Git-Mirrors/DISARMframeworks
1
0
Fork 0
mirror of https://github.com/DISARMFoundation/DISARMframeworks.git synced 2025-01-13 08:19:41 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4 from DISARMFoundation/subtechniques

Browse Source 
Subtechniques
This commit is contained in:
VVX7 2022-07-01 21:30:43 -07:00 committed by GitHub
commit fc124b877c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
444 changed files with 17281 additions and 1792 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CODE/DISARM-STIX2/main.py
View File

@ -11,7 +11,7 @@ from stix2 import (Bundle, AttackPattern, ThreatActor, IntrusionSet, Relationshi
from stix2.properties import (ReferenceProperty, ListProperty, StringProperty, TimestampProperty, BooleanProperty, IntegerProperty) from stix2.properties import (ReferenceProperty, ListProperty, StringProperty, TimestampProperty, BooleanProperty, IntegerProperty)
import helpers import helpers
from objects import tactic, technique, matrix, bundle from objects import tactic, technique, matrix, bundle, relationship
from helpers import xlsx, file from helpers import xlsx, file
@ -25,18 +25,19 @@ def generate_disarm_stix():
tactics = tactic.make_disarm_tactics(data) tactics = tactic.make_disarm_tactics(data)
techniques = technique.make_disarm_techniques(data) techniques = technique.make_disarm_techniques(data)
subtechniques = technique.make_disarm_subtechniques(data)
subtechnique_relationships = relationship.make_disarm_subtechnique_relationships(techniques, subtechniques)
navigator_matrix = matrix.make_disarm_matrix(tactics) navigator_matrix = matrix.make_disarm_matrix(tactics)
stix_objects = [] stix_objects = []
stix_objects.append(tactics) stix_objects.append(tactics)
stix_objects.append(techniques) stix_objects.append(techniques)
stix_objects.append(subtechniques)
stix_objects.append(subtechnique_relationships)
stix_objects.append(navigator_matrix) stix_objects.append(navigator_matrix)
stix_objects = [item for sublist in stix_objects for item in sublist] stix_objects = [item for sublist in stix_objects for item in sublist]
# for i in stix_objects:
# print(i)
disarm_bundle = bundle.make_stix_bundle(stix_objects) disarm_bundle = bundle.make_stix_bundle(stix_objects)
helpers.file.clean_output_dir() helpers.file.clean_output_dir()
@ -44,6 +45,5 @@ def generate_disarm_stix():
helpers.file.write_bundle(disarm_bundle, "DISARM") helpers.file.write_bundle(disarm_bundle, "DISARM")
if __name__ == "__main__": if __name__ == "__main__":
generate_disarm_stix() generate_disarm_stix()

5
CODE/DISARM-STIX2/objects/matrix.py
View File

@ -34,11 +34,6 @@ def make_disarm_matrix(tactics):
] ]
name = 'DISARM Framework' name = 'DISARM Framework'
# print(tactics)
# p =[i.id for i in tactics]
# r = properties.ReferenceProperty()
# f = properties.ListProperty(r)
tactic_refs = [i.id for i in tactics] tactic_refs = [i.id for i in tactics]
matrix = Matrix( matrix = Matrix(

24
CODE/DISARM-STIX2/objects/relationship.py
View File

@ -19,3 +19,27 @@ def make_disarm_subtechnique_relationship(source, target):
) )
return relationship return relationship
def make_disarm_subtechnique_relationships(techniques, subtechniques):
"""Creates a map of technique and sub-technique.
Args:
techniques (list): List of STIX2 technique objects.
subtechniques (list): List of STIX2 subtechnique objects.
Returns:
A Relationship object.
"""
technique_ids = {}
for technique in techniques:
technique_ids[technique["external_references"][0]["external_id"]] = technique["id"]
relationships = []
for subtechnique in subtechniques:
technique_id = technique_ids[subtechnique["external_references"][0]["external_id"].split(".")[0]]
relationship = make_disarm_subtechnique_relationship(subtechnique["id"], technique_id)
relationships.append(relationship)
return relationships

16
CODE/DISARM-STIX2/objects/tactic.py
View File

@ -3,6 +3,11 @@ from stix2 import CustomObject, properties, ExternalReference
import objects.marking_definition import objects.marking_definition
from objects import identity, marking_definition from objects import identity, marking_definition
valid_tactics = ["plan-strategy", "plan-objectives", "microtarget", "develop-content",
"select-channels-and-affordances", "conduct-pump-priming", "deliver-content",
"drive-offline-activity", "persist-in-the-information-environment", "assess-effectiveness",
"target-audience-analysis", "develop-narratives", "establish-social-assets", "establish-legitimacy",
"maximize-exposure", "drive-online-harms"]
@CustomObject('x-mitre-tactic', [ @CustomObject('x-mitre-tactic', [
('name', properties.StringProperty(required=True)), ('name', properties.StringProperty(required=True)),
@ -12,14 +17,8 @@ from objects import identity, marking_definition
]) ])
class Tactic(object): class Tactic(object):
def __init__(self, x_mitre_shortname=None, **kwargs): def __init__(self, x_mitre_shortname=None, **kwargs):
if x_mitre_shortname and x_mitre_shortname not in ["strategic-planning", "objective-planning", if x_mitre_shortname and x_mitre_shortname not in valid_tactics:
"develop-people", "develop-persona", raise ValueError("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
"develop-networks", "microtargeting", "develop-content",
"channel-selection", "pump-priming", "exposure",
"go-physical",
"persistence", "measure-effectiveness"]:
# raise ValueError("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
print("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
def make_disarm_tactics(data): def make_disarm_tactics(data):
@ -54,4 +53,3 @@ def make_disarm_tactics(data):
tactics.append(tactic) tactics.append(tactic)
return tactics return tactics

54
CODE/DISARM-STIX2/objects/technique.py
View File

@ -19,7 +19,7 @@ def make_disarm_techniques(data):
for t in data["techniques"].values.tolist(): for t in data["techniques"].values.tolist():
external_references = [ external_references = [
{ {
'external_id': f'{t[0]}', 'external_id': f'{t[0]}'.strip(),
'source_name': 'DISARM', 'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md' 'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
} }
@ -50,7 +50,7 @@ def make_disarm_techniques(data):
kill_chain_phases=kill_chain_phases, kill_chain_phases=kill_chain_phases,
custom_properties={ custom_properties={
'x_mitre_platforms': x_mitre_platforms, 'x_mitre_platforms': x_mitre_platforms,
'x_mitre_version': "1,0", 'x_mitre_version': "1.0",
'x_mitre_is_subtechnique': x_mitre_is_subtechnique 'x_mitre_is_subtechnique': x_mitre_is_subtechnique
} }
) )
@ -59,13 +59,57 @@ def make_disarm_techniques(data):
return techniques return techniques
def make_subtechnique_map(techinques): def make_disarm_subtechniques(data):
""" """
Args: Args:
techinques: data: The xlsx subtechnique sheet.
Returns: Returns:
""" """
pass tacdict = pd.Series(data["tactics"].name.values, index=data["tactics"].disarm_id).to_dict()
techdict = pd.Series(data["techniques"].tactic_id.values, index=data["techniques"].disarm_id).to_dict()
subtechniques = []
for t in data["subtechniques"].values.tolist():
external_references = [
{
'external_id': f'{t[0]}'.strip(),
'source_name': 'DISARM',
'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
}
]
kill_chain_phases = [
{
'phase_name': tacdict[techdict[t[2]]].replace(' ', '-').lower(),
'kill_chain_name': 'mitre-attack'
}
]
subtechnique = t[0].split(".")
x_mitre_is_subtechnique = False
if len(subtechnique) > 1:
x_mitre_is_subtechnique = True
# MITRE ATT&CK Navigator expect techniques to have at least one of these platforms.
# Without one, the technique will not render in the Navigator.
x_mitre_platforms = 'Windows', 'Linux', 'Mac'
technique = AttackPattern(
name=f"{t[1]}",
description=f"{t[3]}",
external_references=external_references,
object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
created_by_ref=objects.identity.make_disarm_identity(),
kill_chain_phases=kill_chain_phases,
custom_properties={
'x_mitre_platforms': x_mitre_platforms,
'x_mitre_version': "1.0",
'x_mitre_is_subtechnique': x_mitre_is_subtechnique
}
)
subtechniques.append(technique)
return subtechniques

258
CODE/generate_DISARM_pages.ipynb
View File

@ -18,7 +18,7 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 1, "execution_count": 2,
"metadata": { "metadata": {
"scrolled": true "scrolled": true
}, },
@ -35,248 +35,18 @@
"updated ../generated_pages/phases_index.md\n", "updated ../generated_pages/phases_index.md\n",
"Temp: objecttype tactic\n", "Temp: objecttype tactic\n",
"updated ../generated_pages/tactics_index.md\n", "updated ../generated_pages/tactics_index.md\n",
"Updating ../generated_pages/tactics/TA01.md\n",
"Updating ../generated_pages/tactics/TA02.md\n",
"Updating ../generated_pages/tactics/TA05.md\n",
"Updating ../generated_pages/tactics/TA06.md\n",
"Updating ../generated_pages/tactics/TA07.md\n",
"Updating ../generated_pages/tactics/TA08.md\n",
"Updating ../generated_pages/tactics/TA09.md\n",
"Updating ../generated_pages/tactics/TA10.md\n",
"Updating ../generated_pages/tactics/TA11.md\n",
"Updating ../generated_pages/tactics/TA12.md\n",
"Updating ../generated_pages/tactics/TA15.md\n",
"Temp: objecttype technique\n", "Temp: objecttype technique\n",
"updated ../generated_pages/techniques_index.md\n", "updated ../generated_pages/techniques_index.md\n",
"Updating ../generated_pages/techniques/T0002.md\n",
"Updating ../generated_pages/techniques/T0003.md\n",
"Updating ../generated_pages/techniques/T0004.md\n",
"Updating ../generated_pages/techniques/T0007.md\n",
"Updating ../generated_pages/techniques/T0009.md\n",
"Updating ../generated_pages/techniques/T0010.md\n",
"Updating ../generated_pages/techniques/T0011.md\n",
"Updating ../generated_pages/techniques/T0013.md\n",
"Updating ../generated_pages/techniques/T0014.md\n",
"Updating ../generated_pages/techniques/T0015.md\n",
"Updating ../generated_pages/techniques/T0016.md\n",
"Updating ../generated_pages/techniques/T0017.md\n",
"Updating ../generated_pages/techniques/T0018.md\n",
"Updating ../generated_pages/techniques/T0019.md\n",
"Updating ../generated_pages/techniques/T0020.md\n",
"Updating ../generated_pages/techniques/T0022.md\n",
"Updating ../generated_pages/techniques/T0023.md\n",
"Updating ../generated_pages/techniques/T0029.md\n",
"Updating ../generated_pages/techniques/T0040.md\n",
"Updating ../generated_pages/techniques/T0042.md\n",
"Updating ../generated_pages/techniques/T0043.md\n",
"Updating ../generated_pages/techniques/T0044.md\n",
"Updating ../generated_pages/techniques/T0045.md\n",
"Updating ../generated_pages/techniques/T0046.md\n",
"Updating ../generated_pages/techniques/T0047.md\n",
"Updating ../generated_pages/techniques/T0048.md\n",
"Updating ../generated_pages/techniques/T0049.md\n",
"Updating ../generated_pages/techniques/T0057.md\n",
"Updating ../generated_pages/techniques/T0059.md\n",
"Updating ../generated_pages/techniques/T0060.md\n",
"Updating ../generated_pages/techniques/T0061.md\n",
"Temp: objecttype task\n", "Temp: objecttype task\n",
"updated ../generated_pages/tasks_index.md\n", "updated ../generated_pages/tasks_index.md\n",
"Temp: objecttype incident\n", "Temp: objecttype incident\n",
"updated ../generated_pages/incidents_index.md\n", "updated ../generated_pages/incidents_index.md\n",
"Updating ../generated_pages/incidents/I00002.md\n",
"Updating ../generated_pages/incidents/I00005.md\n",
"Updating ../generated_pages/incidents/I00006.md\n",
"Updating ../generated_pages/incidents/I00007.md\n",
"Updating ../generated_pages/incidents/I00009.md\n",
"Updating ../generated_pages/incidents/I00010.md\n",
"Updating ../generated_pages/incidents/I00015.md\n",
"Updating ../generated_pages/incidents/I00017.md\n",
"Updating ../generated_pages/incidents/I00022.md\n",
"Updating ../generated_pages/incidents/I00029.md\n",
"Updating ../generated_pages/incidents/I00032.md\n",
"Updating ../generated_pages/incidents/I00033.md\n",
"Updating ../generated_pages/incidents/I00034.md\n",
"Updating ../generated_pages/incidents/I00042.md\n",
"Updating ../generated_pages/incidents/I00044.md\n",
"Updating ../generated_pages/incidents/I00047.md\n",
"Updating ../generated_pages/incidents/I00049.md\n",
"Updating ../generated_pages/incidents/I00050.md\n",
"Updating ../generated_pages/incidents/I00051.md\n",
"Updating ../generated_pages/incidents/I00053.md\n",
"Updating ../generated_pages/incidents/I00056.md\n",
"Updating ../generated_pages/incidents/I00063.md\n",
"Temp: objecttype counter\n", "Temp: objecttype counter\n",
"updated ../generated_pages/counters_index.md\n", "updated ../generated_pages/counters_index.md\n",
"Updating ../generated_pages/counters/C00006.md\n",
"Updating ../generated_pages/counters/C00008.md\n",
"Updating ../generated_pages/counters/C00009.md\n",
"Updating ../generated_pages/counters/C00010.md\n",
"Updating ../generated_pages/counters/C00011.md\n",
"Updating ../generated_pages/counters/C00012.md\n",
"Updating ../generated_pages/counters/C00013.md\n",
"Updating ../generated_pages/counters/C00014.md\n",
"Updating ../generated_pages/counters/C00016.md\n",
"Updating ../generated_pages/counters/C00017.md\n",
"Updating ../generated_pages/counters/C00019.md\n",
"Updating ../generated_pages/counters/C00021.md\n",
"Updating ../generated_pages/counters/C00022.md\n",
"Updating ../generated_pages/counters/C00024.md\n",
"Updating ../generated_pages/counters/C00026.md\n",
"Updating ../generated_pages/counters/C00027.md\n",
"Updating ../generated_pages/counters/C00029.md\n",
"Updating ../generated_pages/counters/C00030.md\n",
"Updating ../generated_pages/counters/C00031.md\n",
"Updating ../generated_pages/counters/C00034.md\n",
"Updating ../generated_pages/counters/C00036.md\n",
"Updating ../generated_pages/counters/C00040.md\n",
"Updating ../generated_pages/counters/C00042.md\n",
"Updating ../generated_pages/counters/C00044.md\n",
"Updating ../generated_pages/counters/C00046.md\n",
"Updating ../generated_pages/counters/C00048.md\n",
"Updating ../generated_pages/counters/C00051.md\n",
"Updating ../generated_pages/counters/C00052.md\n",
"Updating ../generated_pages/counters/C00053.md\n",
"Updating ../generated_pages/counters/C00058.md\n",
"Updating ../generated_pages/counters/C00059.md\n",
"Updating ../generated_pages/counters/C00060.md\n",
"Updating ../generated_pages/counters/C00065.md\n",
"Updating ../generated_pages/counters/C00066.md\n",
"Updating ../generated_pages/counters/C00067.md\n",
"Updating ../generated_pages/counters/C00070.md\n",
"Updating ../generated_pages/counters/C00071.md\n",
"Updating ../generated_pages/counters/C00072.md\n",
"Updating ../generated_pages/counters/C00073.md\n",
"Updating ../generated_pages/counters/C00074.md\n",
"Updating ../generated_pages/counters/C00076.md\n",
"Updating ../generated_pages/counters/C00078.md\n",
"Updating ../generated_pages/counters/C00080.md\n",
"Updating ../generated_pages/counters/C00081.md\n",
"Updating ../generated_pages/counters/C00082.md\n",
"Updating ../generated_pages/counters/C00084.md\n",
"Updating ../generated_pages/counters/C00085.md\n",
"Updating ../generated_pages/counters/C00086.md\n",
"Updating ../generated_pages/counters/C00087.md\n",
"Updating ../generated_pages/counters/C00090.md\n",
"Updating ../generated_pages/counters/C00091.md\n",
"Updating ../generated_pages/counters/C00092.md\n",
"Updating ../generated_pages/counters/C00093.md\n",
"Updating ../generated_pages/counters/C00096.md\n",
"Updating ../generated_pages/counters/C00097.md\n",
"Updating ../generated_pages/counters/C00098.md\n",
"Updating ../generated_pages/counters/C00099.md\n",
"Updating ../generated_pages/counters/C00101.md\n",
"Updating ../generated_pages/counters/C00103.md\n",
"Updating ../generated_pages/counters/C00105.md\n",
"Updating ../generated_pages/counters/C00106.md\n",
"Updating ../generated_pages/counters/C00107.md\n",
"Updating ../generated_pages/counters/C00111.md\n",
"Updating ../generated_pages/counters/C00112.md\n",
"Updating ../generated_pages/counters/C00113.md\n",
"Updating ../generated_pages/counters/C00114.md\n",
"Updating ../generated_pages/counters/C00115.md\n",
"Updating ../generated_pages/counters/C00117.md\n",
"Updating ../generated_pages/counters/C00118.md\n",
"Updating ../generated_pages/counters/C00119.md\n",
"Updating ../generated_pages/counters/C00120.md\n",
"Updating ../generated_pages/counters/C00121.md\n",
"Updating ../generated_pages/counters/C00122.md\n",
"Updating ../generated_pages/counters/C00123.md\n",
"Updating ../generated_pages/counters/C00124.md\n",
"Updating ../generated_pages/counters/C00125.md\n",
"Updating ../generated_pages/counters/C00126.md\n",
"Updating ../generated_pages/counters/C00128.md\n",
"Updating ../generated_pages/counters/C00129.md\n",
"Updating ../generated_pages/counters/C00130.md\n",
"Updating ../generated_pages/counters/C00131.md\n",
"Updating ../generated_pages/counters/C00133.md\n",
"Updating ../generated_pages/counters/C00135.md\n",
"Updating ../generated_pages/counters/C00136.md\n",
"Updating ../generated_pages/counters/C00138.md\n",
"Updating ../generated_pages/counters/C00142.md\n",
"Updating ../generated_pages/counters/C00143.md\n",
"Updating ../generated_pages/counters/C00147.md\n",
"Updating ../generated_pages/counters/C00148.md\n",
"Updating ../generated_pages/counters/C00149.md\n",
"Updating ../generated_pages/counters/C00153.md\n",
"Updating ../generated_pages/counters/C00154.md\n",
"Updating ../generated_pages/counters/C00155.md\n",
"Updating ../generated_pages/counters/C00156.md\n",
"Updating ../generated_pages/counters/C00160.md\n",
"Updating ../generated_pages/counters/C00161.md\n",
"Updating ../generated_pages/counters/C00162.md\n",
"Updating ../generated_pages/counters/C00164.md\n",
"Updating ../generated_pages/counters/C00169.md\n",
"Updating ../generated_pages/counters/C00172.md\n",
"Updating ../generated_pages/counters/C00174.md\n",
"Updating ../generated_pages/counters/C00176.md\n"
]
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"Updating ../generated_pages/counters/C00178.md\n",
"Updating ../generated_pages/counters/C00182.md\n",
"Updating ../generated_pages/counters/C00184.md\n",
"Updating ../generated_pages/counters/C00188.md\n",
"Updating ../generated_pages/counters/C00189.md\n",
"Updating ../generated_pages/counters/C00190.md\n",
"Updating ../generated_pages/counters/C00195.md\n",
"Updating ../generated_pages/counters/C00197.md\n",
"Updating ../generated_pages/counters/C00200.md\n",
"Updating ../generated_pages/counters/C00203.md\n",
"Updating ../generated_pages/counters/C00205.md\n",
"Updating ../generated_pages/counters/C00207.md\n",
"Updating ../generated_pages/counters/C00211.md\n",
"Updating ../generated_pages/counters/C00212.md\n",
"Updating ../generated_pages/counters/C00216.md\n",
"Temp: objecttype metatechnique\n", "Temp: objecttype metatechnique\n",
"updated ../generated_pages/metatechniques_index.md\n", "updated ../generated_pages/metatechniques_index.md\n",
"Updating ../generated_pages/metatechniques/M001.md\n",
"Updating ../generated_pages/metatechniques/M002.md\n",
"Updating ../generated_pages/metatechniques/M003.md\n",
"Updating ../generated_pages/metatechniques/M004.md\n",
"Updating ../generated_pages/metatechniques/M005.md\n",
"Updating ../generated_pages/metatechniques/M006.md\n",
"Updating ../generated_pages/metatechniques/M007.md\n",
"Updating ../generated_pages/metatechniques/M008.md\n",
"Updating ../generated_pages/metatechniques/M009.md\n",
"Updating ../generated_pages/metatechniques/M010.md\n",
"Updating ../generated_pages/metatechniques/M011.md\n",
"Updating ../generated_pages/metatechniques/M012.md\n",
"Updating ../generated_pages/metatechniques/M013.md\n",
"Updating ../generated_pages/metatechniques/M014.md\n",
"Temp: objecttype actortype\n", "Temp: objecttype actortype\n",
"updated ../generated_pages/actortypes_index.md\n", "updated ../generated_pages/actortypes_index.md\n",
"Updating ../generated_pages/actortypes/A001.md\n",
"Updating ../generated_pages/actortypes/A003.md\n",
"Updating ../generated_pages/actortypes/A004.md\n",
"Updating ../generated_pages/actortypes/A005.md\n",
"Updating ../generated_pages/actortypes/A006.md\n",
"Updating ../generated_pages/actortypes/A007.md\n",
"Updating ../generated_pages/actortypes/A008.md\n",
"Updating ../generated_pages/actortypes/A009.md\n",
"Updating ../generated_pages/actortypes/A010.md\n",
"Updating ../generated_pages/actortypes/A012.md\n",
"Updating ../generated_pages/actortypes/A013.md\n",
"Updating ../generated_pages/actortypes/A014.md\n",
"Updating ../generated_pages/actortypes/A015.md\n",
"Updating ../generated_pages/actortypes/A016.md\n",
"Updating ../generated_pages/actortypes/A017.md\n",
"Updating ../generated_pages/actortypes/A018.md\n",
"Updating ../generated_pages/actortypes/A019.md\n",
"Updating ../generated_pages/actortypes/A020.md\n",
"Updating ../generated_pages/actortypes/A021.md\n",
"Updating ../generated_pages/actortypes/A023.md\n",
"Updating ../generated_pages/actortypes/A024.md\n",
"Updating ../generated_pages/actortypes/A025.md\n",
"Updating ../generated_pages/actortypes/A026.md\n",
"Updating ../generated_pages/actortypes/A027.md\n",
"Updating ../generated_pages/actortypes/A028.md\n",
"Updating ../generated_pages/actortypes/A029.md\n",
"Updating ../generated_pages/actortypes/A031.md\n",
"Updating ../generated_pages/actortypes/A032.md\n",
"Updating ../generated_pages/actortypes/A033.md\n",
"updated ../generated_pages/responsetype_index.md\n", "updated ../generated_pages/responsetype_index.md\n",
"updated ../generated_pages/detections_index.md\n", "updated ../generated_pages/detections_index.md\n",
"updated ../generated_pages/tactics_by_responsetype_table.md\n", "updated ../generated_pages/tactics_by_responsetype_table.md\n",
@ -300,31 +70,9 @@
}, },
{ {
"cell_type": "code", "cell_type": "code",
"execution_count": 2, "execution_count": 5,
"metadata": {}, "metadata": {},
"outputs": [ "outputs": [],
{
"name": "stdout",
"output_type": "stream",
"text": [
"'plan-strategy' is not a recognized DISARM Tactic.\n",
"'plan-objectives' is not a recognized DISARM Tactic.\n",
"'microtarget' is not a recognized DISARM Tactic.\n",
"'select-channels-and-affordances' is not a recognized DISARM Tactic.\n",
"'conduct-pump-priming' is not a recognized DISARM Tactic.\n",
"'deliver-content' is not a recognized DISARM Tactic.\n",
"'drive-offline-activity' is not a recognized DISARM Tactic.\n",
"'persist-in-the-information-environment' is not a recognized DISARM Tactic.\n",
"'assess-effectiveness' is not a recognized DISARM Tactic.\n",
"'target-audience-analysis' is not a recognized DISARM Tactic.\n",
"'develop-narratives' is not a recognized DISARM Tactic.\n",
"'establish-social-assets' is not a recognized DISARM Tactic.\n",
"'establish-legitimacy' is not a recognized DISARM Tactic.\n",
"'maximize-exposure' is not a recognized DISARM Tactic.\n",
"'drive-online-harms' is not a recognized DISARM Tactic.\n"
]
}
],
"source": [ "source": [
"import sys\n", "import sys\n",
"sys.path.insert(0, \"DISARM-STIX2\")\n", "sys.path.insert(0, \"DISARM-STIX2\")\n",

BIN
DISARM_MASTER_DATA/DISARM_FRAMEWORKS_MASTER.xlsx
View File

Binary file not shown.

8258
generated_files/DISARM_STIX/DISARM.json
View File

File diff suppressed because it is too large Load Diff

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0148f9dd-21af-4cd1-a317-4bbefc2d3dbf.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--22790942-b58a-4592-8fdc-208ef85865a6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0148f9dd-21af-4cd1-a317-4bbefc2d3dbf",
"created_by_ref": "identity--09940f92-b071-4771-954b-fc892ada6863",
"created": "2022-07-02T04:22:03.128513Z",
"modified": "2022-07-02T04:22:03.128513Z",
"name": "Create dedicated hashtag",
"description": "Create a campaign/incident specific hashtag.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0104.006.md",
"external_id": "T0104.006"
}
],
"object_marking_refs": [
"marking-definition--302f59a3-bc17-4905-86f7-be4530cdcfe1"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--7d9d64b6-7ffe-43af-8ef2-a9995c3a04fe.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--01a0834b-c185-4ab4-811e-3a3ecd234f71.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--82966992-13b3-4969-87e1-9f1c12e6e1e6", "id": "bundle--ad505d38-5c8f-4fc0-81f4-0616e71a9fa7",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--7d9d64b6-7ffe-43af-8ef2-a9995c3a04fe", "id": "attack-pattern--01a0834b-c185-4ab4-811e-3a3ecd234f71",
"created_by_ref": "identity--e84c2b80-51c8-4352-8897-64a4395c4664", "created_by_ref": "identity--80b01bdf-d8c9-4c1a-bcaa-9b95361cdba0",
"created": "2022-07-01T17:31:14.959768Z", "created": "2022-07-02T04:22:03.086614Z",
"modified": "2022-07-01T17:31:14.959768Z", "modified": "2022-07-02T04:22:03.086614Z",
"name": "Obtain Private Documents", "name": "Obtain Private Documents",
"description": "TA06", "description": "TA06",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--a38b6652-27e6-49b8-8446-5ae50bb53fa1" "marking-definition--3f66a390-8323-4ae1-a279-e0829041aac7"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--c09a6467-ad8c-41d3-8dad-990048fe8cdd.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0577caea-3336-48cd-bc1a-177e3fbb1906.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--c9df0bc5-1bf8-4387-a98b-b5b9e06ed24d", "id": "bundle--aaf60751-16e7-4073-94b5-1c6a10ebf29f",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--c09a6467-ad8c-41d3-8dad-990048fe8cdd", "id": "attack-pattern--0577caea-3336-48cd-bc1a-177e3fbb1906",
"created_by_ref": "identity--afc48f88-907d-4563-8cb0-cd0cb03c0c09", "created_by_ref": "identity--8640ea23-915e-41cb-9dbd-c81bf70b9b5a",
"created": "2022-07-01T17:31:14.940425Z", "created": "2022-07-02T04:22:03.073031Z",
"modified": "2022-07-01T17:31:14.940425Z", "modified": "2022-07-02T04:22:03.073031Z",
"name": "Create Clickbait", "name": "Create Clickbait",
"description": "TA05", "description": "TA05",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--3710d797-7ccf-4f87-84e7-5e7f283ec71f" "marking-definition--5510c27d-c910-4dbf-b594-3d01b57b12a5"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--05b27309-f960-4bdb-8f7c-81a6d3df74fe.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--755d9fa6-5793-4203-ac7a-fed491e37431",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--05b27309-f960-4bdb-8f7c-81a6d3df74fe",
"created_by_ref": "identity--3cdf67d3-7108-48de-b396-357a5cea96be",
"created": "2022-07-02T04:22:03.105577Z",
"modified": "2022-07-02T04:22:03.105577Z",
"name": "Identify Wedge Issues",
"description": "A wedge issue is a divisive political issue, usually concerning a social phenomenon, that divides individuals along a defined line. An influence operation may exploit wedge issues by intentionally polarizing the public along the wedge issue line and encouraging opposition between factions.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0081.006.md",
"external_id": "T0081.006"
}
],
"object_marking_refs": [
"marking-definition--a0933792-0d21-4e92-81f0-9bf587950bc5"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--07693c90-df6d-43ae-9d0e-66119aeb3d7b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--9b80ceda-a633-462c-b707-3e3fc153d330",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--07693c90-df6d-43ae-9d0e-66119aeb3d7b",
"created_by_ref": "identity--be50a8f9-f947-44d5-8e14-c6ebb7849ad2",
"created": "2022-07-02T04:22:03.139675Z",
"modified": "2022-07-02T04:22:03.139675Z",
"name": "Report Non-Violative Opposing Content",
"description": "Reporting opposing content refers to notifying and providing an instance of a violation of a platform\u2019s guidelines and policies for conduct on the platform. In addition to simply reporting the content, an operation may leverage copyright regulations to trick social media and web platforms into removing opposing content by manipulating the content to appear in violation of copyright laws. Reporting opposing content facilitates the suppression of contradictory information and allows operation narratives to take priority in the information space. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0124.001.md",
"external_id": "T0124.001"
}
],
"object_marking_refs": [
"marking-definition--5211c49d-112d-4121-bb1e-9e8c3914935a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--07cdf656-71ef-44ee-b307-1a66439a2870.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--30689219-3c7b-4fce-b623-87a26658b034",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--07cdf656-71ef-44ee-b307-1a66439a2870",
"created_by_ref": "identity--c6997c26-67e6-426d-aefa-8646e8c9d00f",
"created": "2022-07-02T04:22:03.129467Z",
"modified": "2022-07-02T04:22:03.129467Z",
"name": "Audio sharing",
"description": "Examples include podcasting apps, Soundcloud, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0105.003.md",
"external_id": "T0105.003"
}
],
"object_marking_refs": [
"marking-definition--6f5ca75f-347a-429e-8d04-01822e52277d"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--08148393-fc91-438a-95c6-c67caafd3f66.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--1b29cd83-49a3-4633-aed3-215cd45ebb9d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--08148393-fc91-438a-95c6-c67caafd3f66",
"created_by_ref": "identity--437d5bfb-26b4-4574-a665-5bfb482aea0d",
"created": "2022-07-02T04:22:03.124593Z",
"modified": "2022-07-02T04:22:03.124593Z",
"name": "Use existing Echo Chambers/Filter Bubbles",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "microtarget"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0102.001.md",
"external_id": "T0102.001"
}
],
"object_marking_refs": [
"marking-definition--66247d10-aeed-4da1-b681-7367f7501519"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--6ea72015-dbca-45cb-be1f-4696804c2044.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--08a11627-de00-4ac2-b6ee-b11ad36b309b.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--e11b93a2-c912-4792-9f78-537c8c538fb6", "id": "bundle--933f1c9a-1932-42a0-8f0d-21732223e5d2",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--6ea72015-dbca-45cb-be1f-4696804c2044", "id": "attack-pattern--08a11627-de00-4ac2-b6ee-b11ad36b309b",
"created_by_ref": "identity--6c7aeb26-5de2-4cbd-b374-058bf0ff9cf3", "created_by_ref": "identity--46b061de-34b2-4987-a18c-9e2e14a946c5",
"created": "2022-07-01T17:31:14.97189Z", "created": "2022-07-02T04:22:03.095308Z",
"modified": "2022-07-01T17:31:14.97189Z", "modified": "2022-07-02T04:22:03.095308Z",
"name": "Post Content", "name": "Post Content",
"description": "TA09", "description": "TA09",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--f426039e-efb6-4b73-a721-87c61ad63e38" "marking-definition--b335337d-178c-4d43-acc1-263ed50feb4c"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--08d5a3b5-6a73-4994-8124-f918b0a24652.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fa97dce7-af7f-4e15-b277-1db49420e1dc",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--08d5a3b5-6a73-4994-8124-f918b0a24652",
"created_by_ref": "identity--2461e501-b6a8-4476-b30a-943fd5c52682",
"created": "2022-07-02T04:22:03.151159Z",
"modified": "2022-07-02T04:22:03.151159Z",
"name": "View Focused",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "assess-effectiveness"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0132.003.md",
"external_id": "T0132.003"
}
],
"object_marking_refs": [
"marking-definition--02f1c0de-dd3e-47b5-8651-0d33b8e3ee0d"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--092de9b1-422f-4359-a11a-5910713c78ae.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--17055fa4-628d-4768-a680-5f609e8e5e99",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--092de9b1-422f-4359-a11a-5910713c78ae",
"created_by_ref": "identity--98a1ed58-fe31-4e4e-b134-4b08416b2262",
"created": "2022-07-02T04:22:03.141619Z",
"modified": "2022-07-02T04:22:03.141619Z",
"name": "Conduct Symbolic Action",
"description": "Symbolic action refers to activities specifically intended to advance an operation\u2019s narrative by signaling something to the audience, for example, a military parade supporting a state\u2019s narrative of military superiority. An influence operation may use symbolic action to create falsified evidence supporting operation narratives in the physical information space. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-offline-activity"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0057.002.md",
"external_id": "T0057.002"
}
],
"object_marking_refs": [
"marking-definition--8d6cfbf8-6eb3-4a92-b640-dc53c04d1611"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--e0f1572c-6276-474a-9ad5-ea09293dcbb7.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0a2d5ebd-0296-45e3-9575-a14b2a1e9dc8.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--fed6ca4b-dad8-4f41-b4b8-eec8e808a35a", "id": "bundle--e33b4ddd-62d0-46bb-941d-b9c027994b8b",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--e0f1572c-6276-474a-9ad5-ea09293dcbb7", "id": "attack-pattern--0a2d5ebd-0296-45e3-9575-a14b2a1e9dc8",
"created_by_ref": "identity--59e7043a-7790-4c09-83e7-4734480a942f", "created_by_ref": "identity--9c8de478-97d2-4c9d-88b0-5b6e5313f851",
"created": "2022-07-01T17:31:14.958854Z", "created": "2022-07-02T04:22:03.085981Z",
"modified": "2022-07-01T17:31:14.958854Z", "modified": "2022-07-02T04:22:03.085981Z",
"name": "Develop Video-based Content", "name": "Develop Video-based Content",
"description": "TA06", "description": "TA06",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--633ef314-e9fa-48a1-a7d2-49370a5f836a" "marking-definition--abca5f1b-b4e3-4317-bc5c-34cbc80e9538"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ac0d78a-4949-4687-a7bd-0008178680cd.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--ef30d2f5-bffe-4577-9c92-8396607dd026",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0ac0d78a-4949-4687-a7bd-0008178680cd",
"created_by_ref": "identity--f4fa225a-6169-4d38-8476-9dc249aeca76",
"created": "2022-07-02T04:22:03.138087Z",
"modified": "2022-07-02T04:22:03.138087Z",
"name": "Dox",
"description": "Doxing refers to online harassment in which individuals publicly release private information about another individual, including names, addresses, employment information, pictures, family members, and other sensitive information. An influence operation may dox its opposition to encourage individuals aligned with operation narratives to harass the doxed individuals themselves or otherwise discourage the doxed individuals from posting or proliferating conflicting content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0048.004.md",
"external_id": "T0048.004"
}
],
"object_marking_refs": [
"marking-definition--6ab22ce0-cafc-46f5-b607-b19b5ce8a129"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0b5f4f5c-7a93-458b-9ed5-a441ab539b33.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--0ad60b5e-f2b2-48aa-b7df-ce4b9b283f17",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0b5f4f5c-7a93-458b-9ed5-a441ab539b33",
"created_by_ref": "identity--be72c048-88ce-441d-b668-6d0f143cefc4",
"created": "2022-07-02T04:22:03.149928Z",
"modified": "2022-07-02T04:22:03.149928Z",
"name": "Post Borderline Content",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0131.002.md",
"external_id": "T0131.002"
}
],
"object_marking_refs": [
"marking-definition--69039388-8ab9-45e3-8ce4-c30291fd8faf"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b6b83eac-df2f-4a4a-a365-e3affbe2838a.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c2361a2-11a9-4aad-ab3a-a258e4e0ce85.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--bc7ae2c6-02b0-4d2a-ac6e-ced09adf879d", "id": "bundle--e8472b1c-36fc-42e7-aee8-b30f9c8e9e58",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--b6b83eac-df2f-4a4a-a365-e3affbe2838a", "id": "attack-pattern--0c2361a2-11a9-4aad-ab3a-a258e4e0ce85",
"created_by_ref": "identity--5d94075d-aed1-418b-bab1-c54fad2eb3cd", "created_by_ref": "identity--bb013d68-f517-43ff-befa-514e3fca120c",
"created": "2022-07-01T17:31:14.951093Z", "created": "2022-07-02T04:22:03.080523Z",
"modified": "2022-07-01T17:31:14.951093Z", "modified": "2022-07-02T04:22:03.080523Z",
"name": "Degrade Adversary", "name": "Degrade Adversary",
"description": "TA02", "description": "TA02",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--b4718ba0-41ba-4923-962e-10426c474c17" "marking-definition--b83349c1-fa4d-454e-90f1-a0fc1f36d6b7"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0c63bf4d-fa02-4b40-8683-2a0994e3895e.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--df6c406c-2f4c-4860-9292-2de500a45afd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0c63bf4d-fa02-4b40-8683-2a0994e3895e",
"created_by_ref": "identity--c069cbb5-940d-487b-a145-5b1c124a2104",
"created": "2022-07-02T04:22:03.122694Z",
"modified": "2022-07-02T04:22:03.122694Z",
"name": "Leverage Existing Inauthentic News Sites",
"description": "An influence operation may prepare assets impersonating legitimate entities to further conceal its network identity and add a layer of legitimacy to its operation content. Users will more likely believe and less likely fact-check news from recognizable sources rather than unknown sites. Legitimate entities may include authentic news outlets, public figures, organizations, or state entities. \nAn influence operation may use a wide variety of cyber techniques to impersonate a legitimate entity\u2019s website or social media account. Typosquatting87 is the international registration of a domain name with purposeful variations of the impersonated domain name through intentional typos, top-level domain (TLD) manipulation, or punycode. Typosquatting facilitates the creation of falsified websites by creating similar domain names in the URL box, leaving it to the user to confirm that the URL is correct. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0098.002.md",
"external_id": "T0098.002"
}
],
"object_marking_refs": [
"marking-definition--cb63418c-7066-4b07-8733-094849c1e160"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d3726bc-bf0e-4357-b2b3-96b41aa856a3.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--48ab23ea-ae12-4b96-9d07-40623e1ffd9b",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d3726bc-bf0e-4357-b2b3-96b41aa856a3",
"created_by_ref": "identity--ff63eba0-3e4a-4b47-a402-3caaea15c330",
"created": "2022-07-02T04:22:03.123012Z",
"modified": "2022-07-02T04:22:03.123012Z",
"name": "Astroturfing",
"description": "Astroturfing occurs when an influence operation disguises itself as grassroots movement or organization that supports operation narratives. Unlike butterfly attacks, astroturfing aims to increase the appearance of popular support for the operation cause and does not infiltrate existing groups to discredit their objectives. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0099.001.md",
"external_id": "T0099.001"
}
],
"object_marking_refs": [
"marking-definition--dc890fe2-240a-4bac-8bce-566a3eac16be"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d705267-24bc-49d0-9cb8-db20ef0e4312.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--8cf627d4-3a60-4ee9-a868-942162d2485d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0d705267-24bc-49d0-9cb8-db20ef0e4312",
"created_by_ref": "identity--20aa7572-2e93-461d-850d-b32ececde944",
"created": "2022-07-02T04:22:03.107865Z",
"modified": "2022-07-02T04:22:03.107865Z",
"name": "Political Segmentation",
"description": "An influence operation may target populations based on their political affiliations, especially when aiming to manipulate voting or change policy.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0072.005.md",
"external_id": "T0072.005"
}
],
"object_marking_refs": [
"marking-definition--9aa856d8-de84-4e6b-b348-1e5d8f5726e7"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--78c1784e-2fb8-46c8-bc60-cda1a6c0a545.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0e463661-3676-4344-82a7-f5358aeae31d.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--1190eb15-a687-4017-90de-4a022b6925eb", "id": "bundle--34acadc1-2ed7-4cd5-9217-961a0dedcb94",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--78c1784e-2fb8-46c8-bc60-cda1a6c0a545", "id": "attack-pattern--0e463661-3676-4344-82a7-f5358aeae31d",
"created_by_ref": "identity--0834574d-6550-405b-afa3-7779cb4197c0", "created_by_ref": "identity--3a2b5b1b-b29c-41ec-b262-125a61465224",
"created": "2022-07-01T17:31:14.953369Z", "created": "2022-07-02T04:22:03.082142Z",
"modified": "2022-07-01T17:31:14.953369Z", "modified": "2022-07-02T04:22:03.082142Z",
"name": "Dismiss", "name": "Dismiss",
"description": "TA02", "description": "TA02",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--86650865-24d6-436d-95c7-d0574d4c1a43" "marking-definition--df5096ac-d0f1-4f54-9781-79f405df9bf8"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0f4c0dce-c14e-4f9c-999e-6a9654f074f0.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--cc97565a-16d7-448c-8a93-dd4dfbf44643",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--0f4c0dce-c14e-4f9c-999e-6a9654f074f0",
"created_by_ref": "identity--ecb6c677-bbae-4fb2-b41e-105023a06352",
"created": "2022-07-02T04:22:03.128201Z",
"modified": "2022-07-02T04:22:03.128201Z",
"name": "Use hashtags",
"description": "Use a dedicated, existing hashtag for the campaign/incident.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0104.005.md",
"external_id": "T0104.005"
}
],
"object_marking_refs": [
"marking-definition--93130825-a391-4641-9628-9d9d345640b2"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8d06d3f2-a34e-4e39-bbd7-a0435ec73b0f.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--0ff2ef87-d70c-49f3-972a-16108fbfdb82.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--b4f128f6-ad9b-40e3-821f-143c587681d7", "id": "bundle--fa18b3f9-373f-45f6-bad2-1a998023080a",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--8d06d3f2-a34e-4e39-bbd7-a0435ec73b0f", "id": "attack-pattern--0ff2ef87-d70c-49f3-972a-16108fbfdb82",
"created_by_ref": "identity--12361440-06ad-44a6-b575-34e36c10b05c", "created_by_ref": "identity--4b533ae4-3c34-4ccc-8a29-db42dd7be09e",
"created": "2022-07-01T17:31:14.942318Z", "created": "2022-07-02T04:22:03.074377Z",
"modified": "2022-07-01T17:31:14.942318Z", "modified": "2022-07-02T04:22:03.074377Z",
"name": "Trial content", "name": "Trial content",
"description": "TA08", "description": "TA08",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--45520f55-9ac2-488b-9a40-28f6395ec8b1" "marking-definition--64269a16-723b-405c-b048-a9e040d96eba"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1118e422-bcff-403f-9e8b-e5934b16d432.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--bbea67b4-3f12-4e6c-8f9e-5f176b3bebdd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1118e422-bcff-403f-9e8b-e5934b16d432",
"created_by_ref": "identity--4de17c2a-872b-4b49-bedd-4edaa92b0ffb",
"created": "2022-07-02T04:22:03.130435Z",
"modified": "2022-07-02T04:22:03.130435Z",
"name": "Newspaper",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0111.002.md",
"external_id": "T0111.002"
}
],
"object_marking_refs": [
"marking-definition--ee2e77f1-43fa-4886-baa8-9d0e83ebbe86"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b74c4ea7-a51b-4738-90f3-3daf8c4e4f6a.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--134fb9f0-ca77-4e1f-af85-2a7b49382224.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--9217bbe9-0c22-4946-87af-dc1ea54e748b", "id": "bundle--25398708-bc32-4a59-b8ce-6f7467e585a0",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--b74c4ea7-a51b-4738-90f3-3daf8c4e4f6a", "id": "attack-pattern--134fb9f0-ca77-4e1f-af85-2a7b49382224",
"created_by_ref": "identity--2cecb1f4-0253-4adc-8097-aa51b07681ff", "created_by_ref": "identity--daf39689-4e5c-4591-8322-211f133d7944",
"created": "2022-07-01T17:31:14.958396Z", "created": "2022-07-02T04:22:03.085667Z",
"modified": "2022-07-01T17:31:14.958396Z", "modified": "2022-07-02T04:22:03.085667Z",
"name": "Develop Image-based Content", "name": "Develop Image-based Content",
"description": "TA06", "description": "TA06",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--69102417-8fe9-4768-af2f-b79a003c84a4" "marking-definition--26b1768d-df1e-4c22-882e-2f5734b270aa"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--15e37fa3-0927-4cda-a91b-b2fcf1de0e2a.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c12ec9c9-66a6-4587-bdea-19589095e4ea",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--15e37fa3-0927-4cda-a91b-b2fcf1de0e2a",
"created_by_ref": "identity--776c20f1-07f5-4a99-a802-b8ba5dac7cd1",
"created": "2022-07-02T04:22:03.134269Z",
"modified": "2022-07-02T04:22:03.134269Z",
"name": "Conduct Swarming",
"description": "Swarming refers to the coordinated use of accounts to overwhelm the information space with operation content. Unlike information flooding, swarming centers exclusively around a specific event or actor rather than a general narrative. Swarming relies on \u201chorizontal communication\u201d between information assets rather than a top-down, vertical command-and-control approach. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0049.005.md",
"external_id": "T0049.005"
}
],
"object_marking_refs": [
"marking-definition--8ff428d8-fa13-4d36-ac32-a89aa0e17273"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--161aa4a2-a59f-4d55-90b5-cb117b99a9e7.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--713a987a-0ef1-401c-b414-3cc772bd84b7",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--161aa4a2-a59f-4d55-90b5-cb117b99a9e7",
"created_by_ref": "identity--1013b66b-4ed9-4546-b259-1042a0a728a8",
"created": "2022-07-02T04:22:03.148334Z",
"modified": "2022-07-02T04:22:03.148334Z",
"name": "Utilize Bulletproof Hosting",
"description": "Hosting refers to services through which storage and computing resources are provided to an individual or organization for the accommodation and maintenance of one or more websites and related services. Services may include web hosting, file sharing, and email distribution. Bulletproof hosting refers to services provided by an entity, such as a domain hosting or web hosting firm, that allows its customer considerable leniency in use of the service. An influence operation may utilize bulletproof hosting to maintain continuity of service for suspicious, illegal, or disruptive operation activities that stricter hosting services would limit, report, or suspend. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0130.002.md",
"external_id": "T0130.002"
}
],
"object_marking_refs": [
"marking-definition--c7f71c91-9cb4-4fe7-8ea9-4f389026de49"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1665bd77-075a-40e0-b344-76382fa64dc2.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--e85f3252-38a5-411b-89e6-aae697764bbd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1665bd77-075a-40e0-b344-76382fa64dc2",
"created_by_ref": "identity--320f2010-7f08-40ce-9681-b6bff1eb6016",
"created": "2022-07-02T04:22:03.110416Z",
"modified": "2022-07-02T04:22:03.110416Z",
"name": "Develop False or Altered Documents",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0085.002.md",
"external_id": "T0085.002"
}
],
"object_marking_refs": [
"marking-definition--44c4223b-a542-4444-b697-76c5c0fc24b9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--17ae8352-79ab-4160-b192-cd70463fdba0.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--6e92b4de-538c-4693-bf93-6eef6ef89a7f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--17ae8352-79ab-4160-b192-cd70463fdba0",
"created_by_ref": "identity--4f14919c-6b5b-4c17-a196-d221bbe9c5fb",
"created": "2022-07-02T04:22:03.123637Z",
"modified": "2022-07-02T04:22:03.123637Z",
"name": "Co-Opt Trusted Individuals",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0100.001.md",
"external_id": "T0100.001"
}
],
"object_marking_refs": [
"marking-definition--15123be0-5444-4596-837d-2a145f419356"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f9dd7b55-82d4-4259-818f-a2dc30832813.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--187e3391-9355-412c-94bd-3aa951359917.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--71280fb0-bb10-465a-8d6f-9756532db6f0", "id": "bundle--ba2d0fed-5f6d-48b0-999f-166cb247033e",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--f9dd7b55-82d4-4259-818f-a2dc30832813", "id": "attack-pattern--187e3391-9355-412c-94bd-3aa951359917",
"created_by_ref": "identity--11d9b11c-5f54-4592-8572-95adfe5376d2", "created_by_ref": "identity--f78a2e25-3eb2-4bfe-9004-25f538766eca",
"created": "2022-07-01T17:31:14.966249Z", "created": "2022-07-02T04:22:03.09143Z",
"modified": "2022-07-01T17:31:14.966249Z", "modified": "2022-07-02T04:22:03.09143Z",
"name": "Livestream", "name": "Livestream",
"description": "TA07", "description": "TA07",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--63da3709-7951-4335-a54e-cf3a20e5f46f" "marking-definition--8e0217a7-cf78-4582-be4d-e0e0849b7061"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--6f7001ca-244b-436e-910a-dca164b10211.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1944a6a4-0101-4c95-bd6d-1d8b674a712f.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--28eaf5ec-f92c-4264-8c6e-7a5008feca09", "id": "bundle--c462fbd1-20a6-459a-b27e-76994b09c797",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--6f7001ca-244b-436e-910a-dca164b10211", "id": "attack-pattern--1944a6a4-0101-4c95-bd6d-1d8b674a712f",
"created_by_ref": "identity--460bcd71-be88-4f1c-ad27-b2cd8602363e", "created_by_ref": "identity--2ce1558c-41e6-4805-b4d8-19824d5d876b",
"created": "2022-07-01T17:31:14.943705Z", "created": "2022-07-02T04:22:03.075336Z",
"modified": "2022-07-01T17:31:14.943705Z", "modified": "2022-07-02T04:22:03.075336Z",
"name": "Online polls", "name": "Online polls",
"description": "TA07", "description": "TA07",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--1e4b11cf-8d5c-44ea-9e6f-d6f3798f004c" "marking-definition--bc185ad5-3887-4955-bda7-998d5442b6c1"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--197d83f1-5d84-407d-9867-0c369fff8209.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--6218f10a-9c78-4ef6-84fe-1dc521118eac",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--197d83f1-5d84-407d-9867-0c369fff8209",
"created_by_ref": "identity--bf19cf8a-3634-4a53-ac80-4ee6c1014deb",
"created": "2022-07-02T04:22:03.139046Z",
"modified": "2022-07-02T04:22:03.139046Z",
"name": "Destroy Information Generation Capabilities",
"description": "Destroying information generation capabilities refers to actions taken to limit, degrade, or otherwise incapacitate an actor\u2019s ability to generate conflicting information. An influence operation may destroy an actor\u2019s information generation capabilities by physically dismantling the information infrastructure, disconnecting resources needed for information generation, or redirecting information generation personnel. An operation may destroy an adversary\u2019s information generation capabilities to limit conflicting content exposure to the target audience and crowd the information space with its own narratives. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0123.003.md",
"external_id": "T0123.003"
}
],
"object_marking_refs": [
"marking-definition--4b33bd1e-c2a6-45c3-9eb7-cf6557197dbb"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--cd5c8d2c-5eef-4d24-bdbd-5bd5d8c50fad.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1a11d543-72b6-4dbb-b43d-fb074f0f4cea.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--fd58963e-036f-4631-a64a-da3e8a83119c", "id": "bundle--d33d1983-ec2e-491a-8a92-8a776c4c7cad",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--cd5c8d2c-5eef-4d24-bdbd-5bd5d8c50fad", "id": "attack-pattern--1a11d543-72b6-4dbb-b43d-fb074f0f4cea",
"created_by_ref": "identity--fcc1f919-43ee-4c6a-bf17-f919d5497443", "created_by_ref": "identity--47060639-328a-4575-8b0d-4fdb1509db99",
"created": "2022-07-01T17:31:14.954282Z", "created": "2022-07-02T04:22:03.082795Z",
"modified": "2022-07-01T17:31:14.954282Z", "modified": "2022-07-02T04:22:03.082795Z",
"name": "Distract", "name": "Distract",
"description": "TA02", "description": "TA02",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--d1e05051-e028-4431-b520-826b84a5b2b4" "marking-definition--0e5e1495-8b8b-4049-ad11-e12bfafb28b1"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--6bcdda2b-3536-49b8-9415-592e9166a7fa.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1aa64eda-9ca1-4bee-9d8e-03df564224be.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--58fae451-8950-4376-839f-60c328b018c0", "id": "bundle--1cace462-d771-4b0f-8ee6-92d9d87b91ee",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--6bcdda2b-3536-49b8-9415-592e9166a7fa", "id": "attack-pattern--1aa64eda-9ca1-4bee-9d8e-03df564224be",
"created_by_ref": "identity--e7d4152b-211b-410a-98b8-3205bbe6a2e7", "created_by_ref": "identity--c7d44c36-4d0d-4b23-8908-74b169e8b1e1",
"created": "2022-07-01T17:31:14.965333Z", "created": "2022-07-02T04:22:03.090706Z",
"modified": "2022-07-01T17:31:14.965333Z", "modified": "2022-07-02T04:22:03.090706Z",
"name": "Create Localized Content", "name": "Create Localized Content",
"description": "TA05", "description": "TA05",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--d89825ee-bfbe-4683-bdad-927ba92bb451" "marking-definition--d907d1c7-4986-40e2-90a3-f22ab0a818c0"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1baa6985-10f2-4917-83d7-c005c2c6eb0c.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--0b257550-e900-461c-8c04-aab183d121d5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1baa6985-10f2-4917-83d7-c005c2c6eb0c",
"created_by_ref": "identity--ab73a551-6769-4a81-b62f-e69a89c20bd9",
"created": "2022-07-02T04:22:03.122377Z",
"modified": "2022-07-02T04:22:03.122377Z",
"name": "Create Inauthentic News Sites",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0098.001.md",
"external_id": "T0098.001"
}
],
"object_marking_refs": [
"marking-definition--c5753eb8-1685-4869-8fea-b5e350bbe86a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--0d17c049-09cc-4535-8007-29f321317726.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1cb5bd52-aed3-4c59-a5ac-7fca75c22ae6.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--52dc4e00-30f1-4c6a-a26f-79372cc9ffda", "id": "bundle--253a9c1c-e1f7-4ded-b1ad-d76cdfc88105",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--0d17c049-09cc-4535-8007-29f321317726", "id": "attack-pattern--1cb5bd52-aed3-4c59-a5ac-7fca75c22ae6",
"created_by_ref": "identity--f867c0f8-c0a0-4bc1-bc72-3120ab02669a", "created_by_ref": "identity--d0d9e3d3-fe83-49db-aa1e-711c791b66fe",
"created": "2022-07-01T17:31:14.977845Z", "created": "2022-07-02T04:22:03.099517Z",
"modified": "2022-07-01T17:31:14.977845Z", "modified": "2022-07-02T04:22:03.099517Z",
"name": "Conceal People", "name": "Conceal People",
"description": "TA11", "description": "TA11",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--c12ea9e7-a532-4433-a932-f4e61cf5e1af" "marking-definition--4cc5ae07-6466-44d3-804f-6b134e221ed0"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1cc04493-e157-40b6-8173-9848d6b87e58.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--1abb02dc-56a7-46a5-ad2d-ad5ed797cbe6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1cc04493-e157-40b6-8173-9848d6b87e58",
"created_by_ref": "identity--d9d1f747-25ae-408d-9d11-4ee40031fabc",
"created": "2022-07-02T04:22:03.112648Z",
"modified": "2022-07-02T04:22:03.112648Z",
"name": "Deceptively Edit Video (Cheap fakes)",
"description": "Cheap fakes utilize less sophisticated measures of altering an image, video, or audio for example, slowing, speeding, or cutting footage to create a false context surrounding an image or event.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0087.002.md",
"external_id": "T0087.002"
}
],
"object_marking_refs": [
"marking-definition--5c412a6e-7cf1-4d89-a409-74306cad315d"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1cdd3983-14a0-4d1a-a65e-4a066047ba86.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--2987a2bc-96c8-4646-bf04-4ead60e9e0aa",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1cdd3983-14a0-4d1a-a65e-4a066047ba86",
"created_by_ref": "identity--630f859f-d91b-442f-a9c0-0514b948c0ad",
"created": "2022-07-02T04:22:03.152756Z",
"modified": "2022-07-02T04:22:03.152756Z",
"name": "Action/attitude",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "assess-effectiveness"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0133.005.md",
"external_id": "T0133.005"
}
],
"object_marking_refs": [
"marking-definition--3998fe1d-9e44-4bb5-a106-031dea8fbe54"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3010fa9d-3c56-4d39-a14d-1896f5e09c43.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--1e3fe580-e721-43ae-b231-6a1ffa7c7427.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--65a56669-07bb-4308-8d79-5365cd790468", "id": "bundle--80dd5f27-4931-4230-9e57-4ab69a016cbf",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--3010fa9d-3c56-4d39-a14d-1896f5e09c43", "id": "attack-pattern--1e3fe580-e721-43ae-b231-6a1ffa7c7427",
"created_by_ref": "identity--6a4503eb-1db5-442a-9f08-006dd12aa5b4", "created_by_ref": "identity--06d6bbce-9166-4ecf-8033-76d96d6ae7f9",
"created": "2022-07-01T17:31:14.967157Z", "created": "2022-07-02T04:22:03.092074Z",
"modified": "2022-07-01T17:31:14.967157Z", "modified": "2022-07-02T04:22:03.092074Z",
"name": "Media Sharing Networks", "name": "Media Sharing Networks",
"description": "TA07", "description": "TA07",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--c1a3a62c-609f-4a7c-af88-3112ee0649ea" "marking-definition--ecb980c1-872e-4bef-989e-3a44e5b68c8f"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1e917de4-6ee5-44e3-a3e8-1bdd5b20d38b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--2d5dba6a-7f95-492d-9a4d-817875b51e96",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1e917de4-6ee5-44e3-a3e8-1bdd5b20d38b",
"created_by_ref": "identity--21744e1f-0f4f-40c0-9e22-09c3335cfb50",
"created": "2022-07-02T04:22:03.140956Z",
"modified": "2022-07-02T04:22:03.140956Z",
"name": "Facilitate logistics or support for attendance",
"description": "Facilitate logistics or support for travel, food, housing, etc.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-offline-activity"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0126.002.md",
"external_id": "T0126.002"
}
],
"object_marking_refs": [
"marking-definition--3b36cee1-a9b6-4614-9a79-3482bdc2fdb4"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--1f7789b9-c923-4862-a21c-1bb797c9134e.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--86217776-e69e-44ce-868b-b5665ca35a5c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--1f7789b9-c923-4862-a21c-1bb797c9134e",
"created_by_ref": "identity--865694d3-ec33-4438-bacf-afa112f28f10",
"created": "2022-07-02T04:22:03.104625Z",
"modified": "2022-07-02T04:22:03.104625Z",
"name": "Identify Existing Prejudices",
"description": "An influence operation may exploit existing racial, religious, demographic, or social prejudices to further polarize its target audience from the rest of the public.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0081.003.md",
"external_id": "T0081.003"
}
],
"object_marking_refs": [
"marking-definition--4e2ee680-ecec-454e-bce6-27b6cd7038ed"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2025e8cd-69d0-48df-b8f7-d945860a0034.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--d1723c74-1b85-4f8a-ba54-8f88e7a5a612",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2025e8cd-69d0-48df-b8f7-d945860a0034",
"created_by_ref": "identity--a9f26548-18ad-408b-a602-5c6cb0d52008",
"created": "2022-07-02T04:22:03.125907Z",
"modified": "2022-07-02T04:22:03.125907Z",
"name": "Use Unencrypted Chats Apps",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0043.002.md",
"external_id": "T0043.002"
}
],
"object_marking_refs": [
"marking-definition--d5edaffd-54c8-407e-8df9-8d08328a4e8b"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b2d3dc7b-77a0-4cea-9735-ae1c5412ecc8.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--21ed5757-035d-42f8-86d0-97b83763afcc.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--02760c1e-e063-47e3-ac4d-403afd511e84", "id": "bundle--89ab7823-8a37-4de5-894c-7614ac1e665d",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--b2d3dc7b-77a0-4cea-9735-ae1c5412ecc8", "id": "attack-pattern--21ed5757-035d-42f8-86d0-97b83763afcc",
"created_by_ref": "identity--e48b0521-67fe-498a-bef2-bef53f5f3b45", "created_by_ref": "identity--d249479e-c10e-43d4-8749-4b80bb7ce9ce",
"created": "2022-07-01T17:31:14.97281Z", "created": "2022-07-02T04:22:03.095971Z",
"modified": "2022-07-01T17:31:14.97281Z", "modified": "2022-07-02T04:22:03.095971Z",
"name": "Attract Traditional Media", "name": "Attract Traditional Media",
"description": "TA09", "description": "TA09",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--685228e4-ab0f-47c6-bcec-acce11521385" "marking-definition--47bb1ff0-2270-42cf-bf6d-7fb46b7000a4"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--235693bd-a099-438a-9532-bcf2f7cf618d.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--e7873752-7f81-4862-bde3-2ed361db5b90",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--235693bd-a099-438a-9532-bcf2f7cf618d",
"created_by_ref": "identity--aae35d3f-7f70-4faf-91eb-571d576b143c",
"created": "2022-07-02T04:22:03.144827Z",
"modified": "2022-07-02T04:22:03.144827Z",
"name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organization. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0129.001.md",
"external_id": "T0129.001"
}
],
"object_marking_refs": [
"marking-definition--8ca6d0a3-4ddc-4cfd-a021-09fc8948d721"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--23706f91-ddc8-4978-b008-9a8996489615.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fdf6fc66-6e52-4444-9189-b5a6e2833c2d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--23706f91-ddc8-4978-b008-9a8996489615",
"created_by_ref": "identity--4617f4f8-03e8-4bb4-8ced-5f39ee2c416e",
"created": "2022-07-02T04:22:03.102706Z",
"modified": "2022-07-02T04:22:03.102706Z",
"name": "Evaluate Media Surveys",
"description": "An influence operation may evaluate its own or third-party media surveys to determine what type of content appeals to its target audience. Media surveys may provide insight into an audience\u2019s political views, social class, general interests, or other indicators used to tailor operation messaging to its target audience.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0080.002.md",
"external_id": "T0080.002"
}
],
"object_marking_refs": [
"marking-definition--c8b7af04-4fa2-4f43-b41e-b2c5258b7490"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--23b4bcfc-7362-440f-97ca-1094ad0abc1e.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--226fded6-bbef-499e-9143-0c70098ea685",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--23b4bcfc-7362-440f-97ca-1094ad0abc1e",
"created_by_ref": "identity--909d618b-ed43-4566-a2ad-b744f772fca9",
"created": "2022-07-02T04:22:03.109147Z",
"modified": "2022-07-02T04:22:03.109147Z",
"name": "Plagiarize Content",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0084.002.md",
"external_id": "T0084.002"
}
],
"object_marking_refs": [
"marking-definition--05037167-3060-45f9-af72-94d680be3593"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--28674cbc-4d76-41f9-b764-6ded29ee44fd.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--31a09819-6349-4f52-b393-c79c457696e6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--28674cbc-4d76-41f9-b764-6ded29ee44fd",
"created_by_ref": "identity--f82c73a3-9e7f-4350-88a7-78382de7dbe0",
"created": "2022-07-02T04:22:03.104941Z",
"modified": "2022-07-02T04:22:03.104941Z",
"name": "Identify Existing Fissures",
"description": "An influence operation may identify existing fissures to pit target populations against one another or facilitate a \u201cdivide-and-conquer\" approach to tailor operation narratives along the divides.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0081.004.md",
"external_id": "T0081.004"
}
],
"object_marking_refs": [
"marking-definition--b1be49f6-94f3-493f-91cf-85cf1a39428a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--289c80c1-36af-4d61-b7f1-046161422e37.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--66db9060-2525-4380-8a3e-5dd720486a3d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--289c80c1-36af-4d61-b7f1-046161422e37",
"created_by_ref": "identity--6bba4400-5505-422e-b988-ab6b04cb0bfe",
"created": "2022-07-02T04:22:03.116529Z",
"modified": "2022-07-02T04:22:03.116529Z",
"name": "Create Bot Accounts",
"description": "Bots refer to autonomous internet users that interact with systems or other users while imitating traditional human behavior. Bots use a variety of tools to stay active without direct human operation, including artificial intelligence and big data analytics. For example, an individual may program a Twitter bot to retweet a tweet every time it contains a certain keyword or hashtag. An influence operation may use bots to increase its exposure and artificially promote its content across the internet without dedicating additional time or human resources. \nAmplifier bots promote operation content through reposts, shares, and likes to increase the content\u2019s online popularity. Hacker bots are traditionally covert bots running on computer scripts that rarely engage with users and work primarily as agents of larger cyberattacks, such as a Distributed Denial of Service attacks. Spammer bots are programmed to post content on social media or in comment sections, usually as a supplementary tool. Impersonator bots102 pose as real people by mimicking human behavior, complicating their detection. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.003.md",
"external_id": "T0090.003"
}
],
"object_marking_refs": [
"marking-definition--ed106a38-1213-4f41-9cd9-64bdbeaea56b"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--9370c9a8-b470-482b-8125-c776468b9f20.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--28c4447e-c922-4e62-b632-6f85c3befc22.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--0d3eef4e-d3eb-4033-a373-be4b702ec076", "id": "bundle--9a124a8b-d39f-4a8e-85bb-516a2a0eeb13",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--9370c9a8-b470-482b-8125-c776468b9f20", "id": "attack-pattern--28c4447e-c922-4e62-b632-6f85c3befc22",
"created_by_ref": "identity--4cb327fe-e517-4296-9d8e-b2f0792653f2", "created_by_ref": "identity--7eaf5956-0ca5-4c46-a5cb-ccf3f6d1cfaa",
"created": "2022-07-01T17:31:14.957016Z", "created": "2022-07-02T04:22:03.084704Z",
"modified": "2022-07-01T17:31:14.957016Z", "modified": "2022-07-02T04:22:03.084704Z",
"name": "Integrate Target Audience Vulnerabilities into Narrative", "name": "Integrate Target Audience Vulnerabilities into Narrative",
"description": "TA14", "description": "TA14",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--a86fbb95-d925-4d85-93bf-961924fe5893" "marking-definition--3f3ab8b8-d66b-4b73-9e0b-bd7c5bd81b9a"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--29750664-9ed2-4c58-b10b-68ab1eb02dc6.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--e150ad83-f2ad-4e8c-a3d6-9bf60bf3b81a",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--29750664-9ed2-4c58-b10b-68ab1eb02dc6",
"created_by_ref": "identity--38878c6f-1db3-4eae-bd7a-07b36bcc2f3c",
"created": "2022-07-02T04:22:03.143879Z",
"modified": "2022-07-02T04:22:03.143879Z",
"name": "Distance Reputable Individuals from Operation",
"description": "Distancing reputable individuals from the operation occurs when enlisted individuals, such as celebrities or subject matter experts, actively disengage themselves from operation activities and messaging. Individuals may distance themselves from the operation by deleting old posts or statements, unfollowing operation information assets, or otherwise detaching themselves from the operation\u2019s timeline. An influence operation may want reputable individuals to distance themselves from the operation to reduce operation exposure, particularly if the operation aims to remove all evidence.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0128.003.md",
"external_id": "T0128.003"
}
],
"object_marking_refs": [
"marking-definition--11441662-c80b-435d-bfb2-b925624fe053"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2a372db3-69c5-42bb-b257-c43684bede04.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--5a05a6e7-8708-41a8-be75-2d064fd8a73c",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2a372db3-69c5-42bb-b257-c43684bede04",
"created_by_ref": "identity--3826a366-a12c-4ab2-979b-0f2759cccabe",
"created": "2022-07-02T04:22:03.136189Z",
"modified": "2022-07-02T04:22:03.136189Z",
"name": "Use Affiliate Marketing Programs",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0120.001.md",
"external_id": "T0120.001"
}
],
"object_marking_refs": [
"marking-definition--6d3ba371-d32d-4521-825a-0ea65e443523"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2ac3960b-813b-4722-ba29-9e692d88341b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--f1d5bf3b-2a36-4b06-8d75-2433d0ff313d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2ac3960b-813b-4722-ba29-9e692d88341b",
"created_by_ref": "identity--88f2a537-1478-489d-9cf1-6281cd09fe3a",
"created": "2022-07-02T04:22:03.138733Z",
"modified": "2022-07-02T04:22:03.138733Z",
"name": "Block Content",
"description": "Content blocking refers to actions taken to restrict internet access or render certain areas of the internet inaccessible. An influence operation may restrict content based on both network and content attributes. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-online-harms"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0123.002.md",
"external_id": "T0123.002"
}
],
"object_marking_refs": [
"marking-definition--16a459ec-0f6b-4501-8308-a1b5fb1c17f9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2b6bd718-4225-4bbe-9444-183f90644c74.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--568ab9c9-2b80-4801-a462-cb838ee36378",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2b6bd718-4225-4bbe-9444-183f90644c74",
"created_by_ref": "identity--e435d26e-0ecb-454b-9b09-17fd7ca15b75",
"created": "2022-07-02T04:22:03.106213Z",
"modified": "2022-07-02T04:22:03.106213Z",
"name": "Identify Media System Vulnerabilities",
"description": "An influence operation may exploit existing weaknesses in a target\u2019s media system. These weaknesses may include existing biases among media agencies, vulnerability to false news agencies on social media, or existing distrust of traditional media sources. An existing distrust among the public in the media system\u2019s credibility holds high potential for exploitation by an influence operation when establishing alternative news agencies to spread operation content. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0081.008.md",
"external_id": "T0081.008"
}
],
"object_marking_refs": [
"marking-definition--2a74fdc4-aa04-4969-bb12-3b04ba5f7989"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2c2dea9d-8fac-4c78-aded-3ffc8b689f14.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--1ef3faee-e87b-4def-b0cd-0a263bc82564",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2c2dea9d-8fac-4c78-aded-3ffc8b689f14",
"created_by_ref": "identity--51fd2bb4-68fb-4f11-96fe-49ffd9017c3e",
"created": "2022-07-02T04:22:03.107184Z",
"modified": "2022-07-02T04:22:03.107184Z",
"name": "Economic Segmentation",
"description": "An influence operation may target populations based on their income bracket, wealth, or other financial or economic division. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0072.003.md",
"external_id": "T0072.003"
}
],
"object_marking_refs": [
"marking-definition--97cd5dd6-b9fc-4d7d-add3-f620418b5cc9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2db4ca1d-31be-4012-899d-d15362afe682.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--b628a316-9385-4167-8eea-8c51cf18ca9e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2db4ca1d-31be-4012-899d-d15362afe682",
"created_by_ref": "identity--0861ee99-12fe-462b-9743-4cb6532c3595",
"created": "2022-07-02T04:22:03.124946Z",
"modified": "2022-07-02T04:22:03.124946Z",
"name": "Create Echo Chambers/Filter Bubbles",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "microtarget"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0102.002.md",
"external_id": "T0102.002"
}
],
"object_marking_refs": [
"marking-definition--5bec0b82-17ab-44a2-a539-2e37e0588d63"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2dd166eb-2830-4440-8f7e-16ae78cbffce.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--29a99d02-3dbd-4d49-a2db-57db19c801a5",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2dd166eb-2830-4440-8f7e-16ae78cbffce",
"created_by_ref": "identity--bb91794f-6a67-4113-a342-317140133c51",
"created": "2022-07-02T04:22:03.124276Z",
"modified": "2022-07-02T04:22:03.124276Z",
"name": "Co-opt Influencers",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0100.003.md",
"external_id": "T0100.003"
}
],
"object_marking_refs": [
"marking-definition--a38b765b-cb0e-4740-a322-1d25f04e9a7a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2eb2d8bf-774e-44dd-942b-11302d6defc2.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--e271ede1-12e6-4e53-b85c-a0339e01fe38",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2eb2d8bf-774e-44dd-942b-11302d6defc2",
"created_by_ref": "identity--048ac8e8-6785-4993-9eb7-8d80999da439",
"created": "2022-07-02T04:22:03.1152Z",
"modified": "2022-07-02T04:22:03.1152Z",
"name": "Leak False Documents",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0089.002.md",
"external_id": "T0089.002"
}
],
"object_marking_refs": [
"marking-definition--032397fc-9948-420a-af54-11f30f1f7f76"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--2eb2f147-53d7-4fae-a711-13f0181630a0.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--f55fab24-7347-4022-b221-ad0d32fb9f36",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--2eb2f147-53d7-4fae-a711-13f0181630a0",
"created_by_ref": "identity--e6865b40-628d-4ac3-bff8-87dfa6a01831",
"created": "2022-07-02T04:22:03.1101Z",
"modified": "2022-07-02T04:22:03.1101Z",
"name": "Develop AI-Generated Text",
"description": "AI-generated texts refers to synthetic text composed by computers using text-generating AI technology. Autonomous generation refers to content created by a bot without human input, also known as bot-created content generation. Autonomous generation represents the next step in automation after language generation and may lead to automated journalism. An influence operation may use read fakes or autonomous generation to quickly develop and distribute content to the target audience.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0085.001.md",
"external_id": "T0085.001"
}
],
"object_marking_refs": [
"marking-definition--567482ec-6057-4575-b352-7626f286ff2b"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--33e1fede-238e-44d8-8a11-922687bb9e73.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--7d7902a5-c222-45e5-9d90-3fdabbbf3dac",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--33e1fede-238e-44d8-8a11-922687bb9e73",
"created_by_ref": "identity--a662f918-cc53-4251-b33c-ddf17b2470de",
"created": "2022-07-02T04:22:03.151809Z",
"modified": "2022-07-02T04:22:03.151809Z",
"name": "Content",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "assess-effectiveness"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0133.002.md",
"external_id": "T0133.002"
}
],
"object_marking_refs": [
"marking-definition--b85c8a28-f2b7-4a6a-b4cb-ce6c048c1aae"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--342d7f1b-2864-4daf-b3df-b25d0f9db021.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--5b38dd46-7b13-42d9-8659-fa38af0df642",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--342d7f1b-2864-4daf-b3df-b25d0f9db021",
"created_by_ref": "identity--a527dee3-824e-4e2b-8c19-53d888588b5d",
"created": "2022-07-02T04:22:03.122044Z",
"modified": "2022-07-02T04:22:03.122044Z",
"name": "Backstop personas ",
"description": "Create other assets/dossier/cover/fake relationships and/or connections or documents, sites, bylines, attributions, to establish/augment/inflate crediblity/believability",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-legitimacy"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0097.001.md",
"external_id": "T0097.001"
}
],
"object_marking_refs": [
"marking-definition--21d3146c-d134-47e3-8efd-e6008bfb3ca9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--613595af-7667-4975-b7d4-936e83b719eb.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--36291e89-6ea2-40d3-a50c-3908a5c0bc99.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--f36afc6e-7dcb-42e9-906a-fde1d2197271", "id": "bundle--e44d80fc-fd82-40af-852a-5f85810cd6dc",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--613595af-7667-4975-b7d4-936e83b719eb", "id": "attack-pattern--36291e89-6ea2-40d3-a50c-3908a5c0bc99",
"created_by_ref": "identity--1eed5b5c-1477-45fc-b170-6aa74f848d70", "created_by_ref": "identity--461e5e65-6430-4261-bf34-e1c7005aac64",
"created": "2022-07-01T17:31:14.95201Z", "created": "2022-07-02T04:22:03.081167Z",
"modified": "2022-07-01T17:31:14.95201Z", "modified": "2022-07-02T04:22:03.081167Z",
"name": "Segment Audiences", "name": "Segment Audiences",
"description": "TA13", "description": "TA13",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--8468f1d0-0a62-49ca-a117-69578133c28c" "marking-definition--e05f4c1b-05a0-4c94-9d8a-360ff3187774"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--c7f36ee6-b708-4c61-9ce8-bd461716bf9b.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--36a63293-15c7-4641-b676-7dc3818a48a9.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--49e526c9-d84b-4cd1-916f-c5928fdf8d81", "id": "bundle--d51e9bb6-fab8-4369-ae86-842621d03201",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--c7f36ee6-b708-4c61-9ce8-bd461716bf9b", "id": "attack-pattern--36a63293-15c7-4641-b676-7dc3818a48a9",
"created_by_ref": "identity--49769b3e-34b7-48e7-91fe-b111180641c3", "created_by_ref": "identity--bf099cbe-a53c-4e8d-a917-30e757cb5e59",
"created": "2022-07-01T17:31:14.954735Z", "created": "2022-07-02T04:22:03.083111Z",
"modified": "2022-07-01T17:31:14.954735Z", "modified": "2022-07-02T04:22:03.083111Z",
"name": "Dismay", "name": "Dismay",
"description": "TA02", "description": "TA02",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--52798030-d5af-4c74-959b-545d1de4a2fd" "marking-definition--3b3a7dc4-3a6c-4d1b-9223-cdf239b62306"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--37cc79df-c35b-4702-9ebf-1db6f6878df3.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--46f94cba-7048-4959-a343-079c0bc66647",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--37cc79df-c35b-4702-9ebf-1db6f6878df3",
"created_by_ref": "identity--ec0571bd-a615-4fec-bf8f-46d89505fdc4",
"created": "2022-07-02T04:22:03.121082Z",
"modified": "2022-07-02T04:22:03.121082Z",
"name": "Create a Content Farm",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0096.001.md",
"external_id": "T0096.001"
}
],
"object_marking_refs": [
"marking-definition--edc9e49f-bf53-4265-917c-be718b95e7f8"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--386a6daa-c8f0-4670-bba9-032268352689.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--00f61f95-8a6e-4c62-889e-15d702d2bedd",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--386a6daa-c8f0-4670-bba9-032268352689",
"created_by_ref": "identity--1480f942-a431-436e-b271-62f6f3535a6d",
"created": "2022-07-02T04:22:03.106864Z",
"modified": "2022-07-02T04:22:03.106864Z",
"name": "Demographic Segmentation",
"description": "An influence operation may target populations based on demographic segmentation, including age, gender, and income. Demographic segmentation may be useful for influence operations aiming to change state policies that affect a specific population sector. For example, an influence operation attempting to influence Medicare funding in the United States would likely target U.S. voters over 65 years of age. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0072.002.md",
"external_id": "T0072.002"
}
],
"object_marking_refs": [
"marking-definition--5f49ef6e-0170-43b1-a860-f4f6de42a9ea"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b33c0364-02e3-43c4-8cbd-f94fe47ca0d4.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--38ed6ccc-d02f-4b2b-82c1-1f004f0ab70a.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--9941e34f-68ee-4899-bdee-514893eec5c9", "id": "bundle--f868ea8e-5a07-4f2b-8f4b-daa82a01a050",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--b33c0364-02e3-43c4-8cbd-f94fe47ca0d4", "id": "attack-pattern--38ed6ccc-d02f-4b2b-82c1-1f004f0ab70a",
"created_by_ref": "identity--f78ec32c-d096-4aad-8a1b-be38aa979ba5", "created_by_ref": "identity--e16fdbc6-d28f-4fb4-853f-1926b2239460",
"created": "2022-07-01T17:31:14.946911Z", "created": "2022-07-02T04:22:03.077643Z",
"modified": "2022-07-01T17:31:14.946911Z", "modified": "2022-07-02T04:22:03.077643Z",
"name": "Use Search Engine Optimization", "name": "Use Search Engine Optimization",
"description": "TA08", "description": "TA08",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--a01e98c3-b2af-493c-b355-8a0c76f801f2" "marking-definition--a9a61ae8-9683-485e-aa42-d2afbaabe597"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--38ef9ff3-506f-4ce3-9653-475a20961d1a.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--aee9a605-e33c-4eac-a31f-d43b0e46f68e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--38ef9ff3-506f-4ce3-9653-475a20961d1a",
"created_by_ref": "identity--81be91a7-49ff-4930-9206-5cf038594821",
"created": "2022-07-02T04:22:03.127228Z",
"modified": "2022-07-02T04:22:03.127228Z",
"name": "Dating Apps",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "select-channels-and-affordances"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0104.002.md",
"external_id": "T0104.002"
}
],
"object_marking_refs": [
"marking-definition--75a5ef95-4487-405f-bb19-d9b9391e4dfd"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3942dc6a-1632-404a-ac65-e8c6b18a944b.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--f9c79e0e-95b6-44d9-b226-4e7763dbe471",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3942dc6a-1632-404a-ac65-e8c6b18a944b",
"created_by_ref": "identity--5cfcaf48-cfd4-48ef-8f20-224be4f6b04e",
"created": "2022-07-02T04:22:03.142594Z",
"modified": "2022-07-02T04:22:03.142594Z",
"name": "Encourage Physical Violence",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-offline-activity"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0127.002.md",
"external_id": "T0127.002"
}
],
"object_marking_refs": [
"marking-definition--cf763ecf-6930-4b34-8e34-e5a3fa489016"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3b38d150-4130-419c-9f99-24367d2b0483.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--b0d507c9-1cc9-4366-a7d7-e4ca88fc2c7e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3b38d150-4130-419c-9f99-24367d2b0483",
"created_by_ref": "identity--750a5055-5e07-43de-8ec0-0434758babab",
"created": "2022-07-02T04:22:03.136508Z",
"modified": "2022-07-02T04:22:03.136508Z",
"name": "Use Contests and Prizes",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0120.002.md",
"external_id": "T0120.002"
}
],
"object_marking_refs": [
"marking-definition--61b25d73-7627-4990-b947-d80c371a1e95"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3c485cd2-5a88-4fe4-81f2-3c3ae12de6ae.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--d8a1bd4c-31bb-428f-bfd1-a7ec7774c5b6",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3c485cd2-5a88-4fe4-81f2-3c3ae12de6ae",
"created_by_ref": "identity--da3dbbe7-fe6b-4c33-b191-31994dc43f5d",
"created": "2022-07-02T04:22:03.1085Z",
"modified": "2022-07-02T04:22:03.1085Z",
"name": "Develop Original Conspiracy Theory Narratives",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-narratives"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0022.002.md",
"external_id": "T0022.002"
}
],
"object_marking_refs": [
"marking-definition--a78a19bb-f4d9-405b-806e-ab3feb97a228"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--689eb2d8-1862-421f-96b8-d8f6cfca6004.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3cbdc5fc-976d-4264-9b9f-3657f6d81121.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--41e09b74-31bd-4ed0-b98e-e9cde81670c8", "id": "bundle--c7f86136-7a91-4d47-8ed6-9cd49aab357f",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--689eb2d8-1862-421f-96b8-d8f6cfca6004", "id": "attack-pattern--3cbdc5fc-976d-4264-9b9f-3657f6d81121",
"created_by_ref": "identity--058f1ecc-1754-4a5c-ac18-e7e65782ee7f", "created_by_ref": "identity--bc58f435-38a0-43a8-872a-2d210fd9b889",
"created": "2022-07-01T17:31:14.97739Z", "created": "2022-07-02T04:22:03.0992Z",
"modified": "2022-07-01T17:31:14.97739Z", "modified": "2022-07-02T04:22:03.0992Z",
"name": "Physical Violence", "name": "Physical Violence",
"description": "TA10", "description": "TA10",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--95c0fef7-d88a-4aaf-b5eb-5a80e0675fd2" "marking-definition--ee0aa1ee-fbc9-4403-a81a-8221eb70c6ba"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--8755a134-eb42-4d36-9010-8739e4dab224.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--3d2940d4-9e8b-4bad-aab8-3ac52b65c2ce.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--c4d3eb7e-18bc-45ae-9539-30cf999ee7f5", "id": "bundle--5f889896-1565-499d-ad53-6cf7eb20c31f",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--8755a134-eb42-4d36-9010-8739e4dab224", "id": "attack-pattern--3d2940d4-9e8b-4bad-aab8-3ac52b65c2ce",
"created_by_ref": "identity--a3f4af4e-8380-4573-abbb-bb51a359c450", "created_by_ref": "identity--c21779fb-809a-4561-8e69-d904f65ddc82",
"created": "2022-07-01T17:31:14.949709Z", "created": "2022-07-02T04:22:03.079565Z",
"modified": "2022-07-01T17:31:14.949709Z", "modified": "2022-07-02T04:22:03.079565Z",
"name": "Continue to Amplify", "name": "Continue to Amplify",
"description": "TA11", "description": "TA11",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--1f399ef7-7286-4f3d-9367-43382b6f1f17" "marking-definition--409c183e-7f53-4d8d-8bb4-7cfd49f07ff0"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--3f7ef990-a068-4591-bb39-374ba03e488e.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--a0078d08-a5b2-44f7-9168-02492767c46f",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--3f7ef990-a068-4591-bb39-374ba03e488e",
"created_by_ref": "identity--d7a9f0ab-41f5-4fa8-8e45-b1252a91fb6e",
"created": "2022-07-02T04:22:03.116872Z",
"modified": "2022-07-02T04:22:03.116872Z",
"name": "Create Sockpuppet Accounts",
"description": "Sockpuppet accounts refer to falsified accounts that either promote the influence operation\u2019s own material or attack critics of the material online. Individuals who control sockpuppet accounts also man at least one other user account.67 Sockpuppet accounts help legitimize operation narratives by providing an appearance of external support for the material and discrediting opponents of the operation. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0090.004.md",
"external_id": "T0090.004"
}
],
"object_marking_refs": [
"marking-definition--d0cf236d-6895-4ff5-9462-4a81418b78c0"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--cf8b18ff-c6c1-4e9d-9258-b44ae0f7cf74.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4063b46c-b959-4944-a569-37e88e497999.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--ed8083e6-beea-4619-ba6b-131256ba3123", "id": "bundle--4c585738-4e73-4d3f-aba9-d20f5243069b",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--cf8b18ff-c6c1-4e9d-9258-b44ae0f7cf74", "id": "attack-pattern--4063b46c-b959-4944-a569-37e88e497999",
"created_by_ref": "identity--52c44003-19df-4e31-bade-521bfd3156b8", "created_by_ref": "identity--16ac4005-1f90-4338-b93b-902a87581c22",
"created": "2022-07-01T17:31:14.978758Z", "created": "2022-07-02T04:22:03.100175Z",
"modified": "2022-07-01T17:31:14.978758Z", "modified": "2022-07-02T04:22:03.100175Z",
"name": "Conceal Infrastructure", "name": "Conceal Infrastructure",
"description": "TA11", "description": "TA11",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--3c03cdfb-e657-4705-b9a0-114cd269511b" "marking-definition--5aa4547d-f973-40f5-adf1-dbcc4cd7600d"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--407e28ba-d6d3-45eb-9c24-a7141b3e2155.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--7d22d0ea-0047-4a39-9ec1-f632dcf158b8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--407e28ba-d6d3-45eb-9c24-a7141b3e2155",
"created_by_ref": "identity--9f6c49e4-e237-4e30-b643-d8d3a2ac89f1",
"created": "2022-07-02T04:22:03.14865Z",
"modified": "2022-07-02T04:22:03.14865Z",
"name": "Use Shell Organizations",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0130.003.md",
"external_id": "T0130.003"
}
],
"object_marking_refs": [
"marking-definition--7e9edd4d-f64f-458c-8aab-a833859dc00e"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--41c46ffe-b2fe-49ef-9b93-3b92bcdb8dcd.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--9e3634b6-e95d-424a-8841-9e14dd7063e8",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--41c46ffe-b2fe-49ef-9b93-3b92bcdb8dcd",
"created_by_ref": "identity--500f0990-9baf-4b31-b824-b014a6165a7b",
"created": "2022-07-02T04:22:03.117581Z",
"modified": "2022-07-02T04:22:03.117581Z",
"name": "Recruit Partisans",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-social-assets"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0091.002.md",
"external_id": "T0091.002"
}
],
"object_marking_refs": [
"marking-definition--b6be45fc-aba1-4087-a9f9-8d20be5c950a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--da407a26-811d-48ae-b594-e3b71ad0679c.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--41e751ac-d098-48a5-b9a6-2f671ff9c035.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--5f21505b-ddb6-406d-8266-9f311466ca2a", "id": "bundle--f04e8884-a39c-4fb9-8133-fe6ab4e0447b",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--da407a26-811d-48ae-b594-e3b71ad0679c", "id": "attack-pattern--41e751ac-d098-48a5-b9a6-2f671ff9c035",
"created_by_ref": "identity--261b28e9-691b-42aa-9857-7cc963841711", "created_by_ref": "identity--69b8c806-3de4-4b21-9abd-00817341f626",
"created": "2022-07-01T17:31:14.948784Z", "created": "2022-07-02T04:22:03.078926Z",
"modified": "2022-07-01T17:31:14.948784Z", "modified": "2022-07-02T04:22:03.078926Z",
"name": "Organize Events", "name": "Organize Events",
"description": "TA10", "description": "TA10",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--3b63acbf-d66d-4026-a4fe-819b89ebf37b" "marking-definition--c1c812a2-5c51-49e6-b920-4da49282862a"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--7314dd7a-9b01-41fb-9f5b-58818fc6fa2e.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--42d2e081-acd9-4d7b-8f16-9e46a9d9a1ad.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--d63968e3-e164-4712-8856-76548d885d20", "id": "bundle--5b19110f-0cb9-4a71-9060-4f9473eedcda",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--7314dd7a-9b01-41fb-9f5b-58818fc6fa2e", "id": "attack-pattern--42d2e081-acd9-4d7b-8f16-9e46a9d9a1ad",
"created_by_ref": "identity--512391d4-fc49-4b7e-a60e-87607d188820", "created_by_ref": "identity--a9f223e2-c47e-415f-b66d-703b21539125",
"created": "2022-07-01T17:31:14.938962Z", "created": "2022-07-02T04:22:03.072086Z",
"modified": "2022-07-01T17:31:14.938962Z", "modified": "2022-07-02T04:22:03.072086Z",
"name": "Create inauthentic websites", "name": "Create inauthentic websites",
"description": "TA15", "description": "TA15",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--2244209c-7c6b-4f27-b714-2e6d618ee9de" "marking-definition--d47916c5-6f70-4705-99db-9f1bafbc9f08"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--44b60b3c-afea-40c5-8faa-afd31269e6da.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--d21a40bb-0b36-44a9-9460-12a4dfc00bac",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--44b60b3c-afea-40c5-8faa-afd31269e6da",
"created_by_ref": "identity--e172348d-34a8-40cc-9021-8d4ca61cd324",
"created": "2022-07-02T04:22:03.135547Z",
"modified": "2022-07-02T04:22:03.135547Z",
"name": "Post Across Platform",
"description": "nan",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "maximize-exposure"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0119.002.md",
"external_id": "T0119.002"
}
],
"object_marking_refs": [
"marking-definition--cab23df0-ef15-4651-b45e-d33a729f692c"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4699fa91-706b-4a8b-b253-fbbcf05f44c9.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--c45ee792-7da0-4b18-8f61-0227431b520d",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4699fa91-706b-4a8b-b253-fbbcf05f44c9",
"created_by_ref": "identity--bc415869-0cc0-47ef-9354-eb85469ffe10",
"created": "2022-07-02T04:22:03.103346Z",
"modified": "2022-07-02T04:22:03.103346Z",
"name": "Conduct Web Traffic Analysis",
"description": "An influence operation may conduct web traffic analysis to determine which search engines, keywords, websites, and advertisements gain the most traction with its target audience.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "target-audience-analysis"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0080.004.md",
"external_id": "T0080.004"
}
],
"object_marking_refs": [
"marking-definition--d15b9bec-1b95-49cc-919b-118748be8bc9"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--e36e2cb6-797a-4859-b40c-214065331ca9.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--46edb68e-0257-4bbc-8666-3ddb6260462a.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--8b517eaf-33f2-4301-a3a5-393f43e80543", "id": "bundle--d54e25bf-2b86-413b-9796-da5a9f02b948",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--e36e2cb6-797a-4859-b40c-214065331ca9", "id": "attack-pattern--46edb68e-0257-4bbc-8666-3ddb6260462a",
"created_by_ref": "identity--7c43dcf4-9445-4464-9cff-55b6d341cdc7", "created_by_ref": "identity--9cd87489-b096-4f17-9f92-fabd41080497",
"created": "2022-07-01T17:31:14.970415Z", "created": "2022-07-02T04:22:03.09435Z",
"modified": "2022-07-01T17:31:14.970415Z", "modified": "2022-07-02T04:22:03.09435Z",
"name": "Email", "name": "Email",
"description": "TA07", "description": "TA07",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--7c9af100-8d68-4ae2-a4d3-6e274a259cfa" "marking-definition--0b295746-495c-4d97-a8db-0c5977789060"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4787da40-8dc0-4a00-97a8-421e299b34bd.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--80390180-59e5-4fd2-9c4c-1112c040301e",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4787da40-8dc0-4a00-97a8-421e299b34bd",
"created_by_ref": "identity--c9d3ac87-ca0e-4703-b581-793934ff6cd1",
"created": "2022-07-02T04:22:03.143552Z",
"modified": "2022-07-02T04:22:03.143552Z",
"name": "Conceal Network Identity",
"description": "Concealing network identity aims to hide the existence an influence operation\u2019s network completely. Unlike concealing sponsorship, concealing network identity denies the existence of any sort of organization. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0128.002.md",
"external_id": "T0128.002"
}
],
"object_marking_refs": [
"marking-definition--565c628f-7851-4055-948a-df0d594a08bc"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--92a7837e-723e-408f-8c67-96d6c618f1b1.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--48d17a8e-898e-45fe-9d05-3f264445c63c.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--9325eb19-77a1-4502-b125-44ab475e93ac", "id": "bundle--2dc6d750-7e25-4f4f-8e24-93a2519e0748",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--92a7837e-723e-408f-8c67-96d6c618f1b1", "id": "attack-pattern--48d17a8e-898e-45fe-9d05-3f264445c63c",
"created_by_ref": "identity--e7a72b6f-7699-429d-9561-86d84cadc0f2", "created_by_ref": "identity--02ffcb17-e281-4840-acaf-8c8433210309",
"created": "2022-07-01T17:31:14.979667Z", "created": "2022-07-02T04:22:03.100815Z",
"modified": "2022-07-01T17:31:14.979667Z", "modified": "2022-07-02T04:22:03.100815Z",
"name": "Measure Performance", "name": "Measure Performance",
"description": "TA12", "description": "TA12",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--965d184e-c018-4188-ac1a-cd3c288112e7" "marking-definition--22ede23b-e9f5-4088-a50a-bb14fd1a06ec"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--48eedefd-139c-40f7-aa22-ba1cb4309929.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--5cfa8634-d1da-46a5-b0f1-c4064aca6305",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--48eedefd-139c-40f7-aa22-ba1cb4309929",
"created_by_ref": "identity--215ae8be-cd5c-423e-8544-77754395d4a9",
"created": "2022-07-02T04:22:03.144511Z",
"modified": "2022-07-02T04:22:03.144511Z",
"name": "Change Names of Accounts",
"description": "Changing names of accounts occurs when an operation changes the name of an existing social media account. An operation may change the names of its accounts throughout an operation to avoid detection or alter the names of newly acquired or repurposed accounts to fit operational narratives. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "persist-in-the-information-environment"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0128.005.md",
"external_id": "T0128.005"
}
],
"object_marking_refs": [
"marking-definition--341d5c91-8a26-4003-b588-db1cc4290d08"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--aa293cf3-593d-49b0-8ebc-c8d83226aa88.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4b08d625-9526-4617-bfb1-fb169298ee81.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--d70ea7cd-8452-4c48-b037-171a7da031a2", "id": "bundle--d75ecf57-6a54-4c2f-b607-a62338726733",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--aa293cf3-593d-49b0-8ebc-c8d83226aa88", "id": "attack-pattern--4b08d625-9526-4617-bfb1-fb169298ee81",
"created_by_ref": "identity--a69d76d1-4351-4ec1-85a8-3910528ecbc8", "created_by_ref": "identity--95d9a68a-7a96-4c0b-936c-0c77a4f8257f",
"created": "2022-07-01T17:31:14.941851Z", "created": "2022-07-02T04:22:03.074036Z",
"modified": "2022-07-01T17:31:14.941851Z", "modified": "2022-07-02T04:22:03.074036Z",
"name": "Generate information pollution", "name": "Generate information pollution",
"description": "TA06", "description": "TA06",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--65461393-7f2d-4000-b230-55cdb6275c19" "marking-definition--352c3cca-1077-4df3-b7d9-a9617913e5ce"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--9fd06db8-2f00-462d-b22d-94f47b72178c.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4ba887ca-bcfd-4966-b3b5-0ff968a7627f.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--caa8edd7-469e-488b-bae5-2b957cd44e09", "id": "bundle--a7883be7-6003-4e61-bd48-1887aaf4ca59",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--9fd06db8-2f00-462d-b22d-94f47b72178c", "id": "attack-pattern--4ba887ca-bcfd-4966-b3b5-0ff968a7627f",
"created_by_ref": "identity--6fd97d11-6549-4102-9bd8-8d0f9e70116d", "created_by_ref": "identity--35122bb0-23ae-4ced-ae58-cfa5d8afe02f",
"created": "2022-07-01T17:31:14.9361Z", "created": "2022-07-02T04:22:03.070144Z",
"modified": "2022-07-01T17:31:14.9361Z", "modified": "2022-07-02T04:22:03.070144Z",
"name": "Leverage Existing Narratives", "name": "Leverage Existing Narratives",
"description": "TA14", "description": "TA14",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--c68d5d70-7555-4bc2-b64c-910650503fdf" "marking-definition--2710f384-a856-4d93-ab2c-52e9b24a62ed"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4bf72d47-faa4-400a-bfd2-653372a15612.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--df2d0e87-8afa-478b-bd20-3499d51c0726",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4bf72d47-faa4-400a-bfd2-653372a15612",
"created_by_ref": "identity--337090d5-2f61-44a0-bd0d-3efc7fe7f81e",
"created": "2022-07-02T04:22:03.112332Z",
"modified": "2022-07-02T04:22:03.112332Z",
"name": "Develop AI-Generated Videos (Deepfakes)",
"description": "Deepfakes refer to AI-generated falsified photos, videos, or soundbites. An influence operation may use deepfakes to depict an inauthentic situation by synthetically recreating an individual\u2019s face, body, voice, and physical gestures.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0087.001.md",
"external_id": "T0087.001"
}
],
"object_marking_refs": [
"marking-definition--50c32158-242e-4de2-afde-dbc3be179189"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4c65eec8-13a3-4c89-8088-41db6e9e6381.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--3a5c2edf-1a86-4108-8487-cbb8f97f5254",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4c65eec8-13a3-4c89-8088-41db6e9e6381",
"created_by_ref": "identity--e809d292-a9fa-437f-9e53-ac020dae9fb9",
"created": "2022-07-02T04:22:03.113596Z",
"modified": "2022-07-02T04:22:03.113596Z",
"name": "Create fake research",
"description": "Create fake academic research. Example: fake social science research is often aimed at hot-button social issues such as gender, race and sexuality. Fake science research can target Climate Science debate or pseudoscience like anti-vaxx",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0019.001.md",
"external_id": "T0019.001"
}
],
"object_marking_refs": [
"marking-definition--941585e5-62fe-4586-a9de-558edbd9247e"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4ebcc4a4-ff0b-4275-963a-617cdd06a45a.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--7b2e98ff-32fa-456c-8545-d7c3704662fb",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4ebcc4a4-ff0b-4275-963a-617cdd06a45a",
"created_by_ref": "identity--699b2544-556e-444e-8007-c73e4f7aa7a4",
"created": "2022-07-02T04:22:03.108816Z",
"modified": "2022-07-02T04:22:03.108816Z",
"name": "Use Copypasta",
"description": "Copypasta refers to a piece of text that has been copied and pasted multiple times across various online platforms. A copypasta\u2019s final form may differ from its original source text as users add, delete, or otherwise edit the content as they repost the text. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "develop-content"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0084.001.md",
"external_id": "T0084.001"
}
],
"object_marking_refs": [
"marking-definition--d7055552-3041-4dc9-a230-e4e124f0846f"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--b7fc4282-5514-4c1d-be11-62d02e7e78cf.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--4f599cdb-9fe0-459b-9eeb-37b54db6605e.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--d39100f1-1b42-4147-a7af-0fb3bf8381ac", "id": "bundle--6a1f38d7-c5f3-487f-aaaa-3aaef8a06ecd",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--b7fc4282-5514-4c1d-be11-62d02e7e78cf", "id": "attack-pattern--4f599cdb-9fe0-459b-9eeb-37b54db6605e",
"created_by_ref": "identity--9b4b0a65-53dc-4d27-9ac1-b187189145f6", "created_by_ref": "identity--7affdd67-77d4-498b-97ec-c6ebaee6dd7e",
"created": "2022-07-01T17:31:14.973265Z", "created": "2022-07-02T04:22:03.096289Z",
"modified": "2022-07-01T17:31:14.973265Z", "modified": "2022-07-02T04:22:03.096289Z",
"name": "Amplify Existing Narrative", "name": "Amplify Existing Narrative",
"description": "TA17", "description": "TA17",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--5d568a18-4065-4b7b-849a-9c1ddaa6e1b9" "marking-definition--59b3c253-d2d2-4267-842c-151e4a15d672"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--4f6ea3bf-7423-4e21-a07f-8dbcc94cb3da.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fd57b310-d4ea-4a61-a319-cea7409f2314",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--4f6ea3bf-7423-4e21-a07f-8dbcc94cb3da",
"created_by_ref": "identity--e351e54d-bd4a-43e3-823c-c27f8f392a01",
"created": "2022-07-02T04:22:03.141303Z",
"modified": "2022-07-02T04:22:03.141303Z",
"name": "Pay for Physical Action",
"description": "Paying for physical action occurs when an influence operation pays individuals to act in the physical realm. An influence operation may pay for physical action to create specific situations and frame them in a way that supports operation narratives, for example, paying a group of people to burn a car to later post an image of the burning car and frame it as an act of protest. ",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "drive-offline-activity"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0057.001.md",
"external_id": "T0057.001"
}
],
"object_marking_refs": [
"marking-definition--86d83fcc-efd8-4453-851a-375e5a73022a"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--f3e80d10-e8f4-4302-9f4e-f0e68167c4c2.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--5279ebe3-f902-4f0b-a1ae-34a647b99df1.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--8f0f159c-ca7d-4adc-8ca2-063377010732", "id": "bundle--387c3fad-87bb-4d6c-9c3a-2c96d9cbd12d",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--f3e80d10-e8f4-4302-9f4e-f0e68167c4c2", "id": "attack-pattern--5279ebe3-f902-4f0b-a1ae-34a647b99df1",
"created_by_ref": "identity--8e01d1e1-b587-4a3f-b1a3-12b2a91b74e6", "created_by_ref": "identity--9a99a0b8-9e99-41a6-b80f-c1b710bc7887",
"created": "2022-07-01T17:31:14.971349Z", "created": "2022-07-02T04:22:03.09499Z",
"modified": "2022-07-01T17:31:14.971349Z", "modified": "2022-07-02T04:22:03.09499Z",
"name": "Deliver Ads", "name": "Deliver Ads",
"description": "TA09", "description": "TA09",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--7396226c-6037-4d7c-a4b5-85ef509a4fc4" "marking-definition--71b04a9e-f5d5-4822-a0e1-7db9f745560f"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--cf9c7ee9-35a7-4887-b694-8d7766134b4c.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--5396f0c0-9a8c-48c9-ba26-7c1cb8a4ddfb.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--41623477-cf93-473e-8aeb-bfaf06170249", "id": "bundle--d6b770c7-ffd3-4d86-9478-09ba9b1a8ddd",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--cf9c7ee9-35a7-4887-b694-8d7766134b4c", "id": "attack-pattern--5396f0c0-9a8c-48c9-ba26-7c1cb8a4ddfb",
"created_by_ref": "identity--0a317ec3-3c0a-4d89-bf66-dffcaa1d3a05", "created_by_ref": "identity--e7a82b59-1d03-4c90-8022-f6ca17d33c4f",
"created": "2022-07-01T17:31:14.952919Z", "created": "2022-07-02T04:22:03.081798Z",
"modified": "2022-07-01T17:31:14.952919Z", "modified": "2022-07-02T04:22:03.081798Z",
"name": "Determine Strategic Ends", "name": "Determine Strategic Ends",
"description": "TA01", "description": "TA01",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--95de1e56-03ed-410d-b540-76b9828cf28f" "marking-definition--d29e6e81-7178-44cb-82e5-4555d023e588"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--540e2d0d-4de2-4331-a130-ccbd14945e57.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fa634ad0-20bb-4f0a-b6e6-dc816b1b8982",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--540e2d0d-4de2-4331-a130-ccbd14945e57",
"created_by_ref": "identity--d57f8b7c-a1a0-4112-b156-cf7bcbe28b6e",
"created": "2022-07-02T04:22:03.102063Z",
"modified": "2022-07-02T04:22:03.102063Z",
"name": "Discredit Credible Sources",
"description": "Plan to delegitimize the media landscape and degrade public trust in reporting, by discrediting credible sources. This makes it easier to promote influence operation content.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "plan-objectives"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0075.001.md",
"external_id": "T0075.001"
}
],
"object_marking_refs": [
"marking-definition--7b979c8f-a880-406d-abcd-21c71f656171"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

14
generated_files/DISARM_STIX/attack-pattern/attack-pattern--35bd0849-8450-4ed3-ae0c-22eeee8c1164.json → generated_files/DISARM_STIX/attack-pattern/attack-pattern--5468558b-bbc8-49d6-af74-99450ca31dd3.json
View File

@ -1,14 +1,14 @@
{ {
"type": "bundle", "type": "bundle",
"id": "bundle--54951491-396b-4eb6-9b95-8cfb97065481", "id": "bundle--8388a330-6bb6-46f3-b7ed-56d3c65ea339",
"objects": [ "objects": [
{ {
"type": "attack-pattern", "type": "attack-pattern",
"spec_version": "2.1", "spec_version": "2.1",
"id": "attack-pattern--35bd0849-8450-4ed3-ae0c-22eeee8c1164", "id": "attack-pattern--5468558b-bbc8-49d6-af74-99450ca31dd3",
"created_by_ref": "identity--fd343676-2f6c-445f-b80a-3d2afefdf456", "created_by_ref": "identity--361ac418-44d7-484d-bae0-51abbfe90344",
"created": "2022-07-01T17:31:14.945086Z", "created": "2022-07-02T04:22:03.076286Z",
"modified": "2022-07-01T17:31:14.945086Z", "modified": "2022-07-02T04:22:03.076286Z",
"name": "Seed Kernel of truth", "name": "Seed Kernel of truth",
"description": "TA08", "description": "TA08",
"kill_chain_phases": [ "kill_chain_phases": [
@ -25,7 +25,7 @@
} }
], ],
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--2be8e0fd-49a5-407b-b5ec-5d87efac2165" "marking-definition--64eec2bb-aca1-4f71-ba4f-1ec00156c4f7"
], ],
"x_mitre_is_subtechnique": false, "x_mitre_is_subtechnique": false,
"x_mitre_platforms": [ "x_mitre_platforms": [
@ -33,7 +33,7 @@
"Linux", "Linux",
"Mac" "Mac"
], ],
"x_mitre_version": "1,0" "x_mitre_version": "1.0"
} }
] ]
} }

39
generated_files/DISARM_STIX/attack-pattern/attack-pattern--546ca620-e626-4a82-8e4d-74f4f99115a9.json Normal file
View File

@ -0,0 +1,39 @@
{
"type": "bundle",
"id": "bundle--fe6a1418-ec87-41e5-879a-52e8f5656cdf",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--546ca620-e626-4a82-8e4d-74f4f99115a9",
"created_by_ref": "identity--e6003b7e-b5ad-4631-90fc-4e2d5c731ea1",
"created": "2022-07-02T04:22:03.153388Z",
"modified": "2022-07-02T04:22:03.153388Z",
"name": "Social media engagement",
"description": "Monitor and evaluate social media engagement in misinformation incidents.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "assess-effectiveness"
}
],
"external_references": [
{
"source_name": "DISARM",
"url": "https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/T0134.002.md",
"external_id": "T0134.002"
}
],
"object_marking_refs": [
"marking-definition--60fcd5b8-9847-4f12-af20-2975c86fc2ae"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "1.0"
}
]
}

Some files were not shown because too many files have changed in this diff Show More