{
 "fields": {
  "actor_id": "canonical id (MITRE G####/C####, or MISP-/derived id)",
  "canonical_name": "display name",
  "aliases": "all known names/aliases",
  "category": "actor category",
  "sponsor": "attributed sponsor / origin",
  "cve_count": "# attributed CVEs",
  "technique_count": "# ATT&CK techniques",
  "idf_score": "inverse-doc-frequency exclusivity score (sum log(N/n))",
  "exclusive_cve_count": "CVEs attributed to this actor alone",
  "active_year_min": "first active year",
  "active_year_max": "last active year",
  "sectors": "NAICS-coded target sectors",
  "victim_count": "# named victim orgs",
  "top_product_categories": "most-targeted product classes",
  "mitre_url": "MITRE ATT&CK page",
  "cve_ids": "attributed CVE ids",
  "technique_ids": "ATT&CK technique ids",
  "subtechnique_ids": "ATT&CK sub-technique ids"
 },
 "license": "CC BY 4.0",
 "generated": "2026-07-04",
 "methodology": "https://security-resilience.ai/actor-methodology.html"
}