
"description": "An influence operation may directly Conduct Physical Violence to achieve campaign goals.",
"kill_chain_phases": [
@@ -7702,8 +8164,8 @@
"spec_version": "2.1",
"id": "attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.379286Z",
- "modified": "2024-03-13T22:04:00.379286Z",
+ "created": "2024-08-02T17:12:32.413845Z",
+ "modified": "2024-08-02T17:12:32.413845Z",
"name": "Encourage Physical Violence",
"description": "An influence operation may Encourage others to engage in Physical Violence to achieve campaign goals.",
"kill_chain_phases": [
@@ -7735,8 +8197,8 @@
"spec_version": "2.1",
"id": "attack-pattern--baf9f97d-65f3-4290-a3c2-9ac624d64ad6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.379494Z",
- "modified": "2024-03-13T22:04:00.379494Z",
+ "created": "2024-08-02T17:12:32.413994Z",
+ "modified": "2024-08-02T17:12:32.413994Z",
"name": "Conceal Information Assets",
"description": "Conceal the identity or provenance of campaign information assets such as accounts, channels, pages etc. to avoid takedown and attribution.",
"kill_chain_phases": [
@@ -7768,8 +8230,8 @@
"spec_version": "2.1",
"id": "attack-pattern--78cf4cd6-a8a0-408f-a5e8-d6f1491aace8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.379708Z",
- "modified": "2024-03-13T22:04:00.379708Z",
+ "created": "2024-08-02T17:12:32.41414Z",
+ "modified": "2024-08-02T17:12:32.41414Z",
"name": "Use Pseudonyms",
"description": "An operation may use pseudonyms, or fake names, to mask the identity of operational accounts, channels, pages etc., publish anonymous content, or otherwise use falsified personas to conceal the identity of the operation. An operation may coordinate pseudonyms across multiple platforms, for example, by writing an article under a pseudonym and then posting a link to the article on social media on an account, channel, or page with the same falsified name.",
"kill_chain_phases": [
@@ -7801,8 +8263,8 @@
"spec_version": "2.1",
"id": "attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.379896Z",
- "modified": "2024-03-13T22:04:00.379896Z",
+ "created": "2024-08-02T17:12:32.414283Z",
+ "modified": "2024-08-02T17:12:32.414283Z",
"name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.",
"kill_chain_phases": [
@@ -7834,8 +8296,8 @@
"spec_version": "2.1",
"id": "attack-pattern--9affd892-2479-4843-99d1-1e1a9f7f1020",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.380083Z",
- "modified": "2024-03-13T22:04:00.380083Z",
+ "created": "2024-08-02T17:12:32.414425Z",
+ "modified": "2024-08-02T17:12:32.414425Z",
"name": "Distance Reputable Individuals from Operation",
"description": "Distancing reputable individuals from the operation occurs when enlisted individuals, such as celebrities or subject matter experts, actively disengage themselves from operation activities and messaging. Individuals may distance themselves from the operation by deleting old posts or statements, unfollowing operation information assets, or otherwise detaching themselves from the operation\u2019s timeline. An influence operation may want reputable individuals to distance themselves from the operation to reduce operation exposure, particularly if the operation aims to remove all evidence.",
"kill_chain_phases": [
@@ -7867,8 +8329,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6b495bb5-d2ab-4da7-9530-a1aadd488803",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.380269Z",
- "modified": "2024-03-13T22:04:00.380269Z",
+ "created": "2024-08-02T17:12:32.414755Z",
+ "modified": "2024-08-02T17:12:32.414755Z",
"name": "Launder Information Assets",
"description": "Laundering occurs when an influence operation acquires control of previously legitimate information assets such as accounts, channels, pages etc. from third parties through sale or exchange and often in contravention of terms of use. Influence operations use laundered assets to reach target audience members from within an existing information community and to complicate attribution.",
"kill_chain_phases": [
@@ -7900,8 +8362,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5bca3084-f5b0-48a8-934c-7f2c03bfd2c3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.380478Z",
- "modified": "2024-03-13T22:04:00.380478Z",
+ "created": "2024-08-02T17:12:32.414942Z",
+ "modified": "2024-08-02T17:12:32.414942Z",
"name": "Change Names of Information Assets",
"description": "Changing names or brand names of information assets such as accounts, channels, pages etc. An operation may change the names or brand names of its assets throughout an operation to avoid detection or alter the names of newly acquired or repurposed assets to fit operational narratives.",
"kill_chain_phases": [
@@ -7933,8 +8395,8 @@
"spec_version": "2.1",
"id": "attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.380679Z",
- "modified": "2024-03-13T22:04:00.380679Z",
+ "created": "2024-08-02T17:12:32.415084Z",
+ "modified": "2024-08-02T17:12:32.415084Z",
"name": "Conceal Operational Activity",
"description": "Conceal the campaign's operational activity to avoid takedown and attribution.",
"kill_chain_phases": [
@@ -7966,8 +8428,8 @@
"spec_version": "2.1",
"id": "attack-pattern--eb67513e-b6e8-42e1-a95b-197f64c21588",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.380871Z",
- "modified": "2024-03-13T22:04:00.380871Z",
+ "created": "2024-08-02T17:12:32.415225Z",
+ "modified": "2024-08-02T17:12:32.415225Z",
"name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.",
"kill_chain_phases": [
@@ -7999,8 +8461,8 @@
"spec_version": "2.1",
"id": "attack-pattern--eb037d2a-82a7-4bcb-bffd-e7791de21d1c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.381063Z",
- "modified": "2024-03-13T22:04:00.381063Z",
+ "created": "2024-08-02T17:12:32.415366Z",
+ "modified": "2024-08-02T17:12:32.415366Z",
"name": "Generate Content Unrelated to Narrative",
"description": "An influence operation may mix its own operation content with legitimate news or external unrelated content to disguise operational objectives, narratives, or existence. For example, an operation may generate \"lifestyle\" or \"cuisine\" content alongside regular operation content.",
"kill_chain_phases": [
@@ -8032,8 +8494,8 @@
"spec_version": "2.1",
"id": "attack-pattern--3437993c-c521-4145-a2d8-b860399876b0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.381257Z",
- "modified": "2024-03-13T22:04:00.381257Z",
+ "created": "2024-08-02T17:12:32.415535Z",
+ "modified": "2024-08-02T17:12:32.415535Z",
"name": "Break Association with Content",
"description": "Breaking association with content occurs when an influence operation actively separates itself from its own content. An influence operation may break association with content by unfollowing, unliking, or unsharing its content, removing attribution from its content, or otherwise taking actions that distance the operation from its messaging. An influence operation may break association with its content to complicate attribution or regain credibility for a new operation.",
"kill_chain_phases": [
@@ -8065,8 +8527,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a09fbbeb-58ef-4e7a-8183-5eaa668200c9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.381447Z",
- "modified": "2024-03-13T22:04:00.381447Z",
+ "created": "2024-08-02T17:12:32.415759Z",
+ "modified": "2024-08-02T17:12:32.415759Z",
"name": "Delete URLs",
"description": "URL deletion occurs when an influence operation completely removes its website registration, rendering the URL inaccessible. An influence operation may delete its URLs to complicate attribution or remove online documentation that the operation ever occurred.",
"kill_chain_phases": [
@@ -8098,8 +8560,8 @@
"spec_version": "2.1",
"id": "attack-pattern--e7b62982-106f-4234-9545-9466c687d1b5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.381714Z",
- "modified": "2024-03-13T22:04:00.381714Z",
+ "created": "2024-08-02T17:12:32.415971Z",
+ "modified": "2024-08-02T17:12:32.415971Z",
"name": "Coordinate on Encrypted/Closed Networks",
"description": "Coordinate on encrypted/ closed networks",
"kill_chain_phases": [
@@ -8131,8 +8593,8 @@
"spec_version": "2.1",
"id": "attack-pattern--da5fb984-37a6-4152-a078-e2af40c0844f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.381916Z",
- "modified": "2024-03-13T22:04:00.381916Z",
+ "created": "2024-08-02T17:12:32.416284Z",
+ "modified": "2024-08-02T17:12:32.416284Z",
"name": "Deny Involvement",
"description": "Without \"smoking gun\" proof (and even with proof), incident creator can or will deny involvement. This technique also leverages the attacker advantages outlined in \"Demand insurmountable proof\", specifically the asymmetric disadvantage for truth-tellers in a \"firehose of misinformation\" environment.",
"kill_chain_phases": [
@@ -8164,8 +8626,8 @@
"spec_version": "2.1",
"id": "attack-pattern--deb9a225-0803-4a1f-b37b-3a10c3e7ca79",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.382113Z",
- "modified": "2024-03-13T22:04:00.382113Z",
+ "created": "2024-08-02T17:12:32.416479Z",
+ "modified": "2024-08-02T17:12:32.416479Z",
"name": "Delete Accounts/Account Activity",
"description": "Deleting accounts and account activity occurs when an influence operation removes its online social media assets, including social media accounts, posts, likes, comments, and other online artefacts. An influence operation may delete its accounts and account activity to complicate attribution or remove online documentation that the operation ever occurred.",
"kill_chain_phases": [
@@ -8197,8 +8659,8 @@
"spec_version": "2.1",
"id": "attack-pattern--32ddaf21-ebef-4270-9416-d9ef74bd23f6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.382307Z",
- "modified": "2024-03-13T22:04:00.382307Z",
+ "created": "2024-08-02T17:12:32.416684Z",
+ "modified": "2024-08-02T17:12:32.416684Z",
"name": "Redirect URLs",
"description": "An influence operation may redirect its falsified or typosquatted URLs to legitimate websites to increase the operation's appearance of legitimacy, complicate attribution, and avoid detection.",
"kill_chain_phases": [
@@ -8230,8 +8692,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ea762d7a-8852-4d91-b44f-4754aa079313",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.382535Z",
- "modified": "2024-03-13T22:04:00.382535Z",
+ "created": "2024-08-02T17:12:32.41687Z",
+ "modified": "2024-08-02T17:12:32.41687Z",
"name": "Remove Post Origins",
"description": "Removing post origins refers to the elimination of evidence that indicates the initial source of operation content, often to complicate attribution. An influence operation may remove post origins by deleting watermarks, renaming files, or removing embedded links in its content.",
"kill_chain_phases": [
@@ -8263,8 +8725,8 @@
"spec_version": "2.1",
"id": "attack-pattern--dd415f9d-ce3a-44c6-9237-f8ceeb52a6a3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.382748Z",
- "modified": "2024-03-13T22:04:00.382748Z",
+ "created": "2024-08-02T17:12:32.417055Z",
+ "modified": "2024-08-02T17:12:32.417055Z",
"name": "Misattribute Activity",
"description": "Misattributed activity refers to incorrectly attributed operation activity. For example, a state sponsored influence operation may conduct operation activity in a way that mimics another state so that external entities misattribute activity to the incorrect state. An operation may misattribute their activities to complicate attribution, avoid detection, or frame an adversary for negative behaviour.",
"kill_chain_phases": [
@@ -8296,8 +8758,8 @@
"spec_version": "2.1",
"id": "attack-pattern--82f29899-fd06-43ef-b4d6-fc511d0fa425",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.382928Z",
- "modified": "2024-03-13T22:04:00.382928Z",
+ "created": "2024-08-02T17:12:32.417236Z",
+ "modified": "2024-08-02T17:12:32.417236Z",
"name": "Conceal Infrastructure",
"description": "Conceal the campaign's infrastructure to avoid takedown and attribution.",
"kill_chain_phases": [
@@ -8329,8 +8791,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a09594d3-c930-451a-8eb6-7e2d748618bb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.383099Z",
- "modified": "2024-03-13T22:04:00.383099Z",
+ "created": "2024-08-02T17:12:32.417423Z",
+ "modified": "2024-08-02T17:12:32.417423Z",
"name": "Conceal Sponsorship",
"description": "Concealing sponsorship aims to mislead or obscure the identity of the hidden sponsor behind an operation rather than entity publicly running the operation. Operations that conceal sponsorship may maintain visible falsified groups, news outlets, non-profits, or other organisations, but seek to mislead or obscure the identity sponsoring, funding, or otherwise supporting these entities. Influence operations may use a variety of techniques to mask the location of their social media accounts to complicate attribution and conceal evidence of foreign interference. Operation accounts may set their location to a false place, often the location of the operation\u2019s target audience, and post in the region\u2019s language",
"kill_chain_phases": [
@@ -8362,8 +8824,8 @@
"spec_version": "2.1",
"id": "attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.383245Z",
- "modified": "2024-03-13T22:04:00.383245Z",
+ "created": "2024-08-02T17:12:32.417607Z",
+ "modified": "2024-08-02T17:12:32.417607Z",
"name": "Utilise Bulletproof Hosting",
"description": "Hosting refers to services through which storage and computing resources are provided to an individual or organisation for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilise bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend.",
"kill_chain_phases": [
@@ -8395,8 +8857,8 @@
"spec_version": "2.1",
"id": "attack-pattern--b6644001-8597-4f9f-a2a4-8005c54e8a39",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.383386Z",
- "modified": "2024-03-13T22:04:00.383386Z",
+ "created": "2024-08-02T17:12:32.417826Z",
+ "modified": "2024-08-02T17:12:32.417826Z",
"name": "Use Shell Organisations",
"description": "Use Shell Organisations to conceal sponsorship.",
"kill_chain_phases": [
@@ -8428,8 +8890,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c80ef7af-3f51-4be5-b42a-19d29ab40a53",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.383526Z",
- "modified": "2024-03-13T22:04:00.383526Z",
+ "created": "2024-08-02T17:12:32.418021Z",
+ "modified": "2024-08-02T17:12:32.418021Z",
"name": "Use Cryptocurrency",
"description": "Use Cryptocurrency to conceal sponsorship. Examples include Bitcoin, Monero, and Etherium.",
"kill_chain_phases": [
@@ -8461,8 +8923,8 @@
"spec_version": "2.1",
"id": "attack-pattern--8b991b67-9df8-42e7-b11a-5ed1bc41c5a5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.383668Z",
- "modified": "2024-03-13T22:04:00.383668Z",
+ "created": "2024-08-02T17:12:32.418215Z",
+ "modified": "2024-08-02T17:12:32.418215Z",
"name": "Obfuscate Payment",
"description": "Obfuscate Payment",
"kill_chain_phases": [
@@ -8494,8 +8956,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c73c3210-6414-46c8-9885-a3b3e405da56",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.383814Z",
- "modified": "2024-03-13T22:04:00.383814Z",
+ "created": "2024-08-02T17:12:32.418409Z",
+ "modified": "2024-08-02T17:12:32.418409Z",
"name": "Exploit TOS/Content Moderation",
"description": "Exploiting weaknesses in platforms' terms of service and content moderation policies to avoid takedowns and platform actions.",
"kill_chain_phases": [
@@ -8527,8 +8989,8 @@
"spec_version": "2.1",
"id": "attack-pattern--ce1e088c-d061-490c-a13a-3cbe4216a86e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.384023Z",
- "modified": "2024-03-13T22:04:00.384023Z",
+ "created": "2024-08-02T17:12:32.418604Z",
+ "modified": "2024-08-02T17:12:32.418604Z",
"name": "Legacy Web Content",
"description": "Make incident content visible for a long time, e.g. by exploiting platform terms of service, or placing it where it's hard to remove or unlikely to be removed.",
"kill_chain_phases": [
@@ -8560,8 +9022,8 @@
"spec_version": "2.1",
"id": "attack-pattern--67afaa3d-ffd7-4ad5-bcb0-e77962c084cf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.384226Z",
- "modified": "2024-03-13T22:04:00.384226Z",
+ "created": "2024-08-02T17:12:32.418954Z",
+ "modified": "2024-08-02T17:12:32.418954Z",
"name": "Post Borderline Content",
"description": "Post Borderline Content",
"kill_chain_phases": [
@@ -8593,8 +9055,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c171dd41-42d0-45c2-806e-3cb518ba0357",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.384429Z",
- "modified": "2024-03-13T22:04:00.384429Z",
+ "created": "2024-08-02T17:12:32.419159Z",
+ "modified": "2024-08-02T17:12:32.419159Z",
"name": "Measure Performance",
"description": "A metric used to determine the accomplishment of actions. \u201cAre the actions being executed as planned?\u201d",
"kill_chain_phases": [
@@ -8626,8 +9088,8 @@
"spec_version": "2.1",
"id": "attack-pattern--83b4e2db-265f-4f88-9b35-26df05c561e9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.384621Z",
- "modified": "2024-03-13T22:04:00.384621Z",
+ "created": "2024-08-02T17:12:32.419355Z",
+ "modified": "2024-08-02T17:12:32.419355Z",
"name": "People Focused",
"description": "Measure the performance individuals in achieving campaign goals",
"kill_chain_phases": [
@@ -8659,8 +9121,8 @@
"spec_version": "2.1",
"id": "attack-pattern--5dc224b1-c69e-496d-91f7-e8ce4fd3f166",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.384766Z",
- "modified": "2024-03-13T22:04:00.384766Z",
+ "created": "2024-08-02T17:12:32.419551Z",
+ "modified": "2024-08-02T17:12:32.419551Z",
"name": "Content Focused",
"description": "Measure the performance of campaign content",
"kill_chain_phases": [
@@ -8692,8 +9154,8 @@
"spec_version": "2.1",
"id": "attack-pattern--c25ad637-cfa5-40c0-a23c-f741d8f4319e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.384925Z",
- "modified": "2024-03-13T22:04:00.384925Z",
+ "created": "2024-08-02T17:12:32.419768Z",
+ "modified": "2024-08-02T17:12:32.419768Z",
"name": "View Focused",
"description": "View Focused",
"kill_chain_phases": [
@@ -8725,8 +9187,8 @@
"spec_version": "2.1",
"id": "attack-pattern--bb9d5f3e-471f-411b-9901-baf03b848132",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.385121Z",
- "modified": "2024-03-13T22:04:00.385121Z",
+ "created": "2024-08-02T17:12:32.419973Z",
+ "modified": "2024-08-02T17:12:32.419973Z",
"name": "Measure Effectiveness",
"description": "A metric used to measure a current system state. \u201cAre we on track to achieve the intended new system state within the planned timescale?\u201d",
"kill_chain_phases": [
@@ -8758,8 +9220,8 @@
"spec_version": "2.1",
"id": "attack-pattern--a925711a-dbfb-41b1-bd81-70d41dbaa69c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.385261Z",
- "modified": "2024-03-13T22:04:00.385261Z",
+ "created": "2024-08-02T17:12:32.42017Z",
+ "modified": "2024-08-02T17:12:32.42017Z",
"name": "Behaviour Changes",
"description": "Monitor and evaluate behaviour changes from misinformation incidents.",
"kill_chain_phases": [
@@ -8791,8 +9253,8 @@
"spec_version": "2.1",
"id": "attack-pattern--d2536dd3-53a5-4fc1-b508-1697cf0dafde",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.385402Z",
- "modified": "2024-03-13T22:04:00.385402Z",
+ "created": "2024-08-02T17:12:32.420363Z",
+ "modified": "2024-08-02T17:12:32.420363Z",
"name": "Content",
"description": "Measure current system state with respect to the effectiveness of campaign content.",
"kill_chain_phases": [
@@ -8824,8 +9286,8 @@
"spec_version": "2.1",
"id": "attack-pattern--55ecf54e-0e46-4ea1-86de-ab473c94705f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.385542Z",
- "modified": "2024-03-13T22:04:00.385542Z",
+ "created": "2024-08-02T17:12:32.420557Z",
+ "modified": "2024-08-02T17:12:32.420557Z",
"name": "Awareness",
"description": "Measure current system state with respect to the effectiveness of influencing awareness.",
"kill_chain_phases": [
@@ -8857,8 +9319,8 @@
"spec_version": "2.1",
"id": "attack-pattern--7fdc6b19-0d37-43a9-8144-f0c180a13ed0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.38568Z",
- "modified": "2024-03-13T22:04:00.38568Z",
+ "created": "2024-08-02T17:12:32.420751Z",
+ "modified": "2024-08-02T17:12:32.420751Z",
"name": "Knowledge",
"description": "Measure current system state with respect to the effectiveness of influencing knowledge.",
"kill_chain_phases": [
@@ -8890,8 +9352,8 @@
"spec_version": "2.1",
"id": "attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.385865Z",
- "modified": "2024-03-13T22:04:00.385865Z",
+ "created": "2024-08-02T17:12:32.420979Z",
+ "modified": "2024-08-02T17:12:32.420979Z",
"name": "Action/Attitude",
"description": "Measure current system state with respect to the effectiveness of influencing action/attitude.",
"kill_chain_phases": [
@@ -8923,8 +9385,8 @@
"spec_version": "2.1",
"id": "attack-pattern--6aa772c8-f51f-428e-a7e5-2d69dd8d4add",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.386097Z",
- "modified": "2024-03-13T22:04:00.386097Z",
+ "created": "2024-08-02T17:12:32.421176Z",
+ "modified": "2024-08-02T17:12:32.421176Z",
"name": "Measure Effectiveness Indicators (or KPIs)",
"description": "Ensuring that Key Performance Indicators are identified and tracked, so that the performance and effectiveness of campaigns, and elements of campaigns, can be measured, during and after their execution.",
"kill_chain_phases": [
@@ -8956,8 +9418,8 @@
"spec_version": "2.1",
"id": "attack-pattern--4c5e704a-acca-4bbd-8980-c915c0424ff8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.386294Z",
- "modified": "2024-03-13T22:04:00.386294Z",
+ "created": "2024-08-02T17:12:32.421381Z",
+ "modified": "2024-08-02T17:12:32.421381Z",
"name": "Message Reach",
"description": "Monitor and evaluate message reach in misinformation incidents.",
"kill_chain_phases": [
@@ -8989,8 +9451,8 @@
"spec_version": "2.1",
"id": "attack-pattern--cb324e3c-1041-4a26-9fa8-da45547b7dcc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.38651Z",
- "modified": "2024-03-13T22:04:00.38651Z",
+ "created": "2024-08-02T17:12:32.421597Z",
+ "modified": "2024-08-02T17:12:32.421597Z",
"name": "Social Media Engagement",
"description": "Monitor and evaluate social media engagement in misinformation incidents.",
"kill_chain_phases": [
@@ -9020,10 +9482,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--7a1b2851-c2c4-4b42-bbbf-0c3542789287",
+ "id": "attack-pattern--5d59ac02-0489-438c-84b8-7fe8c15d1fec",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.386735Z",
- "modified": "2024-03-13T22:04:00.386735Z",
+ "created": "2024-08-02T17:12:32.421799Z",
+ "modified": "2024-08-02T17:12:32.421799Z",
"name": "Undermine",
"description": "Weaken, debilitate, or subvert a target or their actions. An influence operation may be designed to disparage an opponent; sabotage an opponent\u2019s systems or processes; compromise an opponent\u2019s relationships or support system; impair an opponent\u2019s capability; or thwart an opponent\u2019s initiative. ",
"kill_chain_phases": [
@@ -9053,10 +9515,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--335de36d-e372-431b-b4cb-c57d3874afb8",
+ "id": "attack-pattern--16583ab1-7dae-470c-8bd1-b7ffa1f9b13f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.38694Z",
- "modified": "2024-03-13T22:04:00.38694Z",
+ "created": "2024-08-02T17:12:32.422003Z",
+ "modified": "2024-08-02T17:12:32.422003Z",
"name": "Smear",
"description": "Denigrate, disparage, or discredit an opponent. This is a common tactical objective in political campaigns with a larger strategic goal. It differs from efforts to harm a target through defamation. If there is no ulterior motive and the sole aim is to cause harm to the target, then choose sub-technique \u201cDefame\u201d of technique \u201cCause Harm\u201d instead.",
"kill_chain_phases": [
@@ -9086,10 +9548,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--dfc90683-d6ef-42b7-979d-ca6fce04da64",
+ "id": "attack-pattern--0765e40a-7204-4913-b24d-6793cf4f6590",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.387141Z",
- "modified": "2024-03-13T22:04:00.387141Z",
+ "created": "2024-08-02T17:12:32.422204Z",
+ "modified": "2024-08-02T17:12:32.422204Z",
"name": "Thwart",
"description": "Prevent the successful outcome of a policy, operation, or initiative. Actors conduct influence operations to stymie or foil proposals, plans, or courses of action which are not in their interest. ",
"kill_chain_phases": [
@@ -9119,10 +9581,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--8ef7bb45-cf04-4a91-82ae-23f8d3cd1672",
+ "id": "attack-pattern--fdc7e2f8-dfb1-4353-a59f-f88d3b15eee7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.387336Z",
- "modified": "2024-03-13T22:04:00.387336Z",
+ "created": "2024-08-02T17:12:32.422406Z",
+ "modified": "2024-08-02T17:12:32.422406Z",
"name": "Subvert",
"description": "Sabotage, destroy, or damage a system, process, or relationship. The classic example is the Soviet strategy of \u201cactive measures\u201d involving deniable covert activities such as political influence, the use of front organisations, the orchestration of domestic unrest, and the spread of disinformation. ",
"kill_chain_phases": [
@@ -9152,10 +9614,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--956cdc6e-520d-4437-8d71-069a4b1d364d",
+ "id": "attack-pattern--4f7361ac-3b52-443f-8b4c-4032bb290a80",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.387538Z",
- "modified": "2024-03-13T22:04:00.387538Z",
+ "created": "2024-08-02T17:12:32.422724Z",
+ "modified": "2024-08-02T17:12:32.422724Z",
"name": "Polarise",
"description": "To cause a target audience to divide into two completely opposing groups. This is a special case of subversion. To divide and conquer is an age-old approach to subverting and overcoming an enemy.",
"kill_chain_phases": [
@@ -9185,10 +9647,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--d248f5e4-033f-4b71-a297-e164981e0d34",
+ "id": "attack-pattern--07c764ee-1919-4e6f-a147-4db10d19c214",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.387749Z",
- "modified": "2024-03-13T22:04:00.387749Z",
+ "created": "2024-08-02T17:12:32.422933Z",
+ "modified": "2024-08-02T17:12:32.422933Z",
"name": "Cultivate Support",
"description": "Grow or maintain the base of support for the actor, ally, or action. This includes hard core recruitment, managing alliances, and generating or maintaining sympathy among a wider audience, including reputation management and public relations. Sub-techniques assume support for actor (self) unless otherwise specified. ",
"kill_chain_phases": [
@@ -9218,10 +9680,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--3d5684c2-4772-4af0-b8d9-e4a1362c9b0f",
+ "id": "attack-pattern--69f4e3bb-a587-468a-8a0c-31f9acd931b6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.387949Z",
- "modified": "2024-03-13T22:04:00.387949Z",
+ "created": "2024-08-02T17:12:32.423136Z",
+ "modified": "2024-08-02T17:12:32.423136Z",
"name": "Defend Reputaton",
"description": "Preserve a positive perception in the public\u2019s mind following an accusation or adverse event. When accused of a wrongful act, an actor may engage in denial, counter accusations, whataboutism, or conspiracy theories to distract public attention and attempt to maintain a positive image. ",
"kill_chain_phases": [
@@ -9251,10 +9713,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--cbd63bce-91c8-460d-b5da-59f52bb42307",
+ "id": "attack-pattern--648ac47f-a288-454a-a784-3f2111c0b76b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.388136Z",
- "modified": "2024-03-13T22:04:00.388136Z",
+ "created": "2024-08-02T17:12:32.423338Z",
+ "modified": "2024-08-02T17:12:32.423338Z",
"name": "Justify Action",
"description": "To convince others to exonerate you of a perceived wrongdoing. When an actor finds it untenable to deny doing something, they may attempt to exonerate themselves with disinformation which claims the action was reasonable. This is a special case of \u201cDefend Reputation\u201d. ",
"kill_chain_phases": [
@@ -9284,10 +9746,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--b5d40b47-6792-40b8-954c-0080dc6e36bc",
+ "id": "attack-pattern--0dc4a07b-94cb-4743-b812-3fc3c8288551",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.388316Z",
- "modified": "2024-03-13T22:04:00.388316Z",
+ "created": "2024-08-02T17:12:32.423683Z",
+ "modified": "2024-08-02T17:12:32.423683Z",
"name": "Energise Supporters",
"description": "Raise the morale of those who support the organisation or group. Invigorate constituents with zeal for the mission or activity. Terrorist groups, political movements, and cults may indoctrinate their supporters with ideologies that are based on warped versions of religion or cause harm to others. ",
"kill_chain_phases": [
@@ -9317,10 +9779,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--bdea2ea4-9db1-4925-a7bd-da87cff30020",
+ "id": "attack-pattern--150be76a-9bdc-4f1d-837c-6a845d1eda1c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.388531Z",
- "modified": "2024-03-13T22:04:00.388531Z",
+ "created": "2024-08-02T17:12:32.424095Z",
+ "modified": "2024-08-02T17:12:32.424095Z",
"name": "Boost Reputation",
"description": "Elevate the estimation of the actor in the public\u2019s mind. Improve their image or standing. Public relations professionals use persuasive overt communications to achieve this goal; manipulators use covert disinformation. ",
"kill_chain_phases": [
@@ -9350,10 +9812,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--d8da91e5-19d2-4a54-b20b-bbcfb52f4cef",
+ "id": "attack-pattern--ee594da3-8999-481e-90b3-e8c2e965ae28",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.388734Z",
- "modified": "2024-03-13T22:04:00.388734Z",
+ "created": "2024-08-02T17:12:32.42446Z",
+ "modified": "2024-08-02T17:12:32.42446Z",
"name": "Cultvate Support for Initiative",
"description": "Elevate or fortify the public backing for a policy, operation, or idea. Domestic and foreign actors can use artificial means to fabricate or amplify public support for a proposal or action. ",
"kill_chain_phases": [
@@ -9383,10 +9845,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--e20185ab-a567-4eda-84a1-60dd5936990b",
+ "id": "attack-pattern--62eb26b8-d555-46a5-831d-c6b55909a9c4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.388931Z",
- "modified": "2024-03-13T22:04:00.388931Z",
+ "created": "2024-08-02T17:12:32.424819Z",
+ "modified": "2024-08-02T17:12:32.424819Z",
"name": "Cultivate Support for Ally",
"description": "Elevate or fortify the public backing for a partner. Governments may interfere in other countries\u2019 elections by covertly favouring a party or candidate aligned with their interests. They may also mount an influence operation to bolster the reputation of an ally under attack. ",
"kill_chain_phases": [
@@ -9416,10 +9878,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--8d95a8e4-fe8a-4344-adc2-f0713c84cdde",
+ "id": "attack-pattern--fc986d09-410d-45ac-b4b4-161ff339147f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.389127Z",
- "modified": "2024-03-13T22:04:00.389127Z",
+ "created": "2024-08-02T17:12:32.425208Z",
+ "modified": "2024-08-02T17:12:32.425208Z",
"name": "Recruit Members",
"description": "Motivate followers to join or subscribe as members of the team. Organisations may mount recruitment drives that use propaganda to entice sympathisers to sign up. ",
"kill_chain_phases": [
@@ -9449,10 +9911,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--1af96790-1496-4975-9c17-61482c120f75",
+ "id": "attack-pattern--4e33bf6a-c042-4673-b72a-c4121e0aae0d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.38933Z",
- "modified": "2024-03-13T22:04:00.38933Z",
+ "created": "2024-08-02T17:12:32.425583Z",
+ "modified": "2024-08-02T17:12:32.425583Z",
"name": "Increase Prestige",
"description": "Improve personal standing within a community. Gain fame, approbation, or notoriety. Conspiracy theorists, those with special access, and ideologues can gain prominence in a community by propagating disinformation, leaking confidential documents, or spreading hate. ",
"kill_chain_phases": [
@@ -9482,10 +9944,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--f82582bf-2475-43bb-b793-ad51cb30d221",
+ "id": "attack-pattern--d034fff5-0735-41e9-90a3-99a99671894a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.389561Z",
- "modified": "2024-03-13T22:04:00.389561Z",
+ "created": "2024-08-02T17:12:32.425893Z",
+ "modified": "2024-08-02T17:12:32.425893Z",
"name": "Make Money",
"description": "Profit from disinformation, conspiracy theories, or online harm. In some cases, the sole objective is financial gain, in other cases the objective is both financial and political. Making money may also be a way to sustain a political campaign. ",
"kill_chain_phases": [
@@ -9515,10 +9977,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--5c5ba2be-95ed-4b80-81ac-c56579482300",
+ "id": "attack-pattern--faacbfa9-600a-4cfb-8afe-844a186d72b3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.389769Z",
- "modified": "2024-03-13T22:04:00.389769Z",
+ "created": "2024-08-02T17:12:32.426286Z",
+ "modified": "2024-08-02T17:12:32.426286Z",
"name": "Generate Ad Revenue",
"description": "Earn income from digital advertisements published alongside inauthentic content. Conspiratorial, false, or provocative content drives internet traffic. Content owners earn money from impressions of, or clicks on, or conversions of ads published on their websites, social media profiles, or streaming services, or ads published when their content appears in search engine results. Fraudsters simulate impressions, clicks, and conversions, or they spin up inauthentic sites or social media profiles just to generate ad revenue. Conspiracy theorists and political operators generate ad revenue as a byproduct of their operation or as a means of sustaining their campaign. ",
"kill_chain_phases": [
@@ -9548,10 +10010,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--c33f44c6-69c7-4dca-a022-bce150e00351",
+ "id": "attack-pattern--62a0eef8-a23a-4fbf-bb17-17ea636213cc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.389969Z",
- "modified": "2024-03-13T22:04:00.389969Z",
+ "created": "2024-08-02T17:12:32.426585Z",
+ "modified": "2024-08-02T17:12:32.426585Z",
"name": "Scam",
"description": "Defraud a target or trick a target into doing something that benefits the attacker. A typical scam is where a fraudster convinces a target to pay for something without the intention of ever delivering anything in return. Alternatively, the fraudster may promise benefits which never materialise, such as a fake cure. Criminals often exploit a fear or crisis or generate a sense of urgency. They may use deepfakes to impersonate authority figures or individuals in distress. ",
"kill_chain_phases": [
@@ -9581,10 +10043,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--ab662bce-7c59-40db-8ec1-f1860b31c8d2",
+ "id": "attack-pattern--7bcb15ef-d371-4b1e-8768-30784e9d7b87",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.390582Z",
- "modified": "2024-03-13T22:04:00.390582Z",
+ "created": "2024-08-02T17:12:32.426878Z",
+ "modified": "2024-08-02T17:12:32.426878Z",
"name": "Raise Funds",
"description": "Solicit donations for a cause. Popular conspiracy theorists can attract financial contributions from their followers. Fighting back against the establishment is a popular crowdfunding narrative. ",
"kill_chain_phases": [
@@ -9614,10 +10076,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--b3489363-a0d6-44fa-a739-220721337318",
+ "id": "attack-pattern--8958b87c-85fd-478f-ae01-8952c787d9b7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.390746Z",
- "modified": "2024-03-13T22:04:00.390746Z",
+ "created": "2024-08-02T17:12:32.427325Z",
+ "modified": "2024-08-02T17:12:32.427325Z",
"name": "Sell Items under False Pretences",
"description": "Offer products for sale under false pretences. Campaigns may hijack or create causes built on disinformation to sell promotional merchandise. Or charlatans may amplify victims\u2019 unfounded fears to sell them items of questionable utility such as supplements or survival gear. ",
"kill_chain_phases": [
@@ -9647,10 +10109,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--46dd1614-b2f4-40c1-bcdb-0ca33ce4357f",
+ "id": "attack-pattern--9e081185-12f4-41f0-8379-95b688e1d80f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.390897Z",
- "modified": "2024-03-13T22:04:00.390897Z",
+ "created": "2024-08-02T17:12:32.427609Z",
+ "modified": "2024-08-02T17:12:32.427609Z",
"name": "Extort",
"description": "Coerce money or favours from a target by threatening to expose or corrupt information. Ransomware criminals typically demand money. Intelligence agencies demand national secrets. Sexual predators demand favours. The leverage may be critical, sensitive, or embarrassing information. ",
"kill_chain_phases": [
@@ -9680,10 +10142,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--70de8fc1-509c-4922-995b-1512fba1e338",
+ "id": "attack-pattern--3628a6fd-b102-48a0-862b-9b66e80ee556",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.391044Z",
- "modified": "2024-03-13T22:04:00.391044Z",
+ "created": "2024-08-02T17:12:32.427838Z",
+ "modified": "2024-08-02T17:12:32.427838Z",
"name": "Manipulate Stocks",
"description": "Artificially inflate or deflate the price of stocks or other financial instruments and then trade on these to make profit. The most common securities fraud schemes are called \u201cpump and dump\u201d and \u201cpoop and scoop\u201d. ",
"kill_chain_phases": [
@@ -9713,10 +10175,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--6c3345b8-026e-4aa6-8b2c-15cfb2258df6",
+ "id": "attack-pattern--9049818c-e7d7-4662-8d2c-589304cd9905",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.391189Z",
- "modified": "2024-03-13T22:04:00.391189Z",
+ "created": "2024-08-02T17:12:32.428073Z",
+ "modified": "2024-08-02T17:12:32.428073Z",
"name": "Motivate to Act",
"description": "Persuade, impel, or provoke the target to behave in a specific manner favourable to the attacker. Some common behaviours are joining, subscribing, voting, buying, demonstrating, fighting, retreating, resigning, boycotting.",
"kill_chain_phases": [
@@ -9746,10 +10208,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--12fbb7ad-ceea-4f59-a626-a30a47a4cc56",
+ "id": "attack-pattern--01ad5f44-da00-491f-84e8-3ba8da154c45",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.391394Z",
- "modified": "2024-03-13T22:04:00.391394Z",
+ "created": "2024-08-02T17:12:32.428281Z",
+ "modified": "2024-08-02T17:12:32.428281Z",
"name": "Encourage",
"description": "Inspire, animate, or exhort a target to act. An actor can use propaganda, disinformation, or conspiracy theories to stimulate a target to act in its interest. ",
"kill_chain_phases": [
@@ -9779,10 +10241,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--637d504e-4f85-4979-b48c-b9512419329e",
+ "id": "attack-pattern--29a3ec78-469a-43b8-b0ae-9f34c58316f2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.391761Z",
- "modified": "2024-03-13T22:04:00.391761Z",
+ "created": "2024-08-02T17:12:32.428473Z",
+ "modified": "2024-08-02T17:12:32.428473Z",
"name": "Provoke",
"description": "Instigate, incite, or arouse a target to act. Social media manipulators exploit moral outrage to propel targets to spread hate, take to the streets to protest, or engage in acts of violence. ",
"kill_chain_phases": [
@@ -9812,10 +10274,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--ac2e2374-ff39-4167-af9e-71ba5d96e828",
+ "id": "attack-pattern--3af9d1c0-9a09-4dba-8975-a204e6951ac4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.391929Z",
- "modified": "2024-03-13T22:04:00.391929Z",
+ "created": "2024-08-02T17:12:32.428678Z",
+ "modified": "2024-08-02T17:12:32.428678Z",
"name": "Compel",
"description": "Force target to take an action or to stop taking an action it has already started. Actors can use the threat of reputational damage alongside military or economic threats to compel a target.",
"kill_chain_phases": [
@@ -9845,10 +10307,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--554fc43f-426e-40ba-a82f-148774abaee2",
+ "id": "attack-pattern--3be88ed6-1f7e-4c93-997c-600a8996293f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.392079Z",
- "modified": "2024-03-13T22:04:00.392079Z",
+ "created": "2024-08-02T17:12:32.42888Z",
+ "modified": "2024-08-02T17:12:32.42888Z",
"name": "Dissuade from Acting",
"description": "Discourage, deter, or inhibit the target from actions which would be unfavourable to the attacker. The actor may want the target to refrain from voting, buying, fighting, or supplying. ",
"kill_chain_phases": [
@@ -9878,10 +10340,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--431e1e82-c9ef-44e6-b1ec-354aca1890fa",
+ "id": "attack-pattern--d60dd224-14bd-4b6e-9960-a789a8370fdf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.392254Z",
- "modified": "2024-03-13T22:04:00.392254Z",
+ "created": "2024-08-02T17:12:32.429055Z",
+ "modified": "2024-08-02T17:12:32.429055Z",
"name": "Discourage",
"description": "To make a target disinclined or reluctant to act. Manipulators use disinformation to cause targets to question the utility, legality, or morality of taking an action. ",
"kill_chain_phases": [
@@ -9911,10 +10373,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--8376b756-0340-4870-ba1d-38b43ce811a4",
+ "id": "attack-pattern--5af23f8e-38df-48c6-b832-6f4589cd2590",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.392403Z",
- "modified": "2024-03-13T22:04:00.392403Z",
+ "created": "2024-08-02T17:12:32.429223Z",
+ "modified": "2024-08-02T17:12:32.429223Z",
"name": "Silence",
"description": "Intimidate or incentivise target into remaining silent or prevent target from speaking out. A threat actor may cow a target into silence as a special case of deterrence. Or they may buy the target\u2019s silence. Or they may repress or restrict the target\u2019s speech. ",
"kill_chain_phases": [
@@ -9944,10 +10406,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--b4a3940c-fa6d-4086-9a6d-ccab45cd5072",
+ "id": "attack-pattern--8ac60812-17d7-4e9f-911e-64467233a9b3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.392574Z",
- "modified": "2024-03-13T22:04:00.392574Z",
+ "created": "2024-08-02T17:12:32.429391Z",
+ "modified": "2024-08-02T17:12:32.429391Z",
"name": "Deter",
"description": "Prevent target from taking an action for fear of the consequences. Deterrence occurs in the mind of the target, who fears they will be worse off if they take an action than if they don\u2019t. When making threats, aggressors may bluff, feign irrationality, or engage in brinksmanship.",
"kill_chain_phases": [
@@ -9977,10 +10439,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--3eeb3c60-b41a-412c-ada9-ad6e82022dec",
+ "id": "attack-pattern--42aa38b3-77b9-48e0-b3ef-41e7e72e27ac",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.392728Z",
- "modified": "2024-03-13T22:04:00.392728Z",
+ "created": "2024-08-02T17:12:32.429558Z",
+ "modified": "2024-08-02T17:12:32.429558Z",
"name": "Cause Harm",
"description": "Persecute, malign, or inflict pain upon a target. The objective of a campaign may be to cause fear or emotional distress in a target. In some cases, harm is instrumental to achieving a primary objective, as in coercion, repression, or intimidation. In other cases, harm may be inflicted for the satisfaction of the perpetrator, as in revenge or sadistic cruelty. ",
"kill_chain_phases": [
@@ -10010,10 +10472,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--6275c34f-44ea-4799-bb61-3c0a25450812",
+ "id": "attack-pattern--741c08dd-2dd3-4c6f-8d08-32481f4cb61f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.392887Z",
- "modified": "2024-03-13T22:04:00.392887Z",
+ "created": "2024-08-02T17:12:32.429741Z",
+ "modified": "2024-08-02T17:12:32.429741Z",
"name": "Defame",
"description": "Attempt to damage the target\u2019s personal reputation by impugning their character. This can range from subtle attempts to misrepresent or insinuate, to obvious attempts to denigrate or disparage, to blatant attempts to malign or vilify. Slander applies to oral expression. Libel applies to written or pictorial material. Defamation is often carried out by online trolls. The sole aim here is to cause harm to the target. If the threat actor uses defamation as a means of undermining the target, then choose sub-technique \u201cSmear\u201d of technique \u201cUndermine\u201d instead. ",
"kill_chain_phases": [
@@ -10043,10 +10505,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--e4f85bfa-8e18-407f-b111-17f18ed209d0",
+ "id": "attack-pattern--b502f8ae-e296-4dd7-83ea-8d737f8d3fb1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.393053Z",
- "modified": "2024-03-13T22:04:00.393053Z",
+ "created": "2024-08-02T17:12:32.429946Z",
+ "modified": "2024-08-02T17:12:32.429946Z",
"name": "Intimidate",
"description": "Coerce, bully, or frighten the target. An influence operation may use intimidation to compel the target to act against their will. Or the goal may be to frighten or even terrify the target into silence or submission. In some cases, the goal is simply to make the victim suffer. ",
"kill_chain_phases": [
@@ -10076,10 +10538,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--92b7f596-d223-440a-b62b-149dbcc73b9f",
+ "id": "attack-pattern--c5274385-9abf-45cb-9ef6-faf86145d5ef",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.393221Z",
- "modified": "2024-03-13T22:04:00.393221Z",
+ "created": "2024-08-02T17:12:32.43014Z",
+ "modified": "2024-08-02T17:12:32.43014Z",
"name": "Spread Hate",
"description": "Publish and/or propagate demeaning, derisive, or humiliating content targeting an individual or group of individuals with the intent to cause emotional, psychological, or physical distress. Hate speech can cause harm directly or incite others to harm the target. It often aims to stigmatise the target by singling out immutable characteristics such as colour, race, religion, national or ethnic origin, gender, gender identity, sexual orientation, age, disease, or mental or physical disability. Thus, promoting hatred online may involve racism, antisemitism, Islamophobia, xenophobia, sexism, misogyny, homophobia, transphobia, ageism, ableism, or any combination thereof. Motivations for hate speech range from group preservation to ideological superiority to the unbridled infliction of suffering. ",
"kill_chain_phases": [
@@ -10109,10 +10571,10 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--44e57875-edb9-4bce-927d-17aac9bf9a48",
+ "id": "attack-pattern--729483ae-39cf-416e-8d38-da06f1fc5991",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.393395Z",
- "modified": "2024-03-13T22:04:00.393395Z",
+ "created": "2024-08-02T17:12:32.430495Z",
+ "modified": "2024-08-02T17:12:32.430495Z",
"name": "Acquire Compromised Asset",
"description": "Threat Actors may take over existing assets not owned by them through nefarious means, such as using technical exploits, hacking, purchasing compromised accounts from the dark web, or social engineering.",
"kill_chain_phases": [
@@ -10142,12 +10604,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--ebfe12db-6e8f-4826-8f8e-b9e865f1d29d",
+ "id": "attack-pattern--d556b582-dd00-44d7-8c2f-74fb48c755fa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.393606Z",
- "modified": "2024-03-13T22:04:00.393606Z",
+ "created": "2024-08-02T17:12:32.430653Z",
+ "modified": "2024-08-02T17:12:32.430653Z",
"name": "Acquire Compromised Account",
- "description": "Threat Actors can take over existing users\u2019 accounts to distribute campaign content.\u00a0\n\nThe actor may maintain the asset\u2019s previous identity to capitalise on the perceived legitimacy its previous owner had cultivated.\n\nThe actor may completely rebrand the account to exploit its existing reach, or relying on the account\u2019s history to avoid more stringent automated content moderation rules applied to new accounts.\n\nSee also [Mitre ATT&CK\u2019s T1586 Compromise Accounts](https://attack.mitre.org/techniques/T1586/) for more technical information on how threat actors may achieve this objective.\n\nThis Technique was previously called Compromise Legitimate Accounts, and used the ID T0011.",
+ "description": "Threat Actors can take over existing users\u2019 accounts to distribute campaign content.
The actor may maintain the asset\u2019s previous identity to capitalise on the perceived legitimacy its previous owner had cultivated.
The actor may completely rebrand the account to exploit its existing reach, or relying on the account\u2019s history to avoid more stringent automated content moderation rules applied to new accounts.
See also [Mitre ATT&CK\u2019s T1586 Compromise Accounts](https://attack.mitre.org/techniques/T1586/) for more technical information on how threat actors may achieve this objective.
This Technique was previously called Compromise Legitimate Accounts, and used the ID T0011.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -10175,12 +10637,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--fcbde78a-826a-4d53-8071-6e8034901c05",
+ "id": "attack-pattern--fde45c5f-c612-4969-b104-d96a60e6d888",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.393755Z",
- "modified": "2024-03-13T22:04:00.393755Z",
+ "created": "2024-08-02T17:12:32.430799Z",
+ "modified": "2024-08-02T17:12:32.430799Z",
"name": "Acquire Compromised Website",
- "description": "Threat Actors may take over existing websites to publish or amplify inauthentic narratives. This includes the defacement of websites, and cases where websites\u2019 personas are maintained to add credence to threat actors\u2019 narratives.\n\nSee also [Mitre ATT&CK\u2019s T1584 Compromise Infrastructure](https://attack.mitre.org/techniques/T1584/) for more technical information on how threat actors may achieve this objective.",
+ "description": "Threat Actors may take over existing websites to publish or amplify inauthentic narratives. This includes the defacement of websites, and cases where websites\u2019 personas are maintained to add credence to threat actors\u2019 narratives.
See also [Mitre ATT&CK\u2019s T1584 Compromise Infrastructure](https://attack.mitre.org/techniques/T1584/) for more technical information on how threat actors may achieve this objective.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -10208,12 +10670,12 @@
{
"type": "attack-pattern",
"spec_version": "2.1",
- "id": "attack-pattern--616faeda-13e2-4693-9d14-106f323ae45d",
+ "id": "attack-pattern--95af4f5f-1bfc-4d54-9970-fc02e1f320ab",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2024-03-13T22:04:00.3939Z",
- "modified": "2024-03-13T22:04:00.3939Z",
- "name": "Fabricate Grassroots Movement",
- "description": "This technique, sometimes known as \"astroturfing\", occurs when an influence operation disguises itself as a grassroots movement or organisation that supports operation narratives.\u00a0\n\nAstroturfing aims to increase the appearance of popular support for an evolving grassroots movement in contrast to \"Utilise Butterfly Attacks\", which aims to discredit an existing grassroots movement.\u00a0\n\nThis Technique was previously called Astroturfing, and used the ID T0099.001",
+ "created": "2024-08-02T17:12:32.430948Z",
+ "modified": "2024-08-02T17:12:32.430948Z",
+ "name": "Persona Legitimacy",
+ "description": "This Technique contains sub-techniques which analysts can use to assert whether an account is presenting an authentic, fabricated, or parody persona:
T0143.001: Authentic Persona T0143.002: Fabricated Persona T0143.003: Impersonated Persona T0143.004: Parody Persona",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@@ -10223,8 +10685,8 @@
"external_references": [
{
"source_name": "mitre-attack",
- "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0142.md",
- "external_id": "T0142"
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.md",
+ "external_id": "T0143"
}
],
"object_marking_refs": [
@@ -10239,25 +10701,506 @@
"x_mitre_version": "2.1"
},
{
- "type": "relationship",
+ "type": "attack-pattern",
"spec_version": "2.1",
- "id": "relationship--58a25b31-077e-4bcd-8dd9-9a9baede020e",
- "created": "2024-03-13T22:04:00.394211Z",
- "modified": "2024-03-13T22:04:00.394211Z",
- "relationship_type": "subtechnique-of",
- "description": "",
- "source_ref": "attack-pattern--ec740173-f964-47cc-b849-06a1b134ee4f",
- "target_ref": "attack-pattern--7981d39a-01be-46f6-b9f9-507d0c03e919",
+ "id": "attack-pattern--6ae4a4d2-4ac8-4764-ac9f-7261c5c882e0",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431094Z",
+ "modified": "2024-08-02T17:12:32.431094Z",
+ "name": "Authentic Persona",
+ "description": "An individual or institution presenting a persona that legitimately matches who or what they are is presenting an authentic persona.
For example, an account which presents as being managed by a member of a country\u2019s military, and is legitimately managed by that person, would be presenting an authentic persona (T0143.001: Authentic Persona, T0097.105: Military Personnel).
Sometimes people can authentically present themselves as who they are while still participating in malicious/inauthentic activity; a legitimate journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) may accept bribes to promote products, or they could be tricked by threat actors into sharing an operation\u2019s narrative.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.001.md",
+ "external_id": "T0143.001"
+ }
+ ],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
- ]
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--f328541f-2537-4db7-8a05-1c76ed26d3eb",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431241Z",
+ "modified": "2024-08-02T17:12:32.431241Z",
+ "name": "Fabricated Persona",
+ "description": "An individual or institution pretending to have a persona without any legitimate claim to that persona is presenting a fabricated persona, such as a person who presents themselves as a member of a country\u2019s military without having worked in any capacity with the military (T0143.002: Fabricated Persona, T0097.105: Military Personnel).
Sometimes real people can present entirely fabricated personas; they can use real names and photos on social media while also pretending to have credentials or traits they don\u2019t have in real life.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.002.md",
+ "external_id": "T0143.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--b2c62262-d3cc-49a9-830c-9d6f0bb95082",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431468Z",
+ "modified": "2024-08-02T17:12:32.431468Z",
+ "name": "Impersonated Persona",
+ "description": "Threat actors may impersonate existing individuals or institutions to conceal their network identity, add legitimacy to content, or harm the impersonated target\u2019s reputation. This Technique covers situations where an actor presents themselves as another existing individual or institution.
This Technique was previously called Prepare Assets Impersonating Legitimate Entities and used the ID T0099.
Associated Techniques and Sub-techniques T0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of impersonation. For example, a document developed by a threat actor which falsely presented as a letter from a government department could be documented using T0085.004: Develop Document, T0143.003: Impersonated Persona, and T0097.206: Government Institution Persona. T0145.001: Copy Account Imagery: Actors may take existing accounts\u2019 profile pictures as part of their impersonation efforts.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.003.md",
+ "external_id": "T0143.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d592cbac-8fcd-4569-8a7a-4e5c6a0b08e7",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431712Z",
+ "modified": "2024-08-02T17:12:32.431712Z",
+ "name": "Parody Persona",
+ "description": "Parody is a form of artistic expression that imitates the style or characteristics of a particular work, genre, or individual in a humorous or satirical way, often to comment on or critique the original work or subject matter. People may present as parodies to create humour or make a point by exaggerating or altering elements of the original, while still maintaining recognizable elements.
The use of parody is not an indication of inauthentic or malicious behaviour; parody allows people to present ideas or criticisms in a comedic or exaggerated manner, softening the impact of sensitive or contentious topics. Because parody is often protected as a form of free speech or artistic expression, it provides a legal and social framework for discussing controversial issues.
However, parody personas may be perceived as authentic personas, leading to people mistakenly believing that a parody account\u2019s statements represent the real opinions of a parodied target. Threat actors may also use the guise of parody to spread campaign content. Parody personas may disclaim that they are operating as a parody, however this is not always the case, and is not always given prominence.
Associated Techniques and Sub-techniquesT0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of parody.\u00a0For example, an account presenting as a parody of a business could be documented using T0097.205: Business Persona and T0143.003: Parody Persona. T0145.001: Copy Account Imagery: Actors may take existing accounts\u2019 profile pictures as part of their parody efforts.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.004.md",
+ "external_id": "T0143.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--0c2c22ae-5115-4b91-9e0f-08259e6aad99",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431925Z",
+ "modified": "2024-08-02T17:12:32.431925Z",
+ "name": "Persona Legitimacy Evidence",
+ "description": "This Technique contains behaviours which might indicate whether a persona is legitimate, a fabrication, or a parody.
For example, the same persona being consistently presented across platforms is consistent with how authentic users behave on social media. However, threat actors have also displayed this behaviour as a way to increase the perceived legitimacy of their fabricated personas (aka \u201cbackstopping\u201d).",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.md",
+ "external_id": "T0144"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--410e8ae7-e11d-44ff-8f10-3ec29798a9e0",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432127Z",
+ "modified": "2024-08-02T17:12:32.432127Z",
+ "name": "Present Persona across Platforms",
+ "description": "This sub-technique covers situations where analysts have identified the same persona being presented across multiple platforms.
Having multiple accounts presenting the same persona is not an indicator of inauthentic behaviour; many people create accounts and present as themselves on multiple platforms. However, threat actors are known to present the same persona across multiple platforms, benefiting from an increase in perceived legitimacy.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.001.md",
+ "external_id": "T0144.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--3b7dd3e2-ff22-4b4b-813e-c31c2fb68029",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.43236Z",
+ "modified": "2024-08-02T17:12:32.43236Z",
+ "name": "Persona Template",
+ "description": "Threat actors have been observed following a template when filling their accounts\u2019 online profiles. This may be done to enable account holders to quickly present themselves as a real person with a targeted persona.
For example, an actor may be instructed to create many fabricated local accounts for use in an operation using a template of \u201c[flag emojis], [location], [personal quote], [political party] supporter\u201d in their account\u2019s description.
Associated Techniques and Sub-techniques T0143.002: Fabricated Persona: The use of a templated account biography in a collection of accounts may be an indicator that the personas have been fabricated.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.002.md",
+ "external_id": "T0144.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--8704cb89-afd5-4d49-b016-72b77023dab6",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432566Z",
+ "modified": "2024-08-02T17:12:32.432566Z",
+ "name": "Establish Account Imagery",
+ "description": "Introduce visual elements to an account where a platform allows this functionality (e.g. a profile picture, a cover photo, etc).\u00a0
Threat Actors who don\u2019t want to use pictures of themselves in their social media accounts may use alternate imagery to make their account appear more legitimate.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.md",
+ "external_id": "T0145"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--c060ec87-d4d7-4de0-9f1d-9a9a42c05446",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432726Z",
+ "modified": "2024-08-02T17:12:32.432726Z",
+ "name": "Copy Account Imagery",
+ "description": "Account imagery copied from an existing account.
Analysts may use reverse image search tools to try to identify previous uses of account imagery (e.g. a profile picture) by other accounts.
Threat Actors have been known to copy existing accounts\u2019 imagery to impersonate said accounts, or to provide imagery for unrelated accounts which aren\u2019t intended to impersonate the original assets\u2019 owner.
Associated Techniques and Sub-techniques T0143.003: Impersonated Persona: Actors may copy existing accounts\u2019 imagery in an attempt to impersonate them. T0143.004: Parody Persona: Actors may copy existing accounts\u2019 imagery as part of a parody of that account.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.001.md",
+ "external_id": "T0145.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--8314b253-72a3-46c0-8ee5-6fa02aa9a8fa",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432872Z",
+ "modified": "2024-08-02T17:12:32.432872Z",
+ "name": "AI-Generated Account Imagery",
+ "description": "AI Generated images used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived legitimacy. By using an AI-generated picture for this purpose, they are able to present themselves as a real person without compromising their own identity, or risking detection by taking a real person\u2019s existing profile picture.
Associated Techniques and Sub-techniques T0086.002: Develop AI-Generated Images (Deepfakes): Analysts should use this sub-technique to document use of AI generated imagery used to support narratives.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.002.md",
+ "external_id": "T0145.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--5ba86be4-c8ba-458c-abea-2ad706d7ddd9",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.433022Z",
+ "modified": "2024-08-02T17:12:32.433022Z",
+ "name": "Animal Account Imagery",
+ "description": "Animal used in account imagery.
An influence operation might flesh out its account by uploading a profile picture, increasing its perceived authenticity.
People sometimes legitimately use images of animals as their profile pictures (e.g. of their pets), and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.003.md",
+ "external_id": "T0145.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--15cba133-fa27-4632-9996-22b74751749a",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.433235Z",
+ "modified": "2024-08-02T17:12:32.433235Z",
+ "name": "Scenery Account Imagery",
+ "description": "Scenery or nature used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
People sometimes legitimately use images of scenery as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.004.md",
+ "external_id": "T0145.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--df9f74e6-1a56-4515-910e-d58a386bbf1f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.433467Z",
+ "modified": "2024-08-02T17:12:32.433467Z",
+ "name": "Illustrated Character Account Imagery",
+ "description": "A cartoon/illustrated/anime character used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
People sometimes legitimately use images of illustrated characters as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.005.md",
+ "external_id": "T0145.005"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--0e605049-ac7a-46a9-bbac-ef0a69e160cb",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.433674Z",
+ "modified": "2024-08-02T17:12:32.433674Z",
+ "name": "Attractive Person Account Imagery",
+ "description": "Attractive person used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
Pictures of physically attractive people can benefit threat actors by increasing attention given to their posts.
People sometimes legitimately use images of attractive people as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
Associated Techniques and Sub-techniques T0097.109: Romantic Suitor Persona: Accounts presenting as a romantic suitor may use an attractive person in their account imagery. T0104.002: Dating App: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.006.md",
+ "external_id": "T0145.006"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ },
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--cf4ee6a4-f503-425c-a069-3245de145582",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.43387Z",
+ "modified": "2024-08-02T17:12:32.43387Z",
+ "name": "Stock Image Account Imagery",
+ "description": "Stock images used in account imagery.
Stock image websites produce photos of people in various situations. Threat Actors can purchase or appropriate these images for use in their account imagery, increasing perceived legitimacy while avoiding the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).\u00a0
Stock images tend to include physically attractive people, and this can benefit threat actors by increasing attention given to their posts.
While presenting as an activist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as activists. Threat actors can fabricate activists to give the appearance of popular support for an evolving grassroots movement (see T0143.002: Fabricated Persona, T0097.103: Activist Persona).
People who are legitimate activists can use this persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an activist to provide visibility to a false narrative or be tricked into doing so without their knowledge (T0143.001: Authentic Persona, T0097.103: Activist Persona).
Associated Techniques and Sub-techniques T0097.104: Hacktivist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism who uses technical tools and methods, including building technical infrastructure and conducting offensive cyber operations, to achieve their goals. T0097.207: NGO Persona: People with an activist persona may present as being part of an NGO. T0097.208: Social Cause Persona: Analysts should use this sub-technique to catalogue cases where an online account is presenting as posting content related to a particular social cause, while not presenting as an individual.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.103.md",
+ "external_id": "T0097.103"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--00a91e2d-2e09-4e94-bae6-cef6102eae99.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--00a91e2d-2e09-4e94-bae6-cef6102eae99.json
index 803f658..7cc0601 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--00a91e2d-2e09-4e94-bae6-cef6102eae99.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--00a91e2d-2e09-4e94-bae6-cef6102eae99.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--96866e90-4a43-44b5-ad9c-948c09670963",
+ "id": "bundle--217d8c4d-82ef-4208-a42a-81b437d84c93",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--00a91e2d-2e09-4e94-bae6-cef6102eae99",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.256885Z",
- "modified": "2023-09-28T21:25:13.256885Z",
+ "created": "2024-08-02T17:12:32.39972Z",
+ "modified": "2024-08-02T17:12:32.39972Z",
"name": "Video Livestream",
"description": "A video livestream refers to an online video broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0102376a-e896-4191-b3fb-e58188301822.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0102376a-e896-4191-b3fb-e58188301822.json
index 6e1ada4..5ef26b1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0102376a-e896-4191-b3fb-e58188301822.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0102376a-e896-4191-b3fb-e58188301822.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--7e0b8688-d125-484c-a4f9-13137341b898",
+ "id": "bundle--9e5d8720-341f-4d99-8e5d-fa7f245ef873",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0102376a-e896-4191-b3fb-e58188301822",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.212125Z",
- "modified": "2023-09-28T21:25:13.212125Z",
+ "created": "2024-08-02T17:12:32.351843Z",
+ "modified": "2024-08-02T17:12:32.351843Z",
"name": "Organise Events",
"description": "Coordinate and promote real-world events across media platforms, e.g. rallies, protests, gatherings in support of incident narratives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--01ad5f44-da00-491f-84e8-3ba8da154c45.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--01ad5f44-da00-491f-84e8-3ba8da154c45.json
new file mode 100644
index 0000000..bc431b0
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--01ad5f44-da00-491f-84e8-3ba8da154c45.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--982ee90c-dcf4-4f73-9bff-b2bb847117c0",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--01ad5f44-da00-491f-84e8-3ba8da154c45",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.428281Z",
+ "modified": "2024-08-02T17:12:32.428281Z",
+ "name": "Encourage",
+ "description": "Inspire, animate, or exhort a target to act. An actor can use propaganda, disinformation, or conspiracy theories to stimulate a target to act in its interest. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.001.md",
+ "external_id": "T0138.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d.json
index 71220d6..14b02a3 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--6bdc0034-a9ad-43e7-91b0-c54757577c9e",
+ "id": "bundle--40da46c0-9a28-494e-b8a8-e22b09910e17",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.266843Z",
- "modified": "2023-09-28T21:25:13.266843Z",
+ "created": "2024-08-02T17:12:32.406119Z",
+ "modified": "2024-08-02T17:12:32.406119Z",
"name": "Deliver Ads",
"description": "Delivering content via any form of paid media or advertising.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--030976e3-fce8-434e-9ea8-a36ee2c0192e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--030976e3-fce8-434e-9ea8-a36ee2c0192e.json
new file mode 100644
index 0000000..2d486b4
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--030976e3-fce8-434e-9ea8-a36ee2c0192e.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--c30461e5-7fe1-4ce9-be7e-ed82782aac8c",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--030976e3-fce8-434e-9ea8-a36ee2c0192e",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.358684Z",
+ "modified": "2024-08-02T17:12:32.358684Z",
+ "name": "Geopolitical Advantage",
+ "description": "Favourable position on the international stage in terms of great power politics or regional rivalry. Geopolitics plays out in the realms of foreign policy, national security, diplomacy, and intelligence. It involves nation-state governments, heads of state, foreign ministers, intergovernmental organisations, and regional security alliances.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-strategy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.001.md",
+ "external_id": "T0074.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe.json
index 42ba0af..d25da5c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--482fef6d-55ff-4da9-a49e-ceb149aae6ea",
+ "id": "bundle--35be0875-c21a-44f2-be60-c3c4ee5cb39f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.273066Z",
- "modified": "2023-09-28T21:25:13.273066Z",
+ "created": "2024-08-02T17:12:32.409015Z",
+ "modified": "2024-08-02T17:12:32.409015Z",
"name": "Post across Platform",
"description": "An influence operation may post content across platforms to spread narratives and content to new communities within the target audiences or to new target audiences. Posting across platforms can also remove opposition and context, helping the narrative spread with less opposition on the cross-posted platform.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733.json
index 64837c0..cc319ab 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9325ea08-ba9a-444a-ab34-842dcc82d190",
+ "id": "bundle--63e73074-11b1-45ee-ab42-127e90ba2d27",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.201279Z",
- "modified": "2023-09-28T21:25:13.201279Z",
+ "created": "2024-08-02T17:12:32.34226Z",
+ "modified": "2024-08-02T17:12:32.34226Z",
"name": "Reframe Context",
"description": "Reframing context refers to removing an event from its surrounding context to distort its intended meaning. Rather than deny that an event occurred, reframing context frames an event in a manner that may lead the target audience to draw a different conclusion about its intentions.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5.json
index 5a6d3c3..a0fe904 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--2942a238-1b75-45e3-9022-ad5e15b3dd6c",
+ "id": "bundle--3c0daaa1-a910-4eed-9f58-91a47656c595",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.214551Z",
- "modified": "2023-09-28T21:25:13.214551Z",
+ "created": "2024-08-02T17:12:32.355426Z",
+ "modified": "2024-08-02T17:12:32.355426Z",
"name": "Segment Audiences",
"description": "Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0461a925-3bb7-466c-a7ae-40aee015f403.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0461a925-3bb7-466c-a7ae-40aee015f403.json
index aca903b..545c1fb 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0461a925-3bb7-466c-a7ae-40aee015f403.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0461a925-3bb7-466c-a7ae-40aee015f403.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d4a83f50-42d8-434f-95a7-f36433f65d3a",
+ "id": "bundle--d62aacf5-75f8-439a-8dad-4cfe8232954b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0461a925-3bb7-466c-a7ae-40aee015f403",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.257984Z",
- "modified": "2023-09-28T21:25:13.257984Z",
+ "created": "2024-08-02T17:12:32.400959Z",
+ "modified": "2024-08-02T17:12:32.400959Z",
"name": "Private/Closed Social Networks",
"description": "Social networks that are not open to people outside of family, friends, neighbours, or co-workers. Non-work-related examples include Couple, FamilyWall, 23snaps, and Nextdoor. Some of the larger social network platforms enable closed communities: examples are Instagram Close Friends and Twitter (X) Circle. Work-related examples of private social networks include LinkedIn, Facebook Workplace, and enterprise communication platforms such as Slack or Microsoft Teams.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0765e40a-7204-4913-b24d-6793cf4f6590.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0765e40a-7204-4913-b24d-6793cf4f6590.json
new file mode 100644
index 0000000..c514453
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0765e40a-7204-4913-b24d-6793cf4f6590.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--dc9ec3b1-9063-4e4b-a131-6f287ecbb2c1",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--0765e40a-7204-4913-b24d-6793cf4f6590",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.422204Z",
+ "modified": "2024-08-02T17:12:32.422204Z",
+ "name": "Thwart",
+ "description": "Prevent the successful outcome of a policy, operation, or initiative. Actors conduct influence operations to stymie or foil proposals, plans, or courses of action which are not in their interest. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0135.002.md",
+ "external_id": "T0135.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--07c764ee-1919-4e6f-a147-4db10d19c214.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--07c764ee-1919-4e6f-a147-4db10d19c214.json
new file mode 100644
index 0000000..08bd538
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--07c764ee-1919-4e6f-a147-4db10d19c214.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--ac45e6e1-68eb-4095-818b-f681b904a64e",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--07c764ee-1919-4e6f-a147-4db10d19c214",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.422933Z",
+ "modified": "2024-08-02T17:12:32.422933Z",
+ "name": "Cultivate Support",
+ "description": "Grow or maintain the base of support for the actor, ally, or action. This includes hard core recruitment, managing alliances, and generating or maintaining sympathy among a wider audience, including reputation management and public relations. Sub-techniques assume support for actor (self) unless otherwise specified. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.md",
+ "external_id": "T0136"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051.json
index 3d4d789..345fe6b 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d6e00044-58a7-4ddb-bf88-30f8653b5f09",
+ "id": "bundle--f3eee90c-eaba-4fe4-bc69-1e48f329772e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.279115Z",
- "modified": "2023-09-28T21:25:13.279115Z",
+ "created": "2024-08-02T17:12:32.415084Z",
+ "modified": "2024-08-02T17:12:32.415084Z",
"name": "Conceal Operational Activity",
"description": "Conceal the campaign's operational activity to avoid takedown and attribution.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69.json
index ccc96e9..a365e77 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c1247e3b-818a-4a71-b381-cbedbde5efe1",
+ "id": "bundle--9ff46e68-6a01-4053-92e6-0abd694f8d69",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.211835Z",
- "modified": "2023-09-28T21:25:13.211835Z",
+ "created": "2024-08-02T17:12:32.350844Z",
+ "modified": "2024-08-02T17:12:32.350844Z",
"name": "Conduct Keyword Squatting",
"description": "Keyword squatting refers to the creation of online content, such as websites, articles, or social media accounts, around a specific search engine-optimized term to overwhelm the search results of that term. An influence may keyword squat to increase content exposure to target audience members who query the exploited term in a search engine and manipulate the narrative around the term.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7.json
index 3450342..b492e58 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--869a9a71-029c-4338-8243-0d7ee648acaa",
+ "id": "bundle--3940f8c5-8b74-480b-97a9-9246f9a439d4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.247708Z",
- "modified": "2023-09-28T21:25:13.247708Z",
+ "created": "2024-08-02T17:12:32.382258Z",
+ "modified": "2024-08-02T17:12:32.382258Z",
"name": "Leverage Content Farms",
"description": "Using the services of large-scale content providers for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b.json
index 581c415..12ca3b8 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--806c52c7-049a-4309-9cc4-54e8ef929b0c",
+ "id": "bundle--2af4cfde-2a63-497e-bdb2-a5abdb6e7bbb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.27669Z",
- "modified": "2023-09-28T21:25:13.27669Z",
+ "created": "2024-08-02T17:12:32.412914Z",
+ "modified": "2024-08-02T17:12:32.412914Z",
"name": "Encourage Attendance at Events",
"description": "Operation encourages attendance at existing real world event.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0b662d26-ea3d-45d2-87e8-b32296ad9227.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0b662d26-ea3d-45d2-87e8-b32296ad9227.json
new file mode 100644
index 0000000..012b076
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0b662d26-ea3d-45d2-87e8-b32296ad9227.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--cc1110ee-d357-45f6-8867-72ff03c2935c",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--0b662d26-ea3d-45d2-87e8-b32296ad9227",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.372647Z",
+ "modified": "2024-08-02T17:12:32.372647Z",
+ "name": "Create Fake Research",
+ "description": "Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx.
For example, the same persona being consistently presented across platforms is consistent with how authentic users behave on social media. However, threat actors have also displayed this behaviour as a way to increase the perceived legitimacy of their fabricated personas (aka \u201cbackstopping\u201d).",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.md",
+ "external_id": "T0144"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc.json
index 4c76704..6748b63 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc.json
@@ -1,16 +1,16 @@
{
"type": "bundle",
- "id": "bundle--6ac57769-ec69-4864-9538-3087bbba30c8",
+ "id": "bundle--af67a6d7-fd4e-496d-aaad-7c9eb0bb0f2a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.21044Z",
- "modified": "2023-09-28T21:25:13.21044Z",
- "name": "Flooding the Information Space",
- "description": "Flooding and/or mobbing social media channels feeds and/or hashtag with excessive volume of content to control/shape online conversations and/or drown out opposing points of view. Bots and/or patriotic trolls are effective tools to acheive this effect.",
+ "created": "2024-08-02T17:12:32.347894Z",
+ "modified": "2024-08-02T17:12:32.347894Z",
+ "name": "Flood Information Space",
+ "description": "Flooding sources of information (e.g. Social Media feeds) with a high volume of inauthentic content.
This can be done to control/shape online conversations, drown out opposing points of view, or make it harder to find legitimate information.
Bots and/or patriotic trolls are effective tools to achieve this effect.
This Technique previously used the name Flooding the Information Space.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944.json
index b20de2e..211458a 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--df5f361a-9a5c-46e4-a3b9-3c67065697c5",
+ "id": "bundle--6bc8d3c5-c0a8-49e4-9941-75104d2435a9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.272851Z",
- "modified": "2023-09-28T21:25:13.272851Z",
+ "created": "2024-08-02T17:12:32.408822Z",
+ "modified": "2024-08-02T17:12:32.408822Z",
"name": "Post across Groups",
"description": "An influence operation may post content across groups to spread narratives and content to new communities within the target audiences or to new target audiences.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39.json
index 0b29a7a..8063625 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--3a92da8a-6f8d-4cee-a3f1-c71f43c3cd5a",
+ "id": "bundle--49eee4c9-4f69-4fb3-8c3b-8e45da598a06",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.206512Z",
- "modified": "2023-09-28T21:25:13.206512Z",
+ "created": "2024-08-02T17:12:32.344715Z",
+ "modified": "2024-08-02T17:12:32.344715Z",
"name": "Use Fake Experts",
"description": "Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give \"credility\" to misinformation. Take advantage of credential bias",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0dc4a07b-94cb-4743-b812-3fc3c8288551.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0dc4a07b-94cb-4743-b812-3fc3c8288551.json
new file mode 100644
index 0000000..74d6b97
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0dc4a07b-94cb-4743-b812-3fc3c8288551.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--40e59355-99e8-4eee-9115-9fd7707383c3",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--0dc4a07b-94cb-4743-b812-3fc3c8288551",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.423683Z",
+ "modified": "2024-08-02T17:12:32.423683Z",
+ "name": "Energise Supporters",
+ "description": "Raise the morale of those who support the organisation or group. Invigorate constituents with zeal for the mission or activity. Terrorist groups, political movements, and cults may indoctrinate their supporters with ideologies that are based on warped versions of religion or cause harm to others. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.003.md",
+ "external_id": "T0136.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0e605049-ac7a-46a9-bbac-ef0a69e160cb.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0e605049-ac7a-46a9-bbac-ef0a69e160cb.json
new file mode 100644
index 0000000..ea4f46e
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0e605049-ac7a-46a9-bbac-ef0a69e160cb.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--a1972020-cf23-4c88-b0ca-18dcee13130d",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--0e605049-ac7a-46a9-bbac-ef0a69e160cb",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.433674Z",
+ "modified": "2024-08-02T17:12:32.433674Z",
+ "name": "Attractive Person Account Imagery",
+ "description": "Attractive person used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
Pictures of physically attractive people can benefit threat actors by increasing attention given to their posts.
People sometimes legitimately use images of attractive people as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.
Associated Techniques and Sub-techniques T0097.109: Romantic Suitor Persona: Accounts presenting as a romantic suitor may use an attractive person in their account imagery. T0104.002: Dating App: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.006.md",
+ "external_id": "T0145.006"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ec5ae10-b99b-4d5a-a7e9-7b7c3533e8c9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ec5ae10-b99b-4d5a-a7e9-7b7c3533e8c9.json
index 9ae3fc7..648e417 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ec5ae10-b99b-4d5a-a7e9-7b7c3533e8c9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ec5ae10-b99b-4d5a-a7e9-7b7c3533e8c9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d03b0d2a-e3bd-4077-8b6a-e0a3b8c23a76",
+ "id": "bundle--fb40e740-8007-4e6e-977a-7dcd7c3e05e6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0ec5ae10-b99b-4d5a-a7e9-7b7c3533e8c9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.256347Z",
- "modified": "2023-09-28T21:25:13.256347Z",
+ "created": "2024-08-02T17:12:32.399545Z",
+ "modified": "2024-08-02T17:12:32.399545Z",
"name": "Livestream",
"description": "A livestream refers to an online broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5.json
index 0557929..e80e9a5 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--92bb24f3-0189-4c1b-8650-52ee3c63e2fa",
+ "id": "bundle--deb25743-ee30-42c8-a86d-7368e5fa0cd8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.254922Z",
- "modified": "2023-09-28T21:25:13.254922Z",
+ "created": "2024-08-02T17:12:32.396562Z",
+ "modified": "2024-08-02T17:12:32.396562Z",
"name": "Create Localised Content",
"description": "Localised content refers to content that appeals to a specific community of individuals, often in defined geographic areas. An operation may create localised content using local language and dialects to resonate with its target audience and blend in with other local news and social media. Localised content may help an operation increase legitimacy, avoid detection, and complicate external attribution.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb.json
index c0bfa74..24d0cc1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--815c8801-b5bf-4ce1-9cc8-8502206826eb",
+ "id": "bundle--52fca5ca-b49e-4b9e-ad30-21b67ebf5ef4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.2094Z",
- "modified": "2023-09-28T21:25:13.2094Z",
+ "created": "2024-08-02T17:12:32.346525Z",
+ "modified": "2024-08-02T17:12:32.346525Z",
"name": "Threaten to Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e.json
index a5b6d2c..b9463c4 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--16d67122-d992-4258-9654-4e144f7db6a3",
+ "id": "bundle--c3d7ea01-fc3c-4177-b13c-e4e52587459e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.227448Z",
- "modified": "2023-09-28T21:25:13.227448Z",
+ "created": "2024-08-02T17:12:32.368028Z",
+ "modified": "2024-08-02T17:12:32.368028Z",
"name": "Develop New Narratives",
"description": "Actors may develop new narratives to further strategic or tactical goals, especially when existing narratives adequately align with the campaign goals. New narratives provide more control in terms of crafting the message to achieve specific goals. However, new narratives may require more effort to disseminate than adapting or adopting existing narratives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9.json
index cd44028..56cc8d5 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--ce822db7-2c37-44b2-bb15-40bfcf69c926",
+ "id": "bundle--551cc2bb-8ed4-4f30-82c8-bda74bdc7899",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.274372Z",
- "modified": "2023-09-28T21:25:13.274372Z",
+ "created": "2024-08-02T17:12:32.410743Z",
+ "modified": "2024-08-02T17:12:32.410743Z",
"name": "Control Information Environment through Offensive Cyberspace Operations",
"description": "Controlling the information environment through offensive cyberspace operations uses cyber tools and techniques to alter the trajectory of content in the information space to either prioritise operation messaging or block opposition messaging.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--150be76a-9bdc-4f1d-837c-6a845d1eda1c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--150be76a-9bdc-4f1d-837c-6a845d1eda1c.json
new file mode 100644
index 0000000..3a96210
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--150be76a-9bdc-4f1d-837c-6a845d1eda1c.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--35f139fc-d892-4d6a-ac87-389b3c1623c1",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--150be76a-9bdc-4f1d-837c-6a845d1eda1c",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.424095Z",
+ "modified": "2024-08-02T17:12:32.424095Z",
+ "name": "Boost Reputation",
+ "description": "Elevate the estimation of the actor in the public\u2019s mind. Improve their image or standing. Public relations professionals use persuasive overt communications to achieve this goal; manipulators use covert disinformation. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.004.md",
+ "external_id": "T0136.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--15ca8e62-e179-4dd8-9f5e-427771e915a3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--15ca8e62-e179-4dd8-9f5e-427771e915a3.json
new file mode 100644
index 0000000..91ceff4
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--15ca8e62-e179-4dd8-9f5e-427771e915a3.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--e7fb76aa-a303-4635-a5db-c2e8299a03a7",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--15ca8e62-e179-4dd8-9f5e-427771e915a3",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.391349Z",
+ "modified": "2024-08-02T17:12:32.391349Z",
+ "name": "Think Tank Persona",
+ "description": "An institution with a think tank persona presents itself as a think tank; an organisation that aims to conduct original research and propose new policies or solutions, especially for social and scientific problems.
While presenting as a think tank is not an indication of inauthentic behaviour, think tank personas are commonly used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.204: Think Tank Persona). They may be created to give legitimacy to narratives and allow them to suggest politically beneficial solutions to societal issues.
Legitimate think tanks could have a political bias that they may not be transparent about, they could use their persona for malicious purposes, or they could be exploited by threat actors (T0143.001: Authentic Persona, T0097.204: Think Tank Persona). For example, a think tank could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
People sometimes legitimately use images of scenery as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.004.md",
+ "external_id": "T0145.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--16583ab1-7dae-470c-8bd1-b7ffa1f9b13f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--16583ab1-7dae-470c-8bd1-b7ffa1f9b13f.json
new file mode 100644
index 0000000..bf60127
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--16583ab1-7dae-470c-8bd1-b7ffa1f9b13f.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--f58cb3cc-e84e-4578-a985-afb82423e470",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--16583ab1-7dae-470c-8bd1-b7ffa1f9b13f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.422003Z",
+ "modified": "2024-08-02T17:12:32.422003Z",
+ "name": "Smear",
+ "description": "Denigrate, disparage, or discredit an opponent. This is a common tactical objective in political campaigns with a larger strategic goal. It differs from efforts to harm a target through defamation. If there is no ulterior motive and the sole aim is to cause harm to the target, then choose sub-technique \u201cDefame\u201d of technique \u201cCause Harm\u201d instead.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0135.001.md",
+ "external_id": "T0135.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03.json
index 15cb568..a469ecf 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03.json
@@ -1,16 +1,16 @@
{
"type": "bundle",
- "id": "bundle--f217bf9f-cbe8-40f1-b842-2c589fa35221",
+ "id": "bundle--3ed4b837-7930-4492-baff-965cdc582ef7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.230922Z",
- "modified": "2023-09-28T21:25:13.230922Z",
+ "created": "2024-08-02T17:12:32.370771Z",
+ "modified": "2024-08-02T17:12:32.370771Z",
"name": "Develop AI-Generated Text",
- "description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.",
+ "description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.
Associated Techniques and Sub-techniques: T0085.008: Machine Translated Text: Use this sub-technique when AI has been used to generate a translation of a piece of text.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1997947a-7e08-4ea9-802c-85391d561266.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1997947a-7e08-4ea9-802c-85391d561266.json
index 56a961f..a5f0211 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1997947a-7e08-4ea9-802c-85391d561266.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1997947a-7e08-4ea9-802c-85391d561266.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--80ec494f-bad1-4f84-85b0-cf9cfde169f7",
+ "id": "bundle--1f5ef84b-c3a1-4714-97b6-2a1ad201a911",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1997947a-7e08-4ea9-802c-85391d561266",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.268338Z",
- "modified": "2023-09-28T21:25:13.268338Z",
+ "created": "2024-08-02T17:12:32.406924Z",
+ "modified": "2024-08-02T17:12:32.406924Z",
"name": "Post Content",
"description": "Delivering content by posting via owned media (assets that the operator controls).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146.json
index 145cd90..490d9e1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1fe5fb34-dbda-44e4-acac-d0e5f45ebf40",
+ "id": "bundle--ee098dbb-4ee9-46d3-a5a6-9cfe4b0307fd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.22009Z",
- "modified": "2023-09-28T21:25:13.22009Z",
+ "created": "2024-08-02T17:12:32.361233Z",
+ "modified": "2024-08-02T17:12:32.361233Z",
"name": "Distort",
"description": "Twist the narrative. Take information, or artefacts like images, and change the framing around them.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c.json
index 8362d10..e4ab1e9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--305e5346-1792-4b24-baa9-68ccbcf07386",
+ "id": "bundle--80a6cb32-48e5-4423-a547-751e93db2b94",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.289879Z",
- "modified": "2023-09-28T21:25:13.289879Z",
+ "created": "2024-08-02T17:12:32.420979Z",
+ "modified": "2024-08-02T17:12:32.420979Z",
"name": "Action/Attitude",
"description": "Measure current system state with respect to the effectiveness of influencing action/attitude.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635.json
index 5533c31..0bb2428 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--6110421d-886d-4664-87e0-fe3072ad1829",
+ "id": "bundle--b3389001-36a8-411e-b389-837bb7db12da",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.210665Z",
- "modified": "2023-09-28T21:25:13.210665Z",
+ "created": "2024-08-02T17:12:32.348471Z",
+ "modified": "2024-08-02T17:12:32.348471Z",
"name": "Trolls Amplify and Manipulate",
"description": "Use trolls to amplify narratives and/or manipulate narratives. Fake profiles/sockpuppets operating to support individuals/narratives from the entire political spectrum (left/right binary). Operating with increased emphasis on promoting local content and promoting real Twitter users generating their own, often divisive political content, as it's easier to amplify existing content than create new/original content. Trolls operate where ever there's a socially divisive issue (issues that can/are be politicized).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132.json
index 8dab523..9591fcd 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--3fcf4a8d-335e-4e1f-9906-9bde08ced2fe",
+ "id": "bundle--ba497caf-d32f-40c0-9237-78680cb25ae9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.221608Z",
- "modified": "2023-09-28T21:25:13.221608Z",
+ "created": "2024-08-02T17:12:32.362521Z",
+ "modified": "2024-08-02T17:12:32.362521Z",
"name": "Divide",
"description": "Create conflict between subgroups, to widen divisions in a community",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d8c14ac-9be0-4835-b379-45549267e8f8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d8c14ac-9be0-4835-b379-45549267e8f8.json
index 0a0453b..0409f15 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d8c14ac-9be0-4835-b379-45549267e8f8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d8c14ac-9be0-4835-b379-45549267e8f8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--885db17d-b390-4455-9431-59a8034e8fc2",
+ "id": "bundle--b2012feb-cb7f-4b42-a231-92ef6cf84b42",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d8c14ac-9be0-4835-b379-45549267e8f8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.260018Z",
- "modified": "2023-09-28T21:25:13.260018Z",
+ "created": "2024-08-02T17:12:32.403282Z",
+ "modified": "2024-08-02T17:12:32.403282Z",
"name": "Video Sharing",
"description": "Examples include Youtube, TikTok, ShareChat, Rumble, etc",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d917530-027d-4f82-b380-404c320dc783.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d917530-027d-4f82-b380-404c320dc783.json
index 903f12f..50eee33 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d917530-027d-4f82-b380-404c320dc783.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d917530-027d-4f82-b380-404c320dc783.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f8a98b0c-d415-42ed-bd09-d92bbede864d",
+ "id": "bundle--f663935c-16a2-4811-b67e-3944b29e5c65",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d917530-027d-4f82-b380-404c320dc783",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.216032Z",
- "modified": "2023-09-28T21:25:13.216032Z",
+ "created": "2024-08-02T17:12:32.356564Z",
+ "modified": "2024-08-02T17:12:32.356564Z",
"name": "Economic Segmentation",
"description": "An influence operation may target populations based on their income bracket, wealth, or other financial or economic division.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1e817a7b-5f96-48d0-a2f9-7ba53c168397.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1e817a7b-5f96-48d0-a2f9-7ba53c168397.json
new file mode 100644
index 0000000..14d05b5
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1e817a7b-5f96-48d0-a2f9-7ba53c168397.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--15ebf512-b461-488d-b4a4-4e572a86c2ef",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--1e817a7b-5f96-48d0-a2f9-7ba53c168397",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.373021Z",
+ "modified": "2024-08-02T17:12:32.373021Z",
+ "name": "Machine Translated Text",
+ "description": "Text which has been translated into another language using machine translation tools, such as AI.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "develop-content"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.008.md",
+ "external_id": "T0085.008"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4.json
index 5ce1a3d..b9260f9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b902ec75-3655-428a-b579-e421b5f22f6e",
+ "id": "bundle--734a0d99-4aa6-4d47-90cf-46582be43356",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.276828Z",
- "modified": "2023-09-28T21:25:13.276828Z",
+ "created": "2024-08-02T17:12:32.413057Z",
+ "modified": "2024-08-02T17:12:32.413057Z",
"name": "Call to Action to Attend",
"description": "Call to action to attend an event",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae.json
index 0cc2bef..29c82ed 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--4f658070-6407-496d-9da4-52ffdff60192",
+ "id": "bundle--d9571e7a-2b61-4400-8834-5d08863d0d1e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.27818Z",
- "modified": "2023-09-28T21:25:13.27818Z",
+ "created": "2024-08-02T17:12:32.414283Z",
+ "modified": "2024-08-02T17:12:32.414283Z",
"name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794.json
index 6522085..1e807ac 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--47a925ff-1268-4aa7-b09f-adb1dd5ac364",
+ "id": "bundle--72d4cdda-ecd9-4ff5-806c-658e265db5c6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.195168Z",
- "modified": "2023-09-28T21:25:13.195168Z",
+ "created": "2024-08-02T17:12:32.335027Z",
+ "modified": "2024-08-02T17:12:32.335027Z",
"name": "Prepare Fundraising Campaigns",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns (see: Develop Information Pathways) to promote operation messaging while raising money to support its activities.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--23fc4de3-6f2c-4080-b8ed-13e996b1a4b9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--23fc4de3-6f2c-4080-b8ed-13e996b1a4b9.json
index cf2b381..cee1a49 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--23fc4de3-6f2c-4080-b8ed-13e996b1a4b9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--23fc4de3-6f2c-4080-b8ed-13e996b1a4b9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--bd956c8e-2b1e-4b2d-9d3b-7a72a2bf0b9f",
+ "id": "bundle--040db928-c41c-4eb7-9788-3024186c191c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--23fc4de3-6f2c-4080-b8ed-13e996b1a4b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.204367Z",
- "modified": "2023-09-28T21:25:13.204367Z",
+ "created": "2024-08-02T17:12:32.343925Z",
+ "modified": "2024-08-02T17:12:32.343925Z",
"name": "Chat Apps",
"description": "Direct messaging via chat app is an increasing method of delivery. These messages are often automated and new delivery and storage methods make them anonymous, viral, and ephemeral. This is a difficult space to monitor, but also a difficult space to build acclaim or notoriety.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4.json
index 1ffee57..b816345 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--6932f059-0b1f-4ac7-9479-aa083f500e32",
+ "id": "bundle--7eeb1560-5bf0-4f48-951e-f7ff3b36a3d7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.266341Z",
- "modified": "2023-09-28T21:25:13.266341Z",
+ "created": "2024-08-02T17:12:32.405913Z",
+ "modified": "2024-08-02T17:12:32.405913Z",
"name": "Employ Commercial Analytic Firms",
"description": "Commercial analytic firms collect data on target audience activities and evaluate the data to detect trends, such as content receiving high click-rates. An influence operation may employ commercial analytic firms to facilitate external collection on its target audience, complicating attribution efforts and better tailoring the content to audience preferences.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "conduct-pump-priming"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--269dbccd-0cff-4f60-a0bf-253eba9bcc63.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--269dbccd-0cff-4f60-a0bf-253eba9bcc63.json
new file mode 100644
index 0000000..b09c0d9
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--269dbccd-0cff-4f60-a0bf-253eba9bcc63.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--12c93ca9-c732-4672-94b0-438ed79dbee1",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--269dbccd-0cff-4f60-a0bf-253eba9bcc63",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.372218Z",
+ "modified": "2024-08-02T17:12:32.372218Z",
+ "name": "Develop Opinion Article",
+ "description": "Opinion articles (aka \u201cOp-Eds\u201d or \u201cEditorials\u201d) are articles or regular columns flagged as \u201copinion\u201d posted to news sources, and can be contributed by people outside the organisation.\u00a0
Flagging articles as opinions allow news organisations to distinguish them from the typical expectations of objective news reporting while distancing the presented opinion from the organisation or its employees.
The use of this technique is not by itself an indication of malicious or inauthentic content; Op-eds are a common format in media. However, threat actors exploit op-eds to, for example, submit opinion articles to local media to promote their narratives.
Examples from the perspective of a news site involve publishing op-eds from perceived prestigious voices to give legitimacy to an inauthentic publication, or supporting causes by hosting op-eds from actors aligned with the organisation\u2019s goals.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "develop-content"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.006.md",
+ "external_id": "T0085.006"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5.json
index 9dbfa9c..edd8ff4 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b8903b69-42ef-4c7f-8d29-e0664ebf3893",
+ "id": "bundle--37701d8b-9802-463a-94bd-88beef82ff4e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.265297Z",
- "modified": "2023-09-28T21:25:13.265297Z",
+ "created": "2024-08-02T17:12:32.405517Z",
+ "modified": "2024-08-02T17:12:32.405517Z",
"name": "Radio",
"description": "Radio",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283333f5-e161-4195-9070-5a7c22505adf.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283333f5-e161-4195-9070-5a7c22505adf.json
index 1d979bd..1ebd5ed 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283333f5-e161-4195-9070-5a7c22505adf.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283333f5-e161-4195-9070-5a7c22505adf.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--793cc6ec-dc65-4bf2-a3a5-425e83da0a68",
+ "id": "bundle--ef89e3d2-02a9-46a0-b179-3fda040b6499",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--283333f5-e161-4195-9070-5a7c22505adf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.252865Z",
- "modified": "2023-09-28T21:25:13.252865Z",
+ "created": "2024-08-02T17:12:32.394819Z",
+ "modified": "2024-08-02T17:12:32.394819Z",
"name": "Co-Opt Trusted Sources",
"description": "An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283453fd-36c5-4d66-b24d-f29ea35fa8a1.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283453fd-36c5-4d66-b24d-f29ea35fa8a1.json
index 9c0e1d8..5922ef9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283453fd-36c5-4d66-b24d-f29ea35fa8a1.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--283453fd-36c5-4d66-b24d-f29ea35fa8a1.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--6217b633-fcd8-470f-bf91-16f51d9b02db",
+ "id": "bundle--003c54f5-0c77-4697-8e79-502d89eba65c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--283453fd-36c5-4d66-b24d-f29ea35fa8a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.24035Z",
- "modified": "2023-09-28T21:25:13.24035Z",
+ "created": "2024-08-02T17:12:32.377423Z",
+ "modified": "2024-08-02T17:12:32.377423Z",
"name": "Create Anonymous Accounts",
"description": "Anonymous accounts or anonymous users refer to users that access network resources without providing a username or password. An influence operation may use anonymous accounts to spread content without direct attribution to the operation.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--29a3ec78-469a-43b8-b0ae-9f34c58316f2.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--29a3ec78-469a-43b8-b0ae-9f34c58316f2.json
new file mode 100644
index 0000000..6878d9c
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--29a3ec78-469a-43b8-b0ae-9f34c58316f2.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--8d8572f9-b8fc-4a9a-b423-5e048f99c31e",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--29a3ec78-469a-43b8-b0ae-9f34c58316f2",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.428473Z",
+ "modified": "2024-08-02T17:12:32.428473Z",
+ "name": "Provoke",
+ "description": "Instigate, incite, or arouse a target to act. Social media manipulators exploit moral outrage to propel targets to spread hate, take to the streets to protest, or engage in acts of violence. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.002.md",
+ "external_id": "T0138.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9.json
index 1f23167..6eddaf7 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d2c4d87c-409f-4f32-9a31-9e337e970741",
+ "id": "bundle--9e5e873e-0bbc-4f26-a402-3e23c6485c76",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.273283Z",
- "modified": "2023-09-28T21:25:13.273283Z",
+ "created": "2024-08-02T17:12:32.409219Z",
+ "modified": "2024-08-02T17:12:32.409219Z",
"name": "Post across Disciplines",
"description": "Post Across Disciplines",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b1270a6-d432-453f-88cf-17fa38ec6f40.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b1270a6-d432-453f-88cf-17fa38ec6f40.json
new file mode 100644
index 0000000..dbd24a2
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b1270a6-d432-453f-88cf-17fa38ec6f40.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--8f7ffd2f-5739-49ff-8fb7-29e2dc02f3ff",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--2b1270a6-d432-453f-88cf-17fa38ec6f40",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.359451Z",
+ "modified": "2024-08-02T17:12:32.359451Z",
+ "name": "Economic Advantage",
+ "description": "Favourable position domestically or internationally in the realms of commerce, trade, finance, industry. Economics involves nation-states, corporations, banks, trade blocs, industry associations, cartels. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-strategy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.003.md",
+ "external_id": "T0074.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e.json
index 34c4d89..e483639 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--707137b3-6225-472e-a07c-4a92d0a22b6c",
+ "id": "bundle--42842123-6a10-4b1b-84ff-4e826a17a3e2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.277436Z",
- "modified": "2023-09-28T21:25:13.277436Z",
+ "created": "2024-08-02T17:12:32.413845Z",
+ "modified": "2024-08-02T17:12:32.413845Z",
"name": "Encourage Physical Violence",
"description": "An influence operation may Encourage others to engage in Physical Violence to achieve campaign goals.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1.json
index 71af7ee..7156337 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--44f9daac-a4fc-4e7e-9682-03efa042ab82",
+ "id": "bundle--a7887cf0-e79d-4f64-9943-ded469cee484",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.222968Z",
- "modified": "2023-09-28T21:25:13.222968Z",
+ "created": "2024-08-02T17:12:32.363691Z",
+ "modified": "2024-08-02T17:12:32.363691Z",
"name": "Evaluate Media Surveys",
"description": "An influence operation may evaluate its own or third-party media surveys to determine what type of content appeals to its target audience. Media surveys may provide insight into an audience\u2019s political views, social class, general interests, or other indicators used to tailor operation messaging to its target audience.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d540add-b708-402a-93ff-f5aa50d30eb9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d540add-b708-402a-93ff-f5aa50d30eb9.json
index 1ae133e..d772c26 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d540add-b708-402a-93ff-f5aa50d30eb9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d540add-b708-402a-93ff-f5aa50d30eb9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c7ea2d2f-edf4-491f-9d18-8a26b73d30ff",
+ "id": "bundle--33704128-7b3a-40df-b6d7-2a3e3a67f3d4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2d540add-b708-402a-93ff-f5aa50d30eb9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.205471Z",
- "modified": "2023-09-28T21:25:13.205471Z",
+ "created": "2024-08-02T17:12:32.344274Z",
+ "modified": "2024-08-02T17:12:32.344274Z",
"name": "Use Unencrypted Chats Apps",
"description": "Examples include SMS, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321.json
index f62111e..b9e5667 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--386d5b67-da78-41e2-a782-36e8d364c8bd",
+ "id": "bundle--2212b83b-6b9c-4dd4-bc40-17d1798d55e1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.250986Z",
- "modified": "2023-09-28T21:25:13.250986Z",
+ "created": "2024-08-02T17:12:32.394405Z",
+ "modified": "2024-08-02T17:12:32.394405Z",
"name": "Leverage Existing Inauthentic News Sites",
"description": "Leverage Existing Inauthentic News Sites",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e.json
index f1a92a2..ddfee00 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--597df03d-5951-42b5-a04b-a2aab5bc9ecf",
+ "id": "bundle--496df3e6-88a6-4c59-88ae-66a25293731e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.263697Z",
- "modified": "2023-09-28T21:25:13.263697Z",
+ "created": "2024-08-02T17:12:32.404876Z",
+ "modified": "2024-08-02T17:12:32.404876Z",
"name": "Traditional Media",
"description": "Examples include TV, Newspaper, Radio, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc.json
index f46bf67..c914823 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--411884ce-8862-403a-ac58-1ebf7cb5fb49",
+ "id": "bundle--2964be6a-3bd9-42cd-84b3-e509dcbd1673",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.270307Z",
- "modified": "2023-09-28T21:25:13.270307Z",
+ "created": "2024-08-02T17:12:32.407759Z",
+ "modified": "2024-08-02T17:12:32.407759Z",
"name": "Comment or Reply on Content",
"description": "Delivering content by replying or commenting via owned media (assets that the operator controls).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7.json
index 6f2b703..c0303c4 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9f1138e3-d221-4fb8-9853-210f71b9fd2e",
+ "id": "bundle--42a8c8de-5c27-4fd0-b5e4-16cc5208614a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.203339Z",
- "modified": "2023-09-28T21:25:13.203339Z",
+ "created": "2024-08-02T17:12:32.343565Z",
+ "modified": "2024-08-02T17:12:32.343565Z",
"name": "Demand Insurmountable Proof",
"description": "Campaigns often leverage tactical and informational asymmetries on the threat surface, as seen in the Distort and Deny strategies, and the \"firehose of misinformation\". Specifically, conspiracy theorists can be repeatedly wrong, but advocates of the truth need to be perfect. By constantly escalating demands for proof, propagandists can effectively leverage this asymmetry while also priming its future use, often with an even greater asymmetric advantage. The conspiracist is offered freer rein for a broader range of \"questions\" while the truth teller is burdened with higher and higher standards of proof.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--32ddaf21-ebef-4270-9416-d9ef74bd23f6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--32ddaf21-ebef-4270-9416-d9ef74bd23f6.json
index 23f895c..16cd600 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--32ddaf21-ebef-4270-9416-d9ef74bd23f6.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--32ddaf21-ebef-4270-9416-d9ef74bd23f6.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c25a4ed5-ff5c-4184-af40-63185fd027f0",
+ "id": "bundle--76eee4c5-b6e3-4149-a33e-b3a542c5bcaf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--32ddaf21-ebef-4270-9416-d9ef74bd23f6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.282451Z",
- "modified": "2023-09-28T21:25:13.282451Z",
+ "created": "2024-08-02T17:12:32.416684Z",
+ "modified": "2024-08-02T17:12:32.416684Z",
"name": "Redirect URLs",
"description": "An influence operation may redirect its falsified or typosquatted URLs to legitimate websites to increase the operation's appearance of legitimacy, complicate attribution, and avoid detection.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8.json
index a73651d..509c9ec 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--4d5be5ab-9066-40d6-af57-347d231e4fb6",
+ "id": "bundle--37168ac0-549c-403a-9d31-41fe19a3ea17",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.231884Z",
- "modified": "2023-09-28T21:25:13.231884Z",
+ "created": "2024-08-02T17:12:32.371128Z",
+ "modified": "2024-08-02T17:12:32.371128Z",
"name": "Develop Inauthentic News Articles",
"description": "An influence operation may develop false or misleading news articles aligned to their campaign goals or narratives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb.json
index 27501b1..31494b2 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--dedb20af-a3ed-4eb4-8daf-16cd2e08c1e6",
+ "id": "bundle--782f4bc8-b4e3-47c5-a57e-07b1c7ff3d1b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.285122Z",
- "modified": "2023-09-28T21:25:13.285122Z",
+ "created": "2024-08-02T17:12:32.417607Z",
+ "modified": "2024-08-02T17:12:32.417607Z",
"name": "Utilise Bulletproof Hosting",
"description": "Hosting refers to services through which storage and computing resources are provided to an individual or organisation for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilise bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3437993c-c521-4145-a2d8-b860399876b0.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3437993c-c521-4145-a2d8-b860399876b0.json
index 0d73677..cf2fe52 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3437993c-c521-4145-a2d8-b860399876b0.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3437993c-c521-4145-a2d8-b860399876b0.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--eeaf0531-be7c-45b6-afc0-dbed1617f77c",
+ "id": "bundle--42dd1428-e91b-4115-b7f2-1708f01f77e1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3437993c-c521-4145-a2d8-b860399876b0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.2801Z",
- "modified": "2023-09-28T21:25:13.2801Z",
+ "created": "2024-08-02T17:12:32.415535Z",
+ "modified": "2024-08-02T17:12:32.415535Z",
"name": "Break Association with Content",
"description": "Breaking association with content occurs when an influence operation actively separates itself from its own content. An influence operation may break association with content by unfollowing, unliking, or unsharing its content, removing attribution from its content, or otherwise taking actions that distance the operation from its messaging. An influence operation may break association with its content to complicate attribution or regain credibility for a new operation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d.json
index cd0658f..5ac5240 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a6d496d1-d241-4852-b5d4-327c5ffd64e2",
+ "id": "bundle--9a378790-917c-4006-851f-8de2ffa81c4c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.195892Z",
- "modified": "2023-09-28T21:25:13.195892Z",
+ "created": "2024-08-02T17:12:32.336169Z",
+ "modified": "2024-08-02T17:12:32.336169Z",
"name": "Create Clickbait",
"description": "Create attention grabbing headlines (outrage, doubt, humour) required to drive traffic & engagement. This is a key asset.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca.json
index fb17305..79c83b1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--bcd1ecab-1563-4d85-8e3b-80064349facd",
+ "id": "bundle--35b0650e-99bb-404c-a54c-bb48d9d22b2c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.267305Z",
- "modified": "2023-09-28T21:25:13.267305Z",
+ "created": "2024-08-02T17:12:32.406496Z",
+ "modified": "2024-08-02T17:12:32.406496Z",
"name": "Social Media",
"description": "Social Media",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35d89673-deef-482e-b30d-bb6883e47b12.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35d89673-deef-482e-b30d-bb6883e47b12.json
index f757749..0d00631 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35d89673-deef-482e-b30d-bb6883e47b12.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--35d89673-deef-482e-b30d-bb6883e47b12.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1d1a0b5f-1be3-4c52-8c8c-6f7466953698",
+ "id": "bundle--22d772ff-e5f6-4ace-b4eb-116b885c22e7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--35d89673-deef-482e-b30d-bb6883e47b12",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.258959Z",
- "modified": "2023-09-28T21:25:13.258959Z",
+ "created": "2024-08-02T17:12:32.402241Z",
+ "modified": "2024-08-02T17:12:32.402241Z",
"name": "Create Dedicated Hashtag",
"description": "Create a campaign/incident specific hashtag.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291.json
index b4c2ae1..8486ccc 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--3713c941-49b8-4f24-8083-6c506a11ce72",
+ "id": "bundle--bdc125c5-3611-4532-b229-2944ab0c001a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.275328Z",
- "modified": "2023-09-28T21:25:13.275328Z",
+ "created": "2024-08-02T17:12:32.411564Z",
+ "modified": "2024-08-02T17:12:32.411564Z",
"name": "Conduct Server Redirect",
"description": "A server redirect, also known as a URL redirect, occurs when a server automatically forwards a user from one URL to another using server-side or client-side scripting languages. An influence operation may conduct a server redirect to divert target audience members from one website to another without their knowledge. The redirected website may pose as a legitimate source, host malware, or otherwise aid operation objectives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3628a6fd-b102-48a0-862b-9b66e80ee556.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3628a6fd-b102-48a0-862b-9b66e80ee556.json
new file mode 100644
index 0000000..426ca1c
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3628a6fd-b102-48a0-862b-9b66e80ee556.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--a4bfe7b9-645e-4af2-a1db-a3871e60e58f",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--3628a6fd-b102-48a0-862b-9b66e80ee556",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.427838Z",
+ "modified": "2024-08-02T17:12:32.427838Z",
+ "name": "Manipulate Stocks",
+ "description": "Artificially inflate or deflate the price of stocks or other financial instruments and then trade on these to make profit. The most common securities fraud schemes are called \u201cpump and dump\u201d and \u201cpoop and scoop\u201d. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.006.md",
+ "external_id": "T0137.006"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--36f4dc58-e164-4819-83f8-52875377ff16.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--36f4dc58-e164-4819-83f8-52875377ff16.json
index ae96523..13ebdfb 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--36f4dc58-e164-4819-83f8-52875377ff16.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--36f4dc58-e164-4819-83f8-52875377ff16.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--6a0de0a1-88d4-4005-8a2c-e41f4063bb91",
+ "id": "bundle--d21e749a-399c-40b4-9c7b-209f278ef8c2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--36f4dc58-e164-4819-83f8-52875377ff16",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.204899Z",
- "modified": "2023-09-28T21:25:13.204899Z",
+ "created": "2024-08-02T17:12:32.344084Z",
+ "modified": "2024-08-02T17:12:32.344084Z",
"name": "Use Encrypted Chat Apps",
"description": "Examples include Signal, WhatsApp, Discord, Wire, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9.json
index 0d2b9bb..6a3a1c1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--f9bab428-c384-4942-b2de-195baf6ac01b",
+ "id": "bundle--59297cc3-eb4a-44e7-ad66-2cd6992a7cad",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.243236Z",
- "modified": "2023-09-28T21:25:13.243236Z",
+ "created": "2024-08-02T17:12:32.379779Z",
+ "modified": "2024-08-02T17:12:32.379779Z",
"name": "Use Follow Trains",
"description": "A follow train is a group of people who follow each other on a social media platform, often as a way for an individual or campaign to grow its social media following. Follow trains may be a violation of platform Terms of Service. They are also known as follow-for-follow groups.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea.json
index 102e8e9..7a83acf 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea.json
@@ -1,16 +1,16 @@
{
"type": "bundle",
- "id": "bundle--597354a2-caf2-4a4f-937b-3ba4210154dd",
+ "id": "bundle--68a42eb4-50cb-4b46-8c13-b9cc08efa754",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.239371Z",
- "modified": "2023-09-28T21:25:13.239371Z",
+ "created": "2024-08-02T17:12:32.37699Z",
+ "modified": "2024-08-02T17:12:32.37699Z",
"name": "Alter Authentic Documents",
- "description": "Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic can be \"leaked\" during later stages in the operation.",
+ "description": "Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic and can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85.json
index d2ff672..281144d 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--9763ce34-ff06-439f-9e5a-6189eb3500d7",
+ "id": "bundle--8d0c90be-850b-4d32-8460-c499ca709224",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.248135Z",
- "modified": "2023-09-28T21:25:13.248135Z",
+ "created": "2024-08-02T17:12:32.382597Z",
+ "modified": "2024-08-02T17:12:32.382597Z",
"name": "Create Content Farms",
"description": "An influence operation may create an organisation for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1.json
index ac3aca8..24bf5db 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--7930ed30-e163-4178-b29d-60e7e54310ff",
+ "id": "bundle--308050af-565a-4fa0-82d9-b0587771b5e9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.276967Z",
- "modified": "2023-09-28T21:25:13.276967Z",
+ "created": "2024-08-02T17:12:32.413199Z",
+ "modified": "2024-08-02T17:12:32.413199Z",
"name": "Facilitate Logistics or Support for Attendance",
"description": "Facilitate logistics or support for travel, food, housing, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72.json
index 118b0f2..875eaf9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--7b84f97c-4639-43b1-a7b5-a15b77650011",
+ "id": "bundle--db232d51-2359-4ae5-a4e3-3e0c741ded1a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.255837Z",
- "modified": "2023-09-28T21:25:13.255837Z",
+ "created": "2024-08-02T17:12:32.398558Z",
+ "modified": "2024-08-02T17:12:32.398558Z",
"name": "Use Existing Echo Chambers/Filter Bubbles",
"description": "Use existing Echo Chambers/Filter Bubbles",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--39f767f7-bc22-4611-8a39-3584c5bbdd5a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--39f767f7-bc22-4611-8a39-3584c5bbdd5a.json
new file mode 100644
index 0000000..ea72adf
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--39f767f7-bc22-4611-8a39-3584c5bbdd5a.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--85f7691c-68e0-422e-a862-ea047aacc5c5",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--39f767f7-bc22-4611-8a39-3584c5bbdd5a",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.383638Z",
+ "modified": "2024-08-02T17:12:32.383638Z",
+ "name": "Individual Persona",
+ "description": "This sub-technique can be used to indicate that an entity is presenting itself as an individual. If the person is presenting themselves as having one of the personas listed below then these sub-techniques should be used instead, as they indicate both the type of persona they presented and that the entity presented itself as an individual:
T0097.101: Local Persona T0097.102: Journalist Persona T0097.103: Activist Persona T0097.104: Hacktivist Persona T0097.105: Military Personnel Persona T0097.106: Recruiter Persona T0097.107: Researcher Persona T0097.108: Expert Persona T0097.109: Romantic Suitor Persona T0097.110: Party Official Persona T0097.111: Government Official Persona T0097.112: Government Employee Persona",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.100.md",
+ "external_id": "T0097.100"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3a2f96fa-c3d0-4f54-a041-6807f0ea4955.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3a2f96fa-c3d0-4f54-a041-6807f0ea4955.json
new file mode 100644
index 0000000..18b2d3a
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3a2f96fa-c3d0-4f54-a041-6807f0ea4955.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--085b8da4-ab11-404b-bd59-9f25ad7b5334",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--3a2f96fa-c3d0-4f54-a041-6807f0ea4955",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.351504Z",
+ "modified": "2024-08-02T17:12:32.351504Z",
+ "name": "Generate Information Pollution",
+ "description": "Information Pollution occurs when threat actors attempt to ruin a source of information by flooding it with lots of inauthentic or unreliable content, intending to make it harder for legitimate users to find the information they\u2019re looking for.
This sub-technique\u2019s objective is to reduce exposure to target information, rather than promoting exposure to campaign content, for which the parent Technique T0049 can be used.
Analysts will need to infer what the motive for flooding an information space was when deciding whether to use T0049 or T0049.008 to tag a case when an information space is flooded. If such inference is not possible, default to T0049.
This Technique previously used the ID T0019.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "maximise-exposure"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0049.008.md",
+ "external_id": "T0049.008"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3af9d1c0-9a09-4dba-8975-a204e6951ac4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3af9d1c0-9a09-4dba-8975-a204e6951ac4.json
new file mode 100644
index 0000000..6bf8150
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3af9d1c0-9a09-4dba-8975-a204e6951ac4.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--da43971f-8360-411f-8b0a-2e235b06ad4a",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--3af9d1c0-9a09-4dba-8975-a204e6951ac4",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.428678Z",
+ "modified": "2024-08-02T17:12:32.428678Z",
+ "name": "Compel",
+ "description": "Force target to take an action or to stop taking an action it has already started. Actors can use the threat of reputational damage alongside military or economic threats to compel a target.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.003.md",
+ "external_id": "T0138.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3b7dd3e2-ff22-4b4b-813e-c31c2fb68029.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3b7dd3e2-ff22-4b4b-813e-c31c2fb68029.json
new file mode 100644
index 0000000..e479a01
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3b7dd3e2-ff22-4b4b-813e-c31c2fb68029.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--093e8baf-f3bd-452b-b564-758c25c12bcc",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--3b7dd3e2-ff22-4b4b-813e-c31c2fb68029",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.43236Z",
+ "modified": "2024-08-02T17:12:32.43236Z",
+ "name": "Persona Template",
+ "description": "Threat actors have been observed following a template when filling their accounts\u2019 online profiles. This may be done to enable account holders to quickly present themselves as a real person with a targeted persona.
For example, an actor may be instructed to create many fabricated local accounts for use in an operation using a template of \u201c[flag emojis], [location], [personal quote], [political party] supporter\u201d in their account\u2019s description.
Associated Techniques and Sub-techniques T0143.002: Fabricated Persona: The use of a templated account biography in a collection of accounts may be an indicator that the personas have been fabricated.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.002.md",
+ "external_id": "T0144.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45.json
index ee2380e..f028ec7 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--524c667d-ba42-44dc-99ff-f0341f294492",
+ "id": "bundle--42db14eb-21c4-4415-85ff-6ea4a0b6988b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.195475Z",
- "modified": "2023-09-28T21:25:13.195475Z",
+ "created": "2024-08-02T17:12:32.335422Z",
+ "modified": "2024-08-02T17:12:32.335422Z",
"name": "Raise Funds from Malign Actors",
"description": "Raising funds from malign actors may include contributions from foreign agents, cutouts or proxies, shell companies, dark money groups, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3be88ed6-1f7e-4c93-997c-600a8996293f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3be88ed6-1f7e-4c93-997c-600a8996293f.json
new file mode 100644
index 0000000..d6ad49b
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3be88ed6-1f7e-4c93-997c-600a8996293f.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--c4a67919-d59e-40b9-a754-5db16962d44f",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--3be88ed6-1f7e-4c93-997c-600a8996293f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.42888Z",
+ "modified": "2024-08-02T17:12:32.42888Z",
+ "name": "Dissuade from Acting",
+ "description": "Discourage, deter, or inhibit the target from actions which would be unfavourable to the attacker. The actor may want the target to refrain from voting, buying, fighting, or supplying. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0139.md",
+ "external_id": "T0139"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14.json
index afa2c3d..340029e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e270b35a-fd95-4c34-879c-ef98af69a7a2",
+ "id": "bundle--4bc6311d-569a-4924-aec6-c9ececa708f4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.216489Z",
- "modified": "2023-09-28T21:25:13.216489Z",
+ "created": "2024-08-02T17:12:32.356931Z",
+ "modified": "2024-08-02T17:12:32.356931Z",
"name": "Psychographic Segmentation",
"description": "An influence operation may target populations based on psychographic segmentation, which uses audience values and decision-making processes. An operation may individually gather psychographic data with its own surveys or collection tools or externally purchase data from social media companies or online surveys, such as personality quizzes.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--404f0dd5-81d8-4d96-ad36-875a58c27271.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--404f0dd5-81d8-4d96-ad36-875a58c27271.json
index 6174655..d826f6f 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--404f0dd5-81d8-4d96-ad36-875a58c27271.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--404f0dd5-81d8-4d96-ad36-875a58c27271.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--8df61d22-73e4-42fe-81f8-88f17e1f440a",
+ "id": "bundle--d78866cf-2eef-4cd3-8dff-bb863f6c5282",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--404f0dd5-81d8-4d96-ad36-875a58c27271",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.257668Z",
- "modified": "2023-09-28T21:25:13.257668Z",
+ "created": "2024-08-02T17:12:32.400306Z",
+ "modified": "2024-08-02T17:12:32.400306Z",
"name": "Mainstream Social Networks",
"description": "Examples include Facebook, Twitter, LinkedIn, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c.json
index a1c3b39..dd1cd67 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b83086c0-b76a-45b4-b775-b336e4f5b623",
+ "id": "bundle--b6b0bec9-0362-4844-b4e7-9dcc47d85ee8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.256193Z",
- "modified": "2023-09-28T21:25:13.256193Z",
+ "created": "2024-08-02T17:12:32.399364Z",
+ "modified": "2024-08-02T17:12:32.399364Z",
"name": "Exploit Data Voids",
"description": "A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) \u201cBreaking news\u201d data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a \u201cstrategic new terms\u201d data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on \u201coutdated terms\u201d that have decreased in popularity, capitalising on most search engines\u2019 preferences for recency. (4) \u201cFragmented concepts\u201d data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use \u201cproblematic queries\u201d that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b.json
index 9276957..a505cc5 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d36d25dd-ffcd-4218-853b-23d09e3325d4",
+ "id": "bundle--14414258-fd23-4684-9630-c08c108445f6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.223959Z",
- "modified": "2023-09-28T21:25:13.223959Z",
+ "created": "2024-08-02T17:12:32.365103Z",
+ "modified": "2024-08-02T17:12:32.365103Z",
"name": "Identify Social and Technical Vulnerabilities",
"description": "Identifying social and technical vulnerabilities determines weaknesses within the target audience information environment for later exploitation. Vulnerabilities include decisive political issues, weak cybersecurity infrastructure, search engine data voids, and other technical and non technical weaknesses in the target information environment. Identifying social and technical vulnerabilities facilitates the later exploitation of the identified weaknesses to advance operation objectives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--410e8ae7-e11d-44ff-8f10-3ec29798a9e0.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--410e8ae7-e11d-44ff-8f10-3ec29798a9e0.json
new file mode 100644
index 0000000..3f87267
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--410e8ae7-e11d-44ff-8f10-3ec29798a9e0.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--c3aa656a-00c7-4d75-9624-876a51f62d99",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--410e8ae7-e11d-44ff-8f10-3ec29798a9e0",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432127Z",
+ "modified": "2024-08-02T17:12:32.432127Z",
+ "name": "Present Persona across Platforms",
+ "description": "This sub-technique covers situations where analysts have identified the same persona being presented across multiple platforms.
Having multiple accounts presenting the same persona is not an indicator of inauthentic behaviour; many people create accounts and present as themselves on multiple platforms. However, threat actors are known to present the same persona across multiple platforms, benefiting from an increase in perceived legitimacy.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.001.md",
+ "external_id": "T0144.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--422b6ba9-3ad0-4e6f-9f00-b044e5d657a1.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--422b6ba9-3ad0-4e6f-9f00-b044e5d657a1.json
new file mode 100644
index 0000000..ffcd01b
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--422b6ba9-3ad0-4e6f-9f00-b044e5d657a1.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--7352d4f2-953e-48fc-b1f2-5b3d17dba7bf",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--422b6ba9-3ad0-4e6f-9f00-b044e5d657a1",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.392983Z",
+ "modified": "2024-08-02T17:12:32.392983Z",
+ "name": "Social Cause Persona",
+ "description": "Online accounts which present themselves as focusing on a social cause are presenting the Social Cause Persona. Examples include accounts which post about current affairs, such as discrimination faced by minorities.
While presenting as an account invested in a social cause is not an indication of inauthentic behaviour, such personas have been used by threat actors to exploit peoples\u2019 legitimate emotional investment regarding social causes that matter to them (T0143.002: Fabricated Persona, T0097.208: Social Cause Persona).
Legitimate accounts focused on a social cause could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.208: Social Cause Persona). For example, the account holders could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques: T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as an activist related to a social cause. Accounts with social cause personas do not present themselves as individuals, but may have activists controlling the accounts.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.208.md",
+ "external_id": "T0097.208"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4282febe-c8a6-46da-863c-f19081615d80.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4282febe-c8a6-46da-863c-f19081615d80.json
index 49d639e..ace8c58 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4282febe-c8a6-46da-863c-f19081615d80.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4282febe-c8a6-46da-863c-f19081615d80.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--790268d5-f369-403b-a46d-5ad509c30df0",
+ "id": "bundle--94d03a1c-720e-4f9a-a17d-56c3863d7e6d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4282febe-c8a6-46da-863c-f19081615d80",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.21143Z",
- "modified": "2023-09-28T21:25:13.21143Z",
+ "created": "2024-08-02T17:12:32.350087Z",
+ "modified": "2024-08-02T17:12:32.350087Z",
"name": "Utilise Spamoflauge",
"description": "Spamoflauge refers to the practice of disguising spam messages as legitimate. Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk. Simple methods of spamoflauge include replacing letters with numbers to fool keyword-based email spam filters, for example, \"you've w0n our jackp0t!\". Spamoflauge may extend to more complex techniques such as modifying the grammar or word choice of the language, casting messages as images which spam detectors cannot automatically read, or encapsulating messages in password protected attachments, such as .pdf or .zip files. Influence operations may use spamoflauge to avoid spam filtering systems and increase the likelihood of the target audience receiving operation messaging.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--42aa38b3-77b9-48e0-b3ef-41e7e72e27ac.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--42aa38b3-77b9-48e0-b3ef-41e7e72e27ac.json
new file mode 100644
index 0000000..308d2b6
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--42aa38b3-77b9-48e0-b3ef-41e7e72e27ac.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--3f28a037-4fe4-4166-b592-1b9a7f4107c7",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--42aa38b3-77b9-48e0-b3ef-41e7e72e27ac",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.429558Z",
+ "modified": "2024-08-02T17:12:32.429558Z",
+ "name": "Cause Harm",
+ "description": "Persecute, malign, or inflict pain upon a target. The objective of a campaign may be to cause fear or emotional distress in a target. In some cases, harm is instrumental to achieving a primary objective, as in coercion, repression, or intimidation. In other cases, harm may be inflicted for the satisfaction of the perpetrator, as in revenge or sadistic cruelty. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0140.md",
+ "external_id": "T0140"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039.json
index ac30419..e73afea 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--38165465-d447-4aad-8084-f23ebfbfb2da",
+ "id": "bundle--f8685817-1428-4ab4-9c6f-1816985d82d7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.247214Z",
- "modified": "2023-09-28T21:25:13.247214Z",
+ "created": "2024-08-02T17:12:32.381825Z",
+ "modified": "2024-08-02T17:12:32.381825Z",
"name": "Develop Owned Media Assets",
"description": "An owned media asset refers to an agency or organisation through which an influence operation may create, develop, and host content and narratives. Owned media assets include websites, blogs, social media pages, forums, and other platforms that facilitate the creation and organisation of content.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34.json
index 9729007..195cb6e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--8d9d6aaf-d143-4278-b601-05613e12dfcb",
+ "id": "bundle--ca9241d9-8bc9-4609-9f9c-7772037cfb9f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.223372Z",
- "modified": "2023-09-28T21:25:13.223372Z",
+ "created": "2024-08-02T17:12:32.364425Z",
+ "modified": "2024-08-02T17:12:32.364425Z",
"name": "Conduct Web Traffic Analysis",
"description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157.json
index 9cb0b69..db88b6e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--fdec7679-d363-46e2-b4f0-eb885fcec3d2",
+ "id": "bundle--738b5d9f-1406-4dc5-8c4e-cb5139826f7c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.224398Z",
- "modified": "2023-09-28T21:25:13.224398Z",
+ "created": "2024-08-02T17:12:32.365448Z",
+ "modified": "2024-08-02T17:12:32.365448Z",
"name": "Find Echo Chambers",
"description": "Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9.json
index 8a6192f..d09d921 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--254ab946-c35a-4f26-9e74-9ad45e2ff842",
+ "id": "bundle--1c441fbd-06b6-4111-ba16-87d8c1e0ac65",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.200791Z",
- "modified": "2023-09-28T21:25:13.200791Z",
+ "created": "2024-08-02T17:12:32.342026Z",
+ "modified": "2024-08-02T17:12:32.342026Z",
"name": "Distort Facts",
"description": "Change, twist, or exaggerate existing facts to construct a narrative that differs from reality. Examples: images and ideas can be distorted by being placed in an improper content",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d.json
index 704c291..cc4d2dc 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--af941b53-2a08-4b7e-8300-dd82dc395059",
+ "id": "bundle--7c940633-a4aa-449b-be9d-5b90cf125997",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.243054Z",
- "modified": "2023-09-28T21:25:13.243054Z",
+ "created": "2024-08-02T17:12:32.379547Z",
+ "modified": "2024-08-02T17:12:32.379547Z",
"name": "Create Organisations",
"description": "Influence operations may establish organisations with legitimate or falsified hierarchies, staff, and content to structure operation assets, provide a sense of legitimacy to the operation, or provide institutional backing to operation activities.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4a1d1dad-6784-42be-a7cd-1653cf8f34cc.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4a1d1dad-6784-42be-a7cd-1653cf8f34cc.json
index 451b30b..7f61821 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4a1d1dad-6784-42be-a7cd-1653cf8f34cc.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4a1d1dad-6784-42be-a7cd-1653cf8f34cc.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a66a21ef-a173-4cde-ba42-d60759c41c57",
+ "id": "bundle--f6237991-625a-4716-8183-16180d053d73",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4a1d1dad-6784-42be-a7cd-1653cf8f34cc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.255442Z",
- "modified": "2023-09-28T21:25:13.255442Z",
+ "created": "2024-08-02T17:12:32.397193Z",
+ "modified": "2024-08-02T17:12:32.397193Z",
"name": "Leverage Echo Chambers/Filter Bubbles",
"description": "An echo chamber refers to an internet subgroup, often along ideological lines, where individuals only engage with \u201cothers with which they are already in agreement.\u201d A filter bubble refers to an algorithm's placement of an individual in content that they agree with or regularly engage with, possibly entrapping the user into a bubble of their own making. An operation may create these isolated areas of the internet by match existing groups, or aggregating individuals into a single target audience based on shared interests, politics, values, demographics, and other characteristics. Echo chambers and filter bubbles help to reinforce similar biases and content to the same target audience members.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c5e704a-acca-4bbd-8980-c915c0424ff8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c5e704a-acca-4bbd-8980-c915c0424ff8.json
index b6bef0f..401b5d4 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c5e704a-acca-4bbd-8980-c915c0424ff8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c5e704a-acca-4bbd-8980-c915c0424ff8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--24d6d0eb-2e4c-41d5-bcd0-d96a3588d467",
+ "id": "bundle--35d106c2-5fae-42cf-a024-34d124bc5bf0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4c5e704a-acca-4bbd-8980-c915c0424ff8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.290171Z",
- "modified": "2023-09-28T21:25:13.290171Z",
+ "created": "2024-08-02T17:12:32.421381Z",
+ "modified": "2024-08-02T17:12:32.421381Z",
"name": "Message Reach",
"description": "Monitor and evaluate message reach in misinformation incidents.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cb308a9-073c-49d3-81ed-894cf9b95acc.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cb308a9-073c-49d3-81ed-894cf9b95acc.json
index 24c9aed..9725df1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cb308a9-073c-49d3-81ed-894cf9b95acc.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cb308a9-073c-49d3-81ed-894cf9b95acc.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--43f7eb05-0876-4b49-a574-4dd94a243847",
+ "id": "bundle--1924b4ec-2ce7-4d51-809d-baeb832b2758",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4cb308a9-073c-49d3-81ed-894cf9b95acc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.246267Z",
- "modified": "2023-09-28T21:25:13.246267Z",
+ "created": "2024-08-02T17:12:32.380974Z",
+ "modified": "2024-08-02T17:12:32.380974Z",
"name": "Identify Susceptible Targets in Networks",
"description": "When seeking to infiltrate an existing network, an influence operation may identify individuals and groups that might be susceptible to being co-opted or influenced.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cd719a9-e817-4acc-9581-6b6a60e42f35.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cd719a9-e817-4acc-9581-6b6a60e42f35.json
index 0ba85b9..a5dc97a 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cd719a9-e817-4acc-9581-6b6a60e42f35.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4cd719a9-e817-4acc-9581-6b6a60e42f35.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c8b9df5e-59ba-4442-8f92-91cde7dbcba9",
+ "id": "bundle--553c753b-15bd-4e7d-9e8b-62616d7148ff",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4cd719a9-e817-4acc-9581-6b6a60e42f35",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.228328Z",
- "modified": "2023-09-28T21:25:13.228328Z",
+ "created": "2024-08-02T17:12:32.369011Z",
+ "modified": "2024-08-02T17:12:32.369011Z",
"name": "Use Copypasta",
"description": "Copypasta refers to a piece of text that has been copied and pasted multiple times across various online platforms. A copypasta\u2019s final form may differ from its original source text as users add, delete, or otherwise edit the content as they repost the text.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4e33bf6a-c042-4673-b72a-c4121e0aae0d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4e33bf6a-c042-4673-b72a-c4121e0aae0d.json
new file mode 100644
index 0000000..1a8caf3
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4e33bf6a-c042-4673-b72a-c4121e0aae0d.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--1fb78b66-adfe-4b09-8b8d-2d6e1401a54f",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--4e33bf6a-c042-4673-b72a-c4121e0aae0d",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.425583Z",
+ "modified": "2024-08-02T17:12:32.425583Z",
+ "name": "Increase Prestige",
+ "description": "Improve personal standing within a community. Gain fame, approbation, or notoriety. Conspiracy theorists, those with special access, and ideologues can gain prominence in a community by propagating disinformation, leaking confidential documents, or spreading hate. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.008.md",
+ "external_id": "T0136.008"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4f7361ac-3b52-443f-8b4c-4032bb290a80.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4f7361ac-3b52-443f-8b4c-4032bb290a80.json
new file mode 100644
index 0000000..8f2eff6
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--4f7361ac-3b52-443f-8b4c-4032bb290a80.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--a1bd3411-fcb5-423e-a288-8a8351072186",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--4f7361ac-3b52-443f-8b4c-4032bb290a80",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.422724Z",
+ "modified": "2024-08-02T17:12:32.422724Z",
+ "name": "Polarise",
+ "description": "To cause a target audience to divide into two completely opposing groups. This is a special case of subversion. To divide and conquer is an age-old approach to subverting and overcoming an enemy.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0135.004.md",
+ "external_id": "T0135.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--50f92bc8-f6ad-4267-bd00-f4c572370a72.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--50f92bc8-f6ad-4267-bd00-f4c572370a72.json
index 9c176bf..7059932 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--50f92bc8-f6ad-4267-bd00-f4c572370a72.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--50f92bc8-f6ad-4267-bd00-f4c572370a72.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b85c35ca-6b6b-4157-a1d0-3d17eb612378",
+ "id": "bundle--af83a6a2-c444-4483-98f5-5927461d0804",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--50f92bc8-f6ad-4267-bd00-f4c572370a72",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.206965Z",
- "modified": "2023-09-28T21:25:13.206965Z",
+ "created": "2024-08-02T17:12:32.344897Z",
+ "modified": "2024-08-02T17:12:32.344897Z",
"name": "Use Search Engine Optimisation",
"description": "Manipulate content engagement metrics (ie: Reddit & Twitter) to influence/impact news search results (e.g. Google), also elevates RT & Sputnik headline into Google news alert emails. aka \"Black-hat SEO\"",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5251f6d0-6820-4617-afef-a0d8acafd3c1.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5251f6d0-6820-4617-afef-a0d8acafd3c1.json
index 0533056..79720a8 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5251f6d0-6820-4617-afef-a0d8acafd3c1.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5251f6d0-6820-4617-afef-a0d8acafd3c1.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--76846529-cada-411b-bd11-af4b98c3f1f4",
+ "id": "bundle--443a036d-c12e-4cad-bd05-42ddc7627882",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5251f6d0-6820-4617-afef-a0d8acafd3c1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.270783Z",
- "modified": "2023-09-28T21:25:13.270783Z",
+ "created": "2024-08-02T17:12:32.408023Z",
+ "modified": "2024-08-02T17:12:32.408023Z",
"name": "Post Inauthentic Social Media Comment",
"description": "Use government-paid social media commenters, astroturfers, chat bots (programmed to reply to specific key words/hashtags) influence online conversations, product reviews, web-site comment forums.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5414f74d-0b10-4562-ad9d-e5e1093e255a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5414f74d-0b10-4562-ad9d-e5e1093e255a.json
index 2519921..111dad4 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5414f74d-0b10-4562-ad9d-e5e1093e255a.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5414f74d-0b10-4562-ad9d-e5e1093e255a.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--bbd7a8b3-9663-4632-8a4d-b8bdd7f2f8e8",
+ "id": "bundle--1fe89da0-e37c-4504-848a-d7dc6ddc6f47",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5414f74d-0b10-4562-ad9d-e5e1093e255a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.219041Z",
- "modified": "2023-09-28T21:25:13.219041Z",
+ "created": "2024-08-02T17:12:32.360306Z",
+ "modified": "2024-08-02T17:12:32.360306Z",
"name": "Dismiss",
"description": "Push back against criticism by dismissing your critics. This might be arguing that the critics use a different standard for you than with other actors or themselves; or arguing that their criticism is biassed.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--556fa171-ffd0-4787-84fa-171b99c703b5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--556fa171-ffd0-4787-84fa-171b99c703b5.json
index 51a5257..87d39b2 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--556fa171-ffd0-4787-84fa-171b99c703b5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--556fa171-ffd0-4787-84fa-171b99c703b5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c1b1845f-f5b0-4d07-abe1-d98f26c7c32f",
+ "id": "bundle--d650442f-22ab-42d3-bea3-c13f4165fc2a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--556fa171-ffd0-4787-84fa-171b99c703b5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.27495Z",
- "modified": "2023-09-28T21:25:13.27495Z",
+ "created": "2024-08-02T17:12:32.411369Z",
+ "modified": "2024-08-02T17:12:32.411369Z",
"name": "Destroy Information Generation Capabilities",
"description": "Destroying information generation capabilities refers to actions taken to limit, degrade, or otherwise incapacitate an actor\u2019s ability to generate conflicting information. An influence operation may destroy an actor\u2019s information generation capabilities by physically dismantling the information infrastructure, disconnecting resources needed for information generation, or redirecting information generation personnel. An operation may destroy an adversary\u2019s information generation capabilities to limit conflicting content exposure to the target audience and crowd the information space with its own narratives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ecf54e-0e46-4ea1-86de-ab473c94705f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ecf54e-0e46-4ea1-86de-ab473c94705f.json
index f036a37..39d1855 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ecf54e-0e46-4ea1-86de-ab473c94705f.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ecf54e-0e46-4ea1-86de-ab473c94705f.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9383febc-dd7c-454b-a110-1ccfd70d3b91",
+ "id": "bundle--c83cb969-86df-4bc6-80c5-a850cd7f899d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--55ecf54e-0e46-4ea1-86de-ab473c94705f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.289474Z",
- "modified": "2023-09-28T21:25:13.289474Z",
+ "created": "2024-08-02T17:12:32.420557Z",
+ "modified": "2024-08-02T17:12:32.420557Z",
"name": "Awareness",
"description": "Measure current system state with respect to the effectiveness of influencing awareness.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ff2ec4-8d1b-49f8-b774-d5996bc33648.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ff2ec4-8d1b-49f8-b774-d5996bc33648.json
index b888910..13ea8ef 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ff2ec4-8d1b-49f8-b774-d5996bc33648.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--55ff2ec4-8d1b-49f8-b774-d5996bc33648.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a4edde62-06aa-4210-a2ed-4ab9cd239c55",
+ "id": "bundle--01fe8aad-c800-4ddc-966c-cd9729c938a7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--55ff2ec4-8d1b-49f8-b774-d5996bc33648",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.224906Z",
- "modified": "2023-09-28T21:25:13.224906Z",
+ "created": "2024-08-02T17:12:32.36588Z",
+ "modified": "2024-08-02T17:12:32.36588Z",
"name": "Identify Data Voids",
"description": "A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) \u201cBreaking news\u201d data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a \u201cstrategic new terms\u201d data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on \u201coutdated terms\u201d that have decreased in popularity, capitalising on most search engines\u2019 preferences for recency. (4) \u201cFragmented concepts\u201d data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use \u201cproblematic queries\u201d that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--56a35df8-3bda-4ee3-8be0-23b20b69fe63.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--56a35df8-3bda-4ee3-8be0-23b20b69fe63.json
index 056057e..7192a59 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--56a35df8-3bda-4ee3-8be0-23b20b69fe63.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--56a35df8-3bda-4ee3-8be0-23b20b69fe63.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--edd394c2-0676-4441-b36d-8883b9eb6ccf",
+ "id": "bundle--f417b352-242c-49c9-b667-9186c9f18444",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--56a35df8-3bda-4ee3-8be0-23b20b69fe63",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.277105Z",
- "modified": "2023-09-28T21:25:13.277105Z",
+ "created": "2024-08-02T17:12:32.413349Z",
+ "modified": "2024-08-02T17:12:32.413349Z",
"name": "Physical Violence",
"description": "Physical violence refers to the use of force to injure, abuse, damage, or destroy. An influence operation may conduct or encourage physical violence to discourage opponents from promoting conflicting content or draw attention to operation narratives using shock value.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--570ba169-9d18-41ac-89ae-46b1376cdb82.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--570ba169-9d18-41ac-89ae-46b1376cdb82.json
index b25629b..62a05ea 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--570ba169-9d18-41ac-89ae-46b1376cdb82.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--570ba169-9d18-41ac-89ae-46b1376cdb82.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--354801d3-22ba-4123-ab59-e8facb7b8800",
+ "id": "bundle--ef61da7d-7f1e-41a7-a034-4e9ed9c137b4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--570ba169-9d18-41ac-89ae-46b1376cdb82",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.277243Z",
- "modified": "2023-09-28T21:25:13.277243Z",
+ "created": "2024-08-02T17:12:32.413648Z",
+ "modified": "2024-08-02T17:12:32.413648Z",
"name": "Conduct Physical Violence",
"description": "An influence operation may directly Conduct Physical Violence to achieve campaign goals.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--57f82c4a-4db0-47f4-b4a2-03cd2792b6dc.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--57f82c4a-4db0-47f4-b4a2-03cd2792b6dc.json
index 0ed9a2c..6be081c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--57f82c4a-4db0-47f4-b4a2-03cd2792b6dc.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--57f82c4a-4db0-47f4-b4a2-03cd2792b6dc.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e04715f0-b252-4db3-977c-9e34cb387ab3",
+ "id": "bundle--8f5582d0-279a-4c82-9fa5-0d6b6bd170a2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--57f82c4a-4db0-47f4-b4a2-03cd2792b6dc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.235858Z",
- "modified": "2023-09-28T21:25:13.235858Z",
+ "created": "2024-08-02T17:12:32.37578Z",
+ "modified": "2024-08-02T17:12:32.37578Z",
"name": "Deceptively Edit Video (Cheap Fakes)",
"description": "Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58643f4a-7699-4cd7-aafa-76a3e6e09e99.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58643f4a-7699-4cd7-aafa-76a3e6e09e99.json
index 5b50aa6..9228460 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58643f4a-7699-4cd7-aafa-76a3e6e09e99.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58643f4a-7699-4cd7-aafa-76a3e6e09e99.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--a3187df7-ce39-4a67-83cc-72bb0e1896b1",
+ "id": "bundle--e6a64ec2-eb52-4b7e-80e6-672961344919",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--58643f4a-7699-4cd7-aafa-76a3e6e09e99",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.242366Z",
- "modified": "2023-09-28T21:25:13.242366Z",
+ "created": "2024-08-02T17:12:32.378557Z",
+ "modified": "2024-08-02T17:12:32.378557Z",
"name": "Recruit Contractors",
"description": "Operators recruit paid contractor to support the campaign.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58b169c1-7e9a-4300-a98f-eb7baee8967f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58b169c1-7e9a-4300-a98f-eb7baee8967f.json
index a4efb04..4aa9624 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58b169c1-7e9a-4300-a98f-eb7baee8967f.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--58b169c1-7e9a-4300-a98f-eb7baee8967f.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--29c900a0-3d71-4a1c-9708-126f036c3635",
+ "id": "bundle--8672b5dd-5b08-4c32-9681-df167578faaf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--58b169c1-7e9a-4300-a98f-eb7baee8967f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.23435Z",
- "modified": "2023-09-28T21:25:13.23435Z",
+ "created": "2024-08-02T17:12:32.374865Z",
+ "modified": "2024-08-02T17:12:32.374865Z",
"name": "Aggregate Information into Evidence Collages",
"description": "Image files that aggregate positive evidence (Joan Donovan)",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--594993b4-86a3-455b-af59-61f167d7fd93.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--594993b4-86a3-455b-af59-61f167d7fd93.json
index 084122c..390a8de 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--594993b4-86a3-455b-af59-61f167d7fd93.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--594993b4-86a3-455b-af59-61f167d7fd93.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--fc23689c-583c-4a27-8169-a3e25ef68e3c",
+ "id": "bundle--f2ed5491-1539-4e78-aa21-2e341b0e8db7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--594993b4-86a3-455b-af59-61f167d7fd93",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.226785Z",
- "modified": "2023-09-28T21:25:13.226785Z",
+ "created": "2024-08-02T17:12:32.367108Z",
+ "modified": "2024-08-02T17:12:32.367108Z",
"name": "Identify Wedge Issues",
"description": "A wedge issue is a divisive political issue, usually concerning a social phenomenon, that divides individuals along a defined line. An influence operation may exploit wedge issues by intentionally polarising the public along the wedge issue line and encouraging opposition between factions.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5a279d23-6ba2-425c-bf72-20c6411ca5a7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5a279d23-6ba2-425c-bf72-20c6411ca5a7.json
index 4ddd9a5..b51f1fe 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5a279d23-6ba2-425c-bf72-20c6411ca5a7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5a279d23-6ba2-425c-bf72-20c6411ca5a7.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--60871686-5e84-4b0f-9984-8a4b1c278af3",
+ "id": "bundle--3f4e0f21-97a5-4747-815b-e9028eebf371",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5a279d23-6ba2-425c-bf72-20c6411ca5a7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.223169Z",
- "modified": "2023-09-28T21:25:13.223169Z",
+ "created": "2024-08-02T17:12:32.364042Z",
+ "modified": "2024-08-02T17:12:32.364042Z",
"name": "Identify Trending Topics/Hashtags",
"description": "An influence operation may identify trending hashtags on social media platforms for later use in boosting operation content. A hashtag40 refers to a word or phrase preceded by the hash symbol (#) on social media used to identify messages and posts relating to a specific topic. All public posts that use the same hashtag are aggregated onto a centralised page dedicated to the word or phrase and sorted either chronologically or by popularity.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5af23f8e-38df-48c6-b832-6f4589cd2590.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5af23f8e-38df-48c6-b832-6f4589cd2590.json
new file mode 100644
index 0000000..3fec734
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5af23f8e-38df-48c6-b832-6f4589cd2590.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--d6284560-52a5-415a-82c3-434f53248d74",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--5af23f8e-38df-48c6-b832-6f4589cd2590",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.429223Z",
+ "modified": "2024-08-02T17:12:32.429223Z",
+ "name": "Silence",
+ "description": "Intimidate or incentivise target into remaining silent or prevent target from speaking out. A threat actor may cow a target into silence as a special case of deterrence. Or they may buy the target\u2019s silence. Or they may repress or restrict the target\u2019s speech. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0139.002.md",
+ "external_id": "T0139.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5b6aaad5-7166-4321-ae82-b9300a2ddad7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5b6aaad5-7166-4321-ae82-b9300a2ddad7.json
index 70671be..ecb514a 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5b6aaad5-7166-4321-ae82-b9300a2ddad7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5b6aaad5-7166-4321-ae82-b9300a2ddad7.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--8e15485e-1631-4178-8da2-e86150b9d873",
+ "id": "bundle--8c4e5ccf-06b0-434d-b9ce-a9de90240c74",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5b6aaad5-7166-4321-ae82-b9300a2ddad7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.236325Z",
- "modified": "2023-09-28T21:25:13.236325Z",
+ "created": "2024-08-02T17:12:32.375987Z",
+ "modified": "2024-08-02T17:12:32.375987Z",
"name": "Develop Audio-Based Content",
"description": "Creating and editing false or misleading audio artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include creating completely new audio content, repurposing existing audio artefacts (including cheap fakes), or using AI-generated audio creation and editing technologies (including deepfakes).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5ba86be4-c8ba-458c-abea-2ad706d7ddd9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5ba86be4-c8ba-458c-abea-2ad706d7ddd9.json
new file mode 100644
index 0000000..8e4a5da
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5ba86be4-c8ba-458c-abea-2ad706d7ddd9.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--770cbf35-9a8b-4abb-8de0-dc966249ef4c",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--5ba86be4-c8ba-458c-abea-2ad706d7ddd9",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.433022Z",
+ "modified": "2024-08-02T17:12:32.433022Z",
+ "name": "Animal Account Imagery",
+ "description": "Animal used in account imagery.
An influence operation might flesh out its account by uploading a profile picture, increasing its perceived authenticity.
People sometimes legitimately use images of animals as their profile pictures (e.g. of their pets), and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.003.md",
+ "external_id": "T0145.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bbea132-9da6-42f7-93e9-71f0a9cf311d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bbea132-9da6-42f7-93e9-71f0a9cf311d.json
index 1576b02..326489f 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bbea132-9da6-42f7-93e9-71f0a9cf311d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bbea132-9da6-42f7-93e9-71f0a9cf311d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a387b741-b82e-4d20-8103-66107fb30e72",
+ "id": "bundle--c3876de9-7079-46e1-9bf6-1cc71613610b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5bbea132-9da6-42f7-93e9-71f0a9cf311d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.273641Z",
- "modified": "2023-09-28T21:25:13.273641Z",
+ "created": "2024-08-02T17:12:32.409621Z",
+ "modified": "2024-08-02T17:12:32.409621Z",
"name": "Use Affiliate Marketing Programmes",
"description": "Use Affiliate Marketing Programmes",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bc895e8-eb26-43ec-8469-ab665092970d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bc895e8-eb26-43ec-8469-ab665092970d.json
index c3a60a6..baadcba 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bc895e8-eb26-43ec-8469-ab665092970d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bc895e8-eb26-43ec-8469-ab665092970d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b72ed1a8-650b-4630-ace2-3cf62bb3b7e9",
+ "id": "bundle--d823ed68-575e-430b-b9f8-869e20f4e75d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5bc895e8-eb26-43ec-8469-ab665092970d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.21013Z",
- "modified": "2023-09-28T21:25:13.21013Z",
+ "created": "2024-08-02T17:12:32.347214Z",
+ "modified": "2024-08-02T17:12:32.347214Z",
"name": "Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bca3084-f5b0-48a8-934c-7f2c03bfd2c3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bca3084-f5b0-48a8-934c-7f2c03bfd2c3.json
index 5bcd146..f5c2717 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bca3084-f5b0-48a8-934c-7f2c03bfd2c3.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5bca3084-f5b0-48a8-934c-7f2c03bfd2c3.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--978ff4cd-1e44-405b-a442-00e2316ef23c",
+ "id": "bundle--5388c880-5f56-4dc6-8f2d-d99188993717",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5bca3084-f5b0-48a8-934c-7f2c03bfd2c3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.278976Z",
- "modified": "2023-09-28T21:25:13.278976Z",
+ "created": "2024-08-02T17:12:32.414942Z",
+ "modified": "2024-08-02T17:12:32.414942Z",
"name": "Change Names of Information Assets",
"description": "Changing names or brand names of information assets such as accounts, channels, pages etc. An operation may change the names or brand names of its assets throughout an operation to avoid detection or alter the names of newly acquired or repurposed assets to fit operational narratives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5d4cafe2-42cc-4c41-8ce7-41256e1383f7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5d4cafe2-42cc-4c41-8ce7-41256e1383f7.json
index 58f64fa..b7ef649 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5d4cafe2-42cc-4c41-8ce7-41256e1383f7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5d4cafe2-42cc-4c41-8ce7-41256e1383f7.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--80f1b645-a5bc-4172-b736-c96f9e8872d3",
+ "id": "bundle--35dd4d54-8557-42d5-acc5-c60aac924f17",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5d4cafe2-42cc-4c41-8ce7-41256e1383f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.202853Z",
- "modified": "2023-09-28T21:25:13.202853Z",
- "name": "Bait Legitimate Influencers",
- "description": "Credibility in a social media environment is often a function of the size of a user's network. \"Influencers\" are so-called because of their reach, typically understood as: 1) the size of their network (i.e. the number of followers, perhaps weighted by their own influence); and 2) The rate at which their comments are re-circulated (these two metrics are related). Add traditional media players at all levels of credibility and professionalism to this, and the number of potential influencial carriers available for unwitting amplification becomes substantial. By targeting high-influence people and organisations in all types of media with narratives and content engineered to appeal their emotional or ideological drivers, influence campaigns are able to add perceived credibility to their messaging via saturation and adoption by trusted agents such as celebrities, journalists and local leaders.",
+ "created": "2024-08-02T17:12:32.343367Z",
+ "modified": "2024-08-02T17:12:32.343367Z",
+ "name": "Bait Influencer",
+ "description": "Influencers are people on social media platforms who have large audiences.
Threat Actors can try to trick Influencers such as celebrities, journalists, or local leaders who aren\u2019t associated with their campaign into amplifying campaign content. This gives them access to the Influencer\u2019s audience without having to go through the effort of building it themselves, and it helps legitimise their message by associating it with the Influencer, benefitting from their audience\u2019s trust in them.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "conduct-pump-priming"
+ "phase_name": "maximise-exposure"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5d59ac02-0489-438c-84b8-7fe8c15d1fec.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5d59ac02-0489-438c-84b8-7fe8c15d1fec.json
new file mode 100644
index 0000000..04bcbfa
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5d59ac02-0489-438c-84b8-7fe8c15d1fec.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--3ee115e5-28e8-4efe-8bc6-aa423550c1bf",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--5d59ac02-0489-438c-84b8-7fe8c15d1fec",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.421799Z",
+ "modified": "2024-08-02T17:12:32.421799Z",
+ "name": "Undermine",
+ "description": "Weaken, debilitate, or subvert a target or their actions. An influence operation may be designed to disparage an opponent; sabotage an opponent\u2019s systems or processes; compromise an opponent\u2019s relationships or support system; impair an opponent\u2019s capability; or thwart an opponent\u2019s initiative. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0135.md",
+ "external_id": "T0135"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5daa2f8a-2460-4cdd-ae55-b70f439a9f51.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5daa2f8a-2460-4cdd-ae55-b70f439a9f51.json
index 11bb94c..c19a5e9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5daa2f8a-2460-4cdd-ae55-b70f439a9f51.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5daa2f8a-2460-4cdd-ae55-b70f439a9f51.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1248df96-38fb-436f-a12e-c422f7877c8f",
+ "id": "bundle--09d6d1d5-d274-43d7-b43f-8b54b24cc601",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5daa2f8a-2460-4cdd-ae55-b70f439a9f51",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.269813Z",
- "modified": "2023-09-28T21:25:13.269813Z",
+ "created": "2024-08-02T17:12:32.407532Z",
+ "modified": "2024-08-02T17:12:32.407532Z",
"name": "One-Way Direct Posting",
"description": "Direct posting refers to a method of posting content via a one-way messaging service, where the recipient cannot directly respond to the poster\u2019s messaging. An influence operation may post directly to promote operation narratives to the target audience without allowing opportunities for fact-checking or disagreement, creating a false sense of support for the narrative.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5dc224b1-c69e-496d-91f7-e8ce4fd3f166.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5dc224b1-c69e-496d-91f7-e8ce4fd3f166.json
index 1a38e50..8ec3071 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5dc224b1-c69e-496d-91f7-e8ce4fd3f166.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5dc224b1-c69e-496d-91f7-e8ce4fd3f166.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a312ddbb-cff2-46ba-8251-c28251b91dfa",
+ "id": "bundle--332a1517-7fc5-4f25-8679-b461f778b8f3",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5dc224b1-c69e-496d-91f7-e8ce4fd3f166",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.288478Z",
- "modified": "2023-09-28T21:25:13.288478Z",
+ "created": "2024-08-02T17:12:32.419551Z",
+ "modified": "2024-08-02T17:12:32.419551Z",
"name": "Content Focused",
"description": "Measure the performance of campaign content",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5e7541d8-2b43-4443-89d9-7362ca78944c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5e7541d8-2b43-4443-89d9-7362ca78944c.json
index e455f5a..7232f7e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5e7541d8-2b43-4443-89d9-7362ca78944c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5e7541d8-2b43-4443-89d9-7362ca78944c.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--0bbc8289-e38c-4a0d-a910-613213b96d98",
+ "id": "bundle--2a022589-ca2c-432b-8ddc-39d06a24534f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5e7541d8-2b43-4443-89d9-7362ca78944c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.273494Z",
- "modified": "2023-09-28T21:25:13.273494Z",
+ "created": "2024-08-02T17:12:32.409423Z",
+ "modified": "2024-08-02T17:12:32.409423Z",
"name": "Incentivize Sharing",
"description": "Incentivizing content sharing refers to actions that encourage users to share content themselves, reducing the need for the operation itself to post and promote its own content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5f8a5d7e-fc17-48f2-a6fa-38fcf7843bdf.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5f8a5d7e-fc17-48f2-a6fa-38fcf7843bdf.json
index 14d77ef..c426ab6 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5f8a5d7e-fc17-48f2-a6fa-38fcf7843bdf.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--5f8a5d7e-fc17-48f2-a6fa-38fcf7843bdf.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--4db02a9a-26f2-454e-be56-3a043e3a6794",
+ "id": "bundle--a98f4227-3754-4a70-b762-31824fb49e60",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5f8a5d7e-fc17-48f2-a6fa-38fcf7843bdf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.232379Z",
- "modified": "2023-09-28T21:25:13.232379Z",
+ "created": "2024-08-02T17:12:32.3734Z",
+ "modified": "2024-08-02T17:12:32.3734Z",
"name": "Develop Image-Based Content",
"description": "Creating and editing false or misleading visual artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include photographing staged real-life situations, repurposing existing digital images, or using image creation and editing technologies.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--61df6490-ca2c-41b7-a251-ded790a03a71.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--61df6490-ca2c-41b7-a251-ded790a03a71.json
index cb742c3..068ac07 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--61df6490-ca2c-41b7-a251-ded790a03a71.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--61df6490-ca2c-41b7-a251-ded790a03a71.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c267cae6-67ed-4bdf-844a-e71d1b6b6faa",
+ "id": "bundle--404214ff-d4dc-42c9-b81f-bf2b6e2e6b13",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--61df6490-ca2c-41b7-a251-ded790a03a71",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.196042Z",
- "modified": "2023-09-28T21:25:13.196042Z",
+ "created": "2024-08-02T17:12:32.336388Z",
+ "modified": "2024-08-02T17:12:32.336388Z",
"name": "Conduct Fundraising",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services166 on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns to promote operation messaging while raising money to support its activities.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62036130-6083-43e3-b1e0-8ab0822bedda.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62036130-6083-43e3-b1e0-8ab0822bedda.json
index d0f70d5..d3be817 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62036130-6083-43e3-b1e0-8ab0822bedda.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62036130-6083-43e3-b1e0-8ab0822bedda.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f47cb1e5-935f-4a46-bc30-ea62bfd13d04",
+ "id": "bundle--9f496bf0-5511-4290-b236-919760e8562d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--62036130-6083-43e3-b1e0-8ab0822bedda",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.258527Z",
- "modified": "2023-09-28T21:25:13.258527Z",
+ "created": "2024-08-02T17:12:32.401797Z",
+ "modified": "2024-08-02T17:12:32.401797Z",
"name": "Use Hashtags",
"description": "Use a dedicated, existing hashtag for the campaign/incident.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--625fe1a6-ee9d-45c8-9912-9e9f6e87dc85.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--625fe1a6-ee9d-45c8-9912-9e9f6e87dc85.json
index d86c160..d2bf0f2 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--625fe1a6-ee9d-45c8-9912-9e9f6e87dc85.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--625fe1a6-ee9d-45c8-9912-9e9f6e87dc85.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f4eb45b9-d9f6-4f5d-9885-d74afc20cf6a",
+ "id": "bundle--0c164a85-8945-4c03-b3ab-8d17b6a52cbf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--625fe1a6-ee9d-45c8-9912-9e9f6e87dc85",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.226454Z",
- "modified": "2023-09-28T21:25:13.226454Z",
+ "created": "2024-08-02T17:12:32.366827Z",
+ "modified": "2024-08-02T17:12:32.366827Z",
"name": "Identify Existing Conspiracy Narratives/Suspicions",
"description": "An influence operation may assess preexisting conspiracy theories or suspicions in a population to identify existing narratives that support operational objectives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6270bd3c-efcf-4778-8512-065abffe9a88.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6270bd3c-efcf-4778-8512-065abffe9a88.json
new file mode 100644
index 0000000..0f40d1c
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6270bd3c-efcf-4778-8512-065abffe9a88.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--7ce7cd13-ce43-45be-8775-40033c407422",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--6270bd3c-efcf-4778-8512-065abffe9a88",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.387376Z",
+ "modified": "2024-08-02T17:12:32.387376Z",
+ "name": "Romantic Suitor Persona",
+ "description": "A person with a romantic suitor persona presents themselves as seeking a romantic or physical connection with another person.
While presenting as seeking a romantic or physical connection is not an indication of inauthentic behaviour, threat actors can use dating apps, social media channels or dating websites to fabricate romantic suitors to lure targets they can blackmail, extract information from, deceive or trick into giving them money (T0143.002: Fabricated Persona, T0097.109: Romantic Suitor Persona).
Honeypotting in espionage and Big Butchering in scamming are commonly associated with romantic suitor personas.
Associated Techniques and Sub-techniques T0104.002: Dating App: Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.109.md",
+ "external_id": "T0097.109"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62a0eef8-a23a-4fbf-bb17-17ea636213cc.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62a0eef8-a23a-4fbf-bb17-17ea636213cc.json
new file mode 100644
index 0000000..58326c4
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62a0eef8-a23a-4fbf-bb17-17ea636213cc.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--323ed344-8e55-49fb-b6b9-158c788b1d9e",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--62a0eef8-a23a-4fbf-bb17-17ea636213cc",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.426585Z",
+ "modified": "2024-08-02T17:12:32.426585Z",
+ "name": "Scam",
+ "description": "Defraud a target or trick a target into doing something that benefits the attacker. A typical scam is where a fraudster convinces a target to pay for something without the intention of ever delivering anything in return. Alternatively, the fraudster may promise benefits which never materialise, such as a fake cure. Criminals often exploit a fear or crisis or generate a sense of urgency. They may use deepfakes to impersonate authority figures or individuals in distress. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.002.md",
+ "external_id": "T0137.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62eb26b8-d555-46a5-831d-c6b55909a9c4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62eb26b8-d555-46a5-831d-c6b55909a9c4.json
new file mode 100644
index 0000000..7c5704c
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--62eb26b8-d555-46a5-831d-c6b55909a9c4.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--82eba7d2-f57d-451a-93b3-4312ddf1f54a",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--62eb26b8-d555-46a5-831d-c6b55909a9c4",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.424819Z",
+ "modified": "2024-08-02T17:12:32.424819Z",
+ "name": "Cultivate Support for Ally",
+ "description": "Elevate or fortify the public backing for a partner. Governments may interfere in other countries\u2019 elections by covertly favouring a party or candidate aligned with their interests. They may also mount an influence operation to bolster the reputation of an ally under attack. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.006.md",
+ "external_id": "T0136.006"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--63ed1a5a-835e-4a51-9b95-0f0525a95186.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--63ed1a5a-835e-4a51-9b95-0f0525a95186.json
new file mode 100644
index 0000000..8ef3ce1
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--63ed1a5a-835e-4a51-9b95-0f0525a95186.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--5d172599-a09d-4587-abd3-8ce43f1418f8",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--63ed1a5a-835e-4a51-9b95-0f0525a95186",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.388973Z",
+ "modified": "2024-08-02T17:12:32.388973Z",
+ "name": "Institutional Persona",
+ "description": "This Technique can be used to indicate that an entity is presenting itself as an institution. If the organisation is presenting itself as having one of the personas listed below then these Techniques should be used instead, as they indicate both that the entity presented itself as an institution, and the type of persona they presented:
T0097.201: Local Institution Persona T0097.202: News Outlet Persona T0097.203: Fact Checking Organisation Persona T0097.204: Think Tank Persona T0097.205: Business Persona T0097.206: Government Institution Persona T0097.207: NGO Persona T0097.208: Social Cause Persona",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.200.md",
+ "external_id": "T0097.200"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--648ac47f-a288-454a-a784-3f2111c0b76b.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--648ac47f-a288-454a-a784-3f2111c0b76b.json
new file mode 100644
index 0000000..677c462
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--648ac47f-a288-454a-a784-3f2111c0b76b.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--c1822293-ab7e-4d6a-9ab6-17fb5c1a3b7a",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--648ac47f-a288-454a-a784-3f2111c0b76b",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.423338Z",
+ "modified": "2024-08-02T17:12:32.423338Z",
+ "name": "Justify Action",
+ "description": "To convince others to exonerate you of a perceived wrongdoing. When an actor finds it untenable to deny doing something, they may attempt to exonerate themselves with disinformation which claims the action was reasonable. This is a special case of \u201cDefend Reputation\u201d. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.002.md",
+ "external_id": "T0136.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--64bcccb9-4d10-4eed-8c49-8816ecfd78a3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--64bcccb9-4d10-4eed-8c49-8816ecfd78a3.json
index 58a4ccd..e987598 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--64bcccb9-4d10-4eed-8c49-8816ecfd78a3.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--64bcccb9-4d10-4eed-8c49-8816ecfd78a3.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--1bfb4da1-b2c7-4513-a1a0-ba3b41e7e8b4",
+ "id": "bundle--36db7159-129e-40af-896e-6c70921f3880",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--64bcccb9-4d10-4eed-8c49-8816ecfd78a3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.248612Z",
- "modified": "2023-09-28T21:25:13.248612Z",
+ "created": "2024-08-02T17:12:32.382901Z",
+ "modified": "2024-08-02T17:12:32.382901Z",
"name": "Outsource Content Creation to External Organisations",
"description": "An influence operation may outsource content creation to external companies to avoid attribution, increase the rate of content creation, or improve content quality, i.e., by employing an organisation that can create content in the target audience\u2019s native language. Employed organisations may include marketing companies for tailored advertisements or external content farms for high volumes of targeted media.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--651a5188-f38a-42be-a253-d1b90cbd28e1.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--651a5188-f38a-42be-a253-d1b90cbd28e1.json
index 14e1c41..0004183 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--651a5188-f38a-42be-a253-d1b90cbd28e1.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--651a5188-f38a-42be-a253-d1b90cbd28e1.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--bd950293-02f9-4b39-8300-902ec3a625f1",
+ "id": "bundle--7992d67b-9b2a-4b21-b9c0-1cab374a318a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--651a5188-f38a-42be-a253-d1b90cbd28e1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.275963Z",
- "modified": "2023-09-28T21:25:13.275963Z",
+ "created": "2024-08-02T17:12:32.412165Z",
+ "modified": "2024-08-02T17:12:32.412165Z",
"name": "Goad People into Harmful Action (Stop Hitting Yourself)",
"description": "Goad people into actions that violate terms of service or will lead to having their content or accounts taken down.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--66e1a3b9-d837-4eaa-9cdf-900663a8708d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--66e1a3b9-d837-4eaa-9cdf-900663a8708d.json
new file mode 100644
index 0000000..db78b19
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--66e1a3b9-d837-4eaa-9cdf-900663a8708d.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--27d5a163-7617-4dbf-973b-2082460b702b",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--66e1a3b9-d837-4eaa-9cdf-900663a8708d",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.388554Z",
+ "modified": "2024-08-02T17:12:32.388554Z",
+ "name": "Government Employee Persona",
+ "description": "A person who presents as an active or previous civil servant has the government employee persona. These are professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).
Presenting as a government employee is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.112: Government Employee Persona). They may also impersonate existing government employees (T0143.003: Impersonated Persona, T0097.112: Government Employee Persona).
Legitimate government employees could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.112: Government Employee Persona). For example, a government employee could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Analysts should use this technique to document people who present as an active or previous government official, such as heads of government departments, leaders of countries, and members of government selected to represent constituents. T0097.206: Government Institution Persona: People presenting as members of a government may also present a government institution which they are associated with.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.112.md",
+ "external_id": "T0097.112"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--67afaa3d-ffd7-4ad5-bcb0-e77962c084cf.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--67afaa3d-ffd7-4ad5-bcb0-e77962c084cf.json
index e434fd7..195c614 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--67afaa3d-ffd7-4ad5-bcb0-e77962c084cf.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--67afaa3d-ffd7-4ad5-bcb0-e77962c084cf.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--550cf650-4fca-47bf-99bf-38d539ff020f",
+ "id": "bundle--c3dc8d66-8904-476b-8c75-f3cb67c57345",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--67afaa3d-ffd7-4ad5-bcb0-e77962c084cf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.287935Z",
- "modified": "2023-09-28T21:25:13.287935Z",
+ "created": "2024-08-02T17:12:32.418954Z",
+ "modified": "2024-08-02T17:12:32.418954Z",
"name": "Post Borderline Content",
"description": "Post Borderline Content",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--690761b6-8afd-4dd5-954e-174de362d1b0.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--690761b6-8afd-4dd5-954e-174de362d1b0.json
index dc2480a..e823b12 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--690761b6-8afd-4dd5-954e-174de362d1b0.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--690761b6-8afd-4dd5-954e-174de362d1b0.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--fe132d72-069e-4271-a67f-ed52829263fd",
+ "id": "bundle--fe45e0ab-8bf7-4231-ab56-320f9c452254",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--690761b6-8afd-4dd5-954e-174de362d1b0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.274229Z",
- "modified": "2023-09-28T21:25:13.274229Z",
+ "created": "2024-08-02T17:12:32.41053Z",
+ "modified": "2024-08-02T17:12:32.41053Z",
"name": "Direct Users to Alternative Platforms",
"description": "Direct users to alternative platforms refers to encouraging users to move from the platform on which they initially viewed operation content and engage with content on alternate information channels, including separate social media channels and inauthentic websites. An operation may drive users to alternative platforms to diversify its information channels and ensure the target audience knows where to access operation content if the initial platform suspends, flags, or otherwise removes original operation assets and content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--694bafc2-bd74-40c9-89f2-2ad033f079f4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--694bafc2-bd74-40c9-89f2-2ad033f079f4.json
index da98474..d7244cd 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--694bafc2-bd74-40c9-89f2-2ad033f079f4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--694bafc2-bd74-40c9-89f2-2ad033f079f4.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b8dd9a3e-54bb-497e-85a4-8defb61203a9",
+ "id": "bundle--268527bb-bf74-49c6-85b6-ac3d88e30b21",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--694bafc2-bd74-40c9-89f2-2ad033f079f4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.215512Z",
- "modified": "2023-09-28T21:25:13.215512Z",
+ "created": "2024-08-02T17:12:32.356167Z",
+ "modified": "2024-08-02T17:12:32.356167Z",
"name": "Demographic Segmentation",
"description": "An influence operation may target populations based on demographic segmentation, including age, gender, and income. Demographic segmentation may be useful for influence operations aiming to change state policies that affect a specific population sector. For example, an influence operation attempting to influence Medicare funding in the United States would likely target U.S. voters over 65 years of age.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--69f4e3bb-a587-468a-8a0c-31f9acd931b6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--69f4e3bb-a587-468a-8a0c-31f9acd931b6.json
new file mode 100644
index 0000000..e0583c4
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--69f4e3bb-a587-468a-8a0c-31f9acd931b6.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--cedc1d79-597f-4b15-a872-4964c8f6f4b6",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--69f4e3bb-a587-468a-8a0c-31f9acd931b6",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.423136Z",
+ "modified": "2024-08-02T17:12:32.423136Z",
+ "name": "Defend Reputaton",
+ "description": "Preserve a positive perception in the public\u2019s mind following an accusation or adverse event. When accused of a wrongful act, an actor may engage in denial, counter accusations, whataboutism, or conspiracy theories to distract public attention and attempt to maintain a positive image. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.001.md",
+ "external_id": "T0136.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6aa772c8-f51f-428e-a7e5-2d69dd8d4add.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6aa772c8-f51f-428e-a7e5-2d69dd8d4add.json
index 88cf201..0e27de1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6aa772c8-f51f-428e-a7e5-2d69dd8d4add.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6aa772c8-f51f-428e-a7e5-2d69dd8d4add.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--035818f7-856d-4ba5-95fc-958ee847e7a9",
+ "id": "bundle--d8f896a2-bcc4-4e33-9da8-f11d3612bda1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6aa772c8-f51f-428e-a7e5-2d69dd8d4add",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.290026Z",
- "modified": "2023-09-28T21:25:13.290026Z",
+ "created": "2024-08-02T17:12:32.421176Z",
+ "modified": "2024-08-02T17:12:32.421176Z",
"name": "Measure Effectiveness Indicators (or KPIs)",
"description": "Ensuring that Key Performance Indicators are identified and tracked, so that the performance and effectiveness of campaigns, and elements of campaigns, can be measured, during and after their execution.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6ae4a4d2-4ac8-4764-ac9f-7261c5c882e0.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6ae4a4d2-4ac8-4764-ac9f-7261c5c882e0.json
new file mode 100644
index 0000000..226b683
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6ae4a4d2-4ac8-4764-ac9f-7261c5c882e0.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--b76e4fc3-76d9-44d7-bf7c-b8b04fe8d04b",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--6ae4a4d2-4ac8-4764-ac9f-7261c5c882e0",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431094Z",
+ "modified": "2024-08-02T17:12:32.431094Z",
+ "name": "Authentic Persona",
+ "description": "An individual or institution presenting a persona that legitimately matches who or what they are is presenting an authentic persona.
For example, an account which presents as being managed by a member of a country\u2019s military, and is legitimately managed by that person, would be presenting an authentic persona (T0143.001: Authentic Persona, T0097.105: Military Personnel).
Sometimes people can authentically present themselves as who they are while still participating in malicious/inauthentic activity; a legitimate journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) may accept bribes to promote products, or they could be tricked by threat actors into sharing an operation\u2019s narrative.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.001.md",
+ "external_id": "T0143.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b23206e-6a5a-4173-ab1a-17e6cc9a9d2d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b23206e-6a5a-4173-ab1a-17e6cc9a9d2d.json
index 5a1a8e4..3500e72 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b23206e-6a5a-4173-ab1a-17e6cc9a9d2d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b23206e-6a5a-4173-ab1a-17e6cc9a9d2d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--0d797adb-8ff1-4179-8df8-d4745c497fac",
+ "id": "bundle--e7f5fee3-5ee2-461c-80f2-3648ca690eb7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6b23206e-6a5a-4173-ab1a-17e6cc9a9d2d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.205963Z",
- "modified": "2023-09-28T21:25:13.205963Z",
+ "created": "2024-08-02T17:12:32.344511Z",
+ "modified": "2024-08-02T17:12:32.344511Z",
"name": "Seed Distortions",
"description": "Try a wide variety of messages in the early hours surrounding an incident or event, to give a misleading account or impression.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b495bb5-d2ab-4da7-9530-a1aadd488803.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b495bb5-d2ab-4da7-9530-a1aadd488803.json
index 285465e..441c168 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b495bb5-d2ab-4da7-9530-a1aadd488803.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b495bb5-d2ab-4da7-9530-a1aadd488803.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--176fdd25-54ff-4895-b020-0f1dc02ca98c",
+ "id": "bundle--3573afad-e6b8-474e-9912-8e8462443590",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6b495bb5-d2ab-4da7-9530-a1aadd488803",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.278837Z",
- "modified": "2023-09-28T21:25:13.278837Z",
+ "created": "2024-08-02T17:12:32.414755Z",
+ "modified": "2024-08-02T17:12:32.414755Z",
"name": "Launder Information Assets",
"description": "Laundering occurs when an influence operation acquires control of previously legitimate information assets such as accounts, channels, pages etc. from third parties through sale or exchange and often in contravention of terms of use. Influence operations use laundered assets to reach target audience members from within an existing information community and to complicate attribution.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6c001f2c-b143-4d9b-91d7-5a663152cdb5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6c001f2c-b143-4d9b-91d7-5a663152cdb5.json
new file mode 100644
index 0000000..c0ae0b2
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6c001f2c-b143-4d9b-91d7-5a663152cdb5.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--f205f7c5-effe-49df-8c80-5efc717947dc",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--6c001f2c-b143-4d9b-91d7-5a663152cdb5",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.359091Z",
+ "modified": "2024-08-02T17:12:32.359091Z",
+ "name": "Domestic Political Advantage",
+ "description": "Favourable position vis-\u00e0-vis national or sub-national political opponents such as political parties, interest groups, politicians, candidates. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-strategy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.002.md",
+ "external_id": "T0074.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6d75e3ac-e923-4815-8e9b-3e6af9e1baa0.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6d75e3ac-e923-4815-8e9b-3e6af9e1baa0.json
index 21cd232..3da87d9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6d75e3ac-e923-4815-8e9b-3e6af9e1baa0.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6d75e3ac-e923-4815-8e9b-3e6af9e1baa0.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--252f0334-ec98-439f-b90f-b31a46a96c3b",
+ "id": "bundle--29d47f91-effa-4c50-bdeb-6cf90b632049",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6d75e3ac-e923-4815-8e9b-3e6af9e1baa0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.257306Z",
- "modified": "2023-09-28T21:25:13.257306Z",
+ "created": "2024-08-02T17:12:32.399894Z",
+ "modified": "2024-08-02T17:12:32.399894Z",
"name": "Audio Livestream",
"description": "An audio livestream refers to an online audio broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6db47704-ba87-402d-933a-de90f5aa8965.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6db47704-ba87-402d-933a-de90f5aa8965.json
index 152c202..cd60390 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6db47704-ba87-402d-933a-de90f5aa8965.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6db47704-ba87-402d-933a-de90f5aa8965.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--24f54852-1d9e-42e7-8384-ace8434150ad",
+ "id": "bundle--f62e5056-c584-4efc-82eb-72f549f4178b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6db47704-ba87-402d-933a-de90f5aa8965",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.250085Z",
- "modified": "2023-09-28T21:25:13.250085Z",
+ "created": "2024-08-02T17:12:32.3934Z",
+ "modified": "2024-08-02T17:12:32.3934Z",
"name": "Establish Inauthentic News Sites",
"description": "Modern computational propaganda makes use of a cadre of imposter news sites spreading globally. These sites, sometimes motivated by concerns other than propaganda--for instance, click-based revenue--often have some superficial markers of authenticity, such as naming and site-design. But many can be quickly exposed with reference to their owenership, reporting history and adverstising details.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6e525f48-d8d6-4484-8838-208eb00bd2a8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6e525f48-d8d6-4484-8838-208eb00bd2a8.json
index ee39736..ea2a1e3 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6e525f48-d8d6-4484-8838-208eb00bd2a8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6e525f48-d8d6-4484-8838-208eb00bd2a8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e3f35a6b-10ed-42ac-94ca-4a8982b62f6f",
+ "id": "bundle--709c6002-3adc-47f9-a6fa-4955f369aaca",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6e525f48-d8d6-4484-8838-208eb00bd2a8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.259452Z",
- "modified": "2023-09-28T21:25:13.259452Z",
+ "created": "2024-08-02T17:12:32.402812Z",
+ "modified": "2024-08-02T17:12:32.402812Z",
"name": "Media Sharing Networks",
"description": "Media sharing networks refer to services whose primary function is the hosting and sharing of specific forms of media. Examples include Instagram, Snapchat, TikTok, Youtube, SoundCloud.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6f020d80-d267-4e2a-8cd0-6d0dabe84f3a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6f020d80-d267-4e2a-8cd0-6d0dabe84f3a.json
index 28ad384..76f393b 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6f020d80-d267-4e2a-8cd0-6d0dabe84f3a.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6f020d80-d267-4e2a-8cd0-6d0dabe84f3a.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--01d02a20-4b54-4cdb-a142-69019421de5b",
+ "id": "bundle--2b605246-08c4-4033-87d8-ad65d9e75f56",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6f020d80-d267-4e2a-8cd0-6d0dabe84f3a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.239842Z",
- "modified": "2023-09-28T21:25:13.239842Z",
+ "created": "2024-08-02T17:12:32.377225Z",
+ "modified": "2024-08-02T17:12:32.377225Z",
"name": "Create Inauthentic Accounts",
"description": "Inauthentic accounts include bot accounts, cyborg accounts, sockpuppet accounts, and anonymous accounts.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6faf71ca-1e32-4134-8a7c-79b25f7f3615.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6faf71ca-1e32-4134-8a7c-79b25f7f3615.json
index 3c74d65..21e2de0 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6faf71ca-1e32-4134-8a7c-79b25f7f3615.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--6faf71ca-1e32-4134-8a7c-79b25f7f3615.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e2690a89-3cc6-441f-99f4-60fa1607de73",
+ "id": "bundle--feeed3d4-0274-43af-9eef-7f5cfcd9cfe8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6faf71ca-1e32-4134-8a7c-79b25f7f3615",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.217222Z",
- "modified": "2023-09-28T21:25:13.217222Z",
+ "created": "2024-08-02T17:12:32.357634Z",
+ "modified": "2024-08-02T17:12:32.357634Z",
"name": "Determine Target Audiences",
"description": "Determining the target audiences (segments of the population) who will receive campaign narratives and artefacts intended to achieve the strategic ends.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--70717452-f7e3-4ce8-956f-39a4d34c5cfb.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--70717452-f7e3-4ce8-956f-39a4d34c5cfb.json
index 8b1d349..4574732 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--70717452-f7e3-4ce8-956f-39a4d34c5cfb.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--70717452-f7e3-4ce8-956f-39a4d34c5cfb.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--291fa157-975f-433f-8dd2-ca4f9a53979c",
+ "id": "bundle--525e5f85-8c8f-42a3-8db1-13b5bd40b089",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--70717452-f7e3-4ce8-956f-39a4d34c5cfb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.190139Z",
- "modified": "2023-09-28T21:25:13.190139Z",
+ "created": "2024-08-02T17:12:32.328302Z",
+ "modified": "2024-08-02T17:12:32.328302Z",
"name": "Facilitate State Propaganda",
"description": "Organise citizens around pro-state messaging. Coordinate paid or volunteer groups to push state propaganda.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72207f73-5b54-4cd4-b453-746a61eb3e28.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72207f73-5b54-4cd4-b453-746a61eb3e28.json
index ef43691..0ba6dde 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72207f73-5b54-4cd4-b453-746a61eb3e28.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72207f73-5b54-4cd4-b453-746a61eb3e28.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--89c5bd5c-55e6-4a88-a00a-5b6dca031dcc",
+ "id": "bundle--85440c9e-6851-4af9-882f-4e6df09e0ec6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--72207f73-5b54-4cd4-b453-746a61eb3e28",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.19624Z",
- "modified": "2023-09-28T21:25:13.19624Z",
+ "created": "2024-08-02T17:12:32.336655Z",
+ "modified": "2024-08-02T17:12:32.336655Z",
"name": "Conduct Crowdfunding Campaigns",
"description": "An influence operation may Conduct Crowdfunding Campaigns on platforms such as GoFundMe, GiveSendGo, Tipeee, Patreon, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72268aef-baf4-4606-a3ba-837950a54f52.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72268aef-baf4-4606-a3ba-837950a54f52.json
new file mode 100644
index 0000000..560e2b7
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72268aef-baf4-4606-a3ba-837950a54f52.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--46ed6e04-0b5c-4f47-ab60-84adb077a768",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--72268aef-baf4-4606-a3ba-837950a54f52",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.390521Z",
+ "modified": "2024-08-02T17:12:32.390521Z",
+ "name": "News Outlet Persona",
+ "description": "An institution with a news outlet persona presents itself as an organisation which delivers new information to its target audience.
While presenting as a news outlet is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by news organisations. Threat actors can fabricate news organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing news outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate news organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniquesT0097.102: Journalist Persona: Institutions presenting as news outlets may also present journalists working within the organisation. T0097.201: Local Institution Persona: Institutions presenting as news outlets may present as being a local news outlet. T0097.203: Fact Checking Organisation Persona: Institutions presenting as news outlets may also deliver a fact checking service (e.g. The UK\u2019s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.202.md",
+ "external_id": "T0097.202"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--729483ae-39cf-416e-8d38-da06f1fc5991.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--729483ae-39cf-416e-8d38-da06f1fc5991.json
new file mode 100644
index 0000000..4e0a485
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--729483ae-39cf-416e-8d38-da06f1fc5991.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--49f68c1e-b6c5-40bb-9377-0ac96e152eed",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--729483ae-39cf-416e-8d38-da06f1fc5991",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.430495Z",
+ "modified": "2024-08-02T17:12:32.430495Z",
+ "name": "Acquire Compromised Asset",
+ "description": "Threat Actors may take over existing assets not owned by them through nefarious means, such as using technical exploits, hacking, purchasing compromised accounts from the dark web, or social engineering.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0141.md",
+ "external_id": "T0141"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72df7e55-dc60-4a7e-9928-ed41ac0e1581.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72df7e55-dc60-4a7e-9928-ed41ac0e1581.json
index 1e59cee..37f5b15 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72df7e55-dc60-4a7e-9928-ed41ac0e1581.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--72df7e55-dc60-4a7e-9928-ed41ac0e1581.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--0fdeeeff-528e-4912-9c08-1764c2aaf5b7",
+ "id": "bundle--fe5bebc7-4009-4af5-815b-e0d985d7bf5c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--72df7e55-dc60-4a7e-9928-ed41ac0e1581",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.271321Z",
- "modified": "2023-09-28T21:25:13.271321Z",
+ "created": "2024-08-02T17:12:32.408236Z",
+ "modified": "2024-08-02T17:12:32.408236Z",
"name": "Attract Traditional Media",
"description": "Deliver content by attracting the attention of traditional media (earned media).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--741c08dd-2dd3-4c6f-8d08-32481f4cb61f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--741c08dd-2dd3-4c6f-8d08-32481f4cb61f.json
new file mode 100644
index 0000000..46edbc2
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--741c08dd-2dd3-4c6f-8d08-32481f4cb61f.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--0c2e26d6-f627-4bf2-80b1-2a3d05c836d4",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--741c08dd-2dd3-4c6f-8d08-32481f4cb61f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.429741Z",
+ "modified": "2024-08-02T17:12:32.429741Z",
+ "name": "Defame",
+ "description": "Attempt to damage the target\u2019s personal reputation by impugning their character. This can range from subtle attempts to misrepresent or insinuate, to obvious attempts to denigrate or disparage, to blatant attempts to malign or vilify. Slander applies to oral expression. Libel applies to written or pictorial material. Defamation is often carried out by online trolls. The sole aim here is to cause harm to the target. If the threat actor uses defamation as a means of undermining the target, then choose sub-technique \u201cSmear\u201d of technique \u201cUndermine\u201d instead. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0140.001.md",
+ "external_id": "T0140.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7475b7e6-1095-4ae1-a995-10ab1a6c838a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7475b7e6-1095-4ae1-a995-10ab1a6c838a.json
index 8f1410f..13a6b55 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7475b7e6-1095-4ae1-a995-10ab1a6c838a.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7475b7e6-1095-4ae1-a995-10ab1a6c838a.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--da11a350-8ab9-4edb-b0cc-07f7d5208e04",
+ "id": "bundle--737c8f46-b4c5-43f0-8871-f5203700e51f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7475b7e6-1095-4ae1-a995-10ab1a6c838a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.229346Z",
- "modified": "2023-09-28T21:25:13.229346Z",
+ "created": "2024-08-02T17:12:32.369661Z",
+ "modified": "2024-08-02T17:12:32.369661Z",
"name": "Deceptively Labelled or Translated",
"description": "An influence operation may take authentic content from other sources and add deceptive labels or deceptively translate the content into other langauges.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--75a5c211-2590-498c-ad3a-129c912d5cd2.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--75a5c211-2590-498c-ad3a-129c912d5cd2.json
index b323c16..e5225bd 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--75a5c211-2590-498c-ad3a-129c912d5cd2.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--75a5c211-2590-498c-ad3a-129c912d5cd2.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--258e85d1-9e27-41b6-b565-e839da19f584",
+ "id": "bundle--7c16fd50-62ec-4b66-9fc6-a0454d87268f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--75a5c211-2590-498c-ad3a-129c912d5cd2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.191114Z",
- "modified": "2023-09-28T21:25:13.191114Z",
+ "created": "2024-08-02T17:12:32.331268Z",
+ "modified": "2024-08-02T17:12:32.331268Z",
"name": "Develop Competing Narratives",
"description": "Advance competing narratives connected to same issue ie: on one hand deny incident while at same time expresses dismiss. Suppressing or discouraging narratives already spreading requires an alternative. The most simple set of narrative techniques in response would be the construction and promotion of contradictory alternatives centred on denial, deflection, dismissal, counter-charges, excessive standards of proof, bias in prohibition or enforcement, and so on. These competing narratives allow loyalists cover, but are less compelling to opponents and fence-sitters than campaigns built around existing narratives or highly explanatory master narratives. Competing narratives, as such, are especially useful in the \"firehose of misinformation\" approach.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77574742-25a0-4375-a2c8-d5b54e1360aa.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77574742-25a0-4375-a2c8-d5b54e1360aa.json
index 2d25af3..049ff32 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77574742-25a0-4375-a2c8-d5b54e1360aa.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77574742-25a0-4375-a2c8-d5b54e1360aa.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c243daa5-72d3-44b7-b15f-607b744b87d5",
+ "id": "bundle--c1e126ba-4545-4fd1-b5a4-df0a44c941ba",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--77574742-25a0-4375-a2c8-d5b54e1360aa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.215004Z",
- "modified": "2023-09-28T21:25:13.215004Z",
+ "created": "2024-08-02T17:12:32.355793Z",
+ "modified": "2024-08-02T17:12:32.355793Z",
"name": "Geographic Segmentation",
"description": "An influence operation may target populations in a specific geographic location, such as a region, state, or city. An influence operation may use geographic segmentation to Create Localised Content (see: Establish Legitimacy).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--779fe6e8-44ee-4f36-ab93-9daa867001d4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--779fe6e8-44ee-4f36-ab93-9daa867001d4.json
index 638e572..5cb08a2 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--779fe6e8-44ee-4f36-ab93-9daa867001d4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--779fe6e8-44ee-4f36-ab93-9daa867001d4.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b4b36fa4-d2c2-4122-9a26-e3221bcdcda2",
+ "id": "bundle--9f3ad8d3-ae70-4c24-bb42-bf51ed912884",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--779fe6e8-44ee-4f36-ab93-9daa867001d4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.237308Z",
- "modified": "2023-09-28T21:25:13.237308Z",
+ "created": "2024-08-02T17:12:32.376384Z",
+ "modified": "2024-08-02T17:12:32.376384Z",
"name": "Deceptively Edit Audio (Cheap Fakes)",
"description": "Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77cb282d-d6e6-4d86-87bf-08a2483bdbb6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77cb282d-d6e6-4d86-87bf-08a2483bdbb6.json
index fb4d595..5fe3b86 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77cb282d-d6e6-4d86-87bf-08a2483bdbb6.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--77cb282d-d6e6-4d86-87bf-08a2483bdbb6.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--46e473a1-d709-413c-a20b-a07be00df40c",
+ "id": "bundle--f8f64ce8-48f8-4f4e-a447-ee09899bfade",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--77cb282d-d6e6-4d86-87bf-08a2483bdbb6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.202323Z",
- "modified": "2023-09-28T21:25:13.202323Z",
+ "created": "2024-08-02T17:12:32.342854Z",
+ "modified": "2024-08-02T17:12:32.342854Z",
"name": "Online Polls",
"description": "Create fake online polls, or manipulate existing online polls. Data gathering tactic to target those who engage, and potentially their networks of friends/followers as well",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78a2af04-ac4a-430b-b233-6223715a76f5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78a2af04-ac4a-430b-b233-6223715a76f5.json
index 0a548d3..b23d3c4 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78a2af04-ac4a-430b-b233-6223715a76f5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78a2af04-ac4a-430b-b233-6223715a76f5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--faae5d76-627b-4cb2-aca4-e5e0a342e40b",
+ "id": "bundle--0e6eb2b8-c68d-40d0-ac6f-651494719c8d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--78a2af04-ac4a-430b-b233-6223715a76f5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.257486Z",
- "modified": "2023-09-28T21:25:13.257486Z",
+ "created": "2024-08-02T17:12:32.400087Z",
+ "modified": "2024-08-02T17:12:32.400087Z",
"name": "Social Networks",
"description": "Social media are interactive digital channels that facilitate the creation and sharing of information, ideas, interests, and other forms of expression through virtual communities and networks.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78cf4cd6-a8a0-408f-a5e8-d6f1491aace8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78cf4cd6-a8a0-408f-a5e8-d6f1491aace8.json
index a88a098..2be0869 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78cf4cd6-a8a0-408f-a5e8-d6f1491aace8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78cf4cd6-a8a0-408f-a5e8-d6f1491aace8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f9f60bd1-8fc0-4df6-a7b8-cf90378796af",
+ "id": "bundle--553864cc-f533-42ec-b650-a286be29fd3f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--78cf4cd6-a8a0-408f-a5e8-d6f1491aace8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.278041Z",
- "modified": "2023-09-28T21:25:13.278041Z",
+ "created": "2024-08-02T17:12:32.41414Z",
+ "modified": "2024-08-02T17:12:32.41414Z",
"name": "Use Pseudonyms",
"description": "An operation may use pseudonyms, or fake names, to mask the identity of operational accounts, channels, pages etc., publish anonymous content, or otherwise use falsified personas to conceal the identity of the operation. An operation may coordinate pseudonyms across multiple platforms, for example, by writing an article under a pseudonym and then posting a link to the article on social media on an account, channel, or page with the same falsified name.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78ff99d8-dce8-4f4e-9dc2-3f37f154a39d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78ff99d8-dce8-4f4e-9dc2-3f37f154a39d.json
index 6593a81..541f107 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78ff99d8-dce8-4f4e-9dc2-3f37f154a39d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--78ff99d8-dce8-4f4e-9dc2-3f37f154a39d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b7d6a53c-a9ed-44a3-a1d1-84ef0d342f9a",
+ "id": "bundle--c446d440-549e-4aa9-ba41-4492a2ce1daa",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--78ff99d8-dce8-4f4e-9dc2-3f37f154a39d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.259826Z",
- "modified": "2023-09-28T21:25:13.259826Z",
+ "created": "2024-08-02T17:12:32.40304Z",
+ "modified": "2024-08-02T17:12:32.40304Z",
"name": "Photo Sharing",
"description": "Examples include Instagram, Snapchat, Flickr, etc",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b32abce-e101-4dc3-98db-30b79c0c8397.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b32abce-e101-4dc3-98db-30b79c0c8397.json
index 2670805..e34c591 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b32abce-e101-4dc3-98db-30b79c0c8397.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b32abce-e101-4dc3-98db-30b79c0c8397.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d8b477d9-a711-4fa8-9365-0a9b887fe22c",
+ "id": "bundle--8eec3736-f862-4ca7-8efd-689e0dfb6ae9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7b32abce-e101-4dc3-98db-30b79c0c8397",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.212278Z",
- "modified": "2023-09-28T21:25:13.212278Z",
+ "created": "2024-08-02T17:12:32.352216Z",
+ "modified": "2024-08-02T17:12:32.352216Z",
"name": "Pay for Physical Action",
"description": "Paying for physical action occurs when an influence operation pays individuals to act in the physical realm. An influence operation may pay for physical action to create specific situations and frame them in a way that supports operation narratives, for example, paying a group of people to burn a car to later post an image of the burning car and frame it as an act of protest.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b6c328e-b050-4d76-8e11-ff3b3fe7dea3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b6c328e-b050-4d76-8e11-ff3b3fe7dea3.json
index cb82ad0..16dcb40 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b6c328e-b050-4d76-8e11-ff3b3fe7dea3.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7b6c328e-b050-4d76-8e11-ff3b3fe7dea3.json
@@ -1,16 +1,16 @@
{
"type": "bundle",
- "id": "bundle--4fad99fd-bde0-40eb-8fbf-ade474cc4d6a",
+ "id": "bundle--ecdb442e-b776-4eda-b607-0433dfd78c34",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7b6c328e-b050-4d76-8e11-ff3b3fe7dea3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.233365Z",
- "modified": "2023-09-28T21:25:13.233365Z",
+ "created": "2024-08-02T17:12:32.374151Z",
+ "modified": "2024-08-02T17:12:32.374151Z",
"name": "Develop AI-Generated Images (Deepfakes)",
- "description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
+ "description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.
Associated Techniques and Sub-techniques: T0145.002: AI-Generated Account Imagery: Analysts should use this sub-technique to document use of AI generated imagery in accounts\u2019 profile pictures or other account imagery.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7bcb15ef-d371-4b1e-8768-30784e9d7b87.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7bcb15ef-d371-4b1e-8768-30784e9d7b87.json
new file mode 100644
index 0000000..9af4806
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7bcb15ef-d371-4b1e-8768-30784e9d7b87.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--e68da775-9c4d-4253-9160-3f5fa2d6d8ab",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--7bcb15ef-d371-4b1e-8768-30784e9d7b87",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.426878Z",
+ "modified": "2024-08-02T17:12:32.426878Z",
+ "name": "Raise Funds",
+ "description": "Solicit donations for a cause. Popular conspiracy theorists can attract financial contributions from their followers. Fighting back against the establishment is a popular crowdfunding narrative. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.003.md",
+ "external_id": "T0137.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d5ba27c-12c7-4a30-8624-e1ea6670f0f8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d5ba27c-12c7-4a30-8624-e1ea6670f0f8.json
index 500afd1..e6d7f9c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d5ba27c-12c7-4a30-8624-e1ea6670f0f8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d5ba27c-12c7-4a30-8624-e1ea6670f0f8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--3fd2c1db-d8ab-4dda-a02c-0b9c76cdf2b1",
+ "id": "bundle--e076c448-5a8c-464e-88ee-dea6478fb020",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7d5ba27c-12c7-4a30-8624-e1ea6670f0f8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.208447Z",
- "modified": "2023-09-28T21:25:13.208447Z",
+ "created": "2024-08-02T17:12:32.345448Z",
+ "modified": "2024-08-02T17:12:32.345448Z",
"name": "Boycott/\"Cancel\" Opponents",
"description": "Cancel culture refers to the phenomenon in which individuals collectively refrain from supporting an individual, organisation, business, or other entity, usually following a real or falsified controversy. An influence operation may exploit cancel culture by emphasising an adversary\u2019s problematic or disputed behaviour and presenting its own content as an alternative.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d69d231-78a6-4a98-a715-c0edd9adafce.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d69d231-78a6-4a98-a715-c0edd9adafce.json
index 017edb8..76852cb 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d69d231-78a6-4a98-a715-c0edd9adafce.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d69d231-78a6-4a98-a715-c0edd9adafce.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9f22ca6d-ae97-4d0c-97f0-681666deabe4",
+ "id": "bundle--5c356f8b-5577-4cb8-8291-c7b7e93fb1e2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7d69d231-78a6-4a98-a715-c0edd9adafce",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.227018Z",
- "modified": "2023-09-28T21:25:13.227018Z",
+ "created": "2024-08-02T17:12:32.367396Z",
+ "modified": "2024-08-02T17:12:32.367396Z",
"name": "Identify Target Audience Adversaries",
"description": "An influence operation may identify or create a real or imaginary adversary to centre operation narratives against. A real adversary may include certain politicians or political parties while imaginary adversaries may include falsified \u201cdeep state\u201d62 actors that, according to conspiracies, run the state behind public view.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e3a06ee-c109-4901-8720-69c46fe04a76.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e3a06ee-c109-4901-8720-69c46fe04a76.json
index 65fdee1..5b58667 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e3a06ee-c109-4901-8720-69c46fe04a76.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e3a06ee-c109-4901-8720-69c46fe04a76.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--4181f639-bb14-4c23-8d63-6c935086311f",
+ "id": "bundle--4ccdfff8-9d24-45a2-b339-97061f6ef9d6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7e3a06ee-c109-4901-8720-69c46fe04a76",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.273944Z",
- "modified": "2023-09-28T21:25:13.273944Z",
+ "created": "2024-08-02T17:12:32.410054Z",
+ "modified": "2024-08-02T17:12:32.410054Z",
"name": "Manipulate Platform Algorithm",
"description": "Manipulating a platform algorithm refers to conducting activity on a platform in a way that intentionally targets its underlying algorithm. After analysing a platform\u2019s algorithm (see: Select Platforms), an influence operation may use a platform in a way that increases its content exposure, avoids content removal, or otherwise benefits the operation\u2019s strategy. For example, an influence operation may use bots to amplify its posts so that the platform\u2019s algorithm recognises engagement with operation content and further promotes the content on user timelines.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e812f7d-f8a5-4636-b354-3d93561eda49.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e812f7d-f8a5-4636-b354-3d93561eda49.json
new file mode 100644
index 0000000..1e9128e
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e812f7d-f8a5-4636-b354-3d93561eda49.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--c6d7f96c-09fd-4f48-b3bf-3f1f45b2c266",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--7e812f7d-f8a5-4636-b354-3d93561eda49",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.392145Z",
+ "modified": "2024-08-02T17:12:32.392145Z",
+ "name": "Government Institution Persona",
+ "description": "Institutions which present themselves as governments, or government ministries, are presenting a government institution persona.
While presenting as a government institution is not an indication of inauthentic behaviour, threat actors may impersonate existing government institutions as part of their operation (T0143.003: Impersonated Persona, T0097.206: Government Institution Persona), to add legitimacy to their narratives, or discredit the government.
Legitimate government institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.206: Government Institution Persona). For example, a government institution could be used by elected officials to spread inauthentic narratives.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Institutions presenting as governments may also present officials working within the organisation. T0097.112: Government Employee Persona: Institutions presenting as governments may also present employees working within the organisation.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.206.md",
+ "external_id": "T0097.206"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7f338181-2e4b-435b-a190-7044f3867aa3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7f338181-2e4b-435b-a190-7044f3867aa3.json
index bc87e6c..9771e98 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7f338181-2e4b-435b-a190-7044f3867aa3.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7f338181-2e4b-435b-a190-7044f3867aa3.json
@@ -1,16 +1,16 @@
{
"type": "bundle",
- "id": "bundle--2be49de2-ce8a-4896-b1a5-9ce484d594d7",
+ "id": "bundle--b85e911a-535d-465e-b913-4882f6588211",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7f338181-2e4b-435b-a190-7044f3867aa3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.257828Z",
- "modified": "2023-09-28T21:25:13.257828Z",
- "name": "Dating Apps",
- "description": "Dating Apps",
+ "created": "2024-08-02T17:12:32.400595Z",
+ "modified": "2024-08-02T17:12:32.400595Z",
+ "name": "Dating App",
+ "description": "\u201cDating App\u201d refers to any platform (or platform feature) in which the ostensive purpose is for users to develop a physical/romantic relationship with other users.
Threat Actors can exploit users\u2019 quest for love to trick them into doing things like revealing sensitive information or giving them money.
Examples include Tinder, Bumble, Grindr, Facebook Dating, Tantan, Badoo, Plenty of Fish, hinge, LOVOO, OkCupid, happn, and Mamba.
Associated Techniques and Sub-techniques T0097.109: Romantic Suitor Persona: Analysts can use this sub-technique for tagging cases where an account presents itself as seeking a romantic or physical connection with another person.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7fdc6b19-0d37-43a9-8144-f0c180a13ed0.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7fdc6b19-0d37-43a9-8144-f0c180a13ed0.json
index 5f1b10d..e3f8cf5 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7fdc6b19-0d37-43a9-8144-f0c180a13ed0.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--7fdc6b19-0d37-43a9-8144-f0c180a13ed0.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--ee890f9c-7aa9-4769-b09b-96f72b516e2d",
+ "id": "bundle--7fd030e6-a782-47cb-b36c-435f645663d6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7fdc6b19-0d37-43a9-8144-f0c180a13ed0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.289726Z",
- "modified": "2023-09-28T21:25:13.289726Z",
+ "created": "2024-08-02T17:12:32.420751Z",
+ "modified": "2024-08-02T17:12:32.420751Z",
"name": "Knowledge",
"description": "Measure current system state with respect to the effectiveness of influencing knowledge.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--81abb4fa-705e-430f-ba54-34bf7bd467f7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--81abb4fa-705e-430f-ba54-34bf7bd467f7.json
index 86d9f8b..1f0f59f 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--81abb4fa-705e-430f-ba54-34bf7bd467f7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--81abb4fa-705e-430f-ba54-34bf7bd467f7.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--44b54358-5c40-480e-aa9a-68360f78d977",
+ "id": "bundle--a0734a2b-050b-4fbb-8f59-113ea5306ba4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--81abb4fa-705e-430f-ba54-34bf7bd467f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.24201Z",
- "modified": "2023-09-28T21:25:13.24201Z",
+ "created": "2024-08-02T17:12:32.377997Z",
+ "modified": "2024-08-02T17:12:32.377997Z",
"name": "Create Sockpuppet Accounts",
"description": "Sockpuppet accounts refer to falsified accounts that either promote the influence operation\u2019s own material or attack critics of the material online. Individuals who control sockpuppet accounts also man at least one other user account.67 Sockpuppet accounts help legitimise operation narratives by providing an appearance of external support for the material and discrediting opponents of the operation.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8289a941-c379-4628-916a-2ddc12f4e531.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8289a941-c379-4628-916a-2ddc12f4e531.json
index eb8d8cf..480c9da 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8289a941-c379-4628-916a-2ddc12f4e531.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8289a941-c379-4628-916a-2ddc12f4e531.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--8b272661-09cc-485e-a4a9-f983697c165a",
+ "id": "bundle--c25b7334-461a-4bd7-b212-e5364f469386",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8289a941-c379-4628-916a-2ddc12f4e531",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.222094Z",
- "modified": "2023-09-28T21:25:13.222094Z",
+ "created": "2024-08-02T17:12:32.362876Z",
+ "modified": "2024-08-02T17:12:32.362876Z",
"name": "Map Target Audience Information Environment",
"description": "Mapping the target audience information environment analyses the information space itself, including social media analytics, web traffic, and media surveys. Mapping the information environment may help the influence operation determine the most realistic and popular information channels to reach its target audience. Mapping the target audience information environment aids influence operations in determining the most vulnerable areas of the information space to target with messaging.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--82f29899-fd06-43ef-b4d6-fc511d0fa425.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--82f29899-fd06-43ef-b4d6-fc511d0fa425.json
index 277393a..2dae5cf 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--82f29899-fd06-43ef-b4d6-fc511d0fa425.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--82f29899-fd06-43ef-b4d6-fc511d0fa425.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f6cacb16-0506-4b2e-8559-ce74533b4c37",
+ "id": "bundle--a72ec7de-1cf4-422b-aa1e-59b767522808",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--82f29899-fd06-43ef-b4d6-fc511d0fa425",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.284035Z",
- "modified": "2023-09-28T21:25:13.284035Z",
+ "created": "2024-08-02T17:12:32.417236Z",
+ "modified": "2024-08-02T17:12:32.417236Z",
"name": "Conceal Infrastructure",
"description": "Conceal the campaign's infrastructure to avoid takedown and attribution.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8314b253-72a3-46c0-8ee5-6fa02aa9a8fa.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8314b253-72a3-46c0-8ee5-6fa02aa9a8fa.json
new file mode 100644
index 0000000..309e409
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8314b253-72a3-46c0-8ee5-6fa02aa9a8fa.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--27defb3a-696f-4990-bb1b-6aca5e2b1c2c",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--8314b253-72a3-46c0-8ee5-6fa02aa9a8fa",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432872Z",
+ "modified": "2024-08-02T17:12:32.432872Z",
+ "name": "AI-Generated Account Imagery",
+ "description": "AI Generated images used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived legitimacy. By using an AI-generated picture for this purpose, they are able to present themselves as a real person without compromising their own identity, or risking detection by taking a real person\u2019s existing profile picture.
Associated Techniques and Sub-techniques T0086.002: Develop AI-Generated Images (Deepfakes): Analysts should use this sub-technique to document use of AI generated imagery used to support narratives.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.002.md",
+ "external_id": "T0145.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--836e9eef-b446-4f68-805f-0f10116d6e7f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--836e9eef-b446-4f68-805f-0f10116d6e7f.json
index fb38426..3bdae42 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--836e9eef-b446-4f68-805f-0f10116d6e7f.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--836e9eef-b446-4f68-805f-0f10116d6e7f.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9734e977-7c5e-483b-8834-ee061a78b2a5",
+ "id": "bundle--a8f0bcb3-c0c7-41e9-aac4-15844410ca65",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--836e9eef-b446-4f68-805f-0f10116d6e7f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.271782Z",
- "modified": "2023-09-28T21:25:13.271782Z",
+ "created": "2024-08-02T17:12:32.408436Z",
+ "modified": "2024-08-02T17:12:32.408436Z",
"name": "Amplify Existing Narrative",
"description": "An influence operation may amplify existing narratives that align with its narratives to support operation objectives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--83b4e2db-265f-4f88-9b35-26df05c561e9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--83b4e2db-265f-4f88-9b35-26df05c561e9.json
index 0e32b99..c7c21fe 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--83b4e2db-265f-4f88-9b35-26df05c561e9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--83b4e2db-265f-4f88-9b35-26df05c561e9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e14dfa60-3fa4-40b9-a9c8-e6bba6a3da3c",
+ "id": "bundle--5837cfd1-1ad3-4aeb-97b7-55094e9ad712",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--83b4e2db-265f-4f88-9b35-26df05c561e9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.288335Z",
- "modified": "2023-09-28T21:25:13.288335Z",
+ "created": "2024-08-02T17:12:32.419355Z",
+ "modified": "2024-08-02T17:12:32.419355Z",
"name": "People Focused",
"description": "Measure the performance individuals in achieving campaign goals",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8432d382-0ce8-4507-97ea-95be10de3488.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8432d382-0ce8-4507-97ea-95be10de3488.json
index 5831ed3..c51976c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8432d382-0ce8-4507-97ea-95be10de3488.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8432d382-0ce8-4507-97ea-95be10de3488.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e24e8526-c107-4744-961b-cee963ea47f8",
+ "id": "bundle--47d3cd8e-d4aa-4f3b-ad1e-94a917b5985c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8432d382-0ce8-4507-97ea-95be10de3488",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.261294Z",
- "modified": "2023-09-28T21:25:13.261294Z",
+ "created": "2024-08-02T17:12:32.403875Z",
+ "modified": "2024-08-02T17:12:32.403875Z",
"name": "Anonymous Message Boards",
"description": "Examples include the Chans",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--84e0fdf7-3bba-4e66-a575-6a32a7f8eca6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--84e0fdf7-3bba-4e66-a575-6a32a7f8eca6.json
index 0eb2cce..6ad73c7 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--84e0fdf7-3bba-4e66-a575-6a32a7f8eca6.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--84e0fdf7-3bba-4e66-a575-6a32a7f8eca6.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9b597d94-be87-41cd-b342-dbfedd246ba6",
+ "id": "bundle--ccc34fcf-cbe6-483d-97f0-9f8a11c408a0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--84e0fdf7-3bba-4e66-a575-6a32a7f8eca6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.201835Z",
- "modified": "2023-09-28T21:25:13.201835Z",
+ "created": "2024-08-02T17:12:32.342508Z",
+ "modified": "2024-08-02T17:12:32.342508Z",
"name": "Edit Open-Source Content",
"description": "An influence operation may edit open-source content, such as collaborative blogs or encyclopaedias, to promote its narratives on outlets with existing credibility and audiences. Editing open-source content may allow an operation to post content on platforms without dedicating resources to the creation and maintenance of its own assets.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8704cb89-afd5-4d49-b016-72b77023dab6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8704cb89-afd5-4d49-b016-72b77023dab6.json
new file mode 100644
index 0000000..129ffc9
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8704cb89-afd5-4d49-b016-72b77023dab6.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--efdc4265-c1aa-4754-a939-cf553de61740",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--8704cb89-afd5-4d49-b016-72b77023dab6",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432566Z",
+ "modified": "2024-08-02T17:12:32.432566Z",
+ "name": "Establish Account Imagery",
+ "description": "Introduce visual elements to an account where a platform allows this functionality (e.g. a profile picture, a cover photo, etc).\u00a0
Threat Actors who don\u2019t want to use pictures of themselves in their social media accounts may use alternate imagery to make their account appear more legitimate.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.md",
+ "external_id": "T0145"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--872f0dc3-202e-4e9a-a4fc-0457252aecae.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--872f0dc3-202e-4e9a-a4fc-0457252aecae.json
index fa9cafc..4296666 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--872f0dc3-202e-4e9a-a4fc-0457252aecae.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--872f0dc3-202e-4e9a-a4fc-0457252aecae.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f4b606e2-9fad-4ac5-80ad-5aa833e3e505",
+ "id": "bundle--3d80125c-5286-4f62-937a-83e439fe7277",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--872f0dc3-202e-4e9a-a4fc-0457252aecae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.272585Z",
- "modified": "2023-09-28T21:25:13.272585Z",
+ "created": "2024-08-02T17:12:32.408629Z",
+ "modified": "2024-08-02T17:12:32.408629Z",
"name": "Cross-Posting",
"description": "Cross-posting refers to posting the same message to multiple internet discussions, social media platforms or accounts, or news groups at one time. An influence operation may post content online in multiple communities and platforms to increase the chances of content exposure to the target audience.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8958b87c-85fd-478f-ae01-8952c787d9b7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8958b87c-85fd-478f-ae01-8952c787d9b7.json
new file mode 100644
index 0000000..f9bb17d
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8958b87c-85fd-478f-ae01-8952c787d9b7.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--ab8d3d48-7a12-41fe-85c4-914ecb6455e6",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--8958b87c-85fd-478f-ae01-8952c787d9b7",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.427325Z",
+ "modified": "2024-08-02T17:12:32.427325Z",
+ "name": "Sell Items under False Pretences",
+ "description": "Offer products for sale under false pretences. Campaigns may hijack or create causes built on disinformation to sell promotional merchandise. Or charlatans may amplify victims\u2019 unfounded fears to sell them items of questionable utility such as supplements or survival gear. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.004.md",
+ "external_id": "T0137.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--89b88c22-0686-4d28-9c2b-e0c6ac31a4ab.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--89b88c22-0686-4d28-9c2b-e0c6ac31a4ab.json
index 0cd8ad2..fa478f7 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--89b88c22-0686-4d28-9c2b-e0c6ac31a4ab.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--89b88c22-0686-4d28-9c2b-e0c6ac31a4ab.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f9174bbe-53b5-4b79-a0b5-a91001121ad9",
+ "id": "bundle--322772a5-9302-4046-83e9-8622c00a8156",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--89b88c22-0686-4d28-9c2b-e0c6ac31a4ab",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.274087Z",
- "modified": "2023-09-28T21:25:13.274087Z",
+ "created": "2024-08-02T17:12:32.410247Z",
+ "modified": "2024-08-02T17:12:32.410247Z",
"name": "Bypass Content Blocking",
"description": "Bypassing content blocking refers to actions taken to circumvent network security measures that prevent users from accessing certain servers, resources, or other online spheres. An influence operation may bypass content blocking to proliferate its content on restricted areas of the internet. Common strategies for bypassing content blocking include: - Altering IP addresses to avoid IP filtering - Using a Virtual Private Network (VPN) to avoid IP filtering - Using a Content Delivery Network (CDN) to avoid IP filtering - Enabling encryption to bypass packet inspection blocking - Manipulating text to avoid filtering by keywords - Posting content on multiple platforms to avoid platform-specific removals - Using local facilities or modified DNS servers to avoid DNS filtering",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ac60812-17d7-4e9f-911e-64467233a9b3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ac60812-17d7-4e9f-911e-64467233a9b3.json
new file mode 100644
index 0000000..7fc7df9
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ac60812-17d7-4e9f-911e-64467233a9b3.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--8cd6fe4f-45b0-4f85-a28c-b078b0a1df54",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--8ac60812-17d7-4e9f-911e-64467233a9b3",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.429391Z",
+ "modified": "2024-08-02T17:12:32.429391Z",
+ "name": "Deter",
+ "description": "Prevent target from taking an action for fear of the consequences. Deterrence occurs in the mind of the target, who fears they will be worse off if they take an action than if they don\u2019t. When making threats, aggressors may bluff, feign irrationality, or engage in brinksmanship.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0139.003.md",
+ "external_id": "T0139.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ad58740-d5c1-40bb-9091-f98adfe8d89f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ad58740-d5c1-40bb-9091-f98adfe8d89f.json
index aab6501..5e84b7f 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ad58740-d5c1-40bb-9091-f98adfe8d89f.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ad58740-d5c1-40bb-9091-f98adfe8d89f.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--4809dcfc-d737-4b26-a64f-dc3a0e169fff",
+ "id": "bundle--59bb2471-3c8b-42e2-8d53-16fd8e1a6aa2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8ad58740-d5c1-40bb-9091-f98adfe8d89f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.221088Z",
- "modified": "2023-09-28T21:25:13.221088Z",
+ "created": "2024-08-02T17:12:32.362029Z",
+ "modified": "2024-08-02T17:12:32.362029Z",
"name": "Dismay",
"description": "Threaten the critic or narrator of events. For instance, threaten journalists or news outlets reporting on a story.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8b991b67-9df8-42e7-b11a-5ed1bc41c5a5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8b991b67-9df8-42e7-b11a-5ed1bc41c5a5.json
index bb4b61c..c712bd8 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8b991b67-9df8-42e7-b11a-5ed1bc41c5a5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8b991b67-9df8-42e7-b11a-5ed1bc41c5a5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--365f2f37-f3ff-4860-a3e4-0483fa47f85b",
+ "id": "bundle--696cc266-4361-4af2-99ec-68c00f467627",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8b991b67-9df8-42e7-b11a-5ed1bc41c5a5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.286669Z",
- "modified": "2023-09-28T21:25:13.286669Z",
+ "created": "2024-08-02T17:12:32.418215Z",
+ "modified": "2024-08-02T17:12:32.418215Z",
"name": "Obfuscate Payment",
"description": "Obfuscate Payment",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8c7832cb-8877-4f54-8e05-7e6df9a3d2b4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8c7832cb-8877-4f54-8e05-7e6df9a3d2b4.json
index a4c51d2..122803f 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8c7832cb-8877-4f54-8e05-7e6df9a3d2b4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8c7832cb-8877-4f54-8e05-7e6df9a3d2b4.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--53238178-5df8-45c7-8c4d-e52866041ef7",
+ "id": "bundle--48b71da7-7e9d-4a52-bc14-d888f701afdf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8c7832cb-8877-4f54-8e05-7e6df9a3d2b4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.237844Z",
- "modified": "2023-09-28T21:25:13.237844Z",
+ "created": "2024-08-02T17:12:32.376603Z",
+ "modified": "2024-08-02T17:12:32.376603Z",
"name": "Obtain Private Documents",
"description": "Procuring documents that are not publicly available, by whatever means -- whether legal or illegal, highly-resourced or less so. These documents can include authentic non-public documents, authentic non-public documents have been altered, or inauthentic documents intended to appear as if they are authentic non-public documents. All of these types of documents can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ea2fcce-e27e-4019-a773-70f3dddfab34.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ea2fcce-e27e-4019-a773-70f3dddfab34.json
index f6885c6..556b097 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ea2fcce-e27e-4019-a773-70f3dddfab34.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ea2fcce-e27e-4019-a773-70f3dddfab34.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d2deeef7-35df-411f-ba0b-1f7a1afd8e89",
+ "id": "bundle--392a6d8f-be6e-4f2c-bffd-07ee02f4b901",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8ea2fcce-e27e-4019-a773-70f3dddfab34",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.230461Z",
- "modified": "2023-09-28T21:25:13.230461Z",
+ "created": "2024-08-02T17:12:32.370419Z",
+ "modified": "2024-08-02T17:12:32.370419Z",
"name": "Develop Text-Based Content",
"description": "Creating and editing false or misleading text-based artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ecbc28c-36e9-4d9a-8578-b9e20552d732.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ecbc28c-36e9-4d9a-8578-b9e20552d732.json
index fdf4a23..2a5ebff 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ecbc28c-36e9-4d9a-8578-b9e20552d732.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8ecbc28c-36e9-4d9a-8578-b9e20552d732.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1625cc08-ec5c-4dc5-8f31-ac3c3b82696d",
+ "id": "bundle--923f47f4-76e3-4ceb-a471-236540b119cd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8ecbc28c-36e9-4d9a-8578-b9e20552d732",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.225334Z",
- "modified": "2023-09-28T21:25:13.225334Z",
+ "created": "2024-08-02T17:12:32.366252Z",
+ "modified": "2024-08-02T17:12:32.366252Z",
"name": "Identify Existing Prejudices",
"description": "An influence operation may exploit existing racial, religious, demographic, or social prejudices to further polarise its target audience from the rest of the public.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f545c7e-f2ba-4541-9004-dbe50fcc0b0f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f545c7e-f2ba-4541-9004-dbe50fcc0b0f.json
index cfb00ff..80a1069 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f545c7e-f2ba-4541-9004-dbe50fcc0b0f.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f545c7e-f2ba-4541-9004-dbe50fcc0b0f.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--b80c4c48-25fa-4119-a1ba-3308730cd6e0",
+ "id": "bundle--e3f773da-1722-45b3-84f1-4c7564b017eb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8f545c7e-f2ba-4541-9004-dbe50fcc0b0f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.246767Z",
- "modified": "2023-09-28T21:25:13.246767Z",
+ "created": "2024-08-02T17:12:32.381311Z",
+ "modified": "2024-08-02T17:12:32.381311Z",
"name": "Utilise Butterfly Attacks",
"description": "Butterfly attacks occur when operators pretend to be members of a certain social group, usually a group that struggles for representation. An influence operation may mimic a group to insert controversial statements into the discourse, encourage the spread of operation content, or promote harassment among group members. Unlike astroturfing, butterfly attacks aim to infiltrate and discredit existing grassroots movements, organisations, and media campaigns.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f83d6b8-01f4-406c-a3da-48a040e46139.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f83d6b8-01f4-406c-a3da-48a040e46139.json
index 0a67e77..e51cf58 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f83d6b8-01f4-406c-a3da-48a040e46139.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f83d6b8-01f4-406c-a3da-48a040e46139.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--8da9150a-6066-47c5-b2f0-c3af7a835c29",
+ "id": "bundle--c2e843e2-3de3-4dde-9869-fd069f567c35",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8f83d6b8-01f4-406c-a3da-48a040e46139",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.267811Z",
- "modified": "2023-09-28T21:25:13.267811Z",
+ "created": "2024-08-02T17:12:32.406729Z",
+ "modified": "2024-08-02T17:12:32.406729Z",
"name": "Traditional Media",
"description": "Examples include TV, Radio, Newspaper, billboards",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9049818c-e7d7-4662-8d2c-589304cd9905.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9049818c-e7d7-4662-8d2c-589304cd9905.json
new file mode 100644
index 0000000..ab70da2
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9049818c-e7d7-4662-8d2c-589304cd9905.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--948392b0-3f6a-409f-adc4-7e251b735684",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--9049818c-e7d7-4662-8d2c-589304cd9905",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.428073Z",
+ "modified": "2024-08-02T17:12:32.428073Z",
+ "name": "Motivate to Act",
+ "description": "Persuade, impel, or provoke the target to behave in a specific manner favourable to the attacker. Some common behaviours are joining, subscribing, voting, buying, demonstrating, fighting, retreating, resigning, boycotting.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.md",
+ "external_id": "T0138"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90b7e29e-1b62-485e-88b0-a4052cabafa4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90b7e29e-1b62-485e-88b0-a4052cabafa4.json
index a3d3ee3..da8ced6 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90b7e29e-1b62-485e-88b0-a4052cabafa4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90b7e29e-1b62-485e-88b0-a4052cabafa4.json
@@ -1,16 +1,16 @@
{
"type": "bundle",
- "id": "bundle--c2672c45-6c00-485a-b41f-4f3f22f4a3da",
+ "id": "bundle--1f3237eb-94c9-4daa-a4bf-2ff797e9b2bc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--90b7e29e-1b62-485e-88b0-a4052cabafa4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.249041Z",
- "modified": "2023-09-28T21:25:13.249041Z",
- "name": "Create Personas",
- "description": "Creating fake people, often with accounts across multiple platforms. These personas can be as simple as a name, can contain slightly more background like location, profile pictures, backstory, or can be effectively backstopped with indicators like fake identity documents.",
+ "created": "2024-08-02T17:12:32.383296Z",
+ "modified": "2024-08-02T17:12:32.383296Z",
+ "name": "Present Persona",
+ "description": "This Technique contains different types of personas commonly taken on by threat actors during influence operations.
Analysts should use T0097\u2019s sub-techniques to document the type of persona which an account is presenting. For example, an account which describes itself as being a journalist can be tagged with T0097.102: Journalist Persona.
Personas presented by individuals include:
T0097.100: Individual Persona T0097.101: Local Persona T0097.102: Journalist Persona T0097.103: Activist Persona T0097.104: Hacktivist Persona T0097.105: Military Personnel Persona T0097.106: Recruiter Persona T0097.107: Researcher Persona T0097.108: Expert Persona T0097.109: Romantic Suitor Persona T0097.110: Party Official Persona T0097.111: Government Official Persona T0097.112: Government Employee Persona
This Technique also houses institutional personas commonly taken on by threat actors:
T0097.200: Institutional Persona T0097.201: Local Institution Persona T0097.202: News Outlet Persona T0097.203: Fact Checking Organisation Persona T0097.204: Think Tank Persona T0097.205: Business Persona T0097.206: Government Institution Persona T0097.207: NGO Persona T0097.208: Social Cause Persona
By using a persona, a threat actor is adding the perceived legitimacy of the persona to their narratives and activities.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90ca8c39-a644-4007-b3d6-68fabc90b531.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90ca8c39-a644-4007-b3d6-68fabc90b531.json
index a322a84..39b7cc6 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90ca8c39-a644-4007-b3d6-68fabc90b531.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--90ca8c39-a644-4007-b3d6-68fabc90b531.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a9ad2033-ec65-4d87-95cd-b87cb08c9e08",
+ "id": "bundle--03229f01-0521-4388-87c7-bd90c7cdf583",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--90ca8c39-a644-4007-b3d6-68fabc90b531",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.207469Z",
- "modified": "2023-09-28T21:25:13.207469Z",
+ "created": "2024-08-02T17:12:32.345087Z",
+ "modified": "2024-08-02T17:12:32.345087Z",
"name": "Censor Social Media as a Political Force",
"description": "Use political influence or the power of state to stop critical social media comments. Government requested/driven content take downs (see Google Transperancy reports).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--930ddf1d-7dc9-4fb2-9f5c-be928d2eb909.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--930ddf1d-7dc9-4fb2-9f5c-be928d2eb909.json
new file mode 100644
index 0000000..ba655f0
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--930ddf1d-7dc9-4fb2-9f5c-be928d2eb909.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--56de8e35-0c52-47af-b6ab-6d7583f0f996",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--930ddf1d-7dc9-4fb2-9f5c-be928d2eb909",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.384404Z",
+ "modified": "2024-08-02T17:12:32.384404Z",
+ "name": "Journalist Persona",
+ "description": "A person with a journalist persona presents themselves as a reporter or journalist delivering news, conducting interviews, investigations etc.
While presenting as a journalist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as journalists. Threat actors can fabricate journalists to give the appearance of legitimacy, justifying the actor\u2019s requests for interviews, etc (T0143.002: Fabricated Persona, T0097.102: Journalist Persona).
People who have legitimately developed a persona as a journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a trusted journalist to provide legitimacy to a false narrative or be tricked into doing so without the journalist\u2019s knowledge.
Associated Techniques and Sub-techniques T0097.202: News Organisation Persona: People with a journalist persona may present as being part of a news organisation. T0097.101: Local Persona: People with a journalist persona may present themselves as local reporters.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.102.md",
+ "external_id": "T0097.102"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--95af4f5f-1bfc-4d54-9970-fc02e1f320ab.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--95af4f5f-1bfc-4d54-9970-fc02e1f320ab.json
new file mode 100644
index 0000000..9a8ead3
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--95af4f5f-1bfc-4d54-9970-fc02e1f320ab.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--6af72ee0-3eb6-4734-9b06-1c290a2ec7e9",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--95af4f5f-1bfc-4d54-9970-fc02e1f320ab",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.430948Z",
+ "modified": "2024-08-02T17:12:32.430948Z",
+ "name": "Persona Legitimacy",
+ "description": "This Technique contains sub-techniques which analysts can use to assert whether an account is presenting an authentic, fabricated, or parody persona:
T0143.001: Authentic Persona T0143.002: Fabricated Persona T0143.003: Impersonated Persona T0143.004: Parody Persona",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.md",
+ "external_id": "T0143"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--95e3e261-2f42-4ff0-a1f9-4eb2c5998284.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--95e3e261-2f42-4ff0-a1f9-4eb2c5998284.json
index f0df611..7ad75dd 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--95e3e261-2f42-4ff0-a1f9-4eb2c5998284.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--95e3e261-2f42-4ff0-a1f9-4eb2c5998284.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--02a239ab-1987-4ca4-83c4-a7d330a043ee",
+ "id": "bundle--a209e9f6-23b5-4105-b926-567da17e791d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--95e3e261-2f42-4ff0-a1f9-4eb2c5998284",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.194292Z",
- "modified": "2023-09-28T21:25:13.194292Z",
+ "created": "2024-08-02T17:12:32.333954Z",
+ "modified": "2024-08-02T17:12:32.333954Z",
"name": "Create Inauthentic Websites",
"description": "Create media assets to support inauthentic organisations (e.g. think tank), people (e.g. experts) and/or serve as sites to distribute malware/launch phishing operations.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9636ae57-0b93-41a0-8323-85109ee34877.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9636ae57-0b93-41a0-8323-85109ee34877.json
index 9ebc305..f529554 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9636ae57-0b93-41a0-8323-85109ee34877.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9636ae57-0b93-41a0-8323-85109ee34877.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a1a1ca61-1375-4e4a-bb5b-58ddbfc42589",
+ "id": "bundle--24690303-fd4b-4843-9e6e-986ae754a79d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9636ae57-0b93-41a0-8323-85109ee34877",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.227892Z",
- "modified": "2023-09-28T21:25:13.227892Z",
+ "created": "2024-08-02T17:12:32.368664Z",
+ "modified": "2024-08-02T17:12:32.368664Z",
"name": "Reuse Existing Content",
"description": "When an operation recycles content from its own previous operations or plagiarises from external operations. An operation may launder information to conserve resources that would have otherwise been utilised to develop new content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--976faac5-b7e1-4a1d-b52f-4878109e2dc9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--976faac5-b7e1-4a1d-b52f-4878109e2dc9.json
new file mode 100644
index 0000000..c97c6b4
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--976faac5-b7e1-4a1d-b52f-4878109e2dc9.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--66ff537c-e42a-45f7-879f-e1771c1a3fe8",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--976faac5-b7e1-4a1d-b52f-4878109e2dc9",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.385218Z",
+ "modified": "2024-08-02T17:12:32.385218Z",
+ "name": "Hacktivist Persona",
+ "description": "A person with a hacktivist persona presents themselves as an activist who conducts offensive cyber operations or builds technical infrastructure for political purposes, rather than the financial motivations commonly attributed to hackers; hacktivists are hacker activists who use their technical knowledge to take political action.
Hacktivists can build technical infrastructure to support other activists, including secure communication channels and surveillance and censorship circumvention. They can also conduct DDOS attacks and other offensive cyber operations, aiming to take down digital assets or gain access to proprietary information. An influence operation may use hacktivist personas to support their operational narratives and legitimise their operational activities.
Fabricated Hacktivists are sometimes referred to as \u201cFaketivists\u201d.
Associated Techniques and Sub-techniques T0097.103: Activist Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism but doesn\u2019t present themselves as using technical tools and methods to achieve their goals.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.104.md",
+ "external_id": "T0097.104"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--97ba7c89-f5d0-49a4-a661-f8317b44cf20.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--97ba7c89-f5d0-49a4-a661-f8317b44cf20.json
new file mode 100644
index 0000000..3dbb8e4
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--97ba7c89-f5d0-49a4-a661-f8317b44cf20.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--f32fd612-9b34-4ac9-b5d3-27f6cb04f9cc",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--97ba7c89-f5d0-49a4-a661-f8317b44cf20",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.390969Z",
+ "modified": "2024-08-02T17:12:32.390969Z",
+ "name": "Fact Checking Organisation Persona",
+ "description": "An institution with a fact checking organisation persona presents itself as an organisation which produces reports which assess the validity of others\u2019 reporting / statements.
While presenting as a fact checking organisation is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by fact checking organisations. Threat actors can fabricate fact checking organisations (T0143.002: Fabricated Persona, T0097.202: News Outlet Persona), or they can impersonate existing fact checking outlets (T0143.003: Impersonated Persona, T0097.202: News Outlet Persona).
Legitimate fact checking organisations could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.202: News Outlet Persona).
Associated Techniques and Sub-techniquesT0097.102: Journalist Persona: Institutions presenting as fact checking organisations may also present journalists working within the organisation. T0097.202: News Outlet Persona: Fact checking organisations may present as operating as part of a larger news outlet (e.g. The UK\u2019s BBC News has the fact checking service BBC Verify). When an actor presents as the fact checking arm of a news outlet, they are presenting both a News Outlet Persona and a Fact Checking Organisation Persona.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.203.md",
+ "external_id": "T0097.203"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a4a16c5-a671-4469-a854-ef45cb0e38ab.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a4a16c5-a671-4469-a854-ef45cb0e38ab.json
index 8baed6b..fd2b975 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a4a16c5-a671-4469-a854-ef45cb0e38ab.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a4a16c5-a671-4469-a854-ef45cb0e38ab.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--101b7134-7968-4519-b646-97a16c144932",
+ "id": "bundle--33b0dc81-83d3-40bf-a8c4-7f1093d7d9ea",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9a4a16c5-a671-4469-a854-ef45cb0e38ab",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.242187Z",
- "modified": "2023-09-28T21:25:13.242187Z",
+ "created": "2024-08-02T17:12:32.378342Z",
+ "modified": "2024-08-02T17:12:32.378342Z",
"name": "Recruit Malign Actors",
"description": "Operators recruit bad actors paying recruiting, or exerting control over individuals includes trolls, partisans, and contractors.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a5261b8-5051-47ed-a4f6-bdbb7b6edcb4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a5261b8-5051-47ed-a4f6-bdbb7b6edcb4.json
index fdd627d..7cdea20 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a5261b8-5051-47ed-a4f6-bdbb7b6edcb4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9a5261b8-5051-47ed-a4f6-bdbb7b6edcb4.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--5e661b9e-3bfd-46f7-9eb2-e2ba412e5750",
+ "id": "bundle--b36ff8be-48de-4d60-b074-e0e5d67094a7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9a5261b8-5051-47ed-a4f6-bdbb7b6edcb4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.268804Z",
- "modified": "2023-09-28T21:25:13.268804Z",
+ "created": "2024-08-02T17:12:32.40712Z",
+ "modified": "2024-08-02T17:12:32.40712Z",
"name": "Share Memes",
"description": "Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9affd892-2479-4843-99d1-1e1a9f7f1020.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9affd892-2479-4843-99d1-1e1a9f7f1020.json
index ed45196..350dc7f 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9affd892-2479-4843-99d1-1e1a9f7f1020.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9affd892-2479-4843-99d1-1e1a9f7f1020.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c27ea363-c6cc-4aec-8169-8e052e9da971",
+ "id": "bundle--1b4eb58c-5b5e-4672-aa47-3dd4636be763",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9affd892-2479-4843-99d1-1e1a9f7f1020",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.278442Z",
- "modified": "2023-09-28T21:25:13.278442Z",
+ "created": "2024-08-02T17:12:32.414425Z",
+ "modified": "2024-08-02T17:12:32.414425Z",
"name": "Distance Reputable Individuals from Operation",
"description": "Distancing reputable individuals from the operation occurs when enlisted individuals, such as celebrities or subject matter experts, actively disengage themselves from operation activities and messaging. Individuals may distance themselves from the operation by deleting old posts or statements, unfollowing operation information assets, or otherwise detaching themselves from the operation\u2019s timeline. An influence operation may want reputable individuals to distance themselves from the operation to reduce operation exposure, particularly if the operation aims to remove all evidence.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b081fd3-0714-483e-bd7b-a30defc85cd2.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b081fd3-0714-483e-bd7b-a30defc85cd2.json
index f546fb7..03cdd59 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b081fd3-0714-483e-bd7b-a30defc85cd2.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b081fd3-0714-483e-bd7b-a30defc85cd2.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1a7acf27-5570-465e-8714-4abc793fff57",
+ "id": "bundle--4f026833-45b0-40b1-ad22-605302a20b58",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9b081fd3-0714-483e-bd7b-a30defc85cd2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.254245Z",
- "modified": "2023-09-28T21:25:13.254245Z",
+ "created": "2024-08-02T17:12:32.396005Z",
+ "modified": "2024-08-02T17:12:32.396005Z",
"name": "Co-Opt Influencers",
"description": "Co-opt Influencers",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b667c6e-5bc3-4c1e-b114-6f679a662b5d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b667c6e-5bc3-4c1e-b114-6f679a662b5d.json
index f2473d1..ddab7a8 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b667c6e-5bc3-4c1e-b114-6f679a662b5d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b667c6e-5bc3-4c1e-b114-6f679a662b5d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1ac2fddc-3c33-473c-8d1f-434206949d04",
+ "id": "bundle--ac7352bc-292a-4e82-89a5-0df0a3caa3ef",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9b667c6e-5bc3-4c1e-b114-6f679a662b5d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.274682Z",
- "modified": "2023-09-28T21:25:13.274682Z",
+ "created": "2024-08-02T17:12:32.411168Z",
+ "modified": "2024-08-02T17:12:32.411168Z",
"name": "Block Content",
"description": "Content blocking refers to actions taken to restrict internet access or render certain areas of the internet inaccessible. An influence operation may restrict content based on both network and content attributes.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b66eaf5-5b03-46b8-b076-cf1da3593745.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b66eaf5-5b03-46b8-b076-cf1da3593745.json
index 0139327..a8fb4fc 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b66eaf5-5b03-46b8-b076-cf1da3593745.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b66eaf5-5b03-46b8-b076-cf1da3593745.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--11884a99-bcac-461e-8a41-a764abefd26b",
+ "id": "bundle--60f6e0ff-8cfd-4855-8933-5dc42591af1d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9b66eaf5-5b03-46b8-b076-cf1da3593745",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.219588Z",
- "modified": "2023-09-28T21:25:13.219588Z",
+ "created": "2024-08-02T17:12:32.360819Z",
+ "modified": "2024-08-02T17:12:32.360819Z",
"name": "Discredit Credible Sources",
"description": "Plan to delegitimize the media landscape and degrade public trust in reporting, by discrediting credible sources. This makes it easier to promote influence operation content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b6b3dea-54ac-4e00-bd92-380555205afe.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b6b3dea-54ac-4e00-bd92-380555205afe.json
index ad96d1e..ebee594 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b6b3dea-54ac-4e00-bd92-380555205afe.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9b6b3dea-54ac-4e00-bd92-380555205afe.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--3db186aa-93e3-4f76-ad40-8012e853f9b8",
+ "id": "bundle--c96f44cb-647d-4df9-ba24-67f9fd65359e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9b6b3dea-54ac-4e00-bd92-380555205afe",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.260838Z",
- "modified": "2023-09-28T21:25:13.260838Z",
+ "created": "2024-08-02T17:12:32.403681Z",
+ "modified": "2024-08-02T17:12:32.403681Z",
"name": "Discussion Forums",
"description": "Platforms for finding, discussing, and sharing information and opinions. Examples include Reddit, Quora, Digg, message boards, interest-based discussion forums, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9cf02828-bd4c-4b04-a9f0-bb67ec3b0493.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9cf02828-bd4c-4b04-a9f0-bb67ec3b0493.json
index f42a968..b423f4b 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9cf02828-bd4c-4b04-a9f0-bb67ec3b0493.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9cf02828-bd4c-4b04-a9f0-bb67ec3b0493.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--81faea92-2ee5-4a46-968a-c4afd56650d2",
+ "id": "bundle--14187f9e-f0f2-413d-9320-0e0acde61759",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9cf02828-bd4c-4b04-a9f0-bb67ec3b0493",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.19059Z",
- "modified": "2023-09-28T21:25:13.19059Z",
+ "created": "2024-08-02T17:12:32.329903Z",
+ "modified": "2024-08-02T17:12:32.329903Z",
"name": "Leverage Existing Narratives",
"description": "Use or adapt existing narrative themes, where narratives are the baseline stories of a target audience. Narratives form the bedrock of our worldviews. New information is understood through a process firmly grounded in this bedrock. If new information is not consitent with the prevailing narratives of an audience, it will be ignored. Effective campaigns will frame their misinformation in the context of these narratives. Highly effective campaigns will make extensive use of audience-appropriate archetypes and meta-narratives throughout their content creation and amplifiction practices.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9e081185-12f4-41f0-8379-95b688e1d80f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9e081185-12f4-41f0-8379-95b688e1d80f.json
new file mode 100644
index 0000000..07007ac
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9e081185-12f4-41f0-8379-95b688e1d80f.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--59a64fc4-3e15-4297-937b-8710bbc13751",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--9e081185-12f4-41f0-8379-95b688e1d80f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.427609Z",
+ "modified": "2024-08-02T17:12:32.427609Z",
+ "name": "Extort",
+ "description": "Coerce money or favours from a target by threatening to expose or corrupt information. Ransomware criminals typically demand money. Intelligence agencies demand national secrets. Sexual predators demand favours. The leverage may be critical, sensitive, or embarrassing information. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.005.md",
+ "external_id": "T0137.005"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9e80abf9-0991-47c3-982c-b33e66640d10.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9e80abf9-0991-47c3-982c-b33e66640d10.json
index b8ad171..88ac5fe 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9e80abf9-0991-47c3-982c-b33e66640d10.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9e80abf9-0991-47c3-982c-b33e66640d10.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1228a23c-2c6c-4637-91c5-c7b2559b4b92",
+ "id": "bundle--449ab655-870f-4eeb-9c23-76bda1f0b8bb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9e80abf9-0991-47c3-982c-b33e66640d10",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.220627Z",
- "modified": "2023-09-28T21:25:13.220627Z",
+ "created": "2024-08-02T17:12:32.361644Z",
+ "modified": "2024-08-02T17:12:32.361644Z",
"name": "Distract",
"description": "Shift attention to a different narrative or actor, for instance by accusing critics of the same activity that they\u2019ve accused you of (e.g. police brutality).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9ec25bd4-7dcd-4bbf-9e2f-6170af84e166.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9ec25bd4-7dcd-4bbf-9e2f-6170af84e166.json
index 1ae07a5..c623088 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9ec25bd4-7dcd-4bbf-9e2f-6170af84e166.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9ec25bd4-7dcd-4bbf-9e2f-6170af84e166.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--5d99dbb9-c10c-44d5-8899-fc037e734e5a",
+ "id": "bundle--09a26d13-85fd-4b83-b664-4d24021b34b5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9ec25bd4-7dcd-4bbf-9e2f-6170af84e166",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.222626Z",
- "modified": "2023-09-28T21:25:13.222626Z",
+ "created": "2024-08-02T17:12:32.363333Z",
+ "modified": "2024-08-02T17:12:32.363333Z",
"name": "Monitor Social Media Analytics",
"description": "An influence operation may use social media analytics to determine which factors will increase the operation content\u2019s exposure to its target audience on social media platforms, including views, interactions, and sentiment relating to topics and content types. The social media platform itself or a third-party tool may collect the metrics.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9f99239e-f22e-4db4-9681-c20e511b4c35.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9f99239e-f22e-4db4-9681-c20e511b4c35.json
new file mode 100644
index 0000000..b301aac
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--9f99239e-f22e-4db4-9681-c20e511b4c35.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--3de471d2-af7a-4fa0-b0ac-709b2a60ea4e",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--9f99239e-f22e-4db4-9681-c20e511b4c35",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.371475Z",
+ "modified": "2024-08-02T17:12:32.371475Z",
+ "name": "Develop Document",
+ "description": "Produce text in the form of a document.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "develop-content"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.004.md",
+ "external_id": "T0085.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09594d3-c930-451a-8eb6-7e2d748618bb.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09594d3-c930-451a-8eb6-7e2d748618bb.json
index f2b5beb..1f9f4fa 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09594d3-c930-451a-8eb6-7e2d748618bb.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09594d3-c930-451a-8eb6-7e2d748618bb.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f801ebb9-e614-4433-a8be-4d5ffb1f3456",
+ "id": "bundle--8af1e8f8-186d-401d-962a-275f39de3bbc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a09594d3-c930-451a-8eb6-7e2d748618bb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.284619Z",
- "modified": "2023-09-28T21:25:13.284619Z",
+ "created": "2024-08-02T17:12:32.417423Z",
+ "modified": "2024-08-02T17:12:32.417423Z",
"name": "Conceal Sponsorship",
"description": "Concealing sponsorship aims to mislead or obscure the identity of the hidden sponsor behind an operation rather than entity publicly running the operation. Operations that conceal sponsorship may maintain visible falsified groups, news outlets, non-profits, or other organisations, but seek to mislead or obscure the identity sponsoring, funding, or otherwise supporting these entities. Influence operations may use a variety of techniques to mask the location of their social media accounts to complicate attribution and conceal evidence of foreign interference. Operation accounts may set their location to a false place, often the location of the operation\u2019s target audience, and post in the region\u2019s language",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09fbbeb-58ef-4e7a-8183-5eaa668200c9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09fbbeb-58ef-4e7a-8183-5eaa668200c9.json
index 846afd4..57c7366 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09fbbeb-58ef-4e7a-8183-5eaa668200c9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a09fbbeb-58ef-4e7a-8183-5eaa668200c9.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--7d449efd-1211-4de5-aa8d-30aa2498f23a",
+ "id": "bundle--0ed1decc-a90a-4a9c-86c6-e7055c8986d8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a09fbbeb-58ef-4e7a-8183-5eaa668200c9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.280245Z",
- "modified": "2023-09-28T21:25:13.280245Z",
+ "created": "2024-08-02T17:12:32.415759Z",
+ "modified": "2024-08-02T17:12:32.415759Z",
"name": "Delete URLs",
"description": "URL deletion occurs when an influence operation completely removes its website registration, rendering the URL inaccessible. An influence operation may delete its URLs to complicate attribution or remove online documentation that the operation ever occurred.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a24e779c-0f44-493b-862d-00693bf34ca4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a24e779c-0f44-493b-862d-00693bf34ca4.json
index d55e74f..2a6c1cd 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a24e779c-0f44-493b-862d-00693bf34ca4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a24e779c-0f44-493b-862d-00693bf34ca4.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--ba186b33-e2d6-4cca-a8ef-490d0fb59a39",
+ "id": "bundle--fbb5de73-bc99-4218-8e16-c73efb5a24d3",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a24e779c-0f44-493b-862d-00693bf34ca4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.258181Z",
- "modified": "2023-09-28T21:25:13.258181Z",
+ "created": "2024-08-02T17:12:32.40143Z",
+ "modified": "2024-08-02T17:12:32.40143Z",
"name": "Interest-Based Networks",
"description": "Examples include smaller and niche networks including Gettr, Truth Social, Parler, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a3fe7752-dbfa-4918-912f-c492c8593c68.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a3fe7752-dbfa-4918-912f-c492c8593c68.json
index 152024a..35e9ad5 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a3fe7752-dbfa-4918-912f-c492c8593c68.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a3fe7752-dbfa-4918-912f-c492c8593c68.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--0f66521c-a8c9-4b14-a55d-48f5f0c5af67",
+ "id": "bundle--618d1361-e300-470d-92cd-f27943d56ad8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a3fe7752-dbfa-4918-912f-c492c8593c68",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.228888Z",
- "modified": "2023-09-28T21:25:13.228888Z",
+ "created": "2024-08-02T17:12:32.369332Z",
+ "modified": "2024-08-02T17:12:32.369332Z",
"name": "Plagiarise Content",
"description": "An influence operation may take content from other sources without proper attribution. This content may be either misinformation content shared by others without malicious intent but now leveraged by the campaign as disinformation or disinformation content from other sources.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a468ff54-27eb-4e6d-b709-a9830017df86.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a468ff54-27eb-4e6d-b709-a9830017df86.json
index bfc6ec5..339dd2a 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a468ff54-27eb-4e6d-b709-a9830017df86.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a468ff54-27eb-4e6d-b709-a9830017df86.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a36f2a60-b5d4-4e72-92f1-5737543f78d5",
+ "id": "bundle--79427304-6f36-4613-a759-4433c7e2ea15",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a468ff54-27eb-4e6d-b709-a9830017df86",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.217051Z",
- "modified": "2023-09-28T21:25:13.217051Z",
+ "created": "2024-08-02T17:12:32.357307Z",
+ "modified": "2024-08-02T17:12:32.357307Z",
"name": "Political Segmentation",
"description": "An influence operation may target populations based on their political affiliations, especially when aiming to manipulate voting or change policy.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a50d7269-9365-46f0-ba81-27964e422faa.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a50d7269-9365-46f0-ba81-27964e422faa.json
index 4c7953d..d9b2cf8 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a50d7269-9365-46f0-ba81-27964e422faa.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a50d7269-9365-46f0-ba81-27964e422faa.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1798fcce-1d38-4ca7-9af2-9a298cb3f276",
+ "id": "bundle--269f625f-65f9-4bab-9a85-5df24077c230",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a50d7269-9365-46f0-ba81-27964e422faa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.253297Z",
- "modified": "2023-09-28T21:25:13.253297Z",
+ "created": "2024-08-02T17:12:32.395176Z",
+ "modified": "2024-08-02T17:12:32.395176Z",
"name": "Co-Opt Trusted Individuals",
"description": "Co-Opt Trusted Individuals",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a5ef7a55-8c38-4210-ad39-ccb22c9dd70c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a5ef7a55-8c38-4210-ad39-ccb22c9dd70c.json
new file mode 100644
index 0000000..f128935
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a5ef7a55-8c38-4210-ad39-ccb22c9dd70c.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--819cb02b-80a6-4f53-9002-4d8b67156cfc",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--a5ef7a55-8c38-4210-ad39-ccb22c9dd70c",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.390107Z",
+ "modified": "2024-08-02T17:12:32.390107Z",
+ "name": "Local Institution Persona",
+ "description": "Institutions which present themselves as operating in a particular geography, or as having local knowledge relevant to a narrative, are presenting a local institution persona.
While presenting as a local institution is not an indication of inauthentic behaviour, threat actors may present themselves as such (T0143.002: Fabricated Persona, T0097.201: Local Institution Persona) to add credibility to their narratives, or misrepresent the real opinions of locals in the area.
Legitimate local institutions could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.201: Local Institution Persona). For example, a local institution could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.101: Local Persona: Institutions presenting as local may also present locals working within the organisation.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.201.md",
+ "external_id": "T0097.201"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a60b4d87-cca8-4e17-a51c-f9c2af96aef4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a60b4d87-cca8-4e17-a51c-f9c2af96aef4.json
index 484fe57..067fa8e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a60b4d87-cca8-4e17-a51c-f9c2af96aef4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a60b4d87-cca8-4e17-a51c-f9c2af96aef4.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--ee250e81-e413-4e74-a7af-bc22a38de77a",
+ "id": "bundle--e7079fe7-4289-474d-ae05-86f8c2f60622",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a60b4d87-cca8-4e17-a51c-f9c2af96aef4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.232905Z",
- "modified": "2023-09-28T21:25:13.232905Z",
+ "created": "2024-08-02T17:12:32.373732Z",
+ "modified": "2024-08-02T17:12:32.373732Z",
"name": "Develop Memes",
"description": "Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a62e0c69-0c29-4c71-a326-1a7c3e19b74d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a62e0c69-0c29-4c71-a326-1a7c3e19b74d.json
new file mode 100644
index 0000000..466378a
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a62e0c69-0c29-4c71-a326-1a7c3e19b74d.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--13bf5f67-371d-4dd1-af5e-b79103709324",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--a62e0c69-0c29-4c71-a326-1a7c3e19b74d",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.384037Z",
+ "modified": "2024-08-02T17:12:32.384037Z",
+ "name": "Local Persona",
+ "description": "A person with a local persona presents themselves as living in a particular geography or having local knowledge relevant to a narrative.
While presenting as a local is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as local to a target area. Threat actors can fabricate locals (T0143.002: Fabricated Persona, T0097.101: Local Persona) to add credibility to their narratives, or to misrepresent the real opinions of locals in the area.
People who are legitimate locals (T0143.001: Authentic Persona, T0097.101: Local Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a local to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.201: Local Institution Persona: Analysts should use this sub-technique to catalogue cases where an institution is presenting as a local, such as a local news organisation or local business.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.101.md",
+ "external_id": "T0097.101"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a925711a-dbfb-41b1-bd81-70d41dbaa69c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a925711a-dbfb-41b1-bd81-70d41dbaa69c.json
index 6669981..4f53e32 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a925711a-dbfb-41b1-bd81-70d41dbaa69c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--a925711a-dbfb-41b1-bd81-70d41dbaa69c.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--73231c6b-2a95-4275-8b84-c9ba51c6a67d",
+ "id": "bundle--2ae52e51-7205-4ffc-8ab0-349e86652a92",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a925711a-dbfb-41b1-bd81-70d41dbaa69c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.289032Z",
- "modified": "2023-09-28T21:25:13.289032Z",
+ "created": "2024-08-02T17:12:32.42017Z",
+ "modified": "2024-08-02T17:12:32.42017Z",
"name": "Behaviour Changes",
"description": "Monitor and evaluate behaviour changes from misinformation incidents.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--abb6518d-50fe-4428-9bca-a6e3c6ed4de4.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--abb6518d-50fe-4428-9bca-a6e3c6ed4de4.json
index 60c421b..fdec294 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--abb6518d-50fe-4428-9bca-a6e3c6ed4de4.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--abb6518d-50fe-4428-9bca-a6e3c6ed4de4.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--62feab5d-3c84-4997-a43c-d7c8cb062244",
+ "id": "bundle--921422ee-9269-4e35-8c08-60e2d968a36c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--abb6518d-50fe-4428-9bca-a6e3c6ed4de4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.243711Z",
- "modified": "2023-09-28T21:25:13.243711Z",
+ "created": "2024-08-02T17:12:32.379974Z",
+ "modified": "2024-08-02T17:12:32.379974Z",
"name": "Create Community or Sub-Group",
"description": "When there is not an existing community or sub-group that meets a campaign's goals, an influence operation may seek to create a community or sub-group.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ad410829-2fb3-490b-b470-f5f859d45942.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ad410829-2fb3-490b-b470-f5f859d45942.json
index 2a3cb12..81dad23 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ad410829-2fb3-490b-b470-f5f859d45942.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ad410829-2fb3-490b-b470-f5f859d45942.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--b1f1a94d-df1b-4365-8318-ed9eb78a5b38",
+ "id": "bundle--be1ed7ef-2bde-4791-b080-0b92aeafda06",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ad410829-2fb3-490b-b470-f5f859d45942",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.212724Z",
- "modified": "2023-09-28T21:25:13.212724Z",
+ "created": "2024-08-02T17:12:32.3534Z",
+ "modified": "2024-08-02T17:12:32.3534Z",
"name": "Continue to Amplify",
"description": "continue narrative or message amplification after the main incident work has finished",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--adaaa726-50fe-47e2-b92d-de0d65c9250c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--adaaa726-50fe-47e2-b92d-de0d65c9250c.json
index 731e1f2..3d1ef25 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--adaaa726-50fe-47e2-b92d-de0d65c9250c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--adaaa726-50fe-47e2-b92d-de0d65c9250c.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--83dd141c-b669-4041-b82c-c7959b8ef5e5",
+ "id": "bundle--25f411ed-6dee-4a27-8928-ea3d607590a9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--adaaa726-50fe-47e2-b92d-de0d65c9250c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.245794Z",
- "modified": "2023-09-28T21:25:13.245794Z",
+ "created": "2024-08-02T17:12:32.38078Z",
+ "modified": "2024-08-02T17:12:32.38078Z",
"name": "Infiltrate Existing Networks",
"description": "Operators deceptively insert social assets into existing networks as group members in order to influence the members of the network and the wider information environment that the network impacts.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2695cde-5f12-4e6a-b55a-e31220cb4bd7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2695cde-5f12-4e6a-b55a-e31220cb4bd7.json
index 2d25e9c..445f1c6 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2695cde-5f12-4e6a-b55a-e31220cb4bd7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2695cde-5f12-4e6a-b55a-e31220cb4bd7.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--17d04a57-d9ab-454d-b58c-3de6ec7591f5",
+ "id": "bundle--0c1ff1c4-0d4c-46c0-a14e-c59254dc9a83",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b2695cde-5f12-4e6a-b55a-e31220cb4bd7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.241564Z",
- "modified": "2023-09-28T21:25:13.241564Z",
+ "created": "2024-08-02T17:12:32.377807Z",
+ "modified": "2024-08-02T17:12:32.377807Z",
"name": "Create Bot Accounts",
"description": "Bots refer to autonomous internet users that interact with systems or other users while imitating traditional human behaviour. Bots use a variety of tools to stay active without direct human operation, including artificial intelligence and big data analytics. For example, an individual may programme a Twitter bot to retweet a tweet every time it contains a certain keyword or hashtag. An influence operation may use bots to increase its exposure and artificially promote its content across the internet without dedicating additional time or human resources. Amplifier bots promote operation content through reposts, shares, and likes to increase the content\u2019s online popularity. Hacker bots are traditionally covert bots running on computer scripts that rarely engage with users and work primarily as agents of larger cyberattacks, such as a Distributed Denial of Service attacks. Spammer bots are programmed to post content on social media or in comment sections, usually as a supplementary tool. Impersonator bots102 pose as real people by mimicking human behaviour, complicating their detection.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2a7561a-28ad-426c-a249-f415b5f11cee.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2a7561a-28ad-426c-a249-f415b5f11cee.json
index bbbf569..63b1c20 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2a7561a-28ad-426c-a249-f415b5f11cee.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2a7561a-28ad-426c-a249-f415b5f11cee.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--43acb4af-cad3-4f39-9a4e-85e50a99a0cb",
+ "id": "bundle--3bd63009-fede-4746-b9d6-e632bd4fc348",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b2a7561a-28ad-426c-a249-f415b5f11cee",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.214046Z",
- "modified": "2023-09-28T21:25:13.214046Z",
+ "created": "2024-08-02T17:12:32.355029Z",
+ "modified": "2024-08-02T17:12:32.355029Z",
"name": "Respond to Breaking News Event or Active Crisis",
"description": "Media attention on a story or event is heightened during a breaking news event, where unclear facts and incomplete information increase speculation, rumours, and conspiracy theories, which are all vulnerable to manipulation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2c62262-d3cc-49a9-830c-9d6f0bb95082.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2c62262-d3cc-49a9-830c-9d6f0bb95082.json
new file mode 100644
index 0000000..abd2285
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2c62262-d3cc-49a9-830c-9d6f0bb95082.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--3977e365-5420-4902-84dc-071660324890",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--b2c62262-d3cc-49a9-830c-9d6f0bb95082",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431468Z",
+ "modified": "2024-08-02T17:12:32.431468Z",
+ "name": "Impersonated Persona",
+ "description": "Threat actors may impersonate existing individuals or institutions to conceal their network identity, add legitimacy to content, or harm the impersonated target\u2019s reputation. This Technique covers situations where an actor presents themselves as another existing individual or institution.
This Technique was previously called Prepare Assets Impersonating Legitimate Entities and used the ID T0099.
Associated Techniques and Sub-techniques T0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of impersonation. For example, a document developed by a threat actor which falsely presented as a letter from a government department could be documented using T0085.004: Develop Document, T0143.003: Impersonated Persona, and T0097.206: Government Institution Persona. T0145.001: Copy Account Imagery: Actors may take existing accounts\u2019 profile pictures as part of their impersonation efforts.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.003.md",
+ "external_id": "T0143.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b3bb61ca-5472-42b0-807e-bd8657fc05b2.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b3bb61ca-5472-42b0-807e-bd8657fc05b2.json
index 616ca85..ee63a43 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b3bb61ca-5472-42b0-807e-bd8657fc05b2.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b3bb61ca-5472-42b0-807e-bd8657fc05b2.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--11a86bba-6125-47ce-9b2f-9eaaebe2e558",
+ "id": "bundle--ebcc5d14-0680-4337-a9d5-ee56735796f1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b3bb61ca-5472-42b0-807e-bd8657fc05b2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.212997Z",
- "modified": "2023-09-28T21:25:13.212997Z",
+ "created": "2024-08-02T17:12:32.354177Z",
+ "modified": "2024-08-02T17:12:32.354177Z",
"name": "Prepare Physical Broadcast Capabilities",
"description": "Create or coopt broadcast capabilities (e.g. TV, radio etc).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b43dbee2-e1e2-40e5-bea1-45630d55d30b.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b43dbee2-e1e2-40e5-bea1-45630d55d30b.json
index 024270e..40ce8ef 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b43dbee2-e1e2-40e5-bea1-45630d55d30b.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b43dbee2-e1e2-40e5-bea1-45630d55d30b.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d8d105a8-cd5a-43b3-b7d2-d7bc67d241eb",
+ "id": "bundle--aeeda24a-372c-4599-9027-7681789c5570",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b43dbee2-e1e2-40e5-bea1-45630d55d30b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.253721Z",
- "modified": "2023-09-28T21:25:13.253721Z",
+ "created": "2024-08-02T17:12:32.395629Z",
+ "modified": "2024-08-02T17:12:32.395629Z",
"name": "Co-Opt Grassroots Groups",
"description": "Co-Opt Grassroots Groups",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b4ed63e5-e8db-4057-989b-3ff5ad8c000c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b4ed63e5-e8db-4057-989b-3ff5ad8c000c.json
index d734e97..f48f6ec 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b4ed63e5-e8db-4057-989b-3ff5ad8c000c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b4ed63e5-e8db-4057-989b-3ff5ad8c000c.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--39d120e6-c8ed-4266-bf26-7761ec0b14be",
+ "id": "bundle--1b07ecfa-5eec-476d-ac36-5bf8021aaf76",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b4ed63e5-e8db-4057-989b-3ff5ad8c000c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.199668Z",
- "modified": "2023-09-28T21:25:13.199668Z",
+ "created": "2024-08-02T17:12:32.341425Z",
+ "modified": "2024-08-02T17:12:32.341425Z",
"name": "Amplify Existing Conspiracy Theory Narratives",
"description": "An influence operation may amplify an existing conspiracy theory narrative that aligns with its incident or campaign goals. By amplifying existing conspiracy theory narratives, operators can leverage the power of the existing communities that support and propagate those theories without needing to expend resources creating new narratives or building momentum and buy in around new narratives.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b502f8ae-e296-4dd7-83ea-8d737f8d3fb1.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b502f8ae-e296-4dd7-83ea-8d737f8d3fb1.json
new file mode 100644
index 0000000..50e54df
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b502f8ae-e296-4dd7-83ea-8d737f8d3fb1.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--e5135cb5-702e-460c-b704-58b236484c36",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--b502f8ae-e296-4dd7-83ea-8d737f8d3fb1",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.429946Z",
+ "modified": "2024-08-02T17:12:32.429946Z",
+ "name": "Intimidate",
+ "description": "Coerce, bully, or frighten the target. An influence operation may use intimidation to compel the target to act against their will. Or the goal may be to frighten or even terrify the target into silence or submission. In some cases, the goal is simply to make the victim suffer. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0140.002.md",
+ "external_id": "T0140.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b6644001-8597-4f9f-a2a4-8005c54e8a39.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b6644001-8597-4f9f-a2a4-8005c54e8a39.json
index 6d99547..4c03f6e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b6644001-8597-4f9f-a2a4-8005c54e8a39.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b6644001-8597-4f9f-a2a4-8005c54e8a39.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--ebf20341-3807-4c24-b379-895bd3980650",
+ "id": "bundle--3ab18020-167e-480c-95b9-9c4fef952923",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b6644001-8597-4f9f-a2a4-8005c54e8a39",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.285674Z",
- "modified": "2023-09-28T21:25:13.285674Z",
+ "created": "2024-08-02T17:12:32.417826Z",
+ "modified": "2024-08-02T17:12:32.417826Z",
"name": "Use Shell Organisations",
"description": "Use Shell Organisations to conceal sponsorship.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b69275ef-ba3d-409f-a857-40d4d1870dca.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b69275ef-ba3d-409f-a857-40d4d1870dca.json
index 540c0fe..4cef170 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b69275ef-ba3d-409f-a857-40d4d1870dca.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--b69275ef-ba3d-409f-a857-40d4d1870dca.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--63c0e6ef-c461-4698-9759-d0f347e8e166",
+ "id": "bundle--67d2528d-7b95-401d-b1a8-b171f6f552d1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b69275ef-ba3d-409f-a857-40d4d1870dca",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.261742Z",
- "modified": "2023-09-28T21:25:13.261742Z",
+ "created": "2024-08-02T17:12:32.404069Z",
+ "modified": "2024-08-02T17:12:32.404069Z",
"name": "Bookmarking and Content Curation",
"description": "Platforms for searching, sharing, and curating content and media. Examples include Pinterest, Flipboard, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bacbdfd3-f8c2-4126-a9f3-1b75576fa5e7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bacbdfd3-f8c2-4126-a9f3-1b75576fa5e7.json
index f218d6c..0bb6907 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bacbdfd3-f8c2-4126-a9f3-1b75576fa5e7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bacbdfd3-f8c2-4126-a9f3-1b75576fa5e7.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--5c108ebb-4363-4c7f-80bb-83cb4e0d5d4d",
+ "id": "bundle--2281b5c6-13a0-4fbc-b026-249ba44c070c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bacbdfd3-f8c2-4126-a9f3-1b75576fa5e7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.193213Z",
- "modified": "2023-09-28T21:25:13.193213Z",
+ "created": "2024-08-02T17:12:32.333012Z",
+ "modified": "2024-08-02T17:12:32.333012Z",
"name": "Cultivate Ignorant Agents",
"description": "Cultivate propagandists for a cause, the goals of which are not fully comprehended, and who are used cynically by the leaders of the cause. Independent actors use social media and specialised web sites to strategically reinforce and spread messages compatible with their own. Their networks are infiltrated and used by state media disinformation organisations to amplify the state\u2019s own disinformation strategies against target populations. Many are traffickers in conspiracy theories or hoaxes, unified by a suspicion of Western governments and mainstream media. Their narratives, which appeal to leftists hostile to globalism and military intervention and nationalists against immigration, are frequently infiltrated and shaped by state-controlled trolls and altered news items from agencies such as RT and Sputnik. Also know as \"useful idiots\" or \"unwitting agents\".",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--baf9f97d-65f3-4290-a3c2-9ac624d64ad6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--baf9f97d-65f3-4290-a3c2-9ac624d64ad6.json
index 04da77b..5f8fec6 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--baf9f97d-65f3-4290-a3c2-9ac624d64ad6.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--baf9f97d-65f3-4290-a3c2-9ac624d64ad6.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--c07ff311-3d5e-425f-89e4-7a0ca285ea69",
+ "id": "bundle--85b5d7a4-45a0-4f4e-8d4b-13a04795f1c3",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--baf9f97d-65f3-4290-a3c2-9ac624d64ad6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.277655Z",
- "modified": "2023-09-28T21:25:13.277655Z",
+ "created": "2024-08-02T17:12:32.413994Z",
+ "modified": "2024-08-02T17:12:32.413994Z",
"name": "Conceal Information Assets",
"description": "Conceal the identity or provenance of campaign information assets such as accounts, channels, pages etc. to avoid takedown and attribution.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb25b4aa-9223-40ea-a28a-0dd675e91e46.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb25b4aa-9223-40ea-a28a-0dd675e91e46.json
index 880b93f..f0e9ac5 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb25b4aa-9223-40ea-a28a-0dd675e91e46.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb25b4aa-9223-40ea-a28a-0dd675e91e46.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1ced6e16-e4ec-4d34-9e55-bb3ae59422cc",
+ "id": "bundle--62456d7c-97e1-4aa7-952e-da0812cc4219",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bb25b4aa-9223-40ea-a28a-0dd675e91e46",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.256038Z",
- "modified": "2023-09-28T21:25:13.256038Z",
+ "created": "2024-08-02T17:12:32.399125Z",
+ "modified": "2024-08-02T17:12:32.399125Z",
"name": "Create Echo Chambers/Filter Bubbles",
"description": "Create Echo Chambers/Filter Bubbles",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb8da71f-108a-4c46-a1ef-d24ef1c8a661.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb8da71f-108a-4c46-a1ef-d24ef1c8a661.json
index 77e2ddf..b1ab443 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb8da71f-108a-4c46-a1ef-d24ef1c8a661.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb8da71f-108a-4c46-a1ef-d24ef1c8a661.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f558b836-5337-4444-91c9-0cf26810d7f3",
+ "id": "bundle--45a7f277-a96e-4d71-bd0f-a04a5393ec90",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bb8da71f-108a-4c46-a1ef-d24ef1c8a661",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.227215Z",
- "modified": "2023-09-28T21:25:13.227215Z",
+ "created": "2024-08-02T17:12:32.367712Z",
+ "modified": "2024-08-02T17:12:32.367712Z",
"name": "Identify Media System Vulnerabilities",
"description": "An influence operation may exploit existing weaknesses in a target\u2019s media system. These weaknesses may include existing biases among media agencies, vulnerability to false news agencies on social media, or existing distrust of traditional media sources. An existing distrust among the public in the media system\u2019s credibility holds high potential for exploitation by an influence operation when establishing alternative news agencies to spread operation content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb9d5f3e-471f-411b-9901-baf03b848132.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb9d5f3e-471f-411b-9901-baf03b848132.json
index 0f42624..51a791c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb9d5f3e-471f-411b-9901-baf03b848132.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb9d5f3e-471f-411b-9901-baf03b848132.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--24a7bb49-9370-45e2-8d2e-bef184e723d0",
+ "id": "bundle--be590165-68bf-42e1-93a3-4b85ce827365",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bb9d5f3e-471f-411b-9901-baf03b848132",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.288832Z",
- "modified": "2023-09-28T21:25:13.288832Z",
+ "created": "2024-08-02T17:12:32.419973Z",
+ "modified": "2024-08-02T17:12:32.419973Z",
"name": "Measure Effectiveness",
"description": "A metric used to measure a current system state. \u201cAre we on track to achieve the intended new system state within the planned timescale?\u201d",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bc2a6754-44d0-4fe3-8461-e3a4af895835.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bc2a6754-44d0-4fe3-8461-e3a4af895835.json
index 1345b00..8ff365e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bc2a6754-44d0-4fe3-8461-e3a4af895835.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bc2a6754-44d0-4fe3-8461-e3a4af895835.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--51f16e01-ddc2-4041-b0c4-1ace51e2a411",
+ "id": "bundle--a6a37e35-0f27-4cba-96ad-ec1578a7091d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bc2a6754-44d0-4fe3-8461-e3a4af895835",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.20799Z",
- "modified": "2023-09-28T21:25:13.20799Z",
+ "created": "2024-08-02T17:12:32.34527Z",
+ "modified": "2024-08-02T17:12:32.34527Z",
"name": "Harass",
"description": "Threatening or harassing believers of opposing narratives refers to the use of intimidation techniques, including cyberbullying and doxing, to discourage opponents from voicing their dissent. An influence operation may threaten or harass believers of the opposing narratives to deter individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bd1295e0-67b2-419d-b2b4-a832552dbcc6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bd1295e0-67b2-419d-b2b4-a832552dbcc6.json
index a9dcb74..bbf28fe 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bd1295e0-67b2-419d-b2b4-a832552dbcc6.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bd1295e0-67b2-419d-b2b4-a832552dbcc6.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9bd0cd35-ffee-45f2-863f-07a636d8b149",
+ "id": "bundle--797b30f7-35a2-4bc6-aba6-91cdb40b9bf4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bd1295e0-67b2-419d-b2b4-a832552dbcc6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.203875Z",
- "modified": "2023-09-28T21:25:13.203875Z",
+ "created": "2024-08-02T17:12:32.343749Z",
+ "modified": "2024-08-02T17:12:32.343749Z",
"name": "Seed Kernel of Truth",
"description": "Wrap lies or altered context/facts around truths. Influence campaigns pursue a variety of objectives with respect to target audiences, prominent among them: 1. undermine a narrative commonly referenced in the target audience; or 2. promote a narrative less common in the target audience, but preferred by the attacker. In both cases, the attacker is presented with a heavy lift. They must change the relative importance of various narratives in the interpretation of events, despite contrary tendencies. When messaging makes use of factual reporting to promote these adjustments in the narrative space, they are less likely to be dismissed out of hand; when messaging can juxtapose a (factual) truth about current affairs with the (abstract) truth explicated in these narratives, propagandists can undermine or promote them selectively. Context matters.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bef6392b-f5a2-4a40-8b53-9a9377bea159.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bef6392b-f5a2-4a40-8b53-9a9377bea159.json
index 37757bb..f503582 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bef6392b-f5a2-4a40-8b53-9a9377bea159.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bef6392b-f5a2-4a40-8b53-9a9377bea159.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--05ac0b59-e461-4cc8-b8ad-0dceab66ba3f",
+ "id": "bundle--4eba4184-d0b7-4656-a7f5-df76306feeff",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bef6392b-f5a2-4a40-8b53-9a9377bea159",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.217367Z",
- "modified": "2023-09-28T21:25:13.217367Z",
+ "created": "2024-08-02T17:12:32.358298Z",
+ "modified": "2024-08-02T17:12:32.358298Z",
"name": "Determine Strategic Ends",
"description": "These are the long-term end-states the campaign aims to bring about. They typically involve an advantageous position vis-a-vis competitors in terms of power or influence. The strategic goal may be to improve or simply to hold one\u2019s position. Competition occurs in the public sphere in the domains of war, diplomacy, politics, economics, and ideology, and can play out between armed groups, nation-states, political parties, corporations, interest groups, or individuals. ",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bfce790b-dfd6-46ca-8fab-c2d72f21bba2.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bfce790b-dfd6-46ca-8fab-c2d72f21bba2.json
index 1c33af1..76c2a71 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bfce790b-dfd6-46ca-8fab-c2d72f21bba2.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--bfce790b-dfd6-46ca-8fab-c2d72f21bba2.json
@@ -1,16 +1,16 @@
{
"type": "bundle",
- "id": "bundle--3f72857f-1333-4d11-92ff-3c439f53b967",
+ "id": "bundle--affd34a4-6073-481a-bb25-468bde308e9c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bfce790b-dfd6-46ca-8fab-c2d72f21bba2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.210877Z",
- "modified": "2023-09-28T21:25:13.210877Z",
- "name": "Hijack Existing Hashtag",
- "description": "Take over an existing hashtag to drive exposure.",
+ "created": "2024-08-02T17:12:32.349076Z",
+ "modified": "2024-08-02T17:12:32.349076Z",
+ "name": "Flood Existing Hashtag",
+ "description": "Hashtags can be used by communities to collate information they post about particular topics (such as their interests, or current events) and users can find communities to join by exploring hashtags they\u2019re interested in.
Threat actors can flood an existing hashtag to try to ruin hashtag functionality, posting content unrelated to the hashtag alongside it, making it a less reliable source of relevant information. They may also try to flood existing hashtags with campaign content, with the intent of maximising exposure to users.
This Technique covers cases where threat actors flood existing hashtags with campaign content.
This Technique covers behaviours previously documented by T0019.002: Hijack Hashtags, which has since been deprecated. This Technique was previously called Hijack Existing Hashtag.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c060ec87-d4d7-4de0-9f1d-9a9a42c05446.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c060ec87-d4d7-4de0-9f1d-9a9a42c05446.json
new file mode 100644
index 0000000..299c319
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c060ec87-d4d7-4de0-9f1d-9a9a42c05446.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--ae677af1-90d5-4d69-9600-03097080c1be",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--c060ec87-d4d7-4de0-9f1d-9a9a42c05446",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.432726Z",
+ "modified": "2024-08-02T17:12:32.432726Z",
+ "name": "Copy Account Imagery",
+ "description": "Account imagery copied from an existing account.
Analysts may use reverse image search tools to try to identify previous uses of account imagery (e.g. a profile picture) by other accounts.
Threat Actors have been known to copy existing accounts\u2019 imagery to impersonate said accounts, or to provide imagery for unrelated accounts which aren\u2019t intended to impersonate the original assets\u2019 owner.
Associated Techniques and Sub-techniques T0143.003: Impersonated Persona: Actors may copy existing accounts\u2019 imagery in an attempt to impersonate them. T0143.004: Parody Persona: Actors may copy existing accounts\u2019 imagery as part of a parody of that account.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.001.md",
+ "external_id": "T0145.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c1182f49-4318-486f-81be-d44b99300343.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c1182f49-4318-486f-81be-d44b99300343.json
index 049c584..1883ce1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c1182f49-4318-486f-81be-d44b99300343.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c1182f49-4318-486f-81be-d44b99300343.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--86ce3fed-b02a-4c77-a96a-e20269aab38a",
+ "id": "bundle--07fe3d5c-c239-4a0d-86a6-7fdc0c6de342",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c1182f49-4318-486f-81be-d44b99300343",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.244257Z",
- "modified": "2023-09-28T21:25:13.244257Z",
+ "created": "2024-08-02T17:12:32.380189Z",
+ "modified": "2024-08-02T17:12:32.380189Z",
"name": "Acquire/Recruit Network",
"description": "Operators acquire an existing network by paying, recruiting, or exerting control over the leaders of the existing network.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c171dd41-42d0-45c2-806e-3cb518ba0357.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c171dd41-42d0-45c2-806e-3cb518ba0357.json
index e643f1e..adff7fc 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c171dd41-42d0-45c2-806e-3cb518ba0357.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c171dd41-42d0-45c2-806e-3cb518ba0357.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e8818de7-2f10-41c3-94b7-a2b3a178af7f",
+ "id": "bundle--cff4f4d0-4f88-43cd-8b58-789a8d081a6d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c171dd41-42d0-45c2-806e-3cb518ba0357",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.28818Z",
- "modified": "2023-09-28T21:25:13.28818Z",
+ "created": "2024-08-02T17:12:32.419159Z",
+ "modified": "2024-08-02T17:12:32.419159Z",
"name": "Measure Performance",
"description": "A metric used to determine the accomplishment of actions. \u201cAre the actions being executed as planned?\u201d",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c254c765-c83d-4ae3-880e-7a253ef02d37.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c254c765-c83d-4ae3-880e-7a253ef02d37.json
index 7fa3254..8d9d99c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c254c765-c83d-4ae3-880e-7a253ef02d37.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c254c765-c83d-4ae3-880e-7a253ef02d37.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--8b1dfa5a-2f5f-4cc7-a59e-2cb4026d76da",
+ "id": "bundle--cd16b35c-2509-4789-ac82-bb9f1e483896",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c254c765-c83d-4ae3-880e-7a253ef02d37",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.227652Z",
- "modified": "2023-09-28T21:25:13.227652Z",
+ "created": "2024-08-02T17:12:32.368347Z",
+ "modified": "2024-08-02T17:12:32.368347Z",
"name": "Integrate Target Audience Vulnerabilities into Narrative",
"description": "An influence operation may seek to exploit the preexisting weaknesses, fears, and enemies of the target audience for integration into the operation\u2019s narratives and overall strategy. Integrating existing vulnerabilities into the operational approach conserves resources by exploiting already weak areas of the target information environment instead of forcing the operation to create new vulnerabilities in the environment.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c25ad637-cfa5-40c0-a23c-f741d8f4319e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c25ad637-cfa5-40c0-a23c-f741d8f4319e.json
index a391527..63bb56e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c25ad637-cfa5-40c0-a23c-f741d8f4319e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c25ad637-cfa5-40c0-a23c-f741d8f4319e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d638e19b-53a6-4891-a98c-5ddf1ede1aa7",
+ "id": "bundle--e0d116c6-40f0-4362-b4be-63285d280115",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c25ad637-cfa5-40c0-a23c-f741d8f4319e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.28864Z",
- "modified": "2023-09-28T21:25:13.28864Z",
+ "created": "2024-08-02T17:12:32.419768Z",
+ "modified": "2024-08-02T17:12:32.419768Z",
"name": "View Focused",
"description": "View Focused",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c26749da-f15d-48d7-ac1f-e2a2a49b9930.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c26749da-f15d-48d7-ac1f-e2a2a49b9930.json
index 01a8a89..1593dae 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c26749da-f15d-48d7-ac1f-e2a2a49b9930.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c26749da-f15d-48d7-ac1f-e2a2a49b9930.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--33629583-b133-4b39-a0e1-802b66e93ecd",
+ "id": "bundle--ac0280ea-543e-4c43-9fec-d08581624fb3",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c26749da-f15d-48d7-ac1f-e2a2a49b9930",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.260345Z",
- "modified": "2023-09-28T21:25:13.260345Z",
+ "created": "2024-08-02T17:12:32.403485Z",
+ "modified": "2024-08-02T17:12:32.403485Z",
"name": "Audio Sharing",
"description": "Examples include podcasting apps, Soundcloud, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c31542d3-d9c4-4fe4-ac5d-47632225a425.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c31542d3-d9c4-4fe4-ac5d-47632225a425.json
index 08cbb82..dd00e36 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c31542d3-d9c4-4fe4-ac5d-47632225a425.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c31542d3-d9c4-4fe4-ac5d-47632225a425.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--073151db-cac5-433a-9f60-621575b31d8d",
+ "id": "bundle--6e3bb498-ad99-4bf3-a37a-62abe5003681",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c31542d3-d9c4-4fe4-ac5d-47632225a425",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.275608Z",
- "modified": "2023-09-28T21:25:13.275608Z",
+ "created": "2024-08-02T17:12:32.41195Z",
+ "modified": "2024-08-02T17:12:32.41195Z",
"name": "Report Non-Violative Opposing Content",
"description": "Reporting opposing content refers to notifying and providing an instance of a violation of a platform\u2019s guidelines and policies for conduct on the platform. In addition to simply reporting the content, an operation may leverage copyright regulations to trick social media and web platforms into removing opposing content by manipulating the content to appear in violation of copyright laws. Reporting opposing content facilitates the suppression of contradictory information and allows operation narratives to take priority in the information space.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4213e65-a7cc-42a5-a3a7-2d8040258625.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4213e65-a7cc-42a5-a3a7-2d8040258625.json
index e5fdb86..f01288b 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4213e65-a7cc-42a5-a3a7-2d8040258625.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4213e65-a7cc-42a5-a3a7-2d8040258625.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--b9f7cc66-4b76-4975-bdc6-1185bedb125d",
+ "id": "bundle--1fc71209-444c-41f5-9856-fdb1b9deaf45",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c4213e65-a7cc-42a5-a3a7-2d8040258625",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.242875Z",
- "modified": "2023-09-28T21:25:13.242875Z",
+ "created": "2024-08-02T17:12:32.379162Z",
+ "modified": "2024-08-02T17:12:32.379162Z",
"name": "Build Network",
"description": "Operators build their own network, creating links between accounts -- whether authentic or inauthentic -- in order amplify and promote narratives and artefacts, and encourage further growth of ther network, as well as the ongoing sharing and engagement with operational content.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4e7d976-071a-4973-833e-3badef32b8c5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4e7d976-071a-4973-833e-3badef32b8c5.json
index 69f679d..a291072 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4e7d976-071a-4973-833e-3badef32b8c5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c4e7d976-071a-4973-833e-3badef32b8c5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f6fd79ff-671f-4d54-8f98-00b29e1a727b",
+ "id": "bundle--5a2a0c84-c66a-402a-ad77-7748cea56666",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c4e7d976-071a-4973-833e-3badef32b8c5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.235323Z",
- "modified": "2023-09-28T21:25:13.235323Z",
+ "created": "2024-08-02T17:12:32.375552Z",
+ "modified": "2024-08-02T17:12:32.375552Z",
"name": "Develop AI-Generated Videos (Deepfakes)",
"description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c5274385-9abf-45cb-9ef6-faf86145d5ef.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c5274385-9abf-45cb-9ef6-faf86145d5ef.json
new file mode 100644
index 0000000..72a7360
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c5274385-9abf-45cb-9ef6-faf86145d5ef.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--e5282a5f-dca1-4e33-87b7-8a955562abb3",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--c5274385-9abf-45cb-9ef6-faf86145d5ef",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.43014Z",
+ "modified": "2024-08-02T17:12:32.43014Z",
+ "name": "Spread Hate",
+ "description": "Publish and/or propagate demeaning, derisive, or humiliating content targeting an individual or group of individuals with the intent to cause emotional, psychological, or physical distress. Hate speech can cause harm directly or incite others to harm the target. It often aims to stigmatise the target by singling out immutable characteristics such as colour, race, religion, national or ethnic origin, gender, gender identity, sexual orientation, age, disease, or mental or physical disability. Thus, promoting hatred online may involve racism, antisemitism, Islamophobia, xenophobia, sexism, misogyny, homophobia, transphobia, ageism, ableism, or any combination thereof. Motivations for hate speech range from group preservation to ideological superiority to the unbridled infliction of suffering. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0140.003.md",
+ "external_id": "T0140.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c54dd9c4-5b7b-47a9-bb40-e63967b2ec33.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c54dd9c4-5b7b-47a9-bb40-e63967b2ec33.json
index 6e5d1dc..960b00f 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c54dd9c4-5b7b-47a9-bb40-e63967b2ec33.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c54dd9c4-5b7b-47a9-bb40-e63967b2ec33.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a343186b-5a3d-488c-9bc8-d4c824e172f2",
+ "id": "bundle--d6716496-4fb3-45d0-952c-ae495249d063",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c54dd9c4-5b7b-47a9-bb40-e63967b2ec33",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.265873Z",
- "modified": "2023-09-28T21:25:13.265873Z",
+ "created": "2024-08-02T17:12:32.405713Z",
+ "modified": "2024-08-02T17:12:32.405713Z",
"name": "Email",
"description": "Delivering content and narratives via email. This can include using list management or high-value individually targeted messaging.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c7017017-4965-4dad-a970-e748b7080a19.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c7017017-4965-4dad-a970-e748b7080a19.json
index b9165f1..346f23c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c7017017-4965-4dad-a970-e748b7080a19.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c7017017-4965-4dad-a970-e748b7080a19.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--04b0bac0-17d7-4d70-81e7-deba3d598eb9",
+ "id": "bundle--f0c9eec6-005e-4ea3-a6f3-288dcb33eb1f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c7017017-4965-4dad-a970-e748b7080a19",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.245253Z",
- "modified": "2023-09-28T21:25:13.245253Z",
+ "created": "2024-08-02T17:12:32.380585Z",
+ "modified": "2024-08-02T17:12:32.380585Z",
"name": "Acquire Botnets",
"description": "A botnet is a group of bots that can function in coordination with each other.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c729368d-246a-47eb-8e4b-ab5b0a3510ec.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c729368d-246a-47eb-8e4b-ab5b0a3510ec.json
index 4ba2cdc..ea121d2 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c729368d-246a-47eb-8e4b-ab5b0a3510ec.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c729368d-246a-47eb-8e4b-ab5b0a3510ec.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f582fcf6-1a98-477d-aa9b-4724ff7eae87",
+ "id": "bundle--bdd4f31b-25ac-464c-9a5e-dc194b3a3f64",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c729368d-246a-47eb-8e4b-ab5b0a3510ec",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.223592Z",
- "modified": "2023-09-28T21:25:13.223592Z",
+ "created": "2024-08-02T17:12:32.364767Z",
+ "modified": "2024-08-02T17:12:32.364767Z",
"name": "Assess Degree/Type of Media Access",
"description": "An influence operation may survey a target audience\u2019s Internet availability and degree of media freedom to determine which target audience members will have access to operation content and on which platforms. An operation may face more difficulty targeting an information environment with heavy restrictions and media control than an environment with independent media, freedom of speech and of the press, and individual liberties.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c73c3210-6414-46c8-9885-a3b3e405da56.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c73c3210-6414-46c8-9885-a3b3e405da56.json
index 7a840fc..25f291a 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c73c3210-6414-46c8-9885-a3b3e405da56.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c73c3210-6414-46c8-9885-a3b3e405da56.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--adfa29dc-e815-43a8-bc30-4d5d0b26c5aa",
+ "id": "bundle--40deeaef-e68e-41e0-9fcb-e0d97d323fff",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c73c3210-6414-46c8-9885-a3b3e405da56",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.287453Z",
- "modified": "2023-09-28T21:25:13.287453Z",
+ "created": "2024-08-02T17:12:32.418409Z",
+ "modified": "2024-08-02T17:12:32.418409Z",
"name": "Exploit TOS/Content Moderation",
"description": "Exploiting weaknesses in platforms' terms of service and content moderation policies to avoid takedowns and platform actions.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c80ef7af-3f51-4be5-b42a-19d29ab40a53.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c80ef7af-3f51-4be5-b42a-19d29ab40a53.json
index c9dd56c..542aee1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c80ef7af-3f51-4be5-b42a-19d29ab40a53.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--c80ef7af-3f51-4be5-b42a-19d29ab40a53.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f1453378-cf4b-4ea7-ba38-e64e77d4dd7d",
+ "id": "bundle--cea69cd2-a82c-4c1b-a82e-843052c30b2a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c80ef7af-3f51-4be5-b42a-19d29ab40a53",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.28615Z",
- "modified": "2023-09-28T21:25:13.28615Z",
+ "created": "2024-08-02T17:12:32.418021Z",
+ "modified": "2024-08-02T17:12:32.418021Z",
"name": "Use Cryptocurrency",
"description": "Use Cryptocurrency to conceal sponsorship. Examples include Bitcoin, Monero, and Etherium.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cb324e3c-1041-4a26-9fa8-da45547b7dcc.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cb324e3c-1041-4a26-9fa8-da45547b7dcc.json
index 51e14bc..a6287be 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cb324e3c-1041-4a26-9fa8-da45547b7dcc.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cb324e3c-1041-4a26-9fa8-da45547b7dcc.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--73c1f5eb-a924-4c1a-8bc7-157de4037202",
+ "id": "bundle--f65bca1e-bc82-4f40-9e8c-60259b97befe",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--cb324e3c-1041-4a26-9fa8-da45547b7dcc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.29032Z",
- "modified": "2023-09-28T21:25:13.29032Z",
+ "created": "2024-08-02T17:12:32.421597Z",
+ "modified": "2024-08-02T17:12:32.421597Z",
"name": "Social Media Engagement",
"description": "Monitor and evaluate social media engagement in misinformation incidents.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce1e088c-d061-490c-a13a-3cbe4216a86e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce1e088c-d061-490c-a13a-3cbe4216a86e.json
index 3140f11..3a41ec9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce1e088c-d061-490c-a13a-3cbe4216a86e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce1e088c-d061-490c-a13a-3cbe4216a86e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--db48f90c-2233-4b2b-924f-a89b94258b02",
+ "id": "bundle--4f3f9538-6cdd-495f-b39b-514594be60dc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ce1e088c-d061-490c-a13a-3cbe4216a86e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.287776Z",
- "modified": "2023-09-28T21:25:13.287776Z",
+ "created": "2024-08-02T17:12:32.418604Z",
+ "modified": "2024-08-02T17:12:32.418604Z",
"name": "Legacy Web Content",
"description": "Make incident content visible for a long time, e.g. by exploiting platform terms of service, or placing it where it's hard to remove or unlikely to be removed.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce4a9eee-7437-43ce-ac86-c1921f5c01a7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce4a9eee-7437-43ce-ac86-c1921f5c01a7.json
index 64b6aa9..ccaf755 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce4a9eee-7437-43ce-ac86-c1921f5c01a7.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce4a9eee-7437-43ce-ac86-c1921f5c01a7.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--2b5b9408-3d82-42ee-aa4e-8715f2b1cedb",
+ "id": "bundle--b168fc9e-993a-4474-9713-73373e8c1801",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ce4a9eee-7437-43ce-ac86-c1921f5c01a7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.234844Z",
- "modified": "2023-09-28T21:25:13.234844Z",
+ "created": "2024-08-02T17:12:32.375242Z",
+ "modified": "2024-08-02T17:12:32.375242Z",
"name": "Develop Video-Based Content",
"description": "Creating and editing false or misleading video artefacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include staging videos of purportedly real situations, repurposing existing video artefacts, or using AI-generated video creation and editing technologies (including deepfakes).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce5b400c-6f82-4095-936b-617857800da8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce5b400c-6f82-4095-936b-617857800da8.json
index dc1a741..05ed4ca 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce5b400c-6f82-4095-936b-617857800da8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce5b400c-6f82-4095-936b-617857800da8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--a3bb18cd-22f3-438c-a048-da2efa0af730",
+ "id": "bundle--bee53e50-d915-4e84-aba4-782abd21ad0a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ce5b400c-6f82-4095-936b-617857800da8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.211643Z",
- "modified": "2023-09-28T21:25:13.211643Z",
+ "created": "2024-08-02T17:12:32.350548Z",
+ "modified": "2024-08-02T17:12:32.350548Z",
"name": "Conduct Swarming",
"description": "Swarming refers to the coordinated use of accounts to overwhelm the information space with operation content. Unlike information flooding, swarming centres exclusively around a specific event or actor rather than a general narrative. Swarming relies on \u201chorizontal communication\u201d between information assets rather than a top-down, vertical command-and-control approach.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cec91e97-76c8-4a1f-8397-a06939a558ef.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cec91e97-76c8-4a1f-8397-a06939a558ef.json
index 0b3af46..1cf33ad 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cec91e97-76c8-4a1f-8397-a06939a558ef.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cec91e97-76c8-4a1f-8397-a06939a558ef.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--373c231e-4baf-4c98-8239-4371748a475c",
+ "id": "bundle--75e6e009-b221-45fa-86b9-b76ce5b3ebe2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--cec91e97-76c8-4a1f-8397-a06939a558ef",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.211971Z",
- "modified": "2023-09-28T21:25:13.211971Z",
+ "created": "2024-08-02T17:12:32.35121Z",
+ "modified": "2024-08-02T17:12:32.35121Z",
"name": "Inauthentic Sites Amplify News and Narratives",
"description": "Inauthentic sites circulate cross-post stories and amplify narratives. Often these sites have no masthead, bylines or attribution.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cf4ee6a4-f503-425c-a069-3245de145582.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cf4ee6a4-f503-425c-a069-3245de145582.json
new file mode 100644
index 0000000..9e7a368
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--cf4ee6a4-f503-425c-a069-3245de145582.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--298bb425-a758-4ef0-9aa1-d2ee15283fd8",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--cf4ee6a4-f503-425c-a069-3245de145582",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.43387Z",
+ "modified": "2024-08-02T17:12:32.43387Z",
+ "name": "Stock Image Account Imagery",
+ "description": "Stock images used in account imagery.
Stock image websites produce photos of people in various situations. Threat Actors can purchase or appropriate these images for use in their account imagery, increasing perceived legitimacy while avoiding the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).\u00a0
Stock images tend to include physically attractive people, and this can benefit threat actors by increasing attention given to their posts.
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.007.md",
+ "external_id": "T0145.007"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d034fff5-0735-41e9-90a3-99a99671894a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d034fff5-0735-41e9-90a3-99a99671894a.json
new file mode 100644
index 0000000..5d2f24b
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d034fff5-0735-41e9-90a3-99a99671894a.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--271b65bc-d0d2-4961-97f1-13c6b5188cf4",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d034fff5-0735-41e9-90a3-99a99671894a",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.425893Z",
+ "modified": "2024-08-02T17:12:32.425893Z",
+ "name": "Make Money",
+ "description": "Profit from disinformation, conspiracy theories, or online harm. In some cases, the sole objective is financial gain, in other cases the objective is both financial and political. Making money may also be a way to sustain a political campaign. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.md",
+ "external_id": "T0137"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": false,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d13ff5af-16fd-4b32-8e14-f2e0980c15fb.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d13ff5af-16fd-4b32-8e14-f2e0980c15fb.json
index ee21657..d527c30 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d13ff5af-16fd-4b32-8e14-f2e0980c15fb.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d13ff5af-16fd-4b32-8e14-f2e0980c15fb.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--fddd299e-bacd-4c46-9967-3b38b5bf4dc3",
+ "id": "bundle--a0725b42-ea34-44b3-a52e-edaf7aa87f6d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d13ff5af-16fd-4b32-8e14-f2e0980c15fb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.225998Z",
- "modified": "2023-09-28T21:25:13.225998Z",
+ "created": "2024-08-02T17:12:32.366531Z",
+ "modified": "2024-08-02T17:12:32.366531Z",
"name": "Identify Existing Fissures",
"description": "An influence operation may identify existing fissures to pit target populations against one another or facilitate a \u201cdivide-and-conquer\" approach to tailor operation narratives along the divides.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1ad0738-1f52-4fab-b0d1-640b551d7f6a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1ad0738-1f52-4fab-b0d1-640b551d7f6a.json
index 564338f..74008dc 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1ad0738-1f52-4fab-b0d1-640b551d7f6a.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1ad0738-1f52-4fab-b0d1-640b551d7f6a.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--952e939f-4ff6-4716-9800-9ac3671f7aa2",
+ "id": "bundle--ba6bebac-5475-4596-8918-dc54f60b8dce",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d1ad0738-1f52-4fab-b0d1-640b551d7f6a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.191652Z",
- "modified": "2023-09-28T21:25:13.191652Z",
+ "created": "2024-08-02T17:12:32.33212Z",
+ "modified": "2024-08-02T17:12:32.33212Z",
"name": "Create Inauthentic Social Media Pages and Groups",
"description": "Create key social engineering assets needed to amplify content, manipulate algorithms, fool public and/or specific incident/campaign targets. Computational propaganda depends substantially on false perceptions of credibility and acceptance. By creating fake users and groups with a variety of interests and commitments, attackers can ensure that their messages both come from trusted sources and appear more widely adopted than they actually are.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1f55d22-f487-48ec-a810-a9f74220c02e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1f55d22-f487-48ec-a810-a9f74220c02e.json
index bd7b661..4a4bef3 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1f55d22-f487-48ec-a810-a9f74220c02e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d1f55d22-f487-48ec-a810-a9f74220c02e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--ef0d8657-c475-4cfb-8a3e-b690151ee2fe",
+ "id": "bundle--5e2eb779-9c70-4e1e-9d4e-6ba41bd84c04",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d1f55d22-f487-48ec-a810-a9f74220c02e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.212585Z",
- "modified": "2023-09-28T21:25:13.212585Z",
+ "created": "2024-08-02T17:12:32.35304Z",
+ "modified": "2024-08-02T17:12:32.35304Z",
"name": "Play the Long Game",
"description": "Play the long game refers to two phenomena: 1. To plan messaging and allow it to grow organically without conducting your own amplification. This is methodical and slow and requires years for the message to take hold 2. To develop a series of seemingly disconnected messaging narratives that eventually combine into a new narrative.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d2536dd3-53a5-4fc1-b508-1697cf0dafde.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d2536dd3-53a5-4fc1-b508-1697cf0dafde.json
index 68fb007..bf1aa68 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d2536dd3-53a5-4fc1-b508-1697cf0dafde.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d2536dd3-53a5-4fc1-b508-1697cf0dafde.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d11bf15d-911d-4c37-af5d-e6352f6d86a0",
+ "id": "bundle--94010742-6525-4836-8c4a-91b4191770d9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d2536dd3-53a5-4fc1-b508-1697cf0dafde",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.289186Z",
- "modified": "2023-09-28T21:25:13.289186Z",
+ "created": "2024-08-02T17:12:32.420363Z",
+ "modified": "2024-08-02T17:12:32.420363Z",
"name": "Content",
"description": "Measure current system state with respect to the effectiveness of campaign content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d3e83913-e2d5-4dad-b917-2363100c6ca0.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d3e83913-e2d5-4dad-b917-2363100c6ca0.json
new file mode 100644
index 0000000..3193591
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d3e83913-e2d5-4dad-b917-2363100c6ca0.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--0358a056-3e68-4fc0-bbd9-dfab1493e465",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d3e83913-e2d5-4dad-b917-2363100c6ca0",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.386035Z",
+ "modified": "2024-08-02T17:12:32.386035Z",
+ "name": "Recruiter Persona",
+ "description": "A person with a recruiter persona presents themselves as a potential employer or provider of freelance work.
While presenting as a recruiter is not an indication of inauthentic behaviour, threat actors fabricate recruiters (T0143.002: Fabricated Persona, T0097.106: Recruiter Persona) to justify asking for personal information from their targets or to trick targets into working for the threat actors (without revealing who they are).
Associated Techniques and Sub-techniques T0097.205: Business Persona: People with a recruiter persona may present as being part of a business which they are recruiting for.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.106.md",
+ "external_id": "T0097.106"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4813d4a-2afe-4c0e-8ddb-b21973bb283a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4813d4a-2afe-4c0e-8ddb-b21973bb283a.json
index 5da3c61..a6bfef7 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4813d4a-2afe-4c0e-8ddb-b21973bb283a.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4813d4a-2afe-4c0e-8ddb-b21973bb283a.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1527d206-4039-4429-ab9b-d8dc9d89bde4",
+ "id": "bundle--c73fd955-288f-4ce0-8037-dfa71f0697ec",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d4813d4a-2afe-4c0e-8ddb-b21973bb283a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.263231Z",
- "modified": "2023-09-28T21:25:13.263231Z",
+ "created": "2024-08-02T17:12:32.404679Z",
+ "modified": "2024-08-02T17:12:32.404679Z",
"name": "Formal Diplomatic Channels",
"description": "Leveraging formal, traditional, diplomatic channels to communicate with foreign governments (written documents, meetings, summits, diplomatic visits, etc). This type of diplomacy is conducted by diplomats of one nation with diplomats and other officials of another nation or international organisation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4e35ba1-f83d-41b4-a862-caabb634cc3e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4e35ba1-f83d-41b4-a862-caabb634cc3e.json
index efb9426..736e3a9 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4e35ba1-f83d-41b4-a862-caabb634cc3e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d4e35ba1-f83d-41b4-a862-caabb634cc3e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--38c9097d-041d-4b8c-b5aa-f809fcddf104",
+ "id": "bundle--84445f98-861e-4960-9aca-67f32edce74b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d4e35ba1-f83d-41b4-a862-caabb634cc3e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.262253Z",
- "modified": "2023-09-28T21:25:13.262253Z",
+ "created": "2024-08-02T17:12:32.404285Z",
+ "modified": "2024-08-02T17:12:32.404285Z",
"name": "Blogging and Publishing Networks",
"description": "Examples include WordPress, Blogger, Weebly, Tumblr, Medium, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d522f417-ba0e-4e2d-ae96-df2c1fd607e6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d522f417-ba0e-4e2d-ae96-df2c1fd607e6.json
index 6e560ab..3a125db 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d522f417-ba0e-4e2d-ae96-df2c1fd607e6.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d522f417-ba0e-4e2d-ae96-df2c1fd607e6.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--13ba1199-ec7d-4f4a-a3ab-4b21b9d84531",
+ "id": "bundle--464681c5-0bc3-49fa-8d6d-f5db396b2ad9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d522f417-ba0e-4e2d-ae96-df2c1fd607e6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.244787Z",
- "modified": "2023-09-28T21:25:13.244787Z",
+ "created": "2024-08-02T17:12:32.380386Z",
+ "modified": "2024-08-02T17:12:32.380386Z",
"name": "Fund Proxies",
"description": "An influence operation may fund proxies, or external entities that work for the operation. An operation may recruit/train users with existing sympathies towards the operation\u2019s narratives and/or goals as proxies. Funding proxies serves various purposes including: - Diversifying operation locations to complicate attribution - Reducing the workload for direct operation assets",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d556b582-dd00-44d7-8c2f-74fb48c755fa.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d556b582-dd00-44d7-8c2f-74fb48c755fa.json
new file mode 100644
index 0000000..4e6a07e
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d556b582-dd00-44d7-8c2f-74fb48c755fa.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--12c704f2-e7ca-46bb-9ffb-2ddf73386151",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d556b582-dd00-44d7-8c2f-74fb48c755fa",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.430653Z",
+ "modified": "2024-08-02T17:12:32.430653Z",
+ "name": "Acquire Compromised Account",
+ "description": "Threat Actors can take over existing users\u2019 accounts to distribute campaign content.
The actor may maintain the asset\u2019s previous identity to capitalise on the perceived legitimacy its previous owner had cultivated.
The actor may completely rebrand the account to exploit its existing reach, or relying on the account\u2019s history to avoid more stringent automated content moderation rules applied to new accounts.
See also [Mitre ATT&CK\u2019s T1586 Compromise Accounts](https://attack.mitre.org/techniques/T1586/) for more technical information on how threat actors may achieve this objective.
This Technique was previously called Compromise Legitimate Accounts, and used the ID T0011.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0141.001.md",
+ "external_id": "T0141.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d592cbac-8fcd-4569-8a7a-4e5c6a0b08e7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d592cbac-8fcd-4569-8a7a-4e5c6a0b08e7.json
new file mode 100644
index 0000000..a9a6295
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d592cbac-8fcd-4569-8a7a-4e5c6a0b08e7.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--04bf51d7-e54b-4e81-910e-678ddc739bea",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d592cbac-8fcd-4569-8a7a-4e5c6a0b08e7",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431712Z",
+ "modified": "2024-08-02T17:12:32.431712Z",
+ "name": "Parody Persona",
+ "description": "Parody is a form of artistic expression that imitates the style or characteristics of a particular work, genre, or individual in a humorous or satirical way, often to comment on or critique the original work or subject matter. People may present as parodies to create humour or make a point by exaggerating or altering elements of the original, while still maintaining recognizable elements.
The use of parody is not an indication of inauthentic or malicious behaviour; parody allows people to present ideas or criticisms in a comedic or exaggerated manner, softening the impact of sensitive or contentious topics. Because parody is often protected as a form of free speech or artistic expression, it provides a legal and social framework for discussing controversial issues.
However, parody personas may be perceived as authentic personas, leading to people mistakenly believing that a parody account\u2019s statements represent the real opinions of a parodied target. Threat actors may also use the guise of parody to spread campaign content. Parody personas may disclaim that they are operating as a parody, however this is not always the case, and is not always given prominence.
Associated Techniques and Sub-techniquesT0097: Presented Persona: Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of parody.\u00a0For example, an account presenting as a parody of a business could be documented using T0097.205: Business Persona and T0143.003: Parody Persona. T0145.001: Copy Account Imagery: Actors may take existing accounts\u2019 profile pictures as part of their parody efforts.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.004.md",
+ "external_id": "T0143.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d60dd224-14bd-4b6e-9960-a789a8370fdf.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d60dd224-14bd-4b6e-9960-a789a8370fdf.json
new file mode 100644
index 0000000..a9e327f
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d60dd224-14bd-4b6e-9960-a789a8370fdf.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--1b640941-49dd-43c9-ab92-bceabaaae95f",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d60dd224-14bd-4b6e-9960-a789a8370fdf",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.429055Z",
+ "modified": "2024-08-02T17:12:32.429055Z",
+ "name": "Discourage",
+ "description": "To make a target disinclined or reluctant to act. Manipulators use disinformation to cause targets to question the utility, legality, or morality of taking an action. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0139.001.md",
+ "external_id": "T0139.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d615efdc-7296-4254-90f5-99d2986d97fa.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d615efdc-7296-4254-90f5-99d2986d97fa.json
index 36f0df4..017d855 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d615efdc-7296-4254-90f5-99d2986d97fa.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d615efdc-7296-4254-90f5-99d2986d97fa.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f30f110f-e961-42e4-8860-7d669c49f406",
+ "id": "bundle--ed140e16-fef1-4b95-a330-04a151e374de",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d615efdc-7296-4254-90f5-99d2986d97fa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.276393Z",
- "modified": "2023-09-28T21:25:13.276393Z",
+ "created": "2024-08-02T17:12:32.412541Z",
+ "modified": "2024-08-02T17:12:32.412541Z",
"name": "Exploit Platform TOS/Content Moderation",
"description": "Exploit Platform TOS/Content Moderation",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d65af8b6-91ce-490e-8978-014ff995a2ac.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d65af8b6-91ce-490e-8978-014ff995a2ac.json
index 43e5a84..92221da 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d65af8b6-91ce-490e-8978-014ff995a2ac.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d65af8b6-91ce-490e-8978-014ff995a2ac.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--1c171b0d-279e-4c8c-a34a-04d3e5ae149b",
+ "id": "bundle--e4fca68b-0103-4f6c-a0ca-e37f3cfa6074",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d65af8b6-91ce-490e-8978-014ff995a2ac",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.274512Z",
- "modified": "2023-09-28T21:25:13.274512Z",
+ "created": "2024-08-02T17:12:32.410935Z",
+ "modified": "2024-08-02T17:12:32.410935Z",
"name": "Delete Opposing Content",
"description": "Deleting opposing content refers to the removal of content that conflicts with operational narratives from selected platforms. An influence operation may delete opposing content to censor contradictory information from the target audience, allowing operation narratives to take priority in the information space.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d6681707-afcc-4656-91ca-779bc303d944.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d6681707-afcc-4656-91ca-779bc303d944.json
new file mode 100644
index 0000000..e487b2a
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d6681707-afcc-4656-91ca-779bc303d944.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--e279aad0-5e26-4c71-9be4-5b02c3dd0dcf",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d6681707-afcc-4656-91ca-779bc303d944",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.359885Z",
+ "modified": "2024-08-02T17:12:32.359885Z",
+ "name": "Ideological Advantage",
+ "description": "Favourable position domestically or internationally in the market for ideas, beliefs, and world views. Competition plays out among faith systems, political systems, and value systems. It can involve sub-national, national or supra-national movements. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-strategy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.004.md",
+ "external_id": "T0074.004"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d696b89b-9686-42ff-b3c4-5a4d5ecaa17a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d696b89b-9686-42ff-b3c4-5a4d5ecaa17a.json
index 0797441..f3457a0 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d696b89b-9686-42ff-b3c4-5a4d5ecaa17a.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d696b89b-9686-42ff-b3c4-5a4d5ecaa17a.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--0e6424ec-4e04-4e9b-81d9-02f02b9e1436",
+ "id": "bundle--e316f4a2-fc1a-4902-893c-17259754d032",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d696b89b-9686-42ff-b3c4-5a4d5ecaa17a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.21355Z",
- "modified": "2023-09-28T21:25:13.21355Z",
+ "created": "2024-08-02T17:12:32.354685Z",
+ "modified": "2024-08-02T17:12:32.354685Z",
"name": "Degrade Adversary",
"description": "Plan to degrade an adversary\u2019s image or ability to act. This could include preparation and use of harmful information about the adversary\u2019s actions or reputation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d9381123-f2ef-419a-b895-8f2147e26b15.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d9381123-f2ef-419a-b895-8f2147e26b15.json
new file mode 100644
index 0000000..a504fa6
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--d9381123-f2ef-419a-b895-8f2147e26b15.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--975a0eb6-22c5-47ab-ba85-f665600d38c8",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--d9381123-f2ef-419a-b895-8f2147e26b15",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.386986Z",
+ "modified": "2024-08-02T17:12:32.386986Z",
+ "name": "Expert Persona",
+ "description": "A person with an expert persona presents themselves as having expertise or experience in a field. Commonly the persona\u2019s expertise will be called upon to add credibility to a given narrative.
While presenting as an expert is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as experts. Threat actors can fabricate experts (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate experts (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can make mistakes, use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an expert to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.107: Researcher Persona: People who present as experts may also present as conducting or having conducted research into their specialist subject. T0097.204: Think Tank Persona: People with an expert persona may present as being part of a think tank.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.108.md",
+ "external_id": "T0097.108"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da4ae172-c8c8-4eb1-bc03-c5198624c8a2.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da4ae172-c8c8-4eb1-bc03-c5198624c8a2.json
index 4845398..35e0c27 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da4ae172-c8c8-4eb1-bc03-c5198624c8a2.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da4ae172-c8c8-4eb1-bc03-c5198624c8a2.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--cc458a26-a004-4463-a6a4-e173f0fa2ced",
+ "id": "bundle--363c0950-5bd4-40f9-bc9b-bb371936df3b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--da4ae172-c8c8-4eb1-bc03-c5198624c8a2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.262725Z",
- "modified": "2023-09-28T21:25:13.262725Z",
+ "created": "2024-08-02T17:12:32.404483Z",
+ "modified": "2024-08-02T17:12:32.404483Z",
"name": "Consumer Review Networks",
"description": "Platforms for finding, reviewing, and sharing information about brands, products, services, restaurants, travel destinations, etc. Examples include Yelp, TripAdvisor, etc.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da5fb984-37a6-4152-a078-e2af40c0844f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da5fb984-37a6-4152-a078-e2af40c0844f.json
index 6ce4707..ca57400 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da5fb984-37a6-4152-a078-e2af40c0844f.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--da5fb984-37a6-4152-a078-e2af40c0844f.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d0d8a13e-21cb-4923-a3d5-75bb95aa8dc9",
+ "id": "bundle--c94455c5-7eb7-4b00-ba5e-1aba46b70272",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--da5fb984-37a6-4152-a078-e2af40c0844f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.280677Z",
- "modified": "2023-09-28T21:25:13.280677Z",
+ "created": "2024-08-02T17:12:32.416284Z",
+ "modified": "2024-08-02T17:12:32.416284Z",
"name": "Deny Involvement",
"description": "Without \"smoking gun\" proof (and even with proof), incident creator can or will deny involvement. This technique also leverages the attacker advantages outlined in \"Demand insurmountable proof\", specifically the asymmetric disadvantage for truth-tellers in a \"firehose of misinformation\" environment.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db93e285-c516-40b0-bb5a-36bbaf5c08b9.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db93e285-c516-40b0-bb5a-36bbaf5c08b9.json
index d740570..e135791 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db93e285-c516-40b0-bb5a-36bbaf5c08b9.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db93e285-c516-40b0-bb5a-36bbaf5c08b9.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--c8ff294a-e87b-48e0-99e9-6e0c7aac17d1",
+ "id": "bundle--bcce6c50-4def-4f15-afed-c0e040e9d18f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--db93e285-c516-40b0-bb5a-36bbaf5c08b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.24082Z",
- "modified": "2023-09-28T21:25:13.24082Z",
+ "created": "2024-08-02T17:12:32.377614Z",
+ "modified": "2024-08-02T17:12:32.377614Z",
"name": "Create Cyborg Accounts",
"description": "Cyborg accounts refer to partly manned, partly automated social media accounts. Cyborg accounts primarily act as bots, but a human operator periodically takes control of the account to engage with real social media users by responding to comments and posting original content. Influence operations may use cyborg accounts to reduce the amount of direct human input required to maintain a regular account but increase the apparent legitimacy of the cyborg account by occasionally breaking its bot-like behaviour with human interaction.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db9eafc0-261b-48d0-97a2-1c92dcb4026a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db9eafc0-261b-48d0-97a2-1c92dcb4026a.json
index dd308ca..ff8f101 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db9eafc0-261b-48d0-97a2-1c92dcb4026a.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--db9eafc0-261b-48d0-97a2-1c92dcb4026a.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9a159563-ed34-4c87-b36c-3d45dfd98874",
+ "id": "bundle--e359f323-60e9-44f4-97fe-ebbdf40e5f50",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--db9eafc0-261b-48d0-97a2-1c92dcb4026a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.264206Z",
- "modified": "2023-09-28T21:25:13.264206Z",
+ "created": "2024-08-02T17:12:32.405072Z",
+ "modified": "2024-08-02T17:12:32.405072Z",
"name": "TV",
"description": "TV",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--dd415f9d-ce3a-44c6-9237-f8ceeb52a6a3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--dd415f9d-ce3a-44c6-9237-f8ceeb52a6a3.json
index 8c69dd7..eae7c1e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--dd415f9d-ce3a-44c6-9237-f8ceeb52a6a3.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--dd415f9d-ce3a-44c6-9237-f8ceeb52a6a3.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--0028f8f2-2029-4674-899e-08cc2df5b923",
+ "id": "bundle--36bdfb84-9611-4c1b-9154-00975f05c0d8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--dd415f9d-ce3a-44c6-9237-f8ceeb52a6a3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.283543Z",
- "modified": "2023-09-28T21:25:13.283543Z",
+ "created": "2024-08-02T17:12:32.417055Z",
+ "modified": "2024-08-02T17:12:32.417055Z",
"name": "Misattribute Activity",
"description": "Misattributed activity refers to incorrectly attributed operation activity. For example, a state sponsored influence operation may conduct operation activity in a way that mimics another state so that external entities misattribute activity to the incorrect state. An operation may misattribute their activities to complicate attribution, avoid detection, or frame an adversary for negative behaviour.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc4a9e6-a371-4f16-91b6-c71139a154ce.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc4a9e6-a371-4f16-91b6-c71139a154ce.json
index 0b671e1..c8a492e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc4a9e6-a371-4f16-91b6-c71139a154ce.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc4a9e6-a371-4f16-91b6-c71139a154ce.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--936cc62f-49d5-42cc-a50d-c254338bdac3",
+ "id": "bundle--a1e9e1a9-51a2-4fa0-8f7a-eff63f4d773e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ddc4a9e6-a371-4f16-91b6-c71139a154ce",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.273783Z",
- "modified": "2023-09-28T21:25:13.273783Z",
+ "created": "2024-08-02T17:12:32.409853Z",
+ "modified": "2024-08-02T17:12:32.409853Z",
"name": "Use Contests and Prizes",
"description": "Use Contests and Prizes",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc9d571-88a9-4246-bbbf-075bfed721f8.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc9d571-88a9-4246-bbbf-075bfed721f8.json
index 405db8d..e2ea7c0 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc9d571-88a9-4246-bbbf-075bfed721f8.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ddc9d571-88a9-4246-bbbf-075bfed721f8.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--5dc19d43-3858-4fb8-9aef-a4ecc7975c57",
+ "id": "bundle--e6f59b47-3d6c-4939-a2f9-2a17b3831a20",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ddc9d571-88a9-4246-bbbf-075bfed721f8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.212859Z",
- "modified": "2023-09-28T21:25:13.212859Z",
+ "created": "2024-08-02T17:12:32.353767Z",
+ "modified": "2024-08-02T17:12:32.353767Z",
"name": "Sell Merchandise",
"description": "Sell mechandise refers to getting the message or narrative into physical space in the offline world while making money",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--dde28850-4198-4223-81b5-ff9b30b4e04f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--dde28850-4198-4223-81b5-ff9b30b4e04f.json
new file mode 100644
index 0000000..ba2393f
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--dde28850-4198-4223-81b5-ff9b30b4e04f.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--3d59d219-dc61-4b98-856c-4866476e5312",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--dde28850-4198-4223-81b5-ff9b30b4e04f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.385665Z",
+ "modified": "2024-08-02T17:12:32.385665Z",
+ "name": "Military Personnel Persona",
+ "description": "A person with a military personnel persona presents themselves as a serving member or veteran of a military organisation operating in an official capacity on behalf of a government.
While presenting as military personnel is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as military personnel. Threat actors can fabricate military personnel (T0143.002: Fabricated Persona, T0097.105: Military Personnel Persona) to pose as experts on military topics, or to discredit geopolitical adversaries by pretending to be one of their military personnel and spreading discontent.
People who have legitimately developed a military persona (T0143.001: Authentic Persona, T0097.105: Military Personnel Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a member of the military to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.105.md",
+ "external_id": "T0097.105"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--deb9a225-0803-4a1f-b37b-3a10c3e7ca79.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--deb9a225-0803-4a1f-b37b-3a10c3e7ca79.json
index 43e8385..8209a9e 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--deb9a225-0803-4a1f-b37b-3a10c3e7ca79.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--deb9a225-0803-4a1f-b37b-3a10c3e7ca79.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f5fb276b-1487-426d-8190-8184c5005759",
+ "id": "bundle--c08f9446-50a2-4f22-84de-162e7ac6c3a4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--deb9a225-0803-4a1f-b37b-3a10c3e7ca79",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.281952Z",
- "modified": "2023-09-28T21:25:13.281952Z",
+ "created": "2024-08-02T17:12:32.416479Z",
+ "modified": "2024-08-02T17:12:32.416479Z",
"name": "Delete Accounts/Account Activity",
"description": "Deleting accounts and account activity occurs when an influence operation removes its online social media assets, including social media accounts, posts, likes, comments, and other online artefacts. An influence operation may delete its accounts and account activity to complicate attribution or remove online documentation that the operation ever occurred.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--df5189cc-29b5-41d1-a20f-bd641f5946be.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--df5189cc-29b5-41d1-a20f-bd641f5946be.json
new file mode 100644
index 0000000..aa03db7
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--df5189cc-29b5-41d1-a20f-bd641f5946be.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--cbfbbb44-2808-4b40-98fe-4f67f6484ddf",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--df5189cc-29b5-41d1-a20f-bd641f5946be",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.371835Z",
+ "modified": "2024-08-02T17:12:32.371835Z",
+ "name": "Develop Book",
+ "description": "Produce text content in the form of a book.\u00a0
This technique covers both e-books and physical books, however, the former is more easily deployed by threat actors given the lower cost to develop.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "develop-content"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.005.md",
+ "external_id": "T0085.005"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--df9f74e6-1a56-4515-910e-d58a386bbf1f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--df9f74e6-1a56-4515-910e-d58a386bbf1f.json
new file mode 100644
index 0000000..4b97080
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--df9f74e6-1a56-4515-910e-d58a386bbf1f.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--237d3da3-1228-4079-a59d-3636266cf63b",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--df9f74e6-1a56-4515-910e-d58a386bbf1f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.433467Z",
+ "modified": "2024-08-02T17:12:32.433467Z",
+ "name": "Illustrated Character Account Imagery",
+ "description": "A cartoon/illustrated/anime character used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
People sometimes legitimately use images of illustrated characters as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-assets"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.005.md",
+ "external_id": "T0145.005"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0acfceb-4541-438f-ba33-734f9a666c7d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0acfceb-4541-438f-ba33-734f9a666c7d.json
index 9b432de..afbe0e1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0acfceb-4541-438f-ba33-734f9a666c7d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0acfceb-4541-438f-ba33-734f9a666c7d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--83472169-1104-44ab-8c40-3d22590924b2",
+ "id": "bundle--4da55a9f-6cf6-4dba-9253-6e20b2ce2935",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e0acfceb-4541-438f-ba33-734f9a666c7d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.195756Z",
- "modified": "2023-09-28T21:25:13.195756Z",
+ "created": "2024-08-02T17:12:32.335938Z",
+ "modified": "2024-08-02T17:12:32.335938Z",
"name": "Create Hashtags and Search Artefacts",
"description": "Create one or more hashtags and/or hashtag groups. Many incident-based campaigns will create hashtags to promote their fabricated event. Creating a hashtag for an incident can have two important effects: 1. Create a perception of reality around an event. Certainly only \"real\" events would be discussed in a hashtag. After all, the event has a name!, and 2. Publicise the story more widely through trending lists and search behaviour. Asset needed to direct/control/manage \"conversation\" connected to launching new incident/campaign with new hashtag for applicable social media sites).",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0b7c795-eae2-4494-a3c9-52bc68c6df06.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0b7c795-eae2-4494-a3c9-52bc68c6df06.json
index 23de6ff..1c7a77d 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0b7c795-eae2-4494-a3c9-52bc68c6df06.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0b7c795-eae2-4494-a3c9-52bc68c6df06.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--0fd36e6c-bf7f-4bb3-9412-220b3c84823a",
+ "id": "bundle--4b25cc5d-6431-4fb2-9211-773b32b42f6d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e0b7c795-eae2-4494-a3c9-52bc68c6df06",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.195612Z",
- "modified": "2023-09-28T21:25:13.195612Z",
+ "created": "2024-08-02T17:12:32.335744Z",
+ "modified": "2024-08-02T17:12:32.335744Z",
"name": "Raise Funds from Ignorant Agents",
"description": "Raising funds from ignorant agents may include scams, donations intended for one stated purpose but then used for another, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0f07568-5a2b-429d-94b9-b1ff3c17adea.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0f07568-5a2b-429d-94b9-b1ff3c17adea.json
index 4c70975..6d47cff 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0f07568-5a2b-429d-94b9-b1ff3c17adea.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0f07568-5a2b-429d-94b9-b1ff3c17adea.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9490e61c-6abf-46dd-81c3-2fa54fe2559b",
+ "id": "bundle--0f518362-e7ce-4296-bd55-9cba5a40c9c0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e0f07568-5a2b-429d-94b9-b1ff3c17adea",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.250542Z",
- "modified": "2023-09-28T21:25:13.250542Z",
+ "created": "2024-08-02T17:12:32.393803Z",
+ "modified": "2024-08-02T17:12:32.393803Z",
"name": "Create Inauthentic News Sites",
"description": "Create Inauthentic News Sites",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e22e3d7d-40fc-4a5e-8d6c-d528b9f78e8e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e22e3d7d-40fc-4a5e-8d6c-d528b9f78e8e.json
index 0850163..c50ac72 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e22e3d7d-40fc-4a5e-8d6c-d528b9f78e8e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e22e3d7d-40fc-4a5e-8d6c-d528b9f78e8e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d341052e-6550-4dd9-8b48-2f54f7e02bff",
+ "id": "bundle--d0bcb4be-6d94-4139-ae4f-bacf5f909305",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e22e3d7d-40fc-4a5e-8d6c-d528b9f78e8e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.275468Z",
- "modified": "2023-09-28T21:25:13.275468Z",
+ "created": "2024-08-02T17:12:32.411758Z",
+ "modified": "2024-08-02T17:12:32.411758Z",
"name": "Suppress Opposition",
"description": "Operators can suppress the opposition by exploiting platform content moderation tools and processes like reporting non-violative content to platforms for takedown and goading opposition actors into taking actions that result in platform action or target audience disapproval.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e27cf6aa-69bc-434b-ac68-b0164d0b3421.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e27cf6aa-69bc-434b-ac68-b0164d0b3421.json
index e0e9b4c..3d58c98 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e27cf6aa-69bc-434b-ac68-b0164d0b3421.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e27cf6aa-69bc-434b-ac68-b0164d0b3421.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--2820078e-14f2-484a-95dc-3d09835d11ff",
+ "id": "bundle--0373e42e-524d-4a1b-8892-ac36649c47cd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e27cf6aa-69bc-434b-ac68-b0164d0b3421",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.229867Z",
- "modified": "2023-09-28T21:25:13.229867Z",
+ "created": "2024-08-02T17:12:32.370006Z",
+ "modified": "2024-08-02T17:12:32.370006Z",
"name": "Appropriate Content",
"description": "An influence operation may take content from other sources with proper attribution. This content may be either misinformation content shared by others without malicious intent but now leveraged by the campaign as disinformation or disinformation content from other sources. Examples include the appropriation of content from one inauthentic news site to another inauthentic news site or network in ways that align with the originators licencing or terms of service.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e41b04e4-b8c2-4f66-93d7-c148f3378008.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e41b04e4-b8c2-4f66-93d7-c148f3378008.json
new file mode 100644
index 0000000..f8540ee
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e41b04e4-b8c2-4f66-93d7-c148f3378008.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--b3b188d6-3ac7-4529-b27b-95edf54abad9",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--e41b04e4-b8c2-4f66-93d7-c148f3378008",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.38815Z",
+ "modified": "2024-08-02T17:12:32.38815Z",
+ "name": "Government Official Persona",
+ "description": "A person who presents as an active or previous government official has the government official persona. These are officials serving in government, such as heads of government departments, leaders of countries, and members of government selected to represent constituents.
Presenting as a government official is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in government to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.111: Government Official Persona). They may also impersonate existing members of government (T0143.003: Impersonated Persona, T0097.111: Government Official Persona).
Legitimate government officials could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.111: Government Official Persona). For example, a government official could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.110: Party Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a political party.\u00a0
Not all government officials are political party officials (such as outside experts brought into government) and not all political party officials are government officials (such as people standing for office who are not yet working in government).
T0097.206: Government Institution Persona: People presenting as members of a government may also represent a government institution which they are associated with.
T0097.112: Government Employee Persona: Analysts should use this sub-technique to document people presenting as professionals hired to serve in government institutions and departments, not officials selected to represent constituents, or assigned official roles in government (such as heads of departments).",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.111.md",
+ "external_id": "T0097.111"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e47ae747-d83d-433d-a69a-f6d0970fed5e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e47ae747-d83d-433d-a69a-f6d0970fed5e.json
index 3f92df0..3136bf1 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e47ae747-d83d-433d-a69a-f6d0970fed5e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e47ae747-d83d-433d-a69a-f6d0970fed5e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--11022964-a69e-4a5e-afa1-356b0aff36c9",
+ "id": "bundle--318a9d2c-9acb-49ee-8d47-9b3d7aa02425",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e47ae747-d83d-433d-a69a-f6d0970fed5e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.208935Z",
- "modified": "2023-09-28T21:25:13.208935Z",
+ "created": "2024-08-02T17:12:32.345613Z",
+ "modified": "2024-08-02T17:12:32.345613Z",
"name": "Harass People Based on Identities",
"description": "Examples include social identities like gender, sexuality, race, ethnicity, religion, ability, nationality, etc. as well as roles and occupations like journalist or activist.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e4ad5ad8-f52d-48a0-8fce-33157f885a3e.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e4ad5ad8-f52d-48a0-8fce-33157f885a3e.json
index 2a73709..235c49d 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e4ad5ad8-f52d-48a0-8fce-33157f885a3e.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e4ad5ad8-f52d-48a0-8fce-33157f885a3e.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--4c885d9a-e5e9-4dc3-ab63-3fe9f3acf87b",
+ "id": "bundle--26ff4cfa-6206-476b-9995-7fa1090f8ef5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e4ad5ad8-f52d-48a0-8fce-33157f885a3e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.233879Z",
- "modified": "2023-09-28T21:25:13.233879Z",
+ "created": "2024-08-02T17:12:32.374513Z",
+ "modified": "2024-08-02T17:12:32.374513Z",
"name": "Deceptively Edit Images (Cheap Fakes)",
"description": "Cheap fakes utilise less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e4ea9ed6-b158-4cdc-95c2-749383d2a388.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e4ea9ed6-b158-4cdc-95c2-749383d2a388.json
new file mode 100644
index 0000000..2a298f4
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e4ea9ed6-b158-4cdc-95c2-749383d2a388.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--3f63454f-6557-4761-9c39-7da473c155e2",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--e4ea9ed6-b158-4cdc-95c2-749383d2a388",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.386542Z",
+ "modified": "2024-08-02T17:12:32.386542Z",
+ "name": "Researcher Persona",
+ "description": "A person with a researcher persona presents themselves as conducting research (e.g. for academic institutions, or think tanks), or having previously conducted research.
While presenting as a researcher is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as researchers. Threat actors can fabricate researchers (T0143.002: Fabricated Persona, T0097.107: Researcher Persona) to add credibility to their narratives.
People who are legitimate researchers (T0143.001: Authentic Persona, T0097.107: Researcher Persona) can use their persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a Researcher to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.204: Think Tank Persona: People with a researcher persona may present as being part of a think tank. T0097.108: Expert Persona: People who present as researching a given topic are likely to also present as having expertise in the area.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.107.md",
+ "external_id": "T0097.107"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e60f54a3-9972-43b8-8359-ee21d781acae.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e60f54a3-9972-43b8-8359-ee21d781acae.json
index 25ae1bc..0062755 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e60f54a3-9972-43b8-8359-ee21d781acae.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e60f54a3-9972-43b8-8359-ee21d781acae.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9d66dc2a-8e13-4735-b5c7-c058fa686cf2",
+ "id": "bundle--a1ebb9d0-8c55-4dae-b7c7-65a194fb844c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e60f54a3-9972-43b8-8359-ee21d781acae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.236836Z",
- "modified": "2023-09-28T21:25:13.236836Z",
+ "created": "2024-08-02T17:12:32.376186Z",
+ "modified": "2024-08-02T17:12:32.376186Z",
"name": "Develop AI-Generated Audio (Deepfakes)",
"description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e6ab2793-a059-4354-bb60-045afb019833.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e6ab2793-a059-4354-bb60-045afb019833.json
index 401bad1..b98479b 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e6ab2793-a059-4354-bb60-045afb019833.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e6ab2793-a059-4354-bb60-045afb019833.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--e556b6e0-4c8d-4d7f-ae51-7b9f0d625217",
+ "id": "bundle--bc079bd9-c79a-4160-a848-16274673a308",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e6ab2793-a059-4354-bb60-045afb019833",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.21116Z",
- "modified": "2023-09-28T21:25:13.21116Z",
+ "created": "2024-08-02T17:12:32.349745Z",
+ "modified": "2024-08-02T17:12:32.349745Z",
"name": "Bots Amplify via Automated Forwarding and Reposting",
"description": "Automated forwarding and reposting refer to the proliferation of operation content using automated means, such as artificial intelligence or social media bots. An influence operation may use automated activity to increase content exposure without dedicating the resources, including personnel and time, traditionally required to forward and repost content. Use bots to amplify narratives above algorithm thresholds. Bots are automated/programmed profiles designed to amplify content (ie: automatically retweet or like) and give appearance it's more \"popular\" than it is. They can operate as a network, to function in a coordinated/orchestrated manner. In some cases (more so now) they are an inexpensive/disposable assets used for minimal deployment as bot detection tools improve and platforms are more responsive.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e7b62982-106f-4234-9545-9466c687d1b5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e7b62982-106f-4234-9545-9466c687d1b5.json
index df8eb64..64002b2 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e7b62982-106f-4234-9545-9466c687d1b5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--e7b62982-106f-4234-9545-9466c687d1b5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d2749ee7-7179-48c3-998d-43b21534cef2",
+ "id": "bundle--0a531c75-af81-4699-b26d-d47b9c7eea5a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e7b62982-106f-4234-9545-9466c687d1b5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.280391Z",
- "modified": "2023-09-28T21:25:13.280391Z",
+ "created": "2024-08-02T17:12:32.415971Z",
+ "modified": "2024-08-02T17:12:32.415971Z",
"name": "Coordinate on Encrypted/Closed Networks",
"description": "Coordinate on encrypted/ closed networks",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea0d5988-af73-4b09-8040-7bb2fbadaa3c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea0d5988-af73-4b09-8040-7bb2fbadaa3c.json
index 8ee9dea..5c46364 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea0d5988-af73-4b09-8040-7bb2fbadaa3c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea0d5988-af73-4b09-8040-7bb2fbadaa3c.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--f5e16a97-95c6-427c-b091-5a1aa3753b3e",
+ "id": "bundle--d22c737c-dced-49a1-9a0a-2dfc54d1f164",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ea0d5988-af73-4b09-8040-7bb2fbadaa3c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.198581Z",
- "modified": "2023-09-28T21:25:13.198581Z",
+ "created": "2024-08-02T17:12:32.337504Z",
+ "modified": "2024-08-02T17:12:32.337504Z",
"name": "Trial Content",
"description": "Iteratively test incident performance (messages, content etc), e.g. A/B test headline/content enagagement metrics; website and/or funding campaign conversion rates",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea762d7a-8852-4d91-b44f-4754aa079313.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea762d7a-8852-4d91-b44f-4754aa079313.json
index bdd84af..5274b4a 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea762d7a-8852-4d91-b44f-4754aa079313.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea762d7a-8852-4d91-b44f-4754aa079313.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--99fac1cb-a119-4923-9e74-a6858ad3e7a5",
+ "id": "bundle--90036e2f-d5b0-477f-b401-53a369ff8b3d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ea762d7a-8852-4d91-b44f-4754aa079313",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.282986Z",
- "modified": "2023-09-28T21:25:13.282986Z",
+ "created": "2024-08-02T17:12:32.41687Z",
+ "modified": "2024-08-02T17:12:32.41687Z",
"name": "Remove Post Origins",
"description": "Removing post origins refers to the elimination of evidence that indicates the initial source of operation content, often to complicate attribution. An influence operation may remove post origins by deleting watermarks, renaming files, or removing embedded links in its content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea788455-90c6-4f47-97b1-862d30ef7d12.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea788455-90c6-4f47-97b1-862d30ef7d12.json
index b52dddd..fff8a96 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea788455-90c6-4f47-97b1-862d30ef7d12.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ea788455-90c6-4f47-97b1-862d30ef7d12.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--4dd79d38-b18a-4b1f-b601-740c6893c9a0",
+ "id": "bundle--d19f670c-e76b-4367-ae8b-7909a0356a2d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ea788455-90c6-4f47-97b1-862d30ef7d12",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.199178Z",
- "modified": "2023-09-28T21:25:13.199178Z",
+ "created": "2024-08-02T17:12:32.337907Z",
+ "modified": "2024-08-02T17:12:32.337907Z",
"name": "Leverage Conspiracy Theory Narratives",
"description": "\"Conspiracy narratives\" appeal to the human desire for explanatory order, by invoking the participation of poweful (often sinister) actors in pursuit of their own political goals. These narratives are especially appealing when an audience is low-information, marginalised or otherwise inclined to reject the prevailing explanation. Conspiracy narratives are an important component of the \"firehose of falsehoods\" model.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb037d2a-82a7-4bcb-bffd-e7791de21d1c.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb037d2a-82a7-4bcb-bffd-e7791de21d1c.json
index 9b2e52b..7c734f4 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb037d2a-82a7-4bcb-bffd-e7791de21d1c.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb037d2a-82a7-4bcb-bffd-e7791de21d1c.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--de727a3f-959f-4171-a484-ec5ae2adca13",
+ "id": "bundle--3b976a3c-a0a7-4500-a605-904940bc13ab",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--eb037d2a-82a7-4bcb-bffd-e7791de21d1c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.279929Z",
- "modified": "2023-09-28T21:25:13.279929Z",
+ "created": "2024-08-02T17:12:32.415366Z",
+ "modified": "2024-08-02T17:12:32.415366Z",
"name": "Generate Content Unrelated to Narrative",
"description": "An influence operation may mix its own operation content with legitimate news or external unrelated content to disguise operational objectives, narratives, or existence. For example, an operation may generate \"lifestyle\" or \"cuisine\" content alongside regular operation content.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb63894c-aad1-47f0-98ee-0fa5e07ed3f3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb63894c-aad1-47f0-98ee-0fa5e07ed3f3.json
index 726f3c6..6663cfc 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb63894c-aad1-47f0-98ee-0fa5e07ed3f3.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb63894c-aad1-47f0-98ee-0fa5e07ed3f3.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--3769fb81-89fd-406d-b23c-4b6dc06b29ce",
+ "id": "bundle--a90e665c-0e5a-4617-b44c-c3c5c1cf0cb0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--eb63894c-aad1-47f0-98ee-0fa5e07ed3f3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.200222Z",
- "modified": "2023-09-28T21:25:13.200222Z",
+ "created": "2024-08-02T17:12:32.341849Z",
+ "modified": "2024-08-02T17:12:32.341849Z",
"name": "Develop Original Conspiracy Theory Narratives",
"description": "While this requires more resources than amplifying existing conspiracy theory narratives, an influence operation may develop original conspiracy theory narratives in order to achieve greater control and alignment over the narrative and their campaign goals. Prominent examples include the USSR's Operation INFEKTION disinformation campaign run by the KGB in the 1980s to plant the idea that the United States had invented HIV/AIDS as part of a biological weapons research project at Fort Detrick, Maryland. More recently, Fort Detrick featured prominently in a new conspiracy theory narratives around the origins of the COVID-19 outbreak and pandemic.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb66afed-6c29-4947-a422-c380c5caeda5.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb66afed-6c29-4947-a422-c380c5caeda5.json
index f96df27..7225afb 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb66afed-6c29-4947-a422-c380c5caeda5.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb66afed-6c29-4947-a422-c380c5caeda5.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--d7169852-a0a8-4aa1-a31c-940f1e6300c5",
+ "id": "bundle--cb8a96cd-1f04-4b73-9c3d-1e9e2451b61a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--eb66afed-6c29-4947-a422-c380c5caeda5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.264749Z",
- "modified": "2023-09-28T21:25:13.264749Z",
+ "created": "2024-08-02T17:12:32.405316Z",
+ "modified": "2024-08-02T17:12:32.405316Z",
"name": "Newspaper",
"description": "Newspaper",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb67513e-b6e8-42e1-a95b-197f64c21588.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb67513e-b6e8-42e1-a95b-197f64c21588.json
index b9a0f23..fe5875c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb67513e-b6e8-42e1-a95b-197f64c21588.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eb67513e-b6e8-42e1-a95b-197f64c21588.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--0dd5363a-3f7f-4d84-9077-3e1b1ba601f6",
+ "id": "bundle--7666e7aa-19d6-4697-ac65-e802781c1d28",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--eb67513e-b6e8-42e1-a95b-197f64c21588",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.279479Z",
- "modified": "2023-09-28T21:25:13.279479Z",
+ "created": "2024-08-02T17:12:32.415225Z",
+ "modified": "2024-08-02T17:12:32.415225Z",
"name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ec8424e6-c7de-4543-b943-f0c4cc9ac63d.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ec8424e6-c7de-4543-b943-f0c4cc9ac63d.json
index 63e9fff..7d1b0bb 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ec8424e6-c7de-4543-b943-f0c4cc9ac63d.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ec8424e6-c7de-4543-b943-f0c4cc9ac63d.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--5a61b038-2b91-4fa8-920d-12d91c0a17e6",
+ "id": "bundle--6097cd10-6aad-43f7-9183-191bb46d9d19",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ec8424e6-c7de-4543-b943-f0c4cc9ac63d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.238381Z",
- "modified": "2023-09-28T21:25:13.238381Z",
+ "created": "2024-08-02T17:12:32.376796Z",
+ "modified": "2024-08-02T17:12:32.376796Z",
"name": "Obtain Authentic Documents",
"description": "Procure authentic documents that are not publicly available, by whatever means -- whether legal or illegal, highly-resourced or less so. These documents can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ee594da3-8999-481e-90b3-e8c2e965ae28.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ee594da3-8999-481e-90b3-e8c2e965ae28.json
new file mode 100644
index 0000000..b3955f8
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ee594da3-8999-481e-90b3-e8c2e965ae28.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--9b60f356-1a61-4812-9e32-e7bbe66bc351",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--ee594da3-8999-481e-90b3-e8c2e965ae28",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.42446Z",
+ "modified": "2024-08-02T17:12:32.42446Z",
+ "name": "Cultvate Support for Initiative",
+ "description": "Elevate or fortify the public backing for a policy, operation, or idea. Domestic and foreign actors can use artificial means to fabricate or amplify public support for a proposal or action. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.005.md",
+ "external_id": "T0136.005"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eef34262-0822-4727-83f5-2e608babc396.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eef34262-0822-4727-83f5-2e608babc396.json
index fe1183f..1d7d753 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eef34262-0822-4727-83f5-2e608babc396.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--eef34262-0822-4727-83f5-2e608babc396.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--468bacd2-f967-4259-8fbb-42324bd38b02",
+ "id": "bundle--7c67f841-9fdb-4a33-ad46-0cb973b1dad8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--eef34262-0822-4727-83f5-2e608babc396",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.196666Z",
- "modified": "2023-09-28T21:25:13.196666Z",
+ "created": "2024-08-02T17:12:32.336982Z",
+ "modified": "2024-08-02T17:12:32.336982Z",
"name": "Purchase Targeted Advertisements",
"description": "Create or fund advertisements targeted at specific populations",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ef3dcdcd-bd97-48e0-9d15-3e482a72c979.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ef3dcdcd-bd97-48e0-9d15-3e482a72c979.json
index 74fa99a..7a39e57 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ef3dcdcd-bd97-48e0-9d15-3e482a72c979.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--ef3dcdcd-bd97-48e0-9d15-3e482a72c979.json
@@ -1,20 +1,20 @@
{
"type": "bundle",
- "id": "bundle--3eefd179-69a8-412e-a016-73c93f1447aa",
+ "id": "bundle--0630aceb-d155-4d23-a439-a04c789a8882",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ef3dcdcd-bd97-48e0-9d15-3e482a72c979",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.242733Z",
- "modified": "2023-09-28T21:25:13.242733Z",
+ "created": "2024-08-02T17:12:32.378944Z",
+ "modified": "2024-08-02T17:12:32.378944Z",
"name": "Enlist Troll Accounts",
"description": "An influence operation may hire trolls, or human operators of fake accounts that aim to provoke others by posting and amplifying content about controversial issues. Trolls can serve to discredit an influence operation\u2019s opposition or bring attention to the operation\u2019s cause through debate. Classic trolls refer to regular people who troll for personal reasons, such as attention-seeking or boredom. Classic trolls may advance operation narratives by coincidence but are not directly affiliated with any larger operation. Conversely, hybrid trolls act on behalf of another institution, such as a state or financial organisation, and post content with a specific ideological goal. Hybrid trolls may be highly advanced and institutionalised or less organised and work for a single individual.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
- "phase_name": "establish-social-assets"
+ "phase_name": "establish-assets"
}
],
"external_references": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f328541f-2537-4db7-8a05-1c76ed26d3eb.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f328541f-2537-4db7-8a05-1c76ed26d3eb.json
new file mode 100644
index 0000000..f5a38ff
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f328541f-2537-4db7-8a05-1c76ed26d3eb.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--1879b787-e893-47ef-b3bf-5b197bcf4b01",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--f328541f-2537-4db7-8a05-1c76ed26d3eb",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.431241Z",
+ "modified": "2024-08-02T17:12:32.431241Z",
+ "name": "Fabricated Persona",
+ "description": "An individual or institution pretending to have a persona without any legitimate claim to that persona is presenting a fabricated persona, such as a person who presents themselves as a member of a country\u2019s military without having worked in any capacity with the military (T0143.002: Fabricated Persona, T0097.105: Military Personnel).
Sometimes real people can present entirely fabricated personas; they can use real names and photos on social media while also pretending to have credentials or traits they don\u2019t have in real life.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.002.md",
+ "external_id": "T0143.002"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f601eb03-79d0-4c00-b07d-4b4647c37efd.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f601eb03-79d0-4c00-b07d-4b4647c37efd.json
index 03d576d..8b8dbca 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f601eb03-79d0-4c00-b07d-4b4647c37efd.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f601eb03-79d0-4c00-b07d-4b4647c37efd.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--bc827c4b-80b4-4b2c-abf4-183ec998f9f1",
+ "id": "bundle--4dff5d6c-9098-4000-9b9d-9be21eba61bd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f601eb03-79d0-4c00-b07d-4b4647c37efd",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.212419Z",
- "modified": "2023-09-28T21:25:13.212419Z",
+ "created": "2024-08-02T17:12:32.352658Z",
+ "modified": "2024-08-02T17:12:32.352658Z",
"name": "Conduct Symbolic Action",
"description": "Symbolic action refers to activities specifically intended to advance an operation\u2019s narrative by signalling something to the audience, for example, a military parade supporting a state\u2019s narrative of military superiority. An influence operation may use symbolic action to create falsified evidence supporting operation narratives in the physical information space.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f99e6f94-8c7d-42d7-8343-8d959643f721.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f99e6f94-8c7d-42d7-8343-8d959643f721.json
new file mode 100644
index 0000000..1b1bed1
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--f99e6f94-8c7d-42d7-8343-8d959643f721.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--38e19efb-3745-4c9d-aa99-03f0f2839e0d",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--f99e6f94-8c7d-42d7-8343-8d959643f721",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.392573Z",
+ "modified": "2024-08-02T17:12:32.392573Z",
+ "name": "NGO Persona",
+ "description": "Institutions which present themselves as an NGO (Non-Governmental Organisation), an organisation which provides services or advocates for public policy (while not being directly affiliated with any government), are presenting an NGO persona.
While presenting as an NGO is not an indication of inauthentic behaviour, NGO personas are commonly used by threat actors (such as intelligence services) as a front for their operational activity (T0143.002: Fabricated Persona, T0097.207: NGO Persona). They are created to give legitimacy to the influence operation and potentially infiltrate grassroots movements
Legitimate NGOs could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.207: NGO Persona). For example, an NGO could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques: T0097.103: Activist Persona: Institutions presenting as activist groups may also present activists working within the organisation.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.207.md",
+ "external_id": "T0097.207"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fa4e9051-46d7-45b4-a65b-9376b003ad2a.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fa4e9051-46d7-45b4-a65b-9376b003ad2a.json
new file mode 100644
index 0000000..5c95be8
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fa4e9051-46d7-45b4-a65b-9376b003ad2a.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--56ab2139-d2c6-4dda-851b-e353a4617c6b",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--fa4e9051-46d7-45b4-a65b-9376b003ad2a",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.387783Z",
+ "modified": "2024-08-02T17:12:32.387783Z",
+ "name": "Party Official Persona",
+ "description": "A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.
Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).
Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.
Associated Techniques and Sub-techniques T0097.111: Government Official Persona: Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government.\u00a0
Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party.
Some party officials won\u2019t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff).",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.110.md",
+ "external_id": "T0097.110"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--faa5450d-6d1f-4700-93bd-fd2d59a79e60.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--faa5450d-6d1f-4700-93bd-fd2d59a79e60.json
new file mode 100644
index 0000000..ea7c0d3
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--faa5450d-6d1f-4700-93bd-fd2d59a79e60.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--b78b03de-b682-4d55-a341-33c92144e388",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--faa5450d-6d1f-4700-93bd-fd2d59a79e60",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.391786Z",
+ "modified": "2024-08-02T17:12:32.391786Z",
+ "name": "Business Persona",
+ "description": "An institution with a business persona presents itself as a for-profit organisation which provides goods or services for a price.
While presenting as a business is not an indication of inauthentic behaviour, business personas may be used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.205: Business Persona).
Threat actors may also impersonate existing businesses (T0143.003: Impersonated Persona, T0097.205: Business Persona) to exploit their brand or cause reputational damage.
Legitimate businesses could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.205: Business Persona). For example, a business could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "establish-legitimacy"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.205.md",
+ "external_id": "T0097.205"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--faacbfa9-600a-4cfb-8afe-844a186d72b3.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--faacbfa9-600a-4cfb-8afe-844a186d72b3.json
new file mode 100644
index 0000000..18f6b6c
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--faacbfa9-600a-4cfb-8afe-844a186d72b3.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--ad2e4b12-4e18-415c-a1c2-aa76fa284ca4",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--faacbfa9-600a-4cfb-8afe-844a186d72b3",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.426286Z",
+ "modified": "2024-08-02T17:12:32.426286Z",
+ "name": "Generate Ad Revenue",
+ "description": "Earn income from digital advertisements published alongside inauthentic content. Conspiratorial, false, or provocative content drives internet traffic. Content owners earn money from impressions of, or clicks on, or conversions of ads published on their websites, social media profiles, or streaming services, or ads published when their content appears in search engine results. Fraudsters simulate impressions, clicks, and conversions, or they spin up inauthentic sites or social media profiles just to generate ad revenue. Conspiracy theorists and political operators generate ad revenue as a byproduct of their operation or as a means of sustaining their campaign. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.001.md",
+ "external_id": "T0137.001"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fb6f8352-c368-49a3-b7d4-f1ee5a3fb370.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fb6f8352-c368-49a3-b7d4-f1ee5a3fb370.json
index 611a939..9668f4d 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fb6f8352-c368-49a3-b7d4-f1ee5a3fb370.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fb6f8352-c368-49a3-b7d4-f1ee5a3fb370.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--9f6a7730-a0d0-4964-9d8c-d9494abda36e",
+ "id": "bundle--776f2340-1377-4bd0-806c-d0f8faba569f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--fb6f8352-c368-49a3-b7d4-f1ee5a3fb370",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.269329Z",
- "modified": "2023-09-28T21:25:13.269329Z",
+ "created": "2024-08-02T17:12:32.407338Z",
+ "modified": "2024-08-02T17:12:32.407338Z",
"name": "Post Violative Content to Provoke Takedown and Backlash",
"description": "Post Violative Content to Provoke Takedown and Backlash.",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fc986d09-410d-45ac-b4b4-161ff339147f.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fc986d09-410d-45ac-b4b4-161ff339147f.json
new file mode 100644
index 0000000..be6c21f
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fc986d09-410d-45ac-b4b4-161ff339147f.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--e19a9a90-2bdd-4dfd-b4fd-b862e2780e0f",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--fc986d09-410d-45ac-b4b4-161ff339147f",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.425208Z",
+ "modified": "2024-08-02T17:12:32.425208Z",
+ "name": "Recruit Members",
+ "description": "Motivate followers to join or subscribe as members of the team. Organisations may mount recruitment drives that use propaganda to entice sympathisers to sign up. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.007.md",
+ "external_id": "T0136.007"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fd04fba0-0e20-40f9-868d-e8effcf6dab6.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fd04fba0-0e20-40f9-868d-e8effcf6dab6.json
index 92b3fc9..f5beb2c 100644
--- a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fd04fba0-0e20-40f9-868d-e8effcf6dab6.json
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fd04fba0-0e20-40f9-868d-e8effcf6dab6.json
@@ -1,14 +1,14 @@
{
"type": "bundle",
- "id": "bundle--de1fabaa-fdff-49ae-98f7-47fd112825a9",
+ "id": "bundle--4199e72d-8919-4165-9a81-9e7dbe022331",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--fd04fba0-0e20-40f9-868d-e8effcf6dab6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
- "created": "2023-09-28T21:25:13.276552Z",
- "modified": "2023-09-28T21:25:13.276552Z",
+ "created": "2024-08-02T17:12:32.412744Z",
+ "modified": "2024-08-02T17:12:32.412744Z",
"name": "Platform Filtering",
"description": "Platform filtering refers to the decontextualization of information as claims cross platforms (from Joan Donovan https://www.hks.harvard.edu/publications/disinformation-design-use-evidence-collages-and-platform-filtering-media-manipulation)",
"kill_chain_phases": [
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fdc7e2f8-dfb1-4353-a59f-f88d3b15eee7.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fdc7e2f8-dfb1-4353-a59f-f88d3b15eee7.json
new file mode 100644
index 0000000..393e41e
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fdc7e2f8-dfb1-4353-a59f-f88d3b15eee7.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--24990453-cead-47ba-94ae-a5c06c8552bf",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--fdc7e2f8-dfb1-4353-a59f-f88d3b15eee7",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.422406Z",
+ "modified": "2024-08-02T17:12:32.422406Z",
+ "name": "Subvert",
+ "description": "Sabotage, destroy, or damage a system, process, or relationship. The classic example is the Soviet strategy of \u201cactive measures\u201d involving deniable covert activities such as political influence, the use of front organisations, the orchestration of domestic unrest, and the spread of disinformation. ",
+ "kill_chain_phases": [
+ {
+ "kill_chain_name": "mitre-attack",
+ "phase_name": "plan-objectives"
+ }
+ ],
+ "external_references": [
+ {
+ "source_name": "mitre-attack",
+ "url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0135.003.md",
+ "external_id": "T0135.003"
+ }
+ ],
+ "object_marking_refs": [
+ "marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
+ ],
+ "x_mitre_is_subtechnique": true,
+ "x_mitre_platforms": [
+ "Windows",
+ "Linux",
+ "Mac"
+ ],
+ "x_mitre_version": "2.1"
+ }
+ ]
+}
diff --git a/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fde45c5f-c612-4969-b104-d96a60e6d888.json b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fde45c5f-c612-4969-b104-d96a60e6d888.json
new file mode 100644
index 0000000..24dc9fd
--- /dev/null
+++ b/generated_files/DISARM_STIX/attack-pattern/attack-pattern--fde45c5f-c612-4969-b104-d96a60e6d888.json
@@ -0,0 +1,39 @@
+{
+ "type": "bundle",
+ "id": "bundle--6b1fab63-3a77-44bc-85c1-9884caca7655",
+ "objects": [
+ {
+ "type": "attack-pattern",
+ "spec_version": "2.1",
+ "id": "attack-pattern--fde45c5f-c612-4969-b104-d96a60e6d888",
+ "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
+ "created": "2024-08-02T17:12:32.430799Z",
+ "modified": "2024-08-02T17:12:32.430799Z",
+ "name": "Acquire Compromised Website",
+ "description": "Threat Actors may take over existing websites to publish or amplify inauthentic narratives. This includes the defacement of websites, and cases where websites\u2019 personas are maintained to add credence to threat actors\u2019 narratives.