Skip to main content

Cyware Fusion and Threat Response

Add Threat Actor

You can add a threat actor from anywhere in the CFTR UI. To add a threat actor:

  1. On the top banner area of the CFTR UI, click the + New button and select Threat Actor. New Threat Actor tab appears.

  2. On the Name field, enter the name of the threat actor.

  3. Under the Summary section, enter the details of the threat actor. The fields marked with asterisk (*) are mandatory.

    Field Options

    Description

    Details

    Enter details of the threat actor. Enter necessary details that can provide key intelligence about the threat actor.

    Base Country*

    Select the nationality of the threat actor.

    Aliases

    Enter the aliases information for the threat actor. The Aliases field can contain other names this threat actor is known to be called.

    Contact Information

    Enter the contact information of the threat actor.

    Target Country

    Select the countries that are targeted by the threat actor. Some of the suggested targeted countries are:

    • China

    • Global

    • India

    • Iran

    • Malaysia

    • Russia

    • United States

    • Other

    Target Sector

    Select the sectors that are targeted by the threat actor. Some of the suggested sectors are:

    • Aerospace & Defence

    • Agriculture

    • Automobiles & Parts

    • Chemicals & Materials

    • Civil Society & Non-Profit

    • Construction & Engineering

    • Control Systems

    • Education

    • Energy & Utilities

    • Financial Services

    • Governments

    • Healthcare

    • Legal

    • Media & Entertainment

    First Activity

    Enter the date on which the malicious activity of the threat actor was first observed.

    Last Activity

    Enter the date on which the malicious activity of the threat actor was last observed.

    Attributed Operations

    Enter the attributed operations of the threat actor.

    Threat Actor Type*

    Select a type to classify the threat actor. Some of the predefined types are:

    • Cyber Criminal

    • Hacktivist

    • Insider

    • Nation-state

    • Other

    Motivation

    Select the motive of the threat actor. Some of the predefined motives are:

    • Critical Infrastructure

    • Cyber Crime

    • Cyber Espionage

    • Enterprise

    • Hacktivism

    • Vulnerability & Exploitation

    • Other

    Roles

    Select the role of the threat actor. Some of the predefined roles are:

    • Agent

    • Infrastructure Operator

    • Malware Author

    • Sponsor

    Your CFTR admin can create other roles under Forms Management for threat actors from the Admin Panel.

    Tactic-Technique-SubTechnique

    Click the +Add button to add the Tactic-Technique-SubTechniquethat is used by the threat actor.

    Sophistication Level

    Select the sophistication level of the threat actor. Some of the predefined levels are:

    • Expert

    • Intermediate

    • New

    Your CFTR admin can create other sophistication levels under Forms Management for threat actors from the Admin Panel.

    Resource Level

    Select the resource levels for the threat actor. Some of the predefined resource levels are:

    • Individual

    • Informal Group

    • Organization

    • Small team

    • Well Funded

    Your CFTR admin can create other resource levels under Forms Management for threat actors from the Admin Panel

    References

    Enter the references for the threat actor.

  4. On the right panel, from the Labels drop-down list, select the labels.

  5. Click Submit.

The fields under the Summary section may differ based on the fields that are defined by your CFTR admin under Form Management for threat actors.