6.10 Threat Actor Role
Vocabulary Name: threat-actor-role-ov
The threat actor role vocabulary is currently used in the following SDO(s):
- Threat Actor
Threat actor role is an open vocabulary that is used to describe the different roles that a threat actor can play. For example, some threat actors author malware or operate botnets while other actors actually carry out attacks directly.
Threat actor roles are not mutually exclusive. For example, an actor can be both a financial backer for attacks and also direct attacks.
| Vocabulary Summary | |
|---|---|
| agent, director, independent, infrastructure-architect, infrastructure-operator, malware-author, sponsor | |
| Vocabulary Value | Description |
| agent | Threat actor executes attacks either on behalf of themselves or at the direction of someone else. |
| director | The threat actor who directs the activities, goals, and objectives of the malicious activities. |
| independent | A threat actor acting by themselves. |
| infrastructure-architect | Someone who designs the battle space. |
| infrastructure-operator | The threat actor who provides and supports the attack infrastructure that is used to deliver the attack (botnet providers, cloud services, etc.). |
| malware-author | The threat actor who authors malware or other malicious tools. |
| sponsor | The threat actor who funds the malicious activities. |