mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-25 16:27:19 +00:00
2365 lines
74 KiB
JSON
2365 lines
74 KiB
JSON
{
|
||
"authors": [
|
||
"DISARM Project"
|
||
],
|
||
"category": "disarm",
|
||
"description": "DISARM is a framework designed for describing and understanding disinformation incidents.",
|
||
"name": "Detections",
|
||
"source": "https://github.com/DISARMFoundation/DISARMframeworks",
|
||
"type": "disarm-detections",
|
||
"uuid": "98e0cf8c-baee-5b01-aca3-dd94a894aee3",
|
||
"values": [
|
||
{
|
||
"description": "Examine failed campaigns. How did they fail? Can we create useful activities that increase these failures?",
|
||
"meta": {
|
||
"external_id": "F00001",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00001.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "75e69ae8-aa72-5649-9a7a-6c21caa81cc6",
|
||
"value": "Analyse aborted / failed campaigns"
|
||
},
|
||
{
|
||
"description": "We have no idea what this means. Is it something to do with the way a viral story spreads?",
|
||
"meta": {
|
||
"external_id": "F00002",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00002.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "ee7bc41a-9eb0-5732-924a-3885e1c3bee9",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "1d6622ba-a713-5133-9017-8eef36469936",
|
||
"value": "Analyse viral fizzle"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00003",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00003.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "7f6b7a65-046f-5f9e-b802-e5c772c5d9e5",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "fc5cee09-da90-5abc-a72a-7791171e354f",
|
||
"value": "Exploit counter-intelligence vs bad actors"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00004",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00004.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "26c314bb-ed05-5dbe-b672-c16c2f0fff52",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "8e0b3604-c03c-5772-bccc-3a381ea6300a",
|
||
"value": "Recruit like-minded converts \"people who used to be in-group\""
|
||
},
|
||
{
|
||
"description": "Strengths, Weaknesses, Opportunities, Threats analysis of groups and audience segments.",
|
||
"meta": {
|
||
"external_id": "F00005",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00005.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "ed6b8d9b-7b00-5b8d-9644-137b70d8d198",
|
||
"value": "SWOT Analysis of Cognition in Various Groups"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00006",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00006.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "0962328a-43c0-5604-b75e-44e4237f2b04",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "d11d48e6-b484-5da2-8ac5-1de1fa42e459",
|
||
"value": "SWOT analysis of tech platforms"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00007",
|
||
"kill_chain": [
|
||
"tactics:Plan Objectives",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00007.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "4dbdd122-0e9d-5f8c-82ae-cd319c769a7f",
|
||
"value": "Monitor account level activity in social networks"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00008",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00008.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "757ea53c-68b7-52dd-88ed-a8a95fe52fdf",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "78e3e29a-4ab7-5880-88f8-c85ff323e240",
|
||
"value": "Detect abnormal amplification"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00009",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00009.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "e3cbbc7a-da73-50fb-9893-4ce88edb211f",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "42827d89-3a37-568e-9de3-8ebd379c3d8f",
|
||
"value": "Detect abnormal events"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00010",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00010.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "e3cbbc7a-da73-50fb-9893-4ce88edb211f",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "e39234ab-979c-51c8-8f34-5a9337bd030e",
|
||
"value": "Detect abnormal groups"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00011",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00011.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "e3cbbc7a-da73-50fb-9893-4ce88edb211f",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "6fc10d9d-96a5-5ae1-a0f7-0136a9819a6e",
|
||
"value": "Detect abnormal pages"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00012",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00012.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "e3cbbc7a-da73-50fb-9893-4ce88edb211f",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "345ea7b9-1504-57cf-9c8f-7b01613d89e6",
|
||
"value": "Detect abnormal profiles, e.g. prolific pages/ groups/ people"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00013",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00013.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "56b88516-ae4c-5176-b6ed-6e9be91ce898",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "efa0a8ef-9167-5727-925e-fc347a5eaf43",
|
||
"value": "Identify fake news sites"
|
||
},
|
||
{
|
||
"description": "for e.g. fake news sites",
|
||
"meta": {
|
||
"external_id": "F00014",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00014.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "56b88516-ae4c-5176-b6ed-6e9be91ce898",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "17929228-9855-58ee-877f-d887300be287",
|
||
"value": "Trace connections"
|
||
},
|
||
{
|
||
"description": "I include Fake Experts as they may use funding campaigns such as Patreon to fund their operations and so these should be watched.",
|
||
"meta": {
|
||
"external_id": "F00015",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00015.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "2d40a01e-41a9-513a-bf0b-694dc0a87f8e",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "6c2a5bff-9b42-5dc2-8d0d-a782dc597eec",
|
||
"value": "Detect anomalies in membership growth patterns"
|
||
},
|
||
{
|
||
"description": "Note: In each case, depending on the platform there may be a way to identify a fence-sitter. For example, online polls may have a neutral option or a \"somewhat this-or-that\" option, and may reveal who voted for that to all visitors. This information could be of use to data analysts. In TA08-11, the engagement level of victims could be identified to detect and respond to increasing engagement.",
|
||
"meta": {
|
||
"external_id": "F00016",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00016.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "5662c61e-eb2b-5710-8148-61457483efcc",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "e680c5ac-0f33-508f-aaf5-6af31e227b00",
|
||
"value": "Identify fence-sitters"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00017",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00017.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "aaaef5e2-4d1b-5fb6-ba0b-f79f2d3f4a2a",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "a99c9858-85f8-5344-a23f-3a5b44438e84",
|
||
"value": "Measure emotional valence"
|
||
},
|
||
{
|
||
"description": "track funding sources",
|
||
"meta": {
|
||
"external_id": "F00018",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00018.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "29768133-b941-5974-ab10-c15bbb86e387",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "25ca7eff-d789-5c36-a49d-34194b7246d4",
|
||
"value": "Follow the money"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00019",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00019.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d05396d6-9701-5ce3-a6cd-abff224310ae",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "f8cab1cc-c87e-5338-90bc-18d071a01601",
|
||
"value": "Activity resurgence detection (alarm when dormant accounts become activated)"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00020",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00020.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d05396d6-9701-5ce3-a6cd-abff224310ae",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||
"type": "detected-by"
|
||
},
|
||
{
|
||
"dest-uuid": "f6c98378-65be-5f14-af3e-326909d70d77",
|
||
"type": "detected-by"
|
||
},
|
||
{
|
||
"dest-uuid": "667967b8-b3f1-55ad-8f8a-8c43c1290e6e",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "187285bb-a282-5a6a-833e-01d9744165c4",
|
||
"value": "Detect anomalous activity"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00021",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00021.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a4d157eb-c3be-5119-9d59-7f7421f47bbd",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "517e09d2-b9ce-5840-ab94-b77d1a7ddf40",
|
||
"value": "AI/ML automated early detection of campaign planning"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00022",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00022.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "bc159c39-4d1c-5e94-8e5d-c14b4dfa40f3",
|
||
"value": "Digital authority - regulating body (united states)"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00023",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00023.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d05396d6-9701-5ce3-a6cd-abff224310ae",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "5012f883-a0ae-5181-bc69-d74b55b44d38",
|
||
"value": "Periodic verification (counter to hijack legitimate account)"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00024",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00024.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "8d1ec719-9eec-516e-8abc-7dbb94137350",
|
||
"value": "Teach civics to kids/ adults/ seniors"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00025",
|
||
"kill_chain": [
|
||
"tactics:Microtarget",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00025.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b8aee2a9-a979-5cd7-9c69-af4ad4adffea",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "d70d7b69-1a2d-5b50-bf4f-2e2bcb36742a",
|
||
"value": "Boots-on-the-ground early narrative detection"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00026",
|
||
"kill_chain": [
|
||
"tactics:Microtarget",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00026.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "41ac8307-9432-5d65-9b81-81585f164c1e",
|
||
"value": "Language anomoly detection"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00027",
|
||
"kill_chain": [
|
||
"tactics:Microtarget",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00027.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "7866585b-dcb2-564e-91f9-b7daa3ef9bf6",
|
||
"value": "Unlikely correlation of sentiment on same topics"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00028",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00028.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "16146867-6f52-5a3c-bc2a-139755044726",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "3724243e-6335-5bd5-9e18-39103748b7e0",
|
||
"value": "Associate a public key signature with government documents"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00029",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00029.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b8aee2a9-a979-5cd7-9c69-af4ad4adffea",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "170353ca-dd6b-5328-b34d-9fbcf13123c3",
|
||
"value": "Detect proto narratives, i.e. RT, Sputnik"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00030",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00030.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a4d157eb-c3be-5119-9d59-7f7421f47bbd",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "b4558055-afb8-52af-9f34-209f461da93a",
|
||
"value": "Early detection and warning - reporting of suspect content"
|
||
},
|
||
{
|
||
"description": "Strategic planning included as innoculating population has strategic value.",
|
||
"meta": {
|
||
"external_id": "F00031",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00031.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b8aee2a9-a979-5cd7-9c69-af4ad4adffea",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "654777aa-9c4d-5df0-961b-a04967f8b997",
|
||
"value": "Educate on how to identify information pollution"
|
||
},
|
||
{
|
||
"description": "DUPLICATE - DELETE",
|
||
"meta": {
|
||
"external_id": "F00032",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00032.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "3dbf1a2c-e225-50e5-8b24-32acad74cd5a",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "5ecd72f3-7085-599d-b8b2-fb9f98ee2529",
|
||
"value": "Educate on how to identify to pollution"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00033",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00033.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "534951bc-8d1e-58be-b051-c9243eac96fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "594ec374-28b9-5191-8bb7-edd9196daf4e",
|
||
"value": "Fake websites: add transparency on business model"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00034",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00034.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "ee7bc41a-9eb0-5732-924a-3885e1c3bee9",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "ea1d787b-61f7-5fd6-8c52-54a64006e260",
|
||
"value": "Flag the information spaces so people know about active flooding effort"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00035",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00035.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b8aee2a9-a979-5cd7-9c69-af4ad4adffea",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "822de3d6-7c85-56ff-ba4e-3e6b7b5a3a0c",
|
||
"value": "Identify repeated narrative DNA"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00036",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00036.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "635f5592-0e2a-5f06-b164-c5af2ec9ef5e",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "30be4903-350a-505c-9166-fa65b8894778",
|
||
"value": "Looking for AB testing in unregulated channels"
|
||
},
|
||
{
|
||
"description": "Original Comment: Shortcomings: intentional falsehood. Doesn't solve accuracy. Can't be mandatory. Technique should be in terms of \"strategic innoculation\", raising the standards of what people expect in terms of evidence when consuming news.",
|
||
"meta": {
|
||
"external_id": "F00037",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00037.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "b8aee2a9-a979-5cd7-9c69-af4ad4adffea",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "b0bbccef-6728-51c8-a7e7-86c0f6526572",
|
||
"value": "News content provenance certification."
|
||
},
|
||
{
|
||
"description": "Unsure I understood the original intention or what it applied to. Therefore the techniques listed (10, 39, 43, 57, 61) are under my interpretation - which is that we want to track ignorant agents who fall into the enemy's trap and show a cost to financing/reposting/helping the adversary via public shaming or other means.",
|
||
"meta": {
|
||
"external_id": "F00038",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00038.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "39baec3d-f2ce-5fee-ba7d-3db7d6469946",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "8c281e28-298e-5c1b-8e44-f768006d6c26",
|
||
"value": "Social capital as attack vector"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00039",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00039.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "4bdf195b-123b-541e-8003-184ebb595066",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "a1295bd6-ff4a-5cec-ac9a-54eac5aea88a",
|
||
"value": "standards to track image/ video deep fakes - industry"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00040",
|
||
"kill_chain": [
|
||
"tactics:Develop Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00040.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "4bdf195b-123b-541e-8003-184ebb595066",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "b0b46532-aa0f-5198-bae7-29ca673ec691",
|
||
"value": "Unalterable metadata signature on origins of image and provenance"
|
||
},
|
||
{
|
||
"description": "Not technically left of boom",
|
||
"meta": {
|
||
"external_id": "F00041",
|
||
"kill_chain": [
|
||
"tactics:Select Channels and Affordances",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00041.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a40f1ed2-a79a-569d-98f2-4f837ee19fd2",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "7cf74b30-8a9a-5d0c-a156-eaca03cfcc16",
|
||
"value": "Bias detection"
|
||
},
|
||
{
|
||
"description": "Use T00029, but against the creators",
|
||
"meta": {
|
||
"external_id": "F00042",
|
||
"kill_chain": [
|
||
"tactics:Select Channels and Affordances",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00042.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "a40f1ed2-a79a-569d-98f2-4f837ee19fd2",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "4d467669-bece-51ed-afdf-d0dfb91bdbfc",
|
||
"value": "Categorise polls by intent"
|
||
},
|
||
{
|
||
"description": "Platform companies and some information security companies (e.g. ZeroFox) do this.",
|
||
"meta": {
|
||
"external_id": "F00043",
|
||
"kill_chain": [
|
||
"tactics:Select Channels and Affordances",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00043.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "6ffaa1a5-5d29-5b28-91fb-dca2df62769c",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "f6c98378-65be-5f14-af3e-326909d70d77",
|
||
"type": "detected-by"
|
||
},
|
||
{
|
||
"dest-uuid": "667967b8-b3f1-55ad-8f8a-8c43c1290e6e",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "94d622e2-5909-5f88-aaaf-846907cbda1f",
|
||
"value": "Monitor for creation of fake known personas"
|
||
},
|
||
{
|
||
"description": "Can be used in all phases for all techniques.",
|
||
"meta": {
|
||
"external_id": "F00044",
|
||
"kill_chain": [
|
||
"tactics:Conduct Pump Priming",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00044.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "4b759b91-df67-5892-8ed4-c66b4dae49a7",
|
||
"value": "Forensic analysis"
|
||
},
|
||
{
|
||
"description": "Can be used in all phases for all techniques.",
|
||
"meta": {
|
||
"external_id": "F00045",
|
||
"kill_chain": [
|
||
"tactics:Conduct Pump Priming",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00045.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "c8adc5de-1c61-5828-a9bb-e1ca665f69ad",
|
||
"value": "Forensic linguistic analysis"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00046",
|
||
"kill_chain": [
|
||
"tactics:Conduct Pump Priming",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00046.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "5662c61e-eb2b-5710-8148-61457483efcc",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "ff0b26c9-59c7-5fcf-818f-7a3fbdb50cd3",
|
||
"value": "Pump priming analytics"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00047",
|
||
"kill_chain": [
|
||
"tactics:Conduct Pump Priming",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00047.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "bf43738a-5adb-5cb2-953a-ca57e979c8c0",
|
||
"value": "trace involved parties"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00048",
|
||
"kill_chain": [
|
||
"tactics:Conduct Pump Priming",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00048.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "ea3a1738-319f-558c-97f4-e4cf8e6a6218",
|
||
"value": "Trace known operations and connection"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00049",
|
||
"kill_chain": [
|
||
"tactics:Conduct Pump Priming",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00049.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "706d5237-3e06-598d-9a95-27af1481c686",
|
||
"value": "trace money"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00050",
|
||
"kill_chain": [
|
||
"tactics:Conduct Pump Priming",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00050.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "71d9ceb8-b6e4-5825-9374-2658ac012ee9",
|
||
"value": "Web cache analytics"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00051",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00051.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "29768133-b941-5974-ab10-c15bbb86e387",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "bd602fee-4354-5b31-99f1-832053c1bba0",
|
||
"value": "Challenge expertise"
|
||
},
|
||
{
|
||
"description": "Discovering the sponsors behind a campaign, narrative, bot, a set of accounts, or a social media comment, or anything else is useful.",
|
||
"meta": {
|
||
"external_id": "F00052",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00052.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "528787be-dd7e-51b6-ad12-f11abb67f76f",
|
||
"value": "Discover sponsors"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00053",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00053.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "ee7bc41a-9eb0-5732-924a-3885e1c3bee9",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "8b20ca17-c2d9-5879-bbf1-26de876c8e02",
|
||
"value": "Government rumour control office (what can we learn?)"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00054",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00054.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "66a481ae-0784-53f7-882a-4dc694645893",
|
||
"value": "Restrict people who can @ you on social networks"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00055",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00055.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "d8ca3a04-7e1b-5195-bc8c-e0823a3bcfb2",
|
||
"value": "Verify credentials"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00056",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00056.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "89269d38-c735-5e9d-b0f5-f6e040b02139",
|
||
"value": "Verify organisation legitimacy"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00057",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00057.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "f61f564f-4dc0-50fe-b848-8d7f5d624f9f",
|
||
"value": "Verify personal credentials of experts"
|
||
},
|
||
{
|
||
"description": "*Deplatform People: This technique needs to be a bit more specific to distinguish it from \"account removal\" or DDOS and other techniques that get more specific when applied to content. For example, other ways of deplatforming people include attacking their sources of funds, their allies, their followers, etc.",
|
||
"meta": {
|
||
"external_id": "F00058",
|
||
"kill_chain": [
|
||
"tactics:Drive Offline Activity",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00058.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "2d40a01e-41a9-513a-bf0b-694dc0a87f8e",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "fc4964c6-85ce-59e5-b1c2-73d6335e33a2",
|
||
"value": "Deplatform (cancel culture)"
|
||
},
|
||
{
|
||
"description": "All techniques provide or are susceptible to being countered by, or leveraged for, knowledge about user demographics.",
|
||
"meta": {
|
||
"external_id": "F00059",
|
||
"kill_chain": [
|
||
"tactics:Drive Offline Activity",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00059.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "41290a19-6427-593f-9d61-67be6a48f2b2",
|
||
"value": "Identify susceptible demographics"
|
||
},
|
||
{
|
||
"description": "I assume this was a transcript error. Otherwise, \"Identify Susceptible Influences\" as in the various methods of influences that may work against a victim could also be a technique. Nope, wasn't a transcript error: original note says influencers, as in find people of influence that might be targetted.",
|
||
"meta": {
|
||
"external_id": "F00060",
|
||
"kill_chain": [
|
||
"tactics:Drive Offline Activity",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00060.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "53e8c51b-c178-5429-8cee-022c6741cc91",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "f29dff54-af05-55d1-a056-899007481493",
|
||
"value": "Identify susceptible influencers"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00061",
|
||
"kill_chain": [
|
||
"tactics:Drive Offline Activity",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00061.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "97ff79d9-55d2-550a-8a10-459cad7822fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "ec3270cb-ffe3-597d-a89b-ea58d1467963",
|
||
"value": "Microtargeting"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00062",
|
||
"kill_chain": [
|
||
"tactics:Persist in the Information Environment",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00062.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "86fb0db5-4454-51d2-af95-4c037ae8c142",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "e753055a-3af7-54f0-9be3-c119964e3e94",
|
||
"value": "Detect when Dormant account turns active"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00063",
|
||
"kill_chain": [
|
||
"tactics:Persist in the Information Environment",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00063.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "7636a2a0-40b9-5df6-b869-ddaf43e6434d",
|
||
"value": "Linguistic change analysis"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00064",
|
||
"kill_chain": [
|
||
"tactics:Persist in the Information Environment",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00064.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d05396d6-9701-5ce3-a6cd-abff224310ae",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "65634c12-ec5f-5a3c-b329-94d3dd84b58e",
|
||
"value": "Monitor reports of account takeover"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00065",
|
||
"kill_chain": [
|
||
"tactics:Persist in the Information Environment",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00065.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "80cc8110-5b4e-5d7d-a55b-9daa061a8338",
|
||
"value": "Sentiment change analysis"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00066",
|
||
"kill_chain": [
|
||
"tactics:Persist in the Information Environment",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00066.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "2e11ee85-08d6-5a14-82a4-a11551911725",
|
||
"value": "Use language errors, time to respond to account bans and lawsuits, to indicate capabilities"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00067",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00067.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "d4f0dd4b-6818-52a4-b4ca-e1fef024c1a0",
|
||
"value": "Data forensics"
|
||
},
|
||
{
|
||
"description": "a developing methodology for identifying statistical differences in how social groups use language and quantifying how common those statistical differences are within a larger population. In essence, it hypothesises how much affinity might exist for a specific group within a general population, based on the language its members employ",
|
||
"meta": {
|
||
"external_id": "F00068",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00068.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "0526c125-b71b-5b9a-ad09-9a7335512683",
|
||
"value": "Resonance analysis"
|
||
},
|
||
{
|
||
"description": "To effectively counter Russian propaganda, it will be critical to track Russian influence efforts. The information requirements are varied and include the following: • Identify fake-news stories and their sources. • Understand narrative themes and content that pervade various Russian media sources. • Understand the broader Russian strategy that underlies tactical propaganda messaging.",
|
||
"meta": {
|
||
"external_id": "F00069",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00069.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "5dc683fc-108e-5002-b310-0b140ad449aa",
|
||
"value": "Track Russian media and develop analytic methods."
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00070",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00070.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "5aca53f0-2c85-5298-9eeb-4ac8325abb6b",
|
||
"value": "Full spectrum analytics"
|
||
},
|
||
{
|
||
"description": "Local influencers detected via Twitter networks are likely local influencers in other online and off-line channels as well. In addition, the content and themes gleaned from Russia and Russia-supporting populations, as well as anti-Russia activists, likely swirl in other online and off-line mediums as well.",
|
||
"meta": {
|
||
"external_id": "F00071",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00071.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "d24431db-fc6e-5c62-b3d0-113a2219dbec",
|
||
"value": "Network analysis Identify/cultivate/support influencers"
|
||
},
|
||
{
|
||
"description": "It is possible that some of these are bots or trolls and could be flagged for suspension for violating Twitter’s terms of service.",
|
||
"meta": {
|
||
"external_id": "F00072",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00072.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "745658e5-5437-5f92-b2c4-80569a3cb330",
|
||
"value": "network analysis to identify central users in the pro-Russia activist community."
|
||
},
|
||
{
|
||
"description": "Players at the level of covert attribution, referred to as “black” in the grayscale of deniability, produce content on user-generated media, such as YouTube, but also add fear-mongering commentary to and amplify content produced by others and supply exploitable content to data dump websites. These activities are conducted by a network of trolls, bots, honeypots, and hackers.",
|
||
"meta": {
|
||
"external_id": "F00073",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00073.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "c49826e9-6226-5b17-96d8-bb80cee5d67f",
|
||
"value": "collect intel/recon on black/covert content creators/manipulators"
|
||
},
|
||
{
|
||
"description": "brand ambassador programmes could be used with influencers across a variety of social media channels. It could also target other prominent experts, such as academics, business leaders, and other potentially prominent people. Authorities must ultimately take care in implementing such a programme given the risk that contact with U.S. or NATO authorities might damage influencer reputations. Engagements must consequently be made with care, and, if possible, government interlocutors should work through local NGOs.",
|
||
"meta": {
|
||
"external_id": "F00074",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00074.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "75c0b177-d878-5840-b0c3-65f89966a83b",
|
||
"value": "identify relevant fence-sitter communities"
|
||
},
|
||
{
|
||
"description": "significant amounts of quality open-source information are now available and should be leveraged to build products and analysis prior to problem prioritisation in the areas of observation, attribution, and intent. Successfully distinguishing the grey zone campaign signal through the global noise requires action through the entirety of the national security community. Policy, process, and tools must all adapt and evolve to detect, discern, and act upon a new type of signal",
|
||
"meta": {
|
||
"external_id": "F00075",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00075.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "1fc5a146-3db1-5a91-bac5-aff732533527",
|
||
"value": "leverage open-source information"
|
||
},
|
||
{
|
||
"description": "Target audience connected to \"useful idiots rather than the specific profiles because - The active presence of such sources complicates targeting of Russian propaganda, given that it is often difficult to discriminate between authentic views and opinions on the internet and those disseminated by the Russian state.",
|
||
"meta": {
|
||
"external_id": "F00076",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00076.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "56aea194-6e78-5cc1-9f72-6b219e5e63fe",
|
||
"value": "Monitor/collect audience engagement data connected to “useful idiots”"
|
||
},
|
||
{
|
||
"description": "Bot account: action based, people. Unsure which DISARM techniques.",
|
||
"meta": {
|
||
"external_id": "F00077",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00077.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "76efcfa4-6214-58b7-8557-60b77f36ef63",
|
||
"value": "Model for bot account behaviour"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00079",
|
||
"kill_chain": [
|
||
"tactics:Microtarget",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00079.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "1a8c4e8c-3543-5ab1-b4d0-939de9e7875f",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "d3216499-77fd-528e-8b65-7c3bded9adda",
|
||
"value": "Network anomaly detection"
|
||
},
|
||
{
|
||
"description": "Two wrongs don't make a right? But if you hack your own polls, you do learn how it could be done, and learn what to look for",
|
||
"meta": {
|
||
"external_id": "F00080",
|
||
"kill_chain": [
|
||
"tactics:Select Channels and Affordances",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00080.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "1a8c4e8c-3543-5ab1-b4d0-939de9e7875f",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "f6c98378-65be-5f14-af3e-326909d70d77",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "61aa4bb6-218c-5a10-9f1c-1a494f6871e7",
|
||
"value": "Hack the polls/ content yourself"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00081",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00081.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "ee7bc41a-9eb0-5732-924a-3885e1c3bee9",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "568f9e72-ca8c-54dd-976f-f9469bf026c1",
|
||
"value": "Need way for end user to report operations"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00082",
|
||
"kill_chain": [
|
||
"tactics:Persist in the Information Environment",
|
||
"responsetypes:Disrupt"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00082.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "f4dc44c5-e021-524b-9909-678f11a9f10d",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "e18bd403-00d9-5767-9e5c-b597f623821a",
|
||
"value": "Control the US \"slang\" translation boards"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00083",
|
||
"kill_chain": [
|
||
"tactics:Persist in the Information Environment",
|
||
"responsetypes:Deceive"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00083.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "80153803-52a6-501a-8e28-b143d85dc261",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "563f02b6-ddc9-5dac-9cf1-0c3fbb735856",
|
||
"value": "Build and own meme generator, then track and watermark contents"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00084",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00084.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "caa8d270-2ff3-5826-8383-94d32e006b47",
|
||
"value": "Track individual bad actors"
|
||
},
|
||
{
|
||
"description": "Grey zone threats are challenging given that warning requires detection of a weak signal through global noise and across threat vectors and regional boundaries.Three interconnected grey zone elements characterise the nature of the activity: Temporality: The nature of grey zone threats truly requires a “big picture view” over long timescales and across regions and functional topics. Attribution: requiring an “almost certain” or “nearly certain analytic assessment before acting costs time and analytic effort Intent: judgement of adversarial intent to conduct grey zone activity. Indeed, the purpose of countering grey zone threats is to deter adversaries from fulfilling their intent to act. While attribution is one piece of the puzzle, closing the space around intent often means synthesising multiple relevant indicators and warnings, including the state’s geopolitical ambitions, military ties, trade and investment, level of corruption, and media landscape, among others.",
|
||
"meta": {
|
||
"external_id": "F00085",
|
||
"kill_chain": [],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00085.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "f2ad9fb7-75ad-5e75-a41b-278a150b8cba",
|
||
"value": "detection of a weak signal through global noise"
|
||
},
|
||
{
|
||
"description": "Develop an intelligence-based understanding of foreign actors’ motivations, psychologies, and societal and geopolitical contexts. Leverage artificial intelligence to identify patterns and infer competitors’ intent",
|
||
"meta": {
|
||
"external_id": "F00086",
|
||
"kill_chain": [
|
||
"tactics:Plan Objectives",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00086.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "a489e954-268d-538d-9b26-3afeb771c782",
|
||
"value": "Outpace Competitor Intelligence Capabilities"
|
||
},
|
||
{
|
||
"description": "United States has not adequately adapted its information indicators and thresholds for warning policymakers to account for grey zone tactics. Competitors have undertaken a marked shift to slow-burn, deceptive, non-military, and indirect challenges to U.S. interests. Relative to traditional security indicators and warnings, these are more numerous and harder to detect and make it difficult for analysts to infer intent.",
|
||
"meta": {
|
||
"external_id": "F00087",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00087.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "0aad1ecc-e65d-5d28-b1c5-98b8a69daeb5",
|
||
"value": "Improve Indications and Warning"
|
||
},
|
||
{
|
||
"description": "Recognise campaigns from weak signals, including rivals’ intent, capability, impact, interactive effects, and impact on U.S. interests... focus on adversarial covert action aspects of campaigning.",
|
||
"meta": {
|
||
"external_id": "F00088",
|
||
"kill_chain": [
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00088.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "948dcfe0-a406-55fd-88c4-7e8e456e3ac6",
|
||
"value": "Revitalise an “active measures working group,”"
|
||
},
|
||
{
|
||
"description": "\"Grey zone\" is second level of content producers and circulators, composed of outlets with uncertain attribution. This category covers conspiracy websites, far-right or far-left websites, news aggregators, and data dump websites",
|
||
"meta": {
|
||
"external_id": "F00089",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00089.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "1361d54a-54da-54d2-b2eb-93ed77e0a6c2",
|
||
"value": "target/name/flag \"grey zone\" website content"
|
||
},
|
||
{
|
||
"description": "Bring private sector and civil society into accord on U.S. interests",
|
||
"meta": {
|
||
"external_id": "F00090",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00090.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "d44529be-8da0-58ce-b3ef-1e0b18644e08",
|
||
"value": "Match Punitive Tools with Third-Party Inducements"
|
||
},
|
||
{
|
||
"description": "This might include working with relevant technology firms to ensure that contracted analytic support is available. Contracted support is reportedly valuable because technology to monitor social media data is continually evolving, and such firms can provide the expertise to help identify and analyse trends, and they can more effectively stay abreast of the changing systems and develop new models as they are required",
|
||
"meta": {
|
||
"external_id": "F00091",
|
||
"kill_chain": [
|
||
"tactics:Plan Strategy",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00091.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "03aaf19c-42b9-5b8e-9d47-a6bb291f10fa",
|
||
"type": "detected-by"
|
||
},
|
||
{
|
||
"dest-uuid": "2057de14-930a-5199-8e8e-9969173d36bb",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "1dc819ef-5eb6-51df-9614-bc9bf8218279",
|
||
"value": "Partner to develop analytic methods & tools"
|
||
},
|
||
{
|
||
"description": "Warn social media companies about an ongoing campaign (e.g. antivax sites). Anyone with datasets or data summaries can help with this",
|
||
"meta": {
|
||
"external_id": "F00092",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00092.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "f6c98378-65be-5f14-af3e-326909d70d77",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "7806c5d1-7c44-5ff5-a539-361c3381a67d",
|
||
"value": "daylight"
|
||
},
|
||
{
|
||
"description": "S4D is a way to separate out different speakers in text, audio.",
|
||
"meta": {
|
||
"external_id": "F00093",
|
||
"kill_chain": [
|
||
"tactics:Establish Assets",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00093.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "d05396d6-9701-5ce3-a6cd-abff224310ae",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "382e6c32-fb02-5c41-aba1-8161ed8a815e",
|
||
"value": "S4d detection and re-allocation approaches"
|
||
},
|
||
{
|
||
"description": "",
|
||
"meta": {
|
||
"external_id": "F00094",
|
||
"kill_chain": [
|
||
"tactics:Select Channels and Affordances",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00094.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "534951bc-8d1e-58be-b051-c9243eac96fb",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "f4dc44c5-e021-524b-9909-678f11a9f10d",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "f2adbe9e-7c80-504d-adc5-624e04eab4f1",
|
||
"value": "Registries alert when large batches of newsy URLs get registered together"
|
||
},
|
||
{
|
||
"description": "Process suspicious artefacts, narratives, and incidents",
|
||
"meta": {
|
||
"external_id": "F00095",
|
||
"kill_chain": [
|
||
"tactics:Deliver Content",
|
||
"responsetypes:Detect"
|
||
],
|
||
"refs": [
|
||
"https://github.com/DISARMFoundation/DISARMframeworks/blob/main/generated_pages/detections/F00095.md"
|
||
]
|
||
},
|
||
"related": [
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detects"
|
||
},
|
||
{
|
||
"dest-uuid": "bd7a51b3-d00c-575f-a16e-6f51e5a67743",
|
||
"type": "detected-by"
|
||
}
|
||
],
|
||
"uuid": "b2316041-44b8-5163-9daf-b8ec8fe5c2e1",
|
||
"value": "Fact checking"
|
||
}
|
||
],
|
||
"version": 2
|
||
}
|