Threat-Actor/Malware renaming/rebranding - New SRO #303
Comments
|
Makes total sense and important for actor following IMHOSincerely,Lawrence PingreeOn Jan 24, 2023, at 10:08 AM, sheetlaand ***@***.***> wrote:
Hello,
We would like to propose a new SRO (STIX Relationship Object) between two Threat-Actors or between two Malwares. Indeed, we see in the past that some groups shut down its activities, and join new groups. For example, with an high confidence, we saw that Conti members joined other affiliates such as KaraKurt or BlackBasta.
But, we can't properly define the relationship between two Actors, based on the existing SROs.
Our wish is then to be able to add a "rebrands-as" relationship, to better explain the global threat ecosystem.
Does it make sense for you ?
Thank you !
Regards,
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
|
related to #304 |
|
You probably do not need a new SRO but rather just a relationship type. The plan all along was that the relationship types would be open vocabularies that could grow and expand outside of updating the specification. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
We would like to propose a new SRO (STIX Relationship Object) between two Threat-Actors or between two Malwares. Indeed, we see in the past that some groups shut down its activities, and join new groups. For example, with an high confidence, we saw that Conti members joined other affiliates such as KaraKurt or BlackBasta.
But, we can't properly define the relationship between two Actors, based on the existing SROs.
Our wish is then to be able to add a "rebrands-as" relationship, to better explain the global threat ecosystem.
Does it make sense for you ?
Thank you !
Regards,
The text was updated successfully, but these errors were encountered: