« Matrice DISARM » : différence entre les versions
Aller à la navigation
Aller à la recherche
Page créée avec « ==Présentation== DISARM est une matrice qui permet de décrire et de comprendre les incidents liés à la désinformation et la manipulation de l'information. Elle est inspirée des pratiques de la sécurité de l’information et est conçue pour faciliter le suivi et la lutte contre les manipulations de l’information. DISARM s’appuie sur la structure de la matrice [https://github.com/mitre-attack/attack-website/ MITRE ATT&CK]. Ainsi, son design lui perme... » |
Aucun résumé des modifications |
||
| Ligne 17 : | Ligne 17 : | ||
DISARM's style is based on the MITRE ATT&CK framework. STIX templates for DISARM objects are available in the DISARM_CTI repo - these make it easy for DISARM data to be passed between ISAOs and similar bodies using standards like TAXII. | DISARM's style is based on the MITRE ATT&CK framework. STIX templates for DISARM objects are available in the DISARM_CTI repo - these make it easy for DISARM data to be passed between ISAOs and similar bodies using standards like TAXII. | ||
==DISARM V.1== | |||
*[[Plan]] | |||
**[[TA01: Plan Strategy]] | |||
***[[T0074: Determine Strategic Ends]] | |||
****[[T0074.002: Domestic Political Advantage]] | |||
****[[T0074.003: Economic Advantage]] | |||
****[[T0074.001: Geopolitical Advantage]] | |||
****[[T0074.004: Ideological Advantage]] | |||
***[[T0073: Determine Target Audiences]] | |||
**[[TA02: Plan Objectives]] | |||
***[[T0140: Cause Harm]] | |||
****[[T0140.001: Defame]] | |||
****[[T0140.002: Intimidate]] | |||
****[[T0140.003: Spread Hate]] | |||
***[[T0136: Cultivate Support]] | |||
****[[T0136.004: Boost Reputation]] | |||
****[[T0136.006: Cultivate Support for Ally]] | |||
****[[T0136.005: Cultvate Support for Initiative]] | |||
****[[T0136.001: Defend Reputaton]] | |||
****[[T0136.003: Energise Supporters]] | |||
****[[T0136.008: Increase Prestige]] | |||
****[[T0136.002: Justify Action]] | |||
****[[T0136.007: Recruit Members]] | |||
***[[T0066: Degrade Adversary]] | |||
***[[T0078: Dismay]] | |||
***[[T0075: Dismiss]] | |||
****[[T0075.001: Discredit Credible Sources]] | |||
***[[T0139: Dissuade from Acting]] | |||
****[[T0139.003: Deter]] | |||
****[[T0139.001: Discourage]] | |||
****[[T0139.002: Silence]] | |||
***[[T0076: Distort]] | |||
***[[T0077: Distract]] | |||
***[[T0079: Divide]] | |||
***[[T0002: Facilitate State Propaganda]] | |||
***[[T0137: Make Money]] | |||
****[[T0137.005: Extort]] | |||
****[[T0137.001: Generate Ad Revenue]] | |||
****[[T0137.006: Manipulate Stocks]] | |||
****[[T0137.003: Raise Funds]] | |||
****[[T0137.002: Scam]] | |||
****[[T0137.004: Sell Items under False Pretences]] | |||
***[[T0138: Motivate to Act]] | |||
****[[T0138.003: Compel]] | |||
****[[T0138.001: Encourage]] | |||
****[[T0138.002: Provoke]] | |||
***[[T0135: Undermine]] | |||
****[[T0135.004: Polarise]] | |||
****[[T0135.001: Smear]] | |||
****[[T0135.003: Subvert]] | |||
****[[T0135.002: Thwart]] | |||
**[[TA13: Target Audience Analysis]] | |||
***[[T0081: Identify Social and Technical Vulnerabilities]] | |||
****[[T0081.001: Find Echo Chambers]] | |||
****[[T0081.002: Identify Data Voids]] | |||
****[[T0081.005: Identify Existing Conspiracy Narratives/Suspicions]] | |||
****[[T0081.004: Identify Existing Fissures]] | |||
****[[T0081.003: Identify Existing Prejudices]] | |||
****[[T0081.008: Identify Media System Vulnerabilities]] | |||
****[[T0081.007: Identify Target Audience Adversaries]] | |||
****[[T0081.006: Identify Wedge Issues]] | |||
***[[T0080: Map Target Audience Information Environment]] | |||
****[[T0080.005: Assess Degree/Type of Media Access]] | |||
****[[T0080.004: Conduct Web Traffic Analysis]] | |||
****[[T0080.002: Evaluate Media Surveys]] | |||
****[[T0080.003: Identify Trending Topics/Hashtags]] | |||
****[[T0080.001: Monitor Social Media Analytics]] | |||
***[[T0072: Segment Audiences]] | |||
****[[T0072.002: Demographic Segmentation]] | |||
****[[T0072.003: Economic Segmentation]] | |||
****[[T0072.001: Geographic Segmentation]] | |||
****[[T0072.005: Political Segmentation]] | |||
****[[T0072.004: Psychographic Segmentation]] | |||
*[[Prepare]] | |||
**[[TA14: Develop Narratives]] | |||
***[[T0040: Demand Insurmountable Proof]] | |||
***[[T0004: Develop Competing Narratives]] | |||
***[[T0082: Develop New Narratives]] | |||
***[[T0083: Integrate Target Audience Vulnerabilities into Narrative]] | |||
***[[T0022: Leverage Conspiracy Theory Narratives]] | |||
****[[T0022.001: Amplify Existing Conspiracy Theory Narratives]] | |||
****[[T0022.002: Develop Original Conspiracy Theory Narratives]] | |||
***[[T0003: Leverage Existing Narratives]] | |||
***[[T0068: Respond to Breaking News Event or Active Crisis]] | |||
**[[TA06: Develop Content]] | |||
***[[T0015: Create Hashtags and Search Artefacts]] | |||
****[[T0015.002: Create New Hashtag]] | |||
****[[T0015.001: Use Existing Hashtag]] | |||
***[[T0088: Develop Audio-Based Content]] | |||
****[[T0088.002: Deceptively Edit Audio (Cheap Fakes)]] | |||
****[[T0088.001: Develop AI-Generated Audio (Deepfakes)]] | |||
***[[T0086: Develop Image-Based Content]] | |||
****[[T0086.004: Aggregate Information into Evidence Collages]] | |||
****[[T0086.003: Deceptively Edit Images (Cheap Fakes)]] | |||
****[[T0086.002: Develop AI-Generated Images (Deepfakes)]] | |||
****[[T0086.001: Develop Memes]] | |||
***[[T0085: Develop Text-Based Content]] | |||
****[[T0085.007: Create Fake Research]] | |||
****[[T0085.001: Develop AI-Generated Text]] | |||
****[[T0085.005: Develop Book]] | |||
****[[T0085.004: Develop Document]] | |||
****[[T0085.003: Develop Inauthentic News Articles]] | |||
****[[T0085.006: Develop Opinion Article]] | |||
****[[T0085.008: Machine Translated Text]] | |||
***[[T0087: Develop Video-Based Content]] | |||
****[[T0087.002: Deceptively Edit Video (Cheap Fakes)]] | |||
****[[T0087.001: Develop AI-Generated Videos (Deepfakes)]] | |||
***[[T0023: Distort Facts]] | |||
****[[T0023.002: Edit Open-Source Content]] | |||
****[[T0023.001: Reframe Context]] | |||
***[[T0089: Obtain Private Documents]] | |||
****[[T0089.003: Alter Authentic Documents]] | |||
****[[T0089.001: Obtain Authentic Documents]] | |||
***[[T0084: Reuse Existing Content]] | |||
****[[T0084.004: Appropriate Content]] | |||
****[[T0084.003: Deceptively Labelled or Translated]] | |||
****[[T0084.002: Plagiarise Content]] | |||
****[[T0084.001: Use Copypasta]] | |||
**[[TA15: Establish Assets]] | |||
***[[T0146: Account Asset]] | |||
****[[T0146.004: Administrator Account Asset]] | |||
****[[T0146.007: Automated Account Asset]] | |||
****[[T0146.001: Free Account Asset]] | |||
****[[T0146.005: Lookalike Account ID]] | |||
****[[T0146.006: Open Access Platform]] | |||
****[[T0146.002: Paid Account Asset]] | |||
****[[T0146.003: Verified Account Asset]] | |||
***[[T0093: Acquire/Recruit Network]] | |||
****[[T0093.002: Acquire Botnets]] | |||
****[[T0093.001: Fund Proxies]] | |||
***[[T0150: Asset Origin]] | |||
****[[T0150.008: Bulk Created Asset]] | |||
****[[T0150.005: Compromised Asset]] | |||
****[[T0150.002: Dormant Asset]] | |||
****[[T0150.001: Newly Created Asset]] | |||
****[[T0150.003: Pre-Existing Asset]] | |||
****[[T0150.006: Purchased Asset]] | |||
****[[T0150.007: Rented Asset]] | |||
****[[T0150.004: Repurposed Asset]] | |||
***[[T0092: Build Network]] | |||
****[[T0092.003: Create Community or Sub-Group]] | |||
****[[T0092.001: Create Organisations]] | |||
****[[T0092.002: Use Follow Trains]] | |||
***[[T0010: Cultivate Ignorant Agents]] | |||
***[[T0095: Develop Owned Media Assets]] | |||
***[[T0113: Employ Commercial Analytic Firms]] | |||
***[[T0145: Establish Account Imagery]] | |||
****[[T0145.002: AI-Generated Account Imagery]] | |||
****[[T0145.003: Animal Account Imagery]] | |||
****[[T0145.006: Attractive Person Account Imagery]] | |||
****[[T0145.001: Copy Account Imagery]] | |||
****[[T0145.005: Illustrated Character Account Imagery]] | |||
****[[T0145.004: Scenery Account Imagery]] | |||
****[[T0145.007: Stock Image Account Imagery]] | |||
***[[T0148: Financial Instrument]] | |||
****[[T0148.002: Bank Account Asset]] | |||
****[[T0148.006: Crowdfunding Platform]] | |||
****[[T0148.008: Cryptocurrency Exchange Platform]] | |||
****[[T0148.009: Cryptocurrency Wallet]] | |||
****[[T0148.007: eCommerce Platform]] | |||
****[[T0148.001: Online Banking Platform]] | |||
****[[T0148.004: Payment Processing Capability]] | |||
****[[T0148.003: Payment Processing Platform]] | |||
****[[T0148.005: Subscription Processing Capability]] | |||
***[[T0094: Infiltrate Existing Networks]] | |||
****[[T0094.001: Identify Susceptible Targets in Networks]] | |||
****[[T0094.002: Utilise Butterfly Attacks]] | |||
***[[T0096: Leverage Content Farms]] | |||
****[[T0096.001: Create Content Farms]] | |||
****[[T0096.002: Outsource Content Creation to External Organisations]] | |||
***[[T0149: Online Infrastructure]] | |||
****[[T0149.001: Domain Asset]] | |||
****[[T0149.002: Email Domain Asset]] | |||
****[[T0149.009: Internet Connected Physical Asset]] | |||
****[[T0149.006: IP Address Asset]] | |||
****[[T0149.003: Lookalike Domain]] | |||
****[[T0149.008: Proxy IP Address Asset]] | |||
****[[T0149.004: Redirecting Domain Asset]] | |||
****[[T0149.005: Server Asset]] | |||
****[[T0149.007: VPN Asset]] | |||
***[[T0014: Prepare Fundraising Campaigns]] | |||
****[[T0014.002: Raise Funds from Ignorant Agents]] | |||
****[[T0014.001: Raise Funds from Malign Actors]] | |||
***[[T0065: Prepare Physical Broadcast Capabilities]] | |||
***[[T0091: Recruit Malign Actors]] | |||
****[[T0091.003: Enlist Troll Accounts]] | |||
****[[T0091.001: Recruit Contractors]] | |||
****[[T0091.002: Recruit Partisans]] | |||
***[[T0147: Software Asset]] | |||
****[[T0147.001: Game Asset]] | |||
****[[T0147.002: Game Mod Asset]] | |||
****[[T0147.003: Malware Asset]] | |||
****[[T0147.004: Mobile App Asset]] | |||
**[[TA16: Establish Legitimacy]] | |||
***[[T0100: Co-Opt Trusted Sources]] | |||
****[[T0100.002: Co-Opt Grassroots Groups]] | |||
****[[T0100.003: Co-Opt Influencers]] | |||
****[[T0100.001: Co-Opt Trusted Individuals]] | |||
***[[T0098: Establish Inauthentic News Sites]] | |||
****[[T0098.001: Create Inauthentic News Sites]] | |||
****[[T0098.002: Leverage Existing Inauthentic News Sites]] | |||
***[[T0143: Persona Legitimacy]] | |||
****[[T0143.001: Authentic Persona]] | |||
****[[T0143.002: Fabricated Persona]] | |||
****[[T0143.003: Impersonated Persona]] | |||
****[[T0143.004: Parody Persona]] | |||
***[[T0144: Persona Legitimacy Evidence]] | |||
****[[T0144.002: Persona Template]] | |||
****[[T0144.001: Present Persona across Platforms]] | |||
***[[T0097: Present Persona]] | |||
****[[T0097.103: Activist Persona]] | |||
****[[T0097.205: Business Persona]] | |||
****[[T0097.108: Expert Persona]] | |||
****[[T0097.203: Fact Checking Organisation Persona]] | |||
****[[T0097.112: Government Employee Persona]] | |||
****[[T0097.206: Government Institution Persona]] | |||
****[[T0097.111: Government Official Persona]] | |||
****[[T0097.104: Hacktivist Persona]] | |||
****[[T0097.100: Individual Persona]] | |||
****[[T0097.200: Institutional Persona]] | |||
****[[T0097.102: Journalist Persona]] | |||
****[[T0097.201: Local Institution Persona]] | |||
****[[T0097.101: Local Persona]] | |||
****[[T0097.105: Military Personnel Persona]] | |||
****[[T0097.202: News Outlet Persona]] | |||
****[[T0097.207: NGO Persona]] | |||
****[[T0097.110: Party Official Persona]] | |||
****[[T0097.106: Recruiter Persona]] | |||
****[[T0097.107: Researcher Persona]] | |||
****[[T0097.109: Romantic Suitor Persona]] | |||
****[[T0097.208: Social Cause Persona]] | |||
****[[T0097.204: Think Tank Persona]] | |||
**[[TA05: Microtarget]] | |||
***[[T0016: Create Clickbait]] | |||
***[[T0101: Create Localised Content]] | |||
***[[T0102: Leverage Echo Chambers/Filter Bubbles]] | |||
****[[T0102.002: Create Echo Chambers/Filter Bubbles]] | |||
****[[T0102.003: Exploit Data Voids]] | |||
****[[T0102.001: Use Existing Echo Chambers/Filter Bubbles]] | |||
***[[T0018: Purchase Targeted Advertisements]] | |||
**[[TA07: Select Channels and Affordances]] | |||
***[[T0107: Bookmarking and Content Curation]] | |||
***[[T0109: Consumer Review Networks]] | |||
***[[T0151: Digital Community Hosting Asset]] | |||
****[[T0151.007: Chat Broadcast Group]] | |||
****[[T0151.005: Chat Community Server]] | |||
****[[T0151.004: Chat Platform]] | |||
****[[T0151.006: Chat Room]] | |||
****[[T0151.014: Comments Section]] | |||
****[[T0151.010: Community Forum Platform]] | |||
****[[T0151.011: Community Sub-Forum]] | |||
****[[T0151.017: Dating Platform]] | |||
****[[T0151.012: Image Board Platform]] | |||
****[[T0151.009: Legacy Online Forum Platform]] | |||
****[[T0151.008: Microblogging Platform]] | |||
****[[T0151.002: Online Community Group]] | |||
****[[T0151.003: Online Community Page]] | |||
****[[T0151.015: Online Game Platform]] | |||
****[[T0151.016: Online Game Session]] | |||
****[[T0151.013: Question and Answer Platform]] | |||
****[[T0151.001: Social Media Platform]] | |||
***[[T0154: Digital Content Creation Asset]] | |||
****[[T0154.001: AI LLM Platform]] | |||
****[[T0154.002: AI Media Platform]] | |||
***[[T0153: Digital Content Delivery Asset]] | |||
****[[T0153.006: Content Recommendation Algorithm]] | |||
****[[T0153.007: Direct Messaging]] | |||
****[[T0153.001: Email Platform]] | |||
****[[T0153.002: Link Shortening Platform]] | |||
****[[T0153.005: Online Advertising Platform]] | |||
****[[T0153.004: QR Code Asset]] | |||
****[[T0153.003: Shortened Link Asset]] | |||
***[[T0152: Digital Content Hosting Asset]] | |||
****[[T0152.007: Audio Platform]] | |||
****[[T0152.002: Blog Asset]] | |||
****[[T0152.001: Blogging Platform]] | |||
****[[T0152.010: File Hosting Platform]] | |||
****[[T0152.008: Live Streaming Platform]] | |||
****[[T0152.005: Paste Platform]] | |||
****[[T0152.009: Software Delivery Platform]] | |||
****[[T0152.012: Subscription Service Platform]] | |||
****[[T0152.006: Video Platform]] | |||
****[[T0152.004: Website Asset]] | |||
****[[T0152.003: Website Hosting Platform]] | |||
****[[T0152.011: Wiki Platform]] | |||
***[[T0110: Formal Diplomatic Channels]] | |||
***[[T0155: Gated Asset]] | |||
****[[T0155.003: Approval Gated Asset]] | |||
****[[T0155.007: Encrypted Communication Channel]] | |||
****[[T0155.004: Geoblocked Asset]] | |||
****[[T0155.002: Invite Gated Asset]] | |||
****[[T0155.005: Paid Access Asset]] | |||
****[[T0155.001: Password Gated Asset]] | |||
****[[T0155.006: Subscription Access Asset]] | |||
***[[T0029: Online Polls]] | |||
***[[T0111: Traditional Media]] | |||
****[[T0111.002: Newspaper]] | |||
****[[T0111.003: Radio]] | |||
****[[T0111.001: TV]] | |||
*[[Execute]] | |||
**[[TA08: Conduct Pump Priming]] | |||
***[[T0044: Seed Distortions]] | |||
***[[T0042: Seed Kernel of Truth]] | |||
***[[T0020: Trial Content]] | |||
***[[T0045: Use Fake Experts]] | |||
***[[T0046: Use Search Engine Optimisation]] | |||
**[[TA09: Deliver Content]] | |||
***[[T0117: Attract Traditional Media]] | |||
***[[T0116: Comment or Reply on Content]] | |||
****[[T0116.001: Post Inauthentic Social Media Comment]] | |||
***[[T0114: Deliver Ads]] | |||
****[[T0114.001: Social Media]] | |||
****[[T0114.002: Traditional Media]] | |||
***[[T0115: Post Content]] | |||
****[[T0115.003: One-Way Direct Posting]] | |||
****[[T0115.002: Post Violative Content to Provoke Takedown and Backlash]] | |||
****[[T0115.001: Share Memes]] | |||
**[[TA17: Maximise Exposure]] | |||
***[[T0118: Amplify Existing Narrative]] | |||
***[[T0039: Bait Influencer]] | |||
***[[T0119: Cross-Posting]] | |||
****[[T0119.003: Post across Disciplines]] | |||
****[[T0119.001: Post across Groups]] | |||
****[[T0119.002: Post across Platform]] | |||
***[[T0122: Direct Users to Alternative Platforms]] | |||
***[[T0049: Flood Information Space]] | |||
****[[T0049.003: Bots Amplify via Automated Forwarding and Reposting]] | |||
****[[T0049.006: Conduct Keyword Squatting]] | |||
****[[T0049.005: Conduct Swarming]] | |||
****[[T0049.002: Flood Existing Hashtag]] | |||
****[[T0049.008: Generate Information Pollution]] | |||
****[[T0049.007: Inauthentic Sites Amplify News and Narratives]] | |||
****[[T0049.001: Trolls Amplify and Manipulate]] | |||
****[[T0049.004: Utilise Spamoflauge]] | |||
***[[T0120: Incentivize Sharing]] | |||
****[[T0120.001: Use Affiliate Marketing Programmes]] | |||
****[[T0120.002: Use Contests and Prizes]] | |||
***[[T0121: Manipulate Platform Algorithm]] | |||
****[[T0121.001: Bypass Content Blocking]] | |||
**[[TA18: Drive Online Harms]] | |||
***[[T0047: Censor Social Media as a Political Force]] | |||
***[[T0123: Control Information Environment through Offensive Cyberspace Operations]] | |||
****[[T0123.002: Block Content]] | |||
****[[T0123.004: Conduct Server Redirect]] | |||
****[[T0123.001: Delete Opposing Content]] | |||
****[[T0123.003: Destroy Information Generation Capabilities]] | |||
***[[T0048: Harass]] | |||
****[[T0048.001: Boycott/"Cancel" Opponents]] | |||
****[[T0048.004: Dox]] | |||
****[[T0048.002: Harass People Based on Identities]] | |||
****[[T0048.003: Threaten to Dox]] | |||
***[[T0125: Platform Filtering]] | |||
***[[T0124: Suppress Opposition]] | |||
****[[T0124.003: Exploit Platform TOS/Content Moderation]] | |||
****[[T0124.002: Goad People into Harmful Action (Stop Hitting Yourself)]] | |||
****[[T0124.001: Report Non-Violative Opposing Content]] | |||
**[[TA10: Drive Offline Activity]] | |||
***[[T0017: Conduct Fundraising]] | |||
****[[T0017.001: Conduct Crowdfunding Campaigns]] | |||
***[[T0126: Encourage Attendance at Events]] | |||
****[[T0126.001: Call to Action to Attend]] | |||
****[[T0126.002: Facilitate Logistics or Support for Attendance]] | |||
***[[T0057: Organise Events]] | |||
****[[T0057.002: Conduct Symbolic Action]] | |||
****[[T0057.001: Pay for Physical Action]] | |||
***[[T0127: Physical Violence]] | |||
****[[T0127.001: Conduct Physical Violence]] | |||
****[[T0127.002: Encourage Physical Violence]] | |||
***[[T0061: Sell Merchandise]] | |||
**[[TA11: Persist in the Information Environment]] | |||
***[[T0128: Conceal Information Assets]] | |||
****[[T0128.005: Change Names of Information Assets]] | |||
****[[T0128.002: Conceal Network Identity]] | |||
****[[T0128.003: Distance Reputable Individuals from Operation]] | |||
****[[T0128.004: Launder Information Assets]] | |||
****[[T0128.001: Use Pseudonyms]] | |||
***[[T0130: Conceal Infrastructure]] | |||
****[[T0130.001: Conceal Sponsorship]] | |||
****[[T0130.005: Obfuscate Payment]] | |||
****[[T0130.004: Use Cryptocurrency]] | |||
****[[T0130.003: Use Shell Organisations]] | |||
****[[T0130.002: Utilise Bulletproof Hosting]] | |||
***[[T0129: Conceal Operational Activity]] | |||
****[[T0129.003: Break Association with Content]] | |||
****[[T0129.001: Conceal Network Identity]] | |||
****[[T0129.005: Coordinate on Encrypted/Closed Networks]] | |||
****[[T0129.007: Delete Accounts/Account Activity]] | |||
****[[T0129.004: Delete URLs]] | |||
****[[T0129.006: Deny Involvement]] | |||
****[[T0129.002: Generate Content Unrelated to Narrative]] | |||
****[[T0129.010: Misattribute Activity]] | |||
****[[T0129.009: Remove Post Origins]] | |||
***[[T0060: Continue to Amplify]] | |||
***[[T0131: Exploit TOS/Content Moderation]] | |||
****[[T0131.001: Legacy Web Content]] | |||
****[[T0131.002: Post Borderline Content]] | |||
***[[T0059: Play the Long Game]] | |||
*[[Assess]] | |||
**[[TA12: Assess Effectiveness]] | |||
***[[T0133: Measure Effectiveness]] | |||
****[[T0133.005: Action/Attitude]] | |||
****[[T0133.003: Awareness]] | |||
****[[T0133.001: Behaviour Changes]] | |||
****[[T0133.002: Content]] | |||
****[[T0133.004: Knowledge]] | |||
***[[T0134: Measure Effectiveness Indicators (or KPIs)]] | |||
****[[T0134.001: Message Reach]] | |||
****[[T0134.002: Social Media Engagement]] | |||
***[[T0132: Measure Performance]] | |||
****[[T0132.002: Content Focused]] | |||
****[[T0132.001: People Focused]] | |||
****[[T0132.003: View Focused]] | |||
Version du 22 mars 2025 à 22:33
Présentation
DISARM est une matrice qui permet de décrire et de comprendre les incidents liés à la désinformation et la manipulation de l'information. Elle est inspirée des pratiques de la sécurité de l’information et est conçue pour faciliter le suivi et la lutte contre les manipulations de l’information. DISARM s’appuie sur la structure de la matrice MITRE ATT&CK. Ainsi, son design lui permet d’intégrer les outils et les pratiques de la sécurité de l’information.
La matrice DISARM Red Team
La matrice DISARM red Team décrit les TTPs employés par un attaquant. Cette matrice est un modèle classique qui fait partie du programme MISP. La version Navigator permet de créer rapidement une liste des TTPs employées. La matrice se présente sous forme de phases, tactiques et techniques.
- Les phases regroupent les tactiques de haut niveau.
- Les tactiques décrivent les étapes qu'une personne menant un incident de désinformation est susceptible d'utiliser.
- Les techniques décrivent les activités qui peuvent être observées à chaque étape.
La matrice DISARM originale et sa traduction sont sous licence libre CC-BY-4.0
DISARM is a framework designed for describing and understanding disinformation incidents. DISARM is part of work on adapting information security (infosec) practices to help track and counter disinformation and other information harms, and is designed to fit existing infosec practices and tools.
DISARM's style is based on the MITRE ATT&CK framework. STIX templates for DISARM objects are available in the DISARM_CTI repo - these make it easy for DISARM data to be passed between ISAOs and similar bodies using standards like TAXII.
DISARM V.1
- Plan
- TA01: Plan Strategy
- TA02: Plan Objectives
- TA13: Target Audience Analysis
- T0081: Identify Social and Technical Vulnerabilities
- T0081.001: Find Echo Chambers
- T0081.002: Identify Data Voids
- T0081.005: Identify Existing Conspiracy Narratives/Suspicions
- T0081.004: Identify Existing Fissures
- T0081.003: Identify Existing Prejudices
- T0081.008: Identify Media System Vulnerabilities
- T0081.007: Identify Target Audience Adversaries
- T0081.006: Identify Wedge Issues
- T0080: Map Target Audience Information Environment
- T0072: Segment Audiences
- T0081: Identify Social and Technical Vulnerabilities
- Prepare
- TA14: Develop Narratives
- T0040: Demand Insurmountable Proof
- T0004: Develop Competing Narratives
- T0082: Develop New Narratives
- T0083: Integrate Target Audience Vulnerabilities into Narrative
- T0022: Leverage Conspiracy Theory Narratives
- T0003: Leverage Existing Narratives
- T0068: Respond to Breaking News Event or Active Crisis
- TA06: Develop Content
- TA15: Establish Assets
- T0146: Account Asset
- T0093: Acquire/Recruit Network
- T0150: Asset Origin
- T0092: Build Network
- T0010: Cultivate Ignorant Agents
- T0095: Develop Owned Media Assets
- T0113: Employ Commercial Analytic Firms
- T0145: Establish Account Imagery
- T0148: Financial Instrument
- T0148.002: Bank Account Asset
- T0148.006: Crowdfunding Platform
- T0148.008: Cryptocurrency Exchange Platform
- T0148.009: Cryptocurrency Wallet
- T0148.007: eCommerce Platform
- T0148.001: Online Banking Platform
- T0148.004: Payment Processing Capability
- T0148.003: Payment Processing Platform
- T0148.005: Subscription Processing Capability
- T0094: Infiltrate Existing Networks
- T0096: Leverage Content Farms
- T0149: Online Infrastructure
- T0014: Prepare Fundraising Campaigns
- T0065: Prepare Physical Broadcast Capabilities
- T0091: Recruit Malign Actors
- T0147: Software Asset
- TA16: Establish Legitimacy
- T0100: Co-Opt Trusted Sources
- T0098: Establish Inauthentic News Sites
- T0143: Persona Legitimacy
- T0144: Persona Legitimacy Evidence
- T0097: Present Persona
- T0097.103: Activist Persona
- T0097.205: Business Persona
- T0097.108: Expert Persona
- T0097.203: Fact Checking Organisation Persona
- T0097.112: Government Employee Persona
- T0097.206: Government Institution Persona
- T0097.111: Government Official Persona
- T0097.104: Hacktivist Persona
- T0097.100: Individual Persona
- T0097.200: Institutional Persona
- T0097.102: Journalist Persona
- T0097.201: Local Institution Persona
- T0097.101: Local Persona
- T0097.105: Military Personnel Persona
- T0097.202: News Outlet Persona
- T0097.207: NGO Persona
- T0097.110: Party Official Persona
- T0097.106: Recruiter Persona
- T0097.107: Researcher Persona
- T0097.109: Romantic Suitor Persona
- T0097.208: Social Cause Persona
- T0097.204: Think Tank Persona
- TA05: Microtarget
- TA07: Select Channels and Affordances
- T0107: Bookmarking and Content Curation
- T0109: Consumer Review Networks
- T0151: Digital Community Hosting Asset
- T0151.007: Chat Broadcast Group
- T0151.005: Chat Community Server
- T0151.004: Chat Platform
- T0151.006: Chat Room
- T0151.014: Comments Section
- T0151.010: Community Forum Platform
- T0151.011: Community Sub-Forum
- T0151.017: Dating Platform
- T0151.012: Image Board Platform
- T0151.009: Legacy Online Forum Platform
- T0151.008: Microblogging Platform
- T0151.002: Online Community Group
- T0151.003: Online Community Page
- T0151.015: Online Game Platform
- T0151.016: Online Game Session
- T0151.013: Question and Answer Platform
- T0151.001: Social Media Platform
- T0154: Digital Content Creation Asset
- T0153: Digital Content Delivery Asset
- T0152: Digital Content Hosting Asset
- T0152.007: Audio Platform
- T0152.002: Blog Asset
- T0152.001: Blogging Platform
- T0152.010: File Hosting Platform
- T0152.008: Live Streaming Platform
- T0152.005: Paste Platform
- T0152.009: Software Delivery Platform
- T0152.012: Subscription Service Platform
- T0152.006: Video Platform
- T0152.004: Website Asset
- T0152.003: Website Hosting Platform
- T0152.011: Wiki Platform
- T0110: Formal Diplomatic Channels
- T0155: Gated Asset
- T0029: Online Polls
- T0111: Traditional Media
- TA14: Develop Narratives
- Execute
- TA08: Conduct Pump Priming
- TA09: Deliver Content
- TA17: Maximise Exposure
- T0118: Amplify Existing Narrative
- T0039: Bait Influencer
- T0119: Cross-Posting
- T0122: Direct Users to Alternative Platforms
- T0049: Flood Information Space
- T0049.003: Bots Amplify via Automated Forwarding and Reposting
- T0049.006: Conduct Keyword Squatting
- T0049.005: Conduct Swarming
- T0049.002: Flood Existing Hashtag
- T0049.008: Generate Information Pollution
- T0049.007: Inauthentic Sites Amplify News and Narratives
- T0049.001: Trolls Amplify and Manipulate
- T0049.004: Utilise Spamoflauge
- T0120: Incentivize Sharing
- T0121: Manipulate Platform Algorithm
- TA18: Drive Online Harms
- TA10: Drive Offline Activity
- TA11: Persist in the Information Environment
- T0128: Conceal Information Assets
- T0130: Conceal Infrastructure
- T0129: Conceal Operational Activity
- T0129.003: Break Association with Content
- T0129.001: Conceal Network Identity
- T0129.005: Coordinate on Encrypted/Closed Networks
- T0129.007: Delete Accounts/Account Activity
- T0129.004: Delete URLs
- T0129.006: Deny Involvement
- T0129.002: Generate Content Unrelated to Narrative
- T0129.010: Misattribute Activity
- T0129.009: Remove Post Origins
- T0060: Continue to Amplify
- T0131: Exploit TOS/Content Moderation
- T0059: Play the Long Game