Cyber Threat Intelligence (CTI) has empowered cybersecurity teams worldwide by
improving the quality and speed of their analysis for cybersecurity incidents through the
establishment standards and specialized tools. These tools and frameworks facilitate
correlation and collaboration across global communities, helping organizations stay
informed about the evolving cyber threat landscape.
Despite its success in cybersecurity, CTI has yet to be leveraged for the systematic
exchange and management of knowledge about disinformation threats, which are often
described in unstructured natural language.
This thesis introduces DISINFOX, an open-source threat intelligence sharing platform
designed to enable the interoperable exchange of disinformation incidents. DISINFOX
adapts disinformation-related information to a CTI-compliant format by incorporating
several key elements. First, it utilizes the DISARM framework, which provides
a matrix similar to MITRE ATT&CK to characterize the tactics, techniques, and procedures
(TTPs) of disinformation incidents. Second, a custom mapping codifies these
TTPs along with other relevant information, such as actors and targeted countries, into
the STIX2 standard. Finally, the platform integrates with OpenCTI to validate its interoperability,
alongside a user-friendly, web-based frontend for visualizing, managing,
and analyzing incidents.
DISINFOX employs a modular, containerized architecture comprising four main
components: a backend providing a RESTful API independent of other modules, a
frontend serving as the ingestion entry point for disinformation incidents, a public
API enabling other CTI solutions to extract incidents from the platform, and the DISINFOX
OpenCTI connector that validates the interoperability of incidents within a
mature CTI tool.
The platform’s capabilities were validated through the modeling, storage, sharing,
and consumption of over 100 disinformation incidents, demonstrating its technical feasibility.
This work highlights the potential of using CTI concepts and tools to systematically
combat disinformation threats
