OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Threat Actor Sophistication Levels

Comments inline:

Patrick Maroney
Email: pmaroney@specere.org
Cell: (609)841-5104

From: Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Saturday, August 6, 2016 9:28 PM
Subject: [cti] Threat Actor Sophistication Levels
To: <cti@lists.oasis-open.org>

These may be too granular for what are ultimately subjective assertions an analyst will make. Can we establish non-subjective criteria for each category?

  1. Unspecified
  2. Novice (script kiddie)
  3. operator
    1. Focuses on specific tasks within a campaign
    2. Can operate systems for an attack
    3. Can run tool kits designed by others
    4. Is a contributor to a larger organization <<<remove-not a discriminator >>>
  4. technician
    1. Focuses on specific mission objectives and goals
    2. Can troubleshoot and fix systems used in an attack
    3. Can execute attack plans and campaigns
  5. professional
    1. Focuses on broad tactical and mission goals
    2. Can identify targets and build attack plans
    3. Can use and <<<tailor>> advanced toolkits
  6. architect
    1. Focuses on broad organizational goals
    2. Can design the attack infrastructure 
  7. specialist
    1. Has very specialized skills but is not planning on running the show
    2. Reverse Engineers
    3. 1-day Malware Author. <<<what is 1-day?>>>
    4. Botnet infrastructure architect
  8. expert
    1. Focuses on strategic goals
    2. Able to plan very elaborate and advanced attacks
    3. Is a specialist in more than one area
    4. 0-day Malware Author
  9. innovator
    1. Thinks and plans for the future
    2. Designs new malware toolkits
    3. Innovates and move the attacker community forward
    4. Is an expert in more than one area



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]