mirror of https://github.com/MISP/misp-rfc
chg: [threat-actor-naming] WiP
parent
2eab004862
commit
5133dbec55
|
@ -55,17 +55,23 @@ The key words "**MUST**", "**MUST NOT**", "**REQUIRED**", "**SHALL**", "**SHALL
|
||||||
"**SHOULD**", "**SHOULD NOT**", "**RECOMMENDED**", "**MAY**", and "**OPTIONAL**" in this
|
"**SHOULD**", "**SHOULD NOT**", "**RECOMMENDED**", "**MAY**", and "**OPTIONAL**" in this
|
||||||
document are to be interpreted as described in RFC 2119 [@!RFC2119].
|
document are to be interpreted as described in RFC 2119 [@!RFC2119].
|
||||||
|
|
||||||
# Reusing threat actor naming
|
# Recommendations
|
||||||
|
|
||||||
|
## Reusing threat actor naming
|
||||||
|
|
||||||
Before creating a new threat actor name, you **MUST** consider a review of existing threat actor names from databases such as the threat actor
|
Before creating a new threat actor name, you **MUST** consider a review of existing threat actor names from databases such as the threat actor
|
||||||
MISP galaxy [@!MISP-G]. Proliferation of threat actor names is a significant challenge for the day-to-day analyst work. If your threat actor defined an existing threat actor, you **MUST**
|
MISP galaxy [@!MISP-G]. Proliferation of threat actor names is a significant challenge for the day-to-day analyst work. If your threat actor defined an existing threat actor, you **MUST**
|
||||||
reuse an existing threat actor name. If there is no specific threat actor name, you **SHALL** create a new threat actor following the best
|
reuse an existing threat actor name. If there is no specific threat actor name, you **SHALL** create a new threat actor following the best
|
||||||
practices defined in this document.
|
practices defined in this document.
|
||||||
|
|
||||||
# Format
|
## Don't confuse actor naming with malware naming
|
||||||
|
|
||||||
# Encoding
|
## Format
|
||||||
|
|
||||||
|
## Encoding
|
||||||
|
|
||||||
|
## Directory
|
||||||
|
|
||||||
# Examples
|
# Examples
|
||||||
|
|
||||||
# Security Considerations
|
# Security Considerations
|
||||||
|
|
|
@ -376,16 +376,19 @@
|
||||||
<link href="#rfc.toc" rel="Contents">
|
<link href="#rfc.toc" rel="Contents">
|
||||||
<link href="#rfc.section.1" rel="Chapter" title="1 Introduction">
|
<link href="#rfc.section.1" rel="Chapter" title="1 Introduction">
|
||||||
<link href="#rfc.section.1.1" rel="Chapter" title="1.1 Conventions and Terminology">
|
<link href="#rfc.section.1.1" rel="Chapter" title="1.1 Conventions and Terminology">
|
||||||
<link href="#rfc.section.2" rel="Chapter" title="2 Reusing threat actor naming">
|
<link href="#rfc.section.2" rel="Chapter" title="2 Recommendations">
|
||||||
<link href="#rfc.section.3" rel="Chapter" title="3 Format">
|
<link href="#rfc.section.2.1" rel="Chapter" title="2.1 Reusing threat actor naming">
|
||||||
<link href="#rfc.section.4" rel="Chapter" title="4 Encoding">
|
<link href="#rfc.section.2.2" rel="Chapter" title="2.2 Don't confuse actor naming with malware naming">
|
||||||
<link href="#rfc.section.5" rel="Chapter" title="5 Examples">
|
<link href="#rfc.section.2.3" rel="Chapter" title="2.3 Format">
|
||||||
<link href="#rfc.section.6" rel="Chapter" title="6 Security Considerations">
|
<link href="#rfc.section.2.4" rel="Chapter" title="2.4 Encoding">
|
||||||
<link href="#rfc.section.7" rel="Chapter" title="7 Acknowledgements">
|
<link href="#rfc.section.2.5" rel="Chapter" title="2.5 Directory">
|
||||||
<link href="#rfc.section.8" rel="Chapter" title="8 References">
|
<link href="#rfc.section.3" rel="Chapter" title="3 Examples">
|
||||||
<link href="#rfc.references" rel="Chapter" title="9 References">
|
<link href="#rfc.section.4" rel="Chapter" title="4 Security Considerations">
|
||||||
<link href="#rfc.references.1" rel="Chapter" title="9.1 Normative References">
|
<link href="#rfc.section.5" rel="Chapter" title="5 Acknowledgements">
|
||||||
<link href="#rfc.references.2" rel="Chapter" title="9.2 Informative References">
|
<link href="#rfc.section.6" rel="Chapter" title="6 References">
|
||||||
|
<link href="#rfc.references" rel="Chapter" title="7 References">
|
||||||
|
<link href="#rfc.references.1" rel="Chapter" title="7.1 Normative References">
|
||||||
|
<link href="#rfc.references.2" rel="Chapter" title="7.2 Informative References">
|
||||||
<link href="#rfc.authors" rel="Chapter">
|
<link href="#rfc.authors" rel="Chapter">
|
||||||
|
|
||||||
|
|
||||||
|
@ -449,25 +452,31 @@
|
||||||
</li>
|
</li>
|
||||||
<ul><li>1.1. <a href="#rfc.section.1.1">Conventions and Terminology</a>
|
<ul><li>1.1. <a href="#rfc.section.1.1">Conventions and Terminology</a>
|
||||||
</li>
|
</li>
|
||||||
</ul><li>2. <a href="#rfc.section.2">Reusing threat actor naming</a>
|
</ul><li>2. <a href="#rfc.section.2">Recommendations</a>
|
||||||
</li>
|
</li>
|
||||||
<li>3. <a href="#rfc.section.3">Format</a>
|
<ul><li>2.1. <a href="#rfc.section.2.1">Reusing threat actor naming</a>
|
||||||
</li>
|
</li>
|
||||||
<li>4. <a href="#rfc.section.4">Encoding</a>
|
<li>2.2. <a href="#rfc.section.2.2">Don't confuse actor naming with malware naming</a>
|
||||||
</li>
|
</li>
|
||||||
<li>5. <a href="#rfc.section.5">Examples</a>
|
<li>2.3. <a href="#rfc.section.2.3">Format</a>
|
||||||
</li>
|
</li>
|
||||||
<li>6. <a href="#rfc.section.6">Security Considerations</a>
|
<li>2.4. <a href="#rfc.section.2.4">Encoding</a>
|
||||||
</li>
|
</li>
|
||||||
<li>7. <a href="#rfc.section.7">Acknowledgements</a>
|
<li>2.5. <a href="#rfc.section.2.5">Directory</a>
|
||||||
</li>
|
</li>
|
||||||
<li>8. <a href="#rfc.section.8">References</a>
|
</ul><li>3. <a href="#rfc.section.3">Examples</a>
|
||||||
</li>
|
</li>
|
||||||
<li>9. <a href="#rfc.references">References</a>
|
<li>4. <a href="#rfc.section.4">Security Considerations</a>
|
||||||
</li>
|
</li>
|
||||||
<ul><li>9.1. <a href="#rfc.references.1">Normative References</a>
|
<li>5. <a href="#rfc.section.5">Acknowledgements</a>
|
||||||
</li>
|
</li>
|
||||||
<li>9.2. <a href="#rfc.references.2">Informative References</a>
|
<li>6. <a href="#rfc.section.6">References</a>
|
||||||
|
</li>
|
||||||
|
<li>7. <a href="#rfc.references">References</a>
|
||||||
|
</li>
|
||||||
|
<ul><li>7.1. <a href="#rfc.references.1">Normative References</a>
|
||||||
|
</li>
|
||||||
|
<li>7.2. <a href="#rfc.references.2">Informative References</a>
|
||||||
</li>
|
</li>
|
||||||
</ul><li><a href="#rfc.authors">Authors' Addresses</a>
|
</ul><li><a href="#rfc.authors">Authors' Addresses</a>
|
||||||
</li>
|
</li>
|
||||||
|
@ -483,33 +492,42 @@
|
||||||
</h1>
|
</h1>
|
||||||
<p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 <a href="#RFC2119" class="xref">[RFC2119]</a>.</p>
|
<p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 <a href="#RFC2119" class="xref">[RFC2119]</a>.</p>
|
||||||
<h1 id="rfc.section.2">
|
<h1 id="rfc.section.2">
|
||||||
<a href="#rfc.section.2">2.</a> <a href="#reusing-threat-actor-naming" id="reusing-threat-actor-naming">Reusing threat actor naming</a>
|
<a href="#rfc.section.2">2.</a> <a href="#recommendations" id="recommendations">Recommendations</a>
|
||||||
|
</h1>
|
||||||
|
<h1 id="rfc.section.2.1">
|
||||||
|
<a href="#rfc.section.2.1">2.1.</a> <a href="#reusing-threat-actor-naming" id="reusing-threat-actor-naming">Reusing threat actor naming</a>
|
||||||
|
</h1>
|
||||||
|
<p id="rfc.section.2.1.p.1">Before creating a new threat actor name, you MUST consider a review of existing threat actor names from databases such as the threat actor MISP galaxy <a href="#MISP-G" class="xref">[MISP-G]</a>. Proliferation of threat actor names is a significant challenge for the day-to-day analyst work. If your threat actor defined an existing threat actor, you MUST reuse an existing threat actor name. If there is no specific threat actor name, you SHALL create a new threat actor following the best practices defined in this document.</p>
|
||||||
|
<h1 id="rfc.section.2.2">
|
||||||
|
<a href="#rfc.section.2.2">2.2.</a> <a href="#don-t-confuse-actor-naming-with-malware-naming" id="don-t-confuse-actor-naming-with-malware-naming">Don't confuse actor naming with malware naming</a>
|
||||||
|
</h1>
|
||||||
|
<h1 id="rfc.section.2.3">
|
||||||
|
<a href="#rfc.section.2.3">2.3.</a> <a href="#format" id="format">Format</a>
|
||||||
|
</h1>
|
||||||
|
<h1 id="rfc.section.2.4">
|
||||||
|
<a href="#rfc.section.2.4">2.4.</a> <a href="#encoding" id="encoding">Encoding</a>
|
||||||
|
</h1>
|
||||||
|
<h1 id="rfc.section.2.5">
|
||||||
|
<a href="#rfc.section.2.5">2.5.</a> <a href="#directory" id="directory">Directory</a>
|
||||||
</h1>
|
</h1>
|
||||||
<p id="rfc.section.2.p.1">Before creating a new threat actor name, you MUST consider a review of existing threat actor names from databases such as the threat actor MISP galaxy <a href="#MISP-G" class="xref">[MISP-G]</a>. Proliferation of threat actor names is a significant challenge for the day-to-day analyst work. If your threat actor defined an existing threat actor, you MUST reuse an existing threat actor name. If there is no specific threat actor name, you SHALL create a new threat actor following the best practices defined in this document.</p>
|
|
||||||
<h1 id="rfc.section.3">
|
<h1 id="rfc.section.3">
|
||||||
<a href="#rfc.section.3">3.</a> <a href="#format" id="format">Format</a>
|
<a href="#rfc.section.3">3.</a> <a href="#examples" id="examples">Examples</a>
|
||||||
</h1>
|
</h1>
|
||||||
<h1 id="rfc.section.4">
|
<h1 id="rfc.section.4">
|
||||||
<a href="#rfc.section.4">4.</a> <a href="#encoding" id="encoding">Encoding</a>
|
<a href="#rfc.section.4">4.</a> <a href="#security-considerations" id="security-considerations">Security Considerations</a>
|
||||||
</h1>
|
</h1>
|
||||||
|
<p id="rfc.section.4.p.1">Naming a threat actor could include specific sensitive reference to a case or an incident. Before releasing the naming, the creator MUST review the name to ensure no sensitive information is included in the threat actor name.</p>
|
||||||
<h1 id="rfc.section.5">
|
<h1 id="rfc.section.5">
|
||||||
<a href="#rfc.section.5">5.</a> <a href="#examples" id="examples">Examples</a>
|
<a href="#rfc.section.5">5.</a> <a href="#acknowledgements" id="acknowledgements">Acknowledgements</a>
|
||||||
</h1>
|
</h1>
|
||||||
|
<p id="rfc.section.5.p.1">The authors wish to thank all contributors who provided feedback via Twitter.</p>
|
||||||
<h1 id="rfc.section.6">
|
<h1 id="rfc.section.6">
|
||||||
<a href="#rfc.section.6">6.</a> <a href="#security-considerations" id="security-considerations">Security Considerations</a>
|
<a href="#rfc.section.6">6.</a> <a href="#references" id="references">References</a>
|
||||||
</h1>
|
|
||||||
<p id="rfc.section.6.p.1">Naming a threat actor could include specific sensitive reference to a case or an incident. Before releasing the naming, the creator MUST review the name to ensure no sensitive information is included in the threat actor name.</p>
|
|
||||||
<h1 id="rfc.section.7">
|
|
||||||
<a href="#rfc.section.7">7.</a> <a href="#acknowledgements" id="acknowledgements">Acknowledgements</a>
|
|
||||||
</h1>
|
|
||||||
<p id="rfc.section.7.p.1">The authors wish to thank all contributors who provided feedback via Twitter.</p>
|
|
||||||
<h1 id="rfc.section.8">
|
|
||||||
<a href="#rfc.section.8">8.</a> <a href="#references" id="references">References</a>
|
|
||||||
</h1>
|
</h1>
|
||||||
<h1 id="rfc.references">
|
<h1 id="rfc.references">
|
||||||
<a href="#rfc.references">9.</a> References</h1>
|
<a href="#rfc.references">7.</a> References</h1>
|
||||||
<h1 id="rfc.references.1">
|
<h1 id="rfc.references.1">
|
||||||
<a href="#rfc.references.1">9.1.</a> Normative References</h1>
|
<a href="#rfc.references.1">7.1.</a> Normative References</h1>
|
||||||
<table><tbody>
|
<table><tbody>
|
||||||
<tr>
|
<tr>
|
||||||
<td class="reference"><b id="MISP-G">[MISP-G]</b></td>
|
<td class="reference"><b id="MISP-G">[MISP-G]</b></td>
|
||||||
|
@ -523,7 +541,7 @@
|
||||||
</tr>
|
</tr>
|
||||||
</tbody></table>
|
</tbody></table>
|
||||||
<h1 id="rfc.references.2">
|
<h1 id="rfc.references.2">
|
||||||
<a href="#rfc.references.2">9.2.</a> Informative References</h1>
|
<a href="#rfc.references.2">7.2.</a> Informative References</h1>
|
||||||
<table><tbody><tr>
|
<table><tbody><tr>
|
||||||
<td class="reference"><b id="MISP-P">[MISP-P]</b></td>
|
<td class="reference"><b id="MISP-P">[MISP-P]</b></td>
|
||||||
<td class="top">
|
<td class="top">
|
||||||
|
|
|
@ -62,16 +62,19 @@ Table of Contents
|
||||||
|
|
||||||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
|
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
|
||||||
1.1. Conventions and Terminology . . . . . . . . . . . . . . . 2
|
1.1. Conventions and Terminology . . . . . . . . . . . . . . . 2
|
||||||
2. Reusing threat actor naming . . . . . . . . . . . . . . . . . 2
|
2. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 2
|
||||||
3. Format . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
|
2.1. Reusing threat actor naming . . . . . . . . . . . . . . . 2
|
||||||
4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . 2
|
2.2. Don't confuse actor naming with malware naming . . . . . 2
|
||||||
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 2
|
2.3. Format . . . . . . . . . . . . . . . . . . . . . . . . . 2
|
||||||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 2
|
2.4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 3
|
||||||
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3
|
2.5. Directory . . . . . . . . . . . . . . . . . . . . . . . . 3
|
||||||
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 3
|
3. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 3
|
||||||
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 3
|
4. Security Considerations . . . . . . . . . . . . . . . . . . . 3
|
||||||
9.1. Normative References . . . . . . . . . . . . . . . . . . 3
|
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 3
|
||||||
9.2. Informative References . . . . . . . . . . . . . . . . . 3
|
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 3
|
||||||
|
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 3
|
||||||
|
7.1. Normative References . . . . . . . . . . . . . . . . . . 3
|
||||||
|
7.2. Informative References . . . . . . . . . . . . . . . . . 3
|
||||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 3
|
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 3
|
||||||
|
|
||||||
1. Introduction
|
1. Introduction
|
||||||
|
@ -82,7 +85,9 @@ Table of Contents
|
||||||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
|
||||||
document are to be interpreted as described in RFC 2119 [RFC2119].
|
document are to be interpreted as described in RFC 2119 [RFC2119].
|
||||||
|
|
||||||
2. Reusing threat actor naming
|
2. Recommendations
|
||||||
|
|
||||||
|
2.1. Reusing threat actor naming
|
||||||
|
|
||||||
Before creating a new threat actor name, you MUST consider a review
|
Before creating a new threat actor name, you MUST consider a review
|
||||||
of existing threat actor names from databases such as the threat
|
of existing threat actor names from databases such as the threat
|
||||||
|
@ -93,18 +98,13 @@ Table of Contents
|
||||||
name, you SHALL create a new threat actor following the best
|
name, you SHALL create a new threat actor following the best
|
||||||
practices defined in this document.
|
practices defined in this document.
|
||||||
|
|
||||||
3. Format
|
2.2. Don't confuse actor naming with malware naming
|
||||||
|
|
||||||
|
2.3. Format
|
||||||
|
|
||||||
4. Encoding
|
|
||||||
|
|
||||||
5. Examples
|
|
||||||
|
|
||||||
6. Security Considerations
|
|
||||||
|
|
||||||
Naming a threat actor could include specific sensitive reference to a
|
|
||||||
case or an incident. Before releasing the naming, the creator MUST
|
|
||||||
review the name to ensure no sensitive information is included in the
|
|
||||||
threat actor name.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -114,16 +114,29 @@ Dulaunoy & Bourmeau Expires December 11, 2020 [Page 2]
|
||||||
Internet-Draft Recommendations on naming threat actors June 2020
|
Internet-Draft Recommendations on naming threat actors June 2020
|
||||||
|
|
||||||
|
|
||||||
7. Acknowledgements
|
2.4. Encoding
|
||||||
|
|
||||||
|
2.5. Directory
|
||||||
|
|
||||||
|
3. Examples
|
||||||
|
|
||||||
|
4. Security Considerations
|
||||||
|
|
||||||
|
Naming a threat actor could include specific sensitive reference to a
|
||||||
|
case or an incident. Before releasing the naming, the creator MUST
|
||||||
|
review the name to ensure no sensitive information is included in the
|
||||||
|
threat actor name.
|
||||||
|
|
||||||
|
5. Acknowledgements
|
||||||
|
|
||||||
The authors wish to thank all contributors who provided feedback via
|
The authors wish to thank all contributors who provided feedback via
|
||||||
Twitter.
|
Twitter.
|
||||||
|
|
||||||
8. References
|
6. References
|
||||||
|
|
||||||
9. References
|
7. References
|
||||||
|
|
||||||
9.1. Normative References
|
7.1. Normative References
|
||||||
|
|
||||||
[MISP-G] Community, M., "MISP Galaxy - Public repository",
|
[MISP-G] Community, M., "MISP Galaxy - Public repository",
|
||||||
<https://github.com/MISP/misp-galaxy>.
|
<https://github.com/MISP/misp-galaxy>.
|
||||||
|
@ -133,7 +146,7 @@ Internet-Draft Recommendations on naming threat actors June 2020
|
||||||
DOI 10.17487/RFC2119, March 1997,
|
DOI 10.17487/RFC2119, March 1997,
|
||||||
<https://www.rfc-editor.org/info/rfc2119>.
|
<https://www.rfc-editor.org/info/rfc2119>.
|
||||||
|
|
||||||
9.2. Informative References
|
7.2. Informative References
|
||||||
|
|
||||||
[MISP-P] Community, M., "MISP Project - Open Source Threat
|
[MISP-P] Community, M., "MISP Project - Open Source Threat
|
||||||
Intelligence Platform and Open Standards For Threat
|
Intelligence Platform and Open Standards For Threat
|
||||||
|
@ -151,6 +164,12 @@ Authors' Addresses
|
||||||
Email: alexandre.dulaunoy@circl.lu
|
Email: alexandre.dulaunoy@circl.lu
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Bourmeau Expires December 11, 2020 [Page 3]
|
||||||
|
|
||||||
|
Internet-Draft Recommendations on naming threat actors June 2020
|
||||||
|
|
||||||
|
|
||||||
Pauline Bourmeau
|
Pauline Bourmeau
|
||||||
Corexalys
|
Corexalys
|
||||||
26 Rue de la Bienfaisance
|
26 Rue de la Bienfaisance
|
||||||
|
@ -165,4 +184,41 @@ Authors' Addresses
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dulaunoy & Bourmeau Expires December 11, 2020 [Page 3]
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Dulaunoy & Bourmeau Expires December 11, 2020 [Page 4]
|
||||||
|
|
|
@ -38,6 +38,8 @@ document are to be interpreted as described in RFC 2119 <xref target="RFC2119"><
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section anchor="recommendations" title="Recommendations">
|
||||||
|
|
||||||
<section anchor="reusing-threat-actor-naming" title="Reusing threat actor naming">
|
<section anchor="reusing-threat-actor-naming" title="Reusing threat actor naming">
|
||||||
<t>Before creating a new threat actor name, you MUST consider a review of existing threat actor names from databases such as the threat actor
|
<t>Before creating a new threat actor name, you MUST consider a review of existing threat actor names from databases such as the threat actor
|
||||||
MISP galaxy <xref target="MISP-G"></xref>. Proliferation of threat actor names is a significant challenge for the day-to-day analyst work. If your threat actor defined an existing threat actor, you MUST
|
MISP galaxy <xref target="MISP-G"></xref>. Proliferation of threat actor names is a significant challenge for the day-to-day analyst work. If your threat actor defined an existing threat actor, you MUST
|
||||||
|
@ -45,12 +47,19 @@ reuse an existing threat actor name. If there is no specific threat actor name,
|
||||||
practices defined in this document.</t>
|
practices defined in this document.</t>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section anchor="don-t-confuse-actor-naming-with-malware-naming" title="Don't confuse actor naming with malware naming">
|
||||||
|
</section>
|
||||||
|
|
||||||
<section anchor="format" title="Format">
|
<section anchor="format" title="Format">
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section anchor="encoding" title="Encoding">
|
<section anchor="encoding" title="Encoding">
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section anchor="directory" title="Directory">
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section anchor="examples" title="Examples">
|
<section anchor="examples" title="Examples">
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue