lpingree
commented
1 year ago Makes total sense and important for actor following IMHOSincerely,Lawrence PingreeOn Jan 24, 2023, at 10:08 AM, sheetlaand @.***> wrote: Hello, We would like to propose a new SRO (STIX Relationship Object) between two Threat-Actors or between two Malwares. Indeed, we see in the past that some groups shut down its activities, and join new groups. For example, with an high confidence, we saw that Conti members joined other affiliates such as KaraKurt or BlackBasta. But, we can't properly define the relationship between two Actors, based on the existing SROs. Our wish is then to be able to add a "rebrands-as" relationship, to better explain the global threat ecosystem. Does it make sense for you ? Thank you ! Regards,
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>
srrelitz2
jordan2175
Hello, We would like to propose a new SRO (STIX Relationship Object) between two Threat-Actors or between two Malwares. Indeed, we see in the past that some groups shut down its activities, and join new groups. For example, with an high confidence, we saw that Conti members joined other affiliates such as KaraKurt or BlackBasta. But, we can't properly define the relationship between two Actors, based on the existing SROs. Our wish is then to be able to add a "rebrands-as" relationship, to better explain the global threat ecosystem. Does it make sense for you ? Thank you ! Regards,