Add MITRE Fight Fraud Framework (F3 v1.1) mappings to fraud-relevant skills

- Add mitre_f3 frontmatter block to 94 fraud-relevant skills (phishing,
  account takeover, banking malware, BEC, identity/KYC, payment/card fraud,
  money-mule/cash-out, ransomware extortion, DFIR, threat intel)
- Map each skill to F3 v1.1 tactics + precise technique IDs, including the
  two F3-specific tactics ATT&CK lacks: Positioning (FA0001) and
  Monetization (FA0002)
- All 123 F3 v1.1 technique IDs validated against the upstream STIX bundle
  (github.com/center-for-threat-informed-defense/fight-fraud-framework):
  0 invalid IDs, 0 invalid tactics, 0 name mismatches, no placeholder IDs
- mitre_f3 kept as a separate block from mitre_attack (F3 redefines several
  ATT&CK tactics for the fraud context)
- Add docs/mitre-f3-mapping.md schema reference
- Update README: F3 as the 6th framework, dedicated F3 section + badge
This commit is contained in:
mukul975
2026-06-20 16:04:49 +02:00
parent 04450304b1
commit 886658219f
96 changed files with 2625 additions and 7 deletions
@@ -29,6 +29,33 @@ mitre_attack:
- T1537
- T1580
- T1003
mitre_f3:
version: '1.1'
tactics:
- initial-access
- positioning
- defense-impairment
techniques:
- id: F1006.002
name: 'Account Takeover: Exposed Login Credential'
tactic: initial-access
source: f3
- id: F1006.001
name: 'Account Takeover: Exposed API Key'
tactic: initial-access
source: f3
- id: T1110.004
name: 'Brute Force: Credential Stuffing'
tactic: initial-access
source: attack
- id: T1586.003
name: 'Compromise Accounts: Cloud Accounts'
tactic: resource-development
source: attack
- id: F1005
name: Account Manipulation
tactic: defense-impairment
source: f3
---
# Detecting Compromised Cloud Credentials