Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2025-01-24 13:31:06 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #9 from DISARMFoundation/subtechnique_merge

Browse Source 
add subtechniques to stix2 generator. update STIX bundles.  use subte…
This commit is contained in:
VVX7 2022-07-02 10:30:00 -07:00 committed by GitHub
commit f726faba10
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
671 changed files with 15048 additions and 12934 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CODE/DISARM-STIX2/main.py
View File

@ -25,14 +25,12 @@ def generate_disarm_stix():
tactics = tactic.make_disarm_tactics(data)
techniques = technique.make_disarm_techniques(data)
subtechniques = technique.make_disarm_subtechniques(data)
subtechnique_relationships = relationship.make_disarm_subtechnique_relationships(techniques, subtechniques)
subtechnique_relationships = relationship.make_disarm_subtechnique_relationships(techniques)
navigator_matrix = matrix.make_disarm_matrix(tactics)
stix_objects = []
stix_objects.append(tactics)
stix_objects.append(techniques)
stix_objects.append(subtechniques)
stix_objects.append(subtechnique_relationships)
stix_objects.append(navigator_matrix)

12
CODE/DISARM-STIX2/objects/relationship.py
View File

@ -21,12 +21,11 @@ def make_disarm_subtechnique_relationship(source, target):
return relationship
def make_disarm_subtechnique_relationships(techniques, subtechniques):
def make_disarm_subtechnique_relationships(techniques):
"""Creates a map of technique and sub-technique.
Args:
techniques (list): List of STIX2 technique objects.
subtechniques (list): List of STIX2 subtechnique objects.
Returns:
A Relationship object.
@ -37,9 +36,10 @@ def make_disarm_subtechnique_relationships(techniques, subtechniques):
technique_ids[technique["external_references"][0]["external_id"]] = technique["id"]
relationships = []
for subtechnique in subtechniques:
technique_id = technique_ids[subtechnique["external_references"][0]["external_id"].split(".")[0]]
relationship = make_disarm_subtechnique_relationship(subtechnique["id"], technique_id)
relationships.append(relationship)
for technique in techniques:
if technique["x_mitre_is_subtechnique"]:
technique_id = technique_ids[technique["external_references"][0]["external_id"].split(".")[0]]
relationship = make_disarm_subtechnique_relationship(technique["id"], technique_id)
relationships.append(relationship)
return relationships

56
CODE/DISARM-STIX2/objects/technique.py
View File

@ -57,59 +57,3 @@ def make_disarm_techniques(data):
techniques.append(technique)
return techniques
def make_disarm_subtechniques(data):
"""
Args:
data: The xlsx subtechnique sheet.
Returns:
"""
tacdict = pd.Series(data["tactics"].name.values, index=data["tactics"].disarm_id).to_dict()
techdict = pd.Series(data["techniques"].tactic_id.values, index=data["techniques"].disarm_id).to_dict()
subtechniques = []
for t in data["subtechniques"].values.tolist():
external_references = [
{
'external_id': f'{t[0]}'.strip(),
'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
}
]
kill_chain_phases = [
{
'phase_name': tacdict[techdict[t[2]]].replace(' ', '-').lower(),
'kill_chain_name': 'mitre-attack'
}
]
subtechnique = t[0].split(".")
x_mitre_is_subtechnique = False
if len(subtechnique) > 1:
x_mitre_is_subtechnique = True
# MITRE ATT&CK Navigator expect techniques to have at least one of these platforms.
# Without one, the technique will not render in the Navigator.
x_mitre_platforms = 'Windows', 'Linux', 'Mac'
technique = AttackPattern(
name=f"{t[1]}",
description=f"{t[3]}",
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity(),
kill_chain_phases=kill_chain_phases,
custom_properties={
'x_mitre_platforms': x_mitre_platforms,
'x_mitre_version': "1.0",
'x_mitre_is_subtechnique': x_mitre_is_subtechnique
}
)
subtechniques.append(technique)
return subtechniques

176
CODE/generate_DISARM_pages.ipynb
View File

@ -18,7 +18,7 @@
},
{
"cell_type": "code",
"execution_count": 2,
"execution_count": 3,
"metadata": {
"scrolled": true
},
@ -35,8 +35,182 @@
"updated ../generated_pages/phases_index.md\n",
"Temp: objecttype tactic\n",
"updated ../generated_pages/tactics_index.md\n",
"Updating ../generated_pages/tactics/TA02.md\n",
"Updating ../generated_pages/tactics/TA05.md\n",
"Updating ../generated_pages/tactics/TA06.md\n",
"Updating ../generated_pages/tactics/TA07.md\n",
"Updating ../generated_pages/tactics/TA09.md\n",
"Updating ../generated_pages/tactics/TA10.md\n",
"Updating ../generated_pages/tactics/TA11.md\n",
"Updating ../generated_pages/tactics/TA12.md\n",
"Updating ../generated_pages/tactics/TA13.md\n",
"Updating ../generated_pages/tactics/TA14.md\n",
"Updating ../generated_pages/tactics/TA15.md\n",
"Updating ../generated_pages/tactics/TA16.md\n",
"Updating ../generated_pages/tactics/TA17.md\n",
"Updating ../generated_pages/tactics/TA18.md\n",
"Temp: objecttype technique\n",
"updated ../generated_pages/techniques_index.md\n",
"Updating ../generated_pages/techniques/T0009.001.md\n",
"Updating ../generated_pages/techniques/T0014.001.md\n",
"Updating ../generated_pages/techniques/T0014.002.md\n",
"Updating ../generated_pages/techniques/T0017.001.md\n",
"Updating ../generated_pages/techniques/T0019.001.md\n",
"Updating ../generated_pages/techniques/T0019.002.md\n",
"Updating ../generated_pages/techniques/T0022.001.md\n",
"Updating ../generated_pages/techniques/T0022.002.md\n",
"Updating ../generated_pages/techniques/T0023.001.md\n",
"Updating ../generated_pages/techniques/T0023.002.md\n",
"Updating ../generated_pages/techniques/T0043.001.md\n",
"Updating ../generated_pages/techniques/T0043.002.md\n",
"Updating ../generated_pages/techniques/T0048.001.md\n",
"Updating ../generated_pages/techniques/T0048.002.md\n",
"Updating ../generated_pages/techniques/T0048.003.md\n",
"Updating ../generated_pages/techniques/T0048.004.md\n",
"Updating ../generated_pages/techniques/T0049.001.md\n",
"Updating ../generated_pages/techniques/T0049.002.md\n",
"Updating ../generated_pages/techniques/T0049.003.md\n",
"Updating ../generated_pages/techniques/T0049.004.md\n",
"Updating ../generated_pages/techniques/T0049.005.md\n",
"Updating ../generated_pages/techniques/T0049.006.md\n",
"Updating ../generated_pages/techniques/T0049.007.md\n",
"Updating ../generated_pages/techniques/T0057.001.md\n",
"Updating ../generated_pages/techniques/T0057.002.md\n",
"Updating ../generated_pages/techniques/T0061.001.md\n",
"Updating ../generated_pages/techniques/T0072.001.md\n",
"Updating ../generated_pages/techniques/T0072.002.md\n",
"Updating ../generated_pages/techniques/T0072.003.md\n",
"Updating ../generated_pages/techniques/T0072.004.md\n",
"Updating ../generated_pages/techniques/T0072.005.md\n",
"Updating ../generated_pages/techniques/T0075.001.md\n",
"Updating ../generated_pages/techniques/T0080.001.md\n",
"Updating ../generated_pages/techniques/T0080.002.md\n",
"Updating ../generated_pages/techniques/T0080.003.md\n",
"Updating ../generated_pages/techniques/T0080.004.md\n",
"Updating ../generated_pages/techniques/T0080.005.md\n",
"Updating ../generated_pages/techniques/T0081.001.md\n",
"Updating ../generated_pages/techniques/T0081.002.md\n",
"Updating ../generated_pages/techniques/T0081.003.md\n",
"Updating ../generated_pages/techniques/T0081.004.md\n",
"Updating ../generated_pages/techniques/T0081.005.md\n",
"Updating ../generated_pages/techniques/T0081.006.md\n",
"Updating ../generated_pages/techniques/T0081.007.md\n",
"Updating ../generated_pages/techniques/T0081.008.md\n",
"Updating ../generated_pages/techniques/T0084.001.md\n",
"Updating ../generated_pages/techniques/T0084.002.md\n",
"Updating ../generated_pages/techniques/T0084.003.md\n",
"Updating ../generated_pages/techniques/T0084.004.md\n",
"Updating ../generated_pages/techniques/T0085.001.md\n",
"Updating ../generated_pages/techniques/T0085.002.md\n",
"Updating ../generated_pages/techniques/T0085.003.md\n",
"Updating ../generated_pages/techniques/T0086.001.md\n",
"Updating ../generated_pages/techniques/T0086.002.md\n",
"Updating ../generated_pages/techniques/T0086.003.md\n",
"Updating ../generated_pages/techniques/T0086.004.md\n",
"Updating ../generated_pages/techniques/T0087.001.md\n",
"Updating ../generated_pages/techniques/T0087.002.md\n",
"Updating ../generated_pages/techniques/T0088.001.md\n",
"Updating ../generated_pages/techniques/T0088.002.md\n",
"Updating ../generated_pages/techniques/T0089.001.md\n",
"Updating ../generated_pages/techniques/T0089.002.md\n",
"Updating ../generated_pages/techniques/T0089.003.md\n",
"Updating ../generated_pages/techniques/T0090.001.md\n",
"Updating ../generated_pages/techniques/T0090.002.md\n",
"Updating ../generated_pages/techniques/T0090.003.md\n",
"Updating ../generated_pages/techniques/T0090.004.md\n",
"Updating ../generated_pages/techniques/T0091.001.md\n",
"Updating ../generated_pages/techniques/T0091.002.md\n",
"Updating ../generated_pages/techniques/T0091.003.md\n",
"Updating ../generated_pages/techniques/T0092.001.md\n",
"Updating ../generated_pages/techniques/T0092.002.md\n",
"Updating ../generated_pages/techniques/T0092.003.md\n",
"Updating ../generated_pages/techniques/T0093.001.md\n",
"Updating ../generated_pages/techniques/T0093.002.md\n",
"Updating ../generated_pages/techniques/T0094.001.md\n",
"Updating ../generated_pages/techniques/T0094.002.md\n",
"Updating ../generated_pages/techniques/T0096.001.md\n",
"Updating ../generated_pages/techniques/T0096.002.md\n",
"Updating ../generated_pages/techniques/T0097.001.md\n",
"Updating ../generated_pages/techniques/T0098.001.md\n",
"Updating ../generated_pages/techniques/T0098.002.md\n",
"Updating ../generated_pages/techniques/T0099.001.md\n",
"Updating ../generated_pages/techniques/T0099.002.md\n",
"Updating ../generated_pages/techniques/T0100.001.md\n",
"Updating ../generated_pages/techniques/T0100.002.md\n",
"Updating ../generated_pages/techniques/T0100.003.md\n",
"Updating ../generated_pages/techniques/T0102.001.md\n",
"Updating ../generated_pages/techniques/T0102.002.md\n",
"Updating ../generated_pages/techniques/T0102.003.md\n",
"Updating ../generated_pages/techniques/T0103.001.md\n",
"Updating ../generated_pages/techniques/T0103.002.md\n",
"Updating ../generated_pages/techniques/T0104.001.md\n",
"Updating ../generated_pages/techniques/T0104.002.md\n",
"Updating ../generated_pages/techniques/T0104.003.md\n",
"Updating ../generated_pages/techniques/T0104.004.md\n",
"Updating ../generated_pages/techniques/T0104.005.md\n",
"Updating ../generated_pages/techniques/T0104.006.md\n",
"Updating ../generated_pages/techniques/T0105.001.md\n",
"Updating ../generated_pages/techniques/T0105.002.md\n",
"Updating ../generated_pages/techniques/T0105.003.md\n",
"Updating ../generated_pages/techniques/T0106.001.md\n",
"Updating ../generated_pages/techniques/T0111.001.md\n",
"Updating ../generated_pages/techniques/T0111.002.md\n",
"Updating ../generated_pages/techniques/T0111.003.md\n",
"Updating ../generated_pages/techniques/T0114.001.md\n",
"Updating ../generated_pages/techniques/T0114.002.md\n",
"Updating ../generated_pages/techniques/T0115.001.md\n",
"Updating ../generated_pages/techniques/T0115.002.md\n",
"Updating ../generated_pages/techniques/T0115.003.md\n",
"Updating ../generated_pages/techniques/T0116.001.md\n",
"Updating ../generated_pages/techniques/T0119.001.md\n",
"Updating ../generated_pages/techniques/T0119.002.md\n",
"Updating ../generated_pages/techniques/T0119.003.md\n",
"Updating ../generated_pages/techniques/T0120.001.md\n",
"Updating ../generated_pages/techniques/T0120.002.md\n",
"Updating ../generated_pages/techniques/T0121.001.md\n",
"Updating ../generated_pages/techniques/T0123.001.md\n",
"Updating ../generated_pages/techniques/T0123.002.md\n",
"Updating ../generated_pages/techniques/T0123.003.md\n",
"Updating ../generated_pages/techniques/T0123.004.md\n",
"Updating ../generated_pages/techniques/T0124.001.md\n",
"Updating ../generated_pages/techniques/T0124.002.md\n",
"Updating ../generated_pages/techniques/T0124.003.md\n",
"Updating ../generated_pages/techniques/T0126.001.md\n",
"Updating ../generated_pages/techniques/T0126.002.md\n",
"Updating ../generated_pages/techniques/T0127.001.md\n",
"Updating ../generated_pages/techniques/T0127.002.md\n",
"Updating ../generated_pages/techniques/T0128.001.md\n",
"Updating ../generated_pages/techniques/T0128.002.md\n",
"Updating ../generated_pages/techniques/T0128.003.md\n",
"Updating ../generated_pages/techniques/T0128.004.md\n",
"Updating ../generated_pages/techniques/T0128.005.md\n",
"Updating ../generated_pages/techniques/T0129.001.md\n",
"Updating ../generated_pages/techniques/T0129.002.md\n",
"Updating ../generated_pages/techniques/T0129.003.md\n",
"Updating ../generated_pages/techniques/T0129.004.md\n",
"Updating ../generated_pages/techniques/T0129.005.md\n",
"Updating ../generated_pages/techniques/T0129.006.md\n",
"Updating ../generated_pages/techniques/T0129.007.md\n",
"Updating ../generated_pages/techniques/T0129.008.md\n",
"Updating ../generated_pages/techniques/T0129.009.md\n",
"Updating ../generated_pages/techniques/T0129.010.md\n",
"Updating ../generated_pages/techniques/T0130.001.md\n",
"Updating ../generated_pages/techniques/T0130.002.md\n",
"Updating ../generated_pages/techniques/T0130.003.md\n",
"Updating ../generated_pages/techniques/T0130.004.md\n",
"Updating ../generated_pages/techniques/T0130.005.md\n",
"Updating ../generated_pages/techniques/T0131.001.md\n",
"Updating ../generated_pages/techniques/T0131.002.md\n",
"Updating ../generated_pages/techniques/T0132.001.md\n",
"Updating ../generated_pages/techniques/T0132.002.md\n",
"Updating ../generated_pages/techniques/T0132.003.md\n",
"Updating ../generated_pages/techniques/T0133.001.md\n",
"Updating ../generated_pages/techniques/T0133.002.md\n",
"Updating ../generated_pages/techniques/T0133.003.md\n",
"Updating ../generated_pages/techniques/T0133.004.md\n",
"Updating ../generated_pages/techniques/T0133.005.md\n",
"Updating ../generated_pages/techniques/T0134.001.md\n",
"Updating ../generated_pages/techniques/T0134.002.md\n",
"Temp: objecttype task\n",
"updated ../generated_pages/tasks_index.md\n",
"Temp: objecttype incident\n",

BIN
DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx
View File

Binary file not shown.

13232
generated_files/DISARM_STIX/DISARM.json
View File

File diff suppressed because it is too large Load Diff

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--d004bc13-8282-46b2-9793-5a0b62f2dffa.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--00b0e33d-257e-44e0-9195-0c0c3f290d2c.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c3249da9-e8c0-4f46-918e-0d78e8cb2ddb",
"id": "bundle--ecc080fe-b0c9-475b-ba29-1f6e93e4c286",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d004bc13-8282-46b2-9793-5a0b62f2dffa",
"created_by_ref": "identity--2a8173c4-bdc6-4887-8881-c7640dc05b4e",
"created": "2022-07-02T04:22:03.092395Z",
"modified": "2022-07-02T04:22:03.092395Z",
"id": "attack-pattern--00b0e33d-257e-44e0-9195-0c0c3f290d2c",
"created_by_ref": "identity--74f6965b-94d2-4f9a-abb4-7516f8ff00dc",
"created": "2022-07-02T17:28:36.989581Z",
"modified": "2022-07-02T17:28:36.989581Z",
"name": "Discussion Forums",
"description": "TA07",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0f9f5990-5ded-4efe-b5a6-6f6d721c65cb"
"marking-definition--73cc28c6-e106-407a-889c-c46dba825b1a"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--db7161b6-5231-407f-b54e-c6c94c80a65c.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--02b28a12-df83-4b45-8d7a-39498b54719b.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--02bf8568-f861-441b-b187-fdb6794990fc",
"id": "bundle--843a176f-5cd6-4b2b-aa99-a6dd6506878b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--db7161b6-5231-407f-b54e-c6c94c80a65c",
"created_by_ref": "identity--27c0048f-3732-4437-b563-3d48ce512741",
"created": "2022-07-02T04:22:03.126553Z",
"modified": "2022-07-02T04:22:03.126553Z",
"id": "attack-pattern--02b28a12-df83-4b45-8d7a-39498b54719b",
"created_by_ref": "identity--070f862c-ae7d-4770-9de1-a5845c0b34be",
"created": "2022-07-02T17:28:36.985728Z",
"modified": "2022-07-02T17:28:36.985728Z",
"name": "Audio Livestream",
"description": "nan",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--43770d40-30f6-4bf1-a5f8-e8875c151a0e"
"marking-definition--98966f82-106a-4753-8a5a-e8d9d4acfe68"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--7e534b57-590a-4a35-8025-1d5682691584.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--02b352fc-fc4c-4f94-b2b7-6c33ff550ab4.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--97fdadd6-8790-4c8d-ba9b-11045a979830",
"id": "bundle--6e400867-e2cd-474d-bafc-1e592bf338ee",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7e534b57-590a-4a35-8025-1d5682691584",
"created_by_ref": "identity--349ee88b-36ea-46e8-8929-fe18f342963e",
"created": "2022-07-02T04:22:03.097581Z",
"modified": "2022-07-02T04:22:03.097581Z",
"id": "attack-pattern--02b352fc-fc4c-4f94-b2b7-6c33ff550ab4",
"created_by_ref": "identity--d9bd81bd-84b2-41b1-b60f-78beb6882892",
"created": "2022-07-02T17:28:36.999913Z",
"modified": "2022-07-02T17:28:36.999913Z",
"name": "Direct Users to Alternative Platforms",
"description": "TA17",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3cc768a1-dd75-45eb-a3cd-c3156177f0ae"
"marking-definition--c21e772c-2cd6-4091-b5b3-afdcd1bf5595"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--82ff2830-95e9-45d8-a370-e71c229043d6.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--03182531-d2e0-4ff4-af66-43ea3256f24d.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--e0c8c260-193d-4885-96aa-21d0c484019c",
"id": "bundle--ce807111-330d-4cdc-bdb0-6ec113474a20",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--82ff2830-95e9-45d8-a370-e71c229043d6",
"created_by_ref": "identity--0a1a4298-b476-413c-8802-05f12abf5c4e",
"created": "2022-07-02T04:22:03.092716Z",
"modified": "2022-07-02T04:22:03.092716Z",
"id": "attack-pattern--03182531-d2e0-4ff4-af66-43ea3256f24d",
"created_by_ref": "identity--8eb1b72a-00cc-4983-b89d-f92fa2654890",
"created": "2022-07-02T17:28:36.990218Z",
"modified": "2022-07-02T17:28:36.990218Z",
"name": "Bookmarking and Content Curation",
"description": "TA07",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--356e45e4-9832-431d-92f6-e7b520006171"
"marking-definition--b0a2b911-a432-41bc-8252-61a6af015ee8"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f6c8dde2-9957-47df-843c-3d0760995351.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0361e3a0-398d-4cc5-a610-394919a8496a.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--bf02d0c2-d04a-441f-99ea-9ae5a3ae1270",
"id": "bundle--9fa2c273-62b6-48e0-9b42-de26f2813c71",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f6c8dde2-9957-47df-843c-3d0760995351",
"created_by_ref": "identity--fddfbe8c-294a-495f-966a-7b3907af02ba",
"created": "2022-07-02T04:22:03.127886Z",
"modified": "2022-07-02T04:22:03.127886Z",
"id": "attack-pattern--0361e3a0-398d-4cc5-a610-394919a8496a",
"created_by_ref": "identity--fb3f1bee-835c-4dc3-b994-8a7236f796e5",
"created": "2022-07-02T17:28:36.987313Z",
"modified": "2022-07-02T17:28:36.987313Z",
"name": "Interest-Based Networks",
"description": "Examples include smaller and niche networks including Gettr, Truth Social, Parler, etc.",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--dfa954bb-1a8f-4947-830a-4dee5e9d6dae"
"marking-definition--cfb0e917-a8c1-4820-8b5b-fd9060b7db68"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--342d7f1b-2864-4daf-b3df-b25d0f9db021.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--04158d63-8072-48ae-a05a-23809682cd1f.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--5b38dd46-7b13-42d9-8659-fa38af0df642",
"id": "bundle--d7af83eb-bddf-4046-bd8c-595165846619",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--342d7f1b-2864-4daf-b3df-b25d0f9db021",
"created_by_ref": "identity--a527dee3-824e-4e2b-8c19-53d888588b5d",
"created": "2022-07-02T04:22:03.122044Z",
"modified": "2022-07-02T04:22:03.122044Z",
"id": "attack-pattern--04158d63-8072-48ae-a05a-23809682cd1f",
"created_by_ref": "identity--ab867de0-2067-4bd5-93af-886a89f62d00",
"created": "2022-07-02T17:28:36.979936Z",
"modified": "2022-07-02T17:28:36.979936Z",
"name": "Backstop personas ",
"description": "Create other assets/dossier/cover/fake relationships and/or connections or documents, sites, bylines, attributions, to establish/augment/inflate crediblity/believability",
"description": "TA16",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--21d3146c-d134-47e3-8efd-e6008bfb3ca9"
"marking-definition--0d66717e-e6af-4eb0-926b-0b8d2fed6911"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b98e170b-d59e-436d-9cb8-dc98723966e7.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--055ffd5d-4aa8-4ce4-8b6b-e91872d4b77d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--7e2ee960-ab96-4909-893f-e66f16b49fef",
"id": "bundle--46048d65-3389-42dc-a6fd-2f33c312b0b1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b98e170b-d59e-436d-9cb8-dc98723966e7",
"created_by_ref": "identity--11cf62c9-26ab-417f-b2dc-94f03d8a7930",
"created": "2022-07-02T04:22:03.126891Z",
"modified": "2022-07-02T04:22:03.126891Z",
"id": "attack-pattern--055ffd5d-4aa8-4ce4-8b6b-e91872d4b77d",
"created_by_ref": "identity--d8909872-ea5f-459a-aedc-4032bedcc2c9",
"created": "2022-07-02T17:28:36.986362Z",
"modified": "2022-07-02T17:28:36.986362Z",
"name": "Mainstream Social Networks",
"description": "Examples include Facebook, Twitter, LinkedIn, VK, ",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--7fb9ac6d-382e-45b6-b10f-5e9d8181b90b"
"marking-definition--2330bc62-0a37-43c3-9bc4-98ff1df253b3"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0f4c0dce-c14e-4f9c-999e-6a9654f074f0.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--05dc1204-4147-4a09-a017-2484ee5fdc6b.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--cc97565a-16d7-448c-8a93-dd4dfbf44643",
"id": "bundle--9d0487bc-36bd-4ef9-8974-ada7dc96bbcf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0f4c0dce-c14e-4f9c-999e-6a9654f074f0",
"created_by_ref": "identity--ecb6c677-bbae-4fb2-b41e-105023a06352",
"created": "2022-07-02T04:22:03.128201Z",
"modified": "2022-07-02T04:22:03.128201Z",
"id": "attack-pattern--05dc1204-4147-4a09-a017-2484ee5fdc6b",
"created_by_ref": "identity--54dd59c1-3577-4998-ac45-09aad4d1c819",
"created": "2022-07-02T17:28:36.987631Z",
"modified": "2022-07-02T17:28:36.987631Z",
"name": "Use hashtags",
"description": "Use a dedicated, existing hashtag for the campaign/incident.",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--93130825-a391-4641-9628-9d9d345640b2"
"marking-definition--db5a9eb8-5fae-4f04-8f48-186768a5c5e9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--cb49547c-16d2-4897-88c5-14015f132406.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--06a4372a-4911-4569-9d5a-513bfaf1abc9.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--08c508ad-e7e2-4a11-9db0-d925b26a09c7",
"id": "bundle--416d2d23-dea1-4c45-8d09-39839acf489b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--cb49547c-16d2-4897-88c5-14015f132406",
"created_by_ref": "identity--6cc8f776-e280-4649-ac84-fda46451051d",
"created": "2022-07-02T04:22:03.112015Z",
"modified": "2022-07-02T04:22:03.112015Z",
"id": "attack-pattern--06a4372a-4911-4569-9d5a-513bfaf1abc9",
"created_by_ref": "identity--3d83d2ee-a6ff-4903-ab50-aa89aeac0735",
"created": "2022-07-02T17:28:36.968121Z",
"modified": "2022-07-02T17:28:36.968121Z",
"name": "Aggregate Information into Evidence Collages",
"description": "image files that aggregate positive evidence (Joan Donovan)",
"description": "TA06",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--28f060c2-b487-40fa-9ad5-162a994b87c5"
"marking-definition--70d84cf5-488d-4945-ba9c-96fadd1df743"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--94750170-6206-4f82-96ec-a65d8506a417.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--06e0d30d-fddb-4d25-842e-622d8911f444.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--97356116-ebf9-4058-a2af-3c180c912173",
"id": "bundle--c23bc29d-f6e7-4053-a495-0cd172d770e5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--94750170-6206-4f82-96ec-a65d8506a417",
"created_by_ref": "identity--b28d8314-b827-4668-9cf4-a38863eec05b",
"created": "2022-07-02T04:22:03.146095Z",
"modified": "2022-07-02T04:22:03.146095Z",
"id": "attack-pattern--06e0d30d-fddb-4d25-842e-622d8911f444",
"created_by_ref": "identity--6be95dd8-9091-428e-873f-c335c19e5466",
"created": "2022-07-02T17:28:37.009088Z",
"modified": "2022-07-02T17:28:37.009088Z",
"name": "Coordinate on encrypted/ closed networks",
"description": "nan",
"description": "TA11",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3a021622-880a-4132-a9a8-5a7638b956a2"
"marking-definition--23d2be14-aae3-4064-8dff-b35787efed6b"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--713ebd36-242f-4e83-aea8-cc4cc83ea8b3.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--070ebd8c-f578-4334-8f77-06b59315438e.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--cf2771d6-d147-4328-a47e-916075b93cab",
"id": "bundle--67ec5b71-1597-4458-b946-31be89234437",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--713ebd36-242f-4e83-aea8-cc4cc83ea8b3",
"created_by_ref": "identity--43b851d5-df92-49d4-9850-fc9a411c3545",
"created": "2022-07-02T04:22:03.119823Z",
"modified": "2022-07-02T04:22:03.119823Z",
"id": "attack-pattern--070ebd8c-f578-4334-8f77-06b59315438e",
"created_by_ref": "identity--a2e14224-6641-4671-9c7c-86eb2fb2adf6",
"created": "2022-07-02T17:28:36.977679Z",
"modified": "2022-07-02T17:28:36.977679Z",
"name": "Identify susceptible targets in networks",
"description": "nan",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--7e38ef10-0010-45ab-b004-e96b6f0b2f85"
"marking-definition--44c98b96-49cd-4971-a2bb-ec346392a6d9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--07693c90-df6d-43ae-9d0e-66119aeb3d7b.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--9b80ceda-a633-462c-b707-3e3fc153d330",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--07693c90-df6d-43ae-9d0e-66119aeb3d7b",
"created_by_ref": "identity--be50a8f9-f947-44d5-8e14-c6ebb7849ad2",
"created": "2022-07-02T04:22:03.139675Z",
"modified": "2022-07-02T04:22:03.139675Z",
"name": "Report Non-Violative Opposing Content",
"description": "Reporting opposing content refers to notifying and providing an instance of a violation of a platform\u2019s guidelines and policies for conduct on the platform. In addition to simply reporting the content, an operation may leverage copyright regulations to trick social media and web platforms into removing opposing content by manipulating the content to appear in violation of copyright laws. Reporting opposing content facilitates the suppression of contradictory information and allows operation narratives to take priority in the information space. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0124.001.md",
"external_id": "T0124.001"
}
],
"object_marking_refs": [
"marking-definition--5211c49d-112d-4121-bb1e-9e8c3914935a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ec488891-e56b-4c62-8f15-2cb21a46287a.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--08ee90a4-5d68-4c14-bd0a-583535d27b92.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--edfab3c2-f7d4-4942-926b-68c1f13b4ece",
"id": "bundle--0199ab04-2f1f-4299-afce-53249075eca8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ec488891-e56b-4c62-8f15-2cb21a46287a",
"created_by_ref": "identity--2428474b-be3b-4854-8ec7-924702c342b8",
"created": "2022-07-02T04:22:03.135873Z",
"modified": "2022-07-02T04:22:03.135873Z",
"id": "attack-pattern--08ee90a4-5d68-4c14-bd0a-583535d27b92",
"created_by_ref": "identity--bd83f834-15cb-41ed-9be8-cd98e74f72b4",
"created": "2022-07-02T17:28:36.997892Z",
"modified": "2022-07-02T17:28:36.997892Z",
"name": "Post Across Disciplines",
"description": "nan",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--65966b07-13ec-4488-a3cc-ee69c59e908e"
"marking-definition--a64de13e-f81f-44dc-936d-e46cc6e3d9d6"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--bb0fc2b3-d3f5-4e25-8f48-dd9dcd91187f.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--08f58eed-79eb-4a78-9ae5-ec93ec5aaaa0.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--3b6eab41-9655-466c-b3f3-705dd9b4ac92",
"id": "bundle--db740ddc-f40e-4281-8377-ffb06256049e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--bb0fc2b3-d3f5-4e25-8f48-dd9dcd91187f",
"created_by_ref": "identity--e2669787-c734-46af-8e39-1647aee8b147",
"created": "2022-07-02T04:22:03.088664Z",
"modified": "2022-07-02T04:22:03.088664Z",
"id": "attack-pattern--08f58eed-79eb-4a78-9ae5-ec93ec5aaaa0",
"created_by_ref": "identity--1881a3b0-4cbd-4d05-b180-78634db0de58",
"created": "2022-07-02T17:28:36.978314Z",
"modified": "2022-07-02T17:28:36.978314Z",
"name": "Develop Owned Media Assets",
"description": "TA15",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--795daf79-cdf0-426c-a0dc-1ff167ac0781"
"marking-definition--18d9fbe7-f202-47bf-8f7f-a4cc95c2faca"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--092de9b1-422f-4359-a11a-5910713c78ae.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--17055fa4-628d-4768-a680-5f609e8e5e99",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--092de9b1-422f-4359-a11a-5910713c78ae",
"created_by_ref": "identity--98a1ed58-fe31-4e4e-b134-4b08416b2262",
"created": "2022-07-02T04:22:03.141619Z",
"modified": "2022-07-02T04:22:03.141619Z",
"name": "Conduct Symbolic Action",
"description": "Symbolic action refers to activities specifically intended to advance an operation\u2019s narrative by signaling something to the audience, for example, a military parade supporting a state\u2019s narrative of military superiority. An influence operation may use symbolic action to create falsified evidence supporting operation narratives in the physical information space. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-offline-activity"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0057.002.md",
"external_id": "T0057.002"
}
],
"object_marking_refs": [
"marking-definition--8d6cfbf8-6eb3-4a92-b640-dc53c04d1611"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--095aa344-86dc-4488-a1d7-a8a7c1363d4a.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fdc2d2fc-7bbf-42b1-84c3-4392a844e895",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--095aa344-86dc-4488-a1d7-a8a7c1363d4a",
"created_by_ref": "identity--c0f933b4-d46e-4419-868f-db37873512be",
"created": "2022-07-02T17:28:36.948044Z",
"modified": "2022-07-02T17:28:36.948044Z",
"name": "Bots Amplify via Automated Forwarding and Reposting",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0049.003.md",
"external_id": "T0049.003"
}
],
"object_marking_refs": [
"marking-definition--778b8674-094f-4ba7-b58c-79a77b05dea5"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--92f696dc-5a56-4768-a6d2-1a69c6642c7a.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--09c7c07b-108f-41a6-82e1-a5fff2b8182b.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--e389b24f-d34b-43bf-b89c-47f937e900d1",
"id": "bundle--930ca439-fc14-4e54-8d94-0e6c7d2adc37",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--92f696dc-5a56-4768-a6d2-1a69c6642c7a",
"created_by_ref": "identity--cbe28949-eb39-458b-94ef-22073e0cb3a5",
"created": "2022-07-02T04:22:03.091754Z",
"modified": "2022-07-02T04:22:03.091754Z",
"id": "attack-pattern--09c7c07b-108f-41a6-82e1-a5fff2b8182b",
"created_by_ref": "identity--0330d19a-d028-4478-bf80-d6c3659544bc",
"created": "2022-07-02T17:28:36.986045Z",
"modified": "2022-07-02T17:28:36.986045Z",
"name": "Social Networks",
"description": "TA07",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0bcdea95-9b96-48fa-8669-60418e5c9798"
"marking-definition--37565e7d-ad00-4604-a990-8e109c28717c"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b7228c09-0f9c-4c97-8b02-fc0eca17ac87.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0aac6482-f7b2-4cd4-8661-ae692c84a188.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--c0ec15f7-1de2-4ae7-b204-d42bbe312d68",
"id": "bundle--c12c92cd-015e-44f9-bf2c-ba1e28ec89a1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b7228c09-0f9c-4c97-8b02-fc0eca17ac87",
"created_by_ref": "identity--0101a7ee-5f09-4b74-bf37-5584282cfc66",
"created": "2022-07-02T04:22:03.13523Z",
"modified": "2022-07-02T04:22:03.13523Z",
"id": "attack-pattern--0aac6482-f7b2-4cd4-8661-ae692c84a188",
"created_by_ref": "identity--3d70a8e3-6a21-4bbb-9ae8-14395b4aaf0b",
"created": "2022-07-02T17:28:36.997213Z",
"modified": "2022-07-02T17:28:36.997213Z",
"name": "Post Across Groups",
"description": "nan",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--9bd1b657-3b2c-4345-8c87-979429233864"
"marking-definition--99d5d2fe-2b34-4753-bdf5-4975f14703ee"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ac0d78a-4949-4687-a7bd-0008178680cd.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--ef30d2f5-bffe-4577-9c92-8396607dd026",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0ac0d78a-4949-4687-a7bd-0008178680cd",
"created_by_ref": "identity--f4fa225a-6169-4d38-8476-9dc249aeca76",
"created": "2022-07-02T04:22:03.138087Z",
"modified": "2022-07-02T04:22:03.138087Z",
"name": "Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0048.004.md",
"external_id": "T0048.004"
}
],
"object_marking_refs": [
"marking-definition--6ab22ce0-cafc-46f5-b607-b19b5ce8a129"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--5751bd23-edbd-4fff-a99e-af117e8040cd.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0b7d2ef1-9719-410e-9ae3-10c646709317.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--428ba912-b869-46e7-9de7-f87c022721ec",
"id": "bundle--9c71b958-212c-44cf-8b37-e915fe6288ef",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5751bd23-edbd-4fff-a99e-af117e8040cd",
"created_by_ref": "identity--2b4cae19-f314-4f1c-a12b-d0edfad00d4a",
"created": "2022-07-02T04:22:03.151477Z",
"modified": "2022-07-02T04:22:03.151477Z",
"id": "attack-pattern--0b7d2ef1-9719-410e-9ae3-10c646709317",
"created_by_ref": "identity--bb67574b-d3c9-4645-a15c-a2388848dc4a",
"created": "2022-07-02T17:28:37.015495Z",
"modified": "2022-07-02T17:28:37.015495Z",
"name": "Behavior changes",
"description": "Monitor and evaluate behaviour changes from misinformation incidents. ",
"description": "TA12",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--ef1b1173-c303-402c-bbfd-77bfd129be46"
"marking-definition--f6c963e8-cd4d-4fa2-b394-52a6371e9fe9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--d68ff2dd-a826-4465-a5f8-64368a42145c.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c3753ba-ec86-4186-97c8-242aa9d53b0f.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--b66973bc-ded1-432f-a816-45971398a423",
"id": "bundle--6c675412-b821-445e-919a-d776961e6c3c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--d68ff2dd-a826-4465-a5f8-64368a42145c",
"created_by_ref": "identity--1b8c0ee5-d26d-4c49-a284-57a23941266f",
"created": "2022-07-02T04:22:03.101144Z",
"modified": "2022-07-02T04:22:03.101144Z",
"id": "attack-pattern--0c3753ba-ec86-4186-97c8-242aa9d53b0f",
"created_by_ref": "identity--349fb903-bc56-4256-af39-dd9b2333b029",
"created": "2022-07-02T17:28:37.015177Z",
"modified": "2022-07-02T17:28:37.015177Z",
"name": "Measure Effectiveness",
"description": "TA12",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0aedeb61-c66f-493f-9b02-40836a679918"
"marking-definition--ca502497-d901-4f77-876b-0215dda1fc01"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c63bf4d-fa02-4b40-8683-2a0994e3895e.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--df6c406c-2f4c-4860-9292-2de500a45afd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0c63bf4d-fa02-4b40-8683-2a0994e3895e",
"created_by_ref": "identity--c069cbb5-940d-487b-a145-5b1c124a2104",
"created": "2022-07-02T04:22:03.122694Z",
"modified": "2022-07-02T04:22:03.122694Z",
"name": "Leverage Existing Inauthentic News Sites",
"description": "An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities. \nAn influence operation may use a wide variety of cyber techniques to impersonate a legitimate entity\u2019s website or social media account. Typosquatting87 is the international registration of a domain name with purposeful variations of the impersonated domain name through intentional typos, top-level domain (TLD) manipulation, or punycode. Typosquatting facilitates the creation of falsified websites by creating similar domain names in the URL box, leaving it to the user to confirm that the URL is correct. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0098.002.md",
"external_id": "T0098.002"
}
],
"object_marking_refs": [
"marking-definition--cb63418c-7066-4b07-8733-094849c1e160"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0caea8dd-90d8-4652-97cb-261c62065cf5.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--57a7cf0d-9f47-4b61-af08-5d6ba9338dd0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0caea8dd-90d8-4652-97cb-261c62065cf5",
"created_by_ref": "identity--f3725b38-62d8-42f0-84be-2495e5df48da",
"created": "2022-07-02T17:28:37.010707Z",
"modified": "2022-07-02T17:28:37.010707Z",
"name": "Misattribute Activity",
"description": "TA11",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0129.010.md",
"external_id": "T0129.010"
}
],
"object_marking_refs": [
"marking-definition--49250ba5-810e-4c89-b0b7-06f630363296"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--5c461ed5-ed0b-4473-b07b-4624f79a6e82.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ce3479d-da57-451a-9f9d-327bef42eb77.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--0c22ada1-7004-4333-beb1-14654292a13b",
"id": "bundle--c7050db6-659f-49bc-b8f1-4ddf2aa4fd7d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5c461ed5-ed0b-4473-b07b-4624f79a6e82",
"created_by_ref": "identity--f4377a45-5680-414b-ae4b-392dc9908d63",
"created": "2022-07-02T04:22:03.098564Z",
"modified": "2022-07-02T04:22:03.098564Z",
"id": "attack-pattern--0ce3479d-da57-451a-9f9d-327bef42eb77",
"created_by_ref": "identity--192f9c85-7c69-4256-a1d9-14a45e5b9733",
"created": "2022-07-02T17:28:37.0033Z",
"modified": "2022-07-02T17:28:37.0033Z",
"name": "Platform Filtering",
"description": "TA18",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--4b30c99c-e04b-421f-b8d9-c87e2e5232df"
"marking-definition--18e3adc4-dfd6-4429-9f56-a096a775db5c"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d3726bc-bf0e-4357-b2b3-96b41aa856a3.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--48ab23ea-ae12-4b96-9d07-40623e1ffd9b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d3726bc-bf0e-4357-b2b3-96b41aa856a3",
"created_by_ref": "identity--ff63eba0-3e4a-4b47-a402-3caaea15c330",
"created": "2022-07-02T04:22:03.123012Z",
"modified": "2022-07-02T04:22:03.123012Z",
"name": "Astroturfing",
"description": "Astroturfing occurs when an influence operation disguises itself as grassroots movement or organization that supports operation narratives. Unlike butterfly attacks, astroturfing aims to increase the appearance of popular support for the operation cause and does not infiltrate existing groups to discredit their objectives. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0099.001.md",
"external_id": "T0099.001"
}
],
"object_marking_refs": [
"marking-definition--dc890fe2-240a-4bac-8bce-566a3eac16be"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0fc791e6-cc20-4280-9a53-251d88b940c5.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--65f83c81-9726-4303-aed7-0192ba62d495",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0fc791e6-cc20-4280-9a53-251d88b940c5",
"created_by_ref": "identity--0b71bdf6-0f28-40df-ac4d-ccbc480b24e2",
"created": "2022-07-02T17:28:37.011653Z",
"modified": "2022-07-02T17:28:37.011653Z",
"name": "Utilize Bulletproof Hosting",
"description": "TA11",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0130.002.md",
"external_id": "T0130.002"
}
],
"object_marking_refs": [
"marking-definition--3c23d001-ee41-49e8-b3ae-39b9b06e6a5f"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--540e2d0d-4de2-4331-a130-ccbd14945e57.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--11300333-274b-4c70-84a7-c0d5ba379d34.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--fa634ad0-20bb-4f0a-b6e6-dc816b1b8982",
"id": "bundle--273e79da-925e-47a9-8fd6-479df16f3f36",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--540e2d0d-4de2-4331-a130-ccbd14945e57",
"created_by_ref": "identity--d57f8b7c-a1a0-4112-b156-cf7bcbe28b6e",
"created": "2022-07-02T04:22:03.102063Z",
"modified": "2022-07-02T04:22:03.102063Z",
"id": "attack-pattern--11300333-274b-4c70-84a7-c0d5ba379d34",
"created_by_ref": "identity--663f9601-2b42-4590-b655-c4bc542f02c1",
"created": "2022-07-02T17:28:36.955953Z",
"modified": "2022-07-02T17:28:36.955953Z",
"name": "Discredit Credible Sources",
"description": "Plan to delegitimize the media landscape and degrade public trust in reporting, by discrediting credible sources. This makes it easier to promote influence operation content.",
"description": "TA02",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--7b979c8f-a880-406d-abcd-21c71f656171"
"marking-definition--4770b304-99bf-4eb3-a7ef-c39191c13a88"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f87843fc-a049-4664-a82d-6be77620dcac.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--12cd627c-2617-486e-bcbf-a5bf5f467286.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--b83337c7-1d5a-4108-9009-fc23afe80aca",
"id": "bundle--a1904356-afeb-46ea-9dde-3079513b79ac",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f87843fc-a049-4664-a82d-6be77620dcac",
"created_by_ref": "identity--babb85bb-495d-47c5-b58d-4b4115c60b66",
"created": "2022-07-02T04:22:03.110733Z",
"modified": "2022-07-02T04:22:03.110733Z",
"id": "attack-pattern--12cd627c-2617-486e-bcbf-a5bf5f467286",
"created_by_ref": "identity--cb4cf0ff-523c-4220-afb2-14f2608f63ba",
"created": "2022-07-02T17:28:36.966525Z",
"modified": "2022-07-02T17:28:36.966525Z",
"name": "Develop Inauthentic News Articles",
"description": "nan",
"description": "TA06",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--a5738669-8f1a-42df-80f9-59091afddd3c"
"marking-definition--b10767de-5e60-43b8-95d0-e1d534ff8747"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f6cced10-fcf6-4922-9b75-573a9e3df2ff.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1360c84b-8b09-49e5-8950-9d8362008311.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--c699cc16-f4c4-447e-85e3-a73431d54fc8",
"id": "bundle--c9c2799c-6a5c-4a03-b16a-4dd6665c14e9",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f6cced10-fcf6-4922-9b75-573a9e3df2ff",
"created_by_ref": "identity--7015aabf-4558-40f4-9864-5c776f7d6503",
"created": "2022-07-02T04:22:03.129784Z",
"modified": "2022-07-02T04:22:03.129784Z",
"id": "attack-pattern--1360c84b-8b09-49e5-8950-9d8362008311",
"created_by_ref": "identity--f810326e-c1cf-447f-9995-8e6f828df8ab",
"created": "2022-07-02T17:28:36.989899Z",
"modified": "2022-07-02T17:28:36.989899Z",
"name": "Anonymous Message Boards",
"description": "Examples include the Chans",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--11aad034-a94b-41a6-b528-2cda3523257d"
"marking-definition--03a3d509-42b9-4672-988e-a94d6535e8f0"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--13942c8f-1337-4de0-8b7b-3802fa4c7276.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c54dd29a-ddf5-449e-baa9-961b6cb72e57",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--13942c8f-1337-4de0-8b7b-3802fa4c7276",
"created_by_ref": "identity--3fd6c410-4981-48ce-aeb6-c02ba2b2e4c3",
"created": "2022-07-02T17:28:36.949061Z",
"modified": "2022-07-02T17:28:36.949061Z",
"name": "Conduct Keyword Squatting",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0049.006.md",
"external_id": "T0049.006"
}
],
"object_marking_refs": [
"marking-definition--2e87c460-bd21-422c-8553-64c1da11faff"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1397b0db-f680-4e24-a827-b0f25e18e56c.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--cca2be8b-0407-4282-9335-6e97175734da",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1397b0db-f680-4e24-a827-b0f25e18e56c",
"created_by_ref": "identity--62a17978-9671-4a26-b098-91102fab98a3",
"created": "2022-07-02T17:28:37.007169Z",
"modified": "2022-07-02T17:28:37.007169Z",
"name": "Change Names of Accounts",
"description": "TA11",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0128.005.md",
"external_id": "T0128.005"
}
],
"object_marking_refs": [
"marking-definition--827375e7-a703-44fd-90cc-9a09056576dd"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--15e37fa3-0927-4cda-a91b-b2fcf1de0e2a.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--c12ec9c9-66a6-4587-bdea-19589095e4ea",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--15e37fa3-0927-4cda-a91b-b2fcf1de0e2a",
"created_by_ref": "identity--776c20f1-07f5-4a99-a802-b8ba5dac7cd1",
"created": "2022-07-02T04:22:03.134269Z",
"modified": "2022-07-02T04:22:03.134269Z",
"name": "Conduct Swarming",
"description": "Swarming refers to the coordinated use of accounts to overwhelm the information space with operation content. Unlike information flooding, swarming centers exclusively around a specific event or actor rather than a general narrative. Swarming relies on \u201chorizontal communication\u201d between information assets rather than a top-down, vertical command-and-control approach. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0049.005.md",
"external_id": "T0049.005"
}
],
"object_marking_refs": [
"marking-definition--8ff428d8-fa13-4d36-ac32-a89aa0e17273"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--161aa4a2-a59f-4d55-90b5-cb117b99a9e7.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--713a987a-0ef1-401c-b414-3cc772bd84b7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--161aa4a2-a59f-4d55-90b5-cb117b99a9e7",
"created_by_ref": "identity--1013b66b-4ed9-4546-b259-1042a0a728a8",
"created": "2022-07-02T04:22:03.148334Z",
"modified": "2022-07-02T04:22:03.148334Z",
"name": "Utilize Bulletproof Hosting",
"description": "Hosting refers to services through which storage and computing resources are provided to an individual or organization for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilize bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0130.002.md",
"external_id": "T0130.002"
}
],
"object_marking_refs": [
"marking-definition--c7f71c91-9cb4-4fe7-8ea9-4f389026de49"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4699fa91-706b-4a8b-b253-fbbcf05f44c9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--173741da-6c65-45a2-8b72-4692e694c345.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--c45ee792-7da0-4b18-8f61-0227431b520d",
"id": "bundle--ca8ed984-4ca9-4236-9943-9e6543af6f57",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4699fa91-706b-4a8b-b253-fbbcf05f44c9",
"created_by_ref": "identity--bc415869-0cc0-47ef-9354-eb85469ffe10",
"created": "2022-07-02T04:22:03.103346Z",
"modified": "2022-07-02T04:22:03.103346Z",
"id": "attack-pattern--173741da-6c65-45a2-8b72-4692e694c345",
"created_by_ref": "identity--322f05b2-e939-4e95-b04e-632436df4704",
"created": "2022-07-02T17:28:36.958901Z",
"modified": "2022-07-02T17:28:36.958901Z",
"name": "Conduct Web Traffic Analysis",
"description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.",
"description": "TA13",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--d15b9bec-1b95-49cc-919b-118748be8bc9"
"marking-definition--e4ac92c8-8d37-4ccc-85c3-8cd4b4d61d20"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--77cfedae-2306-461f-bc2b-976170ae2305.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1761fa87-94c7-4913-a5a6-4f12626d74ed.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d26c371f-2b07-4424-b3f8-0125660682e3",
"id": "bundle--86def1a9-1ba7-4279-9da9-13bcd597ed68",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--77cfedae-2306-461f-bc2b-976170ae2305",
"created_by_ref": "identity--5ae001c6-18fc-41a6-bf37-8564f5519ca9",
"created": "2022-07-02T04:22:03.08085Z",
"modified": "2022-07-02T04:22:03.08085Z",
"id": "attack-pattern--1761fa87-94c7-4913-a5a6-4f12626d74ed",
"created_by_ref": "identity--62cb671f-52bd-4e92-926f-455e2eb2c87a",
"created": "2022-07-02T17:28:36.952704Z",
"modified": "2022-07-02T17:28:36.952704Z",
"name": "Respond to Breaking News Event or Active Crisis",
"description": "TA14",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--5dcdd76b-e488-4016-bb89-72664e886e9c"
"marking-definition--4b80ef0a-adc2-42e9-9908-5770de4b1f1f"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ab6e9b70-4b9e-414c-93ea-405058270218.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1880ffbe-6164-4bb5-9986-7a5fb0d10751.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--73bd3cc6-bfe1-4ee4-91fa-a4c0b318b847",
"id": "bundle--202a5467-c8ea-43ec-98c8-59fd866a9ef8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ab6e9b70-4b9e-414c-93ea-405058270218",
"created_by_ref": "identity--38f55dd2-91b3-4ceb-8598-9f9c492e522a",
"created": "2022-07-02T04:22:03.123956Z",
"modified": "2022-07-02T04:22:03.123956Z",
"id": "attack-pattern--1880ffbe-6164-4bb5-9986-7a5fb0d10751",
"created_by_ref": "identity--4676f667-6a86-4217-b68f-35d3be2a08bb",
"created": "2022-07-02T17:28:36.982858Z",
"modified": "2022-07-02T17:28:36.982858Z",
"name": "Co-Opt Grassroots Groups",
"description": "nan",
"description": "TA16",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--d498617c-36fd-41c6-aeb3-4209cff0913d"
"marking-definition--95fd3ec5-16e4-4ff7-9b1b-560b523a8824"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1cc04493-e157-40b6-8173-9848d6b87e58.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--18dfaddc-b4d8-43dc-baff-e92c4ad7b6c1.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--1abb02dc-56a7-46a5-ad2d-ad5ed797cbe6",
"id": "bundle--aa74a0b1-4ec2-412f-9f88-2d7c5279b970",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1cc04493-e157-40b6-8173-9848d6b87e58",
"created_by_ref": "identity--d9d1f747-25ae-408d-9d11-4ee40031fabc",
"created": "2022-07-02T04:22:03.112648Z",
"modified": "2022-07-02T04:22:03.112648Z",
"id": "attack-pattern--18dfaddc-b4d8-43dc-baff-e92c4ad7b6c1",
"created_by_ref": "identity--afa36676-23d9-491d-bcc0-a88be3320eb7",
"created": "2022-07-02T17:28:36.969219Z",
"modified": "2022-07-02T17:28:36.969219Z",
"name": "Deceptively Edit Video (Cheap fakes)",
"description": "Cheap fakes utilize less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"description": "TA06",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--5c412a6e-7cf1-4d89-a409-74306cad315d"
"marking-definition--badf82a7-0778-48a2-afb4-fa793734fb2d"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--19641024-86e4-435e-8f10-6f6fcac96da9.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--7d92ddaa-988b-4463-805f-3537b513fe5c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--19641024-86e4-435e-8f10-6f6fcac96da9",
"created_by_ref": "identity--a1988b57-6179-44ec-a26c-9383f424accd",
"created": "2022-07-02T17:28:37.009411Z",
"modified": "2022-07-02T17:28:37.009411Z",
"name": "Deny involvement",
"description": "TA11",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0129.006.md",
"external_id": "T0129.006"
}
],
"object_marking_refs": [
"marking-definition--46a9162f-5fe4-440f-909e-921dd01170ab"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--197d83f1-5d84-407d-9867-0c369fff8209.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--6218f10a-9c78-4ef6-84fe-1dc521118eac",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--197d83f1-5d84-407d-9867-0c369fff8209",
"created_by_ref": "identity--bf19cf8a-3634-4a53-ac80-4ee6c1014deb",
"created": "2022-07-02T04:22:03.139046Z",
"modified": "2022-07-02T04:22:03.139046Z",
"name": "Destroy Information Generation Capabilities",
"description": "Destroying information generation capabilities refers to actions taken to limit, degrade, or otherwise incapacitate an actor\u2019s ability to generate conflicting information. An influence operation may destroy an actor\u2019s information generation capabilities by physically dismantling the information infrastructure, disconnecting resources needed for information generation, or redirecting information generation personnel. An operation may destroy an adversary\u2019s information generation capabilities to limit conflicting content exposure to the target audience and crowd the information space with its own narratives. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0123.003.md",
"external_id": "T0123.003"
}
],
"object_marking_refs": [
"marking-definition--4b33bd1e-c2a6-45c3-9eb7-cf6557197dbb"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--ff94a50e-964e-4f7e-b6fd-781319cc6268.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1b11a06d-2772-4b32-a70d-e64f6434bd3c.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--754a7fdb-e267-4c78-ad67-4cadb6c96d81",
"id": "bundle--e1b3a7bb-fb87-4f47-aa80-1390ec9fede5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--ff94a50e-964e-4f7e-b6fd-781319cc6268",
"created_by_ref": "identity--22ddf033-449a-4adb-aa8f-d660d3c3425a",
"created": "2022-07-02T04:22:03.137457Z",
"modified": "2022-07-02T04:22:03.137457Z",
"id": "attack-pattern--1b11a06d-2772-4b32-a70d-e64f6434bd3c",
"created_by_ref": "identity--970c32d4-a501-498e-b15b-8c70176217a6",
"created": "2022-07-02T17:28:36.945916Z",
"modified": "2022-07-02T17:28:36.945916Z",
"name": "Harass People Based on Identities",
"description": "Examples include social identities like gender, sexuality, race, ethnicity, religion, ability, nationality, etc. as well as roles and occupations like journalist or activist.",
"description": "TA18",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0b542708-f829-464e-9461-cbc3641052f6"
"marking-definition--57ad46db-bf70-435f-9d17-10c6651743c0"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0e463661-3676-4344-82a7-f5358aeae31d.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1b7f7c35-42b5-4fd3-828d-aff89f941850.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--34acadc1-2ed7-4cd5-9217-961a0dedcb94",
"id": "bundle--efff3daf-a18f-4ba3-b848-7cd6ad427d16",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0e463661-3676-4344-82a7-f5358aeae31d",
"created_by_ref": "identity--3a2b5b1b-b29c-41ec-b262-125a61465224",
"created": "2022-07-02T04:22:03.082142Z",
"modified": "2022-07-02T04:22:03.082142Z",
"id": "attack-pattern--1b7f7c35-42b5-4fd3-828d-aff89f941850",
"created_by_ref": "identity--00f4d831-60e1-4e33-95b2-77b1bd8162ef",
"created": "2022-07-02T17:28:36.955635Z",
"modified": "2022-07-02T17:28:36.955635Z",
"name": "Dismiss",
"description": "TA02",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--df5096ac-d0f1-4f54-9781-79f405df9bf8"
"marking-definition--eaea6a55-8a6d-4460-85ce-63ec5302ec5a"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d78b975-8732-4fe4-9bf8-4b8e7d24f06d.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d35a05b-99d7-4efb-8619-c0bfc4ef13a7.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--e8a13f1b-5559-4d84-a2e1-3291785d7e02",
"id": "bundle--a068b5ee-b89b-433e-823e-a72b5ac2ff53",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--7d78b975-8732-4fe4-9bf8-4b8e7d24f06d",
"created_by_ref": "identity--74aa7e66-eb96-4655-98f8-3000b7fb985a",
"created": "2022-07-02T04:22:03.11725Z",
"modified": "2022-07-02T04:22:03.11725Z",
"id": "attack-pattern--1d35a05b-99d7-4efb-8619-c0bfc4ef13a7",
"created_by_ref": "identity--bd5f1cf0-4496-464d-be7d-1fb96711b1bf",
"created": "2022-07-02T17:28:36.974068Z",
"modified": "2022-07-02T17:28:36.974068Z",
"name": "Recruit Contractors",
"description": "nan",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--0663ff73-d1f1-41b6-a639-209e240a5646"
"marking-definition--c2f7b249-aeb9-49fd-bd74-717bc60c2952"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d4bebe8-8bab-4066-91ad-45a3fef5161f.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--5e8c74f2-fcd3-403a-aad9-ea475e6ed069",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d4bebe8-8bab-4066-91ad-45a3fef5161f",
"created_by_ref": "identity--c4feb0dc-f31c-4161-b6f0-c52d03b3a5b0",
"created": "2022-07-02T17:28:36.972743Z",
"modified": "2022-07-02T17:28:36.972743Z",
"name": "Create Cyborg Accounts",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.002.md",
"external_id": "T0090.002"
}
],
"object_marking_refs": [
"marking-definition--4e12ffe3-9fb9-49b5-9d15-91081cd84641"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1d8883bc-3e8c-406d-ad8e-f7d660d05494.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--d5126e46-fbad-47e4-94d2-c9880b6284ec",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1d8883bc-3e8c-406d-ad8e-f7d660d05494",
"created_by_ref": "identity--c0e3a9f3-db28-4270-b125-c8c15ab52242",
"created": "2022-07-02T17:28:36.945596Z",
"modified": "2022-07-02T17:28:36.945596Z",
"name": "Boycott/\"Cancel\" Opponents",
"description": "TA18",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0048.001.md",
"external_id": "T0048.001"
}
],
"object_marking_refs": [
"marking-definition--d681785f-ab54-4f82-bf66-75d3d447bba9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8df70f5d-5132-447c-9989-5178c365a90a.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f5bb3dc-8ad8-4e32-9ac5-d408197bb1b1.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--40bb180a-dab8-4e29-8a9c-a4b4cee31f2b",
"id": "bundle--b5b33cc4-4828-41f0-b315-c64932a09520",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8df70f5d-5132-447c-9989-5178c365a90a",
"created_by_ref": "identity--b42274ef-31f4-4211-805a-5072aef54657",
"created": "2022-07-02T04:22:03.140303Z",
"modified": "2022-07-02T04:22:03.140303Z",
"id": "attack-pattern--1f5bb3dc-8ad8-4e32-9ac5-d408197bb1b1",
"created_by_ref": "identity--416f6c3d-8ca0-4d0d-aeb4-1a332a2a4efd",
"created": "2022-07-02T17:28:37.002979Z",
"modified": "2022-07-02T17:28:37.002979Z",
"name": "Exploit Platform TOS/Content Moderation",
"description": "nan",
"description": "TA18",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--766ca61f-2664-4480-be85-6a874505a33e"
"marking-definition--7cf882a2-da4a-4bf5-9cc2-2620e861a624"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--203756a5-ac3d-4a82-a096-25d01609571b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--2bf353c7-6fe1-422d-95bf-9da1b9314f47",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--203756a5-ac3d-4a82-a096-25d01609571b",
"created_by_ref": "identity--5490fecd-9a34-4016-861d-2a0bc4483486",
"created": "2022-07-02T17:28:36.965875Z",
"modified": "2022-07-02T17:28:36.965875Z",
"name": "Develop AI-Generated Text",
"description": "TA06",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0085.001.md",
"external_id": "T0085.001"
}
],
"object_marking_refs": [
"marking-definition--6575f8b2-caaf-4d2c-a43f-4a52eaac72a7"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--28c4447e-c922-4e62-b632-6f85c3befc22.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--20a5cd5a-48be-48e4-83a7-c03efe6f66fa.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--9a124a8b-d39f-4a8e-85bb-516a2a0eeb13",
"id": "bundle--63554396-d203-4f38-a545-e161f7c7e8aa",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--28c4447e-c922-4e62-b632-6f85c3befc22",
"created_by_ref": "identity--7eaf5956-0ca5-4c46-a5cb-ccf3f6d1cfaa",
"created": "2022-07-02T04:22:03.084704Z",
"modified": "2022-07-02T04:22:03.084704Z",
"id": "attack-pattern--20a5cd5a-48be-48e4-83a7-c03efe6f66fa",
"created_by_ref": "identity--ea725fa9-8b4b-4ecd-9d90-9c4611efa4c3",
"created": "2022-07-02T17:28:36.963605Z",
"modified": "2022-07-02T17:28:36.963605Z",
"name": "Integrate Target Audience Vulnerabilities into Narrative",
"description": "TA14",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3f3ab8b8-d66b-4b73-9e0b-bd7c5bd81b9a"
"marking-definition--eb5a95f9-cb0a-4fd9-878d-baffa84f72bd"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4ba887ca-bcfd-4966-b3b5-0ff968a7627f.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--21ea7783-4105-47f2-a8dd-aaa2ff34b0fa.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--a7883be7-6003-4e61-bd48-1887aaf4ca59",
"id": "bundle--dc86ff6e-c319-4cc6-83d0-68fe0691fabd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4ba887ca-bcfd-4966-b3b5-0ff968a7627f",
"created_by_ref": "identity--35122bb0-23ae-4ced-ae58-cfa5d8afe02f",
"created": "2022-07-02T04:22:03.070144Z",
"modified": "2022-07-02T04:22:03.070144Z",
"id": "attack-pattern--21ea7783-4105-47f2-a8dd-aaa2ff34b0fa",
"created_by_ref": "identity--967749e1-c653-450d-84d1-cea23c65e1c1",
"created": "2022-07-02T17:28:36.933327Z",
"modified": "2022-07-02T17:28:36.933327Z",
"name": "Leverage Existing Narratives",
"description": "TA14",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--2710f384-a856-4d93-ab2c-52e9b24a62ed"
"marking-definition--3d055099-7b53-4537-ba8f-06dd874cbdb7"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0577caea-3336-48cd-bc1a-177e3fbb1906.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--223e9f84-f894-484b-9359-0743edd6584e.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--aaf60751-16e7-4073-94b5-1c6a10ebf29f",
"id": "bundle--7a89a4c0-df58-423c-80a2-d9385b01e629",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0577caea-3336-48cd-bc1a-177e3fbb1906",
"created_by_ref": "identity--8640ea23-915e-41cb-9dbd-c81bf70b9b5a",
"created": "2022-07-02T04:22:03.073031Z",
"modified": "2022-07-02T04:22:03.073031Z",
"id": "attack-pattern--223e9f84-f894-484b-9359-0743edd6584e",
"created_by_ref": "identity--3c4abe5a-6b48-497e-ab7b-17ecb28f16d5",
"created": "2022-07-02T17:28:36.93725Z",
"modified": "2022-07-02T17:28:36.93725Z",
"name": "Create Clickbait",
"description": "TA05",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--5510c27d-c910-4dbf-b594-3d01b57b12a5"
"marking-definition--e79486d8-4dab-4f59-bb83-96aac4b9662a"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--233e4edf-3f30-456f-9875-2e0965434706.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--ad4e8155-52a0-4125-bdfb-78a39b221e08",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--233e4edf-3f30-456f-9875-2e0965434706",
"created_by_ref": "identity--262d6a84-6c99-49a5-b7bd-87dc1a686ec1",
"created": "2022-07-02T17:28:36.999572Z",
"modified": "2022-07-02T17:28:36.999572Z",
"name": "Bypass Content Blocking",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0121.001.md",
"external_id": "T0121.001"
}
],
"object_marking_refs": [
"marking-definition--2825c31e-6488-47d6-8ded-f24b8c94ec21"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b9bcdca2-c971-4548-847e-89730e8f28c1.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--275352ca-291e-4501-aef3-4bae8c972ea5.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--82a3692b-8d83-4212-840b-384b94f4f918",
"id": "bundle--1e1075bd-febd-4bd6-8779-6a2ec365f0be",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--b9bcdca2-c971-4548-847e-89730e8f28c1",
"created_by_ref": "identity--1d1e135c-2b02-4b05-8c8b-8206185e484e",
"created": "2022-07-02T04:22:03.083426Z",
"modified": "2022-07-02T04:22:03.083426Z",
"id": "attack-pattern--275352ca-291e-4501-aef3-4bae8c972ea5",
"created_by_ref": "identity--3cd80d75-1c98-4caa-8b59-8dd259d104a1",
"created": "2022-07-02T17:28:36.957224Z",
"modified": "2022-07-02T17:28:36.957224Z",
"name": "Divide",
"description": "TA02",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--2c53d46e-34e6-4025-b3f4-79400900c1d7"
"marking-definition--04222561-2e4e-48c3-9cc9-c1cd50278481"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8f377c72-c924-402b-af87-eaaf96d9d0a3.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--27bd786c-eb5e-4e88-9786-b4cea8789542.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--9f5a83d0-a268-4615-9af6-5b177b3d421b",
"id": "bundle--229e4414-f94b-4163-916a-f2704279f3e6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--8f377c72-c924-402b-af87-eaaf96d9d0a3",
"created_by_ref": "identity--7bf8ee5c-3363-4aa2-a60d-39bb36969a28",
"created": "2022-07-02T04:22:03.09888Z",
"modified": "2022-07-02T04:22:03.09888Z",
"id": "attack-pattern--27bd786c-eb5e-4e88-9786-b4cea8789542",
"created_by_ref": "identity--c90f5fcf-ed8f-4027-814f-69687538628b",
"created": "2022-07-02T17:28:37.003622Z",
"modified": "2022-07-02T17:28:37.003622Z",
"name": "Encourage Attendance at Events",
"description": "TA10",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--157d36bd-789a-4430-9c94-0093a61e50e2"
"marking-definition--fee6de2f-602b-475d-b0fe-378c1247203d"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--5468558b-bbc8-49d6-af74-99450ca31dd3.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--284293b6-e1fd-4072-96d3-b5ed72056848.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--8388a330-6bb6-46f3-b7ed-56d3c65ea339",
"id": "bundle--7fa460cb-27cb-445b-8922-025624c87eea",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5468558b-bbc8-49d6-af74-99450ca31dd3",
"created_by_ref": "identity--361ac418-44d7-484d-bae0-51abbfe90344",
"created": "2022-07-02T04:22:03.076286Z",
"modified": "2022-07-02T04:22:03.076286Z",
"id": "attack-pattern--284293b6-e1fd-4072-96d3-b5ed72056848",
"created_by_ref": "identity--cc6a0050-4a41-40e5-8b08-fc87e8ba515d",
"created": "2022-07-02T17:28:36.94269Z",
"modified": "2022-07-02T17:28:36.94269Z",
"name": "Seed Kernel of truth",
"description": "TA08",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--64eec2bb-aca1-4f71-ba4f-1ec00156c4f7"
"marking-definition--ff60f339-b9ec-4c6b-89bb-79e4740a345a"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--289c80c1-36af-4d61-b7f1-046161422e37.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--66db9060-2525-4380-8a3e-5dd720486a3d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--289c80c1-36af-4d61-b7f1-046161422e37",
"created_by_ref": "identity--6bba4400-5505-422e-b988-ab6b04cb0bfe",
"created": "2022-07-02T04:22:03.116529Z",
"modified": "2022-07-02T04:22:03.116529Z",
"name": "Create Bot Accounts",
"description": "Bots refer to autonomous internet users that interact with systems or other users while imitating traditional human behavior. Bots use a variety of tools to stay active without direct human operation, including artificial intelligence and big data analytics. For example, an individual may program a Twitter bot to retweet a tweet every time it contains a certain keyword or hashtag. An influence operation may use bots to increase its exposure and artificially promote its content across the internet without dedicating additional time or human resources. \nAmplifier bots promote operation content through reposts, shares, and likes to increase the content\u2019s online popularity. Hacker bots are traditionally covert bots running on computer scripts that rarely engage with users and work primarily as agents of larger cyberattacks, such as a Distributed Denial of Service attacks. Spammer bots are programmed to post content on social media or in comment sections, usually as a supplementary tool. Impersonator bots102 pose as real people by mimicking human behavior, complicating their detection. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.003.md",
"external_id": "T0090.003"
}
],
"object_marking_refs": [
"marking-definition--ed106a38-1213-4f41-9cd9-64bdbeaea56b"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2dd166eb-2830-4440-8f7e-16ae78cbffce.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--28de0362-57a1-4c91-afe7-991a2cdce07e.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--29a99d02-3dbd-4d49-a2db-57db19c801a5",
"id": "bundle--b0e1aec5-f6ab-4783-9571-abad1b4ab570",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2dd166eb-2830-4440-8f7e-16ae78cbffce",
"created_by_ref": "identity--bb91794f-6a67-4113-a342-317140133c51",
"created": "2022-07-02T04:22:03.124276Z",
"modified": "2022-07-02T04:22:03.124276Z",
"id": "attack-pattern--28de0362-57a1-4c91-afe7-991a2cdce07e",
"created_by_ref": "identity--5c2e719b-0c84-42f9-be1c-7a980d3e106f",
"created": "2022-07-02T17:28:36.983181Z",
"modified": "2022-07-02T17:28:36.983181Z",
"name": "Co-opt Influencers",
"description": "nan",
"description": "TA16",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--a38b765b-cb0e-4740-a322-1d25f04e9a7a"
"marking-definition--8604e7db-c483-4855-a489-4059f3f2f922"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--29750664-9ed2-4c58-b10b-68ab1eb02dc6.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--e150ad83-f2ad-4e8c-a3d6-9bf60bf3b81a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--29750664-9ed2-4c58-b10b-68ab1eb02dc6",
"created_by_ref": "identity--38878c6f-1db3-4eae-bd7a-07b36bcc2f3c",
"created": "2022-07-02T04:22:03.143879Z",
"modified": "2022-07-02T04:22:03.143879Z",
"name": "Distance Reputable Individuals from Operation",
"description": "Distancing reputable individuals from the operation occurs when enlisted individuals, such as celebrities or subject matter experts, actively disengage themselves from operation activities and messaging. Individuals may distance themselves from the operation by deleting old posts or statements, unfollowing operation information assets, or otherwise detaching themselves from the operation\u2019s timeline. An influence operation may want reputable individuals to distance themselves from the operation to reduce operation exposure, particularly if the operation aims to remove all evidence.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0128.003.md",
"external_id": "T0128.003"
}
],
"object_marking_refs": [
"marking-definition--11441662-c80b-435d-bfb2-b925624fe053"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--08a11627-de00-4ac2-b6ee-b11ad36b309b.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2aeca1ac-da54-4744-a23e-c2b1641dac28.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--933f1c9a-1932-42a0-8f0d-21732223e5d2",
"id": "bundle--419568d5-d5c2-4682-987a-78863c4a1658",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--08a11627-de00-4ac2-b6ee-b11ad36b309b",
"created_by_ref": "identity--46b061de-34b2-4987-a18c-9e2e14a946c5",
"created": "2022-07-02T04:22:03.095308Z",
"modified": "2022-07-02T04:22:03.095308Z",
"id": "attack-pattern--2aeca1ac-da54-4744-a23e-c2b1641dac28",
"created_by_ref": "identity--3c5a156b-f144-4ed5-b08e-8bfc1042f78e",
"created": "2022-07-02T17:28:36.994345Z",
"modified": "2022-07-02T17:28:36.994345Z",
"name": "Post Content",
"description": "TA09",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--b335337d-178c-4d43-acc1-263ed50feb4c"
"marking-definition--344d25b6-9486-49aa-8ca2-397fcac861bb"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b6bd718-4225-4bbe-9444-183f90644c74.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--568ab9c9-2b80-4801-a462-cb838ee36378",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2b6bd718-4225-4bbe-9444-183f90644c74",
"created_by_ref": "identity--e435d26e-0ecb-454b-9b09-17fd7ca15b75",
"created": "2022-07-02T04:22:03.106213Z",
"modified": "2022-07-02T04:22:03.106213Z",
"name": "Identify Media System Vulnerabilities",
"description": "An influence operation may exploit existing weaknesses in a target\u2019s media system. These weaknesses may include existing biases among media agencies, vulnerability to false news agencies on social media, or existing distrust of traditional media sources. An existing distrust among the public in the media system\u2019s credibility holds high potential for exploitation by an influence operation when establishing alternative news agencies to spread operation content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0081.008.md",
"external_id": "T0081.008"
}
],
"object_marking_refs": [
"marking-definition--2a74fdc4-aa04-4969-bb12-3b04ba5f7989"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--23b4bcfc-7362-440f-97ca-1094ad0abc1e.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b86f30b-02d0-4759-9ccd-7abff53714a2.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--226fded6-bbef-499e-9143-0c70098ea685",
"id": "bundle--e26b4ee1-2289-4b05-a477-b1a97c911ca7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--23b4bcfc-7362-440f-97ca-1094ad0abc1e",
"created_by_ref": "identity--909d618b-ed43-4566-a2ad-b744f772fca9",
"created": "2022-07-02T04:22:03.109147Z",
"modified": "2022-07-02T04:22:03.109147Z",
"id": "attack-pattern--2b86f30b-02d0-4759-9ccd-7abff53714a2",
"created_by_ref": "identity--1df51467-370a-4394-baad-ca76908234f0",
"created": "2022-07-02T17:28:36.964571Z",
"modified": "2022-07-02T17:28:36.964571Z",
"name": "Plagiarize Content",
"description": "nan",
"description": "TA06",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--05037167-3060-45f9-af72-94d680be3593"
"marking-definition--1bf2ad11-158a-4616-acde-706b3caf4858"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--be195a87-6081-4525-9199-44ae23c74b38.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2bd6c575-4b68-4623-bc01-6964c53476cc.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--9d3e3a61-c4ec-4710-a321-d13181458667",
"id": "bundle--20012c63-3c79-4ac4-a309-1963865e9a7f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--be195a87-6081-4525-9199-44ae23c74b38",
"created_by_ref": "identity--fb84efc2-7a2b-4e70-95f0-3e1372d6fc5b",
"created": "2022-07-02T04:22:03.127557Z",
"modified": "2022-07-02T04:22:03.127557Z",
"id": "attack-pattern--2bd6c575-4b68-4623-bc01-6964c53476cc",
"created_by_ref": "identity--cbe0be43-5485-49aa-acf1-6009a3aea0f9",
"created": "2022-07-02T17:28:36.986995Z",
"modified": "2022-07-02T17:28:36.986995Z",
"name": "Private/Closed Social Networks",
"description": "nan",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--46d0534c-1c88-467b-872e-8cac5d286558"
"marking-definition--c5d6a9fb-b26d-4086-a5ec-af336a8a8389"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2c7e9fd6-8fe3-448e-99e5-81d4cc6fa9e4.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c72d73fe-f000-489c-904c-533819200340",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2c7e9fd6-8fe3-448e-99e5-81d4cc6fa9e4",
"created_by_ref": "identity--db6a9846-f6ad-4cf5-9421-38011a93c696",
"created": "2022-07-02T17:28:36.947255Z",
"modified": "2022-07-02T17:28:36.947255Z",
"name": "Trolls amplify and manipulate",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0049.001.md",
"external_id": "T0049.001"
}
],
"object_marking_refs": [
"marking-definition--5a4bd136-ad2f-4f6b-8432-cd8f1e85846f"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1cdd3983-14a0-4d1a-a65e-4a066047ba86.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2da637f8-4277-4a95-8dc4-c17a92be1281.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--2987a2bc-96c8-4646-bf04-4ead60e9e0aa",
"id": "bundle--e53ebad9-c97b-401f-9b2f-6615996016d6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1cdd3983-14a0-4d1a-a65e-4a066047ba86",
"created_by_ref": "identity--630f859f-d91b-442f-a9c0-0514b948c0ad",
"created": "2022-07-02T04:22:03.152756Z",
"modified": "2022-07-02T04:22:03.152756Z",
"id": "attack-pattern--2da637f8-4277-4a95-8dc4-c17a92be1281",
"created_by_ref": "identity--f782b122-e140-49b5-9788-e6b26fdc6d24",
"created": "2022-07-02T17:28:37.01677Z",
"modified": "2022-07-02T17:28:37.01677Z",
"name": "Action/attitude",
"description": "nan",
"description": "TA12",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3998fe1d-9e44-4bb5-a106-031dea8fbe54"
"marking-definition--94db7dbd-42e7-4cd0-9274-c1d979b4c123"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2eb2f147-53d7-4fae-a711-13f0181630a0.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--f55fab24-7347-4022-b221-ad0d32fb9f36",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2eb2f147-53d7-4fae-a711-13f0181630a0",
"created_by_ref": "identity--e6865b40-628d-4ac3-bff8-87dfa6a01831",
"created": "2022-07-02T04:22:03.1101Z",
"modified": "2022-07-02T04:22:03.1101Z",
"name": "Develop AI-Generated Text",
"description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0085.001.md",
"external_id": "T0085.001"
}
],
"object_marking_refs": [
"marking-definition--567482ec-6057-4575-b352-7626f286ff2b"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--9f08f8be-e32a-401b-b4e0-3a3735249d90.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2f2745b8-801a-41b5-b85a-ffba5caf53c4.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c81e98a3-246e-4f25-979f-e7377a237bf6",
"id": "bundle--07a5bd7f-8927-45d3-8717-b1235c6e965a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9f08f8be-e32a-401b-b4e0-3a3735249d90",
"created_by_ref": "identity--91c7cd6e-96a1-4228-887b-6d75eb56181b",
"created": "2022-07-02T04:22:03.096613Z",
"modified": "2022-07-02T04:22:03.096613Z",
"id": "attack-pattern--2f2745b8-801a-41b5-b85a-ffba5caf53c4",
"created_by_ref": "identity--0405c5ac-6467-492d-b6d4-5c3521a54d70",
"created": "2022-07-02T17:28:36.996895Z",
"modified": "2022-07-02T17:28:36.996895Z",
"name": "Cross-Posting",
"description": "TA17",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--fb899ba8-e72c-4e1e-a93f-d74c0ab60d7b"
"marking-definition--e9e8c04d-b24d-49cf-8fd9-842f87544f7e"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--6cb2b1b5-5a51-4f19-a6f2-08d6bc238121.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2f9be5f3-9474-46c1-9bf8-038577c4b6a8.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--df43b6e2-b473-4b3d-9dd1-00a999de2593",
"id": "bundle--c9a25dc0-1ea6-46ae-996f-869f8d5e3195",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--6cb2b1b5-5a51-4f19-a6f2-08d6bc238121",
"created_by_ref": "identity--5ec74ba3-ff5f-4a42-8f3c-9c745c902d69",
"created": "2022-07-02T04:22:03.078608Z",
"modified": "2022-07-02T04:22:03.078608Z",
"id": "attack-pattern--2f9be5f3-9474-46c1-9bf8-038577c4b6a8",
"created_by_ref": "identity--436a153e-6a13-48ad-a2af-c9e7835e72c6",
"created": "2022-07-02T17:28:36.946914Z",
"modified": "2022-07-02T17:28:36.946914Z",
"name": "Flooding the Information Space",
"description": "TA17",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--fb3da8f5-ec81-4e38-987c-d306969b80f3"
"marking-definition--8b1f7930-6755-4a68-b5b7-7c56854b3178"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f3937d9d-e853-48e0-a8a3-54b4e2031cd1.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--2fd5387c-c9c4-4de2-bcb7-0ef7364b819c.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--235dd078-fae2-4919-a807-12707a95e061",
"id": "bundle--f1f19d39-4b1c-4a41-b7d7-6fd40a205fd1",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--f3937d9d-e853-48e0-a8a3-54b4e2031cd1",
"created_by_ref": "identity--30e6a20f-377e-4ce8-82bd-07b78df48f7a",
"created": "2022-07-02T04:22:03.115834Z",
"modified": "2022-07-02T04:22:03.115834Z",
"id": "attack-pattern--2fd5387c-c9c4-4de2-bcb7-0ef7364b819c",
"created_by_ref": "identity--2c02fedc-a9cd-4754-8a58-896f08e0ea5e",
"created": "2022-07-02T17:28:36.972415Z",
"modified": "2022-07-02T17:28:36.972415Z",
"name": "Create Anonymous Accounts",
"description": "Anonymous accounts or anonymous users refer to users that access network resources without providing a username or password. An influence operation may use anonymous accounts to spread content without direct attribution to the operation. ",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--edd36372-439a-429a-b96a-a9dfadbb9935"
"marking-definition--65f4f1c7-429e-48d7-b2eb-1ab8f4b93ad1"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--89d40adf-6f6e-418f-8e27-1dd214995c1d.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3006fa0c-25d6-4ea8-a9fa-bcaa272fbc1d.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--4f1a4d29-ca8d-4dac-9abe-d07cd10872fb",
"id": "bundle--97d96271-2a77-42c4-b89e-d221d070421a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--89d40adf-6f6e-418f-8e27-1dd214995c1d",
"created_by_ref": "identity--bd0397d0-ecb1-4c94-86c4-e59dabd8fb22",
"created": "2022-07-02T04:22:03.089303Z",
"modified": "2022-07-02T04:22:03.089303Z",
"id": "attack-pattern--3006fa0c-25d6-4ea8-a9fa-bcaa272fbc1d",
"created_by_ref": "identity--e2a4a14b-d618-47fb-a484-0ebf40082161",
"created": "2022-07-02T17:28:36.979605Z",
"modified": "2022-07-02T17:28:36.979605Z",
"name": "Create personas",
"description": "TA16",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--aa73818a-574c-41a6-8aa3-67f50ec203ec"
"marking-definition--95c5aee8-695f-4b68-97be-e450e309fc98"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--30d1076a-9f74-4aba-a61a-20339888ef0f.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--52ad0c80-d682-48ab-88bd-f695b78bc979",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--30d1076a-9f74-4aba-a61a-20339888ef0f",
"created_by_ref": "identity--daa93585-f755-4265-9a71-9228e2f539b0",
"created": "2022-07-02T17:28:36.97672Z",
"modified": "2022-07-02T17:28:36.97672Z",
"name": "Fund Proxies",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0093.001.md",
"external_id": "T0093.001"
}
],
"object_marking_refs": [
"marking-definition--cf502bed-e521-4459-9578-2bcee6a94a2b"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--17ae8352-79ab-4160-b192-cd70463fdba0.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--337c05bc-515b-48e0-bf5c-d4cdd5bc7bba.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--6e92b4de-538c-4693-bf93-6eef6ef89a7f",
"id": "bundle--84234c7f-3f20-4fb6-8c96-1d8f8ad26ec6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--17ae8352-79ab-4160-b192-cd70463fdba0",
"created_by_ref": "identity--4f14919c-6b5b-4c17-a196-d221bbe9c5fb",
"created": "2022-07-02T04:22:03.123637Z",
"modified": "2022-07-02T04:22:03.123637Z",
"id": "attack-pattern--337c05bc-515b-48e0-bf5c-d4cdd5bc7bba",
"created_by_ref": "identity--0c7a74b3-5f15-4ce9-a4d6-801bc9e3d440",
"created": "2022-07-02T17:28:36.982541Z",
"modified": "2022-07-02T17:28:36.982541Z",
"name": "Co-Opt Trusted Individuals",
"description": "nan",
"description": "TA16",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--15123be0-5444-4596-837d-2a145f419356"
"marking-definition--949b58c0-5ed3-4978-ae48-7387549fc4d4"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--9814e8c1-6928-42c1-a64d-1f7bee4cb632.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--33b83d49-01b3-452e-a68a-abd77118353c.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--b7f29e32-3976-4f42-8656-964d6725171f",
"id": "bundle--4843672c-fdd3-4661-8589-805cce0c0e89",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9814e8c1-6928-42c1-a64d-1f7bee4cb632",
"created_by_ref": "identity--481c67a1-5f2d-4d66-a0d7-f8f2a6186526",
"created": "2022-07-02T04:22:03.131073Z",
"modified": "2022-07-02T04:22:03.131073Z",
"id": "attack-pattern--33b83d49-01b3-452e-a68a-abd77118353c",
"created_by_ref": "identity--d35baed2-802e-40cf-9085-4d69a570edbb",
"created": "2022-07-02T17:28:36.993711Z",
"modified": "2022-07-02T17:28:36.993711Z",
"name": "Social media",
"description": "nan",
"description": "TA09",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--b2674001-3c3f-4443-83e1-9d6427a06150"
"marking-definition--038ce6ff-3de1-44a4-8d08-4ad223468071"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3603a527-d7c9-4562-ae2d-e66c49d597c5.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--2bfd3917-fa95-4c2f-a092-85dab6f191a0",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3603a527-d7c9-4562-ae2d-e66c49d597c5",
"created_by_ref": "identity--c29dd83e-f875-4496-8482-ba54f2fdd2c4",
"created": "2022-07-02T17:28:36.951707Z",
"modified": "2022-07-02T17:28:36.951707Z",
"name": "Sell Merchandise",
"description": "TA10",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-offline-activity"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0061.001.md",
"external_id": "T0061.001"
}
],
"object_marking_refs": [
"marking-definition--2b2cf559-3b13-45de-be95-97ef4de6c069"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--9db0dca3-1313-4a7e-8f77-0d4417710dc8.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--37b3cf33-f0bf-40ed-9b97-0bb74ede8923.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--d701eb63-ce8d-40a1-9658-d4a49b121d65",
"id": "bundle--c601d953-70fb-4f7b-b754-cbaf7540f755",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9db0dca3-1313-4a7e-8f77-0d4417710dc8",
"created_by_ref": "identity--e69adbcf-af5e-4a37-96bb-1a8cbefb9d74",
"created": "2022-07-02T04:22:03.132653Z",
"modified": "2022-07-02T04:22:03.132653Z",
"id": "attack-pattern--37b3cf33-f0bf-40ed-9b97-0bb74ede8923",
"created_by_ref": "identity--6680323a-b44b-43c4-84cf-d75feae5cd0e",
"created": "2022-07-02T17:28:36.995942Z",
"modified": "2022-07-02T17:28:36.995942Z",
"name": "Post inauthentic social media comment",
"description": "Use government-paid social media commenters, astroturfers, chat bots (programmed to reply to specific key words/hashtags) influence online conversations, product reviews, web-site comment forums.",
"description": "TA09",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--1d91d248-0547-431e-9d07-1918356fbccb"
"marking-definition--50cb9240-ed4f-4b34-819b-bbac3de7aa77"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--386a6daa-c8f0-4670-bba9-032268352689.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--00f61f95-8a6e-4c62-889e-15d702d2bedd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--386a6daa-c8f0-4670-bba9-032268352689",
"created_by_ref": "identity--1480f942-a431-436e-b271-62f6f3535a6d",
"created": "2022-07-02T04:22:03.106864Z",
"modified": "2022-07-02T04:22:03.106864Z",
"name": "Demographic Segmentation",
"description": "An influence operation may target populations based on demographic segmentation, including age, gender, and income. Demographic segmentation may be useful for influence operations aiming to change state policies that affect a specific population sector. For example, an influence operation attempting to influence Medicare funding in the United States would likely target U.S. voters over 65 years of age. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0072.002.md",
"external_id": "T0072.002"
}
],
"object_marking_refs": [
"marking-definition--5f49ef6e-0170-43b1-a860-f4f6de42a9ea"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--546ca620-e626-4a82-8e4d-74f4f99115a9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--38a623d7-b925-49be-ac03-cae2586cea18.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--fe6a1418-ec87-41e5-879a-52e8f5656cdf",
"id": "bundle--bf928adf-65cb-4ba8-8511-eb5870649a14",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--546ca620-e626-4a82-8e4d-74f4f99115a9",
"created_by_ref": "identity--e6003b7e-b5ad-4631-90fc-4e2d5c731ea1",
"created": "2022-07-02T04:22:03.153388Z",
"modified": "2022-07-02T04:22:03.153388Z",
"id": "attack-pattern--38a623d7-b925-49be-ac03-cae2586cea18",
"created_by_ref": "identity--c61a981a-70e8-4a9c-9859-7ec335a6f1ab",
"created": "2022-07-02T17:28:37.017787Z",
"modified": "2022-07-02T17:28:37.017787Z",
"name": "Social media engagement",
"description": "Monitor and evaluate social media engagement in misinformation incidents.",
"description": "TA12",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--60fcd5b8-9847-4f12-af20-2975c86fc2ae"
"marking-definition--e84d6ddf-8e22-4eba-8a3c-f124b697d642"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--38ac5a3d-12b5-46e5-9875-00514da8587a.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--af38b9a2-c6bb-46c5-a552-70877ef062a6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--38ac5a3d-12b5-46e5-9875-00514da8587a",
"created_by_ref": "identity--5fa8da8d-6fbd-4155-9d06-a0dcc3b6dd7d",
"created": "2022-07-02T17:28:37.01039Z",
"modified": "2022-07-02T17:28:37.01039Z",
"name": "Remove Post Origins",
"description": "TA11",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0129.009.md",
"external_id": "T0129.009"
}
],
"object_marking_refs": [
"marking-definition--9abfc32c-4daa-440b-a6ad-439fb022dfc6"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--5396f0c0-9a8c-48c9-ba26-7c1cb8a4ddfb.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3a537720-049d-431e-84ee-33627eb44661.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d6b770c7-ffd3-4d86-9478-09ba9b1a8ddd",
"id": "bundle--40d50772-60a9-49c3-8069-d01119a25f45",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--5396f0c0-9a8c-48c9-ba26-7c1cb8a4ddfb",
"created_by_ref": "identity--e7a82b59-1d03-4c90-8022-f6ca17d33c4f",
"created": "2022-07-02T04:22:03.081798Z",
"modified": "2022-07-02T04:22:03.081798Z",
"id": "attack-pattern--3a537720-049d-431e-84ee-33627eb44661",
"created_by_ref": "identity--02ab167a-a990-4a18-bc06-c7cf6a1a272e",
"created": "2022-07-02T17:28:36.955313Z",
"modified": "2022-07-02T17:28:36.955313Z",
"name": "Determine Strategic Ends",
"description": "TA01",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--d29e6e81-7178-44cb-82e5-4555d023e588"
"marking-definition--71798dc3-96c8-4bfd-9201-e3caa51814d0"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3dc7575f-3242-497a-a47c-23d50e05cbfc.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--6b1867dd-0068-4439-9fa5-36b5beeec319",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3dc7575f-3242-497a-a47c-23d50e05cbfc",
"created_by_ref": "identity--a7a4f86b-050a-45f8-be5d-d6c0d2be6bf5",
"created": "2022-07-02T17:28:36.973402Z",
"modified": "2022-07-02T17:28:36.973402Z",
"name": "Create Sockpuppet Accounts",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.004.md",
"external_id": "T0090.004"
}
],
"object_marking_refs": [
"marking-definition--13adfddf-3975-421a-963b-753e100927e1"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1944a6a4-0101-4c95-bd6d-1d8b674a712f.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3f07b243-8d61-425e-8bef-b8d95ae62936.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c462fbd1-20a6-459a-b27e-76994b09c797",
"id": "bundle--27a49500-859a-4621-83a9-f86bc4b132f5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1944a6a4-0101-4c95-bd6d-1d8b674a712f",
"created_by_ref": "identity--2ce1558c-41e6-4805-b4d8-19824d5d876b",
"created": "2022-07-02T04:22:03.075336Z",
"modified": "2022-07-02T04:22:03.075336Z",
"id": "attack-pattern--3f07b243-8d61-425e-8bef-b8d95ae62936",
"created_by_ref": "identity--e243c433-c58f-4fa9-8e7c-364d0264456e",
"created": "2022-07-02T17:28:36.94173Z",
"modified": "2022-07-02T17:28:36.94173Z",
"name": "Online polls",
"description": "TA07",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--bc185ad5-3887-4955-bda7-998d5442b6c1"
"marking-definition--0b503589-dec6-442f-8ea6-4929218b727e"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3f7ef990-a068-4591-bb39-374ba03e488e.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--a0078d08-a5b2-44f7-9168-02492767c46f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3f7ef990-a068-4591-bb39-374ba03e488e",
"created_by_ref": "identity--d7a9f0ab-41f5-4fa8-8e45-b1252a91fb6e",
"created": "2022-07-02T04:22:03.116872Z",
"modified": "2022-07-02T04:22:03.116872Z",
"name": "Create Sockpuppet Accounts",
"description": "Sockpuppet accounts refer to falsified accounts that either promote the influence operation\u2019s own material or attack critics of the material online. Individuals who control sockpuppet accounts also man at least one other user account.67 Sockpuppet accounts help legitimize operation narratives by providing an appearance of external support for the material and discrediting opponents of the operation. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.004.md",
"external_id": "T0090.004"
}
],
"object_marking_refs": [
"marking-definition--d0cf236d-6895-4ff5-9462-4a81418b78c0"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3ff18f87-55ce-47c5-822d-94f2cd6aeb9f.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--45de2d42-8a12-47c4-bf59-2c9510105e0e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3ff18f87-55ce-47c5-822d-94f2cd6aeb9f",
"created_by_ref": "identity--4eb4c2a4-3763-434b-b492-479c3f3cc162",
"created": "2022-07-02T17:28:36.962946Z",
"modified": "2022-07-02T17:28:36.962946Z",
"name": "Identify Media System Vulnerabilities",
"description": "TA13",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0081.008.md",
"external_id": "T0081.008"
}
],
"object_marking_refs": [
"marking-definition--6e6a2078-8bd8-4fc4-a609-02a11a8f77b2"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d705267-24bc-49d0-9cb8-db20ef0e4312.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3ff7e5b9-ac4b-44f9-81d7-1475ee208c20.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--8cf627d4-3a60-4ee9-a868-942162d2485d",
"id": "bundle--752b6734-8756-487c-8861-b1ff70708910",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d705267-24bc-49d0-9cb8-db20ef0e4312",
"created_by_ref": "identity--20aa7572-2e93-461d-850d-b32ececde944",
"created": "2022-07-02T04:22:03.107865Z",
"modified": "2022-07-02T04:22:03.107865Z",
"id": "attack-pattern--3ff7e5b9-ac4b-44f9-81d7-1475ee208c20",
"created_by_ref": "identity--d0ea6102-778f-4d35-a141-4d7ab4a8dd71",
"created": "2022-07-02T17:28:36.954654Z",
"modified": "2022-07-02T17:28:36.954654Z",
"name": "Political Segmentation",
"description": "An influence operation may target populations based on their political affiliations, especially when aiming to manipulate voting or change policy.",
"description": "TA13",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--9aa856d8-de84-4e6b-b348-1e5d8f5726e7"
"marking-definition--5f9a364f-d1e8-42f6-a108-bba8d4b1eb70"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--a03a748d-983f-4ef6-82ec-4c5c69973cc6.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--400167bb-0e28-4499-93f5-984882266303.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--847feffe-82ef-438d-897f-4825eb4a647a",
"id": "bundle--b4688e92-11f4-42c9-8f52-97214e368541",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--a03a748d-983f-4ef6-82ec-4c5c69973cc6",
"created_by_ref": "identity--9548aa16-8337-4f58-b26d-ecdd657b5287",
"created": "2022-07-02T04:22:03.120452Z",
"modified": "2022-07-02T04:22:03.120452Z",
"id": "attack-pattern--400167bb-0e28-4499-93f5-984882266303",
"created_by_ref": "identity--d126a8c5-2a78-4e8d-b0fd-931dd6144a90",
"created": "2022-07-02T17:28:36.936279Z",
"modified": "2022-07-02T17:28:36.936279Z",
"name": "From bad actors",
"description": "nan",
"description": "TA15",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--2b497558-90d0-4176-a387-df86189be5b1"
"marking-definition--13271717-f1ee-4a94-94c3-8570cf814242"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3cbdc5fc-976d-4264-9b9f-3657f6d81121.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--418a55bf-5c5e-4a90-8f10-a18fc80a2964.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c7f86136-7a91-4d47-8ed6-9cd49aab357f",
"id": "bundle--b7c36349-548f-4780-92b3-f30d0e533f92",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3cbdc5fc-976d-4264-9b9f-3657f6d81121",
"created_by_ref": "identity--bc58f435-38a0-43a8-872a-2d210fd9b889",
"created": "2022-07-02T04:22:03.0992Z",
"modified": "2022-07-02T04:22:03.0992Z",
"id": "attack-pattern--418a55bf-5c5e-4a90-8f10-a18fc80a2964",
"created_by_ref": "identity--cb3afbf2-a35b-4868-b001-0b1eb75d6194",
"created": "2022-07-02T17:28:37.004582Z",
"modified": "2022-07-02T17:28:37.004582Z",
"name": "Physical Violence",
"description": "TA10",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--ee0aa1ee-fbc9-4403-a81a-8221eb70c6ba"
"marking-definition--323e88e9-808d-4c69-b9e6-e2ab8bae52cf"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--de48f162-abb1-440e-b264-04ba0a9e6881.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--41bdae21-3938-47e4-81e9-a4ffa5cffb61.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--2635912e-0913-4fcc-a8b8-1bc2b4f96994",
"id": "bundle--07ef12c6-feea-4090-a042-034ce93b57fb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--de48f162-abb1-440e-b264-04ba0a9e6881",
"created_by_ref": "identity--e93cccfb-8374-4e23-b068-1d6a2fbffaf1",
"created": "2022-07-02T04:22:03.089954Z",
"modified": "2022-07-02T04:22:03.089954Z",
"id": "attack-pattern--41bdae21-3938-47e4-81e9-a4ffa5cffb61",
"created_by_ref": "identity--b8dac218-44eb-4225-b0fe-4c2a4ffce874",
"created": "2022-07-02T17:28:36.981264Z",
"modified": "2022-07-02T17:28:36.981264Z",
"name": "Prepare Assets Impersonating Legitimate Entities",
"description": "TA16",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3f116c43-211e-44ed-8372-f3bbc3a5de98"
"marking-definition--58b0ef60-3d30-4e7b-91df-d046144e0854"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2a372db3-69c5-42bb-b257-c43684bede04.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--429a7e7f-98f4-48e9-a5a0-a2a8d7038f4d.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--5a05a6e7-8708-41a8-be75-2d064fd8a73c",
"id": "bundle--1ee1fef2-9045-4e88-a1aa-750f6939d6be",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2a372db3-69c5-42bb-b257-c43684bede04",
"created_by_ref": "identity--3826a366-a12c-4ab2-979b-0f2759cccabe",
"created": "2022-07-02T04:22:03.136189Z",
"modified": "2022-07-02T04:22:03.136189Z",
"id": "attack-pattern--429a7e7f-98f4-48e9-a5a0-a2a8d7038f4d",
"created_by_ref": "identity--aaae704d-6e10-4815-ae51-38b77e67d8f6",
"created": "2022-07-02T17:28:36.998578Z",
"modified": "2022-07-02T17:28:36.998578Z",
"name": "Use Affiliate Marketing Programs",
"description": "nan",
"description": "TA17",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--6d3ba371-d32d-4521-825a-0ea65e443523"
"marking-definition--9a005f5e-76a7-46ac-88d9-7eda1fcc5668"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2ac3960b-813b-4722-ba29-9e692d88341b.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--429b3cc3-e187-450a-948e-49ef80c5b824.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--f1d5bf3b-2a36-4b06-8d75-2433d0ff313d",
"id": "bundle--32b50d1c-1ffe-4596-8ad9-8b2a2f737f1a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2ac3960b-813b-4722-ba29-9e692d88341b",
"created_by_ref": "identity--88f2a537-1478-489d-9cf1-6281cd09fe3a",
"created": "2022-07-02T04:22:03.138733Z",
"modified": "2022-07-02T04:22:03.138733Z",
"id": "attack-pattern--429b3cc3-e187-450a-948e-49ef80c5b824",
"created_by_ref": "identity--15d3df4a-6b30-42ad-9069-4699987dc370",
"created": "2022-07-02T17:28:37.001042Z",
"modified": "2022-07-02T17:28:37.001042Z",
"name": "Block Content",
"description": "Content blocking refers to actions taken to restrict internet access or render certain areas of the internet inaccessible. An influence operation may restrict content based on both network and content attributes. ",
"description": "TA18",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--16a459ec-0f6b-4501-8308-a1b5fb1c17f9"
"marking-definition--2fcce406-610d-47ed-a93e-19f2d05f9d89"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2025e8cd-69d0-48df-b8f7-d945860a0034.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--42bc5436-0436-4120-81f3-ebc41c61a157.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--d1723c74-1b85-4f8a-ba54-8f88e7a5a612",
"id": "bundle--c10ec805-431d-4ca5-ac9d-5f2dce27ec1f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2025e8cd-69d0-48df-b8f7-d945860a0034",
"created_by_ref": "identity--a9f26548-18ad-408b-a602-5c6cb0d52008",
"created": "2022-07-02T04:22:03.125907Z",
"modified": "2022-07-02T04:22:03.125907Z",
"id": "attack-pattern--42bc5436-0436-4120-81f3-ebc41c61a157",
"created_by_ref": "identity--9bf6e66d-85dc-42c2-b742-81ea30b64a3f",
"created": "2022-07-02T17:28:36.943681Z",
"modified": "2022-07-02T17:28:36.943681Z",
"name": "Use Unencrypted Chats Apps",
"description": "nan",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--d5edaffd-54c8-407e-8df9-8d08328a4e8b"
"marking-definition--cdac0b8f-298e-4fa6-838d-9fd6f238c6b1"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--90193cf9-5cc8-4af5-98b4-0b24ba83c7ee.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4459b053-585e-4160-b54c-de6db94f0d08.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--c4ab6521-6ead-4f69-af54-671eafe552b6",
"id": "bundle--b59c9b02-6619-4fff-b813-dfa4212e1892",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--90193cf9-5cc8-4af5-98b4-0b24ba83c7ee",
"created_by_ref": "identity--68b8274a-f361-49a2-8176-a95bc483971f",
"created": "2022-07-02T04:22:03.071431Z",
"modified": "2022-07-02T04:22:03.071431Z",
"id": "attack-pattern--4459b053-585e-4160-b54c-de6db94f0d08",
"created_by_ref": "identity--e3567cc7-e95b-466d-8d15-04bf5c479949",
"created": "2022-07-02T17:28:36.934998Z",
"modified": "2022-07-02T17:28:36.934998Z",
"name": "Cultivate ignorant agents",
"description": "TA15",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--45d1c510-525f-4cba-87bc-55f6accf6e4a"
"marking-definition--2f5402f3-bdd4-4881-900a-c45226181bff"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--9be08cf5-8b9e-469f-8d45-40afaf29aec4.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--467c2c32-1353-4c04-b5cc-3707f88885eb.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--0b2807c0-522d-481b-925f-34b88dfad9a9",
"id": "bundle--0cdc57c7-b7aa-435d-a5c8-88f124b19bbd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--9be08cf5-8b9e-469f-8d45-40afaf29aec4",
"created_by_ref": "identity--bca2e702-4da8-49ee-b3c5-b54bc52de544",
"created": "2022-07-02T04:22:03.12915Z",
"modified": "2022-07-02T04:22:03.12915Z",
"id": "attack-pattern--467c2c32-1353-4c04-b5cc-3707f88885eb",
"created_by_ref": "identity--fb6a7205-93f9-47a2-b905-164612715e59",
"created": "2022-07-02T17:28:36.988932Z",
"modified": "2022-07-02T17:28:36.988932Z",
"name": "Video Sharing",
"description": "Examples include Youtube, TikTok, ShareChat, Rumble, etc",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--4b4f4304-5490-48fc-b30a-9c6314c9bd04"
"marking-definition--70e398d5-01c2-488d-a134-b31291a13f30"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--48eedefd-139c-40f7-aa22-ba1cb4309929.json
View File

@ -1,39 +0,0 @@
{
"type": "bundle",
"id": "bundle--5cfa8634-d1da-46a5-b0f1-c4064aca6305",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--48eedefd-139c-40f7-aa22-ba1cb4309929",
"created_by_ref": "identity--215ae8be-cd5c-423e-8544-77754395d4a9",
"created": "2022-07-02T04:22:03.144511Z",
"modified": "2022-07-02T04:22:03.144511Z",
"name": "Change Names of Accounts",
"description": "Changing names of accounts occurs when an operation changes the name of an existing social media account. An operation may change the names of its accounts throughout an operation to avoid detection or alter the names of newly acquired or repurposed accounts to fit operational narratives. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0128.005.md",
"external_id": "T0128.005"
}
],
"object_marking_refs": [
"marking-definition--341d5c91-8a26-4003-b588-db1cc4290d08"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--73bd1cae-ad4d-416b-8752-0fefdda8beb9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--494544eb-fb55-41f6-82f2-c2a180ebd8b4.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--becd32a2-16d9-4dc1-bbef-f977ba037861",
"id": "bundle--c3880f04-3178-4b22-af63-41b6bd5b90e4",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--73bd1cae-ad4d-416b-8752-0fefdda8beb9",
"created_by_ref": "identity--4e104e85-64c0-4001-a483-de2e781e4dd7",
"created": "2022-07-02T04:22:03.128834Z",
"modified": "2022-07-02T04:22:03.128834Z",
"id": "attack-pattern--494544eb-fb55-41f6-82f2-c2a180ebd8b4",
"created_by_ref": "identity--d754da6d-2eb3-4be0-af01-7e18f16c5c99",
"created": "2022-07-02T17:28:36.98859Z",
"modified": "2022-07-02T17:28:36.98859Z",
"name": "Photo Sharing",
"description": "Examples include Instagram, Snapchat, Flickr, etc",
"description": "TA07",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--b67c0a0d-0c27-474c-a080-f4d1ea370570"
"marking-definition--5bb3ffa6-a109-4437-a115-5dd27d72c8fe"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--887a9015-6d4a-4b69-b084-284d03ebed32.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4a00df0a-8591-451b-9f3c-1980c6856dca.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--88fadfa0-d8a2-410a-8fb5-55811982dab6",
"id": "bundle--6dcd9661-5fc5-429b-bf6e-cd13ac96d903",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--887a9015-6d4a-4b69-b084-284d03ebed32",
"created_by_ref": "identity--4ca338bb-6c23-43fb-bf7a-a183dc1cf3c7",
"created": "2022-07-02T04:22:03.071769Z",
"modified": "2022-07-02T04:22:03.071769Z",
"id": "attack-pattern--4a00df0a-8591-451b-9f3c-1980c6856dca",
"created_by_ref": "identity--64dbec6e-dba1-4e7a-8395-7ff125342095",
"created": "2022-07-02T17:28:36.935318Z",
"modified": "2022-07-02T17:28:36.935318Z",
"name": "Compromise legitimate accounts",
"description": "TA16",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--df27fb77-bf84-44a4-8194-10a9a383d923"
"marking-definition--310c0ee9-665a-4d4f-8f2f-e26211ee0359"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

12
generated_files/DISARM_STIX/attack-pattern/attack-pattern--36a63293-15c7-4641-b676-7dc3818a48a9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4a332cd3-c862-46e1-b571-e888a67ce45a.json
View File

@ -1,14 +1,14 @@
{
"type": "bundle",
"id": "bundle--d51e9bb6-fab8-4369-ae86-842621d03201",
"id": "bundle--6f7dc487-30a4-4033-a504-d58883c23e21",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--36a63293-15c7-4641-b676-7dc3818a48a9",
"created_by_ref": "identity--bf099cbe-a53c-4e8d-a917-30e757cb5e59",
"created": "2022-07-02T04:22:03.083111Z",
"modified": "2022-07-02T04:22:03.083111Z",
"id": "attack-pattern--4a332cd3-c862-46e1-b571-e888a67ce45a",
"created_by_ref": "identity--111045d1-6a2e-4077-a536-5024c741a30f",
"created": "2022-07-02T17:28:36.956907Z",
"modified": "2022-07-02T17:28:36.956907Z",
"name": "Dismay",
"description": "TA02",
"kill_chain_phases": [
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--3b3a7dc4-3a6c-4d1b-9223-cdf239b62306"
"marking-definition--4ba7978a-0a00-4041-91e0-da3e1f74bef5"
],
"x_mitre_is_subtechnique": false,
"x_mitre_platforms": [

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--78655b7b-356a-4b4a-8de6-c88991347241.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4a3f721a-82a7-43b6-9889-acacda9e7617.json
View File

@ -1,16 +1,16 @@
{
"type": "bundle",
"id": "bundle--a9bb872f-122a-4ac8-84d0-bba6b7f31cb8",
"id": "bundle--4fc0c07f-0631-4124-bcc3-ac1e67534096",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--78655b7b-356a-4b4a-8de6-c88991347241",
"created_by_ref": "identity--60e2acb8-0e8b-4a28-b440-8e8bdafbf599",
"created": "2022-07-02T04:22:03.142273Z",
"modified": "2022-07-02T04:22:03.142273Z",
"id": "attack-pattern--4a3f721a-82a7-43b6-9889-acacda9e7617",
"created_by_ref": "identity--b030e5ed-8218-4f2c-9be2-e5ec9ade718c",
"created": "2022-07-02T17:28:37.004906Z",
"modified": "2022-07-02T17:28:37.004906Z",
"name": "Conduct Physical Violence",
"description": "nan",
"description": "TA10",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
@ -25,7 +25,7 @@
}
],
"object_marking_refs": [
"marking-definition--c7f22c25-31fb-4568-bbee-9a7d41099468"
"marking-definition--bbe1fb76-4b7e-4eff-b804-227cf10f9e19"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [

Some files were not shown because too many files have changed in this diff Show More