Persona

A malicious online profile representing a user commonly used by adversaries to social engineer or otherwise target victims

ID: DS0021
Platform: PRE
Collection Layer: OSINT
Version: 1.0
Created: 20 October 2021
Last Modified: 20 October 2021

Data Components

Persona: Social Media

Established, compromised, or otherwise acquired social media personas

Persona: Social Media

Established, compromised, or otherwise acquired social media personas

Domain ID Name Detects
Enterprise T1586 Compromise Accounts

Consider monitoring social media activity related to your organization. Suspicious activity may include personas claiming to work for your organization or recently modified accounts making numerous connection requests to accounts affiliated with your organization.Much of this activity will take place outside the visibility of the target organization, making detection of this behavior difficult. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access (ex: Phishing).

.001 Social Media Accounts

Consider monitoring social media activity related to your organization. Suspicious activity may include personas claiming to work for your organization or recently modified accounts making numerous connection requests to accounts affiliated with your organization.Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access (ex: Spearphishing via Service).

Enterprise T1585 Establish Accounts

Consider monitoring social media activity related to your organization. Suspicious activity may include personas claiming to work for your organization or recently created/modified accounts making numerous connection requests to accounts affiliated with your organization.Much of this activity will take place outside the visibility of the target organization, making detection of this behavior difficult. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access (ex: Phishing).

.001 Social Media Accounts

Consider monitoring social media activity related to your organization. Suspicious activity may include personas claiming to work for your organization or recently created/modified accounts making numerous connection requests to accounts affiliated with your organization.Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access (ex: Spearphishing via Service).