Closed jstnk9 closed 1 month ago
Thanks for the PR. motive is the official key, cfr is one for the Council on Foreign Relations. They might be different but it’s often similar if we all agree on the motives of the TA.
Thanks for the PR. motive is the official key, cfr is one for the Council on Foreign Relations. They might be different but it’s often similar if we all agree on the motives of the TA.
Great to know, thank you @adulau.
Do you have a list of possible values for motive
or it's a free text field?
The current ones are:
Espionage
Hacktivists-Nationalists
Cybercrime
I know there are some others like financially motivated
but maybe I should update the Internet-Draft to add default values for the known meta.
Can you rebase to the current main
branch ? I'll merge it. Thank you very much.
I have added in this PR new information about SideWinder and also values related to the key
cfr-type-of-incident
for those objects that hadmotive
as well.I've followed the values of https://www.cfr.org/cyber-operations/#Glossary
motive
andcfr-type-of-incident
are the same? Should bemotive
key deprecated?