DISARMframeworks/generated_pages/disarm_red_framework.md
Mike Klein c888a7d6f4 subtechnique description updates
Updated subtechniques so that now all have a description. Also made slight name changes to a few techniques and subtechniques but retained the disarm_id and overall nature of all of them
2022-07-02 15:40:09 -04:00

24 KiB

DISARM Red framework: Latest Framework

TA01 Plan Strategy TA02 Plan Objectives TA05 Microtarget TA06 Develop Content TA07 Select Channels and Affordances TA08 Conduct Pump Priming TA09 Deliver Content TA10 Drive Offline Activity TA11 Persist in the Information Environment TA12 Assess Effectiveness TA13 Target Audience Analysis TA14 Develop Narratives TA15 Establish Social Assets TA16 Establish Legitimacy TA17 Maximize Exposure TA18 Drive Online Harms
T0073 Determine Target Audiences T0002 Facilitate State Propaganda T0016 Create Clickbait T0015 Create hashtags and search artifacts T0029 Online polls T0020 Trial content T0114 Deliver Ads T0017 Conduct fundraising T0059 Play the long game T0132 Measure Performance T0072 Segment Audiences T0003 Leverage Existing Narratives T0007 Create Inauthentic Social Media Pages and Groups T0009 Create fake experts T0049 Flooding the Information Space T0047 Censor social media as a political force
T0074 Determine Strategic Ends T0066 Degrade Adversary T0018 Purchase Targeted Advertisements T0019 Generate information pollution T0043 Chat apps T0039 Bait legitimate influencers T0114.001 Social media T0017.001 Conduct Crowdfunding Campaigns T0060 Continue to Amplify T0132.001 People Focused T0072.001 Geographic Segmentation T0004 Develop Competing Narratives T0010 Cultivate ignorant agents T0009.001 Utilize Academic/Pseudoscientific Justifications T0049.001 Trolls amplify and manipulate T0048 Harass
T0075 Dismiss T0101 Create Localized Content T0019.001 Create fake research T0043.001 Use Encrypted Chat Apps T0042 Seed Kernel of truth T0114.002 Traditional Media T0057 Organize Events T0128 Conceal People T0132.002 Content Focused T0072.002 Demographic Segmentation T0022 Leverage Conspiracy Theory Narratives T0013 Create inauthentic websites T0011 Compromise legitimate accounts T0049.002 Hijack existing hashtag T0048.001 Boycott/"Cancel" Opponents
T0075.001 Discredit Credible Sources T0102 Leverage Echo Chambers/Filter Bubbles T0019.002 Hijack Hashtags T0043.002 Use Unencrypted Chats Apps T0044 Seed distortions T0115 Post Content T0057.001 Pay for Physical Action T0128.001 Use Pseudonyms T0132.003 View Focused T0072.003 Economic Segmentation T0022.001 Amplify Existing Conspiracy Theory Narratives T0014 Prepare fundraising campaigns T0097 Create personas T0049.003 Bots Amplify via Automated Forwarding and Reposting T0048.002 Harass People Based on Identities
T0076 Distort T0102.001 Use existing Echo Chambers/Filter Bubbles T0023 Distort facts T0103 Livestream T0045 Use fake experts T0115.001 Share Memes T0057.002 Conduct Symbolic Action T0128.002 Conceal Network Identity T0133 Measure Effectiveness T0072.004 Psychographic Segmentation T0022.002 Develop Original Conspiracy Theory Narratives T0014.001 Raise funds from malign actors T0097.001 Backstop personas T0049.004 Utilize Spamoflauge T0048.003 Threaten to Dox
T0077 Distract T0102.002 Create Echo Chambers/Filter Bubbles T0023.001 Reframe Context T0103.001 Video Livestream T0046 Use Search Engine Optimization T0115.002 Post Violative Content to Provoke Takedown and Backlash T0061 Sell Merchandise T0128.003 Distance Reputable Individuals from Operation T0133.001 Behavior changes T0072.005 Political Segmentation T0040 Demand insurmountable proof T0014.002 Raise funds from ignorant agents T0098 Establish Inauthentic News Sites T0049.005 Conduct Swarming T0048.004 Dox
T0078 Dismay T0102.003 Exploit Data Voids T0023.002 Edit Open-Source Content T0103.002 Audio Livestream T0113 Employ Commercial Analytic Firms T0115.003 One-Way Direct Posting T0061.001 Sell Merchandise T0128.004 Launder Accounts T0133.002 Content T0080 Map Target Audience Information Environment T0068 Respond to Breaking News Event or Active Crisis T0065 Prepare Physical Broadcast Capabilities T0098.001 Create Inauthentic News Sites T0049.006 Conduct Keyword Squatting T0123 Control Information Environment through Offensive Cyberspace Operations
T0079 Divide T0084 Reuse Existing Content T0104 Social Networks T0116 Comment or Reply on Content T0126 Encourage Attendance at Events T0128.005 Change Names of Accounts T0133.003 Awareness T0080.001 Monitor Social Media Analytics T0082 Develop New Narratives T0090 Create Inauthentic Accounts T0098.002 Leverage Existing Inauthentic News Sites T0049.007 Inauthentic Sites Amplify News and Narratives T0123.001 Delete Opposing Content
T0084.001 Use Copypasta T0104.001 Mainstream Social Networks T0116.001 Post inauthentic social media comment T0126.001 Call to action to attend T0129 Conceal Operational Activity T0133.004 Knowledge T0080.002 Evaluate Media Surveys T0083 Integrate Target Audience Vulnerabilities into Narrative T0090.001 Create Anonymous Accounts T0099 Prepare Assets Impersonating Legitimate Entities T0118 Amplify Existing Narrative T0123.002 Block Content
T0084.002 Plagiarize Content T0104.002 Dating Apps T0117 Attract Traditional Media T0126.002 Facilitate logistics or support for attendance T0129.001 Conceal Network Identity T0133.005 Action/attitude T0080.003 Identify Trending Topics/Hashtags T0090.002 Create Cyborg Accounts T0099.001 Astroturfing T0119 Cross-Posting T0123.003 Destroy Information Generation Capabilities
T0084.003 Deceptively Labeled or Translated T0104.003 Private/Closed Social Networks T0127 Physical Violence T0129.002 Generate Content Unrelated to Narrative T0134 Measure Effectiveness Indicators (or KPIs) T0080.004 Conduct Web Traffic Analysis T0090.003 Create Bot Accounts T0099.002 Spoof/parody account/site T0119.001 Post Across Groups T0123.004 Conduct Server Redirect
T0084.004 Appropriate Content T0104.004 Interest-Based Networks T0127.001 Conduct Physical Violence T0129.003 Break Association with Content T0134.001 Message reach T0080.005 Assess Degree/Type of Media Access T0090.004 Create Sockpuppet Accounts T0100 Co-opt Trusted Sources T0119.002 Post Across Platform T0124 Suppress Opposition
T0085 Develop Text-based Content T0104.005 Use hashtags T0127.002 Encourage Physical Violence T0129.004 Delete URLs T0134.002 Social media engagement T0081 Identify Social and Technical Vulnerabilities T0091 Recruit malign actors T0100.001 Co-Opt Trusted Individuals T0119.003 Post Across Disciplines T0124.001 Report Non-Violative Opposing Content
T0085.001 Develop AI-Generated Text T0104.006 Create dedicated hashtag T0129.005 Coordinate on encrypted/closed networks T0081.001 Find Echo Chambers T0091.001 Recruit Contractors T0100.002 Co-Opt Grassroots Groups T0120 Incentivize Sharing T0124.002 Goad People into Harmful Action (Stop Hitting Yourself)
T0085.002 Develop False or Altered Documents T0105 Media Sharing Networks T0129.006 Deny involvement T0081.002 Identify Data Voids T0091.002 Recruit Partisans T0100.003 Co-opt Influencers T0120.001 Use Affiliate Marketing Programs T0124.003 Exploit Platform TOS/Content Moderation
T0085.003 Develop Inauthentic News Articles T0105.001 Photo Sharing T0129.007 Delete Accounts/Account Activity T0081.003 Identify Existing Prejudices T0091.003 Enlist Troll Accounts T0120.002 Use Contests and Prizes T0125 Platform Filtering
T0086 Develop Image-based Content T0105.002 Video Sharing T0129.008 Redirect URLs T0081.004 Identify Existing Fissures T0092 Build Network T0121 Manipulate Platform Algorithm
T0086.001 Develop Memes T0105.003 Audio sharing T0129.009 Remove Post Origins T0081.005 Identify Existing Conspiracy Narratives/Suspicions T0092.001 Create Organizations T0121.001 Bypass Content Blocking
T0086.002 Develop AI-Generated Images (Deepfakes) T0106 Discussion Forums T0129.010 Misattribute Activity T0081.006 Identify Wedge Issues T0092.002 Use Follow Trains T0122 Direct Users to Alternative Platforms
T0086.003 Deceptively Edit Images (Cheap fakes) T0106.001 Anonymous Message Boards T0130 Conceal Infrastructure T0081.007 Identify Target Audience Adversaries T0092.003 Create Community or Sub-group
T0086.004 Aggregate Information into Evidence Collages T0107 Bookmarking and Content Curation T0130.001 Conceal Sponsorship T0081.008 Identify Media System Vulnerabilities T0093 Acquire/Recruit Network
T0087 Develop Video-based Content T0108 Blogging and Publishing Networks T0130.002 Utilize Bulletproof Hosting T0093.001 Fund Proxies
T0087.001 Develop AI-Generated Videos (Deepfakes) T0109 Consumer Review Networks T0130.003 Use Shell Organizations T0093.002 Acquire Botnets
T0087.002 Deceptively Edit Video (Cheap fakes) T0110 Formal Diplomatic Channels T0130.004 Use Cryptocurrency T0094 Infiltrate Existing Networks
T0088 Develop Audio-based Content T0111 Traditional Media T0130.005 Obfuscate Payment T0094.001 Identify susceptible targets in networks
T0088.001 Develop AI-Generated Audio (Deepfakes) T0111.001 TV T0131 Exploit TOS/Content Moderation T0094.002 Utilize Butterfly Attacks
T0088.002 Deceptively Edit Audio (Cheap fakes) T0111.002 Newspaper T0131.001 Legacy web content T0095 Develop Owned Media Assets
T0089 Obtain Private Documents T0111.003 Radio T0131.002 Post Borderline Content T0096 Leverage Content Farms
T0089.001 Obtain Authentic Documents T0112 Email T0096.001 Create Content Farms
T0089.002 Create Inauthentic Documents T0096.002 Outsource Content Creation to External Organizations
T0089.003 Alter Authentic Documents