Fill Threat Actor Details
Threat actors are actual individuals, groups, or organizations that operate with malicious intent.
Threat actors can be characterized by their motives, capabilities, goals, sophistication level, past activities, resources they have access to, and their role in the organization.
Basic Details
Field Name | Required | Description |
|---|---|---|
Name | Mandatory | Specify the name of the threat actor. |
Description | Optional | Specify the additional information, such as the purpose and key characteristics of the threat actor. |
Threat Actor Types | Optional | Specify the type of threat actor, such as activist, competitor, criminal, hacker, spy, and more. |
Aliases | Optional | Specify the alternate names by which the threat actor identifies. |
First Seen* | Optional | Specify the date at which the threat actor was first seen. |
Last Seen* | Optional | Specify the date at which the threat actor was last seen. |
Roles | Optional | Specify the role the threat actor plays, such as agent, director, independent, and more. |
Goals | Optional | Specify the high-level goals of the threat actor, such as the goal a threat actor is trying to accomplish. |
Sophistication | Optional | Specify the skill, specific knowledge, specific training, or must-have expertise to perform the attack, |
Resource Level | Optional | Specify the organization level at which the threat actor works, which in turn determines the available resources that the threat actor can use in an attack. |
Primary Motivation | Optional | Specify the primary reason, motivation, or purpose of the threat actor. For example, a threat actor with a goal to disrupt the finance sector in a country might be motivated by an ideological hatred of capitalism. |
Secondary Motivation | Optional | Specify the secondary reasons, motivations, or purpose of the threat actor. These motivations can exist as an equal or near-equal cause to the primary motivation. However, it does not replace or necessarily magnify the primary motivation, but it might indicate additional context. The position in the list has no significance. |
Personal Motivation | Optional | Specify the personal reasons, motivations, or purposes of the threat actor regardless of the organizational goals. |
*For more information about dates, see General FAQs.
Common Fields
Field Name | Description |
|---|---|
Tags | Specify the tags for the threat actor. |
TLP | Specify the TLP, such as RED, AMBER, GREEN, WHITE, and NONE for the threat actor. |
Created by Reference | Specify the entity that created the threat actor. |
Revoked | Select this option to mark the component as revoked or invalid. |
Custom Attributes
Field Name | Description |
|---|---|
Add Custom Attributes | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the threat actor. |
External References
Use external references to include any non-STIX information that you may want to associate with this object.
Field Name | Description |
|---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |