{ "values": [ { "value": "Cyber Espionage Operations" }, { "value": "Hacker" }, { "value": "Hacker - White hat" }, { "value": "Hacker - Gray hat" }, { "value": "Hacker - Black hat" }, { "value": "Hacktivist" }, { "value": "State Actor / Agency" }, { "value": "eCrime Actor - Credential Theft Botnet Operator" }, { "value": "eCrime Actor - Credential Theft Botnet Service" }, { "value": "eCrime Actor - Malware Developer" }, { "value": "eCrime Actor - Money Laundering Network" }, { "value": "eCrime Actor - Organized Crime Actor" }, { "value": "eCrime Actor - Spam Service" }, { "value": "eCrime Actor - Traffic Service" }, { "value": "eCrime Actor - Underground Call Service" }, { "value": "Insider Threat" }, { "value": "Disgruntled Customer / User" } ], "version": 1, "uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95", "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.", "author": "STIX", "stix": "1.0", "type": "threat-actor-type-vocabulary" }