Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2024-12-18 04:14:22 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update STIX bundle for V1.6

Browse Source
This commit is contained in:
Stephen Campbell 2024-11-22 13:37:54 -05:00
parent 084362afe5
commit c724a3f2b0
699 changed files with 19042 additions and 3475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8478
generated_files/DISARM_STIX/DISARM.json
View File

File diff suppressed because it is too large Load Diff

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--00501139-ada6-4057-8cad-bc701fa43c77.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--be6f74b0-365c-495b-8b35-cc627c4d1dc1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--00501139-ada6-4057-8cad-bc701fa43c77",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.246217Z",
"modified": "2024-11-22T16:43:58.246217Z",
"name": "Comments Section",
"description": "Many platforms enable community interaction via Comments Sections on posted content. Comments Sections allow platform users to comment on content posted by other users. <br><br>On some platforms Comments Sections are the only place available for community interaction, such as news websites which provide a Comments Section to discuss articles posted to the website.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0151.014.md",
"external_id": "T0151.014"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--00d01b15-3ee1-4257-b067-ba4768a4b572.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--4d857bc0-534c-44cf-bc53-5b8afcfa7636",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--00d01b15-3ee1-4257-b067-ba4768a4b572",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.215467Z",
"modified": "2024-11-22T16:43:58.215467Z",
"name": "Generate Ad Revenue",
"description": "Earn income from digital advertisements published alongside inauthentic content. Conspiratorial, false, or provocative content drives internet traffic. Content owners earn money from impressions of, or clicks on, or conversions of ads published on their websites, social media profiles, or streaming services, or ads published when their content appears in search engine results. Fraudsters simulate impressions, clicks, and conversions, or they spin up inauthentic sites or social media profiles just to generate ad revenue. Conspiracy theorists and political operators generate ad revenue as a byproduct of their operation or as a means of sustaining their campaign. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.001.md",
"external_id": "T0137.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0102376a-e896-4191-b3fb-e58188301822.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--9e5d8720-341f-4d99-8e5d-fa7f245ef873", "id": "bundle--d4bb819a-0a95-4aae-b511-7a86b8987c26",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--0102376a-e896-4191-b3fb-e58188301822", "id": "attack-pattern--0102376a-e896-4191-b3fb-e58188301822",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.351843Z", "created": "2024-11-22T16:43:58.092108Z",
"modified": "2024-08-02T17:12:32.351843Z", "modified": "2024-11-22T16:43:58.092108Z",
"name": "Organise Events", "name": "Organise Events",
"description": "Coordinate and promote real-world events across media platforms, e.g. rallies, protests, gatherings in support of incident narratives.", "description": "Coordinate and promote real-world events across media platforms, e.g. rallies, protests, gatherings in support of incident narratives.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--40da46c0-9a28-494e-b8a8-e22b09910e17", "id": "bundle--124d4cdb-eb54-483a-a8de-e4e7acde0d30",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d", "id": "attack-pattern--026571cc-66db-42fb-9de3-790e1e7f243d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.406119Z", "created": "2024-11-22T16:43:58.150425Z",
"modified": "2024-08-02T17:12:32.406119Z", "modified": "2024-11-22T16:43:58.150425Z",
"name": "Deliver Ads", "name": "Deliver Ads",
"description": "Delivering content via any form of paid media or advertising.", "description": "Delivering content via any form of paid media or advertising.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--35be0875-c21a-44f2-be60-c3c4ee5cb39f", "id": "bundle--563b6507-def6-4292-8723-f7645d45f098",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe", "id": "attack-pattern--03225a5c-f388-4453-a53c-f10be49bbcfe",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.409015Z", "created": "2024-11-22T16:43:58.161705Z",
"modified": "2024-08-02T17:12:32.409015Z", "modified": "2024-11-22T16:43:58.161705Z",
"name": "Post across Platform", "name": "Post across Platform",
"description": "An influence operation may post content across platforms to spread narratives and content to new communities within the target audiences or to new target audiences. Posting across platforms can also remove opposition and context, helping the narrative spread with less opposition on the cross-posted platform.", "description": "An influence operation may post content across platforms to spread narratives and content to new communities within the target audiences or to new target audiences. Posting across platforms can also remove opposition and context, helping the narrative spread with less opposition on the cross-posted platform.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--63e73074-11b1-45ee-ab42-127e90ba2d27", "id": "bundle--b7c0c4fa-1969-47bb-8df8-16c449bf90f4",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733", "id": "attack-pattern--032f24c1-bc1d-457a-8f43-6c5fc416f733",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.34226Z", "created": "2024-11-22T16:43:58.087209Z",
"modified": "2024-08-02T17:12:32.34226Z", "modified": "2024-11-22T16:43:58.087209Z",
"name": "Reframe Context", "name": "Reframe Context",
"description": "Reframing context refers to removing an event from its surrounding context to distort its intended meaning. Rather than deny that an event occurred, reframing context frames an event in a manner that may lead the target audience to draw a different conclusion about its intentions.", "description": "Reframing context refers to removing an event from its surrounding context to distort its intended meaning. Rather than deny that an event occurred, reframing context frames an event in a manner that may lead the target audience to draw a different conclusion about its intentions.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--3c0daaa1-a910-4eed-9f58-91a47656c595", "id": "bundle--8876b1b7-cd03-416a-8bf1-cae91492b4f4",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5", "id": "attack-pattern--03692306-7b8e-4b5a-991f-23c91eeed4c5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.355426Z", "created": "2024-11-22T16:43:58.094146Z",
"modified": "2024-08-02T17:12:32.355426Z", "modified": "2024-11-22T16:43:58.094146Z",
"name": "Segment Audiences", "name": "Segment Audiences",
"description": "Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.", "description": "Create audience segmentations by features of interest to the influence campaign, including political affiliation, geographic location, income, demographics, and psychographics.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--07eaa3d2-3a8d-435f-b5a2-6f21b442a7f0.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--e5bcfdf9-515e-484f-b4c3-01ce9f925173",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--07eaa3d2-3a8d-435f-b5a2-6f21b442a7f0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.136668Z",
"modified": "2024-11-22T16:43:58.136668Z",
"name": "Party Official Persona",
"description": "A person who presents as an official member of a political party, such as leaders of political parties, candidates standing to represent constituents, and campaign staff.<br><br>Presenting as an official of a political party is not an indication of inauthentic behaviour, however threat actors may fabricate individuals who work in political parties to add credibility to their narratives (T0143.002: Fabricated Persona, T0097.110: Party Official Persona). They may also impersonate existing officials of political parties (T0143.003: Impersonated Persona, T0097.110: Party Official Persona).<br><br>Legitimate members of political parties could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.110: Party Official Persona). For example, an electoral candidate could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.<br><br><b>Associated Techniques and Sub-techniques</b><br><b>T0097.111: Government Official Persona:</b> Analysts should use this sub-technique to catalogue cases where an individual is presenting as a member of a government.\u00a0<br><br>Some party officials will also be government officials. For example, in the United Kingdom the head of government is commonly also the head of their political party.<br><br>Some party officials won\u2019t be government officials. For example, members of a party standing in an election, or party officials who work outside of government (e.g. campaign staff).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.110.md",
"external_id": "T0097.110"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--f3eee90c-eaba-4fe4-bc69-1e48f329772e", "id": "bundle--14f16f2b-2f66-4cfb-96bd-6083060af6c6",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051", "id": "attack-pattern--08db3527-8fc9-4bf6-bb49-e5a5249cc051",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.415084Z", "created": "2024-11-22T16:43:58.196783Z",
"modified": "2024-08-02T17:12:32.415084Z", "modified": "2024-11-22T16:43:58.196783Z",
"name": "Conceal Operational Activity", "name": "Conceal Operational Activity",
"description": "Conceal the campaign's operational activity to avoid takedown and attribution.", "description": "Conceal the campaign's operational activity to avoid takedown and attribution.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--9ff46e68-6a01-4053-92e6-0abd694f8d69", "id": "bundle--e1565762-ed91-4993-8875-77174d7fcd3f",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69", "id": "attack-pattern--091a6351-aca8-4cc8-9062-cae98f600e69",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.350844Z", "created": "2024-11-22T16:43:58.091363Z",
"modified": "2024-08-02T17:12:32.350844Z", "modified": "2024-11-22T16:43:58.091363Z",
"name": "Conduct Keyword Squatting", "name": "Conduct Keyword Squatting",
"description": "Keyword squatting refers to the creation of online content, such as websites, articles, or social media accounts, around a specific search engine-optimized term to overwhelm the search results of that term. An influence may keyword squat to increase content exposure to target audience members who query the exploited term in a search engine and manipulate the narrative around the term.", "description": "Keyword squatting refers to the creation of online content, such as websites, articles, or social media accounts, around a specific search engine-optimized term to overwhelm the search results of that term. An influence may keyword squat to increase content exposure to target audience members who query the exploited term in a search engine and manipulate the narrative around the term.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--3940f8c5-8b74-480b-97a9-9246f9a439d4", "id": "bundle--f29a24de-fc0b-4794-b0e7-cda2a65967e3",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7", "id": "attack-pattern--091f481d-b32b-4e5c-9626-b14a6ef02df7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.382258Z", "created": "2024-11-22T16:43:58.12822Z",
"modified": "2024-08-02T17:12:32.382258Z", "modified": "2024-11-22T16:43:58.12822Z",
"name": "Leverage Content Farms", "name": "Leverage Content Farms",
"description": "Using the services of large-scale content providers for creating and amplifying campaign artefacts at scale.", "description": "Using the services of large-scale content providers for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a330333-bb63-4a81-ae28-b2dd1c51a8c6.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--b4c50bfd-d02f-4144-b07e-a521685b5cba",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0a330333-bb63-4a81-ae28-b2dd1c51a8c6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.217316Z",
"modified": "2024-11-22T16:43:58.217316Z",
"name": "Provoke",
"description": "Instigate, incite, or arouse a target to act. Social media manipulators exploit moral outrage to propel targets to spread hate, take to the streets to protest, or engage in acts of violence. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0138.002.md",
"external_id": "T0138.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--2af4cfde-2a63-497e-bdb2-a5abdb6e7bbb", "id": "bundle--5eb0e5c1-7ce2-476d-b9c4-04285eaee896",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b", "id": "attack-pattern--0a77a75a-09e7-44bf-927c-5e66a138862b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.412914Z", "created": "2024-11-22T16:43:58.181415Z",
"modified": "2024-08-02T17:12:32.412914Z", "modified": "2024-11-22T16:43:58.181415Z",
"name": "Encourage Attendance at Events", "name": "Encourage Attendance at Events",
"description": "Operation encourages attendance at existing real world event.", "description": "Operation encourages attendance at existing real world event.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a889b39-59db-4d70-b811-c1bff9689909.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--97b4c298-1758-44c6-a90f-46cea050824f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0a889b39-59db-4d70-b811-c1bff9689909",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.233656Z",
"modified": "2024-11-22T16:43:58.233656Z",
"name": "Lookalike Domain",
"description": "A Lookalike Domain is a Domain which is visually similar to another Domain, with the potential for web users to mistake one domain for the other.<br><br>Threat actors who want to impersonate organisations\u2019 websites have been observed using a variety of domain impersonation methods. For example, actors wanting to create a domain impersonating netflix.com may use methods such as typosquatting (e.g. n3tflix.com), combosquatting (e.g. netflix-billing.com), or TLD swapping (e.g. netflix.top).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0149.003.md",
"external_id": "T0149.003"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--af67a6d7-fd4e-496d-aaad-7c9eb0bb0f2a", "id": "bundle--ade6d034-bc2f-4421-9617-47622cff8bd4",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc", "id": "attack-pattern--0c765d19-99b2-4703-af48-e20a677c4bfc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.347894Z", "created": "2024-11-22T16:43:58.090125Z",
"modified": "2024-08-02T17:12:32.347894Z", "modified": "2024-11-22T16:43:58.090125Z",
"name": "Flood Information Space", "name": "Flood Information Space",
"description": "Flooding sources of information (e.g. Social Media feeds) with a high volume of inauthentic content.<br /> <br />This can be done to control/shape online conversations, drown out opposing points of view, or make it harder to find legitimate information.<br /> <br />Bots and/or patriotic trolls are effective tools to achieve this effect.<br /> <br />This Technique previously used the name Flooding the Information Space.", "description": "Flooding sources of information (e.g. Social Media feeds) with a high volume of inauthentic content.<br /> <br />This can be done to control/shape online conversations, drown out opposing points of view, or make it harder to find legitimate information.<br /> <br />Bots and/or patriotic trolls are effective tools to achieve this effect.<br /> <br />This Technique previously used the name Flooding the Information Space.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0cc5110d-f7a1-49f7-8667-ae454698f11d.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--06ce5570-05ea-47be-81ec-4da4217edfdf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0cc5110d-f7a1-49f7-8667-ae454698f11d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.132663Z",
"modified": "2024-11-22T16:43:58.132663Z",
"name": "Journalist Persona",
"description": "A person with a journalist persona presents themselves as a reporter or journalist delivering news, conducting interviews, investigations etc.<br><br>While presenting as a journalist is not an indication of inauthentic behaviour, an influence operation may have its narratives amplified by people presenting as journalists. Threat actors can fabricate journalists to give the appearance of legitimacy, justifying the actor\u2019s requests for interviews, etc (T0143.002: Fabricated Persona, T0097.102: Journalist Persona).<br><br>People who have legitimately developed a persona as a journalist (T0143.001: Authentic Persona, T0097.102: Journalist Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a trusted journalist to provide legitimacy to a false narrative or be tricked into doing so without the journalist\u2019s knowledge.<br><br><b>Associated Techniques and Sub-techniques</b><br><b>T0097.202: News Organisation Persona:</b> People with a journalist persona may present as being part of a news organisation.<br><b>T0097.101: Local Persona:</b> People with a journalist persona may present themselves as local reporters.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.102.md",
"external_id": "T0097.102"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--6bc8d3c5-c0a8-49e4-9941-75104d2435a9", "id": "bundle--8dda229d-2a02-475e-85de-50a5e5c24a21",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944", "id": "attack-pattern--0d094dfb-61f9-42d3-a9cf-697fdcbee944",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.408822Z", "created": "2024-11-22T16:43:58.161064Z",
"modified": "2024-08-02T17:12:32.408822Z", "modified": "2024-11-22T16:43:58.161064Z",
"name": "Post across Groups", "name": "Post across Groups",
"description": "An influence operation may post content across groups to spread narratives and content to new communities within the target audiences or to new target audiences.", "description": "An influence operation may post content across groups to spread narratives and content to new communities within the target audiences or to new target audiences.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d1f6cf2-3652-454d-ba79-e6b592da2f30.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--9f4bf28b-b2a9-4a94-89a6-e1c687555e99",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d1f6cf2-3652-454d-ba79-e6b592da2f30",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.229495Z",
"modified": "2024-11-22T16:43:58.229495Z",
"name": "Subscription Processing Capability",
"description": "A Subscription Processing Capability is a feature of online platforms or software which enables the processing of recurring payments. <br><br>Subscription Processing Capabilities are typically used to enable recurring payments in exchange for continued access to products or services.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0148.005.md",
"external_id": "T0148.005"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d4d5ade-e487-4f29-8d33-5f19a9b216b6.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--f2323188-b5e7-44e1-a81e-f72d77a0eefe",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d4d5ade-e487-4f29-8d33-5f19a9b216b6",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.084149Z",
"modified": "2024-11-22T16:43:58.084149Z",
"name": "Use Existing Hashtag",
"description": "Use a dedicated, existing hashtag for the campaign/incident. This Technique covers behaviours previously documented by T0104.005: Use Hashtags, which has since been deprecated. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0015.001.md",
"external_id": "T0015.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d7dbd93-43a7-4e6a-8705-5ff4c8b0b14f.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--016057ef-fcdd-46c0-b988-5697b7cc696a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d7dbd93-43a7-4e6a-8705-5ff4c8b0b14f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.134663Z",
"modified": "2024-11-22T16:43:58.134663Z",
"name": "Military Personnel Persona",
"description": "A person with a military personnel persona presents themselves as a serving member or veteran of a military organisation operating in an official capacity on behalf of a government.<br><br>While presenting as military personnel is not an indication of inauthentic behaviour,\u00a0 an influence operation may have its narratives amplified by people presenting as military personnel. Threat actors can fabricate military personnel (T0143.002: Fabricated Persona, T0097.105: Military Personnel Persona) to pose as experts on military topics, or to discredit geopolitical adversaries by pretending to be one of their military personnel and spreading discontent.<br><br>People who have legitimately developed a military persona (T0143.001: Authentic Persona, T0097.105: Military Personnel Persona) can use it for malicious purposes, or be exploited by threat actors. For example, someone could take money for using their position as a member of the military to provide legitimacy to a false narrative or be tricked into doing so without their knowledge.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.105.md",
"external_id": "T0097.105"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--49eee4c9-4f69-4fb3-8c3b-8e45da598a06", "id": "bundle--ed1d2577-817e-471d-b944-e191129813e5",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39", "id": "attack-pattern--0d8138a8-8690-491d-97b5-a330af054b39",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.344715Z", "created": "2024-11-22T16:43:58.088536Z",
"modified": "2024-08-02T17:12:32.344715Z", "modified": "2024-11-22T16:43:58.088536Z",
"name": "Use Fake Experts", "name": "Use Fake Experts",
"description": "Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give \"credility\" to misinformation. Take advantage of credential bias", "description": "Use the fake experts that were set up during Establish Legitimacy. Pseudo-experts are disposable assets that often appear once and then disappear. Give \"credility\" to misinformation. Take advantage of credential bias",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ef2a183-492d-4993-a6f7-b1f4ca8c685e.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--09bed2e6-2a7c-4e58-85b9-36d143426a9f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0ef2a183-492d-4993-a6f7-b1f4ca8c685e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.248055Z",
"modified": "2024-11-22T16:43:58.248055Z",
"name": "Blog Asset",
"description": "Blogs are a collation of posts centred on a particular topic, author, or collection of authors.<br><br>Some platforms are designed to support users in hosting content online, such as Blogging Platforms like Substack which allow users to create Blogs, but other online platforms can also be used to produce a Blog; a Paid Account on X (prev Twitter) is able to post long-form text content to their timeline in a style of a blog.<br><br>Actors may create Accounts on Blogging Platforms to create a Blog, or make their own Blog on a Website.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0152.002.md",
"external_id": "T0152.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0f040af8-7434-4fb8-be96-30a3123c8644.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--01e5cb1d-7a12-4479-86eb-7f1ca19682f7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0f040af8-7434-4fb8-be96-30a3123c8644",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.248558Z",
"modified": "2024-11-22T16:43:58.248558Z",
"name": "Website Asset",
"description": "A Website is a collection of related web pages hosted on a server and accessible via a web browser. Websites have an associated Domain and can host various types of content, such as text, images, videos, and interactive features. <br><br>When a Website is fleshed out, it Presents a Persona to site visitors. For example, the Domain \u201cbbc.co.uk/news\u201d hosts a Website which uses the News Outlet Persona.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0152.004.md",
"external_id": "T0152.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--10ddf4f5-8e28-4ae6-80d5-7359f63133de.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--a41dc120-6a64-4f09-a349-c398b6cd8638",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--10ddf4f5-8e28-4ae6-80d5-7359f63133de",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.224368Z",
"modified": "2024-11-22T16:43:58.224368Z",
"name": "Administrator Account Asset",
"description": "Some accounts will have special privileges / will be in control of the Digital Community Hosting Asset; for example, the Admin of a Facebook Page, a Moderator of a Subreddit, etc. etc.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0146.004.md",
"external_id": "T0146.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--deb25743-ee30-42c8-a86d-7368e5fa0cd8", "id": "bundle--877b1e92-b0f9-4dcd-98c6-2fed80c21365",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5", "id": "attack-pattern--11352e9a-a52b-4ade-ad4f-ec64a15fa1d5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.396562Z", "created": "2024-11-22T16:43:58.145965Z",
"modified": "2024-08-02T17:12:32.396562Z", "modified": "2024-11-22T16:43:58.145965Z",
"name": "Create Localised Content", "name": "Create Localised Content",
"description": "Localised content refers to content that appeals to a specific community of individuals, often in defined geographic areas. An operation may create localised content using local language and dialects to resonate with its target audience and blend in with other local news and social media. Localised content may help an operation increase legitimacy, avoid detection, and complicate external attribution.", "description": "Localised content refers to content that appeals to a specific community of individuals, often in defined geographic areas. An operation may create localised content using local language and dialects to resonate with its target audience and blend in with other local news and social media. Localised content may help an operation increase legitimacy, avoid detection, and complicate external attribution.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--123edb11-67c2-48c2-98bc-664795a6101b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--3aae02a2-2f9d-4b54-9d31-96272c779ad1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--123edb11-67c2-48c2-98bc-664795a6101b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.104637Z",
"modified": "2024-11-22T16:43:58.104637Z",
"name": "Develop Book",
"description": "Produce text content in the form of a book.\u00a0<br /> <br />This technique covers both e-books and physical books, however, the former is more easily deployed by threat actors given the lower cost to develop.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.005.md",
"external_id": "T0085.005"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--52fca5ca-b49e-4b9e-ad30-21b67ebf5ef4", "id": "bundle--892f5f8e-ff7e-486d-a33e-97ac5f8f2d4d",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb", "id": "attack-pattern--127c5166-e619-42d7-a0f7-0cf0595bcdeb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.346525Z", "created": "2024-11-22T16:43:58.089677Z",
"modified": "2024-08-02T17:12:32.346525Z", "modified": "2024-11-22T16:43:58.089677Z",
"name": "Threaten to Dox", "name": "Threaten to Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.", "description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--c3d7ea01-fc3c-4177-b13c-e4e52587459e", "id": "bundle--a0303e6b-facc-4f93-b565-c50a77155584",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e", "id": "attack-pattern--14bec5aa-0823-4dde-9223-ec49a1cea65e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.368028Z", "created": "2024-11-22T16:43:58.101619Z",
"modified": "2024-08-02T17:12:32.368028Z", "modified": "2024-11-22T16:43:58.101619Z",
"name": "Develop New Narratives", "name": "Develop New Narratives",
"description": "Actors may develop new narratives to further strategic or tactical goals, especially when existing narratives adequately align with the campaign goals. New narratives provide more control in terms of crafting the message to achieve specific goals. However, new narratives may require more effort to disseminate than adapting or adopting existing narratives.", "description": "Actors may develop new narratives to further strategic or tactical goals, especially when existing narratives adequately align with the campaign goals. New narratives provide more control in terms of crafting the message to achieve specific goals. However, new narratives may require more effort to disseminate than adapting or adopting existing narratives.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--551cc2bb-8ed4-4f30-82c8-bda74bdc7899", "id": "bundle--303a701e-64b3-4cd9-90d8-1aedbc1328b5",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9", "id": "attack-pattern--14ea9a49-0546-4fe9-be44-f158be5881e9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.410743Z", "created": "2024-11-22T16:43:58.168739Z",
"modified": "2024-08-02T17:12:32.410743Z", "modified": "2024-11-22T16:43:58.168739Z",
"name": "Control Information Environment through Offensive Cyberspace Operations", "name": "Control Information Environment through Offensive Cyberspace Operations",
"description": "Controlling the information environment through offensive cyberspace operations uses cyber tools and techniques to alter the trajectory of content in the information space to either prioritise operation messaging or block opposition messaging.", "description": "Controlling the information environment through offensive cyberspace operations uses cyber tools and techniques to alter the trajectory of content in the information space to either prioritise operation messaging or block opposition messaging.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--15ed464e-0685-4675-8974-0880293c4413.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--53b98f78-2c55-4281-b570-f5aede3e4902",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--15ed464e-0685-4675-8974-0880293c4413",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.253069Z",
"modified": "2024-11-22T16:43:58.253069Z",
"name": "AI LLM Platform",
"description": "OpenAI\u2019s ChatGPT, Google\u2019s Bard, Microsoft\u2019s Turing-NLG, Google\u2019s T5 (Text-to-Text Transfer Transformer), and Facebook\u2019s BART are examples of AI LLM (Large Language Model) Platforms.<br><br>AI LLM Platforms are online platforms which allow people to create Accounts that they can use to interact with the platform\u2019s AI Large Language Model, to produce text-based content.<br><br>LLMs can create hyper-realistic synthetic text that is both scalable and persuasive. LLMs can largely automate content production, reducing the overhead in persona creation, and generate culturally appropriate outputs that are less prone to exhibiting conspicuous signs of inauthenticity.<br><br>Some platforms implement protections against misuse of AI by their users. Threat Actors have been observed bypassing these protections using prompt injections, poisoning, jailbreaking, or integrity attacks.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0154.001.md",
"external_id": "T0154.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--160d0f71-bbb2-4432-8456-5b8ca4acc52d.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--39a8835a-3364-44e1-8562-03844f6243bb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--160d0f71-bbb2-4432-8456-5b8ca4acc52d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.240679Z",
"modified": "2024-11-22T16:43:58.240679Z",
"name": "Rented Asset",
"description": "A Rented Asset is an asset which actors are temporarily renting or subscribing to. <br><br>For example, threat actors have been observed renting temporary access to legitimate accounts on online platforms in order to disguise operation activity.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0150.007.md",
"external_id": "T0150.007"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--16cd6b17-f952-4a4f-b577-a603a11c274e.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c6561179-5f4c-4ee9-93dc-020000b7f96c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--16cd6b17-f952-4a4f-b577-a603a11c274e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.213559Z",
"modified": "2024-11-22T16:43:58.213559Z",
"name": "Justify Action",
"description": "To convince others to exonerate you of a perceived wrongdoing. When an actor finds it untenable to deny doing something, they may attempt to exonerate themselves with disinformation which claims the action was reasonable. This is a special case of \u201cDefend Reputation\u201d. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.002.md",
"external_id": "T0136.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--3ed4b837-7930-4492-baff-965cdc582ef7", "id": "bundle--175f028f-96f5-437e-98ec-87ece2590aaf",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03", "id": "attack-pattern--17cba995-a8ab-4aa0-85fe-2b87d38a8f03",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.370771Z", "created": "2024-11-22T16:43:58.10375Z",
"modified": "2024-08-02T17:12:32.370771Z", "modified": "2024-11-22T16:43:58.10375Z",
"name": "Develop AI-Generated Text", "name": "Develop AI-Generated Text",
"description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.<br><br><b>Associated Techniques and Sub-techniques:</b><br><b>T0085.008: Machine Translated Text:</b> Use this sub-technique when AI has been used to generate a translation of a piece of text.", "description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.<br><br><b>Associated Techniques and Sub-techniques:</b><br><b>T0085.008: Machine Translated Text:</b> Use this sub-technique when AI has been used to generate a translation of a piece of text.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--187f23d3-c0d7-445e-aba8-c8e01e3a4836.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--54fd5115-04fc-45a7-9b5c-c16b6e91bb64",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--187f23d3-c0d7-445e-aba8-c8e01e3a4836",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.244531Z",
"modified": "2024-11-22T16:43:58.244531Z",
"name": "Community Forum Platform",
"description": "Reddit, Lemmy and Tildes are examples of Community Forum Platforms.<br><br>Community Forum Platforms are exemplified by users\u2019 ability to create their own sub-communities (Community Sub-Forums) which other platform users can join. <br><br>Platform users can view aggregated content from all Community Sub-Forums they subscribe to, or they can view all content from a particular Community Sub-Forum.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0151.010.md",
"external_id": "T0151.010"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1997947a-7e08-4ea9-802c-85391d561266.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--1f5ef84b-c3a1-4714-97b6-2a1ad201a911", "id": "bundle--b6871e02-2d25-4fa0-9d42-5d454dab075f",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--1997947a-7e08-4ea9-802c-85391d561266", "id": "attack-pattern--1997947a-7e08-4ea9-802c-85391d561266",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.406924Z", "created": "2024-11-22T16:43:58.153166Z",
"modified": "2024-08-02T17:12:32.406924Z", "modified": "2024-11-22T16:43:58.153166Z",
"name": "Post Content", "name": "Post Content",
"description": "Delivering content by posting via owned media (assets that the operator controls).", "description": "Delivering content by posting via owned media (assets that the operator controls).",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--19a45aaa-7fb8-40a2-b407-9c828f8a718a.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--dd36ac56-4a1a-4694-bafd-221bff7a5b5f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--19a45aaa-7fb8-40a2-b407-9c828f8a718a",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.096667Z",
"modified": "2024-11-22T16:43:58.096667Z",
"name": "Ideological Advantage",
"description": "Favourable position domestically or internationally in the market for ideas, beliefs, and world views. Competition plays out among faith systems, political systems, and value systems. It can involve sub-national, national or supra-national movements. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-strategy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.004.md",
"external_id": "T0074.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a3b9d51-9cb5-4acd-bbd9-58fa66fac9de.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--008dae3a-2cdd-4069-9572-78b87c81cdf1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1a3b9d51-9cb5-4acd-bbd9-58fa66fac9de",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.096204Z",
"modified": "2024-11-22T16:43:58.096204Z",
"name": "Domestic Political Advantage",
"description": "Favourable position vis-\u00e0-vis national or sub-national political opponents such as political parties, interest groups, politicians, candidates. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-strategy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.002.md",
"external_id": "T0074.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--ee098dbb-4ee9-46d3-a5a6-9cfe4b0307fd", "id": "bundle--eca3fdab-2a4e-4795-b713-4a4f0853c649",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146", "id": "attack-pattern--1a85cb33-f7cc-49d9-a23f-4b7ce82a2146",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.361233Z", "created": "2024-11-22T16:43:58.097363Z",
"modified": "2024-08-02T17:12:32.361233Z", "modified": "2024-11-22T16:43:58.097363Z",
"name": "Distort", "name": "Distort",
"description": "Twist the narrative. Take information, or artefacts like images, and change the framing around them.", "description": "Twist the narrative. Take information, or artefacts like images, and change the framing around them.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--80a6cb32-48e5-4423-a547-751e93db2b94", "id": "bundle--3b074481-88cf-4d55-b82a-c5ddfa65664e",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c", "id": "attack-pattern--1ae9162c-ea88-4123-9c3f-b651eff4a77c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.420979Z", "created": "2024-11-22T16:43:58.211387Z",
"modified": "2024-08-02T17:12:32.420979Z", "modified": "2024-11-22T16:43:58.211387Z",
"name": "Action/Attitude", "name": "Action/Attitude",
"description": "Measure current system state with respect to the effectiveness of influencing action/attitude.", "description": "Measure current system state with respect to the effectiveness of influencing action/attitude.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1b0d49bb-5881-480a-bada-45aa8c392ac5.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--17464de0-20d1-4d17-b2a0-e2102a81947d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1b0d49bb-5881-480a-bada-45aa8c392ac5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.213143Z",
"modified": "2024-11-22T16:43:58.213143Z",
"name": "Cultivate Support",
"description": "Grow or maintain the base of support for the actor, ally, or action. This includes hard core recruitment, managing alliances, and generating or maintaining sympathy among a wider audience, including reputation management and public relations. Sub-techniques assume support for actor (self) unless otherwise specified. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.md",
"external_id": "T0136"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1b4f8416-7930-4fa2-8ec4-45130dbc7020.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--0a16f273-8c87-4474-8b3c-c4f9ae5084b0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1b4f8416-7930-4fa2-8ec4-45130dbc7020",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.104484Z",
"modified": "2024-11-22T16:43:58.104484Z",
"name": "Develop Document",
"description": "Produce text in the form of a document.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0085.004.md",
"external_id": "T0085.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--b3389001-36a8-411e-b389-837bb7db12da", "id": "bundle--899a1bab-d7a2-4051-8440-75b63ac79a27",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635", "id": "attack-pattern--1c13465b-8b75-4b7d-a763-fe5b1d091635",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.348471Z", "created": "2024-11-22T16:43:58.090307Z",
"modified": "2024-08-02T17:12:32.348471Z", "modified": "2024-11-22T16:43:58.090307Z",
"name": "Trolls Amplify and Manipulate", "name": "Trolls Amplify and Manipulate",
"description": "Use trolls to amplify narratives and/or manipulate narratives. Fake profiles/sockpuppets operating to support individuals/narratives from the entire political spectrum (left/right binary). Operating with increased emphasis on promoting local content and promoting real Twitter users generating their own, often divisive political content, as it's easier to amplify existing content than create new/original content. Trolls operate where ever there's a socially divisive issue (issues that can/are be politicized).", "description": "Use trolls to amplify narratives and/or manipulate narratives. Fake profiles/sockpuppets operating to support individuals/narratives from the entire political spectrum (left/right binary). Operating with increased emphasis on promoting local content and promoting real Twitter users generating their own, often divisive political content, as it's easier to amplify existing content than create new/original content. Trolls operate where ever there's a socially divisive issue (issues that can/are be politicized).",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--ba497caf-d32f-40c0-9237-78680cb25ae9", "id": "bundle--7bbb5caf-063d-4124-9fbe-6e65df58e9c0",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132", "id": "attack-pattern--1d48fe65-5062-4262-b9e2-890aca1da132",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.362521Z", "created": "2024-11-22T16:43:58.098067Z",
"modified": "2024-08-02T17:12:32.362521Z", "modified": "2024-11-22T16:43:58.098067Z",
"name": "Divide", "name": "Divide",
"description": "Create conflict between subgroups, to widen divisions in a community", "description": "Create conflict between subgroups, to widen divisions in a community",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d87bec6-03e0-429d-a7dd-de9353141acd.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--5dbe60d2-ffa3-4cdf-8c5c-f052f64cf271",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d87bec6-03e0-429d-a7dd-de9353141acd",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.214698Z",
"modified": "2024-11-22T16:43:58.214698Z",
"name": "Recruit Members",
"description": "Motivate followers to join or subscribe as members of the team. Organisations may mount recruitment drives that use propaganda to entice sympathisers to sign up. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.007.md",
"external_id": "T0136.007"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d917530-027d-4f82-b380-404c320dc783.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--f663935c-16a2-4811-b67e-3944b29e5c65", "id": "bundle--a117bbd6-1fe3-41e9-b9ba-8cc565eacdcb",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--1d917530-027d-4f82-b380-404c320dc783", "id": "attack-pattern--1d917530-027d-4f82-b380-404c320dc783",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.356564Z", "created": "2024-11-22T16:43:58.094773Z",
"modified": "2024-08-02T17:12:32.356564Z", "modified": "2024-11-22T16:43:58.094773Z",
"name": "Economic Segmentation", "name": "Economic Segmentation",
"description": "An influence operation may target populations based on their income bracket, wealth, or other financial or economic division.", "description": "An influence operation may target populations based on their income bracket, wealth, or other financial or economic division.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--734a0d99-4aa6-4d47-90cf-46582be43356", "id": "bundle--2a547daa-1f0a-4601-8ecf-ce8e083335c7",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4", "id": "attack-pattern--1f7181dc-07e7-40a7-9894-8132b8390ba4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.413057Z", "created": "2024-11-22T16:43:58.183045Z",
"modified": "2024-08-02T17:12:32.413057Z", "modified": "2024-11-22T16:43:58.183045Z",
"name": "Call to Action to Attend", "name": "Call to Action to Attend",
"description": "Call to action to attend an event", "description": "Call to action to attend an event",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--d9571e7a-2b61-4400-8834-5d08863d0d1e", "id": "bundle--bc816812-33e4-4cf1-a76b-ec3227b2a240",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae", "id": "attack-pattern--20569b52-59da-4b87-9b04-a306f3c148ae",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.414283Z", "created": "2024-11-22T16:43:58.192926Z",
"modified": "2024-08-02T17:12:32.414283Z", "modified": "2024-11-22T16:43:58.192926Z",
"name": "Conceal Network Identity", "name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.", "description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organisation.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--20a8b577-139c-4c10-a27b-c8a7d35b83b3.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--6684b29d-147e-4a93-8666-3dad2a9f1752",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--20a8b577-139c-4c10-a27b-c8a7d35b83b3",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.251245Z",
"modified": "2024-11-22T16:43:58.251245Z",
"name": "Email Platform",
"description": "Gmail, iCloud mail, and Microsoft Outlook are examples of Email Platforms.<br><br>Email Platforms are online platforms which allow people to create Accounts that they can use to send and receive emails to and from other email accounts. <br><br>Instead of using an Email Platform, actors may set up their own Email Domain, letting them send and receive emails on a custom domain.<br><br>Analysts should default to Email Platform if they cannot confirm whether an email was sent using a privately operated email, or via an account on a public email platform (for example, in situations where analysts are coding third party reporting which does not specify the type of email used).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0153.001.md",
"external_id": "T0153.001"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--21e5d7a3-deb1-4305-937e-22af2a3b6e7d.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--bc72aeb9-e514-45da-8c79-2ef4b2aa7c20",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--21e5d7a3-deb1-4305-937e-22af2a3b6e7d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.21449Z",
"modified": "2024-11-22T16:43:58.21449Z",
"name": "Cultivate Support for Ally",
"description": "Elevate or fortify the public backing for a partner. Governments may interfere in other countries\u2019 elections by covertly favouring a party or candidate aligned with their interests. They may also mount an influence operation to bolster the reputation of an ally under attack. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0136.006.md",
"external_id": "T0136.006"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--72d4cdda-ecd9-4ff5-806c-658e265db5c6", "id": "bundle--a4dd36df-df10-4660-b295-47db6212d31b",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794", "id": "attack-pattern--21fc458a-ea4d-41bb-9442-aac7ddd24794",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.335027Z", "created": "2024-11-22T16:43:58.082199Z",
"modified": "2024-08-02T17:12:32.335027Z", "modified": "2024-11-22T16:43:58.082199Z",
"name": "Prepare Fundraising Campaigns", "name": "Prepare Fundraising Campaigns",
"description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns (see: Develop Information Pathways) to promote operation messaging while raising money to support its activities.", "description": "Fundraising campaigns refer to an influence operation\u2019s systematic effort to seek financial support for a charity, cause, or other enterprise using online activities that further promote operation information pathways while raising a profit. Many influence operations have engaged in crowdfunding services on platforms including Tipee, Patreon, and GoFundMe. An operation may use its previously prepared fundraising campaigns (see: Develop Information Pathways) to promote operation messaging while raising money to support its activities.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2295615a-89ad-4f5b-b8ed-e70245a6d209.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c7c86c49-786d-410c-9b83-dab0e3edf975",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2295615a-89ad-4f5b-b8ed-e70245a6d209",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.220405Z",
"modified": "2024-11-22T16:43:58.220405Z",
"name": "Impersonated Persona",
"description": "Threat actors may impersonate existing individuals or institutions to conceal their network identity, add legitimacy to content, or harm the impersonated target\u2019s reputation. This Technique covers situations where an actor presents themselves as another existing individual or institution.<br><br> This Technique was previously called Prepare Assets Impersonating Legitimate Entities and used the ID T0099.<br><br> <b>Associated Techniques and Sub-techniques</b><br> <b>T0097: Presented Persona:</b> Analysts can use the sub-techniques of T0097: Presented Persona to categorise the type of impersonation. For example, a document developed by a threat actor which falsely presented as a letter from a government department could be documented using T0085.004: Develop Document, T0143.003: Impersonated Persona, and T0097.206: Government Institution Persona.<br> <b>T0145.001: Copy Account Imagery:</b> Actors may take existing accounts\u2019 profile pictures as part of their impersonation efforts.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0143.003.md",
"external_id": "T0143.003"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--7eeb1560-5bf0-4f48-951e-f7ff3b36a3d7", "id": "bundle--750388ba-fa90-43d4-8427-158a57269683",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4", "id": "attack-pattern--245d117b-2700-462e-97d4-be9b4b3745c4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.405913Z", "created": "2024-11-22T16:43:58.14973Z",
"modified": "2024-08-02T17:12:32.405913Z", "modified": "2024-11-22T16:43:58.14973Z",
"name": "Employ Commercial Analytic Firms", "name": "Employ Commercial Analytic Firms",
"description": "Commercial analytic firms collect data on target audience activities and evaluate the data to detect trends, such as content receiving high click-rates. An influence operation may employ commercial analytic firms to facilitate external collection on its target audience, complicating attribution efforts and better tailoring the content to audience preferences.", "description": "Commercial analytic firms collect data on target audience activities and evaluate the data to detect trends, such as content receiving high click-rates. An influence operation may employ commercial analytic firms to facilitate external collection on its target audience, complicating attribution efforts and better tailoring the content to audience preferences.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--25bb6f16-eabe-4d13-a984-fa9f0cef7515.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--9bcd0490-d124-4b62-9256-e08c1a81b1e9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--25bb6f16-eabe-4d13-a984-fa9f0cef7515",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.223416Z",
"modified": "2024-11-22T16:43:58.223416Z",
"name": "Account Asset",
"description": "An Account is a user-specific profile that allows access to the features and services of an online platform, typically requiring a username and password for authentication.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0146.md",
"external_id": "T0146"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--260869f6-be18-4475-b35e-27fb52203abc.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--d2575a9f-4b50-48b2-8aa4-550ba8d8dd4d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--260869f6-be18-4475-b35e-27fb52203abc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.084584Z",
"modified": "2024-11-22T16:43:58.084584Z",
"name": "Create New Hashtag",
"description": "Create a campaign/incident specific hashtag. This Technique covers behaviours previously documented by T0104.006: Create Dedicated Hashtag, which has since been deprecated. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0015.002.md",
"external_id": "T0015.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--37701d8b-9802-463a-94bd-88beef82ff4e", "id": "bundle--3cbf5558-aae7-4e2e-b6af-9d3f336f08cc",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5", "id": "attack-pattern--27061558-ebf9-402b-b8e2-0c7c9d86aea5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.405517Z", "created": "2024-11-22T16:43:58.149542Z",
"modified": "2024-08-02T17:12:32.405517Z", "modified": "2024-11-22T16:43:58.149542Z",
"name": "Radio", "name": "Radio",
"description": "Radio", "description": "Radio",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--283333f5-e161-4195-9070-5a7c22505adf.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--ef89e3d2-02a9-46a0-b179-3fda040b6499", "id": "bundle--3605e351-d1bb-4e46-a393-7765b20f23dd",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--283333f5-e161-4195-9070-5a7c22505adf", "id": "attack-pattern--283333f5-e161-4195-9070-5a7c22505adf",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.394819Z", "created": "2024-11-22T16:43:58.144121Z",
"modified": "2024-08-02T17:12:32.394819Z", "modified": "2024-11-22T16:43:58.144121Z",
"name": "Co-Opt Trusted Sources", "name": "Co-Opt Trusted Sources",
"description": "An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites", "description": "An influence operation may co-opt trusted sources by infiltrating or repurposing a source to reach a target audience through existing, previously reliable networks. Co-opted trusted sources may include: - National or local new outlets - Research or academic publications - Online blogs or websites",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--292fa0bb-3762-41cf-ba2a-c547ef35268d.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--41936199-38f9-4a7c-a4b6-4394b2a5e38e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--292fa0bb-3762-41cf-ba2a-c547ef35268d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.243548Z",
"modified": "2024-11-22T16:43:58.243548Z",
"name": "Chat Broadcast Group",
"description": "A Chat Broadcast Group is a type of Chat Group in which only specific members can send content to the channel (typically administrators, or approved group members). Members of the channel may be able to react to content, or comment on it, but can\u2019t directly push new content to the channel.<br><br>Examples include:<br>WhatsApp, Telegram, Discord: Chat Groups in which only admins are able to post new content.<br>X (prev. Twitter): Spaces (an audio discussion hosting feature) in which admins control who can speak at a given moment.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0151.007.md",
"external_id": "T0151.007"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--9e5e873e-0bbc-4f26-a402-3e23c6485c76", "id": "bundle--955dadd7-212d-4ffe-b8b3-50eef78c75df",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9", "id": "attack-pattern--29dd92fd-fb77-4565-b58a-74795144c9a9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.409219Z", "created": "2024-11-22T16:43:58.162441Z",
"modified": "2024-08-02T17:12:32.409219Z", "modified": "2024-11-22T16:43:58.162441Z",
"name": "Post across Disciplines", "name": "Post across Disciplines",
"description": "Post Across Disciplines", "description": "Post Across Disciplines",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--42842123-6a10-4b1b-84ff-4e826a17a3e2", "id": "bundle--bfa7dbfc-d7b1-4991-9a49-ec88350b5425",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e", "id": "attack-pattern--2b297e7b-51a7-4cfc-80da-fbc21c789a9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.413845Z", "created": "2024-11-22T16:43:58.18865Z",
"modified": "2024-08-02T17:12:32.413845Z", "modified": "2024-11-22T16:43:58.18865Z",
"name": "Encourage Physical Violence", "name": "Encourage Physical Violence",
"description": "An influence operation may Encourage others to engage in Physical Violence to achieve campaign goals.", "description": "An influence operation may Encourage others to engage in Physical Violence to achieve campaign goals.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--a7887cf0-e79d-4f64-9943-ded469cee484", "id": "bundle--7a80ab61-62dc-4120-a8af-d6b45e3948aa",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1", "id": "attack-pattern--2cb5fe24-da3f-4cc7-aa76-6e3d38c537a1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.363691Z", "created": "2024-11-22T16:43:58.098707Z",
"modified": "2024-08-02T17:12:32.363691Z", "modified": "2024-11-22T16:43:58.098707Z",
"name": "Evaluate Media Surveys", "name": "Evaluate Media Surveys",
"description": "An influence operation may evaluate its own or third-party media surveys to determine what type of content appeals to its target audience. Media surveys may provide insight into an audience\u2019s political views, social class, general interests, or other indicators used to tailor operation messaging to its target audience.", "description": "An influence operation may evaluate its own or third-party media surveys to determine what type of content appeals to its target audience. Media surveys may provide insight into an audience\u2019s political views, social class, general interests, or other indicators used to tailor operation messaging to its target audience.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--2212b83b-6b9c-4dd4-bc40-17d1798d55e1", "id": "bundle--b03df4f4-2832-44ad-a83c-bb16626ac3ae",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321", "id": "attack-pattern--2d9a40e8-fbb5-40c7-b23e-61d5d92b5321",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.394405Z", "created": "2024-11-22T16:43:58.143573Z",
"modified": "2024-08-02T17:12:32.394405Z", "modified": "2024-11-22T16:43:58.143573Z",
"name": "Leverage Existing Inauthentic News Sites", "name": "Leverage Existing Inauthentic News Sites",
"description": "Leverage Existing Inauthentic News Sites", "description": "Leverage Existing Inauthentic News Sites",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--304c0674-9d77-41c2-8f8e-3577df1c4c32.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--43e83438-fc97-4957-bfe4-e80d3cdda9f2",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--304c0674-9d77-41c2-8f8e-3577df1c4c32",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.215683Z",
"modified": "2024-11-22T16:43:58.215683Z",
"name": "Scam",
"description": "Defraud a target or trick a target into doing something that benefits the attacker. A typical scam is where a fraudster convinces a target to pay for something without the intention of ever delivering anything in return. Alternatively, the fraudster may promise benefits which never materialise, such as a fake cure. Criminals often exploit a fear or crisis or generate a sense of urgency. They may use deepfakes to impersonate authority figures or individuals in distress. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0137.002.md",
"external_id": "T0137.002"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--496df3e6-88a6-4c59-88ae-66a25293731e", "id": "bundle--f681681a-26d7-47da-8987-b75dceb4c8f4",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e", "id": "attack-pattern--314ecce1-6d89-4304-a149-1c3d8fddaf9e",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.404876Z", "created": "2024-11-22T16:43:58.148252Z",
"modified": "2024-08-02T17:12:32.404876Z", "modified": "2024-11-22T16:43:58.148252Z",
"name": "Traditional Media", "name": "Traditional Media",
"description": "Examples include TV, Newspaper, Radio, etc.", "description": "Examples include TV, Newspaper, Radio, etc.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--2964be6a-3bd9-42cd-84b3-e509dcbd1673", "id": "bundle--8b60e8a6-4516-47c3-b754-8cd46a39d5d6",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc", "id": "attack-pattern--318f2a34-07b6-4c4b-9bb0-58f5bca681fc",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.407759Z", "created": "2024-11-22T16:43:58.157213Z",
"modified": "2024-08-02T17:12:32.407759Z", "modified": "2024-11-22T16:43:58.157213Z",
"name": "Comment or Reply on Content", "name": "Comment or Reply on Content",
"description": "Delivering content by replying or commenting via owned media (assets that the operator controls).", "description": "Delivering content by replying or commenting via owned media (assets that the operator controls).",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--42a8c8de-5c27-4fd0-b5e4-16cc5208614a", "id": "bundle--06f28951-4713-4e84-8c43-2b673b7af596",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7", "id": "attack-pattern--328ce801-be1a-4596-9961-008e1d9b85f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.343565Z", "created": "2024-11-22T16:43:58.087963Z",
"modified": "2024-08-02T17:12:32.343565Z", "modified": "2024-11-22T16:43:58.087963Z",
"name": "Demand Insurmountable Proof", "name": "Demand Insurmountable Proof",
"description": "Campaigns often leverage tactical and informational asymmetries on the threat surface, as seen in the Distort and Deny strategies, and the \"firehose of misinformation\". Specifically, conspiracy theorists can be repeatedly wrong, but advocates of the truth need to be perfect. By constantly escalating demands for proof, propagandists can effectively leverage this asymmetry while also priming its future use, often with an even greater asymmetric advantage. The conspiracist is offered freer rein for a broader range of \"questions\" while the truth teller is burdened with higher and higher standards of proof.", "description": "Campaigns often leverage tactical and informational asymmetries on the threat surface, as seen in the Distort and Deny strategies, and the \"firehose of misinformation\". Specifically, conspiracy theorists can be repeatedly wrong, but advocates of the truth need to be perfect. By constantly escalating demands for proof, propagandists can effectively leverage this asymmetry while also priming its future use, often with an even greater asymmetric advantage. The conspiracist is offered freer rein for a broader range of \"questions\" while the truth teller is burdened with higher and higher standards of proof.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--37168ac0-549c-403a-9d31-41fe19a3ea17", "id": "bundle--9f61734a-08c8-4ede-9d68-d35ca0745290",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8", "id": "attack-pattern--330de45e-8e37-4b57-95e4-fa75580b36a8",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.371128Z", "created": "2024-11-22T16:43:58.104251Z",
"modified": "2024-08-02T17:12:32.371128Z", "modified": "2024-11-22T16:43:58.104251Z",
"name": "Develop Inauthentic News Articles", "name": "Develop Inauthentic News Articles",
"description": "An influence operation may develop false or misleading news articles aligned to their campaign goals or narratives.", "description": "An influence operation may develop false or misleading news articles aligned to their campaign goals or narratives.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--782f4bc8-b4e3-47c5-a57e-07b1c7ff3d1b", "id": "bundle--b6c2987a-93e0-45cd-aec5-558c78b14549",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb", "id": "attack-pattern--331a83bb-2e5b-4c49-9446-e78a8f25b4eb",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.417607Z", "created": "2024-11-22T16:43:58.206551Z",
"modified": "2024-08-02T17:12:32.417607Z", "modified": "2024-11-22T16:43:58.206551Z",
"name": "Utilise Bulletproof Hosting", "name": "Utilise Bulletproof Hosting",
"description": "Hosting refers to services through which storage and computing resources are provided to an individual or organisation for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilise bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend.", "description": "Hosting refers to services through which storage and computing resources are provided to an individual or organisation for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilise bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--33a48d40-658e-4cde-9af9-5532a104b13d.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--4ff15e7b-7f60-496e-a9f8-4879239e78ea",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--33a48d40-658e-4cde-9af9-5532a104b13d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.096436Z",
"modified": "2024-11-22T16:43:58.096436Z",
"name": "Economic Advantage",
"description": "Favourable position domestically or internationally in the realms of commerce, trade, finance, industry. Economics involves nation-states, corporations, banks, trade blocs, industry associations, cartels. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-strategy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0074.003.md",
"external_id": "T0074.003"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3437993c-c521-4145-a2d8-b860399876b0.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--42dd1428-e91b-4115-b7f2-1708f01f77e1", "id": "bundle--d7fca12a-5580-410a-9d3b-2cac600c8e56",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--3437993c-c521-4145-a2d8-b860399876b0", "id": "attack-pattern--3437993c-c521-4145-a2d8-b860399876b0",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.415535Z", "created": "2024-11-22T16:43:58.198475Z",
"modified": "2024-08-02T17:12:32.415535Z", "modified": "2024-11-22T16:43:58.198475Z",
"name": "Break Association with Content", "name": "Break Association with Content",
"description": "Breaking association with content occurs when an influence operation actively separates itself from its own content. An influence operation may break association with content by unfollowing, unliking, or unsharing its content, removing attribution from its content, or otherwise taking actions that distance the operation from its messaging. An influence operation may break association with its content to complicate attribution or regain credibility for a new operation.", "description": "Breaking association with content occurs when an influence operation actively separates itself from its own content. An influence operation may break association with content by unfollowing, unliking, or unsharing its content, removing attribution from its content, or otherwise taking actions that distance the operation from its messaging. An influence operation may break association with its content to complicate attribution or regain credibility for a new operation.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--9a378790-917c-4006-851f-8de2ffa81c4c", "id": "bundle--59649ae2-1639-4261-ae79-753403b81591",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d", "id": "attack-pattern--34cda40c-8d27-48a0-b27c-c953b75c453d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.336169Z", "created": "2024-11-22T16:43:58.085058Z",
"modified": "2024-08-02T17:12:32.336169Z", "modified": "2024-11-22T16:43:58.085058Z",
"name": "Create Clickbait", "name": "Create Clickbait",
"description": "Create attention grabbing headlines (outrage, doubt, humour) required to drive traffic & engagement. This is a key asset.", "description": "Create attention grabbing headlines (outrage, doubt, humour) required to drive traffic & engagement. This is a key asset.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--351197c6-80b4-4c4e-a9ca-bd213be8ef7f.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--cc8be4d8-c349-4dce-a0cb-e30063cb398a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--351197c6-80b4-4c4e-a9ca-bd213be8ef7f",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.138171Z",
"modified": "2024-11-22T16:43:58.138171Z",
"name": "Institutional Persona",
"description": "This Technique can be used to indicate that an entity is presenting itself as an institution. If the organisation is presenting itself as having one of the personas listed below then these Techniques should be used instead, as they indicate both that the entity presented itself as an institution, and the type of persona they presented:<br><br> T0097.201: Local Institution Persona<br> T0097.202: News Outlet Persona<br> T0097.203: Fact Checking Organisation Persona<br> T0097.204: Think Tank Persona<br> T0097.205: Business Persona<br> T0097.206: Government Institution Persona<br> T0097.207: NGO Persona<br> T0097.208: Social Cause Persona",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.200.md",
"external_id": "T0097.200"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--35b0650e-99bb-404c-a54c-bb48d9d22b2c", "id": "bundle--84df7d58-ae65-45a4-ae46-0798c5081f77",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca", "id": "attack-pattern--35444e68-bb94-44ad-aecf-fff893f3d0ca",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.406496Z", "created": "2024-11-22T16:43:58.151121Z",
"modified": "2024-08-02T17:12:32.406496Z", "modified": "2024-11-22T16:43:58.151121Z",
"name": "Social Media", "name": "Social Media",
"description": "Social Media", "description": "Social Media",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--bdc125c5-3611-4532-b229-2944ab0c001a", "id": "bundle--cb5276ca-dc62-49c7-ab8f-6abbc0e92881",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291", "id": "attack-pattern--3621d01e-eb49-42d7-b646-6427a5693291",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.411564Z", "created": "2024-11-22T16:43:58.174718Z",
"modified": "2024-08-02T17:12:32.411564Z", "modified": "2024-11-22T16:43:58.174718Z",
"name": "Conduct Server Redirect", "name": "Conduct Server Redirect",
"description": "A server redirect, also known as a URL redirect, occurs when a server automatically forwards a user from one URL to another using server-side or client-side scripting languages. An influence operation may conduct a server redirect to divert target audience members from one website to another without their knowledge. The redirected website may pose as a legitimate source, host malware, or otherwise aid operation objectives.", "description": "A server redirect, also known as a URL redirect, occurs when a server automatically forwards a user from one URL to another using server-side or client-side scripting languages. An influence operation may conduct a server redirect to divert target audience members from one website to another without their knowledge. The redirected website may pose as a legitimate source, host malware, or otherwise aid operation objectives.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--59297cc3-eb4a-44e7-ad66-2cd6992a7cad", "id": "bundle--157cf1ad-599d-470e-8d88-31d383d23c25",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9", "id": "attack-pattern--37a192dd-8b33-482e-ba7a-b5a7b4f704b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.379779Z", "created": "2024-11-22T16:43:58.118896Z",
"modified": "2024-08-02T17:12:32.379779Z", "modified": "2024-11-22T16:43:58.118896Z",
"name": "Use Follow Trains", "name": "Use Follow Trains",
"description": "A follow train is a group of people who follow each other on a social media platform, often as a way for an individual or campaign to grow its social media following. Follow trains may be a violation of platform Terms of Service. They are also known as follow-for-follow groups.", "description": "A follow train is a group of people who follow each other on a social media platform, often as a way for an individual or campaign to grow its social media following. Follow trains may be a violation of platform Terms of Service. They are also known as follow-for-follow groups.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--68a42eb4-50cb-4b46-8c13-b9cc08efa754", "id": "bundle--7b0f3a68-bea9-4fb1-b926-ce52c396150c",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea", "id": "attack-pattern--3845d1f0-db88-41bb-95bf-8741ff9e72ea",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.37699Z", "created": "2024-11-22T16:43:58.115409Z",
"modified": "2024-08-02T17:12:32.37699Z", "modified": "2024-11-22T16:43:58.115409Z",
"name": "Alter Authentic Documents", "name": "Alter Authentic Documents",
"description": "Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic and can be \"leaked\" during later stages in the operation.", "description": "Alter authentic documents (public or non-public) to achieve campaign goals. The altered documents are intended to appear as if they are authentic and can be \"leaked\" during later stages in the operation.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--8d0c90be-850b-4d32-8460-c499ca709224", "id": "bundle--11c4c138-b6e1-411a-af94-0d92e812a1cf",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85", "id": "attack-pattern--3875e864-64d8-4ceb-8aa2-ef6e79224a85",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.382597Z", "created": "2024-11-22T16:43:58.129163Z",
"modified": "2024-08-02T17:12:32.382597Z", "modified": "2024-11-22T16:43:58.129163Z",
"name": "Create Content Farms", "name": "Create Content Farms",
"description": "An influence operation may create an organisation for creating and amplifying campaign artefacts at scale.", "description": "An influence operation may create an organisation for creating and amplifying campaign artefacts at scale.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--390c7a0e-d09f-4911-9828-9e2e5cbe7b0d.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--06d39327-f3d1-4fc2-a7b7-a2df81c89f3a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--390c7a0e-d09f-4911-9828-9e2e5cbe7b0d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.249501Z",
"modified": "2024-11-22T16:43:58.249501Z",
"name": "Audio Platform",
"description": "Soundcloud, Spotify, and YouTube Music; Apple Podcasts, Podbean, and Captivate are examples of Audio Platforms.<br><br>Audio Platforms allow people to create Accounts which they can use to upload audio content to the platform. <br><br>The ability to host audio is not exclusive to Audio Platforms; many online platforms allow users with Accounts to upload audio content. However, Audio Platforms\u2019 primary purpose is to be a place to host and listen to audio content.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0152.007.md",
"external_id": "T0152.007"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--308050af-565a-4fa0-82d9-b0587771b5e9", "id": "bundle--2e0add4b-fb0e-4a17-b216-8daf40a5443c",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1", "id": "attack-pattern--394089a7-cd71-4e16-aef9-d7b885d421f1",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.413199Z", "created": "2024-11-22T16:43:58.184374Z",
"modified": "2024-08-02T17:12:32.413199Z", "modified": "2024-11-22T16:43:58.184374Z",
"name": "Facilitate Logistics or Support for Attendance", "name": "Facilitate Logistics or Support for Attendance",
"description": "Facilitate logistics or support for travel, food, housing, etc.", "description": "Facilitate logistics or support for travel, food, housing, etc.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3965c84f-5d14-40ac-89e8-04a39718b604.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--daf20bfb-b464-4006-b78d-ad3a3ca652ee",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3965c84f-5d14-40ac-89e8-04a39718b604",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.238692Z",
"modified": "2024-11-22T16:43:58.238692Z",
"name": "Pre-Existing Asset",
"description": "Pre-Existing Assets are assets which existed before the observed incident which have not been Repurposed; i.e. they are still being used for their original purpose. <br><br>An example could be an Account which presented itself with a Journalist Persona prior to and during the observed potential incident.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0150.003.md",
"external_id": "T0150.003"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--db232d51-2359-4ae5-a4e3-3e0c741ded1a", "id": "bundle--d5c47437-ace2-4bdb-8794-b524ddc09f62",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72", "id": "attack-pattern--39ceaac8-e5f8-49be-95cf-0cbad07dfe72",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.398558Z", "created": "2024-11-22T16:43:58.146834Z",
"modified": "2024-08-02T17:12:32.398558Z", "modified": "2024-11-22T16:43:58.146834Z",
"name": "Use Existing Echo Chambers/Filter Bubbles", "name": "Use Existing Echo Chambers/Filter Bubbles",
"description": "Use existing Echo Chambers/Filter Bubbles", "description": "Use existing Echo Chambers/Filter Bubbles",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3a989ff0-0f0d-4e13-bb29-b95618e35cb4.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--249b91a0-9951-452a-96db-e66e955c1dc1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3a989ff0-0f0d-4e13-bb29-b95618e35cb4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.220944Z",
"modified": "2024-11-22T16:43:58.220944Z",
"name": "Persona Legitimacy Evidence",
"description": "This Technique contains behaviours which might indicate whether a persona is legitimate, a fabrication, or a parody.<br><br> For example, the same persona being consistently presented across platforms is consistent with how authentic users behave on social media. However, threat actors have also displayed this behaviour as a way to increase the perceived legitimacy of their fabricated personas (aka \u201cbackstopping\u201d).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0144.md",
"external_id": "T0144"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--42db14eb-21c4-4415-85ff-6ea4a0b6988b", "id": "bundle--d273492a-c0e0-4cc8-b47d-c82c5da76a47",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45", "id": "attack-pattern--3bc92e69-67e4-405a-a6fb-a2d742395c45",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.335422Z", "created": "2024-11-22T16:43:58.082621Z",
"modified": "2024-08-02T17:12:32.335422Z", "modified": "2024-11-22T16:43:58.082621Z",
"name": "Raise Funds from Malign Actors", "name": "Raise Funds from Malign Actors",
"description": "Raising funds from malign actors may include contributions from foreign agents, cutouts or proxies, shell companies, dark money groups, etc.", "description": "Raising funds from malign actors may include contributions from foreign agents, cutouts or proxies, shell companies, dark money groups, etc.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3cb30f88-5e58-4a52-8f7a-df12b4f14d32.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--5847eb2b-a29b-49f5-beaf-39b95a0a133b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3cb30f88-5e58-4a52-8f7a-df12b4f14d32",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.249065Z",
"modified": "2024-11-22T16:43:58.249065Z",
"name": "Paste Platform",
"description": "Pastebin is an example of a Paste Platform.<br><br>Paste Platforms allow people to upload unformatted text to the platform, which they can share via a link. Some Paste Platforms are Open Access Platforms which allow users to upload content without creating an Account first.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0152.005.md",
"external_id": "T0152.005"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3d541e3c-fdb7-4fa3-9b58-8ca9ba9d7d22.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--8c17c539-ff77-46c5-b848-5b2492a4605c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3d541e3c-fdb7-4fa3-9b58-8ca9ba9d7d22",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.234634Z",
"modified": "2024-11-22T16:43:58.234634Z",
"name": "Server Asset",
"description": "A Server is a computer which provides resources, services, or data to other computers over a network. There are different types of servers, such as web servers (which serve web pages and applications to users), database servers (which manage and provide access to databases), and file servers (which store and share files across a network).",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0149.005.md",
"external_id": "T0149.005"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3dfdef19-92e8-4f54-982d-7f58d4ff718c.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--b7420f71-f276-4b8d-aee6-cbec34a81066",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3dfdef19-92e8-4f54-982d-7f58d4ff718c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.241438Z",
"modified": "2024-11-22T16:43:58.241438Z",
"name": "Digital Community Hosting Asset",
"description": "A Digital Community Hosting Asset is an online asset which can be used by actors to provide spaces for users to interact with each other.<br><br>Sub-techniques categorised under Digital Community Hosting Assets can include Content Hosting and Content Delivery capabilities; however, their nominal primary purpose is to provide a space for community interaction.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0151.md",
"external_id": "T0151"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--4bc6311d-569a-4924-aec6-c9ececa708f4", "id": "bundle--d71c766c-65c7-46d8-ba40-4022e8b98c06",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14", "id": "attack-pattern--3fd63a63-f597-40e5-9f6e-0aab00d4dc14",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.356931Z", "created": "2024-11-22T16:43:58.095092Z",
"modified": "2024-08-02T17:12:32.356931Z", "modified": "2024-11-22T16:43:58.095092Z",
"name": "Psychographic Segmentation", "name": "Psychographic Segmentation",
"description": "An influence operation may target populations based on psychographic segmentation, which uses audience values and decision-making processes. An operation may individually gather psychographic data with its own surveys or collection tools or externally purchase data from social media companies or online surveys, such as personality quizzes.", "description": "An influence operation may target populations based on psychographic segmentation, which uses audience values and decision-making processes. An operation may individually gather psychographic data with its own surveys or collection tools or externally purchase data from social media companies or online surveys, such as personality quizzes.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--405aa0e6-2297-4c39-b285-17c31190b195.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--239d5ee5-f0c7-45c8-95b2-df231fe8d99b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--405aa0e6-2297-4c39-b285-17c31190b195",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.239312Z",
"modified": "2024-11-22T16:43:58.239312Z",
"name": "Repurposed Asset",
"description": "Repurposed Assets are assets which have been identified as being used previously, but are now being used for different purposes, or have new Presented Personas.<br><br>Actors have been documented compromising assets, and then repurposing them to present Inauthentic Personas as part of their operations.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0150.004.md",
"external_id": "T0150.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--b6b0bec9-0362-4844-b4e7-9dcc47d85ee8", "id": "bundle--0b22f2bd-3585-4d4e-afae-f40e8f17b3ee",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c", "id": "attack-pattern--40e784b7-3850-4115-b90c-a39e155bbe2c",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.399364Z", "created": "2024-11-22T16:43:58.147356Z",
"modified": "2024-08-02T17:12:32.399364Z", "modified": "2024-11-22T16:43:58.147356Z",
"name": "Exploit Data Voids", "name": "Exploit Data Voids",
"description": "A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) \u201cBreaking news\u201d data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a \u201cstrategic new terms\u201d data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on \u201coutdated terms\u201d that have decreased in popularity, capitalising on most search engines\u2019 preferences for recency. (4) \u201cFragmented concepts\u201d data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use \u201cproblematic queries\u201d that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.", "description": "A data void refers to a word or phrase that results in little, manipulative, or low-quality search engine data. Data voids are hard to detect and relatively harmless until exploited by an entity aiming to quickly proliferate false or misleading information during a phenomenon that causes a high number of individuals to query the term or phrase. In the Plan phase, an influence operation may identify data voids for later exploitation in the operation. A 2019 report by Michael Golebiewski identifies five types of data voids. (1) \u201cBreaking news\u201d data voids occur when a keyword gains popularity during a short period of time, allowing an influence operation to publish false content before legitimate news outlets have an opportunity to publish relevant information. (2) An influence operation may create a \u201cstrategic new terms\u201d data void by creating their own terms and publishing information online before promoting their keyword to the target audience. (3) An influence operation may publish content on \u201coutdated terms\u201d that have decreased in popularity, capitalising on most search engines\u2019 preferences for recency. (4) \u201cFragmented concepts\u201d data voids separate connections between similar ideas, isolating segment queries to distinct search engine results. (5) An influence operation may use \u201cproblematic queries\u201d that previously resulted in disturbing or inappropriate content to promote messaging until mainstream media recontextualizes the term.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--14414258-fd23-4684-9630-c08c108445f6", "id": "bundle--779552ef-940b-407d-8fdf-fd73e98a421a",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b", "id": "attack-pattern--41062c4b-a462-419a-bad9-7f3f720f090b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.365103Z", "created": "2024-11-22T16:43:58.099657Z",
"modified": "2024-08-02T17:12:32.365103Z", "modified": "2024-11-22T16:43:58.099657Z",
"name": "Identify Social and Technical Vulnerabilities", "name": "Identify Social and Technical Vulnerabilities",
"description": "Identifying social and technical vulnerabilities determines weaknesses within the target audience information environment for later exploitation. Vulnerabilities include decisive political issues, weak cybersecurity infrastructure, search engine data voids, and other technical and non technical weaknesses in the target information environment. Identifying social and technical vulnerabilities facilitates the later exploitation of the identified weaknesses to advance operation objectives.", "description": "Identifying social and technical vulnerabilities determines weaknesses within the target audience information environment for later exploitation. Vulnerabilities include decisive political issues, weak cybersecurity infrastructure, search engine data voids, and other technical and non technical weaknesses in the target information environment. Identifying social and technical vulnerabilities facilitates the later exploitation of the identified weaknesses to advance operation objectives.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4282febe-c8a6-46da-863c-f19081615d80.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--94d03a1c-720e-4f9a-a17d-56c3863d7e6d", "id": "bundle--d9901ea9-a6bd-45c8-a9ce-3b8310a904fa",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--4282febe-c8a6-46da-863c-f19081615d80", "id": "attack-pattern--4282febe-c8a6-46da-863c-f19081615d80",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.350087Z", "created": "2024-11-22T16:43:58.090983Z",
"modified": "2024-08-02T17:12:32.350087Z", "modified": "2024-11-22T16:43:58.090983Z",
"name": "Utilise Spamoflauge", "name": "Utilise Spamoflauge",
"description": "Spamoflauge refers to the practice of disguising spam messages as legitimate. Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk. Simple methods of spamoflauge include replacing letters with numbers to fool keyword-based email spam filters, for example, \"you've w0n our jackp0t!\". Spamoflauge may extend to more complex techniques such as modifying the grammar or word choice of the language, casting messages as images which spam detectors cannot automatically read, or encapsulating messages in password protected attachments, such as .pdf or .zip files. Influence operations may use spamoflauge to avoid spam filtering systems and increase the likelihood of the target audience receiving operation messaging.", "description": "Spamoflauge refers to the practice of disguising spam messages as legitimate. Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk. Simple methods of spamoflauge include replacing letters with numbers to fool keyword-based email spam filters, for example, \"you've w0n our jackp0t!\". Spamoflauge may extend to more complex techniques such as modifying the grammar or word choice of the language, casting messages as images which spam detectors cannot automatically read, or encapsulating messages in password protected attachments, such as .pdf or .zip files. Influence operations may use spamoflauge to avoid spam filtering systems and increase the likelihood of the target audience receiving operation messaging.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--f8685817-1428-4ab4-9c6f-1816985d82d7", "id": "bundle--fa717822-1605-4af7-b4a4-cc1a498464b5",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039", "id": "attack-pattern--444c403e-a73f-4b78-9ffd-556f1dd29039",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.381825Z", "created": "2024-11-22T16:43:58.127115Z",
"modified": "2024-08-02T17:12:32.381825Z", "modified": "2024-11-22T16:43:58.127115Z",
"name": "Develop Owned Media Assets", "name": "Develop Owned Media Assets",
"description": "An owned media asset refers to an agency or organisation through which an influence operation may create, develop, and host content and narratives. Owned media assets include websites, blogs, social media pages, forums, and other platforms that facilitate the creation and organisation of content.", "description": "An owned media asset refers to an agency or organisation through which an influence operation may create, develop, and host content and narratives. Owned media assets include websites, blogs, social media pages, forums, and other platforms that facilitate the creation and organisation of content.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--ca9241d9-8bc9-4609-9f9c-7772037cfb9f", "id": "bundle--c0918080-fab5-4f8e-a1ed-5053c92bb2b2",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34", "id": "attack-pattern--45ab5d9e-88ee-494c-971b-6e4babf1dc34",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.364425Z", "created": "2024-11-22T16:43:58.099254Z",
"modified": "2024-08-02T17:12:32.364425Z", "modified": "2024-11-22T16:43:58.099254Z",
"name": "Conduct Web Traffic Analysis", "name": "Conduct Web Traffic Analysis",
"description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.", "description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--738b5d9f-1406-4dc5-8c4e-cb5139826f7c", "id": "bundle--0bb517b5-bb83-4431-a2cf-ae2864617935",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157", "id": "attack-pattern--45d10a80-a2f7-4626-ae2c-dae8cf144157",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.365448Z", "created": "2024-11-22T16:43:58.099959Z",
"modified": "2024-08-02T17:12:32.365448Z", "modified": "2024-11-22T16:43:58.099959Z",
"name": "Find Echo Chambers", "name": "Find Echo Chambers",
"description": "Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with.", "description": "Find or plan to create areas (social media groups, search term groups, hashtag groups etc) where individuals only engage with people they agree with.",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--1c441fbd-06b6-4111-ba16-87d8c1e0ac65", "id": "bundle--c463a7b4-bb6f-4621-ade3-ba0ee74cc9f7",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9", "id": "attack-pattern--45dae307-ba74-4038-90ef-2282a32e38b9",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.342026Z", "created": "2024-11-22T16:43:58.086825Z",
"modified": "2024-08-02T17:12:32.342026Z", "modified": "2024-11-22T16:43:58.086825Z",
"name": "Distort Facts", "name": "Distort Facts",
"description": "Change, twist, or exaggerate existing facts to construct a narrative that differs from reality. Examples: images and ideas can be distorted by being placed in an improper content", "description": "Change, twist, or exaggerate existing facts to construct a narrative that differs from reality. Examples: images and ideas can be distorted by being placed in an improper content",
"kill_chain_phases": [ "kill_chain_phases": [

6
generated_files/DISARM_STIX/attack-pattern/attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--7c940633-a4aa-449b-be9d-5b90cf125997", "id": "bundle--55578473-eeb7-4319-a23c-2d727122108b",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d", "id": "attack-pattern--47fb2b79-fab3-421f-b989-47ee312f727d",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82", "created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-08-02T17:12:32.379547Z", "created": "2024-11-22T16:43:58.118449Z",
"modified": "2024-08-02T17:12:32.379547Z", "modified": "2024-11-22T16:43:58.118449Z",
"name": "Create Organisations", "name": "Create Organisations",
"description": "Influence operations may establish organisations with legitimate or falsified hierarchies, staff, and content to structure operation assets, provide a sense of legitimacy to the operation, or provide institutional backing to operation activities.", "description": "Influence operations may establish organisations with legitimate or falsified hierarchies, staff, and content to structure operation assets, provide a sense of legitimacy to the operation, or provide institutional backing to operation activities.",
"kill_chain_phases": [ "kill_chain_phases": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--482c2ce0-9d0c-4997-8c9f-bb8a4fb42bb5.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--4bba3a8d-ae35-4ee5-80ba-94765c4c1ce9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--482c2ce0-9d0c-4997-8c9f-bb8a4fb42bb5",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.250535Z",
"modified": "2024-11-22T16:43:58.250535Z",
"name": "Wiki Platform",
"description": "Wikipedia, Fandom, Ruwiki, TV Tropes, and the SCP Foundation are examples of Wiki Platforms.<br><br>Wikis use wiki software to allow platform users to collaboratively create and maintain an encyclopedia of information related to a given topic. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0152.011.md",
"external_id": "T0152.011"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--48899bd4-c5dd-460c-917f-c4015c9352f7.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--1c50af98-a897-40f0-be0e-8062979357d9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--48899bd4-c5dd-460c-917f-c4015c9352f7",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.235106Z",
"modified": "2024-11-22T16:43:58.235106Z",
"name": "IP Address Asset",
"description": "An IP Address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. IP addresses are commonly a part of any online infrastructure.<br><br>IP addresses can be in IPV4 dotted decimal (x.x.x.x) or IPV6 colon-separated hexadecimal (y:y:y:y:y:y:y:y) formats. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0149.006.md",
"external_id": "T0149.006"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--488a1d86-0c39-433b-a078-ffd9baa3901b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--8c7acae8-f1b5-4918-a309-0f68224e1d0a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--488a1d86-0c39-433b-a078-ffd9baa3901b",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.252362Z",
"modified": "2024-11-22T16:43:58.252362Z",
"name": "Content Recommendation Algorithm",
"description": "Many online platforms have Content Recommendation Algorithms, which promote content posted to the platform to users based on metrics the platform operators are trying to meet. Algorithms typically surface platform content which the user is likely to engage with, based on how they and other users have behaved on the platform.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0153.006.md",
"external_id": "T0153.006"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--48a53a0e-fc2d-4f28-84d5-0eb615d168f4.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--25d25b3f-a556-485b-9b48-769f2bf8e69d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--48a53a0e-fc2d-4f28-84d5-0eb615d168f4",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.141607Z",
"modified": "2024-11-22T16:43:58.141607Z",
"name": "NGO Persona",
"description": "Institutions which present themselves as an NGO (Non-Governmental Organisation), an organisation which provides services or advocates for public policy (while not being directly affiliated with any government), are presenting an NGO persona.<br><br> While presenting as an NGO is not an indication of inauthentic behaviour, NGO personas are commonly used by threat actors (such as intelligence services) as a front for their operational activity (T0143.002: Fabricated Persona, T0097.207: NGO Persona). They are created to give legitimacy to the influence operation and potentially infiltrate grassroots movements<br><br> Legitimate NGOs could use their persona for malicious purposes, or be exploited by threat actors (T0143.001: Authentic Persona, T0097.207: NGO Persona). For example, an NGO could take money for using their position to provide legitimacy to a false narrative, or be tricked into doing so without their knowledge.<br><br> <b>Associated Techniques and Sub-techniques:</b><br> <b>T0097.103: Activist Persona:</b> Institutions presenting as activist groups may also present activists working within the organisation.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0097.207.md",
"external_id": "T0097.207"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}

Some files were not shown because too many files have changed in this diff Show More