diff --git a/elements/threat-actor-type-vocabulary.json b/elements/threat-actor-type-vocabulary.json new file mode 100644 index 0000000..db87619 --- /dev/null +++ b/elements/threat-actor-type-vocabulary.json @@ -0,0 +1,60 @@ +{ + "values": [ + { + "value": "Cyber Espionage Operations" + }, + { + "value": "Hacker" + }, + { + "value": "Hacker - White hat" + }, + { + "value": "Hacker - Gray hat" + }, + { + "value": "Hacker - Black hat" + }, + { + "value": "Hacktivist" + }, + { + "value": "State Actor / Agency" + }, + { + "value": "eCrime Actor - Credential Theft Botnet Operator" + }, + { + "value": "eCrime Actor - Credential Theft Botnet Service" + }, + { + "value": "eCrime Actor - Malware Developer" + }, + { + "value": "eCrime Actor - Money Laundering Network" + }, + { + "value": "eCrime Actor - Organized Crime Actor" + }, + { + "value": "eCrime Actor - Spam Service" + }, + { + "value": "eCrime Actor - Traffic Service" + }, + { + "value": "eCrime Actor - Underground Call Service" + }, + { + "value": "Insider Threat" + }, + { + "value": "Disgruntled Customer / User" + } + ], + "version" : 1, + "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.", + "author": "STIX", + "stix": "1.0", + "type": "threat-actor-type-vocabulary" +}