Browse Source

chg: [threat-actor-naming] feedback merged + need to add reference to MISP galaxy format

main
Alexandre Dulaunoy 2 years ago
parent
commit
959dad2ee3
No known key found for this signature in database GPG Key ID: 9E2CD4944E6CBCD
  1. 4
      threat-actor-naming/threat-actor-naming.html
  2. 10
      threat-actor-naming/threat-actor-naming.txt
  3. 4
      threat-actor-naming/threat-actor-naming.xml

4
threat-actor-naming/threat-actor-naming.html

@ -499,8 +499,8 @@
<li>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</li>
<li>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</li>
<li>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</li>
<li>Lack of time-based information about the threat actor name, such as date of naming</li>
<li>Lack of open "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above.</li>
<li>Lack of time-based information about the threat actor name, such as date of naming or and UUID.</li>
<li>Lack of open mirrored "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above, it is a tool.</li>
</ul>
<p> </p>

10
threat-actor-naming/threat-actor-naming.txt

@ -104,7 +104,7 @@ Table of Contents
specific set of targets?)
o Lack of time-based information about the threat actor name, such
as date of naming
as date of naming or and UUID.
@ -114,10 +114,10 @@ Dulaunoy & Bourmeau Expires December 11, 2020 [Page 2]
Internet-Draft Recommendations on naming threat actors June 2020
o Lack of open "registry" of reference, accessible to all, where to
register a new threat actor name, or to access all already named
threat actors. The "registry" can contain the time-based
information mentionned above.
o Lack of open mirrored "registry" of reference, accessible to all,
where to register a new threat actor name, or to access all
already named threat actors. The "registry" can contain the time-
based information mentionned above, it is a tool.
This document proposes a set of guidelines to name threat actors.
The goal is to reduce the above mentioned issues.

4
threat-actor-naming/threat-actor-naming.xml

@ -39,8 +39,8 @@ as a:</t>
<t>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</t>
<t>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</t>
<t>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</t>
<t>Lack of time-based information about the threat actor name, such as date of naming</t>
<t>Lack of open &quot;registry&quot; of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The &quot;registry&quot; can contain the time-based information mentionned above.</t>
<t>Lack of time-based information about the threat actor name, such as date of naming or and UUID.</t>
<t>Lack of open mirrored &quot;registry&quot; of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The &quot;registry&quot; can contain the time-based information mentionned above, it is a tool.</t>
</list>
</t>
<t>This document proposes a set of guidelines to name threat actors. The goal is to reduce the above mentioned issues.</t>

Loading…
Cancel
Save