Skip to main content

Cyware Threat Intelligence eXchange

Fill Threat Actor Details

Threat actors are actual individuals, groups, or organizations that operate with malicious intent.

Threat actors can be characterized by their motives, capabilities, goals, sophistication level, past activities, resources they have access to, and their role in the organization.

Basic Details

Field Name

Required

Description

Name

Mandatory

Specify the name of the threat actor.

Description

Optional

Specify the additional information, such as the purpose and key characteristics of the threat actor.

Threat Actor Types

Optional

Specify the type of threat actor, such as activist, competitor, criminal, hacker, spy, and more.

Aliases

Optional

Specify the alternate names by which the threat actor identifies.

First Seen*

Optional

Specify the date at which the threat actor was first seen.

Last Seen*

Optional

Specify the date at which the threat actor was last seen.

Roles

Optional

Specify the role the threat actor plays, such as agent, director, independent, and more.

Goals

Optional

Specify the high-level goals of the threat actor, such as the goal a threat actor is trying to accomplish.

Sophistication

Optional

Specify the skill, specific knowledge, specific training, or must-have expertise to perform the attack,

Resource Level

Optional

Specify the organization level at which the threat actor works, which in turn determines the available resources that the threat actor can use in an attack.

Primary Motivation

Optional

Specify the primary reason, motivation, or purpose of the threat actor. For example, a threat actor with a goal to disrupt the finance sector in a country might be motivated by an ideological hatred of capitalism.

Secondary Motivation

Optional

Specify the secondary reasons, motivations, or purpose of the threat actor. These motivations can exist as an equal or near-equal cause to the primary motivation. However, it does not replace or necessarily magnify the primary motivation, but it might indicate additional context. The position in the list has no significance.

Personal Motivation

Optional

Specify the personal reasons, motivations, or purposes of the threat actor regardless of the organizational goals.

*For more information about dates, see General FAQs.

Common Fields

Field Name

Description

Tags

Specify the tags for the threat actor.

TLP

Specify the TLP, such as RED, AMBER, GREEN, WHITE, and NONE for the threat actor.

Created by Reference

Specify the entity that created the threat actor.

Revoked

Select this option to mark the component as revoked or invalid.

Custom Attributes

Field Name

Description

Add Custom Attributes

Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for the threat actor.

External References

Use external references to include any non-STIX information that you may want to associate with this object.

Field Name

Description

Source Name

Enter a source name.

Description

Enter a description.

External ID

Enter an external ID.

URL

Enter the URL of the external reference.

Hash Type

Select the hash type.

Hash Value

Enter the hash value.