The ThreatActorTypeVocab is the default STIX vocabulary for expressing the type of a threat actor.
Item | Description |
---|---|
Cyber Espionage Operations | |
Hacker | |
Hacker - White hat | |
Hacker - Gray hat | |
Hacker - Black hat | |
Hacktivist | |
State Actor / Agency | |
eCrime Actor - Credential Theft Botnet Operator | |
eCrime Actor - Credential Theft Botnet Service | |
eCrime Actor - Malware Developer | |
eCrime Actor - Money Laundering Network | |
eCrime Actor - Organized Crime Actor | |
eCrime Actor - Spam Service | |
eCrime Actor - Traffic Service | |
eCrime Actor - Underground Call Service | |
Insider Threat | |
Disgruntled Customer / User |
Field Name | Type | Description |
---|---|---|
@vocab_nameoptional | string |
The vocab_name field specifies the name of the controlled vocabulary. |
@vocab_referenceoptional | anyURI |
The vocab_reference field specifies the URI to the location of where the controlled vocabulary is defined, e.g., in an externally located XML schema file. |