{
"type": "bundle",
"id": "bundle--a932f28d-15c1-4c31-bc02-2a8dee308d07",
"objects": [
{
"type": "attack-pattern",
"spec_version": "2.1",
"id": "attack-pattern--504c61d2-013a-49c5-89b3-c823aaa028fa",
"created_by_ref": "identity--f1a0f560-2d9e-4c5d-bf47-7e96e805de82",
"created": "2024-11-22T16:43:58.222498Z",
"modified": "2024-11-22T16:43:58.222498Z",
"name": "Scenery Account Imagery",
"description": "Scenery or nature used in account imagery.
An influence operation might flesh out its account by uploading account imagery (e.g. a profile picture), increasing its perceived authenticity.
People sometimes legitimately use images of scenery as their profile picture, and threat actors can mimic this behaviour to avoid the risk of detection associated with stealing or AI-generating profile pictures (see T0145.001: Copy Account Imagery and T0145.002: AI-Generated Account Imagery).
This Technique is often used by Coordinated Inauthentic Behaviour accounts (CIBs). A collection of accounts displaying the same behaviour using similar account imagery can indicate the presence of CIB.",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-attack",
"phase_name": "establish-assets"
}
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/techniques/T0145.004.md",
"external_id": "T0145.004"
}
],
"object_marking_refs": [
"marking-definition--f79f25d2-8b96-4580-b169-eb7b613a7c31"
],
"x_mitre_is_subtechnique": true,
"x_mitre_platforms": [
"Windows",
"Linux",
"Mac"
],
"x_mitre_version": "2.1"
}
]
}