Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2025-01-22 20:51:13 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

update stix descriptions

Browse Source
This commit is contained in:
VVX7 2022-07-02 16:01:17 -04:00
parent c888a7d6f4
commit ba1ccf25a2
626 changed files with 7817 additions and 7991 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CODE/DISARM-STIX2/objects/technique.py
View File

@ -43,7 +43,7 @@ def make_disarm_techniques(data):
technique = AttackPattern(
name=f"{t[1]}",
description=f"{t[3]}",
description=f"{t[4]}",
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity(),

178
CODE/generate_DISARM_pages.ipynb
View File

@ -18,7 +18,7 @@
},
{
"cell_type": "code",
"execution_count": 3,
"execution_count": 2,
"metadata": {
"scrolled": true
},
@ -35,182 +35,8 @@
"updated ../generated_pages/phases_index.md\n",
"Temp: objecttype tactic\n",
"updated ../generated_pages/tactics_index.md\n",
"Updating ../generated_pages/tactics/TA02.md\n",
"Updating ../generated_pages/tactics/TA05.md\n",
"Updating ../generated_pages/tactics/TA06.md\n",
"Updating ../generated_pages/tactics/TA07.md\n",
"Updating ../generated_pages/tactics/TA09.md\n",
"Updating ../generated_pages/tactics/TA10.md\n",
"Updating ../generated_pages/tactics/TA11.md\n",
"Updating ../generated_pages/tactics/TA12.md\n",
"Updating ../generated_pages/tactics/TA13.md\n",
"Updating ../generated_pages/tactics/TA14.md\n",
"Updating ../generated_pages/tactics/TA15.md\n",
"Updating ../generated_pages/tactics/TA16.md\n",
"Updating ../generated_pages/tactics/TA17.md\n",
"Updating ../generated_pages/tactics/TA18.md\n",
"Temp: objecttype technique\n",
"updated ../generated_pages/techniques_index.md\n",
"Updating ../generated_pages/techniques/T0009.001.md\n",
"Updating ../generated_pages/techniques/T0014.001.md\n",
"Updating ../generated_pages/techniques/T0014.002.md\n",
"Updating ../generated_pages/techniques/T0017.001.md\n",
"Updating ../generated_pages/techniques/T0019.001.md\n",
"Updating ../generated_pages/techniques/T0019.002.md\n",
"Updating ../generated_pages/techniques/T0022.001.md\n",
"Updating ../generated_pages/techniques/T0022.002.md\n",
"Updating ../generated_pages/techniques/T0023.001.md\n",
"Updating ../generated_pages/techniques/T0023.002.md\n",
"Updating ../generated_pages/techniques/T0043.001.md\n",
"Updating ../generated_pages/techniques/T0043.002.md\n",
"Updating ../generated_pages/techniques/T0048.001.md\n",
"Updating ../generated_pages/techniques/T0048.002.md\n",
"Updating ../generated_pages/techniques/T0048.003.md\n",
"Updating ../generated_pages/techniques/T0048.004.md\n",
"Updating ../generated_pages/techniques/T0049.001.md\n",
"Updating ../generated_pages/techniques/T0049.002.md\n",
"Updating ../generated_pages/techniques/T0049.003.md\n",
"Updating ../generated_pages/techniques/T0049.004.md\n",
"Updating ../generated_pages/techniques/T0049.005.md\n",
"Updating ../generated_pages/techniques/T0049.006.md\n",
"Updating ../generated_pages/techniques/T0049.007.md\n",
"Updating ../generated_pages/techniques/T0057.001.md\n",
"Updating ../generated_pages/techniques/T0057.002.md\n",
"Updating ../generated_pages/techniques/T0061.001.md\n",
"Updating ../generated_pages/techniques/T0072.001.md\n",
"Updating ../generated_pages/techniques/T0072.002.md\n",
"Updating ../generated_pages/techniques/T0072.003.md\n",
"Updating ../generated_pages/techniques/T0072.004.md\n",
"Updating ../generated_pages/techniques/T0072.005.md\n",
"Updating ../generated_pages/techniques/T0075.001.md\n",
"Updating ../generated_pages/techniques/T0080.001.md\n",
"Updating ../generated_pages/techniques/T0080.002.md\n",
"Updating ../generated_pages/techniques/T0080.003.md\n",
"Updating ../generated_pages/techniques/T0080.004.md\n",
"Updating ../generated_pages/techniques/T0080.005.md\n",
"Updating ../generated_pages/techniques/T0081.001.md\n",
"Updating ../generated_pages/techniques/T0081.002.md\n",
"Updating ../generated_pages/techniques/T0081.003.md\n",
"Updating ../generated_pages/techniques/T0081.004.md\n",
"Updating ../generated_pages/techniques/T0081.005.md\n",
"Updating ../generated_pages/techniques/T0081.006.md\n",
"Updating ../generated_pages/techniques/T0081.007.md\n",
"Updating ../generated_pages/techniques/T0081.008.md\n",
"Updating ../generated_pages/techniques/T0084.001.md\n",
"Updating ../generated_pages/techniques/T0084.002.md\n",
"Updating ../generated_pages/techniques/T0084.003.md\n",
"Updating ../generated_pages/techniques/T0084.004.md\n",
"Updating ../generated_pages/techniques/T0085.001.md\n",
"Updating ../generated_pages/techniques/T0085.002.md\n",
"Updating ../generated_pages/techniques/T0085.003.md\n",
"Updating ../generated_pages/techniques/T0086.001.md\n",
"Updating ../generated_pages/techniques/T0086.002.md\n",
"Updating ../generated_pages/techniques/T0086.003.md\n",
"Updating ../generated_pages/techniques/T0086.004.md\n",
"Updating ../generated_pages/techniques/T0087.001.md\n",
"Updating ../generated_pages/techniques/T0087.002.md\n",
"Updating ../generated_pages/techniques/T0088.001.md\n",
"Updating ../generated_pages/techniques/T0088.002.md\n",
"Updating ../generated_pages/techniques/T0089.001.md\n",
"Updating ../generated_pages/techniques/T0089.002.md\n",
"Updating ../generated_pages/techniques/T0089.003.md\n",
"Updating ../generated_pages/techniques/T0090.001.md\n",
"Updating ../generated_pages/techniques/T0090.002.md\n",
"Updating ../generated_pages/techniques/T0090.003.md\n",
"Updating ../generated_pages/techniques/T0090.004.md\n",
"Updating ../generated_pages/techniques/T0091.001.md\n",
"Updating ../generated_pages/techniques/T0091.002.md\n",
"Updating ../generated_pages/techniques/T0091.003.md\n",
"Updating ../generated_pages/techniques/T0092.001.md\n",
"Updating ../generated_pages/techniques/T0092.002.md\n",
"Updating ../generated_pages/techniques/T0092.003.md\n",
"Updating ../generated_pages/techniques/T0093.001.md\n",
"Updating ../generated_pages/techniques/T0093.002.md\n",
"Updating ../generated_pages/techniques/T0094.001.md\n",
"Updating ../generated_pages/techniques/T0094.002.md\n",
"Updating ../generated_pages/techniques/T0096.001.md\n",
"Updating ../generated_pages/techniques/T0096.002.md\n",
"Updating ../generated_pages/techniques/T0097.001.md\n",
"Updating ../generated_pages/techniques/T0098.001.md\n",
"Updating ../generated_pages/techniques/T0098.002.md\n",
"Updating ../generated_pages/techniques/T0099.001.md\n",
"Updating ../generated_pages/techniques/T0099.002.md\n",
"Updating ../generated_pages/techniques/T0100.001.md\n",
"Updating ../generated_pages/techniques/T0100.002.md\n",
"Updating ../generated_pages/techniques/T0100.003.md\n",
"Updating ../generated_pages/techniques/T0102.001.md\n",
"Updating ../generated_pages/techniques/T0102.002.md\n",
"Updating ../generated_pages/techniques/T0102.003.md\n",
"Updating ../generated_pages/techniques/T0103.001.md\n",
"Updating ../generated_pages/techniques/T0103.002.md\n",
"Updating ../generated_pages/techniques/T0104.001.md\n",
"Updating ../generated_pages/techniques/T0104.002.md\n",
"Updating ../generated_pages/techniques/T0104.003.md\n",
"Updating ../generated_pages/techniques/T0104.004.md\n",
"Updating ../generated_pages/techniques/T0104.005.md\n",
"Updating ../generated_pages/techniques/T0104.006.md\n",
"Updating ../generated_pages/techniques/T0105.001.md\n",
"Updating ../generated_pages/techniques/T0105.002.md\n",
"Updating ../generated_pages/techniques/T0105.003.md\n",
"Updating ../generated_pages/techniques/T0106.001.md\n",
"Updating ../generated_pages/techniques/T0111.001.md\n",
"Updating ../generated_pages/techniques/T0111.002.md\n",
"Updating ../generated_pages/techniques/T0111.003.md\n",
"Updating ../generated_pages/techniques/T0114.001.md\n",
"Updating ../generated_pages/techniques/T0114.002.md\n",
"Updating ../generated_pages/techniques/T0115.001.md\n",
"Updating ../generated_pages/techniques/T0115.002.md\n",
"Updating ../generated_pages/techniques/T0115.003.md\n",
"Updating ../generated_pages/techniques/T0116.001.md\n",
"Updating ../generated_pages/techniques/T0119.001.md\n",
"Updating ../generated_pages/techniques/T0119.002.md\n",
"Updating ../generated_pages/techniques/T0119.003.md\n",
"Updating ../generated_pages/techniques/T0120.001.md\n",
"Updating ../generated_pages/techniques/T0120.002.md\n",
"Updating ../generated_pages/techniques/T0121.001.md\n",
"Updating ../generated_pages/techniques/T0123.001.md\n",
"Updating ../generated_pages/techniques/T0123.002.md\n",
"Updating ../generated_pages/techniques/T0123.003.md\n",
"Updating ../generated_pages/techniques/T0123.004.md\n",
"Updating ../generated_pages/techniques/T0124.001.md\n",
"Updating ../generated_pages/techniques/T0124.002.md\n",
"Updating ../generated_pages/techniques/T0124.003.md\n",
"Updating ../generated_pages/techniques/T0126.001.md\n",
"Updating ../generated_pages/techniques/T0126.002.md\n",
"Updating ../generated_pages/techniques/T0127.001.md\n",
"Updating ../generated_pages/techniques/T0127.002.md\n",
"Updating ../generated_pages/techniques/T0128.001.md\n",
"Updating ../generated_pages/techniques/T0128.002.md\n",
"Updating ../generated_pages/techniques/T0128.003.md\n",
"Updating ../generated_pages/techniques/T0128.004.md\n",
"Updating ../generated_pages/techniques/T0128.005.md\n",
"Updating ../generated_pages/techniques/T0129.001.md\n",
"Updating ../generated_pages/techniques/T0129.002.md\n",
"Updating ../generated_pages/techniques/T0129.003.md\n",
"Updating ../generated_pages/techniques/T0129.004.md\n",
"Updating ../generated_pages/techniques/T0129.005.md\n",
"Updating ../generated_pages/techniques/T0129.006.md\n",
"Updating ../generated_pages/techniques/T0129.007.md\n",
"Updating ../generated_pages/techniques/T0129.008.md\n",
"Updating ../generated_pages/techniques/T0129.009.md\n",
"Updating ../generated_pages/techniques/T0129.010.md\n",
"Updating ../generated_pages/techniques/T0130.001.md\n",
"Updating ../generated_pages/techniques/T0130.002.md\n",
"Updating ../generated_pages/techniques/T0130.003.md\n",
"Updating ../generated_pages/techniques/T0130.004.md\n",
"Updating ../generated_pages/techniques/T0130.005.md\n",
"Updating ../generated_pages/techniques/T0131.001.md\n",
"Updating ../generated_pages/techniques/T0131.002.md\n",
"Updating ../generated_pages/techniques/T0132.001.md\n",
"Updating ../generated_pages/techniques/T0132.002.md\n",
"Updating ../generated_pages/techniques/T0132.003.md\n",
"Updating ../generated_pages/techniques/T0133.001.md\n",
"Updating ../generated_pages/techniques/T0133.002.md\n",
"Updating ../generated_pages/techniques/T0133.003.md\n",
"Updating ../generated_pages/techniques/T0133.004.md\n",
"Updating ../generated_pages/techniques/T0133.005.md\n",
"Updating ../generated_pages/techniques/T0134.001.md\n",
"Updating ../generated_pages/techniques/T0134.002.md\n",
"Temp: objecttype task\n",
"updated ../generated_pages/tasks_index.md\n",
"Temp: objecttype incident\n",
@ -244,7 +70,7 @@
},
{
"cell_type": "code",
"execution_count": 5,
"execution_count": 3,
"metadata": {},
"outputs": [],
"source": [

4896
generated_files/DISARM_STIX/DISARM.json
View File

File diff suppressed because it is too large Load Diff

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3e90bec9-e228-43cf-9e41-699d297b5a90.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--01643bc5-725d-4764-a19b-2bb004359165.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--cdbd31fb-ca8f-4c59-8239-3fcc1ff43856",
"id": "bundle--780bb150-7915-4730-8030-d47484f40929",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3e90bec9-e228-43cf-9e41-699d297b5a90",
"created_by_ref": "identity--4e55beeb-395d-4f2c-91a4-bfa099ef266e",
"created": "2022-07-02T19:37:33.828344Z",
"modified": "2022-07-02T19:37:33.828344Z",
"id": "attack-pattern--01643bc5-725d-4764-a19b-2bb004359165",
"created_by_ref": "identity--09650018-a5d0-4735-85b3-5339986d0d48",
"created": "2022-07-02T19:59:12.630712Z",
"modified": "2022-07-02T19:59:12.630712Z",
"name": "Use fake experts",
"description": "TA08",
"description": "Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give \"credility\" to misinformation. Take advantage of credential bias",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--5b2990ee-2a51-40fb-aa27-e6a4451c863f"
"marking-definition--77fae784-a245-4fbc-a20e-5d81073ddd34"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--294a0fc6-e1c0-4207-ad7d-02739a4d2585.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--01ca6965-45eb-49e0-85c3-64092e2fc7cf.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--f7c081d6-7bad-4a2d-b819-77b322577e94",
"id": "bundle--a23a6fb2-4f53-457c-b689-92f55fa5ce50",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--294a0fc6-e1c0-4207-ad7d-02739a4d2585",
"created_by_ref": "identity--e3e13768-4a01-4e88-bc27-7f2bffe670ef",
"created": "2022-07-02T19:37:33.834767Z",
"modified": "2022-07-02T19:37:33.834767Z",
"id": "attack-pattern--01ca6965-45eb-49e0-85c3-64092e2fc7cf",
"created_by_ref": "identity--96689995-f346-45dd-b3e3-74d7709ce2e2",
"created": "2022-07-02T19:59:12.635921Z",
"modified": "2022-07-02T19:59:12.635921Z",
"name": "Inauthentic Sites Amplify News and Narratives",
"description": "TA17",
"description": "Inauthentic sites circulate cross-post stories and amplify narratives. Often these sites have no masthead, bylines or attribution.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--1515ce37-dbd3-4052-a8d2-8f7e4c1b1cc7"
"marking-definition--a6ea8e2e-a42e-4604-8cca-2501fc436c9e"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8dae3cdc-dad5-42d5-9f78-a69eaa8ebfd6.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--02b93bbb-3137-4ffe-8644-599e9a3bec76.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--4c28f8a1-92b2-437b-847c-8af3f2da8c50",
"id": "bundle--6f5bd173-8163-4326-b713-84abb11b52a0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8dae3cdc-dad5-42d5-9f78-a69eaa8ebfd6",
"created_by_ref": "identity--b8c4ad76-fd37-42e7-b4ac-b1ef98757be0",
"created": "2022-07-02T19:37:33.855155Z",
"modified": "2022-07-02T19:37:33.855155Z",
"id": "attack-pattern--02b93bbb-3137-4ffe-8644-599e9a3bec76",
"created_by_ref": "identity--38991d54-70c6-46dc-8440-769b6b53d5cc",
"created": "2022-07-02T19:59:12.652098Z",
"modified": "2022-07-02T19:59:12.652098Z",
"name": "Develop AI-Generated Text",
"description": "TA06",
"description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--a7747ff0-84a2-46a4-b52a-7830df04df11"
"marking-definition--4c039358-d5cf-42c1-8a02-df8e684133a9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b3f45d94-43fb-4095-be5f-3ce7dc7fed34.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0388aa19-891a-4849-87c0-ec074291bb94.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--e5897000-7a2c-4d4e-9652-bc3e2bd91fd4",
"id": "bundle--d3ab6a3d-ccbf-423c-b159-da4ac34e2033",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b3f45d94-43fb-4095-be5f-3ce7dc7fed34",
"created_by_ref": "identity--63489239-e92e-4334-88a6-0247dfa673cc",
"created": "2022-07-02T19:37:33.830884Z",
"modified": "2022-07-02T19:37:33.830884Z",
"id": "attack-pattern--0388aa19-891a-4849-87c0-ec074291bb94",
"created_by_ref": "identity--cb1f3576-d500-4171-a245-d130ee1fc562",
"created": "2022-07-02T19:59:12.63269Z",
"modified": "2022-07-02T19:59:12.63269Z",
"name": "Threaten to Dox",
"description": "TA18",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--371fa8c4-3cd7-42f6-8b9b-4b9bb438f328"
"marking-definition--93e3de6b-997a-4e47-a293-8f72a1427a0c"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--d13641e1-177e-4469-b90f-3ec69e4f0632.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--040a03ef-81da-47f1-a2ab-f9ebf7f08148.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--e94c2eba-bd83-47c2-a14e-38817b6175de",
"id": "bundle--44255588-d661-4d70-95b3-5ee79737f2b7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d13641e1-177e-4469-b90f-3ec69e4f0632",
"created_by_ref": "identity--487faac6-1de4-40c7-9f80-4c1dc8200d1d",
"created": "2022-07-02T19:37:33.903197Z",
"modified": "2022-07-02T19:37:33.903197Z",
"id": "attack-pattern--040a03ef-81da-47f1-a2ab-f9ebf7f08148",
"created_by_ref": "identity--5113455d-517f-49b9-bfe1-f35cbaee0e2a",
"created": "2022-07-02T19:59:12.72771Z",
"modified": "2022-07-02T19:59:12.72771Z",
"name": "Platform Filtering",
"description": "TA18",
"description": "Platform filtering refers to the decontextualization of information as claims cross platforms (from Joan Donovan https://www.hks.harvard.edu/publications/disinformation-design-use-evidence-collages-and-platform-filtering-media-manipulation)",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--b41f91db-c2dd-4d51-99cb-38371f8ec1bc"
"marking-definition--01509a69-bb7d-4375-8897-854442ab3281"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0462b73a-aeff-499d-8225-28c3b2b597dd.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--7e172324-ca0f-4eda-9b54-db0b70bad473",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0462b73a-aeff-499d-8225-28c3b2b597dd",
"created_by_ref": "identity--1951e8a0-8be6-478d-87c0-253744c2b5de",
"created": "2022-07-02T19:37:33.901896Z",
"modified": "2022-07-02T19:37:33.901896Z",
"name": "Report Non-Violative Opposing Content",
"description": "TA18",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0124.001.md",
"external_id": "T0124.001"
}
],
"object_marking_refs": [
"marking-definition--239d058e-b04f-4bae-9366-009340fb06da"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--04f0b6bb-47f6-430e-ae9d-0a4188eb9388.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fda04a82-85ea-4408-b912-011d1ecb5392",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--04f0b6bb-47f6-430e-ae9d-0a4188eb9388",
"created_by_ref": "identity--fe8c27c2-1bdd-414a-93dd-66ec0d533603",
"created": "2022-07-02T19:59:12.62135Z",
"modified": "2022-07-02T19:59:12.62135Z",
"name": "Prepare fundraising campaigns",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns (see: Develop Information Pathways) to promote operation messaging while raising money to support its activities. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0014.md",
"external_id": "T0014"
}
],
"object_marking_refs": [
"marking-definition--42c8712c-2f42-4330-91db-3a94fc739a16"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--76adf1e7-e3b7-41ce-9449-ca541f9bacaf.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--05792c90-5f5a-42e3-b7bf-b50284f7225e.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--7bff4702-e8f2-47ce-b4cc-b2fe943511b0",
"id": "bundle--7a348cfb-52a6-46d8-8497-4eabb605157f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--76adf1e7-e3b7-41ce-9449-ca541f9bacaf",
"created_by_ref": "identity--d6087833-d423-4155-b295-c88fa5d0c05a",
"created": "2022-07-02T19:37:33.904871Z",
"modified": "2022-07-02T19:37:33.904871Z",
"id": "attack-pattern--05792c90-5f5a-42e3-b7bf-b50284f7225e",
"created_by_ref": "identity--811faa7c-8fd8-48e8-be93-fa69c386dd9e",
"created": "2022-07-02T19:59:12.729033Z",
"modified": "2022-07-02T19:59:12.729033Z",
"name": "Physical Violence",
"description": "TA10",
"description": "Physical violence refers to the use of force to injure, abuse, damage, or destroy. An influence operation may conduct or encourage physical violence to discourage opponents from promoting conflicting content or draw attention to operation narratives using shock value. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--13077a54-604e-4efb-932f-74bfbc786d14"
"marking-definition--9f29a434-5df1-4abb-9a96-670e46ca3ede"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--26e71dc7-967b-4e91-8115-c3ef95965a85.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--063e1fbb-d23c-404a-a9b0-bfb3bf2b9c8d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--a232c9c7-cb3e-4d24-9269-581416b28633",
"id": "bundle--98cd803c-3cdd-4f45-85e1-941bf65d310e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--26e71dc7-967b-4e91-8115-c3ef95965a85",
"created_by_ref": "identity--c0f3f687-e325-4e68-999d-9ffd0a104bd6",
"created": "2022-07-02T19:37:33.892685Z",
"modified": "2022-07-02T19:37:33.892685Z",
"id": "attack-pattern--063e1fbb-d23c-404a-a9b0-bfb3bf2b9c8d",
"created_by_ref": "identity--4bdb7015-1412-4429-8788-471a84890a9f",
"created": "2022-07-02T19:59:12.718891Z",
"modified": "2022-07-02T19:59:12.718891Z",
"name": "Post Violative Content to Provoke Takedown and Backlash",
"description": "TA09",
"description": "Post Violative Content to Provoke Takedown and Backlash.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--15d3aa3a-26e8-4862-bd0f-60cd8dd03c5e"
"marking-definition--0be39880-90cf-486b-a92e-b3ed2ce045be"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--94e8af0b-a38f-41cb-8c89-059e04f3c926.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--06504d3c-f7cc-46fd-a6a4-5f1fb3291232.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--5cb7bacf-f977-4fed-b7bd-b48b2e72e04b",
"id": "bundle--2e794870-fd94-4be6-8e6b-f3fdcdd0ea75",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--94e8af0b-a38f-41cb-8c89-059e04f3c926",
"created_by_ref": "identity--eaf47657-5e00-46c5-9195-f3af190a9a50",
"created": "2022-07-02T19:37:33.817554Z",
"modified": "2022-07-02T19:37:33.817554Z",
"id": "attack-pattern--06504d3c-f7cc-46fd-a6a4-5f1fb3291232",
"created_by_ref": "identity--0d8fc69a-bd53-450e-a29e-d1e994f07b6d",
"created": "2022-07-02T19:59:12.621676Z",
"modified": "2022-07-02T19:59:12.621676Z",
"name": "Raise funds from malign actors",
"description": "TA15",
"description": "Raising funds from malign actors may include contributions from foreign agents, cutouts or proxies, shell companies, dark money groups, etc. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c2320526-7bf9-4741-b5de-f3843c00d4c1"
"marking-definition--a6f5dcd4-b345-4f31-8f8c-c2294dc9e7c5"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--fe829401-86a6-41f5-a1ed-599d09b47561.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0678242b-030c-4ff5-8f9f-73a97253c8dc.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--765f73ea-83d3-4bb1-8af6-d0f999f2001c",
"id": "bundle--dc9d7ca8-d56d-4b46-b2df-dd26e199fe2e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--fe829401-86a6-41f5-a1ed-599d09b47561",
"created_by_ref": "identity--e75ad5c4-d8b6-4f1b-925f-45339cfebca4",
"created": "2022-07-02T19:37:33.830036Z",
"modified": "2022-07-02T19:37:33.830036Z",
"id": "attack-pattern--0678242b-030c-4ff5-8f9f-73a97253c8dc",
"created_by_ref": "identity--e80ee5d8-d71a-4071-9ae7-5697aa5f0e0a",
"created": "2022-07-02T19:59:12.632024Z",
"modified": "2022-07-02T19:59:12.632024Z",
"name": "Boycott/\"Cancel\" Opponents",
"description": "TA18",
"description": "Cancel culture refers to the phenomenon in which individuals collectively refrain from supporting an individual, organization, business, or other entity, usually following a real or falsified controversy. An influence operation may exploit cancel culture by emphasizing an adversary\u2019s problematic or disputed behavior and presenting its own content as an alternative. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0d696997-f1da-430f-9d1c-f8ba336ecd23"
"marking-definition--276e2501-325a-4b70-96ff-6e62f95ddd7f"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--07425155-0f00-47cd-8e61-01da0fd19388.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--1cd96710-aaef-4652-89d5-09c9995e79f4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--07425155-0f00-47cd-8e61-01da0fd19388",
"created_by_ref": "identity--e62d7526-5ab3-4857-858e-d3c59b24e6d0",
"created": "2022-07-02T19:59:12.736272Z",
"modified": "2022-07-02T19:59:12.736272Z",
"name": "Conceal Sponsorship",
"description": "Concealing sponsorship aims to mislead or obscure the identity of the hidden sponsor behind an operation rather than entity publicly running the operation. Operations that conceal sponsorship may maintain visible falsified groups, news outlets, non-profits, or other organizations, but seek to mislead or obscure the identity sponsoring, funding, or otherwise supporting these entities. \nInfluence operations may use a variety of techniques to mask the location of their social media accounts to complicate attribution and conceal evidence of foreign interference. Operation accounts may set their location to a false place, often the location of the operation\u2019s target audience, and post in the region\u2019s language",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0130.001.md",
"external_id": "T0130.001"
}
],
"object_marking_refs": [
"marking-definition--e4618e60-e5ec-4c05-9e07-227378c85027"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--526a5783-273a-41c8-ba53-adc24ae485f8.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--074dec50-3fd1-4427-81cc-6d42c4774a53.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--ca209fb1-3931-4f12-8b4d-9dce7354b6b7",
"id": "bundle--7c5cfedc-e176-4c46-afed-3a91e734118b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--526a5783-273a-41c8-ba53-adc24ae485f8",
"created_by_ref": "identity--ddc46522-8ce7-41f7-839c-0a002e202321",
"created": "2022-07-02T19:37:33.921257Z",
"modified": "2022-07-02T19:37:33.921257Z",
"id": "attack-pattern--074dec50-3fd1-4427-81cc-6d42c4774a53",
"created_by_ref": "identity--33cff0c9-a11b-4adf-8e48-a5998f749bf6",
"created": "2022-07-02T19:59:12.742178Z",
"modified": "2022-07-02T19:59:12.742178Z",
"name": "Measure Effectiveness Indicators (or KPIs)",
"description": "TA12",
"description": "Ensuring that Key Performace Indicators are identified and tracked, so that the performance and effectivess of campaigns, and elements of campaigns, can be measured, during and after their execution",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--05e6d40e-de1c-4cc7-8437-f65e42e91e1f"
"marking-definition--3dfd8539-e2f0-4d40-a4db-d925980e3e01"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f9d37d7b-effb-498b-9edc-d3f761a32e4e.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--08b0624d-4db7-4d38-838d-c7e970dbb292.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--24a34653-0f2e-486c-ab2d-e04e0957009a",
"id": "bundle--5fae4878-7d7a-4f24-9e23-8c904e06cbb2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f9d37d7b-effb-498b-9edc-d3f761a32e4e",
"created_by_ref": "identity--6634e59c-d19b-4326-aa49-8d5fe46d5fb0",
"created": "2022-07-02T19:37:33.820543Z",
"modified": "2022-07-02T19:37:33.820543Z",
"id": "attack-pattern--08b0624d-4db7-4d38-838d-c7e970dbb292",
"created_by_ref": "identity--a008f5aa-2a69-4660-bb02-97f64f779370",
"created": "2022-07-02T19:59:12.623991Z",
"modified": "2022-07-02T19:59:12.623991Z",
"name": "Generate information pollution",
"description": "TA06",
"description": "Flood social channels; drive traffic/engagement to all assets; create aura/sense/perception of pervasiveness/consensus (for or against or both simultaneously) of an issue or topic. \"Nothing is true, but everything is possible.\" Akin to astroturfing campaign.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--d2099388-a0bb-4b97-b3bc-d3262ba42078"
"marking-definition--bdc1090d-05fe-4987-9276-6e385d0d60e4"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--c5b3678c-efc0-4e2b-9cfa-672c55335753.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0950f50e-8b4d-4c16-93ed-5e52562fc1a7.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--e5cf76e8-b06c-4e3e-b061-e5c4d06eea39",
"id": "bundle--f904ea2c-c4da-4de3-ac61-8bb739f99ec5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c5b3678c-efc0-4e2b-9cfa-672c55335753",
"created_by_ref": "identity--f8adebf6-48e3-4c6b-9eae-1d53a20bb056",
"created": "2022-07-02T19:37:33.904036Z",
"modified": "2022-07-02T19:37:33.904036Z",
"id": "attack-pattern--0950f50e-8b4d-4c16-93ed-5e52562fc1a7",
"created_by_ref": "identity--0056252d-451e-45be-96c4-8d8255c5df5a",
"created": "2022-07-02T19:59:12.728378Z",
"modified": "2022-07-02T19:59:12.728378Z",
"name": "Call to action to attend ",
"description": "TA10",
"description": "Call to action to attend an event",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--828e92df-d308-440b-b20d-cf31b47010a3"
"marking-definition--cb7e9c7d-834b-4c53-924c-bb77f028b13d"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--09c83f74-e10c-452e-b55b-37807cc79c95.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--0f8c57bd-22b3-432c-8909-b3a14f9954bb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--09c83f74-e10c-452e-b55b-37807cc79c95",
"created_by_ref": "identity--047518ae-fd89-411a-ac53-0d262d59768c",
"created": "2022-07-02T19:59:12.660812Z",
"modified": "2022-07-02T19:59:12.660812Z",
"name": "Enlist Troll Accounts",
"description": "An influence operation may hire trolls, or human operators of fake accounts that aim to provoke others by posting and amplifying content about controversial issues. Trolls can serve to discredit an influence operation\u2019s opposition or bring attention to the operation\u2019s cause through debate. \nClassic trolls refer to regular people who troll for personal reasons, such as attention-seeking or boredom. Classic trolls may advance operation narratives by coincidence but are not directly affiliated with any larger operation. Conversely, hybrid trolls act on behalf of another institution, such as a state or financial organization, and post content with a specific ideological goal. Hybrid trolls may be highly advanced and institutionalized or less organized and work for a single individual. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0091.003.md",
"external_id": "T0091.003"
}
],
"object_marking_refs": [
"marking-definition--7e51d2e1-3838-4081-a1a0-d499970c5de3"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0acaace6-ed59-4fbb-a334-a6107279893e.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--81cf4295-8cdf-4100-9702-45cd4d24ae58",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0acaace6-ed59-4fbb-a334-a6107279893e",
"created_by_ref": "identity--ee46b6f8-5fcd-4bc3-8407-353a95848239",
"created": "2022-07-02T19:37:33.833455Z",
"modified": "2022-07-02T19:37:33.833455Z",
"name": "Utilize Spamoflauge",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0049.004.md",
"external_id": "T0049.004"
}
],
"object_marking_refs": [
"marking-definition--acecea7a-e8e9-472a-a448-5a6a26935450"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--67b0bd11-c8d2-480f-8320-1313b07135eb.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0b98e731-1c93-49ef-9f07-0377be20ff34.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--bc03c076-a45e-4f1e-8caf-f02f5e5bb083",
"id": "bundle--49efa15a-24f8-4f10-a17d-cb027f1a5897",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--67b0bd11-c8d2-480f-8320-1313b07135eb",
"created_by_ref": "identity--adb0dd49-5545-476d-aa06-14e11529e4d4",
"created": "2022-07-02T19:37:33.897715Z",
"modified": "2022-07-02T19:37:33.897715Z",
"id": "attack-pattern--0b98e731-1c93-49ef-9f07-0377be20ff34",
"created_by_ref": "identity--e961bf5e-69ef-48f4-b322-8a565f83f490",
"created": "2022-07-02T19:59:12.72327Z",
"modified": "2022-07-02T19:59:12.72327Z",
"name": "Use Contests and Prizes",
"description": "TA17",
"description": "Use Contests and Prizes",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--b8d336fd-9f5d-48d7-9c5e-b932fe5ef1b8"
"marking-definition--6ae81d81-f7bf-44fe-974b-0aa08c1a967e"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--23859f93-6c0b-4aea-9b03-fb6cc031b923.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c14a9d8-4304-4468-800b-c3c1d84dff5f.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--34ec415a-9f6a-4276-bd6d-bfa94623dfb3",
"id": "bundle--d7c2082b-b210-4c63-8360-c9622bd2ddea",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--23859f93-6c0b-4aea-9b03-fb6cc031b923",
"created_by_ref": "identity--9c764f5f-c92a-4718-add6-21739bda23ff",
"created": "2022-07-02T19:37:33.82097Z",
"modified": "2022-07-02T19:37:33.82097Z",
"id": "attack-pattern--0c14a9d8-4304-4468-800b-c3c1d84dff5f",
"created_by_ref": "identity--ef280992-aaca-463b-bb9e-1a8f0eb31c08",
"created": "2022-07-02T19:59:12.624385Z",
"modified": "2022-07-02T19:59:12.624385Z",
"name": "Create fake research",
"description": "TA06",
"description": "Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--5f9ceb21-1abd-4044-bbf2-c84e74b6a322"
"marking-definition--b0fc2160-56aa-4247-8581-413503cb14ad"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--43f1053e-fc27-4507-9140-ecb96f11ea62.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c87b14d-385e-44f7-a180-ecb389949bb4.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--5928ba1d-815c-4ec3-a9a2-a390d8dc3cbf",
"id": "bundle--d6438cd3-ef2e-4fe9-83a8-4a2c0c696cb1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--43f1053e-fc27-4507-9140-ecb96f11ea62",
"created_by_ref": "identity--64897106-d45f-4455-aef7-1d53c156bce9",
"created": "2022-07-02T19:37:33.916229Z",
"modified": "2022-07-02T19:37:33.916229Z",
"id": "attack-pattern--0c87b14d-385e-44f7-a180-ecb389949bb4",
"created_by_ref": "identity--133a6974-87ef-4fd4-81df-07f2db5db17c",
"created": "2022-07-02T19:59:12.73827Z",
"modified": "2022-07-02T19:59:12.73827Z",
"name": "Legacy web content",
"description": "TA11",
"description": "Make incident content visible for a long time, e.g. by exploiting platform terms of service, or placing it where it's hard to remove or unlikely to be removed.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--daa75d39-dcc1-4296-a05a-1b9f07d8ce7e"
"marking-definition--6ca4f426-8216-4d0b-8e69-8bef70364209"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d5e2457-30e9-4934-8197-651dbc00dc82.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fbaeb474-754b-497b-93ab-566d36199ed2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d5e2457-30e9-4934-8197-651dbc00dc82",
"created_by_ref": "identity--f785ad55-f2a3-4a46-9082-7910d370dd0f",
"created": "2022-07-02T19:59:12.723937Z",
"modified": "2022-07-02T19:59:12.723937Z",
"name": "Bypass Content Blocking",
"description": "Bypassing content blocking refers to actions taken to circumvent network security measures that prevent users from accessing certain servers, resources, or other online spheres. An influence operation may bypass content blocking to proliferate its content on restricted areas of the internet. Common strategies for bypassing content blocking include:\n- Altering IP addresses to avoid IP filtering \n- Using a Virtual Private Network (VPN) to avoid IP filtering \n- Using a Content Delivery Network (CDN) to avoid IP filtering \n- Enabling encryption to bypass packet inspection blocking \n- Manipulating text to avoid filtering by keywords \n- Posting content on multiple platforms to avoid platform-specific removals - Using local facilities or modified DNS servers to avoid DNS filtering ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0121.001.md",
"external_id": "T0121.001"
}
],
"object_marking_refs": [
"marking-definition--9ea37ee9-1815-4e02-bc2b-7279a1102521"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e81a600-4f62-456b-9a6e-d3cf98109066.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d6d9eb1-1113-46a5-a518-ac21258eb513.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--482b499c-0dd1-4112-b1fe-8f99fa073f3c",
"id": "bundle--b6023542-61ee-4697-9889-4aad4236e2fb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7e81a600-4f62-456b-9a6e-d3cf98109066",
"created_by_ref": "identity--c894ea29-36e1-483d-8b22-f832ee346e6f",
"created": "2022-07-02T19:37:33.893959Z",
"modified": "2022-07-02T19:37:33.893959Z",
"id": "attack-pattern--0d6d9eb1-1113-46a5-a518-ac21258eb513",
"created_by_ref": "identity--c50e1cdd-d981-4d76-8eb7-06fd089df704",
"created": "2022-07-02T19:59:12.720088Z",
"modified": "2022-07-02T19:59:12.720088Z",
"name": "Post inauthentic social media comment",
"description": "TA09",
"description": "Use government-paid social media commenters, astroturfers, chat bots (programmed to reply to specific key words/hashtags) influence online conversations, product reviews, web-site comment forums.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--a7c97e3a-96ac-4b94-b6ca-0b571be3d103"
"marking-definition--5526b7a3-6705-4370-9bef-13759f37f2fa"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--26029561-89fa-4a78-84b8-c1d8c1867578.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0f3f9883-6db6-4936-94ce-e89e0f994f6d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--072f37a3-387c-4795-b061-118f4d894555",
"id": "bundle--96e866f6-a5ee-47f1-a2fb-d450f8c09a8d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--26029561-89fa-4a78-84b8-c1d8c1867578",
"created_by_ref": "identity--b6d00605-98e9-47a4-bc1a-854bb3c14e49",
"created": "2022-07-02T19:37:33.850528Z",
"modified": "2022-07-02T19:37:33.850528Z",
"id": "attack-pattern--0f3f9883-6db6-4936-94ce-e89e0f994f6d",
"created_by_ref": "identity--3e4f09d6-dd88-446d-83c3-071cabe34a9c",
"created": "2022-07-02T19:59:12.648507Z",
"modified": "2022-07-02T19:59:12.648507Z",
"name": "Identify Wedge Issues",
"description": "TA13",
"description": "A wedge issue is a divisive political issue, usually concerning a social phenomenon, that divides individuals along a defined line. An influence operation may exploit wedge issues by intentionally polarizing the public along the wedge issue line and encouraging opposition between factions.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--4589917a-bae4-4823-a294-74fdbe12badc"
"marking-definition--c9493262-f742-49c2-99de-8470c7296eb0"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8e4c5820-7bff-4ec5-9715-40719666da71.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0f5cbbee-3e87-4cdc-b544-ee9374919426.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--d14eebe7-7dc8-4731-84c0-66ba876acf43",
"id": "bundle--387ae227-9f51-4767-864f-e6ca38580013",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8e4c5820-7bff-4ec5-9715-40719666da71",
"created_by_ref": "identity--57820783-429b-4669-9f77-ac679f2a3466",
"created": "2022-07-02T19:37:33.867417Z",
"modified": "2022-07-02T19:37:33.867417Z",
"id": "attack-pattern--0f5cbbee-3e87-4cdc-b544-ee9374919426",
"created_by_ref": "identity--83479fa9-197a-49d1-a3e0-c940b9701750",
"created": "2022-07-02T19:59:12.661899Z",
"modified": "2022-07-02T19:59:12.661899Z",
"name": "Use Follow Trains",
"description": "TA15",
"description": "A follow train is a group of people who follow each other on a social media platform, often as a way for an individual or campaign to grow its social media following. Follow trains may be a violation of platform Terms of Service. They are also known as follow-for-follow groups. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c337e02e-687d-43ba-995a-0df7c768cade"
"marking-definition--c0b7552f-9e0d-4590-af1b-f4a8231c65e9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3400fe54-b861-4820-a9ad-784a38740492.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1059cdf7-3b45-40e6-93d3-b25ef3b6afac.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--7d40382f-78c4-4e84-bd60-0da1bf6d903a",
"id": "bundle--41834803-191e-446c-9b27-e085c7c09fbc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3400fe54-b861-4820-a9ad-784a38740492",
"created_by_ref": "identity--ff62c01e-5860-4d14-82e0-b3d0bd4b9528",
"created": "2022-07-02T19:37:33.831744Z",
"modified": "2022-07-02T19:37:33.831744Z",
"id": "attack-pattern--1059cdf7-3b45-40e6-93d3-b25ef3b6afac",
"created_by_ref": "identity--b9b5c65a-3913-4a60-9448-6d4974a5c8e1",
"created": "2022-07-02T19:59:12.633371Z",
"modified": "2022-07-02T19:59:12.633371Z",
"name": "Flooding the Information Space",
"description": "TA17",
"description": "Flooding and/or mobbing social media channels feeds and/or hashtag with excessive volume of content to control/shape online conversations and/or drown out opposing points of view. Bots and/or patriotic trolls are effective tools to acheive this effect.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--544b3744-fb12-446b-b25c-a91109273f13"
"marking-definition--bc33bc74-32ca-49cf-8fcb-c194ed40ccf9"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--d6bd33eb-fdad-4ac1-b072-20bfa30a47a2.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--107e3180-34f6-4e11-a952-705df35b52f7.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--493bf873-da5f-40df-a2dc-831826599a7d",
"id": "bundle--4174c131-9a90-4d85-b11d-439b04438456",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d6bd33eb-fdad-4ac1-b072-20bfa30a47a2",
"created_by_ref": "identity--c26f55bd-61b2-49ed-b355-2fea5bd043ae",
"created": "2022-07-02T19:37:33.907791Z",
"modified": "2022-07-02T19:37:33.907791Z",
"id": "attack-pattern--107e3180-34f6-4e11-a952-705df35b52f7",
"created_by_ref": "identity--9b2c579f-fdf5-4585-ba48-f4bfdcf6e703",
"created": "2022-07-02T19:59:12.731474Z",
"modified": "2022-07-02T19:59:12.731474Z",
"name": "Launder Accounts",
"description": "TA11",
"description": "Account laundering occurs when an influence operation acquires control of previously legitimate online accounts from third parties through sale or exchange and often in contravention of terms of use. Influence operations use laundered accounts to reach target audience members from an existing information channel and complicate attribution. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--1bdd20b7-57ca-4cb0-b42e-da46a3264bfb"
"marking-definition--1f97face-a051-4873-be69-61a6fb53fc4a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ca742cc1-d49b-4c82-be17-ce4cc1676758.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--10d6f181-cf76-42b1-a021-37949a0574bc.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--f64423ce-0649-483c-8ecf-3edafaaf2c4c",
"id": "bundle--c1e84e8d-9dfe-4e61-a26d-3d5be0e60383",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ca742cc1-d49b-4c82-be17-ce4cc1676758",
"created_by_ref": "identity--53283031-76bd-471e-b9a4-8c0268d78618",
"created": "2022-07-02T19:37:33.847561Z",
"modified": "2022-07-02T19:37:33.847561Z",
"id": "attack-pattern--10d6f181-cf76-42b1-a021-37949a0574bc",
"created_by_ref": "identity--91e9b84a-7692-49e7-8b36-210d7a841f7d",
"created": "2022-07-02T19:59:12.64624Z",
"modified": "2022-07-02T19:59:12.64624Z",
"name": "Assess Degree/Type of Media Access",
"description": "TA13",
"description": "An influence operation may survey a target audience\u2019s Internet availability and degree of media freedom to determine which target audience members will have access to operation content and on which platforms. An operation may face more difficulty targeting an information environment with heavy restrictions and media control than an environment with independent media, freedom of speech and of the press, and individual liberties. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--fdb9537c-44c4-49eb-b3b3-2fde90b3d5c0"
"marking-definition--ace2621f-f96b-4ac0-ac39-c302622a6d05"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--a2f153d1-8e74-4aa1-9e5b-5b958316c884.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--111df696-75c4-4dcb-9ab3-0cf79fe99953.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--dd466669-4092-401f-ac25-b84d8f543722",
"id": "bundle--98cf56be-4606-42d9-90f1-e9f4722a8bfe",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a2f153d1-8e74-4aa1-9e5b-5b958316c884",
"created_by_ref": "identity--3d27d5e7-85a1-4a92-8985-29cd87dba0ce",
"created": "2022-07-02T19:37:33.887631Z",
"modified": "2022-07-02T19:37:33.887631Z",
"id": "attack-pattern--111df696-75c4-4dcb-9ab3-0cf79fe99953",
"created_by_ref": "identity--6b3dd975-874b-4adc-9ad8-0c33fe6065a8",
"created": "2022-07-02T19:59:12.677975Z",
"modified": "2022-07-02T19:59:12.677975Z",
"name": "Formal Diplomatic Channels",
"description": "TA07",
"description": "Leveraging formal, traditional, diplomatic channels to communicate with foreign governments (written documents, meetings, summits, diplomatic visits, etc). This type of diplomacy is conducted by diplomats of one nation with diplomats and other officials of another nation or international organization.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--cf3475aa-a62c-4783-ad97-0625cb975640"
"marking-definition--c5a79e7f-871a-4049-b657-91e4b4afb92a"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--c81d58e7-413f-4e62-9c82-ff482e7a79c6.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--11af0d9d-1e5c-4b28-b586-cffc7b2e68fc.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--bdbb5189-a2ed-4540-8e26-c6281f2ccb7c",
"id": "bundle--289f38a1-5f79-4e45-a69d-a379633de30c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c81d58e7-413f-4e62-9c82-ff482e7a79c6",
"created_by_ref": "identity--eaeceacb-fd86-4bda-a94b-7d1daaf0b93a",
"created": "2022-07-02T19:37:33.874175Z",
"modified": "2022-07-02T19:37:33.874175Z",
"id": "attack-pattern--11af0d9d-1e5c-4b28-b586-cffc7b2e68fc",
"created_by_ref": "identity--6b4a9bf5-2e4d-44e6-9ef1-6f58db491c60",
"created": "2022-07-02T19:59:12.667208Z",
"modified": "2022-07-02T19:59:12.667208Z",
"name": "Leverage Existing Inauthentic News Sites",
"description": "TA16",
"description": "Leverage Existing Inauthentic News Sites",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--614d4e66-84c6-4db3-8c66-28eb610235fa"
"marking-definition--69c75baf-1bde-4e9e-978a-7298468bfabf"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c1031b1-7563-4bb7-9f02-ab4e1cb9f2e4.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--13e7f270-5796-40dd-b5b5-f36d84beef48.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--535ca59d-9d83-4311-adfc-33803272fafb",
"id": "bundle--c6685321-559e-442b-b412-dcd0d68b454c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4c1031b1-7563-4bb7-9f02-ab4e1cb9f2e4",
"created_by_ref": "identity--5549947a-450b-40bc-8ecf-28c6af4deeba",
"created": "2022-07-02T19:37:33.914977Z",
"modified": "2022-07-02T19:37:33.914977Z",
"id": "attack-pattern--13e7f270-5796-40dd-b5b5-f36d84beef48",
"created_by_ref": "identity--faff4808-9c88-4a8b-977c-eb2a81e4cef9",
"created": "2022-07-02T19:59:12.737293Z",
"modified": "2022-07-02T19:59:12.737293Z",
"name": "Use Cryptocurrency",
"description": "TA11",
"description": "Use Cryptocurrency to conceal sponsorship. Examples include Bitcoin, Monero, and Etherium. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c7877167-8d8f-4368-8e77-efbe7ea7c903"
"marking-definition--baeec09c-f65f-409a-8ccf-5653503ea414"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ad6707e6-d861-4403-88a3-7fbc59af0cd6.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--13ff62f6-6719-4ec4-b786-0a19eef53709.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--5514208b-3f10-4447-93b5-46e64c3f04e0",
"id": "bundle--d0b7fade-f884-4565-8a90-30da31fb01df",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ad6707e6-d861-4403-88a3-7fbc59af0cd6",
"created_by_ref": "identity--45f39bab-59c9-4f00-b9cb-c62d5679c576",
"created": "2022-07-02T19:37:33.834303Z",
"modified": "2022-07-02T19:37:33.834303Z",
"id": "attack-pattern--13ff62f6-6719-4ec4-b786-0a19eef53709",
"created_by_ref": "identity--7cad264d-b93c-448f-84cc-b91fa6377778",
"created": "2022-07-02T19:59:12.635522Z",
"modified": "2022-07-02T19:59:12.635522Z",
"name": "Conduct Keyword Squatting",
"description": "TA17",
"description": "Keyword squatting refers to the creation of online content, such as websites, articles, or social media accounts, around a specific search engine-optimized term to overwhelm the search results of that term. An influence may keyword squat to increase content exposure to target audience members who query the exploited term in a search engine and manipulate the narrative around the term. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c31563f9-041e-4d6e-88bb-b2651810bfc3"
"marking-definition--f360526f-6ed9-4d00-96b2-6f979dcd6895"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2e931c4c-9c3b-4188-8ce3-ae6e8ca53db9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--14565357-ef35-4f2c-b54b-e1010ed772ab.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--de5e031e-1cfd-442b-bf97-460db798b4cf",
"id": "bundle--a309d662-6a86-4a9e-98d7-ff9369c1c4b0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2e931c4c-9c3b-4188-8ce3-ae6e8ca53db9",
"created_by_ref": "identity--92655b09-2ad0-4d08-80ee-c4c0b26dd889",
"created": "2022-07-02T19:37:33.880044Z",
"modified": "2022-07-02T19:37:33.880044Z",
"id": "attack-pattern--14565357-ef35-4f2c-b54b-e1010ed772ab",
"created_by_ref": "identity--44ffec34-6a71-4f5b-b060-bf5d48b48da7",
"created": "2022-07-02T19:59:12.671731Z",
"modified": "2022-07-02T19:59:12.671731Z",
"name": "Video Livestream",
"description": "TA07",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--e25112b4-3da0-4a48-b46b-e1811b009a4c"
"marking-definition--4d2351ce-857c-4223-9565-c32ad18a1eb2"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--5749117a-940b-475d-96d2-62a8af9f13d3.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--15bd2bb3-531e-4a14-8650-613bf8dda25c.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--f2c25475-5c56-472f-b52b-f2ae88328bd6",
"id": "bundle--d1ab6c67-add6-416d-86e1-e87ce0c2e4fc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5749117a-940b-475d-96d2-62a8af9f13d3",
"created_by_ref": "identity--8e7e242b-2dea-432a-a14e-d2437e67b24a",
"created": "2022-07-02T19:37:33.840741Z",
"modified": "2022-07-02T19:37:33.840741Z",
"id": "attack-pattern--15bd2bb3-531e-4a14-8650-613bf8dda25c",
"created_by_ref": "identity--ea577b4d-c331-4c65-b032-44577305e622",
"created": "2022-07-02T19:59:12.64054Z",
"modified": "2022-07-02T19:59:12.64054Z",
"name": "Economic Segmentation",
"description": "TA13",
"description": "An influence operation may target populations based on their income bracket, wealth, or other financial or economic division. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--9f62ff9f-25a6-458c-88f0-c75c7602378d"
"marking-definition--24a4b640-e34c-44dc-aa8e-591e9fef9e5f"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ec4ace20-522f-4584-96d2-1ae397b3334b.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--15ee8dc7-f009-425f-afa3-294ba94b64e2.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--8641b513-9a82-4cec-83cb-27cc7d3479f3",
"id": "bundle--a09205e2-6679-4790-9736-50a69c81955c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ec4ace20-522f-4584-96d2-1ae397b3334b",
"created_by_ref": "identity--23bfac19-45d1-49cf-b657-2b9dcf145578",
"created": "2022-07-02T19:37:33.817978Z",
"modified": "2022-07-02T19:37:33.817978Z",
"id": "attack-pattern--15ee8dc7-f009-425f-afa3-294ba94b64e2",
"created_by_ref": "identity--94370512-0b2d-4e80-b09c-d70e6be46569",
"created": "2022-07-02T19:59:12.622007Z",
"modified": "2022-07-02T19:59:12.622007Z",
"name": "Raise funds from ignorant agents",
"description": "TA15",
"description": "Raising funds from ignorant agents may include scams, donations intended for one stated purpose but then used for another, etc. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--59abc355-7861-49ce-8e4e-9297fa9010ed"
"marking-definition--c458fca1-530d-44fe-bc43-5b6f0fa2c9da"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--172f546b-a5da-4e33-b53f-dd6d090c5355.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--d814514e-19ec-43cc-a333-2b4838fb8dfe",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--172f546b-a5da-4e33-b53f-dd6d090c5355",
"created_by_ref": "identity--a6f50154-4d8f-42b4-9011-680a39e340fb",
"created": "2022-07-02T19:37:33.813672Z",
"modified": "2022-07-02T19:37:33.813672Z",
"name": "Leverage Existing Narratives",
"description": "TA14",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-narratives"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0003.md",
"external_id": "T0003"
}
],
"object_marking_refs": [
"marking-definition--fc6467c6-1d4d-4e5f-b631-d5f2ff7548b7"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--6550fcfb-1675-4154-b476-00a73a9d5375.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--184c89b3-70da-473d-b547-3fde387a8d23.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--8a41244e-719a-4b51-9e80-b6515f3da7cd",
"id": "bundle--2b92bd31-8687-444b-bc00-35d115a53537",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6550fcfb-1675-4154-b476-00a73a9d5375",
"created_by_ref": "identity--c132248e-125f-4279-bd75-a536574d2677",
"created": "2022-07-02T19:37:33.894376Z",
"modified": "2022-07-02T19:37:33.894376Z",
"id": "attack-pattern--184c89b3-70da-473d-b547-3fde387a8d23",
"created_by_ref": "identity--eb1637be-a536-4cf9-aa46-7f7e08b0ed33",
"created": "2022-07-02T19:59:12.720433Z",
"modified": "2022-07-02T19:59:12.720433Z",
"name": "Attract Traditional Media",
"description": "TA09",
"description": "Deliver content by attracting the attention of traditional media (earned media).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3da73f53-eba5-44a2-99da-4c68780d60dc"
"marking-definition--d9711ec4-3c81-4590-8a6c-46789acd5d05"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--40858431-0c70-4bb5-b55c-591005eed696.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1899a266-350e-4e86-ba2a-d783744ff76d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--f08abcf5-62b8-48ff-aae1-ca7bdf49fcec",
"id": "bundle--9f2222c2-16bf-42f6-9516-ed416eba81ce",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--40858431-0c70-4bb5-b55c-591005eed696",
"created_by_ref": "identity--7b9ce418-e8d3-4909-9e2f-182f63a98cd2",
"created": "2022-07-02T19:37:33.842865Z",
"modified": "2022-07-02T19:37:33.842865Z",
"id": "attack-pattern--1899a266-350e-4e86-ba2a-d783744ff76d",
"created_by_ref": "identity--43cb3419-f997-45de-bbab-300f2db14906",
"created": "2022-07-02T19:59:12.642258Z",
"modified": "2022-07-02T19:59:12.642258Z",
"name": "Dismiss",
"description": "TA02",
"description": "Push back against criticism by dismissing your critics. This might be arguing that the critics use a different standard for you than with other actors or themselves; or arguing that their criticism is biased.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--4a48b553-dd19-4e10-aec3-0e0f356296e3"
"marking-definition--e29453eb-0dae-4f36-be8d-8e1b2958e147"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--c3c41284-4e23-4b05-aa9e-a595acbf0d61.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a85979f-226f-4f03-bd53-4bd81807bd7b.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--cad385b5-2105-4bab-9334-37e9d3347530",
"id": "bundle--57e40d28-3a10-4ac6-9d64-18e7aed22807",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c3c41284-4e23-4b05-aa9e-a595acbf0d61",
"created_by_ref": "identity--a5869b26-37d2-4f1f-b4ff-ffa531495248",
"created": "2022-07-02T19:37:33.879624Z",
"modified": "2022-07-02T19:37:33.879624Z",
"id": "attack-pattern--1a85979f-226f-4f03-bd53-4bd81807bd7b",
"created_by_ref": "identity--86789132-0ca6-4685-bf56-7c369788883a",
"created": "2022-07-02T19:59:12.671407Z",
"modified": "2022-07-02T19:59:12.671407Z",
"name": "Livestream",
"description": "TA07",
"description": "A livestream refers to an online broadcast capability that allows for real-time communication to closed or open networks.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3acff58a-78f1-4c75-be69-e35e935b574f"
"marking-definition--bf332cd4-6a38-4fba-a6c6-f0f125ce6b66"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--e1dacd01-4d8d-41eb-8fbe-e9c895ab42db.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1b073cb4-f884-4e16-9fdf-df9fbf44840b.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--fe60ab40-1629-4719-89e3-71cacb67ef11",
"id": "bundle--3969c68e-9473-4e5f-b893-8c0e584e1779",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e1dacd01-4d8d-41eb-8fbe-e9c895ab42db",
"created_by_ref": "identity--c5c42d81-6fb7-42c6-9506-d9973d1600b2",
"created": "2022-07-02T19:37:33.889295Z",
"modified": "2022-07-02T19:37:33.889295Z",
"id": "attack-pattern--1b073cb4-f884-4e16-9fdf-df9fbf44840b",
"created_by_ref": "identity--77ca8372-b414-4089-aed1-6961a209822e",
"created": "2022-07-02T19:59:12.679343Z",
"modified": "2022-07-02T19:59:12.679343Z",
"name": "Radio",
"description": "TA07",
"description": "Radio",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--16f83816-b1d8-4193-8beb-a48874ee98b0"
"marking-definition--5e8333c9-0274-45ff-b099-5ae32834bbbf"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1cb66d7b-d806-4f99-b2ac-28dca3994d36.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--2cd58615-de9e-45ca-816e-2f390cc8d32d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1cb66d7b-d806-4f99-b2ac-28dca3994d36",
"created_by_ref": "identity--6bb11a2e-ba2e-41d2-998a-382805fa7e04",
"created": "2022-07-02T19:37:33.864043Z",
"modified": "2022-07-02T19:37:33.864043Z",
"name": "Create Bot Accounts",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.003.md",
"external_id": "T0090.003"
}
],
"object_marking_refs": [
"marking-definition--73647538-262e-48be-ad69-0070fa65d93d"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2ab24152-cfc1-4aff-8b6f-9b1d7fc5d634.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d658549-c2db-4d51-805e-7f2577fe1a95.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--a440138b-73b0-40a1-bf85-58596de4642c",
"id": "bundle--5fdd8801-f09a-4a4e-968c-ad1ee38a874a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2ab24152-cfc1-4aff-8b6f-9b1d7fc5d634",
"created_by_ref": "identity--9d41b761-0cc9-49fc-bb23-86d9e849cd97",
"created": "2022-07-02T19:37:33.854313Z",
"modified": "2022-07-02T19:37:33.854313Z",
"id": "attack-pattern--1d658549-c2db-4d51-805e-7f2577fe1a95",
"created_by_ref": "identity--cdeac2b0-99ec-42d6-920e-6a42e2ae603e",
"created": "2022-07-02T19:59:12.651441Z",
"modified": "2022-07-02T19:59:12.651441Z",
"name": "Appropriate Content",
"description": "TA06",
"description": "An influence operation may take content from other sources with proper attribution. This content may be either misinformation content shared by others without malicious intent but now leveraged by the campaign as disinformation or disinformation content from other sources. Examples include the appropriation of content from one inauthentic news site to another inauthentic news site or network in ways that align with the originators licensing or terms of service.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--19217c11-527f-401a-a42f-96e9a375d66f"
"marking-definition--b20d4b56-d323-4906-87be-2ab192133807"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--40d50bb1-6cea-492a-a4e6-9e1af67e2c3e.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d79cd82-8ca4-4b12-8d95-af588445cc6d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--e4cc1521-5330-429b-8ca5-7d5bdf59dba2",
"id": "bundle--5bef39b5-7b5c-4a33-8106-94e83c7dee78",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--40d50bb1-6cea-492a-a4e6-9e1af67e2c3e",
"created_by_ref": "identity--3477f978-5b8b-4fcf-b1f3-599514859eda",
"created": "2022-07-02T19:37:33.88721Z",
"modified": "2022-07-02T19:37:33.88721Z",
"id": "attack-pattern--1d79cd82-8ca4-4b12-8d95-af588445cc6d",
"created_by_ref": "identity--a82cc2ab-a305-49b2-804b-f3df598f4340",
"created": "2022-07-02T19:59:12.677631Z",
"modified": "2022-07-02T19:59:12.677631Z",
"name": "Consumer Review Networks",
"description": "TA07",
"description": "Platforms for finding, reviewing, and sharing information about brands, products, services, restaurants, travel destinations, etc. Examples include Yelp, TripAdvisor, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--8e626bb8-d356-4670-9790-ef5407fcb02a"
"marking-definition--620c99a6-f5bd-41ab-8a99-16c2fb9afd70"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--54821f53-96b6-4bbc-a3c4-61d708c96c63.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1df3f525-2142-439a-94c1-a600464e1e6e.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--503e7ec6-5f97-4211-9257-3f387edba18d",
"id": "bundle--88337ec9-e5ad-48a0-b696-cbaf5be6945c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--54821f53-96b6-4bbc-a3c4-61d708c96c63",
"created_by_ref": "identity--9bae1129-8497-4491-8b10-71fec3f1564d",
"created": "2022-07-02T19:37:33.837348Z",
"modified": "2022-07-02T19:37:33.837348Z",
"id": "attack-pattern--1df3f525-2142-439a-94c1-a600464e1e6e",
"created_by_ref": "identity--fad6e3e4-434b-4351-a9a9-ff717bf0c296",
"created": "2022-07-02T19:59:12.637924Z",
"modified": "2022-07-02T19:59:12.637924Z",
"name": "Sell Merchandise",
"description": "TA10",
"description": "Sell mechandise refers to getting the message or narrative into physical space in the offline world while making money",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--110e9b59-73d3-4f2f-b7b8-c8cb20cc7973"
"marking-definition--38b3f210-25ee-412d-b683-bc0cfd6c6353"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f01222c-3cba-4cb7-bb9a-8b291bfd8597.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--4f66ea1e-5f92-4dd8-9295-0ffcc850aabf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1f01222c-3cba-4cb7-bb9a-8b291bfd8597",
"created_by_ref": "identity--148bb89a-b5da-4f9b-a552-8754fb4cfe81",
"created": "2022-07-02T19:37:33.825792Z",
"modified": "2022-07-02T19:37:33.825792Z",
"name": "Demand insurmountable proof",
"description": "TA14",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-narratives"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0040.md",
"external_id": "T0040"
}
],
"object_marking_refs": [
"marking-definition--37408f5c-e68d-43f8-b018-e6ca5c6b8bf3"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--9500a976-deeb-40b7-b620-c29eeb1cc247.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1fc51355-6d03-4f89-b4b2-dcf816109371.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--49012316-e18e-4584-8c2e-e2ddd3bcba20",
"id": "bundle--45c33fe1-6fe6-4977-a189-78efc0a4355f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9500a976-deeb-40b7-b620-c29eeb1cc247",
"created_by_ref": "identity--98865c4d-b028-4863-b274-159c8cd68f1e",
"created": "2022-07-02T19:37:33.821834Z",
"modified": "2022-07-02T19:37:33.821834Z",
"id": "attack-pattern--1fc51355-6d03-4f89-b4b2-dcf816109371",
"created_by_ref": "identity--a4bd581b-b596-46a9-b779-6595e9b43d72",
"created": "2022-07-02T19:59:12.625184Z",
"modified": "2022-07-02T19:59:12.625184Z",
"name": "Trial content",
"description": "TA08",
"description": "Iteratively test incident performance (messages, content etc), e.g. A/B test headline/content enagagement metrics; website and/or funding campaign conversion rates",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--9fcf41ed-4cd2-48f1-8e67-8a716f2edaf4"
"marking-definition--f0ac2680-e2c5-470b-a48d-4997f2cef24e"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8a132fc1-f33b-4110-89a2-86dc083b57d7.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--20d348c8-0ed6-46b8-adea-6f82f154b5d4.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--4f4a0acd-a6dc-4493-befa-9e9daca82fe0",
"id": "bundle--73b1f3a6-4d32-4fb8-b88e-cb223c0090fe",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8a132fc1-f33b-4110-89a2-86dc083b57d7",
"created_by_ref": "identity--af3a45de-ee4e-4329-9acb-03522464fe8b",
"created": "2022-07-02T19:37:33.847138Z",
"modified": "2022-07-02T19:37:33.847138Z",
"id": "attack-pattern--20d348c8-0ed6-46b8-adea-6f82f154b5d4",
"created_by_ref": "identity--a2bd4d6f-29b5-4766-8248-040a8f2d7a00",
"created": "2022-07-02T19:59:12.645914Z",
"modified": "2022-07-02T19:59:12.645914Z",
"name": "Conduct Web Traffic Analysis",
"description": "TA13",
"description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--4c815477-1006-4c4a-b914-4c05452d6c58"
"marking-definition--86b87cb1-b5ef-4459-8b87-85421fcccd84"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--cfd4aaca-ef36-43f6-9db7-f0923f54cce5.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--20e97210-a216-42aa-9a31-da2961f5dfa7.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--81142705-afee-4724-8891-29750ed166b8",
"id": "bundle--0adee6df-5c16-4bd1-ad41-b6b41135be72",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--cfd4aaca-ef36-43f6-9db7-f0923f54cce5",
"created_by_ref": "identity--1feebe40-12be-4eba-b6fd-eed55a029b1a",
"created": "2022-07-02T19:37:33.900227Z",
"modified": "2022-07-02T19:37:33.900227Z",
"id": "attack-pattern--20e97210-a216-42aa-9a31-da2961f5dfa7",
"created_by_ref": "identity--ac08327f-f696-4dce-8808-ddb6a02fe337",
"created": "2022-07-02T19:59:12.725259Z",
"modified": "2022-07-02T19:59:12.725259Z",
"name": "Block Content",
"description": "TA18",
"description": "Content blocking refers to actions taken to restrict internet access or render certain areas of the internet inaccessible. An influence operation may restrict content based on both network and content attributes. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--a4494d42-a939-413f-b198-d3cf5587df5c"
"marking-definition--f856625e-e68a-4855-82be-04efceaa09ed"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--91d4253c-5bd1-44e4-9fb1-5e2823df568d.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--226290e1-b4f4-4efc-97d9-66bb4b23ca75.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--b3661ce4-53df-45bc-8383-78ae1aec1252",
"id": "bundle--cf42c9cf-dadd-4d6b-9003-b4a8a2c610d7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--91d4253c-5bd1-44e4-9fb1-5e2823df568d",
"created_by_ref": "identity--a4c200b9-9c60-471b-8962-5a4f992e303e",
"created": "2022-07-02T19:37:33.892269Z",
"modified": "2022-07-02T19:37:33.892269Z",
"id": "attack-pattern--226290e1-b4f4-4efc-97d9-66bb4b23ca75",
"created_by_ref": "identity--375b2c10-2551-48f0-b064-7bf0351c5234",
"created": "2022-07-02T19:59:12.718561Z",
"modified": "2022-07-02T19:59:12.718561Z",
"name": "Share Memes",
"description": "TA09",
"description": "Memes are one of the most important single artefact types in all of computational propaganda. Memes in this framework denotes the narrow image-based definition. But that naming is no accident, as these items have most of the important properties of Dawkins' original conception as a self-replicating unit of culture. Memes pull together reference and commentary; image and narrative; emotion and message. Memes are a powerful tool and the heart of modern influence campaigns.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3059f9a0-3e48-4c9f-abd7-eae2212bcf96"
"marking-definition--6e625e76-5743-4b29-8f9c-898aaece03e4"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--c63a7119-3ae3-48ed-9bf3-24ad6f413c44.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--22aa8f48-20f8-4b96-bd44-2ae1b1621447.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--f6fc64bc-13cc-4971-908b-dbfbfb8db77f",
"id": "bundle--7d708a4e-0f7f-44bc-a34c-9eb20ae3ebe8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c63a7119-3ae3-48ed-9bf3-24ad6f413c44",
"created_by_ref": "identity--a30ead4e-5981-4fbe-9667-8cdb6ae39631",
"created": "2022-07-02T19:37:33.911163Z",
"modified": "2022-07-02T19:37:33.911163Z",
"id": "attack-pattern--22aa8f48-20f8-4b96-bd44-2ae1b1621447",
"created_by_ref": "identity--7b17dc40-be8e-4280-8c5c-55d1dcfe0a5d",
"created": "2022-07-02T19:59:12.734051Z",
"modified": "2022-07-02T19:59:12.734051Z",
"name": "Deny involvement",
"description": "TA11",
"description": "Without \"smoking gun\" proof (and even with proof), incident creator can or will deny involvement. This technique also leverages the attacker advantages outlined in \"Demand insurmountable proof\", specifically the asymmetric disadvantage for truth-tellers in a \"firehose of misinformation\" environment.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--974dcd79-0031-4f5f-8d06-5a6fe48e191e"
"marking-definition--f860ae0f-7260-49e6-b668-e719a787a52e"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--62f717da-4d1b-4f31-a0b4-3fcba13a5b87.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--231b3ff6-8ecb-4cd8-b9eb-ca7740298c61.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--867848a8-e6d4-4999-9f06-7833688ada84",
"id": "bundle--9c1288f1-5dfd-4167-bc59-fa8d638c1504",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--62f717da-4d1b-4f31-a0b4-3fcba13a5b87",
"created_by_ref": "identity--be61fb86-4638-4c0c-9995-d71730477fb1",
"created": "2022-07-02T19:37:33.858994Z",
"modified": "2022-07-02T19:37:33.858994Z",
"id": "attack-pattern--231b3ff6-8ecb-4cd8-b9eb-ca7740298c61",
"created_by_ref": "identity--d8019794-70dc-47da-9bae-5dffca5e9949",
"created": "2022-07-02T19:59:12.655093Z",
"modified": "2022-07-02T19:59:12.655093Z",
"name": "Develop AI-Generated Videos (Deepfakes)",
"description": "TA06",
"description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--cde97962-33b7-49d7-9db1-9d870313a5a2"
"marking-definition--0a97bad2-3a12-41fe-8c81-42b21d3e0934"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--a37bdf98-3cb9-473a-b913-876ff9133a6b.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--23b92b9a-d1e2-4049-ac91-99c5f094a84e.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--bd8d16a6-85a2-4dd3-9460-6ae4da6973d4",
"id": "bundle--9017e013-96bb-4a3b-891e-04e76d451570",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a37bdf98-3cb9-473a-b913-876ff9133a6b",
"created_by_ref": "identity--43838b8a-6227-4a5e-92c1-547c0aff7142",
"created": "2022-07-02T19:37:33.869971Z",
"modified": "2022-07-02T19:37:33.869971Z",
"id": "attack-pattern--23b92b9a-d1e2-4049-ac91-99c5f094a84e",
"created_by_ref": "identity--38921490-7bcc-4bf4-a3aa-0580b963671c",
"created": "2022-07-02T19:59:12.663957Z",
"modified": "2022-07-02T19:59:12.663957Z",
"name": "Identify susceptible targets in networks",
"description": "TA15",
"description": "When seeking to infiltrate an existing network, an influence operation may identify individuals and groups that might be susceptible to being co-opted or influenced.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--7a582033-0b35-4a5d-bb84-bc24e3941d8c"
"marking-definition--ede67eb4-1420-4d5c-9c93-340c44f02e25"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--5b6b3472-c1d2-4a13-bfd5-9111ff1fd4ba.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2400f6a0-b97e-4640-877d-946f68712265.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--8993d057-e33a-4623-86f7-2f196ff0a84f",
"id": "bundle--23f21b84-860f-42d8-a2b6-cc2ca7796fce",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5b6b3472-c1d2-4a13-bfd5-9111ff1fd4ba",
"created_by_ref": "identity--c6e945f3-044e-4507-8694-2c4fa81da59c",
"created": "2022-07-02T19:37:33.824505Z",
"modified": "2022-07-02T19:37:33.824505Z",
"id": "attack-pattern--2400f6a0-b97e-4640-877d-946f68712265",
"created_by_ref": "identity--88278ef9-c0a1-44ec-a09a-d1b2da7b4a19",
"created": "2022-07-02T19:59:12.627403Z",
"modified": "2022-07-02T19:59:12.627403Z",
"name": "Edit Open-Source Content",
"description": "TA06",
"description": "An influence operation may edit open-source content, such as collaborative blogs or encyclopedias, to promote its narratives on outlets with existing credibility and audiences. Editing open-source content may allow an operation to post content on platforms without dedicating resources to the creation and maintenance of its own assets. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c8bf2819-0438-473f-98ac-9263136e1f49"
"marking-definition--81c6112b-1d13-446a-bf37-2b7a46489e5e"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--eef8629d-f9fa-4a36-b9c1-8c66ede3d595.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--24bd7bc9-64dc-4ec9-b0e0-551c00666462.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--860a30d5-1315-4438-9a57-500a309733db",
"id": "bundle--c367bd28-6045-42e2-b777-096cb10693b6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--eef8629d-f9fa-4a36-b9c1-8c66ede3d595",
"created_by_ref": "identity--c1c15902-4171-46da-a16b-4c525be20155",
"created": "2022-07-02T19:37:33.854732Z",
"modified": "2022-07-02T19:37:33.854732Z",
"id": "attack-pattern--24bd7bc9-64dc-4ec9-b0e0-551c00666462",
"created_by_ref": "identity--e88ac6cd-91a4-43ce-87fe-2ce7cea02c55",
"created": "2022-07-02T19:59:12.651772Z",
"modified": "2022-07-02T19:59:12.651772Z",
"name": "Develop Text-based Content",
"description": "TA06",
"description": "Creating and editing false or misleading text-based artifacts, often aligned with one or more specific narratives, for use in a disinformation campaign.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--68390bf8-6931-4248-b765-3350f21ee749"
"marking-definition--b37247d1-211f-4f79-869e-04bdbb52aa65"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--358ff467-07ec-44ef-a446-b801734c1e63.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2506b127-497f-4c10-80ee-6ccfebea2fda.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--333b4f31-47c9-48b2-96c0-4e01dc7ba40f",
"id": "bundle--772709a6-279d-43c3-abbb-804857e21546",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--358ff467-07ec-44ef-a446-b801734c1e63",
"created_by_ref": "identity--1fad493a-9908-405e-a08d-10d3af4bcb0a",
"created": "2022-07-02T19:37:33.895209Z",
"modified": "2022-07-02T19:37:33.895209Z",
"id": "attack-pattern--2506b127-497f-4c10-80ee-6ccfebea2fda",
"created_by_ref": "identity--9277d520-da67-489e-b3dd-5298da41a1f1",
"created": "2022-07-02T19:59:12.721135Z",
"modified": "2022-07-02T19:59:12.721135Z",
"name": "Cross-Posting",
"description": "TA17",
"description": "Cross-posting refers to posting the same message to multiple internet discussions, social media platforms or accounts, or news groups at one time. An influence operation may post content online in multiple communities and platforms to increase the chances of content exposure to the target audience. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--1a510ef5-b73d-47d5-aee0-e2e69850ef55"
"marking-definition--6f2cdafb-db00-4820-a9f4-b2521e53b25a"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--7ce04f53-2904-4ebc-aa21-7adb6b05b3cd.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--25990799-9c4f-4941-aa2c-5deab1946ef1.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--1be73251-7d40-4b93-8cc0-140c4618e938",
"id": "bundle--b42f5b34-c235-4a84-bb0b-61f4750f3b56",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7ce04f53-2904-4ebc-aa21-7adb6b05b3cd",
"created_by_ref": "identity--06603b65-af3c-4454-824a-5f6566ad5abe",
"created": "2022-07-02T19:37:33.876272Z",
"modified": "2022-07-02T19:37:33.876272Z",
"id": "attack-pattern--25990799-9c4f-4941-aa2c-5deab1946ef1",
"created_by_ref": "identity--52750422-add6-44fc-a900-d21d660d5cc4",
"created": "2022-07-02T19:59:12.668816Z",
"modified": "2022-07-02T19:59:12.668816Z",
"name": "Co-Opt Trusted Individuals",
"description": "TA16",
"description": "Co-Opt Trusted Individuals",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--141a8483-e31c-489b-911f-4f0df4401c89"
"marking-definition--9ecba7a6-c6c8-4f2c-bc31-529a08bca7b3"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1e4ba283-1658-4fb7-b565-6132c093a6ad.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2707372c-26a1-4c1f-8875-65a2433cda70.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--ccbe81b6-fe4e-4197-bb63-e3c471baf4df",
"id": "bundle--680ee7a9-d430-4361-8fed-61ee7983e982",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1e4ba283-1658-4fb7-b565-6132c093a6ad",
"created_by_ref": "identity--55f0514b-3b4b-49d0-9b36-23010e324b0a",
"created": "2022-07-02T19:37:33.873333Z",
"modified": "2022-07-02T19:37:33.873333Z",
"id": "attack-pattern--2707372c-26a1-4c1f-8875-65a2433cda70",
"created_by_ref": "identity--d7566583-5ed1-4464-a35c-fe83bcc47cb9",
"created": "2022-07-02T19:59:12.666562Z",
"modified": "2022-07-02T19:59:12.666562Z",
"name": "Establish Inauthentic News Sites",
"description": "TA16",
"description": "Modern computational propaganda makes use of a cadre of imposter news sites spreading globally. These sites, sometimes motivated by concerns other than propaganda--for instance, click-based revenue--often have some superficial markers of authenticity, such as naming and site-design. But many can be quickly exposed with reference to their owenership, reporting history and adverstising details.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--58bfb3d6-fbdd-4590-8daa-782c9e4a02b4"
"marking-definition--18730cb6-f5ee-4211-8dc4-b1db494f33c9"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--5c61facb-db2d-40f7-b750-1474035fc986.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--277e6020-d211-484d-8612-f7eb3e5ef867.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--ed40bcf6-54c1-4372-a570-84265df83114",
"id": "bundle--21dd4925-6008-4106-ab77-b7b6b396993d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5c61facb-db2d-40f7-b750-1474035fc986",
"created_by_ref": "identity--76ee181c-4e48-49e4-ad07-99f5a582fff6",
"created": "2022-07-02T19:37:33.87753Z",
"modified": "2022-07-02T19:37:33.87753Z",
"id": "attack-pattern--277e6020-d211-484d-8612-f7eb3e5ef867",
"created_by_ref": "identity--653b5bd3-9007-4137-9e3c-7e5e0e02d5a6",
"created": "2022-07-02T19:59:12.669783Z",
"modified": "2022-07-02T19:59:12.669783Z",
"name": "Create Localized Content",
"description": "TA05",
"description": "Localized content refers to content that appeals to a specific community of individuals, often in defined geographic areas. An operation may create localized content using local language and dialects to resonate with its target audience and blend in with other local news and social media. Localized content may help an operation increase legitimacy, avoid detection, and complicate external attribution.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--1bbbe02c-b3c7-4bfa-838b-9fe245f17384"
"marking-definition--e440ec90-1df2-46d9-bc31-b0c89d7e6240"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--76f88607-8506-4926-8096-19fe7083dc8d.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--28efce68-0e87-431b-920f-9d678eb6f444.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--fac6a897-677c-4fe1-82c4-c6c2a1973a57",
"id": "bundle--2a592aa8-88ee-4556-abae-d98ed96b047e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--76f88607-8506-4926-8096-19fe7083dc8d",
"created_by_ref": "identity--97306357-fa61-47ef-b24c-413cbc1f2152",
"created": "2022-07-02T19:37:33.860255Z",
"modified": "2022-07-02T19:37:33.860255Z",
"id": "attack-pattern--28efce68-0e87-431b-920f-9d678eb6f444",
"created_by_ref": "identity--2ddc4452-b30b-4f7f-9bf9-0adbd5bf1261",
"created": "2022-07-02T19:59:12.656068Z",
"modified": "2022-07-02T19:59:12.656068Z",
"name": "Develop AI-Generated Audio (Deepfakes)",
"description": "TA06",
"description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--61022ad4-05cd-4a64-97c7-bc32eedd0a96"
"marking-definition--90bbb32a-bc70-48e6-a2b2-ecf39cc99fab"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--86f72dc9-e768-4d69-883d-65ba5a17700c.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--29f4ee70-1a5c-4fcd-b76b-07b7a99b356a.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--e20ee49b-1ca1-4e60-aab8-d4ac74c2e623",
"id": "bundle--1179b6cf-ff0e-4262-a4fe-79f2ac9d0534",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--86f72dc9-e768-4d69-883d-65ba5a17700c",
"created_by_ref": "identity--686c48f7-e8aa-4b22-94a9-5800d404ed83",
"created": "2022-07-02T19:37:33.905701Z",
"modified": "2022-07-02T19:37:33.905701Z",
"id": "attack-pattern--29f4ee70-1a5c-4fcd-b76b-07b7a99b356a",
"created_by_ref": "identity--d966710e-85b1-4115-be93-ff6aad5fc30a",
"created": "2022-07-02T19:59:12.729758Z",
"modified": "2022-07-02T19:59:12.729758Z",
"name": "Encourage Physical Violence",
"description": "TA10",
"description": "An influence operation may Encourage others to engage in Physical Violence to achieve campaign goals. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c862d51c-56f3-4a02-9696-bb96f44537b3"
"marking-definition--7c9476a4-ca41-4ec5-936a-4ff3e579f594"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2a0404a5-1a70-4be4-979c-6ecfd5595560.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--f2e8acfe-6571-48ea-b3f4-61b39007f04e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2a0404a5-1a70-4be4-979c-6ecfd5595560",
"created_by_ref": "identity--f45c1a1b-52a1-497c-af7d-3a19009b4031",
"created": "2022-07-02T19:59:12.628516Z",
"modified": "2022-07-02T19:59:12.628516Z",
"name": "Demand insurmountable proof",
"description": "Campaigns often leverage tactical and informational asymmetries on the threat surface, as seen in the Distort and Deny strategies, and the \"firehose of misinformation\". Specifically, conspiracy theorists can be repeatedly wrong, but advocates of the truth need to be perfect. By constantly escalating demands for proof, propagandists can effectively leverage this asymmetry while also priming its future use, often with an even greater asymmetric advantage. The conspiracist is offered freer rein for a broader range of \"questions\" while the truth teller is burdened with higher and higher standards of proof.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-narratives"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0040.md",
"external_id": "T0040"
}
],
"object_marking_refs": [
"marking-definition--02b0b700-bc50-45e7-a923-9fa628d65eda"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f3d1bcd1-a3bb-419c-810c-09fae4570029.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2a53870d-aad2-44df-9129-dfd6d1c2d8cc.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--d9e5b49b-9d9f-434c-a7f0-4752b62321d4",
"id": "bundle--5362e6b4-9d7f-4f2e-8074-0a9741b1ebaf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f3d1bcd1-a3bb-419c-810c-09fae4570029",
"created_by_ref": "identity--712af04d-b747-4f99-8827-266dbe76d9ee",
"created": "2022-07-02T19:37:33.894792Z",
"modified": "2022-07-02T19:37:33.894792Z",
"id": "attack-pattern--2a53870d-aad2-44df-9129-dfd6d1c2d8cc",
"created_by_ref": "identity--dcfa4dc7-b1f8-4aa3-bcb3-290c456bbb95",
"created": "2022-07-02T19:59:12.720782Z",
"modified": "2022-07-02T19:59:12.720782Z",
"name": "Amplify Existing Narrative",
"description": "TA17",
"description": "An influence operation may amplify existing narratives that align with its narratives to support operation objectives. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--1477081d-30e0-4b29-b63f-7cf8ad6ca372"
"marking-definition--c86a5d90-6fb6-4c04-be5d-e58cb26096b2"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2a7c503c-ec0b-4697-9e9e-9a036af8b3f1.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--3a1ced50-b989-4aa8-b54d-e4f2f0eba88b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2a7c503c-ec0b-4697-9e9e-9a036af8b3f1",
"created_by_ref": "identity--fe9ad911-7029-4966-a74c-776f17908d1e",
"created": "2022-07-02T19:59:12.628924Z",
"modified": "2022-07-02T19:59:12.628924Z",
"name": "Seed Kernel of truth",
"description": "Wrap lies or altered context/facts around truths. Influence campaigns pursue a variety of objectives with respect to target audiences, prominent among them: 1. undermine a narrative commonly referenced in the target audience; or 2. promote a narrative less common in the target audience, but preferred by the attacker. In both cases, the attacker is presented with a heavy lift. They must change the relative importance of various narratives in the interpretation of events, despite contrary tendencies. When messaging makes use of factual reporting to promote these adjustments in the narrative space, they are less likely to be dismissed out of hand; when messaging can juxtapose a (factual) truth about current affairs with the (abstract) truth explicated in these narratives, propagandists can undermine or promote them selectively. Context matters.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "conduct-pump-priming"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0042.md",
"external_id": "T0042"
}
],
"object_marking_refs": [
"marking-definition--09c6b85a-54b3-425b-abb1-d196e40d30af"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--57046318-f21a-490b-85bd-0445878e1a01.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b2b06d9-26d3-4e69-93b3-5a3f37363b5f.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--2c6f12ac-b57c-4e3d-a9b6-21ccc5620a03",
"id": "bundle--eadb3b83-aed5-45b2-a8be-28f55ae4d23c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--57046318-f21a-490b-85bd-0445878e1a01",
"created_by_ref": "identity--cccea9f5-5d6c-48df-a327-7757fd3d04d3",
"created": "2022-07-02T19:37:33.845411Z",
"modified": "2022-07-02T19:37:33.845411Z",
"id": "attack-pattern--2b2b06d9-26d3-4e69-93b3-5a3f37363b5f",
"created_by_ref": "identity--f1bc29f3-e0ff-4d3c-bf96-fa830dd15a9a",
"created": "2022-07-02T19:59:12.644481Z",
"modified": "2022-07-02T19:59:12.644481Z",
"name": "Map Target Audience Information Environment",
"description": "TA13",
"description": "Mapping the target audience information environment analyzes the information space itself, including social media analytics, web traffic, and media surveys. Mapping the information environment may help the influence operation determine the most realistic and popular information channels to reach its target audience. \nMapping the target audience information environment aids influence operations in determining the most vulnerable areas of the information space to target with messaging.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--67a82272-60f4-4562-8635-1bf9fabd8b52"
"marking-definition--52766689-e041-4dc5-bba3-71a239f06ea1"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--c8c75b45-8889-4c41-ba09-436588e9fafc.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2c7bded2-3bf3-4c5b-8c70-958b3856dc7a.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--72f02276-bcf9-402b-bc2c-519ff4e90148",
"id": "bundle--76dc05f2-fc6d-438e-a43a-5e2ab38d0f5b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--c8c75b45-8889-4c41-ba09-436588e9fafc",
"created_by_ref": "identity--de3580d1-5a73-46fd-b0f6-8c99472152c2",
"created": "2022-07-02T19:37:33.88218Z",
"modified": "2022-07-02T19:37:33.88218Z",
"id": "attack-pattern--2c7bded2-3bf3-4c5b-8c70-958b3856dc7a",
"created_by_ref": "identity--95f06451-4dbd-4c09-a0aa-1a7f73694fab",
"created": "2022-07-02T19:59:12.673593Z",
"modified": "2022-07-02T19:59:12.673593Z",
"name": "Private/Closed Social Networks",
"description": "TA07",
"description": "An audio livestream refers to an online audio broadcast capability that allows for real-time communication to closed or open networks. Examples include Twitter Spaces, ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--f7181424-1eb3-4f4a-8617-42db325a3cec"
"marking-definition--48408254-1db7-4679-85d5-c85aefa93b8a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ebd8f8d0-d7db-40a2-b2ad-618a50d5459f.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2cf97da8-f92c-49f3-bc58-d2527ce2a931.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--af1f74e5-e157-465c-9565-65f702213916",
"id": "bundle--b0e59946-83ee-41b3-9122-b78afd0cd70f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ebd8f8d0-d7db-40a2-b2ad-618a50d5459f",
"created_by_ref": "identity--00641b94-e993-4767-97a1-73cddd6003fc",
"created": "2022-07-02T19:37:33.85941Z",
"modified": "2022-07-02T19:37:33.85941Z",
"id": "attack-pattern--2cf97da8-f92c-49f3-bc58-d2527ce2a931",
"created_by_ref": "identity--6fafe263-0f92-45ca-a9fd-246d4bf6bdd6",
"created": "2022-07-02T19:59:12.655418Z",
"modified": "2022-07-02T19:59:12.655418Z",
"name": "Deceptively Edit Video (Cheap fakes)",
"description": "TA06",
"description": "Cheap fakes utilize less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--e2e4de75-947f-4f08-aa35-2291d4b8312c"
"marking-definition--974c743a-3157-4513-ac26-b95b97291258"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--e91c0e56-47ba-4f9d-99bc-992041352ac3.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2e57c2b3-f885-4684-bc08-47d334463c48.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--10e1923b-d89c-4263-98cf-8d849d2413fa",
"id": "bundle--c0b74225-6fb4-488f-90fc-863e260f2a46",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e91c0e56-47ba-4f9d-99bc-992041352ac3",
"created_by_ref": "identity--206071b7-66f3-4fd5-8e3b-25166a3e555d",
"created": "2022-07-02T19:37:33.859828Z",
"modified": "2022-07-02T19:37:33.859828Z",
"id": "attack-pattern--2e57c2b3-f885-4684-bc08-47d334463c48",
"created_by_ref": "identity--86c23365-0713-4f85-aa98-4dba3d6952dd",
"created": "2022-07-02T19:59:12.655743Z",
"modified": "2022-07-02T19:59:12.655743Z",
"name": "Develop Audio-based Content",
"description": "TA06",
"description": "Creating and editing false or misleading audio artifacts, often aligned with one or more specific narratives, for use in a disinformation campaign. This may include creating completely new audio content, repurposing existing audio artifacts (including cheap fakes), or using AI-generated audio creation and editing technologies (including deepfakes).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--d4399c44-28a3-48f8-ba69-503f4e17b91a"
"marking-definition--05a5db55-a642-42c3-be35-bada9c946bcd"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--314ec4eb-6397-487e-86c5-3cb3f617ba04.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--f3a7c0b3-515b-454b-8e63-d04e3bedd07a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--314ec4eb-6397-487e-86c5-3cb3f617ba04",
"created_by_ref": "identity--50ef4646-d3de-41e4-a894-c05bfaca489a",
"created": "2022-07-02T19:37:33.863619Z",
"modified": "2022-07-02T19:37:33.863619Z",
"name": "Create Cyborg Accounts",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.002.md",
"external_id": "T0090.002"
}
],
"object_marking_refs": [
"marking-definition--2a32d698-7a57-4fa5-83bf-204666f87075"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1074bd71-5cce-4b9e-a3f5-74d3bad21773.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--33e2b7b3-b9d0-47d4-ab63-fcd15740a325.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--4c9a4c62-3d25-4777-9c27-ae3e0f663be6",
"id": "bundle--e0557641-a8f0-40b8-8bb9-ec5f1bf9088c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1074bd71-5cce-4b9e-a3f5-74d3bad21773",
"created_by_ref": "identity--ae78af37-53a7-4231-ad16-fff9552f93bb",
"created": "2022-07-02T19:37:33.883014Z",
"modified": "2022-07-02T19:37:33.883014Z",
"id": "attack-pattern--33e2b7b3-b9d0-47d4-ab63-fcd15740a325",
"created_by_ref": "identity--27ab65f2-8827-433e-b9d1-42fbcc0e8f29",
"created": "2022-07-02T19:59:12.674233Z",
"modified": "2022-07-02T19:59:12.674233Z",
"name": "Use hashtags",
"description": "TA07",
"description": "Use a dedicated, existing hashtag for the campaign/incident.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--8e7c940f-5ca4-4d04-8f02-bb2c9b88739a"
"marking-definition--4711c835-302b-4291-83ac-f14187d242a3"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8b15e9c8-db45-4657-b27b-d7ca8ae19606.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--35486a04-35f6-4737-a554-7465e4d842ff.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--8a18d5c3-0bf3-4228-8cc2-c8070ed3fbfa",
"id": "bundle--5451b165-5de6-426c-9b72-dd7afa8cc241",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8b15e9c8-db45-4657-b27b-d7ca8ae19606",
"created_by_ref": "identity--08cbcd96-6eb7-4058-96c8-8870818e3d2f",
"created": "2022-07-02T19:37:33.921673Z",
"modified": "2022-07-02T19:37:33.921673Z",
"id": "attack-pattern--35486a04-35f6-4737-a554-7465e4d842ff",
"created_by_ref": "identity--c861ec49-201c-45c7-b71e-0cf8eb01e51a",
"created": "2022-07-02T19:59:12.742514Z",
"modified": "2022-07-02T19:59:12.742514Z",
"name": "Message reach",
"description": "TA12",
"description": "Monitor and evaluate message reach in misinformation incidents. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--be6e1060-8667-4361-876e-55eef7657fef"
"marking-definition--71c14eba-3866-44d5-9634-be84a40a1f46"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--35550613-e5ec-4d78-8518-1990ade69aec.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--73f6ae39-3d92-427c-a8c1-f746b0e390d5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--35550613-e5ec-4d78-8518-1990ade69aec",
"created_by_ref": "identity--a20d7f99-0240-4d4f-813f-8bfe83504995",
"created": "2022-07-02T19:59:12.667529Z",
"modified": "2022-07-02T19:59:12.667529Z",
"name": "Prepare Assets Impersonating Legitimate Entities",
"description": "An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities. \nAn influence operation may use a wide variety of cyber techniques to impersonate a legitimate entity\u2019s website or social media account. Typosquatting87 is the international registration of a domain name with purposeful variations of the impersonated domain name through intentional typos, top-level domain (TLD) manipulation, or punycode. Typosquatting facilitates the creation of falsified websites by creating similar domain names in the URL box, leaving it to the user to confirm that the URL is correct. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0099.md",
"external_id": "T0099"
}
],
"object_marking_refs": [
"marking-definition--a1a2dafb-7fc7-48db-b1ae-d1bc996ed311"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--35a7b256-4f20-4fcc-9d63-1d76f8bfbfdf.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--cd20f7a6-00fd-48cf-aca2-36b095d698b1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--35a7b256-4f20-4fcc-9d63-1d76f8bfbfdf",
"created_by_ref": "identity--f906d4dc-03c6-4a32-b06f-0c76b6819051",
"created": "2022-07-02T19:37:33.848841Z",
"modified": "2022-07-02T19:37:33.848841Z",
"name": "Identify Data Voids",
"description": "TA13",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0081.002.md",
"external_id": "T0081.002"
}
],
"object_marking_refs": [
"marking-definition--ce69c665-a9e8-4aab-ba98-c402ae9d1cf3"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3b1a05af-f77a-4ebd-ba0f-140eef9ab57b.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--35c84f14-34e0-479a-b6b4-043750313fc4.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--c5ac4cbc-6470-42c9-9834-21110ad542cf",
"id": "bundle--a0472552-89fc-4d00-bb57-8cee6e46bb5c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3b1a05af-f77a-4ebd-ba0f-140eef9ab57b",
"created_by_ref": "identity--b1104618-8e2e-4b1c-8d48-67a7d1e88637",
"created": "2022-07-02T19:37:33.875433Z",
"modified": "2022-07-02T19:37:33.875433Z",
"id": "attack-pattern--35c84f14-34e0-479a-b6b4-043750313fc4",
"created_by_ref": "identity--10551072-2fec-440f-808e-d46a00535785",
"created": "2022-07-02T19:59:12.668178Z",
"modified": "2022-07-02T19:59:12.668178Z",
"name": "Spoof/parody account/site",
"description": "TA16",
"description": "An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--1d3b2923-0087-4815-a454-5bb4b7284e98"
"marking-definition--5f6fba74-b814-4c81-9023-d43ddd1b84ee"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--36203197-90da-4681-b394-0bad48a2dea5.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--68aba449-84d3-4c93-ad33-928287d7739a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--36203197-90da-4681-b394-0bad48a2dea5",
"created_by_ref": "identity--04cfd5d6-8344-4af2-b058-fdd2e7c79970",
"created": "2022-07-02T19:59:12.622991Z",
"modified": "2022-07-02T19:59:12.622991Z",
"name": "Conduct fundraising",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services166 on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns to promote operation messaging while raising money to support its activities. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-offline-activity"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0017.md",
"external_id": "T0017"
}
],
"object_marking_refs": [
"marking-definition--dc4ba4b0-d802-43e8-a1f1-7f8ee6ef3f77"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--38ceb33f-7654-48dd-ac72-d0d596c2123b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--dea5faf8-cb0b-4415-a214-e2115fe1e3ff",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--38ceb33f-7654-48dd-ac72-d0d596c2123b",
"created_by_ref": "identity--a5561d28-3e53-41d8-91ce-f979d458f92b",
"created": "2022-07-02T19:59:12.736613Z",
"modified": "2022-07-02T19:59:12.736613Z",
"name": "Utilize Bulletproof Hosting",
"description": "Hosting refers to services through which storage and computing resources are provided to an individual or organization for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilize bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0130.002.md",
"external_id": "T0130.002"
}
],
"object_marking_refs": [
"marking-definition--1eaea2c0-838c-430a-a517-994fd5825b77"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0653256e-fda6-4cda-bb34-5464b2ea4713.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3984387e-adea-4ccd-88d3-8a481e41a045.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--d8ac9ec7-865a-498f-8d2b-49a1b63b4401",
"id": "bundle--8a1c56a5-836c-4937-ad74-32e1c1974dcb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0653256e-fda6-4cda-bb34-5464b2ea4713",
"created_by_ref": "identity--144e4781-6d89-4e16-9cc0-1737df6b3b7e",
"created": "2022-07-02T19:37:33.857725Z",
"modified": "2022-07-02T19:37:33.857725Z",
"id": "attack-pattern--3984387e-adea-4ccd-88d3-8a481e41a045",
"created_by_ref": "identity--044ed2e3-8618-4244-8075-8f3e31443f76",
"created": "2022-07-02T19:59:12.654096Z",
"modified": "2022-07-02T19:59:12.654096Z",
"name": "Deceptively Edit Images (Cheap fakes)",
"description": "TA06",
"description": "Cheap fakes utilize less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--77322b73-a29b-4fb8-8057-562e2142e00b"
"marking-definition--f479185c-2c89-4d11-954e-2cec7a37be4c"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0e66b49-511e-457f-8a84-00263cae2d2d.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3ab5afb2-e07d-4086-a010-89f351caf489.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--23919668-379b-487f-ba75-5194bb2e1391",
"id": "bundle--14a73f4f-9853-4039-84d2-fc6ac3956603",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e0e66b49-511e-457f-8a84-00263cae2d2d",
"created_by_ref": "identity--2525981e-81de-45ba-842b-4e2813682617",
"created": "2022-07-02T19:37:33.90696Z",
"modified": "2022-07-02T19:37:33.90696Z",
"id": "attack-pattern--3ab5afb2-e07d-4086-a010-89f351caf489",
"created_by_ref": "identity--bc8634ab-8ba3-4010-8924-301270e19062",
"created": "2022-07-02T19:59:12.730809Z",
"modified": "2022-07-02T19:59:12.730809Z",
"name": "Conceal Network Identity",
"description": "TA11",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organization. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0cf198ec-4414-4ff2-9065-3c515fe478da"
"marking-definition--7647cf2f-58cb-4620-be30-42bb625f8974"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3cece475-02b2-4671-8e2f-c916bbf14958.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3b04c334-059e-4983-80c7-c602062352c4.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--8a223e46-e8e2-4df2-aedf-15d38a351194",
"id": "bundle--3c7b8aca-8582-494b-bf85-139532812598",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3cece475-02b2-4671-8e2f-c916bbf14958",
"created_by_ref": "identity--414b6582-daed-422e-9d86-f855ccd8c5c0",
"created": "2022-07-02T19:37:33.870389Z",
"modified": "2022-07-02T19:37:33.870389Z",
"id": "attack-pattern--3b04c334-059e-4983-80c7-c602062352c4",
"created_by_ref": "identity--e0347ed6-f4bb-4b16-a157-f49e981f4938",
"created": "2022-07-02T19:59:12.664285Z",
"modified": "2022-07-02T19:59:12.664285Z",
"name": "Utilize Butterfly Attacks",
"description": "TA15",
"description": "Butterfly attacks occur when operators pretend to be members of a certain social group, usually a group that struggles for representation. An influence operation may mimic a group to insert controversial statements into the discourse, encourage the spread of operation content, or promote harassment among group members. Unlike astroturfing, butterfly attacks aim to infiltrate and discredit existing grassroots movements, organizations, and media campaigns. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--37bc4615-6a71-4848-bf87-27d59c0821bd"
"marking-definition--20b472eb-f674-4e4a-9785-2c8ca7479801"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ded03b01-9147-4e4a-a1c2-47110b5be178.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3c2e9e26-3af7-44f8-b046-694d9efbcd14.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--fb9af95d-705a-42a1-92fa-1bb46e51be39",
"id": "bundle--089f7f73-0c7c-4ef4-aab5-f6081276f0f3",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ded03b01-9147-4e4a-a1c2-47110b5be178",
"created_by_ref": "identity--4ee09df4-24a7-4578-a20b-d08327f1e224",
"created": "2022-07-02T19:37:33.91327Z",
"modified": "2022-07-02T19:37:33.91327Z",
"id": "attack-pattern--3c2e9e26-3af7-44f8-b046-694d9efbcd14",
"created_by_ref": "identity--0fdbda64-2d2e-478b-b6d6-1ae14a86d525",
"created": "2022-07-02T19:59:12.735943Z",
"modified": "2022-07-02T19:59:12.735943Z",
"name": "Conceal Infrastructure",
"description": "TA11",
"description": "Conceal the campaign's infrastructure to avoid takedown and attribution.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--6759bae7-efff-401c-953e-327754120cef"
"marking-definition--414309e6-3d26-4b07-9639-a1d999be20cc"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--58ce7f79-cddc-4da1-a2c2-daffb7c968f8.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3cdec22a-d46b-4fab-b15a-20db08e58221.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--5cd8ab68-f0b8-4401-a551-8f08016f2d27",
"id": "bundle--1bb454a0-c7d4-4f85-86f4-efcdb11b52c1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--58ce7f79-cddc-4da1-a2c2-daffb7c968f8",
"created_by_ref": "identity--28c33c12-7272-4929-9591-588c7c9736f4",
"created": "2022-07-02T19:37:33.835636Z",
"modified": "2022-07-02T19:37:33.835636Z",
"id": "attack-pattern--3cdec22a-d46b-4fab-b15a-20db08e58221",
"created_by_ref": "identity--93c0885b-27f7-481c-9e1f-6a8d5ba1a03d",
"created": "2022-07-02T19:59:12.636604Z",
"modified": "2022-07-02T19:59:12.636604Z",
"name": "Pay for Physical Action",
"description": "TA10",
"description": "Paying for physical action occurs when an influence operation pays individuals to act in the physical realm. An influence operation may pay for physical action to create specific situations and frame them in a way that supports operation narratives, for example, paying a group of people to burn a car to later post an image of the burning car and frame it as an act of protest. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--9b45f901-704d-42d5-9036-dc7bd435f033"
"marking-definition--ca889b23-874b-43be-afae-452e6549f21c"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--66a99773-eb1b-4a08-9e80-e36ecc74fb4d.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3ce95024-49f8-4fa3-b333-8819ef562fa8.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--7b80b859-2081-4bb9-bf7c-be1c71d76929",
"id": "bundle--7362ca1f-6695-418d-9289-6683ed2dff01",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--66a99773-eb1b-4a08-9e80-e36ecc74fb4d",
"created_by_ref": "identity--2156fee0-aacb-4016-bb82-f77d02327593",
"created": "2022-07-02T19:37:33.909463Z",
"modified": "2022-07-02T19:37:33.909463Z",
"id": "attack-pattern--3ce95024-49f8-4fa3-b333-8819ef562fa8",
"created_by_ref": "identity--61799769-30a3-4ff1-9076-2049eec8bf5e",
"created": "2022-07-02T19:59:12.732774Z",
"modified": "2022-07-02T19:59:12.732774Z",
"name": "Generate Content Unrelated to Narrative",
"description": "TA11",
"description": "An influence operation may mix its own operation content with legitimate news or external unrelated content to disguise operational objectives, narratives, or existence. For example, an operation may generate \"lifestyle\" or \"cuisine\" content alongside regular operation content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--bbce33e5-9db0-4ab9-96d4-f39a2f3ca212"
"marking-definition--e9b02971-490f-474b-a5de-7a1088a1d337"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--51239901-cfe6-4565-9ddb-b884ddcb4490.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3d6c883e-34bb-4c1a-8784-6d3265683039.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--9a05707f-fc92-4742-894f-bede84670ed8",
"id": "bundle--b5be1bed-779b-47bd-a21c-c90f0c0d8e7c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--51239901-cfe6-4565-9ddb-b884ddcb4490",
"created_by_ref": "identity--1106a9c5-988c-4aa3-b377-229f862f7222",
"created": "2022-07-02T19:37:33.902747Z",
"modified": "2022-07-02T19:37:33.902747Z",
"id": "attack-pattern--3d6c883e-34bb-4c1a-8784-6d3265683039",
"created_by_ref": "identity--c95de225-6152-492c-8361-18ec68fb7f2c",
"created": "2022-07-02T19:59:12.727352Z",
"modified": "2022-07-02T19:59:12.727352Z",
"name": "Exploit Platform TOS/Content Moderation",
"description": "TA18",
"description": "Exploit Platform TOS/Content Moderation",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--6d8db0af-f92c-4359-8f57-1ca3da2ebfb5"
"marking-definition--8e2ee928-c4ad-437b-9f09-cd9b10b20436"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f0e9457d-bb92-439b-aa6c-0b8c5cca46bf.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--405b0ae6-af27-46f0-b88e-96847318690c.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--a31a4a22-0b40-40fb-a27d-71308d86927f",
"id": "bundle--854f11c8-8e45-4447-8245-23291f59e0d6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f0e9457d-bb92-439b-aa6c-0b8c5cca46bf",
"created_by_ref": "identity--3a8a9bbb-1eea-4f0e-bd1c-94f0c6ad9c4e",
"created": "2022-07-02T19:37:33.836487Z",
"modified": "2022-07-02T19:37:33.836487Z",
"id": "attack-pattern--405b0ae6-af27-46f0-b88e-96847318690c",
"created_by_ref": "identity--2f667329-3963-46a1-a2a6-a798b2634267",
"created": "2022-07-02T19:59:12.637258Z",
"modified": "2022-07-02T19:59:12.637258Z",
"name": "Play the long game",
"description": "TA11",
"description": "Play the long game refers to two phenomena: 1. To plan messaging and allow it to grow organically without conducting your own amplification. This is methodical and slow and requires years for the message to take hold 2. To develop a series of seemingly disconnected messaging narratives that eventually combine into a new narrative.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--7c36d0db-40a5-4908-badb-e2c0a00826e2"
"marking-definition--1ebf30b4-f360-4780-834e-7158ea941df6"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--409a1740-f916-4c9f-a672-aa5012221aec.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--4c9ea73b-24db-447a-b449-36d36d39964f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--409a1740-f916-4c9f-a672-aa5012221aec",
"created_by_ref": "identity--eca669fe-1d84-41f8-b57b-eac1f9866ee1",
"created": "2022-07-02T19:59:12.724267Z",
"modified": "2022-07-02T19:59:12.724267Z",
"name": "Direct Users to Alternative Platforms",
"description": "Direct users to alternative platforms refers to encouraging users to move from the platform on which they initially viewed operation content and engage with content on alternate information channels, including separate social media channels and inauthentic websites. An operation may drive users to alternative platforms to diversify its information channels and ensure the target audience knows where to access operation content if the initial platform suspends, flags, or otherwise removes original operation assets and content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0122.md",
"external_id": "T0122"
}
],
"object_marking_refs": [
"marking-definition--da4f85e2-ef5e-46c9-8b11-106c50ba22af"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--413c3407-ef08-42be-a894-36b192314ccb.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4163a8ac-c555-49bf-a17e-b9e15036b667.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--96cbdb0d-76b7-4eda-bbfa-f4b8ca7801a0",
"id": "bundle--55bd264a-bd08-4889-a8ec-88b40b7c67f0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--413c3407-ef08-42be-a894-36b192314ccb",
"created_by_ref": "identity--ded204f4-4cd2-48b5-887f-93ba3ee4180d",
"created": "2022-07-02T19:37:33.872073Z",
"modified": "2022-07-02T19:37:33.872073Z",
"id": "attack-pattern--4163a8ac-c555-49bf-a17e-b9e15036b667",
"created_by_ref": "identity--adebf0cc-3b15-462f-81c7-2ab3cc78a145",
"created": "2022-07-02T19:59:12.665591Z",
"modified": "2022-07-02T19:59:12.665591Z",
"name": "Outsource Content Creation to External Organizations",
"description": "TA15",
"description": "An influence operation may outsource content creation to external companies to avoid attribution, increase the rate of content creation, or improve content quality, i.e., by employing an organization that can create content in the target audience\u2019s native language. Employed organizations may include marketing companies for tailored advertisements or external content farms for high volumes of targeted media. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--bac82c4f-a4e5-4252-99e7-f0e9dfad7cc0"
"marking-definition--d6bb0100-2d28-4537-842e-460440239257"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--6b176c9d-770b-4bca-adc9-f01c4778ecdf.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--41b86953-289e-4960-87a5-45549ce47a5e.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--d6e58e2f-5768-4371-9730-e4a29012da10",
"id": "bundle--73207803-befe-4b4b-988d-1048377baaef",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6b176c9d-770b-4bca-adc9-f01c4778ecdf",
"created_by_ref": "identity--7c21f823-1874-4b35-a378-5e299f0f4cfb",
"created": "2022-07-02T19:37:33.911586Z",
"modified": "2022-07-02T19:37:33.911586Z",
"id": "attack-pattern--41b86953-289e-4960-87a5-45549ce47a5e",
"created_by_ref": "identity--ef611905-b883-4c53-82b7-cb151de4f236",
"created": "2022-07-02T19:59:12.734399Z",
"modified": "2022-07-02T19:59:12.734399Z",
"name": "Delete Accounts/Account Activity",
"description": "TA11",
"description": "Deleting accounts and account activity occurs when an influence operation removes its online social media assets, including social media accounts, posts, likes, comments, and other online artifacts. An influence operation may delete its accounts and account activity to complicate attribution or remove online documentation that the operation ever occurred. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--aa350b16-efc5-4b0c-8de9-84bd6cc34b7b"
"marking-definition--a675116a-3372-4519-b074-ba907f725455"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--41b909fa-d9b2-46ea-911d-ff82bb3f9149.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--a8fc004e-c804-4eea-ac7b-07d61f742aac",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--41b909fa-d9b2-46ea-911d-ff82bb3f9149",
"created_by_ref": "identity--197ea789-ec4c-4bde-a1de-07723c6d72ca",
"created": "2022-07-02T19:37:33.913688Z",
"modified": "2022-07-02T19:37:33.913688Z",
"name": "Conceal Sponsorship",
"description": "TA11",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0130.001.md",
"external_id": "T0130.001"
}
],
"object_marking_refs": [
"marking-definition--9563edd9-173d-4899-9acb-3114b83c3bc9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--d47152fb-0fb7-4a4e-937a-616a5dc10212.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--41f18b17-3ff2-4339-ad2c-3eca924a07d8.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--da13ad20-75d6-4cbc-a2f7-e2f37b1a7a04",
"id": "bundle--88fdaa4d-4e27-4088-8173-80f6b11d5310",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d47152fb-0fb7-4a4e-937a-616a5dc10212",
"created_by_ref": "identity--9cce50b5-e4e1-48c7-94ef-bbb979bccede",
"created": "2022-07-02T19:37:33.889715Z",
"modified": "2022-07-02T19:37:33.889715Z",
"id": "attack-pattern--41f18b17-3ff2-4339-ad2c-3eca924a07d8",
"created_by_ref": "identity--60e4bf79-5c91-42b2-8326-c2d995a822c9",
"created": "2022-07-02T19:59:12.679667Z",
"modified": "2022-07-02T19:59:12.679667Z",
"name": "Email",
"description": "TA07",
"description": "Delivering content and narratives via email. This can include using list management or high-value individually targeted messaging.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--86ed3d34-6b86-4bdd-9cd7-a0f6996cbc98"
"marking-definition--1faf9a07-6d1c-468d-ac49-3ac1afcec104"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ce09d47a-80bd-47a6-b07b-a27022ee5e8c.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--428ae731-7efc-4a69-9da4-a7399e76e3ee.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--6b7848d4-8ee1-497e-aed4-972d68436dd5",
"id": "bundle--622bf972-c2d8-47a7-9e81-e872bc20670d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ce09d47a-80bd-47a6-b07b-a27022ee5e8c",
"created_by_ref": "identity--275c7be0-ef6f-4300-bdfe-457c982e0ae7",
"created": "2022-07-02T19:37:33.918321Z",
"modified": "2022-07-02T19:37:33.918321Z",
"id": "attack-pattern--428ae731-7efc-4a69-9da4-a7399e76e3ee",
"created_by_ref": "identity--36cafddb-0259-4c61-934f-3bf91229afd6",
"created": "2022-07-02T19:59:12.739896Z",
"modified": "2022-07-02T19:59:12.739896Z",
"name": "View Focused",
"description": "TA12",
"description": "View Focused",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c370b0b0-1f43-4861-bb83-ec40bd163986"
"marking-definition--9d4537a2-0e1f-4c94-a12b-dbb224406b72"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--e70bbb18-4493-4974-859a-4798ca7e6606.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--437280b4-4445-456f-ab6c-2ef6d9913c4d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--5ca57773-585a-42ec-8c7f-c8ce9b3c60de",
"id": "bundle--afa1c407-089b-410c-93c0-989d24b246c8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--e70bbb18-4493-4974-859a-4798ca7e6606",
"created_by_ref": "identity--812b328b-b064-470e-a930-5775015148fd",
"created": "2022-07-02T19:37:33.865308Z",
"modified": "2022-07-02T19:37:33.865308Z",
"id": "attack-pattern--437280b4-4445-456f-ab6c-2ef6d9913c4d",
"created_by_ref": "identity--7e4b79b1-425b-4343-8d3c-24031ad1d8bc",
"created": "2022-07-02T19:59:12.660033Z",
"modified": "2022-07-02T19:59:12.660033Z",
"name": "Recruit Contractors",
"description": "TA15",
"description": "Operators recruit paid contractor to support the campaign.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--7f9d362e-b46b-4c7e-a578-a6b3c9510ff2"
"marking-definition--84169122-4c45-4b07-8046-f8b412019ef1"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--37ae4113-66c1-4ae3-82a2-a6d0b8d9fefc.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--46b33983-93aa-40b2-b70f-cbcf47e346e3.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--3509675f-60e8-457d-a50c-35f1b85c510e",
"id": "bundle--f3dc32fd-cf87-45f4-88ae-2c115c7cae74",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--37ae4113-66c1-4ae3-82a2-a6d0b8d9fefc",
"created_by_ref": "identity--74136e56-674a-490c-b466-81c71e0e6b2a",
"created": "2022-07-02T19:37:33.829611Z",
"modified": "2022-07-02T19:37:33.829611Z",
"id": "attack-pattern--46b33983-93aa-40b2-b70f-cbcf47e346e3",
"created_by_ref": "identity--449017f3-a995-4cbb-8b71-2d5de6bc90e1",
"created": "2022-07-02T19:59:12.631699Z",
"modified": "2022-07-02T19:59:12.631699Z",
"name": "Harass",
"description": "TA18",
"description": "Threatening or harassing believers of opposing narratives refers to the use of intimidation techniques, including cyberbullying and doxing, to discourage opponents from voicing their dissent. An influence operation may threaten or harass believers of the opposing narratives to deter individuals from posting or proliferating conflicting content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--04b086b6-f1f4-4d1f-9451-c4125c414f56"
"marking-definition--7280bf79-5ecf-42de-8c3b-47a7b799f894"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1291465b-22f5-446f-b5a5-135024b390e9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--471067d8-da62-4984-b4f6-e5e8f297babe.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--21f32b53-7712-46ed-ad71-68549d343930",
"id": "bundle--ccfe3dbf-98b3-4942-bc11-f1023ee5ca40",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1291465b-22f5-446f-b5a5-135024b390e9",
"created_by_ref": "identity--4aaa6851-f302-4c91-8e19-3796c70b1598",
"created": "2022-07-02T19:37:33.896465Z",
"modified": "2022-07-02T19:37:33.896465Z",
"id": "attack-pattern--471067d8-da62-4984-b4f6-e5e8f297babe",
"created_by_ref": "identity--7e53dc0f-837a-466a-9599-e5e6e0c119c8",
"created": "2022-07-02T19:59:12.722221Z",
"modified": "2022-07-02T19:59:12.722221Z",
"name": "Post Across Disciplines",
"description": "TA17",
"description": "Post Across Disciplines",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--22f60d0c-e396-4e34-a9f0-361d9c25c0ea"
"marking-definition--3bcbf3ad-0c66-41dd-b573-42212a4548fc"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--7fb05fc4-d1dc-45f1-ae4d-1b0142c7aed9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--47939552-d779-467a-b393-92d25b0f9561.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--52e191ba-e65a-4064-8a57-3c9136799cab",
"id": "bundle--6d38e990-6809-446f-925f-064c92c86d46",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7fb05fc4-d1dc-45f1-ae4d-1b0142c7aed9",
"created_by_ref": "identity--2753afe1-ca54-44c7-b978-7a6b255b4c29",
"created": "2022-07-02T19:37:33.918748Z",
"modified": "2022-07-02T19:37:33.918748Z",
"id": "attack-pattern--47939552-d779-467a-b393-92d25b0f9561",
"created_by_ref": "identity--02560f30-a08f-4df8-b33c-a254c0279573",
"created": "2022-07-02T19:59:12.74022Z",
"modified": "2022-07-02T19:59:12.74022Z",
"name": "Measure Effectiveness",
"description": "TA12",
"description": "A metric used to measure a current system state. \u201cAre we on track to achieve the intended new system state within the planned timescale?\u201d",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--aebfba72-86b0-456d-886d-9b6fd4e97a7a"
"marking-definition--b21e9780-10f4-4870-9f43-4e625f0d5a78"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8225e0f1-6458-4954-97a1-955b9595869a.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--49b98725-5779-44e4-afd0-2602525a9f63.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--3e6255cf-9bb5-4de2-a5cf-381a6c28fbb0",
"id": "bundle--2959e0cf-69fd-4e6d-a1f5-5b043074abb7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8225e0f1-6458-4954-97a1-955b9595869a",
"created_by_ref": "identity--d9506b5a-4358-4147-b9c0-a9f0cab255d2",
"created": "2022-07-02T19:37:33.917904Z",
"modified": "2022-07-02T19:37:33.917904Z",
"id": "attack-pattern--49b98725-5779-44e4-afd0-2602525a9f63",
"created_by_ref": "identity--610c5092-f4ef-48a6-bf10-c9e2c0589c42",
"created": "2022-07-02T19:59:12.739566Z",
"modified": "2022-07-02T19:59:12.739566Z",
"name": "Content Focused",
"description": "TA12",
"description": "Measure the performance of campaign content",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0e9a54ad-ce2e-496b-a3a3-b01481930f12"
"marking-definition--eba3b183-00a1-461d-a7ef-80c1948e4823"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4bde1313-8318-4a51-b4c5-191a666cdab4.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--9f1e2140-0a3e-495e-a702-aa87ad1601f6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4bde1313-8318-4a51-b4c5-191a666cdab4",
"created_by_ref": "identity--b944f8b8-d054-435d-90a3-0702d4b49458",
"created": "2022-07-02T19:37:33.898969Z",
"modified": "2022-07-02T19:37:33.898969Z",
"name": "Direct Users to Alternative Platforms",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0122.md",
"external_id": "T0122"
}
],
"object_marking_refs": [
"marking-definition--96d95bc4-ca1a-4566-89f2-429522954ccf"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--12c1e2de-2948-43e2-91f5-d6d6287fcb81.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c1c82a2-472b-4b47-8c5e-21d2bfee7d2e.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--56e5523b-3b2d-4c76-a296-f69a212eb8d8",
"id": "bundle--00204bcf-4972-4c51-b966-c619745a7da0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--12c1e2de-2948-43e2-91f5-d6d6287fcb81",
"created_by_ref": "identity--1d886c1b-0338-4453-a267-8e81f44e5a3a",
"created": "2022-07-02T19:37:33.912846Z",
"modified": "2022-07-02T19:37:33.912846Z",
"id": "attack-pattern--4c1c82a2-472b-4b47-8c5e-21d2bfee7d2e",
"created_by_ref": "identity--a8e469c7-4cdc-48e5-8a70-ac9062394b80",
"created": "2022-07-02T19:59:12.735522Z",
"modified": "2022-07-02T19:59:12.735522Z",
"name": "Misattribute Activity",
"description": "TA11",
"description": "Misattributed activity refers to incorrectly attributed operation activity. For example, a state sponsored influence operation may conduct operation activity in a way that mimics another state so that external entities misattribute activity to the incorrect state. An operation may misattribute their activities to complicate attribution, avoid detection, or frame an adversary for negative behavior. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--cfdde26f-a0ff-4ab9-b5fa-a71bfaaf1c36"
"marking-definition--89701ab3-0436-4c2b-a1a0-ef84381ac1d7"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3a789c82-8041-413f-8c11-ba9506f755d4.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c396c44-aafa-4651-9478-9db90638238d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--59131d1d-cb36-4553-9b10-d101f3047930",
"id": "bundle--5f86d6a4-d38b-4f15-a605-61cbd7ee9f11",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3a789c82-8041-413f-8c11-ba9506f755d4",
"created_by_ref": "identity--580d5765-58fa-4626-9e73-307e7b90a7bc",
"created": "2022-07-02T19:37:33.890565Z",
"modified": "2022-07-02T19:37:33.890565Z",
"id": "attack-pattern--4c396c44-aafa-4651-9478-9db90638238d",
"created_by_ref": "identity--06f85bb8-677b-4d4a-ad98-479a7554fef7",
"created": "2022-07-02T19:59:12.680317Z",
"modified": "2022-07-02T19:59:12.680317Z",
"name": "Deliver Ads",
"description": "TA09",
"description": "Delivering content via any form of paid media or advertising.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--38076451-aeef-4cd2-aaf8-a9add5a65c1b"
"marking-definition--016822cb-0710-4614-9b25-94b97219c117"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--cca18ee2-3c33-4756-8278-650053b1f759.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4d1d222d-28c3-4e31-b32d-b7eb240fd115.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--9a24132e-8279-4309-85eb-57fb58daa55c",
"id": "bundle--d7e31a3e-5c56-459d-b8f5-bd5ef1374bcc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--cca18ee2-3c33-4756-8278-650053b1f759",
"created_by_ref": "identity--66ccc20a-2051-4cc6-b4ad-03877c927632",
"created": "2022-07-02T19:37:33.844151Z",
"modified": "2022-07-02T19:37:33.844151Z",
"id": "attack-pattern--4d1d222d-28c3-4e31-b32d-b7eb240fd115",
"created_by_ref": "identity--843ebb61-0a43-4c9a-a76f-12479c27581b",
"created": "2022-07-02T19:59:12.643248Z",
"modified": "2022-07-02T19:59:12.643248Z",
"name": "Distract",
"description": "TA02",
"description": "Shift attention to a different narrative or actor, for instance by accusing critics of the same activity that they\u2019ve accused you of (e.g. police brutality).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--e52a5099-4499-477e-8dd4-f8af612bd288"
"marking-definition--b7b1a968-f717-426c-909f-da075d3cd2dc"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

Some files were not shown because too many files have changed in this diff Show More