Detections
DISARM is a framework designed for describing and understanding disinformation incidents.
Authors
| Authors and/or Contributors |
|---|
| DISARM Project |
Analyse aborted / failed campaigns
Examine failed campaigns. How did they fail? Can we create useful activities that increase these failures?
Internal MISP references
UUID 75e69ae8-aa72-5649-9a7a-6c21caa81cc6 which can be used as unique global reference for Analyse aborted / failed campaigns in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00001 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Analyse viral fizzle
We have no idea what this means. Is it something to do with the way a viral story spreads?
Internal MISP references
UUID 1d6622ba-a713-5133-9017-8eef36469936 which can be used as unique global reference for Analyse viral fizzle in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00002 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Exploit counter-intelligence vs bad actors
Internal MISP references
UUID fc5cee09-da90-5abc-a72a-7791171e354f which can be used as unique global reference for Exploit counter-intelligence vs bad actors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00003 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Recruit like-minded converts "people who used to be in-group"
Internal MISP references
UUID 8e0b3604-c03c-5772-bccc-3a381ea6300a which can be used as unique global reference for Recruit like-minded converts "people who used to be in-group" in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00004 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
SWOT Analysis of Cognition in Various Groups
Strengths, Weaknesses, Opportunities, Threats analysis of groups and audience segments.
Internal MISP references
UUID ed6b8d9b-7b00-5b8d-9644-137b70d8d198 which can be used as unique global reference for SWOT Analysis of Cognition in Various Groups in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00005 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
SWOT analysis of tech platforms
Internal MISP references
UUID d11d48e6-b484-5da2-8ac5-1de1fa42e459 which can be used as unique global reference for SWOT analysis of tech platforms in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00006 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Monitor account level activity in social networks
Internal MISP references
UUID 4dbdd122-0e9d-5f8c-82ae-cd319c769a7f which can be used as unique global reference for Monitor account level activity in social networks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00007 |
| kill_chain | ['tactics:Plan Objectives', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect abnormal amplification
Internal MISP references
UUID 78e3e29a-4ab7-5880-88f8-c85ff323e240 which can be used as unique global reference for Detect abnormal amplification in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00008 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect abnormal events
Internal MISP references
UUID 42827d89-3a37-568e-9de3-8ebd379c3d8f which can be used as unique global reference for Detect abnormal events in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00009 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect abnormal groups
Internal MISP references
UUID e39234ab-979c-51c8-8f34-5a9337bd030e which can be used as unique global reference for Detect abnormal groups in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00010 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect abnormal pages
Internal MISP references
UUID 6fc10d9d-96a5-5ae1-a0f7-0136a9819a6e which can be used as unique global reference for Detect abnormal pages in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00011 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect abnormal profiles, e.g. prolific pages/ groups/ people
Internal MISP references
UUID 345ea7b9-1504-57cf-9c8f-7b01613d89e6 which can be used as unique global reference for Detect abnormal profiles, e.g. prolific pages/ groups/ people in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00012 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Identify fake news sites
Internal MISP references
UUID efa0a8ef-9167-5727-925e-fc347a5eaf43 which can be used as unique global reference for Identify fake news sites in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00013 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Trace connections
for e.g. fake news sites
Internal MISP references
UUID 17929228-9855-58ee-877f-d887300be287 which can be used as unique global reference for Trace connections in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00014 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect anomalies in membership growth patterns
I include Fake Experts as they may use funding campaigns such as Patreon to fund their operations and so these should be watched.
Internal MISP references
UUID 6c2a5bff-9b42-5dc2-8d0d-a782dc597eec which can be used as unique global reference for Detect anomalies in membership growth patterns in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00015 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Identify fence-sitters
Note: In each case, depending on the platform there may be a way to identify a fence-sitter. For example, online polls may have a neutral option or a "somewhat this-or-that" option, and may reveal who voted for that to all visitors. This information could be of use to data analysts. In TA08-11, the engagement level of victims could be identified to detect and respond to increasing engagement.
Internal MISP references
UUID e680c5ac-0f33-508f-aaf5-6af31e227b00 which can be used as unique global reference for Identify fence-sitters in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00016 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Measure emotional valence
Internal MISP references
UUID a99c9858-85f8-5344-a23f-3a5b44438e84 which can be used as unique global reference for Measure emotional valence in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00017 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Follow the money
track funding sources
Internal MISP references
UUID 25ca7eff-d789-5c36-a49d-34194b7246d4 which can be used as unique global reference for Follow the money in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00018 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Activity resurgence detection (alarm when dormant accounts become activated)
Internal MISP references
UUID f8cab1cc-c87e-5338-90bc-18d071a01601 which can be used as unique global reference for Activity resurgence detection (alarm when dormant accounts become activated) in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00019 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect anomalous activity
Internal MISP references
UUID 187285bb-a282-5a6a-833e-01d9744165c4 which can be used as unique global reference for Detect anomalous activity in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00020 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
AI/ML automated early detection of campaign planning
Internal MISP references
UUID 517e09d2-b9ce-5840-ab94-b77d1a7ddf40 which can be used as unique global reference for AI/ML automated early detection of campaign planning in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00021 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Digital authority - regulating body (united states)
Internal MISP references
UUID bc159c39-4d1c-5e94-8e5d-c14b4dfa40f3 which can be used as unique global reference for Digital authority - regulating body (united states) in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00022 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Periodic verification (counter to hijack legitimate account)
Internal MISP references
UUID 5012f883-a0ae-5181-bc69-d74b55b44d38 which can be used as unique global reference for Periodic verification (counter to hijack legitimate account) in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00023 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Teach civics to kids/ adults/ seniors
Internal MISP references
UUID 8d1ec719-9eec-516e-8abc-7dbb94137350 which can be used as unique global reference for Teach civics to kids/ adults/ seniors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00024 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Boots-on-the-ground early narrative detection
Internal MISP references
UUID d70d7b69-1a2d-5b50-bf4f-2e2bcb36742a which can be used as unique global reference for Boots-on-the-ground early narrative detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00025 |
| kill_chain | ['tactics:Microtarget', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Language anomoly detection
Internal MISP references
UUID 41ac8307-9432-5d65-9b81-81585f164c1e which can be used as unique global reference for Language anomoly detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00026 |
| kill_chain | ['tactics:Microtarget', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Unlikely correlation of sentiment on same topics
Internal MISP references
UUID 7866585b-dcb2-564e-91f9-b7daa3ef9bf6 which can be used as unique global reference for Unlikely correlation of sentiment on same topics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00027 |
| kill_chain | ['tactics:Microtarget', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Associate a public key signature with government documents
Internal MISP references
UUID 3724243e-6335-5bd5-9e18-39103748b7e0 which can be used as unique global reference for Associate a public key signature with government documents in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00028 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect proto narratives, i.e. RT, Sputnik
Internal MISP references
UUID 170353ca-dd6b-5328-b34d-9fbcf13123c3 which can be used as unique global reference for Detect proto narratives, i.e. RT, Sputnik in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00029 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Early detection and warning - reporting of suspect content
Internal MISP references
UUID b4558055-afb8-52af-9f34-209f461da93a which can be used as unique global reference for Early detection and warning - reporting of suspect content in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00030 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Educate on how to identify information pollution
Strategic planning included as innoculating population has strategic value.
Internal MISP references
UUID 654777aa-9c4d-5df0-961b-a04967f8b997 which can be used as unique global reference for Educate on how to identify information pollution in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00031 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Educate on how to identify to pollution
DUPLICATE - DELETE
Internal MISP references
UUID 5ecd72f3-7085-599d-b8b2-fb9f98ee2529 which can be used as unique global reference for Educate on how to identify to pollution in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00032 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Fake websites: add transparency on business model
Internal MISP references
UUID 594ec374-28b9-5191-8bb7-edd9196daf4e which can be used as unique global reference for Fake websites: add transparency on business model in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00033 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Flag the information spaces so people know about active flooding effort
Internal MISP references
UUID ea1d787b-61f7-5fd6-8c52-54a64006e260 which can be used as unique global reference for Flag the information spaces so people know about active flooding effort in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00034 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Identify repeated narrative DNA
Internal MISP references
UUID 822de3d6-7c85-56ff-ba4e-3e6b7b5a3a0c which can be used as unique global reference for Identify repeated narrative DNA in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00035 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Looking for AB testing in unregulated channels
Internal MISP references
UUID 30be4903-350a-505c-9166-fa65b8894778 which can be used as unique global reference for Looking for AB testing in unregulated channels in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00036 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
News content provenance certification.
Original Comment: Shortcomings: intentional falsehood. Doesn't solve accuracy. Can't be mandatory. Technique should be in terms of "strategic innoculation", raising the standards of what people expect in terms of evidence when consuming news.
Internal MISP references
UUID b0bbccef-6728-51c8-a7e7-86c0f6526572 which can be used as unique global reference for News content provenance certification. in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00037 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Social capital as attack vector
Unsure I understood the original intention or what it applied to. Therefore the techniques listed (10, 39, 43, 57, 61) are under my interpretation - which is that we want to track ignorant agents who fall into the enemy's trap and show a cost to financing/reposting/helping the adversary via public shaming or other means.
Internal MISP references
UUID 8c281e28-298e-5c1b-8e44-f768006d6c26 which can be used as unique global reference for Social capital as attack vector in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00038 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
standards to track image/ video deep fakes - industry
Internal MISP references
UUID a1295bd6-ff4a-5cec-ac9a-54eac5aea88a which can be used as unique global reference for standards to track image/ video deep fakes - industry in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00039 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Unalterable metadata signature on origins of image and provenance
Internal MISP references
UUID b0b46532-aa0f-5198-bae7-29ca673ec691 which can be used as unique global reference for Unalterable metadata signature on origins of image and provenance in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00040 |
| kill_chain | ['tactics:Develop Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Bias detection
Not technically left of boom
Internal MISP references
UUID 7cf74b30-8a9a-5d0c-a156-eaca03cfcc16 which can be used as unique global reference for Bias detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00041 |
| kill_chain | ['tactics:Select Channels and Affordances', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Categorise polls by intent
Use T00029, but against the creators
Internal MISP references
UUID 4d467669-bece-51ed-afdf-d0dfb91bdbfc which can be used as unique global reference for Categorise polls by intent in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00042 |
| kill_chain | ['tactics:Select Channels and Affordances', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Monitor for creation of fake known personas
Platform companies and some information security companies (e.g. ZeroFox) do this.
Internal MISP references
UUID 94d622e2-5909-5f88-aaaf-846907cbda1f which can be used as unique global reference for Monitor for creation of fake known personas in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00043 |
| kill_chain | ['tactics:Select Channels and Affordances', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Forensic analysis
Can be used in all phases for all techniques.
Internal MISP references
UUID 4b759b91-df67-5892-8ed4-c66b4dae49a7 which can be used as unique global reference for Forensic analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00044 |
| kill_chain | ['tactics:Conduct Pump Priming', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Forensic linguistic analysis
Can be used in all phases for all techniques.
Internal MISP references
UUID c8adc5de-1c61-5828-a9bb-e1ca665f69ad which can be used as unique global reference for Forensic linguistic analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00045 |
| kill_chain | ['tactics:Conduct Pump Priming', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Pump priming analytics
Internal MISP references
UUID ff0b26c9-59c7-5fcf-818f-7a3fbdb50cd3 which can be used as unique global reference for Pump priming analytics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00046 |
| kill_chain | ['tactics:Conduct Pump Priming', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
trace involved parties
Internal MISP references
UUID bf43738a-5adb-5cb2-953a-ca57e979c8c0 which can be used as unique global reference for trace involved parties in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00047 |
| kill_chain | ['tactics:Conduct Pump Priming', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Trace known operations and connection
Internal MISP references
UUID ea3a1738-319f-558c-97f4-e4cf8e6a6218 which can be used as unique global reference for Trace known operations and connection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00048 |
| kill_chain | ['tactics:Conduct Pump Priming', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
trace money
Internal MISP references
UUID 706d5237-3e06-598d-9a95-27af1481c686 which can be used as unique global reference for trace money in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00049 |
| kill_chain | ['tactics:Conduct Pump Priming', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Web cache analytics
Internal MISP references
UUID 71d9ceb8-b6e4-5825-9374-2658ac012ee9 which can be used as unique global reference for Web cache analytics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00050 |
| kill_chain | ['tactics:Conduct Pump Priming', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Challenge expertise
Internal MISP references
UUID bd602fee-4354-5b31-99f1-832053c1bba0 which can be used as unique global reference for Challenge expertise in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00051 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Discover sponsors
Discovering the sponsors behind a campaign, narrative, bot, a set of accounts, or a social media comment, or anything else is useful.
Internal MISP references
UUID 528787be-dd7e-51b6-ad12-f11abb67f76f which can be used as unique global reference for Discover sponsors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00052 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Government rumour control office (what can we learn?)
Internal MISP references
UUID 8b20ca17-c2d9-5879-bbf1-26de876c8e02 which can be used as unique global reference for Government rumour control office (what can we learn?) in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00053 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Restrict people who can @ you on social networks
Internal MISP references
UUID 66a481ae-0784-53f7-882a-4dc694645893 which can be used as unique global reference for Restrict people who can @ you on social networks in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00054 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Verify credentials
Internal MISP references
UUID d8ca3a04-7e1b-5195-bc8c-e0823a3bcfb2 which can be used as unique global reference for Verify credentials in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00055 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Verify organisation legitimacy
Internal MISP references
UUID 89269d38-c735-5e9d-b0f5-f6e040b02139 which can be used as unique global reference for Verify organisation legitimacy in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00056 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Verify personal credentials of experts
Internal MISP references
UUID f61f564f-4dc0-50fe-b848-8d7f5d624f9f which can be used as unique global reference for Verify personal credentials of experts in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00057 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Deplatform (cancel culture)
*Deplatform People: This technique needs to be a bit more specific to distinguish it from "account removal" or DDOS and other techniques that get more specific when applied to content. For example, other ways of deplatforming people include attacking their sources of funds, their allies, their followers, etc.
Internal MISP references
UUID fc4964c6-85ce-59e5-b1c2-73d6335e33a2 which can be used as unique global reference for Deplatform (cancel culture) in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00058 |
| kill_chain | ['tactics:Drive Offline Activity', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Identify susceptible demographics
All techniques provide or are susceptible to being countered by, or leveraged for, knowledge about user demographics.
Internal MISP references
UUID 41290a19-6427-593f-9d61-67be6a48f2b2 which can be used as unique global reference for Identify susceptible demographics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00059 |
| kill_chain | ['tactics:Drive Offline Activity', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Identify susceptible influencers
I assume this was a transcript error. Otherwise, "Identify Susceptible Influences" as in the various methods of influences that may work against a victim could also be a technique. Nope, wasn't a transcript error: original note says influencers, as in find people of influence that might be targetted.
Internal MISP references
UUID f29dff54-af05-55d1-a056-899007481493 which can be used as unique global reference for Identify susceptible influencers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00060 |
| kill_chain | ['tactics:Drive Offline Activity', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Microtargeting
Internal MISP references
UUID ec3270cb-ffe3-597d-a89b-ea58d1467963 which can be used as unique global reference for Microtargeting in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00061 |
| kill_chain | ['tactics:Drive Offline Activity', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Detect when Dormant account turns active
Internal MISP references
UUID e753055a-3af7-54f0-9be3-c119964e3e94 which can be used as unique global reference for Detect when Dormant account turns active in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00062 |
| kill_chain | ['tactics:Persist in the Information Environment', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Linguistic change analysis
Internal MISP references
UUID 7636a2a0-40b9-5df6-b869-ddaf43e6434d which can be used as unique global reference for Linguistic change analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00063 |
| kill_chain | ['tactics:Persist in the Information Environment', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Monitor reports of account takeover
Internal MISP references
UUID 65634c12-ec5f-5a3c-b329-94d3dd84b58e which can be used as unique global reference for Monitor reports of account takeover in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00064 |
| kill_chain | ['tactics:Persist in the Information Environment', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Sentiment change analysis
Internal MISP references
UUID 80cc8110-5b4e-5d7d-a55b-9daa061a8338 which can be used as unique global reference for Sentiment change analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00065 |
| kill_chain | ['tactics:Persist in the Information Environment', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Use language errors, time to respond to account bans and lawsuits, to indicate capabilities
Internal MISP references
UUID 2e11ee85-08d6-5a14-82a4-a11551911725 which can be used as unique global reference for Use language errors, time to respond to account bans and lawsuits, to indicate capabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00066 |
| kill_chain | ['tactics:Persist in the Information Environment', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Data forensics
Internal MISP references
UUID d4f0dd4b-6818-52a4-b4ca-e1fef024c1a0 which can be used as unique global reference for Data forensics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00067 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Resonance analysis
a developing methodology for identifying statistical differences in how social groups use language and quantifying how common those statistical differences are within a larger population. In essence, it hypothesises how much affinity might exist for a specific group within a general population, based on the language its members employ
Internal MISP references
UUID 0526c125-b71b-5b9a-ad09-9a7335512683 which can be used as unique global reference for Resonance analysis in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00068 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Track Russian media and develop analytic methods.
To effectively counter Russian propaganda, it will be critical to track Russian influence efforts. The information requirements are varied and include the following: • Identify fake-news stories and their sources. • Understand narrative themes and content that pervade various Russian media sources. • Understand the broader Russian strategy that underlies tactical propaganda messaging.
Internal MISP references
UUID 5dc683fc-108e-5002-b310-0b140ad449aa which can be used as unique global reference for Track Russian media and develop analytic methods. in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00069 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Full spectrum analytics
Internal MISP references
UUID 5aca53f0-2c85-5298-9eeb-4ac8325abb6b which can be used as unique global reference for Full spectrum analytics in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00070 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Network analysis Identify/cultivate/support influencers
Local influencers detected via Twitter networks are likely local influencers in other online and off-line channels as well. In addition, the content and themes gleaned from Russia and Russia-supporting populations, as well as anti-Russia activists, likely swirl in other online and off-line mediums as well.
Internal MISP references
UUID d24431db-fc6e-5c62-b3d0-113a2219dbec which can be used as unique global reference for Network analysis Identify/cultivate/support influencers in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00071 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
network analysis to identify central users in the pro-Russia activist community.
It is possible that some of these are bots or trolls and could be flagged for suspension for violating Twitter’s terms of service.
Internal MISP references
UUID 745658e5-5437-5f92-b2c4-80569a3cb330 which can be used as unique global reference for network analysis to identify central users in the pro-Russia activist community. in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00072 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
collect intel/recon on black/covert content creators/manipulators
Players at the level of covert attribution, referred to as “black” in the grayscale of deniability, produce content on user-generated media, such as YouTube, but also add fear-mongering commentary to and amplify content produced by others and supply exploitable content to data dump websites. These activities are conducted by a network of trolls, bots, honeypots, and hackers.
Internal MISP references
UUID c49826e9-6226-5b17-96d8-bb80cee5d67f which can be used as unique global reference for collect intel/recon on black/covert content creators/manipulators in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00073 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
identify relevant fence-sitter communities
brand ambassador programmes could be used with influencers across a variety of social media channels. It could also target other prominent experts, such as academics, business leaders, and other potentially prominent people. Authorities must ultimately take care in implementing such a programme given the risk that contact with U.S. or NATO authorities might damage influencer reputations. Engagements must consequently be made with care, and, if possible, government interlocutors should work through local NGOs.
Internal MISP references
UUID 75c0b177-d878-5840-b0c3-65f89966a83b which can be used as unique global reference for identify relevant fence-sitter communities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00074 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
leverage open-source information
significant amounts of quality open-source information are now available and should be leveraged to build products and analysis prior to problem prioritisation in the areas of observation, attribution, and intent. Successfully distinguishing the grey zone campaign signal through the global noise requires action through the entirety of the national security community. Policy, process, and tools must all adapt and evolve to detect, discern, and act upon a new type of signal
Internal MISP references
UUID 1fc5a146-3db1-5a91-bac5-aff732533527 which can be used as unique global reference for leverage open-source information in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00075 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Monitor/collect audience engagement data connected to “useful idiots”
Target audience connected to "useful idiots rather than the specific profiles because - The active presence of such sources complicates targeting of Russian propaganda, given that it is often difficult to discriminate between authentic views and opinions on the internet and those disseminated by the Russian state.
Internal MISP references
UUID 56aea194-6e78-5cc1-9f72-6b219e5e63fe which can be used as unique global reference for Monitor/collect audience engagement data connected to “useful idiots” in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00076 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Model for bot account behaviour
Bot account: action based, people. Unsure which DISARM techniques.
Internal MISP references
UUID 76efcfa4-6214-58b7-8557-60b77f36ef63 which can be used as unique global reference for Model for bot account behaviour in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00077 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Network anomaly detection
Internal MISP references
UUID d3216499-77fd-528e-8b65-7c3bded9adda which can be used as unique global reference for Network anomaly detection in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00079 |
| kill_chain | ['tactics:Microtarget', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Hack the polls/ content yourself
Two wrongs don't make a right? But if you hack your own polls, you do learn how it could be done, and learn what to look for
Internal MISP references
UUID 61aa4bb6-218c-5a10-9f1c-1a494f6871e7 which can be used as unique global reference for Hack the polls/ content yourself in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00080 |
| kill_chain | ['tactics:Select Channels and Affordances', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Need way for end user to report operations
Internal MISP references
UUID 568f9e72-ca8c-54dd-976f-f9469bf026c1 which can be used as unique global reference for Need way for end user to report operations in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00081 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Control the US "slang" translation boards
Internal MISP references
UUID e18bd403-00d9-5767-9e5c-b597f623821a which can be used as unique global reference for Control the US "slang" translation boards in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00082 |
| kill_chain | ['tactics:Persist in the Information Environment', 'responsetypes:Disrupt'] |
Related clusters
To see the related clusters, click here.
Build and own meme generator, then track and watermark contents
Internal MISP references
UUID 563f02b6-ddc9-5dac-9cf1-0c3fbb735856 which can be used as unique global reference for Build and own meme generator, then track and watermark contents in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00083 |
| kill_chain | ['tactics:Persist in the Information Environment', 'responsetypes:Deceive'] |
Related clusters
To see the related clusters, click here.
Track individual bad actors
Internal MISP references
UUID caa8d270-2ff3-5826-8383-94d32e006b47 which can be used as unique global reference for Track individual bad actors in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00084 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
detection of a weak signal through global noise
Grey zone threats are challenging given that warning requires detection of a weak signal through global noise and across threat vectors and regional boundaries.Three interconnected grey zone elements characterise the nature of the activity: Temporality: The nature of grey zone threats truly requires a “big picture view” over long timescales and across regions and functional topics. Attribution: requiring an “almost certain” or “nearly certain analytic assessment before acting costs time and analytic effort Intent: judgement of adversarial intent to conduct grey zone activity. Indeed, the purpose of countering grey zone threats is to deter adversaries from fulfilling their intent to act. While attribution is one piece of the puzzle, closing the space around intent often means synthesising multiple relevant indicators and warnings, including the state’s geopolitical ambitions, military ties, trade and investment, level of corruption, and media landscape, among others.
Internal MISP references
UUID f2ad9fb7-75ad-5e75-a41b-278a150b8cba which can be used as unique global reference for detection of a weak signal through global noise in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00085 |
| kill_chain | [] |
Related clusters
To see the related clusters, click here.
Outpace Competitor Intelligence Capabilities
Develop an intelligence-based understanding of foreign actors’ motivations, psychologies, and societal and geopolitical contexts. Leverage artificial intelligence to identify patterns and infer competitors’ intent
Internal MISP references
UUID a489e954-268d-538d-9b26-3afeb771c782 which can be used as unique global reference for Outpace Competitor Intelligence Capabilities in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00086 |
| kill_chain | ['tactics:Plan Objectives', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Improve Indications and Warning
United States has not adequately adapted its information indicators and thresholds for warning policymakers to account for grey zone tactics. Competitors have undertaken a marked shift to slow-burn, deceptive, non-military, and indirect challenges to U.S. interests. Relative to traditional security indicators and warnings, these are more numerous and harder to detect and make it difficult for analysts to infer intent.
Internal MISP references
UUID 0aad1ecc-e65d-5d28-b1c5-98b8a69daeb5 which can be used as unique global reference for Improve Indications and Warning in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00087 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Revitalise an “active measures working group,”
Recognise campaigns from weak signals, including rivals’ intent, capability, impact, interactive effects, and impact on U.S. interests... focus on adversarial covert action aspects of campaigning.
Internal MISP references
UUID 948dcfe0-a406-55fd-88c4-7e8e456e3ac6 which can be used as unique global reference for Revitalise an “active measures working group,” in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00088 |
| kill_chain | ['responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
target/name/flag "grey zone" website content
"Grey zone" is second level of content producers and circulators, composed of outlets with uncertain attribution. This category covers conspiracy websites, far-right or far-left websites, news aggregators, and data dump websites
Internal MISP references
UUID 1361d54a-54da-54d2-b2eb-93ed77e0a6c2 which can be used as unique global reference for target/name/flag "grey zone" website content in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00089 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Match Punitive Tools with Third-Party Inducements
Bring private sector and civil society into accord on U.S. interests
Internal MISP references
UUID d44529be-8da0-58ce-b3ef-1e0b18644e08 which can be used as unique global reference for Match Punitive Tools with Third-Party Inducements in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00090 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Partner to develop analytic methods & tools
This might include working with relevant technology firms to ensure that contracted analytic support is available. Contracted support is reportedly valuable because technology to monitor social media data is continually evolving, and such firms can provide the expertise to help identify and analyse trends, and they can more effectively stay abreast of the changing systems and develop new models as they are required
Internal MISP references
UUID 1dc819ef-5eb6-51df-9614-bc9bf8218279 which can be used as unique global reference for Partner to develop analytic methods & tools in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00091 |
| kill_chain | ['tactics:Plan Strategy', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
daylight
Warn social media companies about an ongoing campaign (e.g. antivax sites). Anyone with datasets or data summaries can help with this
Internal MISP references
UUID 7806c5d1-7c44-5ff5-a539-361c3381a67d which can be used as unique global reference for daylight in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00092 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
S4d detection and re-allocation approaches
S4D is a way to separate out different speakers in text, audio.
Internal MISP references
UUID 382e6c32-fb02-5c41-aba1-8161ed8a815e which can be used as unique global reference for S4d detection and re-allocation approaches in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00093 |
| kill_chain | ['tactics:Establish Assets', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Registries alert when large batches of newsy URLs get registered together
Internal MISP references
UUID f2adbe9e-7c80-504d-adc5-624e04eab4f1 which can be used as unique global reference for Registries alert when large batches of newsy URLs get registered together in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00094 |
| kill_chain | ['tactics:Select Channels and Affordances', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.
Fact checking
Process suspicious artefacts, narratives, and incidents
Internal MISP references
UUID b2316041-44b8-5163-9daf-b8ec8fe5c2e1 which can be used as unique global reference for Fact checking in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | F00095 |
| kill_chain | ['tactics:Deliver Content', 'responsetypes:Detect'] |
Related clusters
To see the related clusters, click here.