mirror of https://github.com/MISP/misp-rfc
chg: [threat-actor-naming] feedback merged + need to add reference to MISP galaxy format
parent
0f4c51aea8
commit
959dad2ee3
|
@ -499,8 +499,8 @@
|
||||||
<li>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</li>
|
<li>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</li>
|
||||||
<li>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</li>
|
<li>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</li>
|
||||||
<li>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</li>
|
<li>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</li>
|
||||||
<li>Lack of time-based information about the threat actor name, such as date of naming</li>
|
<li>Lack of time-based information about the threat actor name, such as date of naming or and UUID.</li>
|
||||||
<li>Lack of open "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above.</li>
|
<li>Lack of open mirrored "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above, it is a tool.</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<p> </p>
|
<p> </p>
|
||||||
|
|
|
@ -104,7 +104,7 @@ Table of Contents
|
||||||
specific set of targets?)
|
specific set of targets?)
|
||||||
|
|
||||||
o Lack of time-based information about the threat actor name, such
|
o Lack of time-based information about the threat actor name, such
|
||||||
as date of naming
|
as date of naming or and UUID.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -114,10 +114,10 @@ Dulaunoy & Bourmeau Expires December 11, 2020 [Page 2]
|
||||||
Internet-Draft Recommendations on naming threat actors June 2020
|
Internet-Draft Recommendations on naming threat actors June 2020
|
||||||
|
|
||||||
|
|
||||||
o Lack of open "registry" of reference, accessible to all, where to
|
o Lack of open mirrored "registry" of reference, accessible to all,
|
||||||
register a new threat actor name, or to access all already named
|
where to register a new threat actor name, or to access all
|
||||||
threat actors. The "registry" can contain the time-based
|
already named threat actors. The "registry" can contain the time-
|
||||||
information mentionned above.
|
based information mentionned above, it is a tool.
|
||||||
|
|
||||||
This document proposes a set of guidelines to name threat actors.
|
This document proposes a set of guidelines to name threat actors.
|
||||||
The goal is to reduce the above mentioned issues.
|
The goal is to reduce the above mentioned issues.
|
||||||
|
|
|
@ -39,8 +39,8 @@ as a:</t>
|
||||||
<t>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</t>
|
<t>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</t>
|
||||||
<t>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</t>
|
<t>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</t>
|
||||||
<t>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</t>
|
<t>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</t>
|
||||||
<t>Lack of time-based information about the threat actor name, such as date of naming</t>
|
<t>Lack of time-based information about the threat actor name, such as date of naming or and UUID.</t>
|
||||||
<t>Lack of open "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above.</t>
|
<t>Lack of open mirrored "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above, it is a tool.</t>
|
||||||
</list>
|
</list>
|
||||||
</t>
|
</t>
|
||||||
<t>This document proposes a set of guidelines to name threat actors. The goal is to reduce the above mentioned issues.</t>
|
<t>This document proposes a set of guidelines to name threat actors. The goal is to reduce the above mentioned issues.</t>
|
||||||
|
|
Loading…
Reference in New Issue