Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2024-10-01 01:45:36 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added EEAS framework objects and STIX generator

Browse Source 
Added framework objects:
- Added technique T0066 "Degrade adversary" to TA02
- Added technique T0067 "Plan to discredit credible sources" to TA02
- Added technique T0068 "respond to breaking news event" to TA02
- Added technique T0069  "respond to active crisis" to TA02
- Added technique T0070 "Analyze existing communities" to TA02
- Added technique T0071 "Find echo chambers" to TA13
- Added technique T0072  "Segment audiences" to TA13

Added STIX generator from repo DISARM-stix2, and added code to generate github files, databases, and STIX from the same Jupyter notebook.
This commit is contained in:
Sara-Jayne Terp 2022-02-20 15:40:34 -05:00
parent 2117dcf09b
commit c11e9d06ad
46 changed files with 2428 additions and 17533 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

BIN
CODE/.DS_Store vendored
View File

Binary file not shown.

206
CODE/.ipynb_checkpoints/generate_DISARM_pages-checkpoint.ipynb
View File

@ -4,9 +4,16 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"# Generate DISARM github files\n",
"# Generate DISARM files\n",
"\n",
"Generate all the DISARM github files from the DISARM master spreadsheets, being careful to retain any comments people have made below the \"don't write above this\" line in them. "
"Generate DISARM files and database objects from the DISARM master spreadsheets."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 1. Generate DISARM github pages"
]
},
{
@ -54,9 +61,64 @@
"disarm.generate_and_write_datafiles()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 2. Generate DISARM STIX objects"
]
},
{
"cell_type": "code",
"execution_count": 2,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"'conduct-center-of-gravity-analysis' is not a recognized DISARM Tactic.\n",
"'drive-offline-activity' is not a recognized DISARM Tactic.\n"
]
}
],
"source": [
"import sys\n",
"sys.path.insert(0, \"DISARM-STIX2\")\n",
"from main import generate_disarm_stix\n",
"\n",
"generate_disarm_stix()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 3. Generate DISARM database objects"
]
},
{
"cell_type": "code",
"execution_count": 3,
"metadata": {},
"outputs": [],
"source": [
"from generate_disarm_sql import generate_disarm_sql\n",
"\n",
"generate_disarm_sql('sqlite')\n",
"generate_disarm_sql('postgresql_local')"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 4 (optional). Look at datasets"
]
},
{
"cell_type": "code",
"execution_count": 4,
"metadata": {
"scrolled": true
},
@ -88,6 +150,7 @@
" <th>sector_ids</th>\n",
" <th>framework_ids</th>\n",
" <th>longname</th>\n",
" <th>Jon's comments/questions</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
@ -99,6 +162,7 @@
" <td>S001, S002, S003, S004, S005, S006, S007, S008...</td>\n",
" <td>FW01, FW02</td>\n",
" <td>A001 - data scientist</td>\n",
" <td>What actual actions do data scientists execute...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>1</th>\n",
@ -108,6 +172,7 @@
" <td>S001, S002, S003, S004, S005, S006, S007, S008...</td>\n",
" <td>FW02</td>\n",
" <td>A002 - target</td>\n",
" <td>Both red and blue framework users will refer t...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>2</th>\n",
@ -117,6 +182,7 @@
" <td>S001, S002, S003, S004, S005, S006, S007, S008...</td>\n",
" <td>FW01, FW02</td>\n",
" <td>A003 - trusted authority</td>\n",
" <td>Is A003 best summarised by the word \"Inluencer...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>3</th>\n",
@ -126,6 +192,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A004 - activist</td>\n",
" <td>What does this actortype do?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>4</th>\n",
@ -135,6 +202,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A005 - community group</td>\n",
" <td>What does this actortype do?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>5</th>\n",
@ -144,6 +212,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A006 - educator</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>6</th>\n",
@ -153,6 +222,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A007 - factchecker</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>7</th>\n",
@ -162,6 +232,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A008 - library</td>\n",
" <td>Is this an actortype? A sub-sector, yes. But w...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>8</th>\n",
@ -171,6 +242,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A009 - NGO</td>\n",
" <td>This is a sector, not an actortype</td>\n",
" </tr>\n",
" <tr>\n",
" <th>9</th>\n",
@ -180,6 +252,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A010 - religious organisation</td>\n",
" <td>\"Faith communities\" are a sub-sector of the Ci...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>10</th>\n",
@ -189,6 +262,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A011 - school</td>\n",
" <td>This is a subsector of S004 - not an actortype...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>11</th>\n",
@ -198,6 +272,7 @@
" <td>S006</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A012 - account owner</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>12</th>\n",
@ -207,6 +282,7 @@
" <td>S006</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A013 - content creator</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>13</th>\n",
@ -216,6 +292,7 @@
" <td>S006</td>\n",
" <td>FW02</td>\n",
" <td>A014 - elves</td>\n",
" <td>??? SJ, you have told me, but I've forgotten</td>\n",
" </tr>\n",
" <tr>\n",
" <th>14</th>\n",
@ -225,6 +302,7 @@
" <td>S006</td>\n",
" <td>FW02</td>\n",
" <td>A015 - general public</td>\n",
" <td>Duplication of a field in the sector object. B...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>15</th>\n",
@ -234,6 +312,7 @@
" <td>S006</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A016 - influencer</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>16</th>\n",
@ -243,6 +322,7 @@
" <td>S003</td>\n",
" <td>FW02</td>\n",
" <td>A017 - coordinating body</td>\n",
" <td>\"Response coordinator\"? Or just 'Coordinator\"</td>\n",
" </tr>\n",
" <tr>\n",
" <th>17</th>\n",
@ -252,6 +332,7 @@
" <td>S003</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A018 - government</td>\n",
" <td>DHS (A017) is \"government\". Again, this is a f...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>18</th>\n",
@ -261,6 +342,7 @@
" <td>S003</td>\n",
" <td>FW02</td>\n",
" <td>A019 - military</td>\n",
" <td>A019 is a sub-sector of \"government\". Again, t...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>19</th>\n",
@ -270,6 +352,7 @@
" <td>S003</td>\n",
" <td>FW02</td>\n",
" <td>A020 - policy maker</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>20</th>\n",
@ -279,6 +362,7 @@
" <td>S010</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A021 - media organisation</td>\n",
" <td>Not an actortype. The actor is perhaps as the ...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>21</th>\n",
@ -288,6 +372,7 @@
" <td>S009</td>\n",
" <td>FW02</td>\n",
" <td>A022 - company</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>22</th>\n",
@ -297,6 +382,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A023 - adtech provider</td>\n",
" <td>Should Adtech be a called-out subsector of S00...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>23</th>\n",
@ -306,6 +392,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A024 - developer</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>24</th>\n",
@ -315,6 +402,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A025 - funding_site_admin</td>\n",
" <td>What is this?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>25</th>\n",
@ -324,6 +412,7 @@
" <td>S008</td>\n",
" <td>FW01, FW02</td>\n",
" <td>A026 - games designer</td>\n",
" <td>Just \"Designer\"? Would the TTP context not mak...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>26</th>\n",
@ -333,6 +422,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A027 - information security</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>27</th>\n",
@ -342,6 +432,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A028 - platform administrator</td>\n",
" <td>Just \"Administrator\"?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>28</th>\n",
@ -351,6 +442,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A029 - server admininistrator</td>\n",
" <td>Just \"Administrator\"? (de-duplicating A028)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>29</th>\n",
@ -360,6 +452,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A030 - platforms</td>\n",
" <td>The same as S007? If there is an action here, ...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>30</th>\n",
@ -369,6 +462,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A031 - social media platform adminstrator</td>\n",
" <td>Not needed, given A028. The sector selection d...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>31</th>\n",
@ -378,6 +472,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A032 - social media platform outreach</td>\n",
" <td>What does this do?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>32</th>\n",
@ -387,6 +482,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A033 - social media platform owner</td>\n",
" <td></td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
@ -498,48 +594,84 @@
"31 S007 FW02 \n",
"32 S007 FW02 \n",
"\n",
" longname \n",
"0 A001 - data scientist \n",
"1 A002 - target \n",
"2 A003 - trusted authority \n",
"3 A004 - activist \n",
"4 A005 - community group \n",
"5 A006 - educator \n",
"6 A007 - factchecker \n",
"7 A008 - library \n",
"8 A009 - NGO \n",
"9 A010 - religious organisation \n",
"10 A011 - school \n",
"11 A012 - account owner \n",
"12 A013 - content creator \n",
"13 A014 - elves \n",
"14 A015 - general public \n",
"15 A016 - influencer \n",
"16 A017 - coordinating body \n",
"17 A018 - government \n",
"18 A019 - military \n",
"19 A020 - policy maker \n",
"20 A021 - media organisation \n",
"21 A022 - company \n",
"22 A023 - adtech provider \n",
"23 A024 - developer \n",
"24 A025 - funding_site_admin \n",
"25 A026 - games designer \n",
"26 A027 - information security \n",
"27 A028 - platform administrator \n",
"28 A029 - server admininistrator \n",
"29 A030 - platforms \n",
"30 A031 - social media platform adminstrator \n",
"31 A032 - social media platform outreach \n",
"32 A033 - social media platform owner "
" longname \\\n",
"0 A001 - data scientist \n",
"1 A002 - target \n",
"2 A003 - trusted authority \n",
"3 A004 - activist \n",
"4 A005 - community group \n",
"5 A006 - educator \n",
"6 A007 - factchecker \n",
"7 A008 - library \n",
"8 A009 - NGO \n",
"9 A010 - religious organisation \n",
"10 A011 - school \n",
"11 A012 - account owner \n",
"12 A013 - content creator \n",
"13 A014 - elves \n",
"14 A015 - general public \n",
"15 A016 - influencer \n",
"16 A017 - coordinating body \n",
"17 A018 - government \n",
"18 A019 - military \n",
"19 A020 - policy maker \n",
"20 A021 - media organisation \n",
"21 A022 - company \n",
"22 A023 - adtech provider \n",
"23 A024 - developer \n",
"24 A025 - funding_site_admin \n",
"25 A026 - games designer \n",
"26 A027 - information security \n",
"27 A028 - platform administrator \n",
"28 A029 - server admininistrator \n",
"29 A030 - platforms \n",
"30 A031 - social media platform adminstrator \n",
"31 A032 - social media platform outreach \n",
"32 A033 - social media platform owner \n",
"\n",
" Jon's comments/questions \n",
"0 What actual actions do data scientists execute... \n",
"1 Both red and blue framework users will refer t... \n",
"2 Is A003 best summarised by the word \"Inluencer... \n",
"3 What does this actortype do? \n",
"4 What does this actortype do? \n",
"5 \n",
"6 \n",
"7 Is this an actortype? A sub-sector, yes. But w... \n",
"8 This is a sector, not an actortype \n",
"9 \"Faith communities\" are a sub-sector of the Ci... \n",
"10 This is a subsector of S004 - not an actortype... \n",
"11 \n",
"12 \n",
"13 ??? SJ, you have told me, but I've forgotten \n",
"14 Duplication of a field in the sector object. B... \n",
"15 \n",
"16 \"Response coordinator\"? Or just 'Coordinator\" \n",
"17 DHS (A017) is \"government\". Again, this is a f... \n",
"18 A019 is a sub-sector of \"government\". Again, t... \n",
"19 \n",
"20 Not an actortype. The actor is perhaps as the ... \n",
"21 \n",
"22 Should Adtech be a called-out subsector of S00... \n",
"23 \n",
"24 What is this? \n",
"25 Just \"Designer\"? Would the TTP context not mak... \n",
"26 \n",
"27 Just \"Administrator\"? \n",
"28 Just \"Administrator\"? (de-duplicating A028) \n",
"29 The same as S007? If there is an action here, ... \n",
"30 Not needed, given A028. The sector selection d... \n",
"31 What does this do? \n",
"32 "
]
},
"execution_count": 2,
"execution_count": 4,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"pd.set_option('display.max_rows', 1000)\n",
"disarm.df_actortypes"
]
},

8575
CODE/.ipynb_checkpoints/generate_DISARM_sql-checkpoint.ipynb
View File

File diff suppressed because it is too large Load Diff

BIN
CODE/DISARM-STIX2/.DS_Store vendored Normal file
View File

Binary file not shown.

33
CODE/DISARM-STIX2/README.md Normal file
View File

@ -0,0 +1,33 @@
# DISARM STIX2 Generator
## Usage
1. Clone this repository.
2. Download the latest version of the DISARM Framework xlsx [here](https://github.com/DISARMFoundation/DISARMframeworks).
3. Copy the xlsx to the root directory of this repository.
4. Run `python3 main.py` to generate STIX objects in the `output/` folder.
5. `output/DISARM.json` contains the complete STIX bundle. The folders in `output/` contain individual objects for reference.
## DISARM STIX2
The DISARM STIX2 Generator encodes the DISARM object into the corresponding STIX2 object shown in the following table.
| DISARM | STIX2 |
|-----------|-----------------------|
| Matrix | Matrix (MITRE custom) |
| Tactic | Tactic (MITRE custom) |
| Technique | AttackPattern |
## MITRE ATT&CK Navigator
DISARM STIX is compatible with the MITRE ATT&CK Navigator.
DISARM object types, such as `Matrix`, `Tatic` are prefixed with `x-mitre--` for compatibility reasons.
DISARM `AttackPattern` objects also contain `x_mitre_is_subtechnique` and `x_mitre_platforms` properties for compatability. These properties cannot be removed without upstream changes to the ATT&CK Navigator.
## OpenCTI
DISARM STIX can be imported into OpenCTI via the OpenCTI STIX Importer plugin which is installed in OpenCTI by default.
Alternatively, use the OpenCTI DISARM plugin to continuously pull the latest DISARM STIX.

BIN
CODE/DISARM-STIX2/__pycache__/main.cpython-38.pyc Normal file
View File

Binary file not shown.

BIN
CODE/DISARM-STIX2/helpers/__pycache__/file.cpython-38.pyc Normal file
View File

Binary file not shown.

BIN
CODE/DISARM-STIX2/helpers/__pycache__/xlsx.cpython-38.pyc Normal file
View File

Binary file not shown.

82
CODE/DISARM-STIX2/helpers/file.py Normal file
View File

@ -0,0 +1,82 @@
import json
import os
from stix2 import Bundle
import shutil
outdir = '../generated_files/DISARM_STIX/'
def write_disarm_dir(dir, outdir=outdir):
"""
Args:
dir (str): a directory name
Returns:
"""
try:
os.mkdir(outdir)
except FileExistsError:
pass
try:
os.mkdir(outdir + dir)
except FileExistsError:
pass
def clean_output_dir(outdir=outdir):
"""Recursively delete the output folder.
Returns:
"""
try:
os.mkdir(outdir)
except FileExistsError:
pass
shutil.rmtree(outdir)
def write_file(file_name, file_data):
"""Write a JSON file to outdir
Args:
file_name (str): a file name
file_data (str): the file json data
Returns:
"""
with open(file_name, 'w') as f:
# f.write(json.dumps(file_data, sort_keys=True, indent=4))
f.write(file_data.serialize(pretty=True))
f.write('\n')
def write_files(stix_objects, outdir=outdir):
"""
Args:
stix_objects:
Returns:
"""
for i in stix_objects:
write_disarm_dir(i.type)
write_file(outdir+f"{i.type}/{i.id}.json", Bundle(i, allow_custom=True))
def write_bundle(bundle, bundle_name, outdir=outdir):
"""
Args:
bundle:
bundle_name:
Returns:
"""
write_file(outdir+f"{bundle_name}.json", bundle)

19
CODE/DISARM-STIX2/helpers/xlsx.py Normal file
View File

@ -0,0 +1,19 @@
import pandas as pd
def load_excel_data(infile):
"""Load an xlsx document.
Args:
infile (str): Path to an xlsx file.
Returns:
dict: xlsx sheets
"""
sheets = {}
xlsx = pd.ExcelFile(infile)
for sheetname in xlsx.sheet_names:
sheets[sheetname] = xlsx.parse(sheetname)
return sheets

49
CODE/DISARM-STIX2/main.py Normal file
View File

@ -0,0 +1,49 @@
# A STIX bundle generator for the DISARM Framework.
#
# Author: Roger Johnston, Twitter: @VV_X_7
# License: GPL-3
import pandas as pd
import openpyxl
from stix2 import (Bundle, AttackPattern, ThreatActor, IntrusionSet, Relationship, CustomObject, properties,
Malware, Tool, Campaign, Identity, MarkingDefinition, ExternalReference, StatementMarking,
GranularMarking, Location, MemoryStore, Filter)
from stix2.properties import (ReferenceProperty, ListProperty, StringProperty, TimestampProperty, BooleanProperty, IntegerProperty)
import helpers
from objects import tactic, technique, matrix, bundle
from helpers import xlsx, file
def generate_disarm_stix():
"""Generates a DISARM STIX bundle.
Returns:
"""
data = helpers.xlsx.load_excel_data("../DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx")
tactics = tactic.make_disarm_tactics(data)
techniques = technique.make_disarm_techniques(data)
navigator_matrix = matrix.make_disarm_matrix(tactics)
stix_objects = []
stix_objects.append(tactics)
stix_objects.append(techniques)
stix_objects.append(navigator_matrix)
stix_objects = [item for sublist in stix_objects for item in sublist]
# for i in stix_objects:
# print(i)
disarm_bundle = bundle.make_stix_bundle(stix_objects)
helpers.file.clean_output_dir()
helpers.file.write_files(stix_objects)
helpers.file.write_bundle(disarm_bundle, "DISARM")
if __name__ == "__main__":
generate_disarm_stix()

BIN
CODE/DISARM-STIX2/objects/__pycache__/bundle.cpython-38.pyc Normal file
View File

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/identity.cpython-38.pyc Normal file
View File

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/marking_definition.cpython-38.pyc Normal file
View File

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/matrix.cpython-38.pyc Normal file
View File

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/tactic.cpython-38.pyc Normal file
View File

Binary file not shown.

BIN
CODE/DISARM-STIX2/objects/__pycache__/technique.cpython-38.pyc Normal file
View File

Binary file not shown.

15
CODE/DISARM-STIX2/objects/bundle.py Normal file
View File

@ -0,0 +1,15 @@
from stix2 import Bundle
def make_stix_bundle(stix_objects):
"""Makes a STIX Bundle object.
Args:
stix_objects (list): A list of STIX objects.
Returns:
Bundle: A STIX Bundle object.
"""
bundle = Bundle(stix_objects, allow_custom=True)
return bundle

16
CODE/DISARM-STIX2/objects/identity.py Normal file
View File

@ -0,0 +1,16 @@
from stix2 import Identity
def make_disarm_identity():
"""Creates the default DISARM identity used for indicating authorship of various components in the bundle.
Returns:
identity: a STIX Identity object
"""
identity = Identity(
name="DISARM Foundation",
identity_class="organization",
description="DISARM is a framework designed for describing and understanding disinformation incidents.",
)
return identity

11
CODE/DISARM-STIX2/objects/marking_definition.py Normal file
View File

@ -0,0 +1,11 @@
from stix2 import MarkingDefinition, StatementMarking
from objects import identity
def make_disarm_marking_definition():
marking_definition = MarkingDefinition(
definition_type="statement",
created_by_ref=identity.make_disarm_identity(),
definition=StatementMarking(statement="CC-BY-SA-4.0 DISARM Foundation")
)
return marking_definition

51
CODE/DISARM-STIX2/objects/matrix.py Normal file
View File

@ -0,0 +1,51 @@
from stix2 import CustomObject, properties, ExternalReference
import objects.marking_definition
from objects import identity, marking_definition
@CustomObject('x-mitre-matrix', [
('name', properties.StringProperty(required=True)),
('description', properties.StringProperty(required=True)),
('tactic_refs', properties.ListProperty(properties.ReferenceProperty(valid_types="SDO"), required=True))
])
class Matrix(object):
def __init__(self, **kwargs):
if True:
pass
def make_disarm_matrix(tactics):
"""Creates a Matrix object.
Args:
tactics: A list of Tactic objects.
Returns:
"""
description = 'DISARM is a framework designed for describing and understanding disinformation incidents.'
external_references = [
{
"external_id": "DISARM",
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation"
}
]
name = 'DISARM Framework'
# print(tactics)
# p =[i.id for i in tactics]
# r = properties.ReferenceProperty()
# f = properties.ListProperty(r)
tactic_refs = [i.id for i in tactics]
matrix = Matrix(
name=name,
description=description,
external_references=external_references,
tactic_refs=tactic_refs,
allow_custom=True
)
return [matrix]

21
CODE/DISARM-STIX2/objects/relationship.py Normal file
View File

@ -0,0 +1,21 @@
from stix2 import Relationship, properties, ExternalReference
def make_disarm_subtechnique_relationship(source, target):
"""Creates a relationship between the parent technique and sub-technique.
Args:
source (str): Subtechnique ID
target (str): Parent technique ID
Returns:
A Relationship object.
"""
relationship = Relationship(
source_ref=source,
target_ref=target,
relationship_type="subtechnique-of"
)
return relationship

57
CODE/DISARM-STIX2/objects/tactic.py Normal file
View File

@ -0,0 +1,57 @@
from stix2 import CustomObject, properties, ExternalReference
import objects.marking_definition
from objects import identity, marking_definition
@CustomObject('x-mitre-tactic', [
('name', properties.StringProperty(required=True)),
('description', properties.StringProperty(required=True)),
('x_mitre_shortname', properties.StringProperty(required=True)),
('external_references', properties.ListProperty(ExternalReference))
])
class Tactic(object):
def __init__(self, x_mitre_shortname=None, **kwargs):
if x_mitre_shortname and x_mitre_shortname not in ["strategic-planning", "objective-planning",
"develop-people", "develop-persona",
"develop-networks", "microtargeting", "develop-content",
"channel-selection", "pump-priming", "exposure",
"go-physical",
"persistence", "measure-effectiveness"]:
# raise ValueError("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
print("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
def make_disarm_tactics(data):
"""Create all DISARM tactic objects.
Args:
data: The xlsx tactic sheet.
Returns:
A list of Tactics.
"""
tactics = []
for t in data["tactics"].values.tolist():
external_references = [
{
'external_id': f'{t[0]}',
'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/tactics/{t[0]}.md'
}
]
tactic = Tactic(
name=f"{t[1]}",
description=f"{t[5]}",
x_mitre_shortname=f'{t[1].lower().replace(" ", "-")}',
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity()
)
tactics.append(tactic)
return tactics

71
CODE/DISARM-STIX2/objects/technique.py Normal file
View File

@ -0,0 +1,71 @@
from stix2 import AttackPattern, properties, ExternalReference
import objects.marking_definition
import pandas as pd
from objects import identity, marking_definition
def make_disarm_techniques(data):
"""Create all DISARM Techniques objects.
Args:
data: The xlsx technique sheet.
Returns:
A list of Techniques.
"""
tacdict = pd.Series(data["tactics"].name.values, index=data["tactics"].disarm_id).to_dict()
techniques = []
for t in data["techniques"].values.tolist():
external_references = [
{
'external_id': f'{t[0]}',
'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
}
]
kill_chain_phases = [
{
'phase_name': tacdict[t[3]].replace(' ', '-').lower(),
'kill_chain_name': 'mitre-attack'
}
]
subtechnique = t[0].split(".")
x_mitre_is_subtechnique = False
if len(subtechnique) > 1:
x_mitre_is_subtechnique = True
# MITRE ATT&CK Navigator expect techniques to have at least one of these platforms.
# Without one, the technique will not render in the Navigator.
x_mitre_platforms = 'Windows', 'Linux', 'Mac'
technique = AttackPattern(
name=f"{t[1]}",
description=f"{t[3]}",
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity(),
kill_chain_phases=kill_chain_phases,
custom_properties={
'x_mitre_platforms': x_mitre_platforms,
'x_mitre_version': "1,0",
'x_mitre_is_subtechnique': x_mitre_is_subtechnique
}
)
techniques.append(technique)
return techniques
def make_subtechnique_map(techinques):
"""
Args:
techinques:
Returns:
"""
pass

3
CODE/DISARM-STIX2/requirements.txt Normal file
View File

@ -0,0 +1,3 @@
pandas
openpyxl
stix2

1268
CODE/DISARM_code_testbed.ipynb
View File

File diff suppressed because it is too large Load Diff

BIN
CODE/__pycache__/generate_disarm_sql.cpython-38.pyc Normal file
View File

Binary file not shown.

288
CODE/generate_DISARM_pages.ipynb
View File

@ -4,9 +4,16 @@
"cell_type": "markdown",
"metadata": {},
"source": [
"# Generate DISARM github files\n",
"# Generate DISARM files\n",
"\n",
"Generate all the DISARM github files from the DISARM master spreadsheets, being careful to retain any comments people have made below the \"don't write above this\" line in them. "
"Generate DISARM files and database objects from the DISARM master spreadsheets."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 1. Generate DISARM github pages"
]
},
{
@ -28,96 +35,14 @@
"updated ../generated_pages/phases_index.md\n",
"Temp: objecttype tactic\n",
"updated ../generated_pages/tactics_index.md\n",
"Updating ../generated_pages/tactics/TA01.md\n",
"Updating ../generated_pages/tactics/TA02.md\n",
"Updating ../generated_pages/tactics/TA13.md\n",
"Updating ../generated_pages/tactics/TA04.md\n",
"Updating ../generated_pages/tactics/TA05.md\n",
"Updating ../generated_pages/tactics/TA06.md\n",
"Updating ../generated_pages/tactics/TA08.md\n",
"Updating ../generated_pages/tactics/TA10.md\n",
"Temp: objecttype technique\n",
"updated ../generated_pages/techniques_index.md\n",
"Updating ../generated_pages/techniques/T0004.md\n",
"Updating ../generated_pages/techniques/T0006.md\n",
"Updating ../generated_pages/techniques/T0011.md\n",
"Updating ../generated_pages/techniques/T0014.md\n",
"Updating ../generated_pages/techniques/T0015.md\n",
"Updating ../generated_pages/techniques/T0017.md\n",
"Updating ../generated_pages/techniques/T0018.md\n",
"Updating ../generated_pages/techniques/T0026.md\n",
"Updating ../generated_pages/techniques/T0065.md\n",
"Temp: objecttype task\n",
"updated ../generated_pages/tasks_index.md\n",
"Temp: objecttype incident\n",
"updated ../generated_pages/incidents_index.md\n",
"Updating ../generated_pages/incidents/I00002.md\n",
"Updating ../generated_pages/incidents/I00005.md\n",
"Updating ../generated_pages/incidents/I00006.md\n",
"Updating ../generated_pages/incidents/I00017.md\n",
"Updating ../generated_pages/incidents/I00042.md\n",
"Temp: objecttype counter\n",
"updated ../generated_pages/counters_index.md\n",
"Updating ../generated_pages/counters/C00006.md\n",
"Updating ../generated_pages/counters/C00008.md\n",
"Updating ../generated_pages/counters/C00010.md\n",
"Updating ../generated_pages/counters/C00011.md\n",
"Updating ../generated_pages/counters/C00012.md\n",
"Updating ../generated_pages/counters/C00014.md\n",
"Updating ../generated_pages/counters/C00016.md\n",
"Updating ../generated_pages/counters/C00021.md\n",
"Updating ../generated_pages/counters/C00022.md\n",
"Updating ../generated_pages/counters/C00024.md\n",
"Updating ../generated_pages/counters/C00027.md\n",
"Updating ../generated_pages/counters/C00029.md\n",
"Updating ../generated_pages/counters/C00030.md\n",
"Updating ../generated_pages/counters/C00031.md\n",
"Updating ../generated_pages/counters/C00036.md\n",
"Updating ../generated_pages/counters/C00042.md\n",
"Updating ../generated_pages/counters/C00053.md\n",
"Updating ../generated_pages/counters/C00058.md\n",
"Updating ../generated_pages/counters/C00059.md\n",
"Updating ../generated_pages/counters/C00065.md\n",
"Updating ../generated_pages/counters/C00066.md\n",
"Updating ../generated_pages/counters/C00067.md\n",
"Updating ../generated_pages/counters/C00070.md\n",
"Updating ../generated_pages/counters/C00073.md\n",
"Updating ../generated_pages/counters/C00074.md\n",
"Updating ../generated_pages/counters/C00076.md\n",
"Updating ../generated_pages/counters/C00080.md\n",
"Updating ../generated_pages/counters/C00081.md\n",
"Updating ../generated_pages/counters/C00082.md\n",
"Updating ../generated_pages/counters/C00084.md\n",
"Updating ../generated_pages/counters/C00085.md\n",
"Updating ../generated_pages/counters/C00093.md\n",
"Updating ../generated_pages/counters/C00094.md\n",
"Updating ../generated_pages/counters/C00096.md\n",
"Updating ../generated_pages/counters/C00098.md\n",
"Updating ../generated_pages/counters/C00105.md\n",
"Updating ../generated_pages/counters/C00107.md\n",
"Updating ../generated_pages/counters/C00117.md\n",
"Updating ../generated_pages/counters/C00119.md\n",
"Updating ../generated_pages/counters/C00122.md\n",
"Updating ../generated_pages/counters/C00125.md\n",
"Updating ../generated_pages/counters/C00126.md\n",
"Updating ../generated_pages/counters/C00129.md\n",
"Updating ../generated_pages/counters/C00133.md\n",
"Updating ../generated_pages/counters/C00153.md\n",
"Updating ../generated_pages/counters/C00155.md\n",
"Updating ../generated_pages/counters/C00156.md\n",
"Updating ../generated_pages/counters/C00161.md\n",
"Updating ../generated_pages/counters/C00162.md\n",
"Updating ../generated_pages/counters/C00164.md\n",
"Updating ../generated_pages/counters/C00169.md\n",
"Updating ../generated_pages/counters/C00176.md\n",
"Updating ../generated_pages/counters/C00178.md\n",
"Updating ../generated_pages/counters/C00182.md\n",
"Updating ../generated_pages/counters/C00189.md\n",
"Updating ../generated_pages/counters/C00195.md\n",
"Updating ../generated_pages/counters/C00197.md\n",
"Updating ../generated_pages/counters/C00211.md\n",
"Updating ../generated_pages/counters/C00216.md\n",
"Updating ../generated_pages/counters/C00219.md\n",
"Temp: objecttype metatechnique\n",
"updated ../generated_pages/metatechniques_index.md\n",
"Temp: objecttype actortype\n",
@ -136,9 +61,64 @@
"disarm.generate_and_write_datafiles()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 2. Generate DISARM STIX objects"
]
},
{
"cell_type": "code",
"execution_count": 2,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"'conduct-center-of-gravity-analysis' is not a recognized DISARM Tactic.\n",
"'drive-offline-activity' is not a recognized DISARM Tactic.\n"
]
}
],
"source": [
"import sys\n",
"sys.path.insert(0, \"DISARM-STIX2\")\n",
"from main import generate_disarm_stix\n",
"\n",
"generate_disarm_stix()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 3. Generate DISARM database objects"
]
},
{
"cell_type": "code",
"execution_count": 3,
"metadata": {},
"outputs": [],
"source": [
"from generate_disarm_sql import generate_disarm_sql\n",
"\n",
"generate_disarm_sql('sqlite')\n",
"generate_disarm_sql('postgresql_local')"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Step 4 (optional). Look at datasets"
]
},
{
"cell_type": "code",
"execution_count": 4,
"metadata": {
"scrolled": true
},
@ -170,6 +150,7 @@
" <th>sector_ids</th>\n",
" <th>framework_ids</th>\n",
" <th>longname</th>\n",
" <th>Jon's comments/questions</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
@ -181,6 +162,7 @@
" <td>S001, S002, S003, S004, S005, S006, S007, S008...</td>\n",
" <td>FW01, FW02</td>\n",
" <td>A001 - data scientist</td>\n",
" <td>What actual actions do data scientists execute...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>1</th>\n",
@ -190,6 +172,7 @@
" <td>S001, S002, S003, S004, S005, S006, S007, S008...</td>\n",
" <td>FW02</td>\n",
" <td>A002 - target</td>\n",
" <td>Both red and blue framework users will refer t...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>2</th>\n",
@ -199,6 +182,7 @@
" <td>S001, S002, S003, S004, S005, S006, S007, S008...</td>\n",
" <td>FW01, FW02</td>\n",
" <td>A003 - trusted authority</td>\n",
" <td>Is A003 best summarised by the word \"Inluencer...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>3</th>\n",
@ -208,6 +192,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A004 - activist</td>\n",
" <td>What does this actortype do?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>4</th>\n",
@ -217,6 +202,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A005 - community group</td>\n",
" <td>What does this actortype do?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>5</th>\n",
@ -226,6 +212,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A006 - educator</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>6</th>\n",
@ -235,6 +222,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A007 - factchecker</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>7</th>\n",
@ -244,6 +232,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A008 - library</td>\n",
" <td>Is this an actortype? A sub-sector, yes. But w...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>8</th>\n",
@ -253,6 +242,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A009 - NGO</td>\n",
" <td>This is a sector, not an actortype</td>\n",
" </tr>\n",
" <tr>\n",
" <th>9</th>\n",
@ -262,6 +252,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A010 - religious organisation</td>\n",
" <td>\"Faith communities\" are a sub-sector of the Ci...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>10</th>\n",
@ -271,6 +262,7 @@
" <td>S002</td>\n",
" <td>FW02</td>\n",
" <td>A011 - school</td>\n",
" <td>This is a subsector of S004 - not an actortype...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>11</th>\n",
@ -280,6 +272,7 @@
" <td>S006</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A012 - account owner</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>12</th>\n",
@ -289,6 +282,7 @@
" <td>S006</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A013 - content creator</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>13</th>\n",
@ -298,6 +292,7 @@
" <td>S006</td>\n",
" <td>FW02</td>\n",
" <td>A014 - elves</td>\n",
" <td>??? SJ, you have told me, but I've forgotten</td>\n",
" </tr>\n",
" <tr>\n",
" <th>14</th>\n",
@ -307,6 +302,7 @@
" <td>S006</td>\n",
" <td>FW02</td>\n",
" <td>A015 - general public</td>\n",
" <td>Duplication of a field in the sector object. B...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>15</th>\n",
@ -316,6 +312,7 @@
" <td>S006</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A016 - influencer</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>16</th>\n",
@ -325,6 +322,7 @@
" <td>S003</td>\n",
" <td>FW02</td>\n",
" <td>A017 - coordinating body</td>\n",
" <td>\"Response coordinator\"? Or just 'Coordinator\"</td>\n",
" </tr>\n",
" <tr>\n",
" <th>17</th>\n",
@ -334,6 +332,7 @@
" <td>S003</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A018 - government</td>\n",
" <td>DHS (A017) is \"government\". Again, this is a f...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>18</th>\n",
@ -343,6 +342,7 @@
" <td>S003</td>\n",
" <td>FW02</td>\n",
" <td>A019 - military</td>\n",
" <td>A019 is a sub-sector of \"government\". Again, t...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>19</th>\n",
@ -352,6 +352,7 @@
" <td>S003</td>\n",
" <td>FW02</td>\n",
" <td>A020 - policy maker</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>20</th>\n",
@ -361,6 +362,7 @@
" <td>S010</td>\n",
" <td>FW01\\nFW02</td>\n",
" <td>A021 - media organisation</td>\n",
" <td>Not an actortype. The actor is perhaps as the ...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>21</th>\n",
@ -370,6 +372,7 @@
" <td>S009</td>\n",
" <td>FW02</td>\n",
" <td>A022 - company</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>22</th>\n",
@ -379,6 +382,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A023 - adtech provider</td>\n",
" <td>Should Adtech be a called-out subsector of S00...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>23</th>\n",
@ -388,6 +392,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A024 - developer</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>24</th>\n",
@ -397,6 +402,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A025 - funding_site_admin</td>\n",
" <td>What is this?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>25</th>\n",
@ -406,6 +412,7 @@
" <td>S008</td>\n",
" <td>FW01, FW02</td>\n",
" <td>A026 - games designer</td>\n",
" <td>Just \"Designer\"? Would the TTP context not mak...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>26</th>\n",
@ -415,6 +422,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A027 - information security</td>\n",
" <td></td>\n",
" </tr>\n",
" <tr>\n",
" <th>27</th>\n",
@ -424,6 +432,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A028 - platform administrator</td>\n",
" <td>Just \"Administrator\"?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>28</th>\n",
@ -433,6 +442,7 @@
" <td>S008</td>\n",
" <td>FW02</td>\n",
" <td>A029 - server admininistrator</td>\n",
" <td>Just \"Administrator\"? (de-duplicating A028)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>29</th>\n",
@ -442,6 +452,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A030 - platforms</td>\n",
" <td>The same as S007? If there is an action here, ...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>30</th>\n",
@ -451,6 +462,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A031 - social media platform adminstrator</td>\n",
" <td>Not needed, given A028. The sector selection d...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>31</th>\n",
@ -460,6 +472,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A032 - social media platform outreach</td>\n",
" <td>What does this do?</td>\n",
" </tr>\n",
" <tr>\n",
" <th>32</th>\n",
@ -469,6 +482,7 @@
" <td>S007</td>\n",
" <td>FW02</td>\n",
" <td>A033 - social media platform owner</td>\n",
" <td></td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
@ -580,48 +594,84 @@
"31 S007 FW02 \n",
"32 S007 FW02 \n",
"\n",
" longname \n",
"0 A001 - data scientist \n",
"1 A002 - target \n",
"2 A003 - trusted authority \n",
"3 A004 - activist \n",
"4 A005 - community group \n",
"5 A006 - educator \n",
"6 A007 - factchecker \n",
"7 A008 - library \n",
"8 A009 - NGO \n",
"9 A010 - religious organisation \n",
"10 A011 - school \n",
"11 A012 - account owner \n",
"12 A013 - content creator \n",
"13 A014 - elves \n",
"14 A015 - general public \n",
"15 A016 - influencer \n",
"16 A017 - coordinating body \n",
"17 A018 - government \n",
"18 A019 - military \n",
"19 A020 - policy maker \n",
"20 A021 - media organisation \n",
"21 A022 - company \n",
"22 A023 - adtech provider \n",
"23 A024 - developer \n",
"24 A025 - funding_site_admin \n",
"25 A026 - games designer \n",
"26 A027 - information security \n",
"27 A028 - platform administrator \n",
"28 A029 - server admininistrator \n",
"29 A030 - platforms \n",
"30 A031 - social media platform adminstrator \n",
"31 A032 - social media platform outreach \n",
"32 A033 - social media platform owner "
" longname \\\n",
"0 A001 - data scientist \n",
"1 A002 - target \n",
"2 A003 - trusted authority \n",
"3 A004 - activist \n",
"4 A005 - community group \n",
"5 A006 - educator \n",
"6 A007 - factchecker \n",
"7 A008 - library \n",
"8 A009 - NGO \n",
"9 A010 - religious organisation \n",
"10 A011 - school \n",
"11 A012 - account owner \n",
"12 A013 - content creator \n",
"13 A014 - elves \n",
"14 A015 - general public \n",
"15 A016 - influencer \n",
"16 A017 - coordinating body \n",
"17 A018 - government \n",
"18 A019 - military \n",
"19 A020 - policy maker \n",
"20 A021 - media organisation \n",
"21 A022 - company \n",
"22 A023 - adtech provider \n",
"23 A024 - developer \n",
"24 A025 - funding_site_admin \n",
"25 A026 - games designer \n",
"26 A027 - information security \n",
"27 A028 - platform administrator \n",
"28 A029 - server admininistrator \n",
"29 A030 - platforms \n",
"30 A031 - social media platform adminstrator \n",
"31 A032 - social media platform outreach \n",
"32 A033 - social media platform owner \n",
"\n",
" Jon's comments/questions \n",
"0 What actual actions do data scientists execute... \n",
"1 Both red and blue framework users will refer t... \n",
"2 Is A003 best summarised by the word \"Inluencer... \n",
"3 What does this actortype do? \n",
"4 What does this actortype do? \n",
"5 \n",
"6 \n",
"7 Is this an actortype? A sub-sector, yes. But w... \n",
"8 This is a sector, not an actortype \n",
"9 \"Faith communities\" are a sub-sector of the Ci... \n",
"10 This is a subsector of S004 - not an actortype... \n",
"11 \n",
"12 \n",
"13 ??? SJ, you have told me, but I've forgotten \n",
"14 Duplication of a field in the sector object. B... \n",
"15 \n",
"16 \"Response coordinator\"? Or just 'Coordinator\" \n",
"17 DHS (A017) is \"government\". Again, this is a f... \n",
"18 A019 is a sub-sector of \"government\". Again, t... \n",
"19 \n",
"20 Not an actortype. The actor is perhaps as the ... \n",
"21 \n",
"22 Should Adtech be a called-out subsector of S00... \n",
"23 \n",
"24 What is this? \n",
"25 Just \"Designer\"? Would the TTP context not mak... \n",
"26 \n",
"27 Just \"Administrator\"? \n",
"28 Just \"Administrator\"? (de-duplicating A028) \n",
"29 The same as S007? If there is an action here, ... \n",
"30 Not needed, given A028. The sector selection d... \n",
"31 What does this do? \n",
"32 "
]
},
"execution_count": 2,
"execution_count": 4,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"pd.set_option('display.max_rows', 1000)\n",
"disarm.df_actortypes"
]
},

8575
CODE/generate_DISARM_sql.ipynb
View File

File diff suppressed because it is too large Load Diff

147
CODE/generate_disarm_sql.py Normal file
View File

@ -0,0 +1,147 @@
''' Generate DISARM sql databases
# Author: SJ Terp, Twitter @bodaceacat
# License: GPL-3
'''
import pandas as pd
import sqlite3 as sql
import os
from sqlalchemy import create_engine
from generate_DISARM_pages import Disarm
def generate_disarm_sql(dbasetype='sqlite'):
''' Generate SQL
Expected database types include
'sqlite': used to export database to other apps
'postgresql_local': used in local instances of the DISARM explorer
'heroku': used in Heroku-based instances of the DISARM explorer, although current
practice at DISARM is to post a dump of the postgresql database to it instead.
'''
# Generate DISARM datasets
disarm = Disarm()
# Create connection to database
if dbasetype == 'sqlite':
# Generate minimal sqlite database from the variables
conn = sql.connect('../generated_files/DISARM_database.sqlite')
elif dbasetype == 'postgresql_local':
conn = create_engine('postgresql://sara:@localhost:5432/disarmsite')
# Add table to database
def add_table(dataframe, tablename, columns):
# Create sql-appropriate table from dataframe
colnames = ', '.join(['{} TEXT NOT NULL'.format(col) for col in columns])
newtable = dataframe[columns].copy().applymap(str)
newtable['id'] = range(1,len(newtable)+1)
# send to database
if dbasetype == 'sqlite':
conn.execute("DROP TABLE IF EXISTS {}".format(tablename))
conn.execute('''CREATE TABLE {} (id INTEGER PRIMARY KEY AUTOINCREMENT, {});'''.format(tablename, colnames))
newtable.to_sql(tablename, conn, index=False, if_exists='append')
conn.commit()
elif dbasetype == 'postgresql_local':
newtable.to_sql(tablename, conn, index=False, if_exists='replace')
return newtable
# Build a cross-table
def object_tactics_techniques(objectcol, objecttable, crosstable):
# objects to techniques
ctech = crosstable.copy()
ctech = ctech[(ctech['technique_id'] != '') & (~ctech['technique_id'].str.startswith('TA'))]
ctech.rename(columns={'disarm_id':objectcol}, inplace=True)
ctech['summary'] = 'N/A'
# objects to tactics
ctact = crosstable[crosstable['technique_id'].str.startswith('TA')].copy()
ctact.rename(columns={'disarm_id':objectcol, 'technique_id': 'tactic_id'}, inplace=True)
ctact['main_tactic'] = 'N'
ctactmain = objecttable[['disarm_id', 'tactic_id']].copy()
ctactmain.rename(columns={'disarm_id':objectcol}, inplace=True)
ctactmain['main_tactic'] = 'Y'
ctact = pd.concat([ctact, ctactmain], ignore_index=True, sort=False)
ctact['summary'] = 'N/A'
return(ctech, ctact)
#Load all the tables - Heroku needs them in correct order...
# -- frameworks --
#newtable = add_table(disarm.df_actortypes, 'actor_type', ['disarm_id', 'sector_id', 'framework_id', 'name', 'summary'])
newtable = add_table(disarm.df_counters, 'counter', ['disarm_id', 'tactic_id', 'metatechnique_id', 'name', 'summary'])
newtable = add_table(disarm.df_detections, 'detection', ['disarm_id', 'tactic_id', 'name', 'summary'])
newtable = add_table(disarm.df_frameworks, 'framework', ['disarm_id', 'name', 'summary'])
newtable = add_table(disarm.df_metatechniques, 'metatechnique', ['disarm_id', 'name', 'summary'])
newtable = add_table(disarm.df_phases, 'phase', ['disarm_id', 'name', 'rank', 'summary'])
newtable = add_table(disarm.df_playbooks, 'playbook', ['disarm_id', 'object_id', 'name', 'summary'])
newtable = add_table(disarm.df_resources, 'resource', ['disarm_id', 'name', 'summary', 'resource_type'])
newtable = add_table(disarm.df_responsetypes, 'responsetype', ['disarm_id', 'name', 'summary'])
#newtable = add_table(disarm.df_sector, 'sector', ['disarm_id', 'name', 'summary'])
newtable = add_table(disarm.df_tactics, 'tactic', ['disarm_id', 'phase_id', 'name', 'rank', 'summary'])
newtable = add_table(disarm.df_tasks, 'task', ['disarm_id', 'tactic_id', 'framework_id', 'name', 'summary'])
newtable = add_table(disarm.df_techniques, 'technique', ['disarm_id', 'tactic_id', 'name', 'summary'])
(ctech, ctact) = object_tactics_techniques('counter_id', disarm.df_counters, disarm.cross_counterid_techniqueid)
newtable = add_table(ctech, 'counter_technique', ['counter_id', 'technique_id', 'summary'])
newtable = add_table(ctact, 'counter_tactic', ['counter_id', 'tactic_id', 'main_tactic', 'summary'])
(dtech, dtact) = object_tactics_techniques('detection_id', disarm.df_detections, disarm.cross_detectionid_techniqueid)
newtable = add_table(dtech, 'detection_technique', ['detection_id', 'technique_id', 'summary'])
newtable = add_table(dtact, 'detection_tactic', ['detection_id', 'tactic_id', 'main_tactic', 'summary'])
# -- datasets --
newtable = add_table(disarm.df_examples, 'example', ['disarm_id', 'object_id', 'name', 'summary'])
# dataset
# reference - create this from other tables.
# Also need incidentcounter etc - create from data
newtable = add_table(disarm.df_externalgroups, 'externalgroup', ['disarm_id', 'name', 'url', 'summary',
'sector', 'primary_role', 'secondary_role',
'primary_subject', 'secondary_subject',
'volunteers', 'region', 'country',
'twitter_handle'])
newtable = add_table(disarm.df_incidents, 'incident', ['disarm_id', 'name', 'summary',
'year_started', 'attributions_seen',
'found_in_country', 'objecttype'])
newtable = add_table(disarm.df_tools, 'tool', ['disarm_id', 'name', 'summary',
'externalgroup', 'url', 'category',
'disinformation_use', 'cogseccollab_use',
'function', 'code_url', 'artifacts',
'automation', 'platform', 'accessibility'])
# incidenttechnique crosstable
it = vars(disarm)['it'][['disarm_id', 'name', 'summary', 'disarm_id_incident', 'disarm_id_technique']].copy()
it.rename(columns={'disarm_id_incident':'incident_id', 'disarm_id_technique': 'technique_id'}, inplace=True)
newtable = add_table(it, 'incident_technique', ['disarm_id', 'name', 'summary',
'incident_id', 'technique_id'])
# Load in users table, and close connection
if dbasetype == 'sqlite':
conn.execute("DROP TABLE IF EXISTS {}".format('users'))
conn.execute('''CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL UNIQUE, password TEXT NOT NULL);''')
conn.close()
else:
dfusers = pd.DataFrame([['test','testing']], columns=['username', 'password'])
usertable = add_table(dfusers, 'users', ['username', 'password'])
return
''' main, if we need it
'''
def main():
generate_disarm_sql()
if __name__ == "__main__":
main()

BIN
DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx
View File

Binary file not shown.

2
README.md
View File

@ -40,7 +40,7 @@ Using your own datasets: DISARM is open source. If you want to do your own thin
* The code to create all the HTML datasheets is in directory [CODE](CODE): you'll need generate_DISARM_pages.py and all the template files.
If you have your own version of this repository and update DISARM_FRAMEWORKS_MASTER.xlsx, typing "python generate_DISARM_pages.py" will update all the files above from it.
If you have your own version of this repository and update DISARM_FRAMEWORKS_MASTER.xlsx, typing "python generate_DISARM_pages.py" will update all the files above from it. If you want to update the DISARM github file, DISARM databases, and DISARM STIX bundle at the same time, run file generate_DISARM_pages.ipynb from Jupyter.
## Who's Responsible for DISARM

BIN
generated_files/.DS_Store vendored
View File

Binary file not shown.

14
generated_pages/disarm_red_framework.md
View File

@ -20,7 +20,7 @@
<tr>
<td><a href="techniques/T0001.md">T0001 5Ds (dismiss, distort, distract, dismay, divide)</a></td>
<td><a href="techniques/T0006.md">T0006 Develop Narrative Concepts</a></td>
<td> </td>
<td><a href="techniques/T0071.md">T0071 Find echo chambers</a></td>
<td><a href="techniques/T0007.md">T0007 Create fake Social Media Profiles / Pages / Groups</a></td>
<td><a href="techniques/T0010.md">T0010 Cultivate ignorant agents</a></td>
<td><a href="techniques/T0016.md">T0016 Clickbait</a></td>
@ -34,8 +34,8 @@
</tr>
<tr>
<td><a href="techniques/T0002.md">T0002 Facilitate State Propaganda</a></td>
<td> </td>
<td> </td>
<td><a href="techniques/T0066.md">T0066 Degrade adversary</a></td>
<td><a href="techniques/T0072.md">T0072 Segment audiences</a></td>
<td><a href="techniques/T0008.md">T0008 Create fake or imposter news sites</a></td>
<td><a href="techniques/T0011.md">T0011 Compromise legitimate account</a></td>
<td><a href="techniques/T0017.md">T0017 Conduct Fundraising Campaigns</a></td>
@ -49,7 +49,7 @@
</tr>
<tr>
<td><a href="techniques/T0003.md">T0003 Leverage Existing Narratives</a></td>
<td> </td>
<td><a href="techniques/T0067.md">T0067 Plan to discredit credible sources</a></td>
<td> </td>
<td><a href="techniques/T0009.md">T0009 Create fake experts</a></td>
<td><a href="techniques/T0012.md">T0012 Use concealment</a></td>
@ -64,7 +64,7 @@
</tr>
<tr>
<td><a href="techniques/T0004.md">T0004 Devise Competing Narratives</a></td>
<td> </td>
<td><a href="techniques/T0068.md">T0068 Respond to breaking news event</a></td>
<td> </td>
<td> </td>
<td><a href="techniques/T0013.md">T0013 Create fake websites</a></td>
@ -79,7 +79,7 @@
</tr>
<tr>
<td> </td>
<td> </td>
<td><a href="techniques/T0069.md">T0069 Respond to active crisis</a></td>
<td> </td>
<td> </td>
<td><a href="techniques/T0014.md">T0014 Prepare fundraising campaigns</a></td>
@ -94,7 +94,7 @@
</tr>
<tr>
<td> </td>
<td> </td>
<td><a href="techniques/T0070.md">T0070 Analyze existing communities</a></td>
<td> </td>
<td> </td>
<td><a href="techniques/T0015.md">T0015 Create hashtags</a></td>

5
generated_pages/tactics/TA02.md
View File

@ -25,6 +25,11 @@
| Techniques |
| ---------- |
| [T0006 Develop Narrative Concepts](../generated_pages/techniques/T0006.md) |
| [T0066 Degrade adversary](../generated_pages/techniques/T0066.md) |
| [T0067 Plan to discredit credible sources](../generated_pages/techniques/T0067.md) |
| [T0068 Respond to breaking news event](../generated_pages/techniques/T0068.md) |
| [T0069 Respond to active crisis](../generated_pages/techniques/T0069.md) |
| [T0070 Analyze existing communities](../generated_pages/techniques/T0070.md) |

2
generated_pages/tactics/TA13.md
View File

@ -13,6 +13,8 @@
| Techniques |
| ---------- |
| [T0071 Find echo chambers](../generated_pages/techniques/T0071.md) |
| [T0072 Segment audiences](../generated_pages/techniques/T0072.md) |

17
generated_pages/techniques/T0066.md Normal file
View File

@ -0,0 +1,17 @@
# Technique T0066: Degrade adversary
* **Summary**: Plan to degrade an adversarys image or ability to act. This could include preparation and use of harmful information about the adversarys actions or reputation.
* **Belongs to tactic stage**: TA02
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
| Counters | Response types |
| -------- | -------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW

17
generated_pages/techniques/T0067.md Normal file
View File

@ -0,0 +1,17 @@
# Technique T0067: Plan to discredit credible sources
* **Summary**: Plan to delegitimize the media landscape and degrade public trust in reporting, by discrediting credible sources. This makes it easier to promote influence operation content.
* **Belongs to tactic stage**: TA02
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
| Counters | Response types |
| -------- | -------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW

17
generated_pages/techniques/T0068.md Normal file
View File

@ -0,0 +1,17 @@
# Technique T0068: Respond to breaking news event
* **Summary**: Media attention on a story or event is heightened during a breaking news event, where unclear facts and incomplete information increase speculation, rumors, and conspiracy theories, which are all vulnerable to manipulation.
* **Belongs to tactic stage**: TA02
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
| Counters | Response types |
| -------- | -------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW

17
generated_pages/techniques/T0069.md Normal file
View File

@ -0,0 +1,17 @@
# Technique T0069: Respond to active crisis
* **Summary**: Panic, rumors, and speculation are heightened during active crises (violent events, natural disasters, public health phenomena, etc); these are all vulnerable to manipulation.
* **Belongs to tactic stage**: TA02
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
| Counters | Response types |
| -------- | -------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW

17
generated_pages/techniques/T0070.md Normal file
View File

@ -0,0 +1,17 @@
# Technique T0070: Analyze existing communities
* **Summary**: Assess influence operation potential of existing social media communities, where communities share interests, experiences, politics, or other characteristics that join online users together. Assessment includes the potential use of social group trauma that could be targeted to gain support, using emotional appeals to shared grievances in a set population.
* **Belongs to tactic stage**: TA02
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
| Counters | Response types |
| -------- | -------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW

17
generated_pages/techniques/T0071.md Normal file
View File

@ -0,0 +1,17 @@
# Technique T0071: Find echo chambers
* **Summary**: Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with.
* **Belongs to tactic stage**: TA13
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
| Counters | Response types |
| -------- | -------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW

17
generated_pages/techniques/T0072.md Normal file
View File

@ -0,0 +1,17 @@
# Technique T0072: Segment audiences
* **Summary**: Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.
* **Belongs to tactic stage**: TA13
| Incident | Descriptions given for this incident |
| -------- | -------------------- |
| Counters | Response types |
| -------- | -------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW

42
generated_pages/techniques_index.md
View File

@ -410,4 +410,46 @@ When messaging makes use of factual reporting to promote these adjustments in th
<td>Create or coopt broadcast capabilities (e.g. TV, radio etc). </td>
<td>TA04</td>
</tr>
<tr>
<td><a href="techniques/T0066.md">T0066</a></td>
<td>Degrade adversary</td>
<td>Plan to degrade an adversarys image or ability to act. This could include preparation and use of harmful information about the adversarys actions or reputation. </td>
<td>TA02</td>
</tr>
<tr>
<td><a href="techniques/T0067.md">T0067</a></td>
<td>Plan to discredit credible sources</td>
<td>Plan to delegitimize the media landscape and degrade public trust in reporting, by discrediting credible sources. This makes it easier to promote influence operation content.</td>
<td>TA02</td>
</tr>
<tr>
<td><a href="techniques/T0068.md">T0068</a></td>
<td>Respond to breaking news event</td>
<td>Media attention on a story or event is heightened during a breaking news event, where unclear facts and incomplete information increase speculation, rumors, and conspiracy theories, which are all vulnerable to manipulation. </td>
<td>TA02</td>
</tr>
<tr>
<td><a href="techniques/T0069.md">T0069</a></td>
<td>Respond to active crisis</td>
<td>Panic, rumors, and speculation are heightened during active crises (violent events, natural disasters, public health phenomena, etc); these are all vulnerable to manipulation.</td>
<td>TA02</td>
</tr>
<tr>
<td><a href="techniques/T0070.md">T0070</a></td>
<td>Analyze existing communities</td>
<td>Assess influence operation potential of existing social media communities, where communities share interests, experiences, politics, or other characteristics that join online users together. Assessment includes the potential use of social group trauma that could be targeted to gain support, using emotional appeals to shared grievances in a set population.</td>
<td>TA02</td>
</tr>
<tr>
<td><a href="techniques/T0071.md">T0071</a></td>
<td>Find echo chambers</td>
<td>Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with. </td>
<td>TA13</td>
</tr>
<tr>
<td><a href="techniques/T0072.md">T0072</a></td>
<td>Segment audiences</td>
<td>Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics. </td>
<td>TA13</td>
</tr>
</table>

290
visualisations/cross_counterid_techniqueid.csv
View File

@ -1,28 +1,59 @@
Source,Target,Weight
C00008,TA01,1
C00008,TA06,1
C00008,TA08,1
C00006,T0007,1
C00006,T0015,1
C00006,T0018,1
C00006,T0043,1
C00006,T0053,1
C00006,T0054,1
C00008,T0001,1
C00008,T0002,1
C00008,T0003,1
C00008,T0027,1
C00008,T0028,1
C00008,T0006,1
C00008,T0009,1
C00008,T0008,1
C00008,T0013,1
C00008,T0014,1
C00009,TA08,1
C00008,T0021,1
C00008,T0025,1
C00008,T0024,1
C00008,T0026,1
C00008,T0056,1
C00008,T0051,1
C00008,T0044,1
C00008,T0045,1
C00009,T0010,1
C00009,T0029,1
C00010,TA05,1
C00010,T00018,1
C00011,TA03,1
C00011,TA04,1
C00011,TA05,1
C00011,TA08,1
C00011,TA09,1
C00011,T0059,1
C00012,TA07,1
C00012,TA09,1
C00012,TA10,1
C00009,T0039,1
C00009,T0044,1
C00009,T0042,1
C00009,T0048,1
C00009,T0052,1
C00009,T0053,1
C00009,T0055,1
C00009,T0056,1
C00010,T0005,1
C00010,T0018,1
C00011,T0001,1
C00011,T0002,1
C00011,T0003,1
C00011,T0027,1
C00011,T0028,1
C00011,T0006,1
C00011,T0009,1
C00011,T0008,1
C00011,T0013,1
C00011,T0021,1
C00011,T0025,1
C00011,T0024,1
C00011,T0026,1
C00011,T0056,1
C00011,T0051,1
C00011,T0044,1
C00011,T0045,1
C00012,T0001,1
C00012,T0002,1
C00012,T0003,1
C00012,T0007,1
C00012,T0008,1
C00012,T0009,1
@ -43,6 +74,7 @@ C00012,T0046,1
C00012,T0047,1
C00012,T0048,1
C00012,T0049,1
C00012,T0050,1
C00012,T0051,1
C00012,T0052,1
C00012,T0053,1
@ -51,73 +83,162 @@ C00012,T0055,1
C00012,T0056,1
C00012,T0057,1
C00012,T0061,1
C00014,TA01,1
C00014,TA06,1
C00014,TA08,1
C00013,T0001,1
C00013,T0002,1
C00013,T0003,1
C00013,T0027,1
C00013,T0028,1
C00013,T0056,1
C00013,T0052,1
C00014,T0001,1
C00014,T0002,1
C00014,T0003,1
C00014,T0027,1
C00014,T0028,1
C00014,T0006,1
C00014,T0009,1
C00014,T0008,1
C00014,T0013,1
C00014,T0014,1
C00006,T0009,1
C00006,T0008,1
C00006,T0007,1
C00006,T0013,1
C00006,T0014,1
C00006,T0015,1
C00006,T0016,1
C00006,T0017,1
C00006,T0018,1
C00006,T0022,1
C00006,T0021,1
C00006,T0025,1
C00006,T0024,1
C00006,T0026,1
C00006,T0045,1
C00006,T0043,1
C00006,T0056,1
C00006,T0051,1
C00006,T0049,1
C00006,T0052,1
C00006,T0054,1
C00006,T0053,1
C00006,T0055,1
C00006,T0058,1
C00006,T0057,1
C00019,TA08,1
C00019,TA09,1
C00019,TA10,1
C00021,All,1
C00014,T0021,1
C00014,T0025,1
C00014,T0024,1
C00014,T0026,1
C00014,T0056,1
C00014,T0051,1
C00014,T0044,1
C00014,T0045,1
C00016,T0001,1
C00016,T0002,1
C00016,T0003,1
C00016,T0027,1
C00016,T0028,1
C00016,T0009,1
C00016,T0008,1
C00016,T0007,1
C00016,T0013,1
C00016,T0014,1
C00016,T0015,1
C00016,T0016,1
C00016,T0017,1
C00016,T0018,1
C00016,T0022,1
C00016,T0021,1
C00016,T0025,1
C00016,T0024,1
C00016,T0026,1
C00016,T0044,1
C00016,T0045,1
C00016,T0043,1
C00016,T0056,1
C00016,T0051,1
C00016,T0049,1
C00016,T0052,1
C00016,T0054,1
C00016,T0053,1
C00016,T0055,1
C00016,T0058,1
C00016,T0057,1
C00017,T0001,1
C00017,T0002,1
C00017,T0003,1
C00017,T0027,1
C00017,T0028,1
C00017,T0022,1
C00017,T0023,1
C00019,T0001,1
C00019,T0002,1
C00019,T0003,1
C00019,T0027,1
C00019,T0028,1
C00019,T0022,1
C00019,T0023,1
C00019,T0053,1
C00019,T0044,1
C00019,T0052,1
C00019,T0056,1
C00021,T0001,1
C00021,T0002,1
C00021,T0003,1
C00021,T0006,1
C00021,T0027,1
C00021,T0028,1
C00021,T0022,1
C00021,T0023,1
C00021,T0053,1
C00021,T0044,1
C00022,T0001,1
C00022,T0002,1
C00024,TA01,1
C00022,T0003,1
C00022,T0006,1
C00022,T0027,1
C00022,T0028,1
C00022,T0022,1
C00022,T0023,1
C00022,T0053,1
C00022,T0044,1
C00024,T0001,1
C00024,T0002,1
C00024,T0003,1
C00024,T0006,1
C00024,T0027,1
C00024,T0028,1
C00024,T0022,1
C00024,T0023,1
C00024,T0053,1
C00024,T0044,1
C00026,T0001,1
C00026,T0002,1
C00027,TA01,1
C00027,TA08,1
C00027,T0001,1
C00027,T0002,1
C00027,T0003,1
C00027,T0006,1
C00027,T0022,1
C00027,T0023,1
C00027,T0027,1
C00027,T0047,1
C00027,T0028,1
C00027,T0022,1
C00027,T0021,1
C00027,T0023,1
C00027,T0048,1
C00027,T0053,1
C00027,T0044,1
C00027,T0039,1
C00028,TA07,1
C00028,TA08,1
C00028,TA09,1
C00028,TA10,1
C00029,T0002,1
C00029,T0003,1
C00029,T0006,1
C00029,T0027,1
C00029,T0028,1
C00029,T0022,1
C00030,T0002,1
C00030,T0003,1
C00030,T0006,1
C00030,T0027,1
C00030,T0028,1
C00030,T0022,1
C00031,T0002,1
C00031,T0003,1
C00031,T0006,1
C00031,T0027,1
C00031,T0028,1
C00032,T0055,1
C00034,T0009,1
C00034,T0007,1
C00034,T0012,1
C00034,T0030,1
C00036,T0005,1
C00036,T0007,1
C00036,T0017,1
C00036,T0025,1
C00036,T0010,1
C00036,T0012,1
C00036,T0030,1
C00036,T0045,1
C00036,T0056,1
C00036,T0057,1
C00040,T0007,1
C00040,T0009,1
C00040,T0012,1
C00042,T0004,1
C00042,T0019,1
C00042,T0022,1
@ -127,23 +248,67 @@ C00042,T0042,1
C00042,T0044,1
C00042,T0056,1
C00042,T0059,1
C00044,TA07,1
C00044,T0029,1
C00044,T0049,1
C00044,T0054,1
C00048,TA08,1
C00044,T0053,1
C00044,T0055,1
C00044,T0056,1
C00044,T0051,1
C00044,T0050,1
C00046,T0010,1
C00046,T0044,1
C00046,T0021,1
C00046,T0022,1
C00046,T0023,1
C00046,T0027,1
C00046,T0039,1
C00046,T0045,1
C00046,T0048,1
C00046,T0051,1
C00046,T0052,1
C00046,T0053,1
C00046,T0054,1
C00046,T0056,1
C00046,T0057,1
C00046,T0060,1
C00046,T0061,1
C00047,T0063,1
C00047,T0062,1
C00048,T0010,1
C00048,T0045,1
C00048,T0048,1
C00048,T0051,1
C00048,T0052,1
C00048,T0053,1
C00048,T0054,1
C00048,T0056,1
C00048,T0057,1
C00048,T0060,1
C00048,T0061,1
C00051,T0010,1
C00051,T0012,1
C00052,T0012,1
C00052,T0030,1
C00053,T0011,1
C00053,TA06,1
C00053,T0008,1
C00053,T0030,1
C00058,T0017,1
C00058,T0061,1
C00059,T0014,1
C00060,TA07,1
C00060,T0047,1
C00062,All,1
C00062,TA01,1
C00062,TA02,1
C00062,TA03,1
C00062,TA04,1
C00062,TA05,1
C00062,TA06,1
C00062,TA07,1
C00062,TA08,1
C00062,TA09,1
C00062,TA10,1
C00062,TA11,1
C00062,TA12,1
C00065,T0018,1
C00066,T0015,1
C00066,T0055,1
@ -158,6 +323,7 @@ C00070,T0052,1
C00070,T0055,1
C00070,T0057,1
C00070,T0056,1
C00070,T0058,1
C00071,T0019,1
C00071,T0056,1
C00072,T0019,1
@ -166,8 +332,6 @@ C00072,T0044,1
C00072,T0021,1
C00072,T0022,1
C00072,T0023,1
C00072,T0026,1
C00072,T0025,1
C00072,T0027,1
C00072,T0039,1
C00072,T0055,1

1 Source Target Weight
2 C00008 C00006 TA01 T0007 1
3 C00008 C00006 TA06 T0015 1
4 C00008 C00006 TA08 T0018 1
5 C00006 T0043 1
6 C00006 T0053 1
7 C00006 T0054 1
8 C00008 T0001 1
9 C00008 T0002 1
10 C00008 T0003 1
11 C00008 T0027 1
12 C00008 T0028 1
13 C00008 T0006 1
14 C00008 T0009 1
15 C00008 T0008 1
16 C00008 T0013 1
17 C00008 T0014 1
18 C00009 C00008 TA08 T0021 1
19 C00008 T0025 1
20 C00008 T0024 1
21 C00008 T0026 1
22 C00008 T0056 1
23 C00008 T0051 1
24 C00008 T0044 1
25 C00008 T0045 1
26 C00009 T0010 1
27 C00009 T0029 T0039 1
28 C00010 C00009 TA05 T0044 1
29 C00010 C00009 T00018 T0042 1
30 C00011 C00009 TA03 T0048 1
31 C00011 C00009 TA04 T0052 1
32 C00011 C00009 TA05 T0053 1
33 C00011 C00009 TA08 T0055 1
34 C00011 C00009 TA09 T0056 1
35 C00011 C00010 T0059 T0005 1
36 C00012 C00010 TA07 T0018 1
37 C00012 C00011 TA09 T0001 1
38 C00012 C00011 TA10 T0002 1
39 C00011 T0003 1
40 C00011 T0027 1
41 C00011 T0028 1
42 C00011 T0006 1
43 C00011 T0009 1
44 C00011 T0008 1
45 C00011 T0013 1
46 C00011 T0021 1
47 C00011 T0025 1
48 C00011 T0024 1
49 C00011 T0026 1
50 C00011 T0056 1
51 C00011 T0051 1
52 C00011 T0044 1
53 C00011 T0045 1
54 C00012 T0001 1
55 C00012 T0002 1
56 C00012 T0003 1
57 C00012 T0007 1
58 C00012 T0008 1
59 C00012 T0009 1
74 C00012 T0047 1
75 C00012 T0048 1
76 C00012 T0049 1
77 C00012 T0050 1
78 C00012 T0051 1
79 C00012 T0052 1
80 C00012 T0053 1
83 C00012 T0056 1
84 C00012 T0057 1
85 C00012 T0061 1
86 C00014 C00013 TA01 T0001 1
87 C00014 C00013 TA06 T0002 1
88 C00014 C00013 TA08 T0003 1
89 C00013 T0027 1
90 C00013 T0028 1
91 C00013 T0056 1
92 C00013 T0052 1
93 C00014 T0001 1
94 C00014 T0002 1
95 C00014 T0003 1
96 C00014 T0027 1
97 C00014 T0028 1
98 C00014 T0006 1
99 C00014 T0009 1
100 C00014 T0008 1
101 C00014 T0013 1
102 C00014 T0014 1
103 C00006 C00014 T0009 T0021 1
104 C00006 C00014 T0008 T0025 1
105 C00006 C00014 T0007 T0024 1
106 C00006 C00014 T0013 T0026 1
107 C00006 C00014 T0014 T0056 1
108 C00006 C00014 T0015 T0051 1
109 C00006 C00014 T0016 T0044 1
110 C00006 C00014 T0017 T0045 1
111 C00006 C00016 T0018 T0001 1
112 C00006 C00016 T0022 T0002 1
113 C00006 C00016 T0021 T0003 1
114 C00006 C00016 T0025 T0027 1
115 C00006 C00016 T0024 T0028 1
116 C00006 C00016 T0026 T0009 1
117 C00006 C00016 T0045 T0008 1
118 C00006 C00016 T0043 T0007 1
119 C00006 C00016 T0056 T0013 1
120 C00006 C00016 T0051 T0014 1
121 C00006 C00016 T0049 T0015 1
122 C00006 C00016 T0052 T0016 1
123 C00006 C00016 T0054 T0017 1
124 C00006 C00016 T0053 T0018 1
125 C00006 C00016 T0055 T0022 1
126 C00006 C00016 T0058 T0021 1
127 C00006 C00016 T0057 T0025 1
128 C00019 C00016 TA08 T0024 1
129 C00019 C00016 TA09 T0026 1
130 C00019 C00016 TA10 T0044 1
131 C00021 C00016 All T0045 1
132 C00016 T0043 1
133 C00016 T0056 1
134 C00016 T0051 1
135 C00016 T0049 1
136 C00016 T0052 1
137 C00016 T0054 1
138 C00016 T0053 1
139 C00016 T0055 1
140 C00016 T0058 1
141 C00016 T0057 1
142 C00017 T0001 1
143 C00017 T0002 1
144 C00017 T0003 1
145 C00017 T0027 1
146 C00017 T0028 1
147 C00017 T0022 1
148 C00017 T0023 1
149 C00019 T0001 1
150 C00019 T0002 1
151 C00019 T0003 1
152 C00019 T0027 1
153 C00019 T0028 1
154 C00019 T0022 1
155 C00019 T0023 1
156 C00019 T0053 1
157 C00019 T0044 1
158 C00019 T0052 1
159 C00019 T0056 1
160 C00021 T0001 1
161 C00021 T0002 1
162 C00021 T0003 1
163 C00021 T0006 1
164 C00021 T0027 1
165 C00021 T0028 1
166 C00021 T0022 1
167 C00021 T0023 1
168 C00021 T0053 1
169 C00021 T0044 1
170 C00022 T0001 1
171 C00022 T0002 1
172 C00024 C00022 TA01 T0003 1
173 C00022 T0006 1
174 C00022 T0027 1
175 C00022 T0028 1
176 C00022 T0022 1
177 C00022 T0023 1
178 C00022 T0053 1
179 C00022 T0044 1
180 C00024 T0001 1
181 C00024 T0002 1
182 C00024 T0003 1
183 C00024 T0006 1
184 C00024 T0027 1
185 C00024 T0028 1
186 C00024 T0022 1
187 C00024 T0023 1
188 C00024 T0053 1
189 C00024 T0044 1
190 C00026 T0001 1
191 C00026 T0002 1
192 C00027 TA01 T0001 1
193 C00027 TA08 T0002 1
194 C00027 T0003 1
195 C00027 T0006 1
C00027 T0022 1
C00027 T0023 1
196 C00027 T0027 1
197 C00027 T0047 T0028 1
198 C00027 T0022 1
199 C00027 T0021 1
200 C00027 T0023 1
201 C00027 T0048 1
202 C00027 T0053 1
203 C00027 T0044 1
204 C00027 T0039 1
205 C00028 TA07 1
206 C00028 TA08 1
207 C00028 TA09 1
208 C00028 TA10 1
209 C00029 T0002 1
210 C00029 T0003 1
211 C00029 T0006 1
212 C00029 T0027 1
213 C00029 T0028 1
214 C00029 T0022 1
215 C00030 T0002 1
216 C00030 T0003 1
217 C00030 T0006 1
218 C00030 T0027 1
219 C00030 T0028 1
220 C00030 T0022 1
221 C00031 T0002 1
222 C00031 T0003 1
223 C00031 T0006 1
224 C00031 T0027 1
225 C00031 T0028 1
226 C00032 T0055 1
227 C00034 T0009 1
228 C00034 T0007 1
229 C00034 T0012 1
230 C00034 T0030 1
231 C00036 T0005 1
232 C00036 T0007 1
233 C00036 T0017 T0010 1
234 C00036 T0025 T0012 1
235 C00036 T0030 1
236 C00036 T0045 1
237 C00036 T0056 1
238 C00036 T0057 1
239 C00040 T0007 1
240 C00040 T0009 1
241 C00040 T0012 1
242 C00042 T0004 1
243 C00042 T0019 1
244 C00042 T0022 1
248 C00042 T0044 1
249 C00042 T0056 1
250 C00042 T0059 1
251 C00044 TA07 T0029 1
252 C00044 T0049 1
253 C00044 T0054 1
254 C00048 C00044 TA08 T0053 1
255 C00044 T0055 1
256 C00044 T0056 1
257 C00044 T0051 1
258 C00044 T0050 1
259 C00046 T0010 1
260 C00046 T0044 1
261 C00046 T0021 1
262 C00046 T0022 1
263 C00046 T0023 1
264 C00046 T0027 1
265 C00046 T0039 1
266 C00046 T0045 1
267 C00046 T0048 1
268 C00046 T0051 1
269 C00046 T0052 1
270 C00046 T0053 1
271 C00046 T0054 1
272 C00046 T0056 1
273 C00046 T0057 1
274 C00046 T0060 1
275 C00046 T0061 1
276 C00047 T0063 1
277 C00047 T0062 1
278 C00048 T0010 1
279 C00048 T0045 1
280 C00048 T0048 1
281 C00048 T0051 1
282 C00048 T0052 1
283 C00048 T0053 1
284 C00048 T0054 1
285 C00048 T0056 1
286 C00048 T0057 1
287 C00048 T0060 1
288 C00048 T0061 1
289 C00051 T0010 1
290 C00051 T0012 1
291 C00052 T0012 1
292 C00052 T0030 1
293 C00053 T0011 1
294 C00053 TA06 T0030 1
C00053 T0008 1
295 C00058 T0017 1
296 C00058 T0061 1
297 C00059 T0014 1
298 C00060 TA07 1
299 C00060 T0047 1
300 C00062 All TA01 1
301 C00062 TA02 1
302 C00062 TA03 1
303 C00062 TA04 1
304 C00062 TA05 1
305 C00062 TA06 1
306 C00062 TA07 1
307 C00062 TA08 1
308 C00062 TA09 1
309 C00062 TA10 1
310 C00062 TA11 1
311 C00062 TA12 1
312 C00065 T0018 1
313 C00066 T0015 1
314 C00066 T0055 1
323 C00070 T0055 1
324 C00070 T0057 1
325 C00070 T0056 1
326 C00070 T0058 1
327 C00071 T0019 1
328 C00071 T0056 1
329 C00072 T0019 1
332 C00072 T0021 1
333 C00072 T0022 1
334 C00072 T0023 1
C00072 T0026 1
C00072 T0025 1
335 C00072 T0027 1
336 C00072 T0039 1
337 C00072 T0055 1