• Home
• org.mitre
• stix
• 1.2.0.2
• source code
• threat_actor.xsd

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

schemas.v1.2.0.threat_actor.xsd Maven / Gradle / Ivy

	
		This schema was originally developed by The MITRE Corporation. The STIX XML Schema implementation is maintained by The MITRE Corporation and developed by the open STIX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the STIX website at http://stix.mitre.org. 
		
			STIX Threat Actor
			1.2
			05/15/2015 9:00:00 AM
			Structured Threat Information eXpression (STIX) - ThreatActor - Schematic implementation for the Threat Actor construct within the STIX structured cyber threat expression language architecture.
			Copyright (c) 2012-2015, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html. See the STIX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the STIX Schema, this license header must be included. 
		
	
	
	
	
	
		
			Identification or characterization of the adversary
		
	
	
	
		
			Represents a single STIX Threat Actor.
			ThreatActors are characterizations of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behavior. In a structured sense, ThreatActors consist of a characterization of identity, suspected motivation, suspected intended effect, historically observed TTP used by the ThreatActor, historical Campaigns believed associated with the ThreatActor, other ThreatActors believed associated with the ThreatActor, handling guidance, confidence in the asserted characterization of the ThreatActor, source of the ThreatActor information, etc.
		
		
			
				
					
						
							The Title field provides a simple title for this ThreatActor.
						
					
					
						
							The Description field is optional and provides an unstructured, text description of this ThreatActor.
						
					
					
						
							The Short_Description field is optional and provides a short, unstructured, text description of this ThreatActor.
						
					
					
						
							The Identity field characterizes the identity of this Threat Actor.
							This field is implemented through the xsi:type extension mechanism. The default type is CIQIdentity3.0InstanceType in the http://stix.mitre.org/extensions/Identity#CIQIdentity3.0-1 namespace. This type is defined in the extensions/identity/ciq_identity.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/identity/ciq_identity/1.1/ciq_identity.xsd.
							Those who wish to express a simple name may also do so by not specifying an xsi:type and using the Name field.
						
					
					
						
							The Type field characterizes the type(s) of this threat actor. It may be used multiple times to capture multiple types.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is ThreatActorTypeVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Type field characterizes the motivations of this threat actor. It may be used multiple times to capture multiple motivations.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is MotivationVocab-1.1 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Sophistication field specifies the sophistication of this Threat Actor.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is ThreatActorSophisticationVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd .
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Intended_Effect field specifies the suspected intended effect for this Threat Actor.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is IntendedEffectVocab-1.0 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Planning_And_Operational_Support field specifies the suspected planning and operational support performed by this threat actor.
							It is implemented through the StatementType, which allows for the expression of a statement in a vocabulary (Value), a description of the statement (Description), a confidence in the statement (Confidence), and the source of the statement (Source). The default vocabulary type for the Value is PlanningAndOperationalSupportVocab-1.0.1 in the http://stix.mitre.org/default_vocabularies-1 namespace. This type is defined in the stix_default_vocabularies.xsd file or at the URL http://stix.mitre.org/XMLSchema/default_vocabularies/1.2.0/stix_default_vocabularies.xsd.
							Users may also define their own vocabulary using the type extension mechanism, specify a vocabulary name and reference using the attributes, or simply use this as a string field.
						
					
					
						
							The Observed_TTPs field specifies the TTPs that this Threat Actor has been observed to leverage.
						
					
					
						
							The Associated_Campaigns field specifies any known Campaigns attributed to this Threat Actor.
						
					
					
						
							The Associated_Actors field specifies other Threat Actors asserted to be associated with this Threat Actor.
						
					
					
						
							The Handling field specifies the appropriate data handling markings for the elements of this Threat Actor characterization. The valid marking scope is the nearest ThreatActorBaseType ancestor of this Handling element and all its descendants.
						
					
					
						
							The Confidence field characterizes the level of confidence held in the characterization of this Threat Actor.
						
					
					
						
							The Information_Source field details the source of this entry.
						
					
					
						
							The Related_Packages field identifies or characterizes relationships to set of related Packages.
							DEPRECATED: This field is deprecated and will be removed in the next major version of STIX. Its use is strongly discouraged except for legacy applications.
							
								true
							
						
					
				
				
					
						Specifies the relevant STIX-ThreatActor schema version for this content.
					
				
			
		
	
	
	
		
			An enumeration of all versions of the Threat Actor type valid in the current release of STIX.
		
		
			
			
			
			
			
		
	
	
		
			
				
					
						
							The Associated_Actor field specifies another Threat Actor asserted to be associated with this Threat Actor.
						
					
				
			
		
	
	
		
			
				
					
						
							The Associated_Campaign field specifies a known Campaign attributed to this Threat Actor.
						
					
				
			
		
	
	
		
			
				
					
						
							The Observed_TTP field specifies a TTP that this Threat Actor has been observed to leverage.