Add MITRE Fight Fraud Framework (F3 v1.1) mappings to fraud-relevant skills

- Add mitre_f3 frontmatter block to 94 fraud-relevant skills (phishing,
  account takeover, banking malware, BEC, identity/KYC, payment/card fraud,
  money-mule/cash-out, ransomware extortion, DFIR, threat intel)
- Map each skill to F3 v1.1 tactics + precise technique IDs, including the
  two F3-specific tactics ATT&CK lacks: Positioning (FA0001) and
  Monetization (FA0002)
- All 123 F3 v1.1 technique IDs validated against the upstream STIX bundle
  (github.com/center-for-threat-informed-defense/fight-fraud-framework):
  0 invalid IDs, 0 invalid tactics, 0 name mismatches, no placeholder IDs
- mitre_f3 kept as a separate block from mitre_attack (F3 redefines several
  ATT&CK tactics for the fraud context)
- Add docs/mitre-f3-mapping.md schema reference
- Update README: F3 as the 6th framework, dedicated F3 section + badge
This commit is contained in:
mukul975
2026-06-20 16:04:49 +02:00
parent 04450304b1
commit 886658219f
96 changed files with 2625 additions and 7 deletions
@@ -37,6 +37,32 @@ mitre_attack:
- T1110.004
- T1078
- T1021
mitre_f3:
version: '1.1'
tactics:
- initial-access
- positioning
techniques:
- id: T1110.004
name: 'Brute Force: Credential Stuffing'
tactic: initial-access
source: attack
- id: T1110.003
name: 'Brute Force: Password Spraying'
tactic: initial-access
source: attack
- id: F1006
name: Account Takeover
tactic: initial-access
source: f3
- id: F1006.002
name: 'Account Takeover: Exposed Login Credential'
tactic: initial-access
source: f3
- id: T1539
name: Steal Web Session Cookie
tactic: positioning
source: attack
---
# Detecting Anomalous Authentication Patterns