The ThreatActorSophisticationVocab enumeration is used to define the

default STIX vocabulary for expressing the subjective level of
sophistication of a threat actor.
This commit is contained in:
Alexandre Dulaunoy 2016-03-04 07:55:01 +01:00
parent 3450ab37a1
commit 16eb86e784

View file

@ -0,0 +1,25 @@
{
"values": [
{
"value": "Innovator",
"description": "Demonstrates sophisticated capability. An innovator has the ability to create and script unique programs and codes targeting virtually any form of technology. At this level, this actor has a deep knowledge of networks, operating systems, programming languages, firmware, and infrastructure topologies and will demonstrate operational security when conducting his activities. Innovators are largely responsible for the discovery of 0-day vulnerabilities and the development of new attack techniques."
},
{
"value": "Expert",
"description": "Demonstrates advanced capability. An actor possessing expert capability has the ability to modify existing programs or codes but does not have the capability to script sophisticated programs from scratch. The expert has a working knowledge of networks, operating systems, and possibly even defensive techniques and will typically exhibit some operational security."
},
{
"value": "Practitioner",
"description": "Has a demonstrated, albeit low, capability. A practitioner possesses low sophistication capability. He does not have the ability to identify or exploit known vulnerabilities without the use of automated tools. He is proficient in the basic uses of publicly available hacking tools, but is unable to write or alter such programs on his own."
},
{
"value": "Novice",
"description": "Demonstrates a nascent capability. A novice has basic computer skills and likely requires the assistance of a Practitioner or higher to engage in hacking activity. He uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet and lacks the ability to conduct his own reconnaissance and targeting research."
}
],
"version" : 1,
"description": "The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.",
"author": "STIX",
"stix": "1.0",
"type": "threat-actor-sophistication-vocabulary"
}