OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: TA Social Media Account


Yep I concur

On Thursday, 28 July 2016, Joep Gommers <joep@eclecticiq.com> wrote:
There are indeed two different scenario’s;

- the linkedin account, when observed actively, is an indication of some intelligence (ttps, actors, campaigns, bla)
- the linkedin account is part of the analysis narrative of an actor, a description of his (potential) identity. 

The first case would be an indicator, the second case would be part of some sort of identity construct. They can exist in parallel.

J-



From: <cti-stix@lists.oasis-open.org> on behalf of Jerome Athias <athiasjerome@gmail.com>
Date: Thursday, July 28, 2016 at 7:53 AM
To: Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Cc: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: Re: [cti-stix] TA Social Media Account

Hi,

thanks for the answer.
Probably something for 2.1:
Could we want/need a -Profile Object- that would be some sort of (Digital) Identity? (bad or good)
(that could effectively be linked to a User_Account of a -Service- (other object needed?))

Best regards


On Tue, Jul 26, 2016 at 3:44 PM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

You would make an indicator object that had a pattern that matched the LinkedIn account, and use an "indicates" relationship from the indicator to the Threat Actor (this indicator indicates a presence of this Threat Actor).

There is no specific "LinkedIn account" object in Cybox. I would use the user-account-object.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Jerome Athias ---07/26/2016 03:33:13 AM---Hi, This would need some work with the Message Objects in tJerome Athias ---07/26/2016 03:33:13 AM---Hi, This would need some work with the Message Objects in the future, but for

From: Jerome Athias <athiasjerome@gmail.com>
To: cti-stix@lists.oasis-open.org
Date: 07/26/2016 03:33 AM
Subject: [cti-stix] TA Social Media Account
Sent by: <cti-stix@lists.oasis-open.org>





Hi,
This would need some work with the Message Objects in the future, but for now, quick question to the mentor(s):
Would we have a quick & clean way to add a, for example, LinkedIn account to the Threat Actor object?





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]