STIX 2.x documentation is available here. This site contains archived STIX 1.x documentation. STIX is now maintained by the OASIS CTI TC.

Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

ThreatActorTypeVocab-1.0STIX Vocabularies Schema

The ThreatActorTypeVocab is the default STIX vocabulary for expressing the type of a threat actor.

Vocabulary Items

Item	Description
Cyber Espionage Operations
Hacker
Hacker - White hat
Hacker - Gray hat
Hacker - Black hat
Hacktivist
State Actor / Agency
eCrime Actor - Credential Theft Botnet Operator
eCrime Actor - Credential Theft Botnet Service
eCrime Actor - Malware Developer
eCrime Actor - Money Laundering Network
eCrime Actor - Organized Crime Actor
eCrime Actor - Spam Service
eCrime Actor - Traffic Service
eCrime Actor - Underground Call Service
Insider Threat
Disgruntled Customer / User

Field Name	Type	Description
@vocab_nameoptional	string	The vocab_name field specifies the name of the controlled vocabulary.
@vocab_referenceoptional	anyURI	The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file.