diff --git a/elements/threat-actor-type-vocabulary.json b/elements/threat-actor-type-vocabulary.json
new file mode 100644
index 0000000..db87619
--- /dev/null
+++ b/elements/threat-actor-type-vocabulary.json
@@ -0,0 +1,60 @@
+{
+  "values": [
+    {
+      "value": "Cyber Espionage Operations"
+    },
+    {
+      "value": "Hacker"
+    },
+    {
+      "value": "Hacker - White hat"
+    },
+    {
+      "value": "Hacker - Gray hat"
+    },
+    {
+      "value": "Hacker - Black hat"
+    },
+    {
+      "value": "Hacktivist"
+    },
+    {
+      "value": "State Actor / Agency"
+    },
+    {
+      "value": "eCrime Actor - Credential Theft Botnet Operator"
+    },
+    {
+      "value": "eCrime Actor - Credential Theft Botnet Service"
+    },
+    {
+      "value": "eCrime Actor - Malware Developer"
+    },
+    {
+      "value": "eCrime Actor - Money Laundering Network"
+    },
+    {
+      "value": "eCrime Actor - Organized Crime Actor"
+    },
+    {
+      "value": "eCrime Actor - Spam Service"
+    },
+    {
+      "value": "eCrime Actor - Traffic Service"
+    },
+    {
+      "value": "eCrime Actor - Underground Call Service"
+    },
+    {
+      "value": "Insider Threat"
+    },
+    {
+      "value": "Disgruntled Customer / User"
+    }
+  ],
+  "version" : 1,
+  "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.",
+  "author": "STIX",
+  "stix": "1.0",
+  "type": "threat-actor-type-vocabulary"
+}