{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Compare disarm versions" ] }, { "cell_type": "code", "execution_count": 3, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Current keys: dict_keys(['FRAMEWORK_ADMIN_README', 'FRAMEWORK_ADMIN CODES', 'phases', 'tactics', 'techniques', 'subtechniques', 'frameworks', 'tasks', 'detections', 'countermeasures', 'playbooks', 'responsetypes', 'metatechniques', 'actortypes', 'sectors', 'resources', 'MOE', 'MOP'])\n", "Old keys: dict_keys(['ADMIN_README', 'ADMIN CODES', 'phases', 'tactics', 'techniques', 'frameworks', 'tasks', 'detections', 'countermeasures', 'playbooks', 'responsetypes', 'metatechniques', 'actortypes', 'sectors', 'resources', 'MOE', 'MOP'])\n" ] } ], "source": [ "import pandas as pd\n", "\n", "MASTERDATA_DIR = '../DISARM_MASTER_DATA/'\n", "frameworkfile = MASTERDATA_DIR + 'DISARM_FRAMEWORKS_MASTER.xlsx'\n", "oldframefile = MASTERDATA_DIR + '2022-06-30_DISARM_0_1/DISARM_FRAMEWORKS_MASTER_0_1.xlsx'\n", "oldframefile = 'AMITT_FRAMEWORKS_MASTER.xlsx'\n", "\n", "def create_excel_metadata(frameworkfile):\n", " metadata = {}\n", " xlsx = pd.ExcelFile(frameworkfile)\n", " for sheetname in xlsx.sheet_names:\n", " metadata[sheetname] = xlsx.parse(sheetname)\n", " metadata[sheetname].fillna('', inplace=True)\n", " metadata[sheetname].rename(columns={'amitt_id': 'disarm_id'}, inplace=True)\n", " return metadata\n", "\n", "def check_version_descriptions(df1, df2):\n", " merge = df1.merge(df2, on='disarm_id')\n", " merge['name_changed'] = merge['name_x'] != merge['name_y']\n", " merge['summary_changed'] = merge['summary_x'] != merge['summary_y']\n", " return merge[(merge['name_changed']) | (merge['summary_changed'])][['disarm_id', 'name_changed', 'summary_changed', 'name_x', \n", " 'name_y', 'summary_x', 'summary_y']]\n", "\n", "metadata = create_excel_metadata(frameworkfile)\n", "oldmeta = create_excel_metadata(oldframefile)\n", "print('Current keys: {}'.format(metadata.keys()))\n", "print('Old keys: {}'.format(oldmeta.keys()))" ] }, { "cell_type": "code", "execution_count": 7, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
disarm_idname_changedsummary_changedname_xname_ysummary_xsummary_ytype
3P04FalseTrueAssessAssessEvaluate effectiveness of action, for use in f...Evaluate effectiveness of action, for use in f...phase
\n", "
" ], "text/plain": [ " disarm_id name_changed summary_changed name_x name_y \\\n", "3 P04 False True Assess Assess \n", "\n", " summary_x \\\n", "3 Evaluate effectiveness of action, for use in f... \n", "\n", " summary_y type \n", "3 Evaluate effectiveness of action, for use in f... phase " ] }, "execution_count": 7, "metadata": {}, "output_type": "execute_result" } ], "source": [ "dfchanges = pd.DataFrame([])\n", "changes = check_version_descriptions(metadata['phases'], oldmeta['phases'])\n", "changes['type'] = 'phase'\n", "dfchanges = changes\n", "changes" ] }, { "cell_type": "code", "execution_count": 9, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
disarm_idname_changedsummary_changedname_xname_ysummary_xsummary_ytype
0TA01TrueFalsePlan StrategyStrategic PlanningDefine the desired end state, i.e. the set of ...Define the desired end state, i.e. the set of ...tactic
1TA02TrueTruePlan ObjectivesObjective PlanningSet clearly defined, measurable, and achievabl...Set clearly defined, measurable, and achievabl...tactic
2TA05TrueFalseMicrotargetMicrotargetingTarget very specific populations of peopleTarget very specific populations of peopletactic
3TA06FalseTrueDevelop ContentDevelop ContentCreate or acquire text, images, and other contentCreate and acquire content used in incidenttactic
4TA07TrueTrueSelect Channels and AffordancesChannel SelectionSelecting platforms and affordances assesses w...Set up specific delivery, amplification and ma...tactic
5TA08TrueTrueConduct Pump PrimingPump PrimingRelease content on a targetted small scale, pr...Release content on a targetted small scale, pr...tactic
6TA09TrueTrueDeliver ContentExposureRelease content to general public or larger po...Release content to general public or push to l...tactic
7TA10TrueTrueDrive Offline ActivityGo PhysicalMove incident/campaign from online to offline....Move incident into offline worldtactic
8TA11TrueTruePersist in the Information EnvironmentPersistencePersist in the Information Space refers to tak...Keep incident 'alive', beyond the incident cre...tactic
9TA12TrueTrueAssess EffectivenessMeasure EffectivenessAssess effectiveness of action, for use in fut...Measure effectiveness of incident, for use in ...tactic
\n", "
" ], "text/plain": [ " disarm_id name_changed summary_changed \\\n", "0 TA01 True False \n", "1 TA02 True True \n", "2 TA05 True False \n", "3 TA06 False True \n", "4 TA07 True True \n", "5 TA08 True True \n", "6 TA09 True True \n", "7 TA10 True True \n", "8 TA11 True True \n", "9 TA12 True True \n", "\n", " name_x name_y \\\n", "0 Plan Strategy Strategic Planning \n", "1 Plan Objectives Objective Planning \n", "2 Microtarget Microtargeting \n", "3 Develop Content Develop Content \n", "4 Select Channels and Affordances Channel Selection \n", "5 Conduct Pump Priming Pump Priming \n", "6 Deliver Content Exposure \n", "7 Drive Offline Activity Go Physical \n", "8 Persist in the Information Environment Persistence \n", "9 Assess Effectiveness Measure Effectiveness \n", "\n", " summary_x \\\n", "0 Define the desired end state, i.e. the set of ... \n", "1 Set clearly defined, measurable, and achievabl... \n", "2 Target very specific populations of people \n", "3 Create or acquire text, images, and other content \n", "4 Selecting platforms and affordances assesses w... \n", "5 Release content on a targetted small scale, pr... \n", "6 Release content to general public or larger po... \n", "7 Move incident/campaign from online to offline.... \n", "8 Persist in the Information Space refers to tak... \n", "9 Assess effectiveness of action, for use in fut... \n", "\n", " summary_y type \n", "0 Define the desired end state, i.e. the set of ... tactic \n", "1 Set clearly defined, measurable, and achievabl... tactic \n", "2 Target very specific populations of people tactic \n", "3 Create and acquire content used in incident tactic \n", "4 Set up specific delivery, amplification and ma... tactic \n", "5 Release content on a targetted small scale, pr... tactic \n", "6 Release content to general public or push to l... tactic \n", "7 Move incident into offline world tactic \n", "8 Keep incident 'alive', beyond the incident cre... tactic \n", "9 Measure effectiveness of incident, for use in ... tactic " ] }, "execution_count": 9, "metadata": {}, "output_type": "execute_result" } ], "source": [ "changes = check_version_descriptions(metadata['tactics'], oldmeta['tactics'])\n", "changes['type'] = 'tactic'\n", "dfchanges = pd.concat([dfchanges, changes])\n", "changes" ] }, { "cell_type": "code", "execution_count": 10, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
disarm_idname_changedsummary_changedname_xname_ysummary_xsummary_ytype
2T0004TrueTrueDevelop Competing NarrativesCompeting NarrativesAdvance competing narratives connected to same...Advance competing narratives connected to same...technique
3T0007TrueTrueCreate Inauthentic Social Media Pages and GroupsCreate fake Social Media Profiles / Pages / Gr...Create key social engineering assets needed to...Create key social engineering assets needed to...technique
6T0011TrueTrueCompromise legitimate accountsHijack legitimate accountHack or take over legimate accounts to distrib...Hack or take over legimate accounts to distrib...technique
7T0013TrueTrueCreate inauthentic websitesCreate fake websitesCreate media assets to support inauthentic org...Create media assets to support fake organizati...technique
8T0014TrueTruePrepare fundraising campaignsCreate funding campaignsFundraising campaigns refer to an influence op...Generate revenue through online funding campai...technique
9T0015TrueTrueCreate hashtags and search artifactsCreate hashtagCreate one or more hashtags and/or hashtag gro...Many incident-based campaigns will create a ha...technique
10T0016TrueTrueCreate ClickbaitClickbaitCreate attention grabbing headlines (outrage, ...Create attention grabbing headlines (outrage, ...technique
11T0017TrueTrueConduct fundraisingPromote online fundingFundraising campaigns refer to an influence op...Drive traffic/engagement to funding campaign s...technique
12T0018TrueFalsePurchase Targeted AdvertisementsPaid targeted adsCreate or fund advertisements targeted at spec...Create or fund advertisements targeted at spec...technique
15T0022TrueTrueLeverage Conspiracy Theory NarrativesConspiracy narratives\"Conspiracy narratives\" appeal to the human de...\"Conspiracy narratives appeal to the human des...technique
17T0029TrueFalseOnline pollsManipulate online pollsCreate fake online polls, or manipulate existi...Create fake online polls, or manipulate existi...technique
18T0040TrueFalseDemand insurmountable proofDemand unsurmountable proofCampaigns often leverage tactical and informat...Campaigns often leverage tactical and informat...technique
19T0042TrueTrueSeed Kernel of truthKernel of TruthWrap lies or altered context/facts around trut...Wrap lies or altered context/facts around trut...technique
20T0043TrueTrueChat appsUse SMS/ WhatsApp/ Chat appsDirect messaging via chat app is an increasing...Direct messaging via encypted app is an increa...technique
22T0045FalseTrueUse fake expertsUse fake expertsUse the fake experts that were set up during E...Use the fake experts that were set up in T0009...technique
23T0046TrueFalseUse Search Engine OptimizationSearch Engine OptimizationManipulate content engagement metrics (ie: Red...Manipulate content engagement metrics (ie: Red...technique
24T0047TrueTrueCensor social media as a political forceMuzzle social media as a political forceUse political influence or the power of state ...Use political influence or the power of state ...technique
25T0048TrueTrueHarassCow online opinion leadersThreatening or harassing believers of opposing...Intimidate, coerce, threaten critics/dissident...technique
26T0049TrueTrueFlooding the Information SpaceFloodingFlooding and/or mobbing social media channels ...Flooding and/or mobbing social media channels ...technique
27T0057TrueTrueOrganize EventsOrganise remote rallies and eventsCoordinate and promote real-world events acros...Coordinate and promote real-world events acros...technique
28T0059FalseTruePlay the long gamePlay the long gamePlay the long game refers to two phenomena: 1....Play the long game can mean a couple of things...technique
29T0060TrueFalseContinue to AmplifyContinue to amplifycontinue narrative or message amplification af...continue narrative or message amplification af...technique
30T0061TrueTrueSell MerchandiseSell merchandisingSell mechandise refers to getting the message ...Sell hats, t-shirts, flags and other branded c...technique
\n", "
" ], "text/plain": [ " disarm_id name_changed summary_changed \\\n", "2 T0004 True True \n", "3 T0007 True True \n", "6 T0011 True True \n", "7 T0013 True True \n", "8 T0014 True True \n", "9 T0015 True True \n", "10 T0016 True True \n", "11 T0017 True True \n", "12 T0018 True False \n", "15 T0022 True True \n", "17 T0029 True False \n", "18 T0040 True False \n", "19 T0042 True True \n", "20 T0043 True True \n", "22 T0045 False True \n", "23 T0046 True False \n", "24 T0047 True True \n", "25 T0048 True True \n", "26 T0049 True True \n", "27 T0057 True True \n", "28 T0059 False True \n", "29 T0060 True False \n", "30 T0061 True True \n", "\n", " name_x \\\n", "2 Develop Competing Narratives \n", "3 Create Inauthentic Social Media Pages and Groups \n", "6 Compromise legitimate accounts \n", "7 Create inauthentic websites \n", "8 Prepare fundraising campaigns \n", "9 Create hashtags and search artifacts \n", "10 Create Clickbait \n", "11 Conduct fundraising \n", "12 Purchase Targeted Advertisements \n", "15 Leverage Conspiracy Theory Narratives \n", "17 Online polls \n", "18 Demand insurmountable proof \n", "19 Seed Kernel of truth \n", "20 Chat apps \n", "22 Use fake experts \n", "23 Use Search Engine Optimization \n", "24 Censor social media as a political force \n", "25 Harass \n", "26 Flooding the Information Space \n", "27 Organize Events \n", "28 Play the long game \n", "29 Continue to Amplify \n", "30 Sell Merchandise \n", "\n", " name_y \\\n", "2 Competing Narratives \n", "3 Create fake Social Media Profiles / Pages / Gr... \n", "6 Hijack legitimate account \n", "7 Create fake websites \n", "8 Create funding campaigns \n", "9 Create hashtag \n", "10 Clickbait \n", "11 Promote online funding \n", "12 Paid targeted ads \n", "15 Conspiracy narratives \n", "17 Manipulate online polls \n", "18 Demand unsurmountable proof \n", "19 Kernel of Truth \n", "20 Use SMS/ WhatsApp/ Chat apps \n", "22 Use fake experts \n", "23 Search Engine Optimization \n", "24 Muzzle social media as a political force \n", "25 Cow online opinion leaders \n", "26 Flooding \n", "27 Organise remote rallies and events \n", "28 Play the long game \n", "29 Continue to amplify \n", "30 Sell merchandising \n", "\n", " summary_x \\\n", "2 Advance competing narratives connected to same... \n", "3 Create key social engineering assets needed to... \n", "6 Hack or take over legimate accounts to distrib... \n", "7 Create media assets to support inauthentic org... \n", "8 Fundraising campaigns refer to an influence op... \n", "9 Create one or more hashtags and/or hashtag gro... \n", "10 Create attention grabbing headlines (outrage, ... \n", "11 Fundraising campaigns refer to an influence op... \n", "12 Create or fund advertisements targeted at spec... \n", "15 \"Conspiracy narratives\" appeal to the human de... \n", "17 Create fake online polls, or manipulate existi... \n", "18 Campaigns often leverage tactical and informat... \n", "19 Wrap lies or altered context/facts around trut... \n", "20 Direct messaging via chat app is an increasing... \n", "22 Use the fake experts that were set up during E... \n", "23 Manipulate content engagement metrics (ie: Red... \n", "24 Use political influence or the power of state ... \n", "25 Threatening or harassing believers of opposing... \n", "26 Flooding and/or mobbing social media channels ... \n", "27 Coordinate and promote real-world events acros... \n", "28 Play the long game refers to two phenomena: 1.... \n", "29 continue narrative or message amplification af... \n", "30 Sell mechandise refers to getting the message ... \n", "\n", " summary_y type \n", "2 Advance competing narratives connected to same... technique \n", "3 Create key social engineering assets needed to... technique \n", "6 Hack or take over legimate accounts to distrib... technique \n", "7 Create media assets to support fake organizati... technique \n", "8 Generate revenue through online funding campai... technique \n", "9 Many incident-based campaigns will create a ha... technique \n", "10 Create attention grabbing headlines (outrage, ... technique \n", "11 Drive traffic/engagement to funding campaign s... technique \n", "12 Create or fund advertisements targeted at spec... technique \n", "15 \"Conspiracy narratives appeal to the human des... technique \n", "17 Create fake online polls, or manipulate existi... technique \n", "18 Campaigns often leverage tactical and informat... technique \n", "19 Wrap lies or altered context/facts around trut... technique \n", "20 Direct messaging via encypted app is an increa... technique \n", "22 Use the fake experts that were set up in T0009... technique \n", "23 Manipulate content engagement metrics (ie: Red... technique \n", "24 Use political influence or the power of state ... technique \n", "25 Intimidate, coerce, threaten critics/dissident... technique \n", "26 Flooding and/or mobbing social media channels ... technique \n", "27 Coordinate and promote real-world events acros... technique \n", "28 Play the long game can mean a couple of things... technique \n", "29 continue narrative or message amplification af... technique \n", "30 Sell hats, t-shirts, flags and other branded c... technique " ] }, "execution_count": 10, "metadata": {}, "output_type": "execute_result" } ], "source": [ "changes = check_version_descriptions(metadata['techniques'], oldmeta['techniques'])\n", "changes['type'] = 'technique'\n", "dfchanges = pd.concat([dfchanges, changes])\n", "changes" ] }, { "cell_type": "code", "execution_count": 11, "metadata": {}, "outputs": [], "source": [ "dfchanges.to_csv('temp_versionchanges.csv', index=False)" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [] } ], "metadata": { "kernelspec": { "display_name": "Python 3", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.8.3" } }, "nbformat": 4, "nbformat_minor": 4 }