Merge pull request #32 from DISARMFoundation/extendurls

New Version 1.5 of Red Framework: Map Disguising Assets from Meta Kill Chain and Extend Information on URLs
This commit is contained in:
adam-disarm 2024-08-06 11:26:26 +01:00 committed by GitHub
commit 4f14d5f2c9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
760 changed files with 14807 additions and 3486 deletions

View File

@ -107,6 +107,8 @@ class Disarm:
self.df_techniques = metadata['techniques']
self.df_tasks = metadata['tasks']
self.df_incidents = metadata['incidents']
self.df_urls = metadata['urls']
#self.df_urls['url_id'] = self.df_urls['url_id'].str.rstrip # strip trailing spaces from urls to allow merge to work
self.df_externalgroups = metadata['externalgroups']
self.df_tools = metadata['tools']
self.df_examples = metadata['examples']
@ -210,20 +212,44 @@ class Disarm:
GENERATED_PAGES_FUDGE, techstring)
return incidentstr
# def create_technique_counters_string(self, technique_id):
# table_string = '''
#| Counters | Response types |
#| -------- | -------------- |
#'''
# technique_counters = self.cross_counterid_techniqueid[self.cross_counterid_techniqueid['technique_id']==technique_id]
# technique_counters = pd.merge(technique_counters, self.df_counters[['disarm_id', 'name', 'responsetype']])
# row_string = '| [{0} {1}]({2}counters/{0}.md) | {3} |\n'
# for index, row in technique_counters.sort_values('disarm_id').iterrows():
# table_string += row_string.format(row['disarm_id'], row['name'], GENERATED_PAGES_FUDGE, row['responsetype'])
# return table_string
def create_incident_urls_string(self, incidentid):
urlsstr = '''
| Reference(s) |
| --------- |
| Reference | Pub Date | Authors | Org | Archive |
| --------- | -------- | ------- | --- | ------- |
'''
urlsrow = '| [{0}]({0}) |\n'
incidentid_urls = self.cross_incidentid_urls[self.cross_incidentid_urls['disarm_id']==incidentid]
incidentid_urls = pd.merge(incidentid_urls, self.df_urls[['url_id', 'pub_date', 'authors', 'org', 'archive_link']])
urlsrow = '| [{0}]({0}) | {1} | {2} | {3} | [{4}]({4}) |\n'
for index, row in incidentid_urls.iterrows():
urlsstr += urlsrow.format(row['url_id'])
urlsstr += urlsrow.format(row['url_id'], row['pub_date'], row['authors'], row['org'], row['archive_link'])
return urlsstr
#def create_incident_urls_string(self, incidentid, pub_date, authors, org, archive_link):
# urlsstr = '''
#| Reference | Pub Date | Authors | Org | Archive |
#| --------- | -------- | ------- | --- | ------- |
#'''
# urlsrow = '| [{0}]({0}) | {1} | {2} | {3} | [{4}]({4}) |\n'
# incidentid_urls = self.cross_incidentid_urls[self.cross_incidentid_urls['disarm_id']==incidentid]
# for index, row in incidentid_urls.iterrows():
# urlsstr += urlsrow.format(row['url_id'], pub_date, authors, org, archive_link)
# return urlsstr
def create_incident_techniques_string(self, incidentid):

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--d487272a-75b6-4e0e-b394-044bc153b0c5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--001e2693-c7a6-4615-b06a-90ae22d7b353",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.384802Z",
"modified": "2024-08-02T17:12:32.384802Z",
"name": "Activist Persona",
"description": "A person with an activist persona presents themselves as an activist; an individual who campaigns for a political cause, organises related events, etc.<br><br>While presenting as an activist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as activists. Threat actors can fabricate activists to give the appearance of popular support for an evolving grassroots movement (see T0143.002: Fabricated Persona, T0097.103: Activist Persona).<br><br>People who are legitimate activists can use this persona for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as an activist to provide visibility to a false narrative or be tricked into doing so without their knowledge (T0143.001: Authentic Persona, T0097.103: Activist Persona).<br><br><b>Associated Techniques and Sub-techniques</b><br><b>T0097.104: Hacktivist Persona:</b> Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as someone engaged in activism who uses technical tools and methods, including building technical infrastructure and conducting offensive cyber operations, to achieve their goals.<br><b>T0097.207: NGO Persona:</b> People with an activist persona may present as being part of an NGO.<br><b>T0097.208: Social Cause Persona:</b> Analysts should use this sub-technique to catalogue cases where an online account is presenting as posting content related to a particular social cause, while not presenting as an individual.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.103.md",
"external_id": "T0097.103"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--96866e90-4a43-44b5-ad9c-948c09670963",
"id": "bundle--217d8c4d-82ef-4208-a42a-81b437d84c93",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--00a91e2d-2e09-4e94-bae6-cef6102eae99",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.256885Z",
"modified": "2023-09-28T21:25:13.256885Z",
"created": "2024-08-02T17:12:32.39972Z",
"modified": "2024-08-02T17:12:32.39972Z",
"name": "Video Livestream",
"description": "A video livestream refers to an online video broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--7e0b8688-d125-484c-a4f9-13137341b898",
"id": "bundle--9e5d8720-341f-4d99-8e5d-fa7f245ef873",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0102376a-e896-4191-b3fb-e58188301822",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.212125Z",
"modified": "2023-09-28T21:25:13.212125Z",
"created": "2024-08-02T17:12:32.351843Z",
"modified": "2024-08-02T17:12:32.351843Z",
"name": "Organise Events",
"description": "Coordinate and promote real-world events across media platforms, e.g. rallies, protests, gatherings in support of incident narratives.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--982ee90c-dcf4-4f73-9bff-b2bb847117c0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--01ad5f44-da00-491f-84e8-3ba8da154c45",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.428281Z",
"modified": "2024-08-02T17:12:32.428281Z",
"name": "Encourage",
"description": "Inspire, animate, or exhort a target to act. An actor can use propaganda, disinformation, or conspiracy theories to stimulate a target to act in its interest. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.001.md",
"external_id": "T0138.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--6bdc0034-a9ad-43e7-91b0-c54757577c9e",
"id": "bundle--40da46c0-9a28-494e-b8a8-e22b09910e17",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.266843Z",
"modified": "2023-09-28T21:25:13.266843Z",
"created": "2024-08-02T17:12:32.406119Z",
"modified": "2024-08-02T17:12:32.406119Z",
"name": "Deliver Ads",
"description": "Delivering content via any form of paid media or advertising.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c30461e5-7fe1-4ce9-be7e-ed82782aac8c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--030976e3-fce8-434e-9ea8-a36ee2c0192e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.358684Z",
"modified": "2024-08-02T17:12:32.358684Z",
"name": "Geopolitical Advantage",
"description": "Favourable position on the international stage in terms of great power politics or regional rivalry. Geopolitics plays out in the realms of foreign policy, national security, diplomacy, and intelligence. It involves nation-state governments, heads of state, foreign ministers, intergovernmental organisations, and regional security alliances.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-strategy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.001.md",
"external_id": "T0074.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--482fef6d-55ff-4da9-a49e-ceb149aae6ea",
"id": "bundle--35be0875-c21a-44f2-be60-c3c4ee5cb39f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.273066Z",
"modified": "2023-09-28T21:25:13.273066Z",
"created": "2024-08-02T17:12:32.409015Z",
"modified": "2024-08-02T17:12:32.409015Z",
"name": "Post across Platform",
"description": "An influence operation may post content across platforms to spread narratives and content to new communities within the target audiences or to new target audiences. Posting across platforms can also remove opposition and context, helping the narrative spread with less opposition on the cross-posted platform.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--9325ea08-ba9a-444a-ab34-842dcc82d190",
"id": "bundle--63e73074-11b1-45ee-ab42-127e90ba2d27",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.201279Z",
"modified": "2023-09-28T21:25:13.201279Z",
"created": "2024-08-02T17:12:32.34226Z",
"modified": "2024-08-02T17:12:32.34226Z",
"name": "Reframe Context",
"description": "Reframing context refers to removing an event from its surrounding context to distort its intended meaning. Rather than deny that an event occurred, reframing context frames an event in a manner that may lead the target audience to draw a different conclusion about its intentions.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--2942a238-1b75-45e3-9022-ad5e15b3dd6c",
"id": "bundle--3c0daaa1-a910-4eed-9f58-91a47656c595",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.214551Z",
"modified": "2023-09-28T21:25:13.214551Z",
"created": "2024-08-02T17:12:32.355426Z",
"modified": "2024-08-02T17:12:32.355426Z",
"name": "Segment Audiences",
"description": "Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d4a83f50-42d8-434f-95a7-f36433f65d3a",
"id": "bundle--d62aacf5-75f8-439a-8dad-4cfe8232954b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0461a925-3bb7-466c-a7ae-40aee015f403",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.257984Z",
"modified": "2023-09-28T21:25:13.257984Z",
"created": "2024-08-02T17:12:32.400959Z",
"modified": "2024-08-02T17:12:32.400959Z",
"name": "Private/Closed Social Networks",
"description": "Social networks that are not open to people outside of family, friends, neighbours, or co-workers. Non-work-related examples include Couple, FamilyWall, 23snaps, and Nextdoor. Some of the larger social network platforms enable closed communities: examples are Instagram Close Friends and Twitter (X) Circle. Work-related examples of private social networks include LinkedIn, Facebook Workplace, and enterprise communication platforms such as Slack or Microsoft Teams.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--dc9ec3b1-9063-4e4b-a131-6f287ecbb2c1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0765e40a-7204-4913-b24d-6793cf4f6590",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.422204Z",
"modified": "2024-08-02T17:12:32.422204Z",
"name": "Thwart",
"description": "Prevent the successful outcome of a policy, operation, or initiative. Actors conduct influence operations to stymie or foil proposals, plans, or courses of action which are not in their interest. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0135.002.md",
"external_id": "T0135.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--ac45e6e1-68eb-4095-818b-f681b904a64e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--07c764ee-1919-4e6f-a147-4db10d19c214",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.422933Z",
"modified": "2024-08-02T17:12:32.422933Z",
"name": "Cultivate Support",
"description": "Grow or maintain the base of support for the actor, ally, or action. This includes hard core recruitment, managing alliances, and generating or maintaining sympathy among a wider audience, including reputation management and public relations. Sub-techniques assume support for actor (self) unless otherwise specified. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.md",
"external_id": "T0136"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d6e00044-58a7-4ddb-bf88-30f8653b5f09",
"id": "bundle--f3eee90c-eaba-4fe4-bc69-1e48f329772e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.279115Z",
"modified": "2023-09-28T21:25:13.279115Z",
"created": "2024-08-02T17:12:32.415084Z",
"modified": "2024-08-02T17:12:32.415084Z",
"name": "Conceal Operational Activity",
"description": "Conceal the campaign's operational activity to avoid takedown and attribution.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c1247e3b-818a-4a71-b381-cbedbde5efe1",
"id": "bundle--9ff46e68-6a01-4053-92e6-0abd694f8d69",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.211835Z",
"modified": "2023-09-28T21:25:13.211835Z",
"created": "2024-08-02T17:12:32.350844Z",
"modified": "2024-08-02T17:12:32.350844Z",
"name": "Conduct Keyword Squatting",
"description": "Keyword squatting refers to the creation of online content, such as websites, articles, or social media accounts, around a specific search engine-optimized term to overwhelm the search results of that term. An influence may keyword squat to increase content exposure to target audience members who query the exploited term in a search engine and manipulate the narrative around the term.",
"kill_chain_phases": [

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--869a9a71-029c-4338-8243-0d7ee648acaa",
"id": "bundle--3940f8c5-8b74-480b-97a9-9246f9a439d4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.247708Z",
"modified": "2023-09-28T21:25:13.247708Z",
"created": "2024-08-02T17:12:32.382258Z",
"modified": "2024-08-02T17:12:32.382258Z",
"name": "Leverage Content Farms",
"description": "Using the services of large-scale content providers for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--806c52c7-049a-4309-9cc4-54e8ef929b0c",
"id": "bundle--2af4cfde-2a63-497e-bdb2-a5abdb6e7bbb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.27669Z",
"modified": "2023-09-28T21:25:13.27669Z",
"created": "2024-08-02T17:12:32.412914Z",
"modified": "2024-08-02T17:12:32.412914Z",
"name": "Encourage Attendance at Events",
"description": "Operation encourages attendance at existing real world event.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--cc1110ee-d357-45f6-8867-72ff03c2935c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0b662d26-ea3d-45d2-87e8-b32296ad9227",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.372647Z",
"modified": "2024-08-02T17:12:32.372647Z",
"name": "Create Fake Research",
"description": "Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx.<br /> <br />This Technique previously used the ID T0019.001.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.007.md",
"external_id": "T0085.007"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--a1ab6ca7-8c0e-4e6e-ada2-d5acbfb8f0ae",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0c2c22ae-5115-4b91-9e0f-08259e6aad99",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.431925Z",
"modified": "2024-08-02T17:12:32.431925Z",
"name": "Persona Legitimacy Evidence",
"description": "This Technique contains behaviours which might indicate whether a persona is legitimate, a fabrication, or a parody.<br><br> For example, the same persona being consistently presented across platforms is consistent with how authentic users behave on social media. However, threat actors have also displayed this behaviour as a way to increase the perceived legitimacy of their fabricated personas (aka \u201cbackstopping\u201d).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.md",
"external_id": "T0144"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--6ac57769-ec69-4864-9538-3087bbba30c8",
"id": "bundle--af67a6d7-fd4e-496d-aaad-7c9eb0bb0f2a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.21044Z",
"modified": "2023-09-28T21:25:13.21044Z",
"name": "Flooding the Information Space",
"description": "Flooding and/or mobbing social media channels feeds and/or hashtag with excessive volume of content to control/shape online conversations and/or drown out opposing points of view. Bots and/or patriotic trolls are effective tools to acheive this effect.",
"created": "2024-08-02T17:12:32.347894Z",
"modified": "2024-08-02T17:12:32.347894Z",
"name": "Flood Information Space",
"description": "Flooding sources of information (e.g. Social Media feeds) with a high volume of inauthentic content.<br /> <br />This can be done to control/shape online conversations, drown out opposing points of view, or make it harder to find legitimate information.<br /> <br />Bots and/or patriotic trolls are effective tools to achieve this effect.<br /> <br />This Technique previously used the name Flooding the Information Space.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--df5f361a-9a5c-46e4-a3b9-3c67065697c5",
"id": "bundle--6bc8d3c5-c0a8-49e4-9941-75104d2435a9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.272851Z",
"modified": "2023-09-28T21:25:13.272851Z",
"created": "2024-08-02T17:12:32.408822Z",
"modified": "2024-08-02T17:12:32.408822Z",
"name": "Post across Groups",
"description": "An influence operation may post content across groups to spread narratives and content to new communities within the target audiences or to new target audiences.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--3a92da8a-6f8d-4cee-a3f1-c71f43c3cd5a",
"id": "bundle--49eee4c9-4f69-4fb3-8c3b-8e45da598a06",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.206512Z",
"modified": "2023-09-28T21:25:13.206512Z",
"created": "2024-08-02T17:12:32.344715Z",
"modified": "2024-08-02T17:12:32.344715Z",
"name": "Use Fake Experts",
"description": "Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give \"credility\" to misinformation. Take advantage of credential bias",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--40e59355-99e8-4eee-9115-9fd7707383c3",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0dc4a07b-94cb-4743-b812-3fc3c8288551",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.423683Z",
"modified": "2024-08-02T17:12:32.423683Z",
"name": "Energise Supporters",
"description": "Raise the morale of those who support the organisation or group. Invigorate constituents with zeal for the mission or activity. Terrorist groups, political movements, and cults may indoctrinate their supporters with ideologies that are based on warped versions of religion or cause harm to others. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.003.md",
"external_id": "T0136.003"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--a1972020-cf23-4c88-b0ca-18dcee13130d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0e605049-ac7a-46a9-bbac-ef0a69e160cb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.433674Z",
"modified": "2024-08-02T17:12:32.433674Z",
"name": "Attractive Person Account Imagery",
"description": "Attractive person used in account imagery.<br><br> An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.<br><br> Pictures of physically attractive people can benefit threat actors by increasing attention given to their posts.<br><br> People sometimes legitimately use images of attractive people as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).<br><br> This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.<br><br> <b>Associated Techniques and Sub-techniques</b><br> <b>T0097.109: Romantic Suitor Persona:</b> Accounts presenting as a romantic suitor may use an attractive person in their account imagery.<br> <b>T0104.002: Dating App:</b> Analysts can use this sub-technique for tagging cases where an account has been identified as using a dating platform.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.006.md",
"external_id": "T0145.006"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d03b0d2a-e3bd-4077-8b6a-e0a3b8c23a76",
"id": "bundle--fb40e740-8007-4e6e-977a-7dcd7c3e05e6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0ec5ae10-b99b-4d5a-a7e9-7b7c3533e8c9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.256347Z",
"modified": "2023-09-28T21:25:13.256347Z",
"created": "2024-08-02T17:12:32.399545Z",
"modified": "2024-08-02T17:12:32.399545Z",
"name": "Livestream",
"description": "A livestream refers to an online broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--92bb24f3-0189-4c1b-8650-52ee3c63e2fa",
"id": "bundle--deb25743-ee30-42c8-a86d-7368e5fa0cd8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.254922Z",
"modified": "2023-09-28T21:25:13.254922Z",
"created": "2024-08-02T17:12:32.396562Z",
"modified": "2024-08-02T17:12:32.396562Z",
"name": "Create Localised Content",
"description": "Localised content refers to content that appeals to a specific community of individuals, often in defined geographic areas. An operation may create localised content using local language and dialects to resonate with its target audience and blend in with other local news and social media. Localised content may help an operation increase legitimacy, avoid detection, and complicate external attribution.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--815c8801-b5bf-4ce1-9cc8-8502206826eb",
"id": "bundle--52fca5ca-b49e-4b9e-ad30-21b67ebf5ef4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.2094Z",
"modified": "2023-09-28T21:25:13.2094Z",
"created": "2024-08-02T17:12:32.346525Z",
"modified": "2024-08-02T17:12:32.346525Z",
"name": "Threaten to Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--16d67122-d992-4258-9654-4e144f7db6a3",
"id": "bundle--c3d7ea01-fc3c-4177-b13c-e4e52587459e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.227448Z",
"modified": "2023-09-28T21:25:13.227448Z",
"created": "2024-08-02T17:12:32.368028Z",
"modified": "2024-08-02T17:12:32.368028Z",
"name": "Develop New Narratives",
"description": "Actors may develop new narratives to further strategic or tactical goals, especially when existing narratives adequately align with the campaign goals. New narratives provide more control in terms of crafting the message to achieve specific goals. However, new narratives may require more effort to disseminate than adapting or adopting existing narratives.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--ce822db7-2c37-44b2-bb15-40bfcf69c926",
"id": "bundle--551cc2bb-8ed4-4f30-82c8-bda74bdc7899",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.274372Z",
"modified": "2023-09-28T21:25:13.274372Z",
"created": "2024-08-02T17:12:32.410743Z",
"modified": "2024-08-02T17:12:32.410743Z",
"name": "Control Information Environment through Offensive Cyberspace Operations",
"description": "Controlling the information environment through offensive cyberspace operations uses cyber tools and techniques to alter the trajectory of content in the information space to either prioritise operation messaging or block opposition messaging.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--35f139fc-d892-4d6a-ac87-389b3c1623c1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--150be76a-9bdc-4f1d-837c-6a845d1eda1c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.424095Z",
"modified": "2024-08-02T17:12:32.424095Z",
"name": "Boost Reputation",
"description": "Elevate the estimation of the actor in the public\u2019s mind. Improve their image or standing. Public relations professionals use persuasive overt communications to achieve this goal; manipulators use covert disinformation. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.004.md",
"external_id": "T0136.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--e7fb76aa-a303-4635-a5db-c2e8299a03a7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--15ca8e62-e179-4dd8-9f5e-427771e915a3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.391349Z",
"modified": "2024-08-02T17:12:32.391349Z",
"name": "Think Tank Persona",
"description": "An institution with a think tank persona presents itself as a think tank; an organisation that aims to conduct original research and propose new policies or solutions, especially for social and scientific problems.<br><br> While presenting as a think tank is not an indication of inauthentic behaviour, think tank personas are commonly used by threat actors as a front for their operational activity (T0143.002: Fabricated Persona, T0097.204: Think Tank Persona). They may be created to give legitimacy to narratives and allow them to suggest politically beneficial solutions to societal issues.<br><br> Legitimate think tanks could have a political bias that they may not be transparent about, they could use their persona for malicious purposes, or they could be exploited by threat actors (T0143.001: Authentic Persona, T0097.204: Think Tank Persona). For example, a think tank could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.<br><br> <b>Associated Techniques and Sub-techniques</b><br> <b>T0097.107: Researcher Persona:</b> Institutions presenting as think tanks may also present researchers working within the organisation.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.204.md",
"external_id": "T0097.204"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--e1b8ccd4-988a-497c-a9c6-80f3cef8b999",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--15cba133-fa27-4632-9996-22b74751749a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.433235Z",
"modified": "2024-08-02T17:12:32.433235Z",
"name": "Scenery Account Imagery",
"description": "Scenery or nature used in account imagery.<br><br> An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.<br><br> People sometimes legitimately use images of scenery as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).<br><br> This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.004.md",
"external_id": "T0145.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--f58cb3cc-e84e-4578-a985-afb82423e470",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--16583ab1-7dae-470c-8bd1-b7ffa1f9b13f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.422003Z",
"modified": "2024-08-02T17:12:32.422003Z",
"name": "Smear",
"description": "Denigrate, disparage, or discredit an opponent. This is a common tactical objective in political campaigns with a larger strategic goal. It differs from efforts to harm a target through defamation. If there is no ulterior motive and the sole aim is to cause harm to the target, then choose sub-technique \u201cDefame\u201d of technique \u201cCause Harm\u201d instead.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0135.001.md",
"external_id": "T0135.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--f217bf9f-cbe8-40f1-b842-2c589fa35221",
"id": "bundle--3ed4b837-7930-4492-baff-965cdc582ef7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.230922Z",
"modified": "2023-09-28T21:25:13.230922Z",
"created": "2024-08-02T17:12:32.370771Z",
"modified": "2024-08-02T17:12:32.370771Z",
"name": "Develop AI-Generated Text",
"description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.",
"description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.<br><br><b>Associated Techniques and Sub-techniques:</b><br><b>T0085.008: Machine Translated Text:</b> Use this sub-technique when AI has been used to generate a translation of a piece of text.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--80ec494f-bad1-4f84-85b0-cf9cfde169f7",
"id": "bundle--1f5ef84b-c3a1-4714-97b6-2a1ad201a911",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1997947a-7e08-4ea9-802c-85391d561266",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.268338Z",
"modified": "2023-09-28T21:25:13.268338Z",
"created": "2024-08-02T17:12:32.406924Z",
"modified": "2024-08-02T17:12:32.406924Z",
"name": "Post Content",
"description": "Delivering content by posting via owned media (assets that the operator controls).",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--1fe5fb34-dbda-44e4-acac-d0e5f45ebf40",
"id": "bundle--ee098dbb-4ee9-46d3-a5a6-9cfe4b0307fd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.22009Z",
"modified": "2023-09-28T21:25:13.22009Z",
"created": "2024-08-02T17:12:32.361233Z",
"modified": "2024-08-02T17:12:32.361233Z",
"name": "Distort",
"description": "Twist the narrative. Take information, or artefacts like images, and change the framing around them.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--305e5346-1792-4b24-baa9-68ccbcf07386",
"id": "bundle--80a6cb32-48e5-4423-a547-751e93db2b94",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.289879Z",
"modified": "2023-09-28T21:25:13.289879Z",
"created": "2024-08-02T17:12:32.420979Z",
"modified": "2024-08-02T17:12:32.420979Z",
"name": "Action/Attitude",
"description": "Measure current system state with respect to the effectiveness of influencing action/attitude.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--6110421d-886d-4664-87e0-fe3072ad1829",
"id": "bundle--b3389001-36a8-411e-b389-837bb7db12da",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.210665Z",
"modified": "2023-09-28T21:25:13.210665Z",
"created": "2024-08-02T17:12:32.348471Z",
"modified": "2024-08-02T17:12:32.348471Z",
"name": "Trolls Amplify and Manipulate",
"description": "Use trolls to amplify narratives and/or manipulate narratives. Fake profiles/sockpuppets operating to support individuals/narratives from the entire political spectrum (left/right binary). Operating with increased emphasis on promoting local content and promoting real Twitter users generating their own, often divisive political content, as it's easier to amplify existing content than create new/original content. Trolls operate where ever there's a socially divisive issue (issues that can/are be politicized).",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--3fcf4a8d-335e-4e1f-9906-9bde08ced2fe",
"id": "bundle--ba497caf-d32f-40c0-9237-78680cb25ae9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.221608Z",
"modified": "2023-09-28T21:25:13.221608Z",
"created": "2024-08-02T17:12:32.362521Z",
"modified": "2024-08-02T17:12:32.362521Z",
"name": "Divide",
"description": "Create conflict between subgroups, to widen divisions in a community",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--885db17d-b390-4455-9431-59a8034e8fc2",
"id": "bundle--b2012feb-cb7f-4b42-a231-92ef6cf84b42",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d8c14ac-9be0-4835-b379-45549267e8f8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.260018Z",
"modified": "2023-09-28T21:25:13.260018Z",
"created": "2024-08-02T17:12:32.403282Z",
"modified": "2024-08-02T17:12:32.403282Z",
"name": "Video Sharing",
"description": "Examples include Youtube, TikTok, ShareChat, Rumble, etc",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--f8a98b0c-d415-42ed-bd09-d92bbede864d",
"id": "bundle--f663935c-16a2-4811-b67e-3944b29e5c65",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d917530-027d-4f82-b380-404c320dc783",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.216032Z",
"modified": "2023-09-28T21:25:13.216032Z",
"created": "2024-08-02T17:12:32.356564Z",
"modified": "2024-08-02T17:12:32.356564Z",
"name": "Economic Segmentation",
"description": "An influence operation may target populations based on their income bracket, wealth, or other financial or economic division.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--15ebf512-b461-488d-b4a4-4e572a86c2ef",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1e817a7b-5f96-48d0-a2f9-7ba53c168397",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.373021Z",
"modified": "2024-08-02T17:12:32.373021Z",
"name": "Machine Translated Text",
"description": "Text which has been translated into another language using machine translation tools, such as AI.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.008.md",
"external_id": "T0085.008"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--b902ec75-3655-428a-b579-e421b5f22f6e",
"id": "bundle--734a0d99-4aa6-4d47-90cf-46582be43356",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.276828Z",
"modified": "2023-09-28T21:25:13.276828Z",
"created": "2024-08-02T17:12:32.413057Z",
"modified": "2024-08-02T17:12:32.413057Z",
"name": "Call to Action to Attend",
"description": "Call to action to attend an event",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--4f658070-6407-496d-9da4-52ffdff60192",
"id": "bundle--d9571e7a-2b61-4400-8834-5d08863d0d1e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.27818Z",
"modified": "2023-09-28T21:25:13.27818Z",
"created": "2024-08-02T17:12:32.414283Z",
"modified": "2024-08-02T17:12:32.414283Z",
"name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.",
"kill_chain_phases": [

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--47a925ff-1268-4aa7-b09f-adb1dd5ac364",
"id": "bundle--72d4cdda-ecd9-4ff5-806c-658e265db5c6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.195168Z",
"modified": "2023-09-28T21:25:13.195168Z",
"created": "2024-08-02T17:12:32.335027Z",
"modified": "2024-08-02T17:12:32.335027Z",
"name": "Prepare Fundraising Campaigns",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns (see: Develop Information Pathways) to promote operation messaging while raising money to support its activities.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--bd956c8e-2b1e-4b2d-9d3b-7a72a2bf0b9f",
"id": "bundle--040db928-c41c-4eb7-9788-3024186c191c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--23fc4de3-6f2c-4080-b8ed-13e996b1a4b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.204367Z",
"modified": "2023-09-28T21:25:13.204367Z",
"created": "2024-08-02T17:12:32.343925Z",
"modified": "2024-08-02T17:12:32.343925Z",
"name": "Chat Apps",
"description": "Direct messaging via chat app is an increasing method of delivery. These messages are often automated and new delivery and storage methods make them anonymous, viral, and ephemeral. This is a difficult space to monitor, but also a difficult space to build acclaim or notoriety.",
"kill_chain_phases": [

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--6932f059-0b1f-4ac7-9479-aa083f500e32",
"id": "bundle--7eeb1560-5bf0-4f48-951e-f7ff3b36a3d7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.266341Z",
"modified": "2023-09-28T21:25:13.266341Z",
"created": "2024-08-02T17:12:32.405913Z",
"modified": "2024-08-02T17:12:32.405913Z",
"name": "Employ Commercial Analytic Firms",
"description": "Commercial analytic firms collect data on target audience activities and evaluate the data to detect trends, such as content receiving high click-rates. An influence operation may employ commercial analytic firms to facilitate external collection on its target audience, complicating attribution efforts and better tailoring the content to audience preferences.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "conduct-pump-priming"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--12c93ca9-c732-4672-94b0-438ed79dbee1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--269dbccd-0cff-4f60-a0bf-253eba9bcc63",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.372218Z",
"modified": "2024-08-02T17:12:32.372218Z",
"name": "Develop Opinion Article",
"description": "Opinion articles (aka \u201cOp-Eds\u201d or \u201cEditorials\u201d) are articles or regular columns flagged as \u201copinion\u201d posted to news sources, and can be contributed by people outside the organisation.\u00a0<br /> <br />Flagging articles as opinions allow news organisations to distinguish them from the typical expectations of objective news reporting while distancing the presented opinion from the organisation or its employees.<br /> <br /> The use of this technique is not by itself an indication of malicious or inauthentic content; Op-eds are a common format in media. However, threat actors exploit op-eds to, for example, submit opinion articles to local media to promote their narratives. <br /> <br />Examples from the perspective of a news site involve publishing op-eds from perceived prestigious voices to give legitimacy to an inauthentic publication, or supporting causes by hosting op-eds from actors aligned with the organisation\u2019s goals.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.006.md",
"external_id": "T0085.006"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--b8903b69-42ef-4c7f-8d29-e0664ebf3893",
"id": "bundle--37701d8b-9802-463a-94bd-88beef82ff4e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.265297Z",
"modified": "2023-09-28T21:25:13.265297Z",
"created": "2024-08-02T17:12:32.405517Z",
"modified": "2024-08-02T17:12:32.405517Z",
"name": "Radio",
"description": "Radio",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--793cc6ec-dc65-4bf2-a3a5-425e83da0a68",
"id": "bundle--ef89e3d2-02a9-46a0-b179-3fda040b6499",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--283333f5-e161-4195-9070-5a7c22505adf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.252865Z",
"modified": "2023-09-28T21:25:13.252865Z",
"created": "2024-08-02T17:12:32.394819Z",
"modified": "2024-08-02T17:12:32.394819Z",
"name": "Co-Opt Trusted Sources",
"description": "An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites",
"kill_chain_phases": [

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--6217b633-fcd8-470f-bf91-16f51d9b02db",
"id": "bundle--003c54f5-0c77-4697-8e79-502d89eba65c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--283453fd-36c5-4d66-b24d-f29ea35fa8a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.24035Z",
"modified": "2023-09-28T21:25:13.24035Z",
"created": "2024-08-02T17:12:32.377423Z",
"modified": "2024-08-02T17:12:32.377423Z",
"name": "Create Anonymous Accounts",
"description": "Anonymous accounts or anonymous users refer to users that access network resources without providing a username or password. An influence operation may use anonymous accounts to spread content without direct attribution to the operation.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--8d8572f9-b8fc-4a9a-b423-5e048f99c31e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--29a3ec78-469a-43b8-b0ae-9f34c58316f2",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.428473Z",
"modified": "2024-08-02T17:12:32.428473Z",
"name": "Provoke",
"description": "Instigate, incite, or arouse a target to act. Social media manipulators exploit moral outrage to propel targets to spread hate, take to the streets to protest, or engage in acts of violence. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.002.md",
"external_id": "T0138.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d2c4d87c-409f-4f32-9a31-9e337e970741",
"id": "bundle--9e5e873e-0bbc-4f26-a402-3e23c6485c76",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.273283Z",
"modified": "2023-09-28T21:25:13.273283Z",
"created": "2024-08-02T17:12:32.409219Z",
"modified": "2024-08-02T17:12:32.409219Z",
"name": "Post across Disciplines",
"description": "Post Across Disciplines",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--8f7ffd2f-5739-49ff-8fb7-29e2dc02f3ff",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2b1270a6-d432-453f-88cf-17fa38ec6f40",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.359451Z",
"modified": "2024-08-02T17:12:32.359451Z",
"name": "Economic Advantage",
"description": "Favourable position domestically or internationally in the realms of commerce, trade, finance, industry. Economics involves nation-states, corporations, banks, trade blocs, industry associations, cartels. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-strategy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.003.md",
"external_id": "T0074.003"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--707137b3-6225-472e-a07c-4a92d0a22b6c",
"id": "bundle--42842123-6a10-4b1b-84ff-4e826a17a3e2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.277436Z",
"modified": "2023-09-28T21:25:13.277436Z",
"created": "2024-08-02T17:12:32.413845Z",
"modified": "2024-08-02T17:12:32.413845Z",
"name": "Encourage Physical Violence",
"description": "An influence operation may Encourage others to engage in Physical Violence to achieve campaign goals.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--44f9daac-a4fc-4e7e-9682-03efa042ab82",
"id": "bundle--a7887cf0-e79d-4f64-9943-ded469cee484",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.222968Z",
"modified": "2023-09-28T21:25:13.222968Z",
"created": "2024-08-02T17:12:32.363691Z",
"modified": "2024-08-02T17:12:32.363691Z",
"name": "Evaluate Media Surveys",
"description": "An influence operation may evaluate its own or third-party media surveys to determine what type of content appeals to its target audience. Media surveys may provide insight into an audience\u2019s political views, social class, general interests, or other indicators used to tailor operation messaging to its target audience.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c7ea2d2f-edf4-491f-9d18-8a26b73d30ff",
"id": "bundle--33704128-7b3a-40df-b6d7-2a3e3a67f3d4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2d540add-b708-402a-93ff-f5aa50d30eb9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.205471Z",
"modified": "2023-09-28T21:25:13.205471Z",
"created": "2024-08-02T17:12:32.344274Z",
"modified": "2024-08-02T17:12:32.344274Z",
"name": "Use Unencrypted Chats Apps",
"description": "Examples include SMS, etc.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--386d5b67-da78-41e2-a782-36e8d364c8bd",
"id": "bundle--2212b83b-6b9c-4dd4-bc40-17d1798d55e1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.250986Z",
"modified": "2023-09-28T21:25:13.250986Z",
"created": "2024-08-02T17:12:32.394405Z",
"modified": "2024-08-02T17:12:32.394405Z",
"name": "Leverage Existing Inauthentic News Sites",
"description": "Leverage Existing Inauthentic News Sites",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--597df03d-5951-42b5-a04b-a2aab5bc9ecf",
"id": "bundle--496df3e6-88a6-4c59-88ae-66a25293731e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.263697Z",
"modified": "2023-09-28T21:25:13.263697Z",
"created": "2024-08-02T17:12:32.404876Z",
"modified": "2024-08-02T17:12:32.404876Z",
"name": "Traditional Media",
"description": "Examples include TV, Newspaper, Radio, etc.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--411884ce-8862-403a-ac58-1ebf7cb5fb49",
"id": "bundle--2964be6a-3bd9-42cd-84b3-e509dcbd1673",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.270307Z",
"modified": "2023-09-28T21:25:13.270307Z",
"created": "2024-08-02T17:12:32.407759Z",
"modified": "2024-08-02T17:12:32.407759Z",
"name": "Comment or Reply on Content",
"description": "Delivering content by replying or commenting via owned media (assets that the operator controls).",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--9f1138e3-d221-4fb8-9853-210f71b9fd2e",
"id": "bundle--42a8c8de-5c27-4fd0-b5e4-16cc5208614a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.203339Z",
"modified": "2023-09-28T21:25:13.203339Z",
"created": "2024-08-02T17:12:32.343565Z",
"modified": "2024-08-02T17:12:32.343565Z",
"name": "Demand Insurmountable Proof",
"description": "Campaigns often leverage tactical and informational asymmetries on the threat surface, as seen in the Distort and Deny strategies, and the \"firehose of misinformation\". Specifically, conspiracy theorists can be repeatedly wrong, but advocates of the truth need to be perfect. By constantly escalating demands for proof, propagandists can effectively leverage this asymmetry while also priming its future use, often with an even greater asymmetric advantage. The conspiracist is offered freer rein for a broader range of \"questions\" while the truth teller is burdened with higher and higher standards of proof.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c25a4ed5-ff5c-4184-af40-63185fd027f0",
"id": "bundle--76eee4c5-b6e3-4149-a33e-b3a542c5bcaf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--32ddaf21-ebef-4270-9416-d9ef74bd23f6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.282451Z",
"modified": "2023-09-28T21:25:13.282451Z",
"created": "2024-08-02T17:12:32.416684Z",
"modified": "2024-08-02T17:12:32.416684Z",
"name": "Redirect URLs",
"description": "An influence operation may redirect its falsified or typosquatted URLs to legitimate websites to increase the operation's appearance of legitimacy, complicate attribution, and avoid detection.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--4d5be5ab-9066-40d6-af57-347d231e4fb6",
"id": "bundle--37168ac0-549c-403a-9d31-41fe19a3ea17",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.231884Z",
"modified": "2023-09-28T21:25:13.231884Z",
"created": "2024-08-02T17:12:32.371128Z",
"modified": "2024-08-02T17:12:32.371128Z",
"name": "Develop Inauthentic News Articles",
"description": "An influence operation may develop false or misleading news articles aligned to their campaign goals or narratives.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--dedb20af-a3ed-4eb4-8daf-16cd2e08c1e6",
"id": "bundle--782f4bc8-b4e3-47c5-a57e-07b1c7ff3d1b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.285122Z",
"modified": "2023-09-28T21:25:13.285122Z",
"created": "2024-08-02T17:12:32.417607Z",
"modified": "2024-08-02T17:12:32.417607Z",
"name": "Utilise Bulletproof Hosting",
"description": "Hosting refers to services through which storage and computing resources are provided to an individual or organisation for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilise bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--eeaf0531-be7c-45b6-afc0-dbed1617f77c",
"id": "bundle--42dd1428-e91b-4115-b7f2-1708f01f77e1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3437993c-c521-4145-a2d8-b860399876b0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.2801Z",
"modified": "2023-09-28T21:25:13.2801Z",
"created": "2024-08-02T17:12:32.415535Z",
"modified": "2024-08-02T17:12:32.415535Z",
"name": "Break Association with Content",
"description": "Breaking association with content occurs when an influence operation actively separates itself from its own content. An influence operation may break association with content by unfollowing, unliking, or unsharing its content, removing attribution from its content, or otherwise taking actions that distance the operation from its messaging. An influence operation may break association with its content to complicate attribution or regain credibility for a new operation.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--a6d496d1-d241-4852-b5d4-327c5ffd64e2",
"id": "bundle--9a378790-917c-4006-851f-8de2ffa81c4c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.195892Z",
"modified": "2023-09-28T21:25:13.195892Z",
"created": "2024-08-02T17:12:32.336169Z",
"modified": "2024-08-02T17:12:32.336169Z",
"name": "Create Clickbait",
"description": "Create attention grabbing headlines (outrage, doubt, humour) required to drive traffic & engagement. This is a key asset.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--bcd1ecab-1563-4d85-8e3b-80064349facd",
"id": "bundle--35b0650e-99bb-404c-a54c-bb48d9d22b2c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.267305Z",
"modified": "2023-09-28T21:25:13.267305Z",
"created": "2024-08-02T17:12:32.406496Z",
"modified": "2024-08-02T17:12:32.406496Z",
"name": "Social Media",
"description": "Social Media",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--1d1a0b5f-1be3-4c52-8c8c-6f7466953698",
"id": "bundle--22d772ff-e5f6-4ace-b4eb-116b885c22e7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--35d89673-deef-482e-b30d-bb6883e47b12",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.258959Z",
"modified": "2023-09-28T21:25:13.258959Z",
"created": "2024-08-02T17:12:32.402241Z",
"modified": "2024-08-02T17:12:32.402241Z",
"name": "Create Dedicated Hashtag",
"description": "Create a campaign/incident specific hashtag.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--3713c941-49b8-4f24-8083-6c506a11ce72",
"id": "bundle--bdc125c5-3611-4532-b229-2944ab0c001a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.275328Z",
"modified": "2023-09-28T21:25:13.275328Z",
"created": "2024-08-02T17:12:32.411564Z",
"modified": "2024-08-02T17:12:32.411564Z",
"name": "Conduct Server Redirect",
"description": "A server redirect, also known as a URL redirect, occurs when a server automatically forwards a user from one URL to another using server-side or client-side scripting languages. An influence operation may conduct a server redirect to divert target audience members from one website to another without their knowledge. The redirected website may pose as a legitimate source, host malware, or otherwise aid operation objectives.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--a4bfe7b9-645e-4af2-a1db-a3871e60e58f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3628a6fd-b102-48a0-862b-9b66e80ee556",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.427838Z",
"modified": "2024-08-02T17:12:32.427838Z",
"name": "Manipulate Stocks",
"description": "Artificially inflate or deflate the price of stocks or other financial instruments and then trade on these to make profit. The most common securities fraud schemes are called \u201cpump and dump\u201d and \u201cpoop and scoop\u201d. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.006.md",
"external_id": "T0137.006"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--6a0de0a1-88d4-4005-8a2c-e41f4063bb91",
"id": "bundle--d21e749a-399c-40b4-9c7b-209f278ef8c2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--36f4dc58-e164-4819-83f8-52875377ff16",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.204899Z",
"modified": "2023-09-28T21:25:13.204899Z",
"created": "2024-08-02T17:12:32.344084Z",
"modified": "2024-08-02T17:12:32.344084Z",
"name": "Use Encrypted Chat Apps",
"description": "Examples include Signal, WhatsApp, Discord, Wire, etc.",
"kill_chain_phases": [

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--f9bab428-c384-4942-b2de-195baf6ac01b",
"id": "bundle--59297cc3-eb4a-44e7-ad66-2cd6992a7cad",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.243236Z",
"modified": "2023-09-28T21:25:13.243236Z",
"created": "2024-08-02T17:12:32.379779Z",
"modified": "2024-08-02T17:12:32.379779Z",
"name": "Use Follow Trains",
"description": "A follow train is a group of people who follow each other on a social media platform, often as a way for an individual or campaign to grow its social media following. Follow trains may be a violation of platform Terms of Service. They are also known as follow-for-follow groups.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--597354a2-caf2-4a4f-937b-3ba4210154dd",
"id": "bundle--68a42eb4-50cb-4b46-8c13-b9cc08efa754",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.239371Z",
"modified": "2023-09-28T21:25:13.239371Z",
"created": "2024-08-02T17:12:32.37699Z",
"modified": "2024-08-02T17:12:32.37699Z",
"name": "Alter Authentic Documents",
"description": "Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic can be \"leaked\" during later stages in the operation.",
"description": "Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic and can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--9763ce34-ff06-439f-9e5a-6189eb3500d7",
"id": "bundle--8d0c90be-850b-4d32-8460-c499ca709224",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.248135Z",
"modified": "2023-09-28T21:25:13.248135Z",
"created": "2024-08-02T17:12:32.382597Z",
"modified": "2024-08-02T17:12:32.382597Z",
"name": "Create Content Farms",
"description": "An influence operation may create an organisation for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--7930ed30-e163-4178-b29d-60e7e54310ff",
"id": "bundle--308050af-565a-4fa0-82d9-b0587771b5e9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.276967Z",
"modified": "2023-09-28T21:25:13.276967Z",
"created": "2024-08-02T17:12:32.413199Z",
"modified": "2024-08-02T17:12:32.413199Z",
"name": "Facilitate Logistics or Support for Attendance",
"description": "Facilitate logistics or support for travel, food, housing, etc.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--7b84f97c-4639-43b1-a7b5-a15b77650011",
"id": "bundle--db232d51-2359-4ae5-a4e3-3e0c741ded1a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.255837Z",
"modified": "2023-09-28T21:25:13.255837Z",
"created": "2024-08-02T17:12:32.398558Z",
"modified": "2024-08-02T17:12:32.398558Z",
"name": "Use Existing Echo Chambers/Filter Bubbles",
"description": "Use existing Echo Chambers/Filter Bubbles",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--85f7691c-68e0-422e-a862-ea047aacc5c5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--39f767f7-bc22-4611-8a39-3584c5bbdd5a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.383638Z",
"modified": "2024-08-02T17:12:32.383638Z",
"name": "Individual Persona",
"description": "This sub-technique can be used to indicate that an entity is presenting itself as an individual. If the person is presenting themselves as having one of the personas listed below then these sub-techniques should be used instead, as they indicate both the type of persona they presented and that the entity presented itself as an individual:<br><br>T0097.101: Local Persona<br>T0097.102: Journalist Persona<br>T0097.103: Activist Persona<br>T0097.104: Hacktivist Persona<br>T0097.105: Military Personnel Persona<br>T0097.106: Recruiter Persona<br>T0097.107: Researcher Persona<br>T0097.108: Expert Persona<br>T0097.109: Romantic Suitor Persona<br>T0097.110: Party Official Persona<br>T0097.111: Government Official Persona<br>T0097.112: Government Employee Persona",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.100.md",
"external_id": "T0097.100"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--085b8da4-ab11-404b-bd59-9f25ad7b5334",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3a2f96fa-c3d0-4f54-a041-6807f0ea4955",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.351504Z",
"modified": "2024-08-02T17:12:32.351504Z",
"name": "Generate Information Pollution",
"description": "Information Pollution occurs when threat actors attempt to ruin a source of information by flooding it with lots of inauthentic or unreliable content, intending to make it harder for legitimate users to find the information they\u2019re looking for.<br /> <br />This sub-technique\u2019s objective is to reduce exposure to target information, rather than promoting exposure to campaign content, for which the parent Technique T0049 can be used.<br /> <br />Analysts will need to infer what the motive for flooding an information space was when deciding whether to use T0049 or T0049.008 to tag a case when an information space is flooded. If such inference is not possible, default to T0049.<br /> <br />This Technique previously used the ID T0019.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximise-exposure"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0049.008.md",
"external_id": "T0049.008"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--da43971f-8360-411f-8b0a-2e235b06ad4a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3af9d1c0-9a09-4dba-8975-a204e6951ac4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.428678Z",
"modified": "2024-08-02T17:12:32.428678Z",
"name": "Compel",
"description": "Force target to take an action or to stop taking an action it has already started. Actors can use the threat of reputational damage alongside military or economic threats to compel a target.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.003.md",
"external_id": "T0138.003"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--093e8baf-f3bd-452b-b564-758c25c12bcc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3b7dd3e2-ff22-4b4b-813e-c31c2fb68029",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.43236Z",
"modified": "2024-08-02T17:12:32.43236Z",
"name": "Persona Template",
"description": "Threat actors have been observed following a template when filling their accounts\u2019 online profiles. This may be done to enable account holders to quickly present themselves as a real person with a targeted persona.<br><br> For example, an actor may be instructed to create many fabricated local accounts for use in an operation using a template of \u201c[flag emojis], [location], [personal quote], [political party] supporter\u201d in their account\u2019s description.<br><br> <b>Associated Techniques and Sub-techniques</b><br> <b>T0143.002: Fabricated Persona:</b> The use of a templated account biography in a collection of accounts may be an indicator that the personas have been fabricated.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.002.md",
"external_id": "T0144.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--524c667d-ba42-44dc-99ff-f0341f294492",
"id": "bundle--42db14eb-21c4-4415-85ff-6ea4a0b6988b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.195475Z",
"modified": "2023-09-28T21:25:13.195475Z",
"created": "2024-08-02T17:12:32.335422Z",
"modified": "2024-08-02T17:12:32.335422Z",
"name": "Raise Funds from Malign Actors",
"description": "Raising funds from malign actors may include contributions from foreign agents, cutouts or proxies, shell companies, dark money groups, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c4a67919-d59e-40b9-a754-5db16962d44f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3be88ed6-1f7e-4c93-997c-600a8996293f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.42888Z",
"modified": "2024-08-02T17:12:32.42888Z",
"name": "Dissuade from Acting",
"description": "Discourage, deter, or inhibit the target from actions which would be unfavourable to the attacker. The actor may want the target to refrain from voting, buying, fighting, or supplying. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0139.md",
"external_id": "T0139"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--e270b35a-fd95-4c34-879c-ef98af69a7a2",
"id": "bundle--4bc6311d-569a-4924-aec6-c9ececa708f4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.216489Z",
"modified": "2023-09-28T21:25:13.216489Z",
"created": "2024-08-02T17:12:32.356931Z",
"modified": "2024-08-02T17:12:32.356931Z",
"name": "Psychographic Segmentation",
"description": "An influence operation may target populations based on psychographic segmentation, which uses audience values and decision-making processes. An operation may individually gather psychographic data with its own surveys or collection tools or externally purchase data from social media companies or online surveys, such as personality quizzes.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--8df61d22-73e4-42fe-81f8-88f17e1f440a",
"id": "bundle--d78866cf-2eef-4cd3-8dff-bb863f6c5282",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--404f0dd5-81d8-4d96-ad36-875a58c27271",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.257668Z",
"modified": "2023-09-28T21:25:13.257668Z",
"created": "2024-08-02T17:12:32.400306Z",
"modified": "2024-08-02T17:12:32.400306Z",
"name": "Mainstream Social Networks",
"description": "Examples include Facebook, Twitter, LinkedIn, etc.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--b83086c0-b76a-45b4-b775-b336e4f5b623",
"id": "bundle--b6b0bec9-0362-4844-b4e7-9dcc47d85ee8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.256193Z",
"modified": "2023-09-28T21:25:13.256193Z",
"created": "2024-08-02T17:12:32.399364Z",
"modified": "2024-08-02T17:12:32.399364Z",
"name": "Exploit Data Voids",
"description": "A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) \u201cBreaking news\u201d data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a \u201cstrategic new terms\u201d data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on \u201coutdated terms\u201d that have decreased in popularity, capitalising on most search engines\u2019 preferences for recency. (4) \u201cFragmented concepts\u201d data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use \u201cproblematic queries\u201d that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d36d25dd-ffcd-4218-853b-23d09e3325d4",
"id": "bundle--14414258-fd23-4684-9630-c08c108445f6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.223959Z",
"modified": "2023-09-28T21:25:13.223959Z",
"created": "2024-08-02T17:12:32.365103Z",
"modified": "2024-08-02T17:12:32.365103Z",
"name": "Identify Social and Technical Vulnerabilities",
"description": "Identifying social and technical vulnerabilities determines weaknesses within the target audience information environment for later exploitation. Vulnerabilities include decisive political issues, weak cybersecurity infrastructure, search engine data voids, and other technical and non technical weaknesses in the target information environment. Identifying social and technical vulnerabilities facilitates the later exploitation of the identified weaknesses to advance operation objectives.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c3aa656a-00c7-4d75-9624-876a51f62d99",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--410e8ae7-e11d-44ff-8f10-3ec29798a9e0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.432127Z",
"modified": "2024-08-02T17:12:32.432127Z",
"name": "Present Persona across Platforms",
"description": "This sub-technique covers situations where analysts have identified the same persona being presented across multiple platforms.<br><br> Having multiple accounts presenting the same persona is not an indicator of inauthentic behaviour; many people create accounts and present as themselves on multiple platforms. However, threat actors are known to present the same persona across multiple platforms, benefiting from an increase in perceived legitimacy.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.001.md",
"external_id": "T0144.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--7352d4f2-953e-48fc-b1f2-5b3d17dba7bf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--422b6ba9-3ad0-4e6f-9f00-b044e5d657a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.392983Z",
"modified": "2024-08-02T17:12:32.392983Z",
"name": "Social Cause Persona",
"description": "Online accounts which present themselves as focusing on a social cause are presenting the Social Cause Persona. Examples include accounts which post about current affairs, such as discrimination faced by minorities.<br><br> While presenting as an account invested in a social cause is not an indication of inauthentic behaviour, such personas have been used by threat actors to exploit peoples\u2019 legitimate emotional investment regarding social causes that matter to them (T0143.002: Fabricated Persona, T0097.208: Social Cause Persona).<br><br> Legitimate accounts focused on a social cause could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.208: Social Cause Persona). For example, the account holders could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.<br><br> <b>Associated Techniques and Sub-techniques:</b><br> <b>T0097.103: Activist Persona:</b> Analysts should use this sub-technique to catalogue cases where an individual is presenting themselves as an activist related to a social cause. Accounts with social cause personas do not present themselves as individuals, but may have activists controlling the accounts.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.208.md",
"external_id": "T0097.208"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--790268d5-f369-403b-a46d-5ad509c30df0",
"id": "bundle--94d03a1c-720e-4f9a-a17d-56c3863d7e6d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4282febe-c8a6-46da-863c-f19081615d80",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.21143Z",
"modified": "2023-09-28T21:25:13.21143Z",
"created": "2024-08-02T17:12:32.350087Z",
"modified": "2024-08-02T17:12:32.350087Z",
"name": "Utilise Spamoflauge",
"description": "Spamoflauge refers to the practice of disguising spam messages as legitimate. Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk. Simple methods of spamoflauge include replacing letters with numbers to fool keyword-based email spam filters, for example, \"you've w0n our jackp0t!\". Spamoflauge may extend to more complex techniques such as modifying the grammar or word choice of the language, casting messages as images which spam detectors cannot automatically read, or encapsulating messages in password protected attachments, such as .pdf or .zip files. Influence operations may use spamoflauge to avoid spam filtering systems and increase the likelihood of the target audience receiving operation messaging.",
"kill_chain_phases": [

View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--3f28a037-4fe4-4166-b592-1b9a7f4107c7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--42aa38b3-77b9-48e0-b3ef-41e7e72e27ac",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.429558Z",
"modified": "2024-08-02T17:12:32.429558Z",
"name": "Cause Harm",
"description": "Persecute, malign, or inflict pain upon a target. The objective of a campaign may be to cause fear or emotional distress in a target. In some cases, harm is instrumental to achieving a primary objective, as in coercion, repression, or intimidation. In other cases, harm may be inflicted for the satisfaction of the perpetrator, as in revenge or sadistic cruelty. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0140.md",
"external_id": "T0140"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--38165465-d447-4aad-8084-f23ebfbfb2da",
"id": "bundle--f8685817-1428-4ab4-9c6f-1816985d82d7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.247214Z",
"modified": "2023-09-28T21:25:13.247214Z",
"created": "2024-08-02T17:12:32.381825Z",
"modified": "2024-08-02T17:12:32.381825Z",
"name": "Develop Owned Media Assets",
"description": "An owned media asset refers to an agency or organisation through which an influence operation may create, develop, and host content and narratives. Owned media assets include websites, blogs, social media pages, forums, and other platforms that facilitate the creation and organisation of content.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--8d9d6aaf-d143-4278-b601-05613e12dfcb",
"id": "bundle--ca9241d9-8bc9-4609-9f9c-7772037cfb9f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.223372Z",
"modified": "2023-09-28T21:25:13.223372Z",
"created": "2024-08-02T17:12:32.364425Z",
"modified": "2024-08-02T17:12:32.364425Z",
"name": "Conduct Web Traffic Analysis",
"description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--fdec7679-d363-46e2-b4f0-eb885fcec3d2",
"id": "bundle--738b5d9f-1406-4dc5-8c4e-cb5139826f7c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.224398Z",
"modified": "2023-09-28T21:25:13.224398Z",
"created": "2024-08-02T17:12:32.365448Z",
"modified": "2024-08-02T17:12:32.365448Z",
"name": "Find Echo Chambers",
"description": "Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--254ab946-c35a-4f26-9e74-9ad45e2ff842",
"id": "bundle--1c441fbd-06b6-4111-ba16-87d8c1e0ac65",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.200791Z",
"modified": "2023-09-28T21:25:13.200791Z",
"created": "2024-08-02T17:12:32.342026Z",
"modified": "2024-08-02T17:12:32.342026Z",
"name": "Distort Facts",
"description": "Change, twist, or exaggerate existing facts to construct a narrative that differs from reality. Examples: images and ideas can be distorted by being placed in an improper content",
"kill_chain_phases": [

View File

@ -1,20 +1,20 @@
{
"type": "bundle",
"id": "bundle--af941b53-2a08-4b7e-8300-dd82dc395059",
"id": "bundle--7c940633-a4aa-449b-be9d-5b90cf125997",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.243054Z",
"modified": "2023-09-28T21:25:13.243054Z",
"created": "2024-08-02T17:12:32.379547Z",
"modified": "2024-08-02T17:12:32.379547Z",
"name": "Create Organisations",
"description": "Influence operations may establish organisations with legitimate or falsified hierarchies, staff, and content to structure operation assets, provide a sense of legitimacy to the operation, or provide institutional backing to operation activities.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
"phase_name": "establish-assets"
}
],
"external_references": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--a66a21ef-a173-4cde-ba42-d60759c41c57",
"id": "bundle--f6237991-625a-4716-8183-16180d053d73",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4a1d1dad-6784-42be-a7cd-1653cf8f34cc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.255442Z",
"modified": "2023-09-28T21:25:13.255442Z",
"created": "2024-08-02T17:12:32.397193Z",
"modified": "2024-08-02T17:12:32.397193Z",
"name": "Leverage Echo Chambers/Filter Bubbles",
"description": "An echo chamber refers to an internet subgroup, often along ideological lines, where individuals only engage with \u201cothers with which they are already in agreement.\u201d A filter bubble refers to an algorithm's placement of an individual in content that they agree with or regularly engage with, possibly entrapping the user into a bubble of their own making. An operation may create these isolated areas of the internet by match existing groups, or aggregating individuals into a single target audience based on shared interests, politics, values, demographics, and other characteristics. Echo chambers and filter bubbles help to reinforce similar biases and content to the same target audience members.",
"kill_chain_phases": [

View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--24d6d0eb-2e4c-41d5-bcd0-d96a3588d467",
"id": "bundle--35d106c2-5fae-42cf-a024-34d124bc5bf0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4c5e704a-acca-4bbd-8980-c915c0424ff8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2023-09-28T21:25:13.290171Z",
"modified": "2023-09-28T21:25:13.290171Z",
"created": "2024-08-02T17:12:32.421381Z",
"modified": "2024-08-02T17:12:32.421381Z",
"name": "Message Reach",
"description": "Monitor and evaluate message reach in misinformation incidents.",
"kill_chain_phases": [

Some files were not shown because too many files have changed in this diff Show More