{ "type": "bundle", "id": "bundle--109cef74-72b4-4362-a84e-1f6f9bcf2b42", "spec_version": "2.1", "created": "2024-09-05T06:55:56.128Z", "modified": "2024-09-05T06:55:56.128Z", "objects": [ { "type": "extension-definition", "id": "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4", "spec_version": "2.1", "created": "2022-08-02T19:34:35.143Z", "modified": "2022-08-02T19:34:35.143Z", "name": "Attack Flow", "description": "Extends STIX 2.1 with features to create Attack Flows.", "created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "schema": "https://center-for-threat-informed-defense.github.io/attack-flow/stix/attack-flow-schema-2.0.0.json", "version": "2.0.0", "extension_types": [ "new-sdo" ], "external_references": [ { "source_name": "Documentation", "description": "Documentation for Attack Flow", "url": "https://center-for-threat-informed-defense.github.io/attack-flow" }, { "source_name": "GitHub", "description": "Source code repository for Attack Flow", "url": "https://github.com/center-for-threat-informed-defense/attack-flow" } ] }, { "type": "identity", "id": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "spec_version": "2.1", "created": "2022-08-02T19:34:35.143Z", "modified": "2022-08-02T19:34:35.143Z", "created_by_ref": "identity--fb9c968a-745b-4ade-9b25-c324172197f4", "name": "MITRE Engenuity Center for Threat-Informed Defense", "identity_class": "organization" }, { "type": "attack-flow", "id": "attack-flow--aa13f359-e745-41a0-b200-bf30de63253d", "spec_version": "2.1", "created": "2024-06-24T15:08:11.074Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "created_by_ref": "identity--6eb3c68f-a7d6-4822-9d7a-0a7806a21cb0", "start_refs": [ "attack-action--bf852db6-da70-48c6-a641-f0579cf3da07", "attack-action--c7eeeec4-d878-4909-8dae-e1ff6079c37e", "attack-action--4a928ea6-8165-4a99-8f9f-72c7ea3247b8", "attack-action--58f5ca11-87ac-4a47-b87c-03a8986065ad", "attack-action--97c6550f-8b32-4e20-b854-09a515267cd1", "attack-action--9eb4c7e4-9606-4c6f-8c40-374d828dfa2a" ], "name": "FaceMusic Malware Skeleton", "scope": "incident" }, { "type": "identity", "id": "identity--6eb3c68f-a7d6-4822-9d7a-0a7806a21cb0", "spec_version": "2.1", "created": "2024-09-05T06:55:56.128Z", "modified": "2024-09-05T06:55:56.128Z", "name": "Jim Morris" }, { "type": "attack-action", "id": "attack-action--bf852db6-da70-48c6-a641-f0579cf3da07", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Search Open Websites/Domains: Social Media", "tactic_id": "TA0043", "tactic_ref": "x-mitre-tactic--daa4cbb1-b4f4-4723-a824-7f1efd6e0592", "technique_id": "T1593.001", "technique_ref": "attack-pattern--bbe5b322-e2af-4a5e-9625-a4e62bf84ed3", "effect_refs": [ "attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc", "attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2", "attack-action--e91f859f-bffe-4a76-a7d6-ed8bc34d2545" ] }, { "type": "attack-action", "id": "attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Establish Accounts: Social Media Accounts", "tactic_id": "TA0042", "tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400", "technique_id": "T1585.001", "technique_ref": "attack-pattern--b1ccd744-3f78-4a0e-9bb2-2002057f7928", "effect_refs": [ "attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc" ] }, { "type": "attack-action", "id": "attack-action--c7eeeec4-d878-4909-8dae-e1ff6079c37e", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Develop Capabilities: Malware", "tactic_id": "TA0042", "tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400", "technique_id": "T1587.001", "technique_ref": "attack-pattern--212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "effect_refs": [ "attack-action--6fc41abf-e6bf-4327-9a34-3cc2c8e4a76c" ] }, { "type": "attack-action", "id": "attack-action--b21d03be-19e7-456c-b4a4-18f503bdf91b", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Compromise Accounts: Social Media Accounts", "tactic_id": "TA0042", "tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400", "technique_id": "T1586.001", "technique_ref": "attack-pattern--274770e0-2612-4ccf-a678-ef8e7bad365d", "effect_refs": [ "attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc" ] }, { "type": "attack-action", "id": "attack-action--724af0b4-e1e4-4eb8-b27c-9a82e2f00373", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Compromise Infrastructure: Botnet", "tactic_id": "TA0042", "tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400", "technique_id": "T1584.005", "technique_ref": "attack-pattern--810d8072-afb6-4a56-9ee7-86379ac4a6f3", "effect_refs": [ "attack-action--b21d03be-19e7-456c-b4a4-18f503bdf91b", "attack-action--36909774-ba84-4574-b51e-97ec000f57b3", "attack-action--d908bc6c-d245-47ed-bcef-9b437b7588b8" ] }, { "type": "attack-action", "id": "attack-action--6fc41abf-e6bf-4327-9a34-3cc2c8e4a76c", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Stage Capabilities: Upload Malware", "tactic_id": "TA0042", "tactic_ref": "x-mitre-tactic--d679bca2-e57d-4935-8650-8031c87a4400", "technique_id": "T1608.001", "technique_ref": "attack-pattern--3ee16395-03f0-4690-a32e-69ce9ada0f9e", "effect_refs": [ "attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc" ] }, { "type": "attack-action", "id": "attack-action--36909774-ba84-4574-b51e-97ec000f57b3", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Scheduled Task/Job", "tactic_id": "TA0002", "tactic_ref": "x-mitre-tactic--4ca45d45-df4d-4613-8980-bac22d278fa5", "technique_id": "T1053", "technique_ref": "attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9", "effect_refs": [ "attack-action--a128830e-4f25-486c-a974-851f20148f1f", "attack-action--34740e5a-711e-41c0-9bf9-9eebd109c2f5", "attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae" ] }, { "type": "attack-action", "id": "attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Drive-by Compromise", "tactic_id": "TA0001", "tactic_ref": "x-mitre-tactic--ffd5bcee-6e16-4dd2-8eca-7b3beedf33ca", "technique_id": "T1189", "technique_ref": "attack-pattern--d742a578-d70e-4d0e-96a6-02a9c30204e6", "effect_refs": [ "attack-action--724af0b4-e1e4-4eb8-b27c-9a82e2f00373", "attack-action--34740e5a-711e-41c0-9bf9-9eebd109c2f5" ] }, { "type": "attack-action", "id": "attack-action--34740e5a-711e-41c0-9bf9-9eebd109c2f5", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Browser Extensions", "tactic_id": "TA0003", "tactic_ref": "x-mitre-tactic--5bc1d813-693e-4823-9961-abf9af4b0e92", "technique_id": "T1176", "technique_ref": "attack-pattern--389735f1-f21c-4208-b8f0-f8031e7169b8", "effect_refs": [ "attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a" ] }, { "type": "attack-action", "id": "attack-action--a128830e-4f25-486c-a974-851f20148f1f", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Scheduled Task/Job", "tactic_id": "TA0003", "tactic_ref": "x-mitre-tactic--5bc1d813-693e-4823-9961-abf9af4b0e92", "technique_id": "T1053", "technique_ref": "attack-pattern--35dd844a-b219-4e2b-a6bb-efa9a75995a9", "effect_refs": [ "attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a" ] }, { "type": "attack-action", "id": "attack-action--b80fa8a2-9588-4fcc-8100-36b377bb9e00", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Divide", "tactic_id": "TA02", "technique_id": "T0079" }, { "type": "attack-action", "id": "attack-action--4a928ea6-8165-4a99-8f9f-72c7ea3247b8", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Determine Strategic Ends", "tactic_id": "TA01", "technique_id": "T0074", "effect_refs": [ "attack-action--b80fa8a2-9588-4fcc-8100-36b377bb9e00", "attack-action--9ca8275f-d019-448a-8289-045a233e62a4", "attack-action--e91f859f-bffe-4a76-a7d6-ed8bc34d2545", "attack-action--dd155896-be40-4941-9a35-aca3d93495f0" ] }, { "type": "attack-action", "id": "attack-action--9ca8275f-d019-448a-8289-045a233e62a4", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Distract", "tactic_id": "TA02", "technique_id": "T0077" }, { "type": "attack-action", "id": "attack-action--4eb0fa83-73af-4236-af00-cf95bea4b0ef", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Leverage Existing Narratives", "tactic_id": "TA14", "technique_id": "T0003", "effect_refs": [ "attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963", "attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da" ] }, { "type": "attack-action", "id": "attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Generate Information Pollution", "tactic_id": "TA06", "technique_id": "T0019" }, { "type": "attack-action", "id": "attack-action--dd155896-be40-4941-9a35-aca3d93495f0", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Segment Audiences: Political Segmentation", "tactic_id": "TA13", "technique_id": "T0072.005" }, { "type": "attack-action", "id": "attack-action--8578d49e-3b36-4ae8-b370-8999d1f27ee8", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Respond to Breaking News Event or Active Crisis", "tactic_id": "TA14", "technique_id": "T0068", "effect_refs": [ "attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963", "attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da" ] }, { "type": "attack-action", "id": "attack-action--9cdc6539-f4f9-40fd-944c-2a0fec470859", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Integrate Target Audience Vulnerabilities into Narrative", "tactic_id": "TA14", "technique_id": "T0083", "effect_refs": [ "attack-action--a691b9b9-0fbd-4987-ab37-850ef7c58963", "attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da" ] }, { "type": "attack-action", "id": "attack-action--58f5ca11-87ac-4a47-b87c-03a8986065ad", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Create Inauthentic Websites", "tactic_id": "TA15", "technique_id": "T0013", "effect_refs": [ "attack-action--6fc41abf-e6bf-4327-9a34-3cc2c8e4a76c" ] }, { "type": "attack-action", "id": "attack-action--97c6550f-8b32-4e20-b854-09a515267cd1", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Build Network: Create Community of Sub-group", "tactic_id": "TA15", "technique_id": "T0092.003", "effect_refs": [ "attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2" ] }, { "type": "attack-action", "id": "attack-action--d908bc6c-d245-47ed-bcef-9b437b7588b8", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Acquire/Recruit Network: Acquire Botnets", "tactic_id": "TA15", "technique_id": "T0093.002", "effect_refs": [ "attack-action--36909774-ba84-4574-b51e-97ec000f57b3", "attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae" ] }, { "type": "attack-action", "id": "attack-action--9eb4c7e4-9606-4c6f-8c40-374d828dfa2a", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Deliver Ads: Social Media", "tactic_id": "TA09", "technique_id": "T0114.001", "effect_refs": [ "attack-action--035271b6-c2d3-4d0a-8afa-84b89c3ca6bc" ] }, { "type": "attack-action", "id": "attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Flooding the Information Space: Bots Amplify via Automated Forwarding and Reposting", "tactic_id": "TA17", "technique_id": "T0049.003", "effect_refs": [ "attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a" ] }, { "type": "attack-action", "id": "attack-action--e8b88f99-61ea-4c2e-96bb-1589e145e46a", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Continue to Amplify", "tactic_id": "TA11", "technique_id": "T0060", "effect_refs": [ "attack-action--36909774-ba84-4574-b51e-97ec000f57b3" ] }, { "type": "attack-action", "id": "attack-action--e91f859f-bffe-4a76-a7d6-ed8bc34d2545", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "name": "Determine Target Audiences", "tactic_id": "TA01", "technique_id": "T0073", "effect_refs": [ "attack-action--dd155896-be40-4941-9a35-aca3d93495f0", "attack-action--9cdc6539-f4f9-40fd-944c-2a0fec470859", "attack-action--8578d49e-3b36-4ae8-b370-8999d1f27ee8", "attack-action--4eb0fa83-73af-4236-af00-cf95bea4b0ef" ] }, { "type": "attack-operator", "id": "attack-operator--830ccd5d-a141-447e-a4d3-3167fd1ad6da", "spec_version": "2.1", "created": "2024-09-05T06:55:56.129Z", "modified": "2024-09-05T06:55:56.129Z", "extensions": { "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4": { "extension_type": "new-sdo" } }, "operator": "AND", "effect_refs": [ "attack-action--e94f2fa4-a946-4842-be9d-2ac8a55cd0ae", "attack-action--aa3541b8-5e25-4743-a9f7-52fbbfc465e2" ] } ] }