chg: [threat-actor-naming] feedback merged + need to add reference to MISP galaxy format

pull/39/head
Alexandre Dulaunoy 2020-06-12 21:59:36 +02:00
parent 0f4c51aea8
commit 959dad2ee3
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
3 changed files with 9 additions and 9 deletions

View File

@ -499,8 +499,8 @@
<li>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</li>
<li>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</li>
<li>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</li>
<li>Lack of time-based information about the threat actor name, such as date of naming</li>
<li>Lack of open "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above.</li>
<li>Lack of time-based information about the threat actor name, such as date of naming or and UUID.</li>
<li>Lack of open mirrored "registry" of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The "registry" can contain the time-based information mentionned above, it is a tool.</li>
</ul>
<p> </p>

View File

@ -104,7 +104,7 @@ Table of Contents
specific set of targets?)
o Lack of time-based information about the threat actor name, such
as date of naming
as date of naming or and UUID.
@ -114,10 +114,10 @@ Dulaunoy & Bourmeau Expires December 11, 2020 [Page 2]
Internet-Draft Recommendations on naming threat actors June 2020
o Lack of open "registry" of reference, accessible to all, where to
register a new threat actor name, or to access all already named
threat actors. The "registry" can contain the time-based
information mentionned above.
o Lack of open mirrored "registry" of reference, accessible to all,
where to register a new threat actor name, or to access all
already named threat actors. The "registry" can contain the time-
based information mentionned above, it is a tool.
This document proposes a set of guidelines to name threat actors.
The goal is to reduce the above mentioned issues.

View File

@ -39,8 +39,8 @@ as a:</t>
<t>No clearly defined text format to describe the same threat actor (e.g. Is the threat actor name case sensitive? Is there a dash or a space between the two words?)</t>
<t>Confusion between techniques/tools used by a threat actor versus its name (e.g. naming a threat actor after a specific malware used)</t>
<t>Lack of source and list from vendors to describe their threat actor names and the reasoning behind the naming (e.g. did they name the threat actor after a specific set of campaigns? or specific set of targets?)</t>
<t>Lack of time-based information about the threat actor name, such as date of naming</t>
<t>Lack of open &quot;registry&quot; of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The &quot;registry&quot; can contain the time-based information mentionned above.</t>
<t>Lack of time-based information about the threat actor name, such as date of naming or and UUID.</t>
<t>Lack of open mirrored &quot;registry&quot; of reference, accessible to all, where to register a new threat actor name, or to access all already named threat actors. The &quot;registry&quot; can contain the time-based information mentionned above, it is a tool.</t>
</list>
</t>
<t>This document proposes a set of guidelines to name threat actors. The goal is to reduce the above mentioned issues.</t>