OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Threat Actor items

Just a comment:  In 'our' context "Operational" indicates that an entity has the ability to effectively establish infrastructure and use attack packages developed by others.  An analogy might be a group of actors with malicious intent who purchase pre-built exploitation packages, compromised hosts/credentials, etc. from the "black market".  They have enough sophistication to configure and run these pre-built packages but not develop or customize same.

Patrick Maroney
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org

On Fri, Jul 15, 2016 at 2:16 PM -0400, "Casey, Timothy P" <timothy.p.casey@intel.com> wrote:

Here is a suggested re-wording of the “Contest” vocabulary item for Attack Resource Level for Threat Actor:


“A short-lived and perhaps anonymous interaction that concludes when an ad-hoc group of participants have achieved a single goal. For example, people who break into systems just for thrills or prestige may hold a contest to see who can break into a specific target first. It also includes announced "operations" to achieve a specific goal, such as the original "OpIsrael" call for volunteers to disrupt all Israel internet functions for a day. Minimum Sophistication level: ???.”


There were some changes suggested to Sophistication Level that will need to be reflected in the other Attack Resource Level descriptions.  This one was formerly “Operational,” indicating a moderate level of sophistication but little long-term planning or development capabilities.


If there are other items for updating please let me know.





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]