"description":"Malware attached to a message or email message containing link to malicious URL or IP.",
"expanded":"Distribution",
"value":"distribution"
},
{
"description":"System used as a command-and-control point by a botnet. Also included in this field are systems serving as a point for gathering information stolen by botnets.",
"expanded":"Command & Control (C&C)",
"value":"command-and-control"
},
{
"description":"System attempting to gain access to a port normally linked to a specific type of malware / System attempting to gain access to an IP address or URL normally linked to a specific type of malware, e.g. C&C or a distribution page for components linked to a specific botnet.",
"expanded":"Malicious connection",
"value":"malicious-connection"
}
],
"predicate":"malware"
},
{
"entry":[
{
"description":"Single source using specially designed software to affect the normal functioning of a specific service, by exploiting vulnerability / Mass mailing of requests (network packets, emails, etc.) from one single source to a specific service, aimed at affecting its normal functioning.",
"expanded":"Denial of Service (DoS) / Distributed Denial of Service (DDoS)",
"value":"dos-ddos"
},
{
"description":"Logical and physical activities which – although they are not aimed at causing damage to information or at preventing its transmission among systems – have this effect.",
"expanded":"Sabotage",
"value":"sabotage"
}
],
"predicate":"availability"
},
{
"entry":[
{
"description":"Single system scan searching for open ports or services using these ports for responding / Scanning a network aimed at identifying systems which are active in the same network / Transfer of a specific DNS zone.",
"expanded":"Scanning",
"value":"scanning"
},
{
"description":"Logical or physical interception of communications.",
"expanded":"Sniffing",
"value":"sniffing"
},
{
"description":"Mass emailing aimed at collecting data for phishing purposes with regard to the victims / Hosting web sites for phishing purposes.",
"expanded":"Phishing",
"value":"phishing"
}
],
"predicate":"information-gathering"
},
{
"entry":[
{
"description":"Unsuccessful use of a tool exploiting a specific vulnerability of the system / Unsuccessful attempt to manipulate or read the information of a database by using the SQL injection technique / Unsuccessful attempts to perform attacks by using cross-site scripting techniques / Unsuccessful attempt to include files in the system under attack by using file inclusion techniques / Unauthorised access to a system or component by bypassing an access control system in place.",
"expanded":"Exploitation of vulnerability attempt",
"value":"vulnerability-exploitation-attempt"
},
{
"description":"Unsuccessful login by using sequential credentials for gaining access to the system / Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys / Unsuccessful login by using system access credentials previously loaded into a dictionary.",
"expanded":"Login attempt",
"value":"login-attempt"
}
],
"predicate":"intrusion-attempt"
},
{
"entry":[
{
"description":"Unauthorised use of a tool exploiting a specific vulnerability of the system / Unauthorised manipulation or reading of information contained in a database by using the SQL injection technique / Attack performed with the use of cross-site scripting techniques / Unauthorised inclusion of files into a system under attack with the use of file inclusion techniques / Unauthorised access to a system or component by bypassing an access control system in place.",
"expanded":"(Successful) Exploitation of vulnerability",
"value":"vulnerability-exploitation"
},
{
"description":"Unauthorised access to a system or component by using stolen access credentials.",
"expanded":"Compromising an account",
"value":"account-compromise"
}
],
"predicate":"intrusion"
},
{
"entry":[
{
"description":"Unauthorised access to a system or component / Unauthorised access to a set of information / Unauthorised access to and sharing of a specific set of information.",
"expanded":"Unauthorised access",
"value":"unauthorised-access"
},
{
"description":"Unauthorised changes to a specific set of information / Unauthorised deleting of a specific set of information.",
"description":"Use of institutional resources for purposes other than those intended.",
"expanded":"Misuse or unauthorised use of resources",
"value":"resources-misuse"
},
{
"description":"Unauthorised use of the name of an institution.",
"expanded":"False representation",
"value":"false-representation"
}
],
"predicate":"fraud"
},
{
"entry":[
{
"description":"Sending an unusually large quantity of email messages / Unsolicited or unwanted email message sent to the recipient.",
"expanded":"SPAM",
"value":"spam"
},
{
"description":"Unauthorised distribution or sharing of content protected by Copyright and related rights.",
"expanded":"Copyright",
"value":"copyright"
},
{
"description":"Distribution or sharing of illegal content such as child sexual exploitation material, racism, xenophobia, etc.",
"expanded":"Child Sexual Exploitation, racism or incitement to violence",
"value":"cse-racism-violence-incitement"
}
],
"predicate":"abusive-content"
},
{
"entry":[
{
"description":"Incidents which do not fit the existing classification, acting as an indicator for the classification’s update.",
"expanded":"Unclassified incident",
"value":"unclassified-incident"
},
{
"description":"Unprocessed incidents which have remained undetermined from the beginning.",
"expanded":"Undetermined incident",
"value":"undetermined-incident"
}
],
"predicate":"other"
}
],
"predicates":[
{
"description":"Infection of one or various systems with a specific type of malware / Connection performed by/from/to (a) suspicious system(s)",
"expanded":"Malicious software/code",
"value":"malware"
},
{
"description":"Disruption of the processing and response capacity of systems and networks in order to render them inoperative / Premeditated action to damage a system, interrupt a process, change or delete information, etc.",
"expanded":"Availability",
"value":"availability"
},
{
"description":"Active and passive gathering of information on systems or networks / Unauthorised monitoring and reading of network traffic / Attempt to gather information on a user or a system through phishing methods.",
"expanded":"Information Gathering",
"value":"information-gathering"
},
{
"description":"Attempt to intrude by exploiting vulnerability in a system, component or network / Attempt to log in to services or authentication/access control mechanisms.",
"expanded":"Intrusion Attempt",
"value":"intrusion-attempt"
},
{
"description":"Actual intrusion by exploiting vulnerability in the system, component or network / Actual intrusion in a system, component or network by compromising a user or administrator account.",
"expanded":"Intrusion",
"value":"intrusion"
},
{
"description":"Unauthorised access to a particular set of information / Unauthorised change or elimination of a particular set of information.",
"expanded":"Information Security",
"value":"information-security"
},
{
"description":"Loss of property caused with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person.",
"expanded":"Fraud",
"value":"fraud"
},
{
"description":"Sending SPAM messages / Distribution and sharing of copyright protected content / Dissemination of content forbidden by law.",
"expanded":"Abusive Content",
"value":"abusive-content"
},
{
"description":"Incidents not classified in the existing classification.",
