Add MITRE Fight Fraud Framework (F3 v1.1) mappings to fraud-relevant skills

- Add mitre_f3 frontmatter block to 94 fraud-relevant skills (phishing,
  account takeover, banking malware, BEC, identity/KYC, payment/card fraud,
  money-mule/cash-out, ransomware extortion, DFIR, threat intel)
- Map each skill to F3 v1.1 tactics + precise technique IDs, including the
  two F3-specific tactics ATT&CK lacks: Positioning (FA0001) and
  Monetization (FA0002)
- All 123 F3 v1.1 technique IDs validated against the upstream STIX bundle
  (github.com/center-for-threat-informed-defense/fight-fraud-framework):
  0 invalid IDs, 0 invalid tactics, 0 name mismatches, no placeholder IDs
- mitre_f3 kept as a separate block from mitre_attack (F3 redefines several
  ATT&CK tactics for the fraud context)
- Add docs/mitre-f3-mapping.md schema reference
- Update README: F3 as the 6th framework, dedicated F3 section + badge
This commit is contained in:
mukul975
2026-06-20 16:04:49 +02:00
parent 04450304b1
commit 886658219f
96 changed files with 2625 additions and 7 deletions
@@ -32,6 +32,33 @@ mitre_attack:
- T1059
- T1003
- T1110
mitre_f3:
version: '1.1'
tactics:
- reconnaissance
- positioning
- initial-access
techniques:
- id: T1555
name: Credentials from Password Stores
tactic: reconnaissance
source: attack
- id: T1555.003
name: 'Credentials from Password Stores: Credentials from Web Browsers'
tactic: reconnaissance
source: attack
- id: T1539
name: Steal Web Session Cookie
tactic: positioning
source: attack
- id: F1006.002
name: 'Account Takeover: Exposed Login Credential'
tactic: initial-access
source: f3
- id: T1110.002
name: 'Brute Force: Password Cracking'
tactic: initial-access
source: attack
---
# Detecting Credential Dumping Techniques