diff --git a/generated_pages/tactics/TA06.md b/generated_pages/tactics/TA06.md
index a9f7417..15e3ccb 100644
--- a/generated_pages/tactics/TA06.md
+++ b/generated_pages/tactics/TA06.md
@@ -49,48 +49,6 @@
| [T0089 Obtain Private Documents](../../generated_pages/techniques/T0089.md) |
| [T0089.001 Obtain Authentic Documents](../../generated_pages/techniques/T0089.001.md) |
| [T0089.003 Alter Authentic Documents](../../generated_pages/techniques/T0089.003.md) |
-| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) |
-| [T0146.001 Free Account Asset](../../generated_pages/techniques/T0146.001.md) |
-| [T0146.002 Paid Account Asset](../../generated_pages/techniques/T0146.002.md) |
-| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) |
-| [T0146.004 Administrator Account Asset](../../generated_pages/techniques/T0146.004.md) |
-| [T0146.005 Lookalike Account ID](../../generated_pages/techniques/T0146.005.md) |
-| [T0146.006 Open Access Platform](../../generated_pages/techniques/T0146.006.md) |
-| [T0146.007 Automated Account Asset](../../generated_pages/techniques/T0146.007.md) |
-| [T0147 Software Asset](../../generated_pages/techniques/T0147.md) |
-| [T0147.001 Game Asset](../../generated_pages/techniques/T0147.001.md) |
-| [T0147.002 Game Mod Asset](../../generated_pages/techniques/T0147.002.md) |
-| [T0147.003 Malware Asset](../../generated_pages/techniques/T0147.003.md) |
-| [T0147.004 Mobile App Asset](../../generated_pages/techniques/T0147.004.md) |
-| [T0148 Financial Instrument](../../generated_pages/techniques/T0148.md) |
-| [T0148.001 Online Banking Platform](../../generated_pages/techniques/T0148.001.md) |
-| [T0148.002 Bank Account Asset](../../generated_pages/techniques/T0148.002.md) |
-| [T0148.003 Payment Processing Platform](../../generated_pages/techniques/T0148.003.md) |
-| [T0148.004 Payment Processing Capability](../../generated_pages/techniques/T0148.004.md) |
-| [T0148.005 Subscription Processing Capability](../../generated_pages/techniques/T0148.005.md) |
-| [T0148.006 Crowdfunding Platform](../../generated_pages/techniques/T0148.006.md) |
-| [T0148.007 eCommerce Platform](../../generated_pages/techniques/T0148.007.md) |
-| [T0148.008 Cryptocurrency Exchange Platform](../../generated_pages/techniques/T0148.008.md) |
-| [T0148.009 Cryptocurrency Wallet](../../generated_pages/techniques/T0148.009.md) |
-| [T0149 Online Infrastructure](../../generated_pages/techniques/T0149.md) |
-| [T0149.001 Domain Asset](../../generated_pages/techniques/T0149.001.md) |
-| [T0149.002 Email Domain Asset](../../generated_pages/techniques/T0149.002.md) |
-| [T0149.003 Lookalike Domain](../../generated_pages/techniques/T0149.003.md) |
-| [T0149.004 Redirecting Domain Asset](../../generated_pages/techniques/T0149.004.md) |
-| [T0149.005 Server Asset](../../generated_pages/techniques/T0149.005.md) |
-| [T0149.006 IP Address Asset](../../generated_pages/techniques/T0149.006.md) |
-| [T0149.007 VPN Asset](../../generated_pages/techniques/T0149.007.md) |
-| [T0149.008 Proxy IP Address Asset](../../generated_pages/techniques/T0149.008.md) |
-| [T0149.009 Internet Connected Physical Asset](../../generated_pages/techniques/T0149.009.md) |
-| [T0150 Asset Origin](../../generated_pages/techniques/T0150.md) |
-| [T0150.001 Newly Created Asset](../../generated_pages/techniques/T0150.001.md) |
-| [T0150.002 Dormant Asset](../../generated_pages/techniques/T0150.002.md) |
-| [T0150.003 Pre-Existing Asset](../../generated_pages/techniques/T0150.003.md) |
-| [T0150.004 Repurposed Asset](../../generated_pages/techniques/T0150.004.md) |
-| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) |
-| [T0150.006 Purchased Asset](../../generated_pages/techniques/T0150.006.md) |
-| [T0150.007 Rented Asset](../../generated_pages/techniques/T0150.007.md) |
-| [T0150.008 Bulk Created Asset](../../generated_pages/techniques/T0150.008.md) |
diff --git a/generated_pages/tactics/TA15.md b/generated_pages/tactics/TA15.md
index 33a6be2..d177968 100644
--- a/generated_pages/tactics/TA15.md
+++ b/generated_pages/tactics/TA15.md
@@ -56,6 +56,48 @@ This Tactic was previously called Establish Social Assets.
| [T0145.005 Illustrated Character Account Imagery](../../generated_pages/techniques/T0145.005.md) |
| [T0145.006 Attractive Person Account Imagery](../../generated_pages/techniques/T0145.006.md) |
| [T0145.007 Stock Image Account Imagery](../../generated_pages/techniques/T0145.007.md) |
+| [T0146 Account Asset](../../generated_pages/techniques/T0146.md) |
+| [T0146.001 Free Account Asset](../../generated_pages/techniques/T0146.001.md) |
+| [T0146.002 Paid Account Asset](../../generated_pages/techniques/T0146.002.md) |
+| [T0146.003 Verified Account Asset](../../generated_pages/techniques/T0146.003.md) |
+| [T0146.004 Administrator Account Asset](../../generated_pages/techniques/T0146.004.md) |
+| [T0146.005 Lookalike Account ID](../../generated_pages/techniques/T0146.005.md) |
+| [T0146.006 Open Access Platform](../../generated_pages/techniques/T0146.006.md) |
+| [T0146.007 Automated Account Asset](../../generated_pages/techniques/T0146.007.md) |
+| [T0147 Software Asset](../../generated_pages/techniques/T0147.md) |
+| [T0147.001 Game Asset](../../generated_pages/techniques/T0147.001.md) |
+| [T0147.002 Game Mod Asset](../../generated_pages/techniques/T0147.002.md) |
+| [T0147.003 Malware Asset](../../generated_pages/techniques/T0147.003.md) |
+| [T0147.004 Mobile App Asset](../../generated_pages/techniques/T0147.004.md) |
+| [T0148 Financial Instrument](../../generated_pages/techniques/T0148.md) |
+| [T0148.001 Online Banking Platform](../../generated_pages/techniques/T0148.001.md) |
+| [T0148.002 Bank Account Asset](../../generated_pages/techniques/T0148.002.md) |
+| [T0148.003 Payment Processing Platform](../../generated_pages/techniques/T0148.003.md) |
+| [T0148.004 Payment Processing Capability](../../generated_pages/techniques/T0148.004.md) |
+| [T0148.005 Subscription Processing Capability](../../generated_pages/techniques/T0148.005.md) |
+| [T0148.006 Crowdfunding Platform](../../generated_pages/techniques/T0148.006.md) |
+| [T0148.007 eCommerce Platform](../../generated_pages/techniques/T0148.007.md) |
+| [T0148.008 Cryptocurrency Exchange Platform](../../generated_pages/techniques/T0148.008.md) |
+| [T0148.009 Cryptocurrency Wallet](../../generated_pages/techniques/T0148.009.md) |
+| [T0149 Online Infrastructure](../../generated_pages/techniques/T0149.md) |
+| [T0149.001 Domain Asset](../../generated_pages/techniques/T0149.001.md) |
+| [T0149.002 Email Domain Asset](../../generated_pages/techniques/T0149.002.md) |
+| [T0149.003 Lookalike Domain](../../generated_pages/techniques/T0149.003.md) |
+| [T0149.004 Redirecting Domain Asset](../../generated_pages/techniques/T0149.004.md) |
+| [T0149.005 Server Asset](../../generated_pages/techniques/T0149.005.md) |
+| [T0149.006 IP Address Asset](../../generated_pages/techniques/T0149.006.md) |
+| [T0149.007 VPN Asset](../../generated_pages/techniques/T0149.007.md) |
+| [T0149.008 Proxy IP Address Asset](../../generated_pages/techniques/T0149.008.md) |
+| [T0149.009 Internet Connected Physical Asset](../../generated_pages/techniques/T0149.009.md) |
+| [T0150 Asset Origin](../../generated_pages/techniques/T0150.md) |
+| [T0150.001 Newly Created Asset](../../generated_pages/techniques/T0150.001.md) |
+| [T0150.002 Dormant Asset](../../generated_pages/techniques/T0150.002.md) |
+| [T0150.003 Pre-Existing Asset](../../generated_pages/techniques/T0150.003.md) |
+| [T0150.004 Repurposed Asset](../../generated_pages/techniques/T0150.004.md) |
+| [T0150.005 Compromised Asset](../../generated_pages/techniques/T0150.005.md) |
+| [T0150.006 Purchased Asset](../../generated_pages/techniques/T0150.006.md) |
+| [T0150.007 Rented Asset](../../generated_pages/techniques/T0150.007.md) |
+| [T0150.008 Bulk Created Asset](../../generated_pages/techniques/T0150.008.md) |
diff --git a/generated_pages/techniques/T0146.001.md b/generated_pages/techniques/T0146.001.md
index 371023c..72a3693 100644
--- a/generated_pages/techniques/T0146.001.md
+++ b/generated_pages/techniques/T0146.001.md
@@ -2,7 +2,7 @@
* **Summary**: Many online platforms allow users to create free accounts on their platform. A Free Account is an Account which does not require payment at account creation and is not subscribed to paid platform features.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0146.002.md b/generated_pages/techniques/T0146.002.md
index 20e6dcb..cb06d70 100644
--- a/generated_pages/techniques/T0146.002.md
+++ b/generated_pages/techniques/T0146.002.md
@@ -2,7 +2,7 @@
* **Summary**: Some online platforms afford accounts extra features, or other benefits, if the user pays a fee. For example, as of September 2024, content posted by a Paid Account on X (previously Twitter) is prioritised in the platform’s algorithm.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0146.003.md b/generated_pages/techniques/T0146.003.md
index d7927e7..ca1dfd4 100644
--- a/generated_pages/techniques/T0146.003.md
+++ b/generated_pages/techniques/T0146.003.md
@@ -2,7 +2,7 @@
* **Summary**: Some online platforms apply badges of verification to accounts which meet certain criteria.
On some platforms (such as dating apps) a verification badge signifies that the account has passed the platform’s identity verification checks. On some platforms (such as X (previously Twitter)) a verification badge signifies that an account has paid for the platform’s service.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0146.004.md b/generated_pages/techniques/T0146.004.md
index bf3628a..32a8ea0 100644
--- a/generated_pages/techniques/T0146.004.md
+++ b/generated_pages/techniques/T0146.004.md
@@ -2,7 +2,7 @@
* **Summary**: Some accounts will have special privileges / will be in control of the Digital Community Hosting Asset; for example, the Admin of a Facebook Page, a Moderator of a Subreddit, etc. etc.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0146.005.md b/generated_pages/techniques/T0146.005.md
index f0e90e3..8338f9c 100644
--- a/generated_pages/techniques/T0146.005.md
+++ b/generated_pages/techniques/T0146.005.md
@@ -2,7 +2,7 @@
* **Summary**: Many platforms which host online communities require creation of a username (or another unique identifier) when an Account is created.
Sometimes people create usernames which are visually similar to other existing accounts’ usernames. While this is not necessarily an indicator of malicious behaviour, actors can create Lookalike Account IDs to support Impersonations or Parody.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0146.006.md b/generated_pages/techniques/T0146.006.md
index d8303cc..ee6c059 100644
--- a/generated_pages/techniques/T0146.006.md
+++ b/generated_pages/techniques/T0146.006.md
@@ -2,7 +2,7 @@
* **Summary**: Some online platforms allow users to take advantage of the platform’s features without creating an account. Examples include the Paste Platform Pastebin, and the Image Board Platforms 4chan and 8chan.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0146.007.md b/generated_pages/techniques/T0146.007.md
index 06a983c..5a0e347 100644
--- a/generated_pages/techniques/T0146.007.md
+++ b/generated_pages/techniques/T0146.007.md
@@ -2,7 +2,7 @@
* **Summary**: An Automated Account is an account which is displaying automated behaviour, such as republishing or liking other accounts’ content, or publishing their own content.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0146.md b/generated_pages/techniques/T0146.md
index bde9c45..3a1b6bc 100644
--- a/generated_pages/techniques/T0146.md
+++ b/generated_pages/techniques/T0146.md
@@ -2,7 +2,7 @@
* **Summary**: An Account is a user-specific profile that allows access to the features and services of an online platform, typically requiring a username and password for authentication.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0147.001.md b/generated_pages/techniques/T0147.001.md
index 21a302c..b356aa7 100644
--- a/generated_pages/techniques/T0147.001.md
+++ b/generated_pages/techniques/T0147.001.md
@@ -2,7 +2,7 @@
* **Summary**: A Game is Software which has been designed for interactive entertainment, where users take on challenges set by the game’s designers.
While Online Game Platforms allow people to play with each other, Games are designed for single player experiences.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0147.002.md b/generated_pages/techniques/T0147.002.md
index 5780150..1a23e2c 100644
--- a/generated_pages/techniques/T0147.002.md
+++ b/generated_pages/techniques/T0147.002.md
@@ -2,7 +2,7 @@
* **Summary**: A Game Mod is a modification which can be applied to a Game or Multiplayer Online Game to add new content or functionality to the game.
Users can Modify Games to introduce new content to the game. Modified Games can be distributed on Software Delivery Platforms such as Steam or can be distributed within the Game or Multiplayer Online Game.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0147.003.md b/generated_pages/techniques/T0147.003.md
index c02584d..c71323b 100644
--- a/generated_pages/techniques/T0147.003.md
+++ b/generated_pages/techniques/T0147.003.md
@@ -2,7 +2,7 @@
* **Summary**: Malware is Software which has been designed to cause harm or facilitate malicious behaviour on electronic devices.
DISARM recommends using the [MITRE ATT&CK Framework](https://attack.mitre.org/) to document malware types and their usage.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0147.004.md b/generated_pages/techniques/T0147.004.md
index aa78e9a..caa5a44 100644
--- a/generated_pages/techniques/T0147.004.md
+++ b/generated_pages/techniques/T0147.004.md
@@ -2,7 +2,7 @@
* **Summary**: A Mobile App is an application which has been designed to run on mobile operating systems, such as Android or iOS.
Mobile Apps can enable access to online platforms (e.g. Facebook’s mobile app) or can provide software which users can run offline on their device.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0147.md b/generated_pages/techniques/T0147.md
index a796711..c9e7fa8 100644
--- a/generated_pages/techniques/T0147.md
+++ b/generated_pages/techniques/T0147.md
@@ -2,7 +2,7 @@
* **Summary**: A Software is a program developed to run on computers or devices that helps users achieve specific goals, such as improving productivity, automating tasks, or having fun.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.001.md b/generated_pages/techniques/T0148.001.md
index 7f8c6f3..708520d 100644
--- a/generated_pages/techniques/T0148.001.md
+++ b/generated_pages/techniques/T0148.001.md
@@ -2,7 +2,7 @@
* **Summary**: Online Banking Platforms are spaces provided by banks for their customers to manage their Bank Account online.
The Online Banking Platforms available differ by country. In the United Kingdom, examples of banking institutions which provide Online Banking Platforms include Lloyds, Barclays, and Monzo. In the United States, examples include Citibank, Chase, and Capital One.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.002.md b/generated_pages/techniques/T0148.002.md
index 10c21b3..b83ef43 100644
--- a/generated_pages/techniques/T0148.002.md
+++ b/generated_pages/techniques/T0148.002.md
@@ -2,7 +2,7 @@
* **Summary**: A Bank Account is a financial account that allows individuals or organisations to store, manage, and access their money, typically for saving, spending, or investment purposes.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.003.md b/generated_pages/techniques/T0148.003.md
index 3798569..56a66e0 100644
--- a/generated_pages/techniques/T0148.003.md
+++ b/generated_pages/techniques/T0148.003.md
@@ -2,7 +2,7 @@
* **Summary**: Stripe, Paypal, and Apple Pay, Chargebee, Recurly and Zuora are examples of Payment Processing Platforms.
Payment Processing Platforms produce programs providing Payment Processing or Subscription Processing capabilities which actors can use to set up online storefronts, or to take donations.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.004.md b/generated_pages/techniques/T0148.004.md
index 34184be..cd436cb 100644
--- a/generated_pages/techniques/T0148.004.md
+++ b/generated_pages/techniques/T0148.004.md
@@ -2,7 +2,7 @@
* **Summary**: A Payment Processing Capability is a feature of online platforms or software which enables the processing of one-off payments (e.g. an online checkout, or donation processing page).
Payment Processing Capabilities can enable platform users to purchase products or services or can facilitate donations to a given cause.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.005.md b/generated_pages/techniques/T0148.005.md
index cd89610..3eca00f 100644
--- a/generated_pages/techniques/T0148.005.md
+++ b/generated_pages/techniques/T0148.005.md
@@ -2,7 +2,7 @@
* **Summary**: A Subscription Processing Capability is a feature of online platforms or software which enables the processing of recurring payments.
Subscription Processing Capabilities are typically used to enable recurring payments in exchange for continued access to products or services.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.006.md b/generated_pages/techniques/T0148.006.md
index a597e50..5bbc51a 100644
--- a/generated_pages/techniques/T0148.006.md
+++ b/generated_pages/techniques/T0148.006.md
@@ -2,7 +2,7 @@
* **Summary**: Kickstarter and GoFundMe are examples of Crowdfunding Platforms.
Crowdfunding Platforms enable users with Accounts to create projects for other platform users to finance, usually in exchange for access to fruits of the project.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.007.md b/generated_pages/techniques/T0148.007.md
index 95e978c..2c9a29e 100644
--- a/generated_pages/techniques/T0148.007.md
+++ b/generated_pages/techniques/T0148.007.md
@@ -2,7 +2,7 @@
* **Summary**: Amazon, eBay and Etsy are examples of eCommerce Platforms.
eCommerce Platforms enable users with Accounts to create online storefronts from which other platform users can purchase goods or services.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.008.md b/generated_pages/techniques/T0148.008.md
index 6ccdd88..2fd5322 100644
--- a/generated_pages/techniques/T0148.008.md
+++ b/generated_pages/techniques/T0148.008.md
@@ -2,7 +2,7 @@
* **Summary**: Coinbase and Kraken are examples of Cryptocurrency Exchange Platforms.
Cryptocurrency Exchange Platforms provide users a digital marketplace where they can buy, sell, and trade cryptocurrencies, such as Bitcoin or Ethereum.
Some Cryptocurrency Exchange Platforms allow users to create a Cryptocurrency Wallet.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.009.md b/generated_pages/techniques/T0148.009.md
index 9c0ca6c..036fe8d 100644
--- a/generated_pages/techniques/T0148.009.md
+++ b/generated_pages/techniques/T0148.009.md
@@ -2,7 +2,7 @@
* **Summary**: A Cryptocurrency Wallet is a digital tool that allows users to store, send, and receive cryptocurrencies. It manages private and public keys, enabling secure access to a user's crypto assets.
An influence operation might use cryptocurrency to conceal that they are conducting operational activities, building assets, or sponsoring aligning entities.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0148.md b/generated_pages/techniques/T0148.md
index 339b40f..a5e478f 100644
--- a/generated_pages/techniques/T0148.md
+++ b/generated_pages/techniques/T0148.md
@@ -2,7 +2,7 @@
* **Summary**: A Financial Instrument is a platform or software that facilitates the sending, receiving, and management of money, enabling financial transactions between users or organisations.
Threat actors can deploy financial instruments legitimately to manage their own finances or illegitimately to support fraud schemes.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.001.md b/generated_pages/techniques/T0149.001.md
index 5e5ee9b..71803ad 100644
--- a/generated_pages/techniques/T0149.001.md
+++ b/generated_pages/techniques/T0149.001.md
@@ -2,7 +2,7 @@
* **Summary**: A Domain is a web address (such as “google[.]com”), used to navigate to Websites on the internet.
Domains differ from Websites in that Websites are considered to be developed web pages which host content, whereas Domains do not necessarily host public-facing web content.
A threat actor may register a new domain to bypass the old domain being blocked.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.002.md b/generated_pages/techniques/T0149.002.md
index 388a9a0..5ac9ce3 100644
--- a/generated_pages/techniques/T0149.002.md
+++ b/generated_pages/techniques/T0149.002.md
@@ -2,7 +2,7 @@
* **Summary**: An Email Domain is a Domain (such as “meta[.]com”) which has the ability to send emails (e.g. from an @meta[.]com address).
Any Domain which has an MX (Mail Exchange) record and configured SMTP (Simple Mail Transfer Protocol) settings can send and receive emails, and is therefore an Email Domain.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.003.md b/generated_pages/techniques/T0149.003.md
index 13ee788..40f336c 100644
--- a/generated_pages/techniques/T0149.003.md
+++ b/generated_pages/techniques/T0149.003.md
@@ -2,7 +2,7 @@
* **Summary**: A Lookalike Domain is a Domain which is visually similar to another Domain, with the potential for web users to mistake one domain for the other.
Threat actors who want to impersonate organisations’ websites have been observed using a variety of domain impersonation methods. For example, actors wanting to create a domain impersonating netflix.com may use methods such as typosquatting (e.g. n3tflix.com), combosquatting (e.g. netflix-billing.com), or TLD swapping (e.g. netflix.top).
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.004.md b/generated_pages/techniques/T0149.004.md
index d378b7f..2ef7014 100644
--- a/generated_pages/techniques/T0149.004.md
+++ b/generated_pages/techniques/T0149.004.md
@@ -2,7 +2,7 @@
* **Summary**: A Redirecting Domain is a Domain which has been configured to redirect users to another Domain when visited.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.005.md b/generated_pages/techniques/T0149.005.md
index bd567e2..a0d4fb9 100644
--- a/generated_pages/techniques/T0149.005.md
+++ b/generated_pages/techniques/T0149.005.md
@@ -2,7 +2,7 @@
* **Summary**: A Server is a computer which provides resources, services, or data to other computers over a network. There are different types of servers, such as web servers (which serve web pages and applications to users), database servers (which manage and provide access to databases), and file servers (which store and share files across a network).
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.006.md b/generated_pages/techniques/T0149.006.md
index d2b13a7..4f97af5 100644
--- a/generated_pages/techniques/T0149.006.md
+++ b/generated_pages/techniques/T0149.006.md
@@ -2,7 +2,7 @@
* **Summary**: An IP Address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. IP addresses are commonly a part of any online infrastructure.
IP addresses can be in IPV4 dotted decimal (x.x.x.x) or IPV6 colon-separated hexadecimal (y:y:y:y:y:y:y:y) formats.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.007.md b/generated_pages/techniques/T0149.007.md
index df549cd..0dd84cb 100644
--- a/generated_pages/techniques/T0149.007.md
+++ b/generated_pages/techniques/T0149.007.md
@@ -2,7 +2,7 @@
* **Summary**: A VPN (Virtual Private Network) is a service which creates secure, encrypted connections over the internet, allowing users to transmit data safely and access network resources remotely. It masks IP Addresses, enhancing privacy and security by preventing unauthorised access and tracking. VPNs are commonly used for protecting sensitive information, bypassing geographic restrictions, and maintaining online anonymity.
VPNs can also allow a threat actor to pose as if they are located in one country while in reality being based in another. By doing so, they can try to either mis-attribute their activities to another actor or better hide their own identity.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.008.md b/generated_pages/techniques/T0149.008.md
index 3eb3261..f015cfc 100644
--- a/generated_pages/techniques/T0149.008.md
+++ b/generated_pages/techniques/T0149.008.md
@@ -2,7 +2,7 @@
* **Summary**: A Proxy IP Address allows a threat actor to mask their real IP Address by putting a layer between them and the online content they’re connecting with.
Proxy IP Addresses can hide the connection between the threat actor and their online infrastructure.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.009.md b/generated_pages/techniques/T0149.009.md
index 4346ef6..15613ed 100644
--- a/generated_pages/techniques/T0149.009.md
+++ b/generated_pages/techniques/T0149.009.md
@@ -2,7 +2,7 @@
* **Summary**: An Internet Connected Physical Asset (sometimes referred to as IoT (Internet of Things)) is a physical asset which has internet connectivity to support online features, such as digital signage, wireless printers, and smart TVs.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0149.md b/generated_pages/techniques/T0149.md
index 158cfb3..43ac009 100644
--- a/generated_pages/techniques/T0149.md
+++ b/generated_pages/techniques/T0149.md
@@ -2,7 +2,7 @@
* **Summary**: Online Infrastructure consists of technical assets which enable online activity, such as domains, servers, and IP addresses.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.001.md b/generated_pages/techniques/T0150.001.md
index b436cc4..d5eebb5 100644
--- a/generated_pages/techniques/T0150.001.md
+++ b/generated_pages/techniques/T0150.001.md
@@ -2,7 +2,7 @@
* **Summary**: A Newly Created Asset is an asset which has been created and used for the first time in a documented potential incident.
For example, analysts which can identify a recent creation date of Accounts participating in the spread of a new narrative can assert these are Newly Created Assets.
Analysts should use Dormant if the asset was created and laid dormant for an extended period of time before activity.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.002.md b/generated_pages/techniques/T0150.002.md
index 0be47a9..172e025 100644
--- a/generated_pages/techniques/T0150.002.md
+++ b/generated_pages/techniques/T0150.002.md
@@ -2,7 +2,7 @@
* **Summary**: A Dormant Asset is an asset which was inactive for an extended period before being used in a documented potential incident.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.003.md b/generated_pages/techniques/T0150.003.md
index 5e3d4c7..c9675b2 100644
--- a/generated_pages/techniques/T0150.003.md
+++ b/generated_pages/techniques/T0150.003.md
@@ -2,7 +2,7 @@
* **Summary**: Pre-Existing Assets are assets which existed before the observed incident which have not been Repurposed; i.e. they are still being used for their original purpose.
An example could be an Account which presented itself with a Journalist Persona prior to and during the observed potential incident.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.004.md b/generated_pages/techniques/T0150.004.md
index ba7c720..44cec7c 100644
--- a/generated_pages/techniques/T0150.004.md
+++ b/generated_pages/techniques/T0150.004.md
@@ -2,7 +2,7 @@
* **Summary**: Repurposed Assets are assets which have been identified as being used previously, but are now being used for different purposes, or have new Presented Personas.
Actors have been documented compromising assets, and then repurposing them to present Inauthentic Personas as part of their operations.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.005.md b/generated_pages/techniques/T0150.005.md
index 3ad962c..6d6c551 100644
--- a/generated_pages/techniques/T0150.005.md
+++ b/generated_pages/techniques/T0150.005.md
@@ -2,7 +2,7 @@
* **Summary**: A Compromised Asset is an asset which was originally created or belonged to another person or organisation, but which an actor has gained access to without their consent.
See also MITRE ATT&CK T1708: Valid Accounts.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.006.md b/generated_pages/techniques/T0150.006.md
index bf430f7..d1f3269 100644
--- a/generated_pages/techniques/T0150.006.md
+++ b/generated_pages/techniques/T0150.006.md
@@ -2,7 +2,7 @@
* **Summary**: A Purchased Asset is an asset which actors paid for the ownership of.
For example, threat actors have been observed selling compromised social media accounts on dark web marketplaces, which can be used to disguise operation activity.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.007.md b/generated_pages/techniques/T0150.007.md
index c9988ae..fd5778b 100644
--- a/generated_pages/techniques/T0150.007.md
+++ b/generated_pages/techniques/T0150.007.md
@@ -2,7 +2,7 @@
* **Summary**: A Rented Asset is an asset which actors are temporarily renting or subscribing to.
For example, threat actors have been observed renting temporary access to legitimate accounts on online platforms in order to disguise operation activity.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.008.md b/generated_pages/techniques/T0150.008.md
index f283df4..0a530e2 100644
--- a/generated_pages/techniques/T0150.008.md
+++ b/generated_pages/techniques/T0150.008.md
@@ -2,7 +2,7 @@
* **Summary**: A Bulk Created Asset is an asset which was created alongside many other instances of the same asset.
Actors have been observed bulk creating Accounts on Social Media Platforms such as Facebook. Indicators of bulk asset creation include its creation date, assets’ naming conventions, their configuration (e.g. templated personas, visually similar profile pictures), or their activity (e.g. post timings, narratives posted).
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques/T0150.md b/generated_pages/techniques/T0150.md
index e28be6a..c7a678d 100644
--- a/generated_pages/techniques/T0150.md
+++ b/generated_pages/techniques/T0150.md
@@ -2,7 +2,7 @@
* **Summary**: Asset Origin contains a list of ways that an actor can obtain an asset. For example, they can create new accounts on online platforms, or they can compromise existing accounts or websites.
-* **Belongs to tactic stage**: TA06
+* **Belongs to tactic stage**: TA15
| Incident | Descriptions given for this incident |
diff --git a/generated_pages/techniques_index.md b/generated_pages/techniques_index.md
index b416265..b236449 100644
--- a/generated_pages/techniques_index.md
+++ b/generated_pages/techniques_index.md
@@ -1805,253 +1805,253 @@
An Account is a user-specific profile that allows access to the features and services of an online platform, typically requiring a username and password for authentication.
Many online platforms allow users to create free accounts on their platform. A Free Account is an Account which does not require payment at account creation and is not subscribed to paid platform features.
Some online platforms afford accounts extra features, or other benefits, if the user pays a fee. For example, as of September 2024, content posted by a Paid Account on X (previously Twitter) is prioritised in the platform’s algorithm.
Some online platforms apply badges of verification to accounts which meet certain criteria.
On some platforms (such as dating apps) a verification badge signifies that the account has passed the platform’s identity verification checks. On some platforms (such as X (previously Twitter)) a verification badge signifies that an account has paid for the platform’s service.
Some accounts will have special privileges / will be in control of the Digital Community Hosting Asset; for example, the Admin of a Facebook Page, a Moderator of a Subreddit, etc. etc.
Many platforms which host online communities require creation of a username (or another unique identifier) when an Account is created.
Sometimes people create usernames which are visually similar to other existing accounts’ usernames. While this is not necessarily an indicator of malicious behaviour, actors can create Lookalike Account IDs to support Impersonations or Parody.
Some online platforms allow users to take advantage of the platform’s features without creating an account. Examples include the Paste Platform Pastebin, and the Image Board Platforms 4chan and 8chan.
An Automated Account is an account which is displaying automated behaviour, such as republishing or liking other accounts’ content, or publishing their own content.
A Software is a program developed to run on computers or devices that helps users achieve specific goals, such as improving productivity, automating tasks, or having fun.
A Game Mod is a modification which can be applied to a Game or Multiplayer Online Game to add new content or functionality to the game.
Users can Modify Games to introduce new content to the game. Modified Games can be distributed on Software Delivery Platforms such as Steam or can be distributed within the Game or Multiplayer Online Game.
A Financial Instrument is a platform or software that facilitates the sending, receiving, and management of money, enabling financial transactions between users or organisations.
Threat actors can deploy financial instruments legitimately to manage their own finances or illegitimately to support fraud schemes.
Online Banking Platforms are spaces provided by banks for their customers to manage their Bank Account online.
The Online Banking Platforms available differ by country. In the United Kingdom, examples of banking institutions which provide Online Banking Platforms include Lloyds, Barclays, and Monzo. In the United States, examples include Citibank, Chase, and Capital One.
A Bank Account is a financial account that allows individuals or organisations to store, manage, and access their money, typically for saving, spending, or investment purposes.
Stripe, Paypal, and Apple Pay, Chargebee, Recurly and Zuora are examples of Payment Processing Platforms.
Payment Processing Platforms produce programs providing Payment Processing or Subscription Processing capabilities which actors can use to set up online storefronts, or to take donations.
A Payment Processing Capability is a feature of online platforms or software which enables the processing of one-off payments (e.g. an online checkout, or donation processing page).
Payment Processing Capabilities can enable platform users to purchase products or services or can facilitate donations to a given cause.
Kickstarter and GoFundMe are examples of Crowdfunding Platforms.
Crowdfunding Platforms enable users with Accounts to create projects for other platform users to finance, usually in exchange for access to fruits of the project.
Coinbase and Kraken are examples of Cryptocurrency Exchange Platforms.
Cryptocurrency Exchange Platforms provide users a digital marketplace where they can buy, sell, and trade cryptocurrencies, such as Bitcoin or Ethereum.
Some Cryptocurrency Exchange Platforms allow users to create a Cryptocurrency Wallet.
A Cryptocurrency Wallet is a digital tool that allows users to store, send, and receive cryptocurrencies. It manages private and public keys, enabling secure access to a user's crypto assets.
An influence operation might use cryptocurrency to conceal that they are conducting operational activities, building assets, or sponsoring aligning entities.
A Domain is a web address (such as “google[.]com”), used to navigate to Websites on the internet.
Domains differ from Websites in that Websites are considered to be developed web pages which host content, whereas Domains do not necessarily host public-facing web content.
A threat actor may register a new domain to bypass the old domain being blocked.
An Email Domain is a Domain (such as “meta[.]com”) which has the ability to send emails (e.g. from an @meta[.]com address).
Any Domain which has an MX (Mail Exchange) record and configured SMTP (Simple Mail Transfer Protocol) settings can send and receive emails, and is therefore an Email Domain.
A Lookalike Domain is a Domain which is visually similar to another Domain, with the potential for web users to mistake one domain for the other.
Threat actors who want to impersonate organisations’ websites have been observed using a variety of domain impersonation methods. For example, actors wanting to create a domain impersonating netflix.com may use methods such as typosquatting (e.g. n3tflix.com), combosquatting (e.g. netflix-billing.com), or TLD swapping (e.g. netflix.top).
A Server is a computer which provides resources, services, or data to other computers over a network. There are different types of servers, such as web servers (which serve web pages and applications to users), database servers (which manage and provide access to databases), and file servers (which store and share files across a network).
An IP Address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. IP addresses are commonly a part of any online infrastructure.
IP addresses can be in IPV4 dotted decimal (x.x.x.x) or IPV6 colon-separated hexadecimal (y:y:y:y:y:y:y:y) formats.
A VPN (Virtual Private Network) is a service which creates secure, encrypted connections over the internet, allowing users to transmit data safely and access network resources remotely. It masks IP Addresses, enhancing privacy and security by preventing unauthorised access and tracking. VPNs are commonly used for protecting sensitive information, bypassing geographic restrictions, and maintaining online anonymity.
VPNs can also allow a threat actor to pose as if they are located in one country while in reality being based in another. By doing so, they can try to either mis-attribute their activities to another actor or better hide their own identity.
An Internet Connected Physical Asset (sometimes referred to as IoT (Internet of Things)) is a physical asset which has internet connectivity to support online features, such as digital signage, wireless printers, and smart TVs.
Asset Origin contains a list of ways that an actor can obtain an asset. For example, they can create new accounts on online platforms, or they can compromise existing accounts or websites.
A Newly Created Asset is an asset which has been created and used for the first time in a documented potential incident.
For example, analysts which can identify a recent creation date of Accounts participating in the spread of a new narrative can assert these are Newly Created Assets.
Analysts should use Dormant if the asset was created and laid dormant for an extended period of time before activity.
Pre-Existing Assets are assets which existed before the observed incident which have not been Repurposed; i.e. they are still being used for their original purpose.
An example could be an Account which presented itself with a Journalist Persona prior to and during the observed potential incident.
Repurposed Assets are assets which have been identified as being used previously, but are now being used for different purposes, or have new Presented Personas.
Actors have been documented compromising assets, and then repurposing them to present Inauthentic Personas as part of their operations.
A Compromised Asset is an asset which was originally created or belonged to another person or organisation, but which an actor has gained access to without their consent.
A Purchased Asset is an asset which actors paid for the ownership of.
For example, threat actors have been observed selling compromised social media accounts on dark web marketplaces, which can be used to disguise operation activity.
A Rented Asset is an asset which actors are temporarily renting or subscribing to.
For example, threat actors have been observed renting temporary access to legitimate accounts on online platforms in order to disguise operation activity.
A Bulk Created Asset is an asset which was created alongside many other instances of the same asset.
Actors have been observed bulk creating Accounts on Social Media Platforms such as Facebook. Indicators of bulk asset creation include its creation date, assets’ naming conventions, their configuration (e.g. templated personas, visually similar profile pictures), or their activity (e.g. post timings, narratives posted).