MISP-standard.org - Introducing the MISP Threat Actor Naming Standard
How to name threat actor and adversaries in threat intelligence
Official Announcement: Introducing the MISP Threat Actor Naming Standard
The MISP-standard.org is proud to announce the release of a new standard: Threat Actor Naming (RFC). This standard addresses one of the most critical challenges in cybersecurity information sharing—the consistent and reliable identification of threat actors.
Why a Threat Actor Naming Standard?
In threat intelligence, the ability to identify and track threat actors across different organizations, tools, and data sets is crucial. However, the lack of standardized naming conventions has often led to confusion, duplication of effort, and inefficiencies in threat intelligence workflows. This new MISP standard provides a structured approach to naming threat actors, facilitating better collaboration and interoperability within the cybersecurity community.
The objective is to actively reuse references, such as UUIDs, from existing threat actor databases to ensure consistency and improve the reliability of shared intelligence. This approach supports streamlined collaboration and more accurate correlation of threat actor data across platforms.
Key Features of the Standard
- Global Consistency: Establishes a common framework for naming threat actors that can be adopted across organizations and industries.
- Interoperability: Ensures compatibility with existing threat intelligence sharing platforms, including MISP, enabling seamless integration.
- Flexibility: Accommodates diverse naming conventions while providing guidance to reduce ambiguities.
- Transparency: Maintains a clear rationale for each naming decision, enhancing the trustworthiness of shared threat intelligence.
Benefits for the Community
- Improved Collaboration: Enhances the ability of CSIRTs, CERTs, and other stakeholders to collaborate effectively by reducing naming conflicts.
- Streamlined Analysis: Simplifies the process of correlating threat actor information across different datasets.
- Better Attribution: Provides a structured approach to documenting and attributing threat actors, aiding in incident response and strategic decision-making.
Get Involved
This standard is a result of collaborative efforts within the MISP community. We invite cybersecurity professionals, researchers, and organizations to adopt and contribute to the standard. Your feedback is invaluable in ensuring that this standard meets the needs of the global cybersecurity community.
Access the Standard
The full text of the Threat Actor Naming standard is available here. We encourage you to explore it, implement it in your workflows, and share your experiences.
Don’t hesitate to contribute or make proposals via the GitHub page.
Existing Directory of Threat Actor Names and References
- MISP Galaxy - Threat Actor - Source in JSON
Acknowledgments
We extend our gratitude to all contributors who have participated in the development of this standard. Your dedication and expertise have been instrumental in achieving this milestone.
2024
2019
MISP-standard.org - the open source collaborative intelligence standard
In order to preserve and foster the standard and its evolution, the MISP project has spun off a new structure called MISP-standard.org in July 2019, with the...