{
  "values": [
    {
      "value": "Cyber Espionage Operations"
    },
    {
      "value": "Hacker"
    },
    {
      "value": "Hacker - White hat"
    },
    {
      "value": "Hacker - Gray hat"
    },
    {
      "value": "Hacker - Black hat"
    },
    {
      "value": "Hacktivist"
    },
    {
      "value": "State Actor / Agency"
    },
    {
      "value": "eCrime Actor - Credential Theft Botnet Operator"
    },
    {
      "value": "eCrime Actor - Credential Theft Botnet Service"
    },
    {
      "value": "eCrime Actor - Malware Developer"
    },
    {
      "value": "eCrime Actor - Money Laundering Network"
    },
    {
      "value": "eCrime Actor - Organized Crime Actor"
    },
    {
      "value": "eCrime Actor - Spam Service"
    },
    {
      "value": "eCrime Actor - Traffic Service"
    },
    {
      "value": "eCrime Actor - Underground Call Service"
    },
    {
      "value": "Insider Threat"
    },
    {
      "value": "Disgruntled Customer / User"
    }
  ],
  "version": 2,
  "uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95",
  "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.",
  "author": ["STIX"],
  "source": "STIX 1.0",
  "stix": "1.0",
  "type": "threat-actor-type-vocabulary"
}