MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-website/taxonomies.html

57946 lines
2.0 MiB
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor 2.0.17">
<title>MISP taxonomies and classification as machine tags</title>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
<style>
/*! Asciidoctor default stylesheet | MIT License | https://asciidoctor.org */
/* Uncomment the following line when using as a custom stylesheet */
/* @import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700"; */
html{font-family:sans-serif;-webkit-text-size-adjust:100%}
a{background:none}
a:focus{outline:thin dotted}
a:active,a:hover{outline:0}
h1{font-size:2em;margin:.67em 0}
b,strong{font-weight:bold}
abbr{font-size:.9em}
abbr[title]{cursor:help;border-bottom:1px dotted #dddddf;text-decoration:none}
dfn{font-style:italic}
hr{height:0}
mark{background:#ff0;color:#000}
code,kbd,pre,samp{font-family:monospace;font-size:1em}
pre{white-space:pre-wrap}
q{quotes:"\201C" "\201D" "\2018" "\2019"}
small{font-size:80%}
sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
sup{top:-.5em}
sub{bottom:-.25em}
img{border:0}
svg:not(:root){overflow:hidden}
figure{margin:0}
audio,video{display:inline-block}
audio:not([controls]){display:none;height:0}
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
legend{border:0;padding:0}
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
button,input{line-height:normal}
button,select{text-transform:none}
button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}
button[disabled],html input[disabled]{cursor:default}
input[type=checkbox],input[type=radio]{padding:0}
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
textarea{overflow:auto;vertical-align:top}
table{border-collapse:collapse;border-spacing:0}
*,::before,::after{box-sizing:border-box}
html,body{font-size:100%}
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;line-height:1;position:relative;cursor:auto;-moz-tab-size:4;-o-tab-size:4;tab-size:4;word-wrap:anywhere;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
a:hover{cursor:pointer}
img,object,embed{max-width:100%;height:auto}
object,embed{height:100%}
img{-ms-interpolation-mode:bicubic}
.left{float:left!important}
.right{float:right!important}
.text-left{text-align:left!important}
.text-right{text-align:right!important}
.text-center{text-align:center!important}
.text-justify{text-align:justify!important}
.hide{display:none}
img,object,svg{display:inline-block;vertical-align:middle}
textarea{height:auto;min-height:50px}
select{width:100%}
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0}
a{color:#2156a5;text-decoration:underline;line-height:inherit}
a:hover,a:focus{color:#1d4b8f}
a img{border:0}
p{line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
p aside{font-size:.875em;line-height:1.35;font-style:italic}
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
h1{font-size:2.125em}
h2{font-size:1.6875em}
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
h4,h5{font-size:1.125em}
h6{font-size:1em}
hr{border:solid #dddddf;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em}
em,i{font-style:italic;line-height:inherit}
strong,b{font-weight:bold;line-height:inherit}
small{font-size:60%;line-height:inherit}
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
ul,ol,dl{line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
ul,ol{margin-left:1.5em}
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0}
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
ul.square{list-style-type:square}
ul.circle{list-style-type:circle}
ul.disc{list-style-type:disc}
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
dl dt{margin-bottom:.3125em;font-weight:bold}
dl dd{margin-bottom:1.25em}
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
@media screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
h1{font-size:2.75em}
h2{font-size:2.3125em}
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
h4{font-size:1.4375em}}
table{background:#fff;margin-bottom:1.25em;border:1px solid #dedede;word-wrap:normal}
table thead,table tfoot{background:#f7f8f7}
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
table tr.even,table tr.alt{background:#f8f8f7}
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{line-height:1.6}
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
.center{margin-left:auto;margin-right:auto}
.stretch{width:100%}
.clearfix::before,.clearfix::after,.float-group::before,.float-group::after{content:" ";display:table}
.clearfix::after,.float-group::after{clear:both}
:not(pre).nobreak{word-wrap:normal}
:not(pre).nowrap{white-space:nowrap}
:not(pre).pre-wrap{white-space:pre-wrap}
:not(pre):not([class^=L])>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background:#f7f7f8;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed}
pre{color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;line-height:1.45;text-rendering:optimizeSpeed}
pre code,pre pre{color:inherit;font-size:inherit;line-height:inherit}
pre>code{display:block}
pre.nowrap,pre.nowrap pre{white-space:pre;word-wrap:normal}
em em{font-style:normal}
strong strong{font-weight:400}
.keyseq{color:rgba(51,51,51,.8)}
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background:#f7f7f7;border:1px solid #ccc;border-radius:3px;box-shadow:0 1px 0 rgba(0,0,0,.2),inset 0 0 0 .1em #fff;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
.keyseq kbd:first-child{margin-left:0}
.keyseq kbd:last-child{margin-right:0}
.menuseq,.menuref{color:#000}
.menuseq b:not(.caret),.menuref{font-weight:inherit}
.menuseq{word-spacing:-.02em}
.menuseq b.caret{font-size:1.25em;line-height:.8}
.menuseq i.caret{font-weight:bold;text-align:center;width:.45em}
b.button::before,b.button::after{position:relative;top:-1px;font-weight:400}
b.button::before{content:"[";padding:0 3px 0 2px}
b.button::after{content:"]";padding:0 2px 0 3px}
p a>code:hover{color:rgba(0,0,0,.9)}
#header,#content,#footnotes,#footer{width:100%;margin:0 auto;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
#header::before,#header::after,#content::before,#content::after,#footnotes::before,#footnotes::after,#footer::before,#footer::after{content:" ";display:table}
#header::after,#content::after,#footnotes::after,#footer::after{clear:both}
#content{margin-top:1.25em}
#content::before{content:none}
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #dddddf}
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #dddddf;padding-bottom:8px}
#header .details{border-bottom:1px solid #dddddf;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:flex;flex-flow:row wrap}
#header .details span:first-child{margin-left:-.125em}
#header .details span.email a{color:rgba(0,0,0,.85)}
#header .details br{display:none}
#header .details br+span::before{content:"\00a0\2013\00a0"}
#header .details br+span.author::before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
#header .details br+span#revremark::before{content:"\00a0|\00a0"}
#header #revnumber{text-transform:capitalize}
#header #revnumber::after{content:"\00a0"}
#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #dddddf;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
#toc{border-bottom:1px solid #e7e7e9;padding-bottom:.5em}
#toc>ul{margin-left:.125em}
#toc ul.sectlevel0>li>a{font-style:italic}
#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
#toc li{line-height:1.3334;margin-top:.3334em}
#toc a{text-decoration:none}
#toc a:active{text-decoration:underline}
#toctitle{color:#7a2518;font-size:1.2em}
@media screen and (min-width:768px){#toctitle{font-size:1.375em}
body.toc2{padding-left:15em;padding-right:0}
#toc.toc2{margin-top:0!important;background:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #e7e7e9;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
body.toc2.toc-right{padding-left:0;padding-right:15em}
body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #e7e7e9;left:auto;right:0}}
@media screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
#toc.toc2{width:20em}
#toc.toc2 #toctitle{font-size:1.375em}
#toc.toc2>ul{font-size:.95em}
#toc.toc2 ul ul{padding-left:1.25em}
body.toc2.toc-right{padding-left:0;padding-right:20em}}
#content #toc{border:1px solid #e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;border-radius:4px}
#content #toc>:first-child{margin-top:0}
#content #toc>:last-child{margin-bottom:0}
#footer{max-width:none;background:rgba(0,0,0,.8);padding:1.25em}
#footer-text{color:hsla(0,0%,100%,.8);line-height:1.44}
#content{margin-bottom:.625em}
.sect1{padding-bottom:.625em}
@media screen and (min-width:768px){#content{margin-bottom:1.25em}
.sect1{padding-bottom:1.25em}}
.sect1:last-child{padding-bottom:0}
.sect1+.sect1{border-top:1px solid #e7e7e9}
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
#content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
details,.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
details{margin-left:1.25rem}
details>summary{cursor:pointer;display:block;position:relative;line-height:1.6;margin-bottom:.625rem;outline:none;-webkit-tap-highlight-color:transparent}
details>summary::-webkit-details-marker{display:none}
details>summary::before{content:"";border:solid transparent;border-left:solid;border-width:.3em 0 .3em .5em;position:absolute;top:.5em;left:-1.25rem;transform:translateX(15%)}
details[open]>summary::before{border:solid transparent;border-top:solid;border-width:.5em .3em 0;transform:translateY(15%)}
details>summary::after{content:"";width:1.25rem;height:1em;position:absolute;top:.3em;left:-1.25rem}
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
table.tableblock.fit-content>caption.title{white-space:nowrap;width:0}
.paragraph.lead>p,#preamble>.sectionbody>[class=paragraph]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)}
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
.admonitionblock>table td.icon{text-align:center;width:80px}
.admonitionblock>table td.icon img{max-width:none}
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #dddddf;color:rgba(0,0,0,.6);word-wrap:anywhere}
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
.exampleblock>.content{border:1px solid #e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;border-radius:4px}
.exampleblock>.content>:first-child{margin-top:0}
.exampleblock>.content>:last-child{margin-bottom:0}
.sidebarblock{border:1px solid #dbdbd6;margin-bottom:1.25em;padding:1.25em;background:#f3f3f2;border-radius:4px}
.sidebarblock>:first-child{margin-top:0}
.sidebarblock>:last-child{margin-bottom:0}
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
.literalblock pre,.listingblock>.content>pre{border-radius:4px;overflow-x:auto;padding:1em;font-size:.8125em}
@media screen and (min-width:768px){.literalblock pre,.listingblock>.content>pre{font-size:.90625em}}
@media screen and (min-width:1280px){.literalblock pre,.listingblock>.content>pre{font-size:1em}}
.literalblock pre,.listingblock>.content>pre:not(.highlight),.listingblock>.content>pre[class=highlight],.listingblock>.content>pre[class^="highlight "]{background:#f7f7f8}
.literalblock.output pre{color:#f7f7f8;background:rgba(0,0,0,.9)}
.listingblock>.content{position:relative}
.listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:inherit;opacity:.5}
.listingblock:hover code[data-lang]::before{display:block}
.listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:inherit;opacity:.5}
.listingblock.terminal pre .command:not([data-prompt])::before{content:"$"}
.listingblock pre.highlightjs{padding:0}
.listingblock pre.highlightjs>code{padding:1em;border-radius:4px}
.listingblock pre.prettyprint{border-width:0}
.prettyprint{background:#f7f7f8}
pre.prettyprint .linenums{line-height:1.45;margin-left:2em}
pre.prettyprint li{background:none;list-style-type:inherit;padding-left:0}
pre.prettyprint li code[data-lang]::before{opacity:1}
pre.prettyprint li:not(:first-child) code[data-lang]::before{display:none}
table.linenotable{border-collapse:separate;border:0;margin-bottom:0;background:none}
table.linenotable td[class]{color:inherit;vertical-align:top;padding:0;line-height:inherit;white-space:normal}
table.linenotable td.code{padding-left:.75em}
table.linenotable td.linenos,pre.pygments .linenos{border-right:1px solid;opacity:.35;padding-right:.5em;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}
pre.pygments span.linenos{display:inline-block;margin-right:.75em}
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
.quoteblock:not(.excerpt)>.title{margin-left:-1.5em;margin-bottom:.75em}
.quoteblock blockquote,.quoteblock p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
.quoteblock blockquote{margin:0;padding:0;border:0}
.quoteblock blockquote::before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
.quoteblock .attribution{margin-top:.75em;margin-right:.5ex;text-align:right}
.verseblock{margin:0 1em 1.25em}
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans-serif;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
.verseblock pre strong{font-weight:400}
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
.quoteblock .attribution br,.verseblock .attribution br{display:none}
.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
.quoteblock.abstract blockquote::before,.quoteblock.excerpt blockquote::before,.quoteblock .quoteblock blockquote::before{display:none}
.quoteblock.abstract blockquote,.quoteblock.abstract p,.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{line-height:1.6;word-spacing:0}
.quoteblock.abstract{margin:0 1em 1.25em;display:block}
.quoteblock.abstract>.title{margin:0 0 .375em;font-size:1.15em;text-align:center}
.quoteblock.excerpt>blockquote,.quoteblock .quoteblock{padding:0 0 .25em 1em;border-left:.25em solid #dddddf}
.quoteblock.excerpt,.quoteblock .quoteblock{margin-left:0}
.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{color:inherit;font-size:1.0625rem}
.quoteblock.excerpt .attribution,.quoteblock .quoteblock .attribution{color:inherit;font-size:.85rem;text-align:left;margin-right:0}
p.tableblock:last-child{margin-bottom:0}
td.tableblock>.content{margin-bottom:1.25em;word-wrap:anywhere}
td.tableblock>.content>:last-child{margin-bottom:-1.25em}
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
table.grid-all>*>tr>*{border-width:1px}
table.grid-cols>*>tr>*{border-width:0 1px}
table.grid-rows>*>tr>*{border-width:1px 0}
table.frame-all{border-width:1px}
table.frame-ends{border-width:1px 0}
table.frame-sides{border-width:0 1px}
table.frame-none>colgroup+*>:first-child>*,table.frame-sides>colgroup+*>:first-child>*{border-top-width:0}
table.frame-none>:last-child>:last-child>*,table.frame-sides>:last-child>:last-child>*{border-bottom-width:0}
table.frame-none>*>tr>:first-child,table.frame-ends>*>tr>:first-child{border-left-width:0}
table.frame-none>*>tr>:last-child,table.frame-ends>*>tr>:last-child{border-right-width:0}
table.stripes-all>*>tr,table.stripes-odd>*>tr:nth-of-type(odd),table.stripes-even>*>tr:nth-of-type(even),table.stripes-hover>*>tr:hover{background:#f8f8f7}
th.halign-left,td.halign-left{text-align:left}
th.halign-right,td.halign-right{text-align:right}
th.halign-center,td.halign-center{text-align:center}
th.valign-top,td.valign-top{vertical-align:top}
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
th.valign-middle,td.valign-middle{vertical-align:middle}
table thead th,table tfoot th{font-weight:bold}
tbody tr th{background:#f7f8f7}
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
p.tableblock>code:only-child{background:none;padding:0}
p.tableblock{font-size:1em}
ol{margin-left:1.75em}
ul li ol{margin-left:1.5em}
dl dd{margin-left:1.125em}
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none}
ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em}
ul.unstyled,ol.unstyled{margin-left:0}
li>p:empty:only-child::before{content:"";display:inline-block}
ul.checklist>li>p:first-child{margin-left:-1em}
ul.checklist>li>p:first-child>.fa-square-o:first-child,ul.checklist>li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em}
ul.checklist>li>p:first-child>input[type=checkbox]:first-child{margin-right:.25em}
ul.inline{display:flex;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em}
ul.inline>li{margin-left:1.25em}
.unstyled dl dt{font-weight:400;font-style:normal}
ol.arabic{list-style-type:decimal}
ol.decimal{list-style-type:decimal-leading-zero}
ol.loweralpha{list-style-type:lower-alpha}
ol.upperalpha{list-style-type:upper-alpha}
ol.lowerroman{list-style-type:lower-roman}
ol.upperroman{list-style-type:upper-roman}
ol.lowergreek{list-style-type:lower-greek}
.hdlist>table,.colist>table{border:0;background:none}
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
td.hdlist1{font-weight:bold;padding-bottom:1.25em}
td.hdlist2{word-wrap:anywhere}
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
.colist td:not([class]):first-child{padding:.4em .75em 0;line-height:1;vertical-align:top}
.colist td:not([class]):first-child img{max-width:none}
.colist td:not([class]):last-child{padding:.25em 0}
.thumb,.th{line-height:0;display:inline-block;border:4px solid #fff;box-shadow:0 0 0 1px #ddd}
.imageblock.left{margin:.25em .625em 1.25em 0}
.imageblock.right{margin:.25em 0 1.25em .625em}
.imageblock>.title{margin-bottom:0}
.imageblock.thumb,.imageblock.th{border-width:6px}
.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
.image.left{margin-right:.625em}
.image.right{margin-left:.625em}
a.image{text-decoration:none;display:inline-block}
a.image object{pointer-events:none}
sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
sup.footnote a,sup.footnoteref a{text-decoration:none}
sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em;border-width:1px 0 0}
#footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;margin-bottom:.2em}
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em}
#footnotes .footnote:last-of-type{margin-bottom:0}
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
div.unbreakable{page-break-inside:avoid}
.big{font-size:larger}
.small{font-size:smaller}
.underline{text-decoration:underline}
.overline{text-decoration:overline}
.line-through{text-decoration:line-through}
.aqua{color:#00bfbf}
.aqua-background{background:#00fafa}
.black{color:#000}
.black-background{background:#000}
.blue{color:#0000bf}
.blue-background{background:#0000fa}
.fuchsia{color:#bf00bf}
.fuchsia-background{background:#fa00fa}
.gray{color:#606060}
.gray-background{background:#7d7d7d}
.green{color:#006000}
.green-background{background:#007d00}
.lime{color:#00bf00}
.lime-background{background:#00fa00}
.maroon{color:#600000}
.maroon-background{background:#7d0000}
.navy{color:#000060}
.navy-background{background:#00007d}
.olive{color:#606000}
.olive-background{background:#7d7d00}
.purple{color:#600060}
.purple-background{background:#7d007d}
.red{color:#bf0000}
.red-background{background:#fa0000}
.silver{color:#909090}
.silver-background{background:#bcbcbc}
.teal{color:#006060}
.teal-background{background:#007d7d}
.white{color:#bfbfbf}
.white-background{background:#fafafa}
.yellow{color:#bfbf00}
.yellow-background{background:#fafa00}
span.icon>.fa{cursor:default}
a span.icon>.fa{cursor:inherit}
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
.admonitionblock td.icon .icon-note::before{content:"\f05a";color:#19407c}
.admonitionblock td.icon .icon-tip::before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
.admonitionblock td.icon .icon-warning::before{content:"\f071";color:#bf6900}
.admonitionblock td.icon .icon-caution::before{content:"\f06d";color:#bf3400}
.admonitionblock td.icon .icon-important::before{content:"\f06a";color:#bf0000}
.conum[data-value]{display:inline-block;color:#fff!important;background:rgba(0,0,0,.8);border-radius:50%;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
.conum[data-value] *{color:#fff!important}
.conum[data-value]+b{display:none}
.conum[data-value]::after{content:attr(data-value)}
pre .conum[data-value]{position:relative;top:-.125em}
b.conum *{color:inherit!important}
.conum:not([data-value]):empty{display:none}
dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
h1,h2,p,td.content,span.alt,summary{letter-spacing:-.01em}
p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
p,blockquote,dt,td.content,span.alt,summary{font-size:1.0625rem}
p{margin-bottom:1.25rem}
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
.exampleblock>.content{background:#fffef7;border-color:#e0e0dc;box-shadow:0 1px 4px #e0e0dc}
.print-only{display:none!important}
@page{margin:1.25cm .75cm}
@media print{*{box-shadow:none!important;text-shadow:none!important}
html{font-size:80%}
a{color:inherit!important;text-decoration:underline!important}
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
a[href^="http:"]:not(.bare)::after,a[href^="https:"]:not(.bare)::after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
abbr[title]{border-bottom:1px dotted}
abbr[title]::after{content:" (" attr(title) ")"}
pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
thead{display:table-header-group}
svg{max-width:100%}
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
#header,#content,#footnotes,#footer{max-width:none}
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
#toc{border-bottom:1px solid #dddddf!important;padding-bottom:0!important}
body.book #header{text-align:center}
body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em}
body.book #header .details{border:0!important;display:block;padding:0!important}
body.book #header .details span:first-child{margin-left:0!important}
body.book #header .details br{display:block}
body.book #header .details br+span::before{content:none!important}
body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
.listingblock code[data-lang]::before{display:block}
#footer{padding:0 .9375em}
.hide-on-print{display:none!important}
.print-only{display:block!important}
.hide-for-print{display:none!important}
.show-for-print{display:inherit!important}}
@media amzn-kf8,print{#header>h1:first-child{margin-top:1.25rem}
.sect1{padding:0!important}
.sect1+.sect1{border:0}
#footer{background:none}
#footer-text{color:rgba(0,0,0,.6);font-size:.9em}}
@media amzn-kf8{#header,#content,#footnotes,#footer{padding:0}}
</style>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body class="article toc2 toc-right">
<div id="header">
<h1>MISP taxonomies and classification as machine tags</h1>
<div id="toc" class="toc2">
<div id="toctitle">Table of Contents</div>
<ul class="sectlevel0">
<li><a href="#_introduction">Introduction</a>
<ul class="sectlevel1">
<li><a href="#_funding_and_support">Funding and Support</a></li>
</ul>
</li>
<li><a href="#_misp_taxonomies">MISP taxonomies</a>
<ul class="sectlevel1">
<li><a href="#_cert_xlm">CERT-XLM</a></li>
<li><a href="#_dfrlab_dichotomies_of_disinformation">DFRLab-dichotomies-of-disinformation</a></li>
<li><a href="#_dml">DML</a></li>
<li><a href="#_pap">PAP</a></li>
<li><a href="#_access_method">access-method</a></li>
<li><a href="#_accessnow">accessnow</a></li>
<li><a href="#_action_taken">action-taken</a></li>
<li><a href="#_admiralty_scale">admiralty-scale</a></li>
<li><a href="#_adversary">adversary</a></li>
<li><a href="#_ais_marking">ais-marking</a></li>
<li><a href="#_analyst_assessment">analyst-assessment</a></li>
<li><a href="#_approved_category_of_action">approved-category-of-action</a></li>
<li><a href="#_binary_class">binary-class</a></li>
<li><a href="#_cccs">cccs</a></li>
<li><a href="#_circl">circl</a></li>
<li><a href="#_coa">coa</a></li>
<li><a href="#_collaborative_intelligence">collaborative-intelligence</a></li>
<li><a href="#_common_taxonomy">common-taxonomy</a></li>
<li><a href="#_copine_scale">copine-scale</a></li>
<li><a href="#_course_of_action">course-of-action</a></li>
<li><a href="#_cryptocurrency_threat">cryptocurrency-threat</a></li>
<li><a href="#_csirt_americas">csirt-americas</a></li>
<li><a href="#_csirt_case_classification">csirt_case_classification</a></li>
<li><a href="#_cssa">cssa</a></li>
<li><a href="#_cti">cti</a></li>
<li><a href="#_current_event">current-event</a></li>
<li><a href="#_cyber_threat_framework">cyber-threat-framework</a></li>
<li><a href="#_cycat">cycat</a></li>
<li><a href="#_cytomic_orion">cytomic-orion</a></li>
<li><a href="#_dark_web">dark-web</a></li>
<li><a href="#_data_classification">data-classification</a></li>
<li><a href="#_dcso_sharing">dcso-sharing</a></li>
<li><a href="#_ddos_2">ddos</a></li>
<li><a href="#_de_vs">de-vs</a></li>
<li><a href="#_deception">deception</a></li>
<li><a href="#_dhs_ciip_sectors">dhs-ciip-sectors</a></li>
<li><a href="#_diamond_model">diamond-model</a></li>
<li><a href="#_dni_ism">dni-ism</a></li>
<li><a href="#_domain_abuse">domain-abuse</a></li>
<li><a href="#_drugs">drugs</a></li>
<li><a href="#_economical_impact">economical-impact</a></li>
<li><a href="#_ecsirt">ecsirt</a></li>
<li><a href="#_enisa">enisa</a></li>
<li><a href="#_estimative_language">estimative-language</a></li>
<li><a href="#_eu_marketop_and_publicadmin">eu-marketop-and-publicadmin</a></li>
<li><a href="#_eu_nis_sector_and_subsectors">eu-nis-sector-and-subsectors</a></li>
<li><a href="#_euci">euci</a></li>
<li><a href="#_europol_event">europol-event</a></li>
<li><a href="#_europol_incident">europol-incident</a></li>
<li><a href="#_event_assessment">event-assessment</a></li>
<li><a href="#_event_classification">event-classification</a></li>
<li><a href="#_exercise">exercise</a></li>
<li><a href="#_extended_event">extended-event</a></li>
<li><a href="#_failure_mode_in_machine_learning">failure-mode-in-machine-learning</a></li>
<li><a href="#_false_positive">false-positive</a></li>
<li><a href="#_file_type">file-type</a></li>
<li><a href="#_flesch_reading_ease">flesch-reading-ease</a></li>
<li><a href="#_fpf">fpf</a></li>
<li><a href="#_fr_classif">fr-classif</a></li>
<li><a href="#_gdpr">gdpr</a></li>
<li><a href="#_gea_nz_activities">gea-nz-activities</a></li>
<li><a href="#_gea_nz_entities">gea-nz-entities</a></li>
<li><a href="#_gea_nz_motivators">gea-nz-motivators</a></li>
<li><a href="#_gsma_attack_category">gsma-attack-category</a></li>
<li><a href="#_gsma_fraud">gsma-fraud</a></li>
<li><a href="#_gsma_network_technology">gsma-network-technology</a></li>
<li><a href="#_honeypot_basic">honeypot-basic</a></li>
<li><a href="#_ics">ics</a></li>
<li><a href="#_iep">iep</a></li>
<li><a href="#_iep2_policy">iep2-policy</a></li>
<li><a href="#_iep2_reference">iep2-reference</a></li>
<li><a href="#_ifx_vetting">ifx-vetting</a></li>
<li><a href="#_incident_disposition">incident-disposition</a></li>
<li><a href="#_infoleak_2">infoleak</a></li>
<li><a href="#_information_security_data_source">information-security-data-source</a></li>
<li><a href="#_information_security_indicators">information-security-indicators</a></li>
<li><a href="#_interactive_cyber_training_audience">interactive-cyber-training-audience</a></li>
<li><a href="#_interactive_cyber_training_technical_setup">interactive-cyber-training-technical-setup</a></li>
<li><a href="#_interactive_cyber_training_training_environment">interactive-cyber-training-training-environment</a></li>
<li><a href="#_interactive_cyber_training_training_setup">interactive-cyber-training-training-setup</a></li>
<li><a href="#_interception_method">interception-method</a></li>
<li><a href="#_ioc">ioc</a></li>
<li><a href="#_iot">iot</a></li>
<li><a href="#_kill_chain">kill-chain</a></li>
<li><a href="#_maec_delivery_vectors">maec-delivery-vectors</a></li>
<li><a href="#_maec_malware_behavior">maec-malware-behavior</a></li>
<li><a href="#_maec_malware_capabilities">maec-malware-capabilities</a></li>
<li><a href="#_maec_malware_obfuscation_methods">maec-malware-obfuscation-methods</a></li>
<li><a href="#_malware_classification">malware_classification</a></li>
<li><a href="#_misinformation_website_label">misinformation-website-label</a></li>
<li><a href="#_misp">misp</a></li>
<li><a href="#_monarc_threat">monarc-threat</a></li>
<li><a href="#_ms_caro_malware">ms-caro-malware</a></li>
<li><a href="#_ms_caro_malware_full">ms-caro-malware-full</a></li>
<li><a href="#_mwdb">mwdb</a></li>
<li><a href="#_nato">nato</a></li>
<li><a href="#_nis">nis</a></li>
<li><a href="#_open_threat">open_threat</a></li>
<li><a href="#_osint">osint</a></li>
<li><a href="#_pandemic_2">pandemic</a></li>
<li><a href="#_passivetotal">passivetotal</a></li>
<li><a href="#_pentest">pentest</a></li>
<li><a href="#_phishing_2">phishing</a></li>
<li><a href="#_political_spectrum">political-spectrum</a></li>
<li><a href="#_priority_level">priority-level</a></li>
<li><a href="#_ransomware">ransomware</a></li>
<li><a href="#_retention">retention</a></li>
<li><a href="#_rsit">rsit</a></li>
<li><a href="#_rt_event_status">rt_event_status</a></li>
<li><a href="#_runtime_packer">runtime-packer</a></li>
<li><a href="#_scrippsco2_fgc">scrippsco2-fgc</a></li>
<li><a href="#_scrippsco2_fgi">scrippsco2-fgi</a></li>
<li><a href="#_scrippsco2_sampling_stations">scrippsco2-sampling-stations</a></li>
<li><a href="#_smart_airports_threats">smart-airports-threats</a></li>
<li><a href="#_state_responsibility">state-responsibility</a></li>
<li><a href="#_stealth_malware">stealth_malware</a></li>
<li><a href="#_stix_ttp">stix-ttp</a></li>
<li><a href="#_targeted_threat_index">targeted-threat-index</a></li>
<li><a href="#_thales_group">thales_group</a></li>
<li><a href="#_threatmatch">threatmatch</a></li>
<li><a href="#_threats_to_dns">threats-to-dns</a></li>
<li><a href="#_tlp_2">tlp</a></li>
<li><a href="#_tor">tor</a></li>
<li><a href="#_trust">trust</a></li>
<li><a href="#_type_7">type</a></li>
<li><a href="#_unified_kill_chain">unified-kill-chain</a></li>
<li><a href="#_use_case_applicability">use-case-applicability</a></li>
<li><a href="#_veris">veris</a></li>
<li><a href="#_vmray">vmray</a></li>
<li><a href="#_vocabulaire_des_probabilites_estimatives">vocabulaire-des-probabilites-estimatives</a></li>
<li><a href="#_workflow">workflow</a></li>
</ul>
</li>
<li><a href="#_mapping_of_taxonomies">Mapping of taxonomies</a></li>
</ul>
</div>
</div>
<div id="content">
<h1 id="_introduction" class="sect0">Introduction</h1>
<div class="imageblock">
<div class="content">
<img src="https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/logos/misp-logo.png" alt="MISP logo">
</div>
</div>
<div class="paragraph">
<p>The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators, financial fraud or counter-terrorism information. The MISP project includes multiple sub-projects to support the operational requirements of analysts and improve the overall quality of information shared.</p>
</div>
<div class="paragraph">
<p>Taxonomies that can be used in MISP (2.4) and other information sharing tool and expressed in Machine Tags (Triple Tags). A machine tag is composed of a namespace (MUST), a predicate (MUST) and an (OPTIONAL) value. Machine tags are often called triple tag due to their format.
The following document is generated from the machine-readable JSON describing the <a href="https://github.com/MISP/misp-taxonomies">MISP taxonomies</a>.</p>
</div>
<div style="page-break-after: always;"></div>
<div class="sect1">
<h2 id="_funding_and_support">Funding and Support</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The MISP project is financially and resource supported by <a href="https://www.circl.lu/">CIRCL Computer Incident Response Center Luxembourg </a>.</p>
</div>
<div class="paragraph">
<p><span class="image"><img src="https://www.misp-project.org/assets/images/logo.png" alt="CIRCL logo"></span></p>
</div>
<div class="paragraph">
<p>A CEF (Connecting Europe Facility) funding under CEF-TC-2016-3 - Cyber Security has been granted from 1st September 2017 until 31th August 2019 as <strong><strong>Improving MISP as building blocks for next-generation information sharing</strong></strong>.</p>
</div>
<div class="paragraph">
<p><span class="image"><img src="https://www.misp-project.org/assets/images/en_cef.png" alt="CEF funding"></span></p>
</div>
<div class="paragraph">
<p>If you are interested to co-fund projects around MISP, feel free to get in touch with us.</p>
</div>
<div style="page-break-after: always;"></div>
</div>
</div>
<h1 id="_misp_taxonomies" class="sect0">MISP taxonomies</h1>
<div class="sect1">
<h2 id="_cert_xlm">CERT-XLM</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
CERT-XLM namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/CERT-XLM/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>CERT-XLM Security Incident Classification.</p>
</div>
<div class="sect2">
<h3 id="_abusive_content">abusive-content</h3>
<div class="paragraph">
<p>Abusive Content.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmabusive_contentspam">CERT-XLM:abusive-content="spam"</h4>
<div class="paragraph">
<p>spam</p>
</div>
<div class="paragraph">
<p>Spam or unsolicited bulk e-mail, meaning that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having identical content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmabusive_contentharmful_speech">CERT-XLM:abusive-content="harmful-speech"</h4>
<div class="paragraph">
<p>Harmful Speech</p>
</div>
<div class="paragraph">
<p>Discretization or discrimination of somebody (e.g. cyber stalking, racism and threats against one or more individuals) May be found on a forum, email, tweet etc…</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmabusive_contentviolence">CERT-XLM:abusive-content="violence"</h4>
<div class="paragraph">
<p>Child/Sexual/Violence/&#8230;&#8203;</p>
</div>
<div class="paragraph">
<p>Any Child pornography, glorification of violence, may be found on a website, forum, email, tweet etc…</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malicious_code">malicious-code</h3>
<div class="paragraph">
<p>Software that is intentionally included or inserted in a system for a harmful purpose. A user interaction is normally necessary to activate the code.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmmalicious_codevirus">CERT-XLM:malicious-code="virus"</h4>
<div class="paragraph">
<p>Virus</p>
</div>
<div class="paragraph">
<p>Malicious code that replicate itself and infects the computer and files;</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmmalicious_codeworm">CERT-XLM:malicious-code="worm"</h4>
<div class="paragraph">
<p>Worm</p>
</div>
<div class="paragraph">
<p>Malware that self-replicates and spread itself to other computers in the network without any user interaction;</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmmalicious_coderansomware">CERT-XLM:malicious-code="ransomware"</h4>
<div class="paragraph">
<p>Ransomware</p>
</div>
<div class="paragraph">
<p>Ransomware is a type of malicious software from cryptovirology that blocks access to the victim&#8217;s data or threatens to publish it until a ransom is paid.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmmalicious_codetrojan_malware">CERT-XLM:malicious-code="trojan-malware"</h4>
<div class="paragraph">
<p>Trojan/Malware</p>
</div>
<div class="paragraph">
<p>This category regroups many common malware types (Banking, POS, Mining malware).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmmalicious_codespyware_rat">CERT-XLM:malicious-code="spyware-rat"</h4>
<div class="paragraph">
<p>Spyware/Rat</p>
</div>
<div class="paragraph">
<p>This category regroups malware types and tools that may have a bigger impact on the breached infrastructure and usually need further investigations (Common Spyware/Rat, State sponsored malwares, StealersHacking tool).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmmalicious_codedialer">CERT-XLM:malicious-code="dialer"</h4>
<div class="paragraph">
<p>Dialer</p>
</div>
<div class="paragraph">
<p>Computer program used to identify the phone numbers that can successfully make a connection with a computer modem. Use this category to classify overpriced SMS sent by malicious mobile application.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmmalicious_coderootkit">CERT-XLM:malicious-code="rootkit"</h4>
<div class="paragraph">
<p>Rootkit</p>
</div>
<div class="paragraph">
<p>Malware, which alter the standard functionality of an operating system in order to do its malicious actions in a stealthy way. In practice, Rootkits hijacks systems functions in order to alter the returning values to hide themselves from simple analysis tools.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering">information-gathering</h3>
<div class="paragraph">
<p>This group is for the reconnaissance; generally, it is the step before attacking.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlminformation_gatheringscanner">CERT-XLM:information-gathering="scanner"</h4>
<div class="paragraph">
<p>Scanning</p>
</div>
<div class="paragraph">
<p>Attacks that send requests to a system to discover weak points. This also includes some kinds of testing processes to gather information about hosts, services and accounts. Examples: fingerd, DNS querying, ICMP, SMTP (EXPN, RCPT,).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlminformation_gatheringsniffing">CERT-XLM:information-gathering="sniffing"</h4>
<div class="paragraph">
<p>Sniffing</p>
</div>
<div class="paragraph">
<p>Observing and recording network traffic (wiretapping).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlminformation_gatheringsocial_engineering">CERT-XLM:information-gathering="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
<div class="paragraph">
<p>Gathering information from a human being in a non-technical way (eg, lies, tricks, bribes, or threats).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempts">intrusion-attempts</h3>
<div class="paragraph">
<p>This group is for attack detected/tried but without success.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusion_attemptsexploit_known_vuln">CERT-XLM:intrusion-attempts="exploit-known-vuln"</h4>
<div class="paragraph">
<p>Exploiting known vulnerabilities</p>
</div>
<div class="paragraph">
<p>An attempt to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardised identifier such as CVE name (eg, buffer overflow, backdoors, cross side scripting, etc).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusion_attemptslogin_attempts">CERT-XLM:intrusion-attempts="login-attempts"</h4>
<div class="paragraph">
<p>Login attempts</p>
</div>
<div class="paragraph">
<p>Multiple login attempts (guessing / cracking of passwords, brute force).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusion_attemptsnew_attack_signature">CERT-XLM:intrusion-attempts="new-attack-signature"</h4>
<div class="paragraph">
<p>New attack signature</p>
</div>
<div class="paragraph">
<p>An attempt using an unknown exploit.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion">intrusion</h3>
<div class="paragraph">
<p>This group is for successful unauthorized access to a system.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusionprivileged_account_compromise">CERT-XLM:intrusion="privileged-account-compromise"</h4>
<div class="paragraph">
<p>Privileged Account Compromise</p>
</div>
<div class="paragraph">
<p>A successful full compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorized local access.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusionunprivileged_account_compromise">CERT-XLM:intrusion="unprivileged-account-compromise"</h4>
<div class="paragraph">
<p>Unprivileged Account Compromise</p>
</div>
<div class="paragraph">
<p>A successful compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorized local access. The intruded did not achieve to escale his privileges locally.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusionbotnet_member">CERT-XLM:intrusion="botnet-member"</h4>
<div class="paragraph">
<p>Botnet member</p>
</div>
<div class="paragraph">
<p>The compromised asset is also being part of a botnet. This is reserved mainly for public web servers. See malicious code in priority for workstations or internal servers compromise. For example, phpmailer, etc…</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusiondomain_compromise">CERT-XLM:intrusion="domain-compromise"</h4>
<div class="paragraph">
<p>Domain Compromise</p>
</div>
<div class="paragraph">
<p>The whole domain is compromised; this is commonly used for active directory and detected by a “pass the ticket” attack or a discovery of “ad dumps” files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmintrusionapplication_compromise">CERT-XLM:intrusion="application-compromise"</h4>
<div class="paragraph">
<p>Application Compromise</p>
</div>
<div class="paragraph">
<p>An application is compromised; the attacker possess an uncontrolled access to data, server, and assets used by this application (CMDB, DB, Backend services, etc.).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability">availability</h3>
<div class="paragraph">
<p>By this kind of an attack a system is bombarded with so many packets that the operations are delayed or the system crashes.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmavailabilitydos">CERT-XLM:availability="dos"</h4>
<div class="paragraph">
<p>DoS</p>
</div>
<div class="paragraph">
<p>An attacker attempts to prevent legitimate users from accessing information or services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmavailabilityddos">CERT-XLM:availability="ddos"</h4>
<div class="paragraph">
<p>DDoS</p>
</div>
<div class="paragraph">
<p>Form of electronic attack involving multiple computers, which send repeated requests (HTTP requests, pings, TCP or UDP Flood) to a server to load it down and render the service inaccessible for a period of time.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmavailabilitysabotage">CERT-XLM:availability="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
<div class="paragraph">
<p>Deliberate and malicious acts that result in the disruption of the normal processes and functions or the destruction or damage of equipment or information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmavailabilityoutage">CERT-XLM:availability="outage"</h4>
<div class="paragraph">
<p>Outage (no malice)</p>
</div>
<div class="paragraph">
<p>Unavailability of the system but done with no malice.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_content_security">information-content-security</h3>
<div class="paragraph">
<p>This group is dealing with non-legitimate access or modification to data.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlminformation_content_securityunauthorised_information_access">CERT-XLM:information-content-security="Unauthorised-information-access"</h4>
<div class="paragraph">
<p>Unauthorised access to information</p>
</div>
<div class="paragraph">
<p>Any access to unauthorized data. It may be access of data on improperly restricted server share or database exfiltered by using a SQLi.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlminformation_content_securityunauthorised_information_modification">CERT-XLM:information-content-security="Unauthorised-information-modification"</h4>
<div class="paragraph">
<p>Unauthorised modification of information</p>
</div>
<div class="paragraph">
<p>Unauthorized tampering of data on files, documents or database.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud">fraud</h3>
<div class="paragraph">
<p>This group is for unauthorized use of resources using resources for unauthorized purposes including profit-making ventures (eg, the use of e-mail to participate in illegal profit chain letters or pyramid schemes).</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmfraudcopyright">CERT-XLM:fraud="copyright"</h4>
<div class="paragraph">
<p>Copyright</p>
</div>
<div class="paragraph">
<p>Selling or installing copies of unlicensed commercial software or other copyright protected materials (Warez).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmfraudmasquerade">CERT-XLM:fraud="masquerade"</h4>
<div class="paragraph">
<p>Masquerade</p>
</div>
<div class="paragraph">
<p>Types of attacks in which one entity illegitimately assumes the identity of another in order to benefit from it. This attack may be used for president fraud requesting transactions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmfraudphishing">CERT-XLM:fraud="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Masquerading as another entity in order to persuade the user to reveal a private credential.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerable">vulnerable</h3>
<div class="paragraph">
<p>Vulnerable</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmvulnerablevulnerable_service">CERT-XLM:vulnerable="vulnerable-service"</h4>
<div class="paragraph">
<p>Open for abuse</p>
</div>
<div class="paragraph">
<p>Open resolvers, world readable printers, vulnerability apparent from Nessus etc scans, virus, signatures not up to date, etc. This includes for example default SNMP community or default password on any application.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_conformity">conformity</h3>
<div class="paragraph">
<p>This group is for catching breach about controls given by the company or externals entities.</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmconformityregulator">CERT-XLM:conformity="regulator"</h4>
<div class="paragraph">
<p>Regulator</p>
</div>
<div class="paragraph">
<p>All lack about regulator rules (CSSF, GDPR, etc.).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmconformitystandard">CERT-XLM:conformity="standard"</h4>
<div class="paragraph">
<p>Standard</p>
</div>
<div class="paragraph">
<p>All lack about standards certification of the company (ISO27000, NIS, ISAE3402, etc.).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmconformitysecurity_policy">CERT-XLM:conformity="security-policy"</h4>
<div class="paragraph">
<p>Security policy</p>
</div>
<div class="paragraph">
<p>All lack about the internal security policy of the company.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cert_xlmconformityother_conformity">CERT-XLM:conformity="other-conformity"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>All lack that do not fit in one of previous categories should be put on this class.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other">other</h3>
<div class="paragraph">
<p>Other</p>
</div>
<div class="sect3">
<h4 id="_cert_xlmotherother">CERT-XLM:other="other"</h4>
<div class="paragraph">
<p>other</p>
</div>
<div class="paragraph">
<p>All incidents that do not fit in one of the given categories should be put into this class. If the number of incidents in this category increases, it is an indicator that the classification scheme must be revised.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_test">test</h3>
<div class="paragraph">
<p>Meant for testing.</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dfrlab_dichotomies_of_disinformation">DFRLab-dichotomies-of-disinformation</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
DFRLab-dichotomies-of-disinformation namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/DFRLab-dichotomies-of-disinformation/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>DFRLab Dichotomies of Disinformation.</p>
</div>
<div class="sect2">
<h3 id="_primary_target">primary-target</h3>
<div class="paragraph">
<p>This should be filled out even when the target is not a nation. When a campaign targets a non-state political actor, the nation of origin of that non-state political actor is filled in this field, if that information is available. Distinguishable territories are nations.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetad">DFRLab-dichotomies-of-disinformation:primary-target="AD"</h4>
<div class="paragraph">
<p>Andorra</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetae">DFRLab-dichotomies-of-disinformation:primary-target="AE"</h4>
<div class="paragraph">
<p>United Arab Emirates</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetaf">DFRLab-dichotomies-of-disinformation:primary-target="AF"</h4>
<div class="paragraph">
<p>Afghanistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetag">DFRLab-dichotomies-of-disinformation:primary-target="AG"</h4>
<div class="paragraph">
<p>Antigua and Barbuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetai">DFRLab-dichotomies-of-disinformation:primary-target="AI"</h4>
<div class="paragraph">
<p>Anguilla</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetal">DFRLab-dichotomies-of-disinformation:primary-target="AL"</h4>
<div class="paragraph">
<p>Albania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetam">DFRLab-dichotomies-of-disinformation:primary-target="AM"</h4>
<div class="paragraph">
<p>Armenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetao">DFRLab-dichotomies-of-disinformation:primary-target="AO"</h4>
<div class="paragraph">
<p>Angola</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetaq">DFRLab-dichotomies-of-disinformation:primary-target="AQ"</h4>
<div class="paragraph">
<p>Antarctica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetar">DFRLab-dichotomies-of-disinformation:primary-target="AR"</h4>
<div class="paragraph">
<p>Argentina</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetas">DFRLab-dichotomies-of-disinformation:primary-target="AS"</h4>
<div class="paragraph">
<p>American Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetat">DFRLab-dichotomies-of-disinformation:primary-target="AT"</h4>
<div class="paragraph">
<p>Austria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetau">DFRLab-dichotomies-of-disinformation:primary-target="AU"</h4>
<div class="paragraph">
<p>Australia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetaw">DFRLab-dichotomies-of-disinformation:primary-target="AW"</h4>
<div class="paragraph">
<p>Aruba</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetax">DFRLab-dichotomies-of-disinformation:primary-target="AX"</h4>
<div class="paragraph">
<p>Aland Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetaz">DFRLab-dichotomies-of-disinformation:primary-target="AZ"</h4>
<div class="paragraph">
<p>Azerbaijan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetba">DFRLab-dichotomies-of-disinformation:primary-target="BA"</h4>
<div class="paragraph">
<p>Bosnia and Herzegovina</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbb">DFRLab-dichotomies-of-disinformation:primary-target="BB"</h4>
<div class="paragraph">
<p>Barbados</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbd">DFRLab-dichotomies-of-disinformation:primary-target="BD"</h4>
<div class="paragraph">
<p>Bangladesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbe">DFRLab-dichotomies-of-disinformation:primary-target="BE"</h4>
<div class="paragraph">
<p>Belgium</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbf">DFRLab-dichotomies-of-disinformation:primary-target="BF"</h4>
<div class="paragraph">
<p>Burkina Faso</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbg">DFRLab-dichotomies-of-disinformation:primary-target="BG"</h4>
<div class="paragraph">
<p>Bulgaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbh">DFRLab-dichotomies-of-disinformation:primary-target="BH"</h4>
<div class="paragraph">
<p>Bahrain</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbi">DFRLab-dichotomies-of-disinformation:primary-target="BI"</h4>
<div class="paragraph">
<p>Burundi</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbj">DFRLab-dichotomies-of-disinformation:primary-target="BJ"</h4>
<div class="paragraph">
<p>Benin</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbl">DFRLab-dichotomies-of-disinformation:primary-target="BL"</h4>
<div class="paragraph">
<p>Saint-Barthelemy</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbm">DFRLab-dichotomies-of-disinformation:primary-target="BM"</h4>
<div class="paragraph">
<p>Bermuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbn">DFRLab-dichotomies-of-disinformation:primary-target="BN"</h4>
<div class="paragraph">
<p>Brunei Darussalam</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbo">DFRLab-dichotomies-of-disinformation:primary-target="BO"</h4>
<div class="paragraph">
<p>Bolivia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbq">DFRLab-dichotomies-of-disinformation:primary-target="BQ"</h4>
<div class="paragraph">
<p>Bonaire, Saint Eustatius and Saba</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbr">DFRLab-dichotomies-of-disinformation:primary-target="BR"</h4>
<div class="paragraph">
<p>Brazil</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbs">DFRLab-dichotomies-of-disinformation:primary-target="BS"</h4>
<div class="paragraph">
<p>Bahamas</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbt">DFRLab-dichotomies-of-disinformation:primary-target="BT"</h4>
<div class="paragraph">
<p>Bhutan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbv">DFRLab-dichotomies-of-disinformation:primary-target="BV"</h4>
<div class="paragraph">
<p>Bouvet Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbw">DFRLab-dichotomies-of-disinformation:primary-target="BW"</h4>
<div class="paragraph">
<p>Botswana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetby">DFRLab-dichotomies-of-disinformation:primary-target="BY"</h4>
<div class="paragraph">
<p>Belarus</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetbz">DFRLab-dichotomies-of-disinformation:primary-target="BZ"</h4>
<div class="paragraph">
<p>Belize</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetca">DFRLab-dichotomies-of-disinformation:primary-target="CA"</h4>
<div class="paragraph">
<p>Canada</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcc">DFRLab-dichotomies-of-disinformation:primary-target="CC"</h4>
<div class="paragraph">
<p>Cocos (Keeling) Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcd">DFRLab-dichotomies-of-disinformation:primary-target="CD"</h4>
<div class="paragraph">
<p>Congo, Democratic Republic of the</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcf">DFRLab-dichotomies-of-disinformation:primary-target="CF"</h4>
<div class="paragraph">
<p>Central African Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcg">DFRLab-dichotomies-of-disinformation:primary-target="CG"</h4>
<div class="paragraph">
<p>Congo</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetch">DFRLab-dichotomies-of-disinformation:primary-target="CH"</h4>
<div class="paragraph">
<p>Switzerland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetci">DFRLab-dichotomies-of-disinformation:primary-target="CI"</h4>
<div class="paragraph">
<p>Cote d&#8217;Ivoire</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetck">DFRLab-dichotomies-of-disinformation:primary-target="CK"</h4>
<div class="paragraph">
<p>Cook Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcl">DFRLab-dichotomies-of-disinformation:primary-target="CL"</h4>
<div class="paragraph">
<p>Chile</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcm">DFRLab-dichotomies-of-disinformation:primary-target="CM"</h4>
<div class="paragraph">
<p>Cameroon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcn">DFRLab-dichotomies-of-disinformation:primary-target="CN"</h4>
<div class="paragraph">
<p>China</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetco">DFRLab-dichotomies-of-disinformation:primary-target="CO"</h4>
<div class="paragraph">
<p>Colombia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcr">DFRLab-dichotomies-of-disinformation:primary-target="CR"</h4>
<div class="paragraph">
<p>Costa Rica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcu">DFRLab-dichotomies-of-disinformation:primary-target="CU"</h4>
<div class="paragraph">
<p>Cuba</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcv">DFRLab-dichotomies-of-disinformation:primary-target="CV"</h4>
<div class="paragraph">
<p>Cape Verde</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcw">DFRLab-dichotomies-of-disinformation:primary-target="CW"</h4>
<div class="paragraph">
<p>Curacao</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcx">DFRLab-dichotomies-of-disinformation:primary-target="CX"</h4>
<div class="paragraph">
<p>Christmas Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcy">DFRLab-dichotomies-of-disinformation:primary-target="CY"</h4>
<div class="paragraph">
<p>Cyprus</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetcz">DFRLab-dichotomies-of-disinformation:primary-target="CZ"</h4>
<div class="paragraph">
<p>Czech Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetde">DFRLab-dichotomies-of-disinformation:primary-target="DE"</h4>
<div class="paragraph">
<p>Germany</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetdj">DFRLab-dichotomies-of-disinformation:primary-target="DJ"</h4>
<div class="paragraph">
<p>Djibouti</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetdk">DFRLab-dichotomies-of-disinformation:primary-target="DK"</h4>
<div class="paragraph">
<p>Denmark</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetdm">DFRLab-dichotomies-of-disinformation:primary-target="DM"</h4>
<div class="paragraph">
<p>Dominica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetdo">DFRLab-dichotomies-of-disinformation:primary-target="DO"</h4>
<div class="paragraph">
<p>Dominican Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetdz">DFRLab-dichotomies-of-disinformation:primary-target="DZ"</h4>
<div class="paragraph">
<p>Algeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetec">DFRLab-dichotomies-of-disinformation:primary-target="EC"</h4>
<div class="paragraph">
<p>Ecuador</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetee">DFRLab-dichotomies-of-disinformation:primary-target="EE"</h4>
<div class="paragraph">
<p>Estonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targeteg">DFRLab-dichotomies-of-disinformation:primary-target="EG"</h4>
<div class="paragraph">
<p>Egypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targeteh">DFRLab-dichotomies-of-disinformation:primary-target="EH"</h4>
<div class="paragraph">
<p>Western Sahara</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targeter">DFRLab-dichotomies-of-disinformation:primary-target="ER"</h4>
<div class="paragraph">
<p>Eritrea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetes">DFRLab-dichotomies-of-disinformation:primary-target="ES"</h4>
<div class="paragraph">
<p>Spain</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetet">DFRLab-dichotomies-of-disinformation:primary-target="ET"</h4>
<div class="paragraph">
<p>Ethiopia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetfi">DFRLab-dichotomies-of-disinformation:primary-target="FI"</h4>
<div class="paragraph">
<p>Finland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetfj">DFRLab-dichotomies-of-disinformation:primary-target="FJ"</h4>
<div class="paragraph">
<p>Fiji</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetfk">DFRLab-dichotomies-of-disinformation:primary-target="FK"</h4>
<div class="paragraph">
<p>Faeroe Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetfm">DFRLab-dichotomies-of-disinformation:primary-target="FM"</h4>
<div class="paragraph">
<p>Micronesia (Federated States of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetfo">DFRLab-dichotomies-of-disinformation:primary-target="FO"</h4>
<div class="paragraph">
<p>Falkland Islands (Malvinas)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetfr">DFRLab-dichotomies-of-disinformation:primary-target="FR"</h4>
<div class="paragraph">
<p>France</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetga">DFRLab-dichotomies-of-disinformation:primary-target="GA"</h4>
<div class="paragraph">
<p>Gabon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgb">DFRLab-dichotomies-of-disinformation:primary-target="GB"</h4>
<div class="paragraph">
<p>United Kingdom</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgd">DFRLab-dichotomies-of-disinformation:primary-target="GD"</h4>
<div class="paragraph">
<p>Grenada</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetge">DFRLab-dichotomies-of-disinformation:primary-target="GE"</h4>
<div class="paragraph">
<p>Georgia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgf">DFRLab-dichotomies-of-disinformation:primary-target="GF"</h4>
<div class="paragraph">
<p>French Guiana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgg">DFRLab-dichotomies-of-disinformation:primary-target="GG"</h4>
<div class="paragraph">
<p>Guernsey</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgh">DFRLab-dichotomies-of-disinformation:primary-target="GH"</h4>
<div class="paragraph">
<p>Ghana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgi">DFRLab-dichotomies-of-disinformation:primary-target="GI"</h4>
<div class="paragraph">
<p>Gibraltar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgl">DFRLab-dichotomies-of-disinformation:primary-target="GL"</h4>
<div class="paragraph">
<p>Greenland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgm">DFRLab-dichotomies-of-disinformation:primary-target="GM"</h4>
<div class="paragraph">
<p>Gambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgn">DFRLab-dichotomies-of-disinformation:primary-target="GN"</h4>
<div class="paragraph">
<p>Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgp">DFRLab-dichotomies-of-disinformation:primary-target="GP"</h4>
<div class="paragraph">
<p>Guadeloupe</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgq">DFRLab-dichotomies-of-disinformation:primary-target="GQ"</h4>
<div class="paragraph">
<p>Equatorial Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgr">DFRLab-dichotomies-of-disinformation:primary-target="GR"</h4>
<div class="paragraph">
<p>Greece</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgs">DFRLab-dichotomies-of-disinformation:primary-target="GS"</h4>
<div class="paragraph">
<p>South Georgia and the South Sandwich Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgt">DFRLab-dichotomies-of-disinformation:primary-target="GT"</h4>
<div class="paragraph">
<p>Guatemala</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgu">DFRLab-dichotomies-of-disinformation:primary-target="GU"</h4>
<div class="paragraph">
<p>Guam</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgw">DFRLab-dichotomies-of-disinformation:primary-target="GW"</h4>
<div class="paragraph">
<p>Guinea-Bissau</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetgy">DFRLab-dichotomies-of-disinformation:primary-target="GY"</h4>
<div class="paragraph">
<p>Guyana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targethk">DFRLab-dichotomies-of-disinformation:primary-target="HK"</h4>
<div class="paragraph">
<p>Hong Kong</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targethm">DFRLab-dichotomies-of-disinformation:primary-target="HM"</h4>
<div class="paragraph">
<p>Heard Island and McDonal Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targethn">DFRLab-dichotomies-of-disinformation:primary-target="HN"</h4>
<div class="paragraph">
<p>Honduras</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targethr">DFRLab-dichotomies-of-disinformation:primary-target="HR"</h4>
<div class="paragraph">
<p>Croatia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetht">DFRLab-dichotomies-of-disinformation:primary-target="HT"</h4>
<div class="paragraph">
<p>Haiti</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targethu">DFRLab-dichotomies-of-disinformation:primary-target="HU"</h4>
<div class="paragraph">
<p>Hungary</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetid">DFRLab-dichotomies-of-disinformation:primary-target="ID"</h4>
<div class="paragraph">
<p>Indonesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetie">DFRLab-dichotomies-of-disinformation:primary-target="IE"</h4>
<div class="paragraph">
<p>Ireland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetil">DFRLab-dichotomies-of-disinformation:primary-target="IL"</h4>
<div class="paragraph">
<p>Israel</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetim">DFRLab-dichotomies-of-disinformation:primary-target="IM"</h4>
<div class="paragraph">
<p>Isle of Man</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetin">DFRLab-dichotomies-of-disinformation:primary-target="IN"</h4>
<div class="paragraph">
<p>India</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetio">DFRLab-dichotomies-of-disinformation:primary-target="IO"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetiq">DFRLab-dichotomies-of-disinformation:primary-target="IQ"</h4>
<div class="paragraph">
<p>Iraq</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetir">DFRLab-dichotomies-of-disinformation:primary-target="IR"</h4>
<div class="paragraph">
<p>Iran (Islamic Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetis">DFRLab-dichotomies-of-disinformation:primary-target="IS"</h4>
<div class="paragraph">
<p>Iceland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetit">DFRLab-dichotomies-of-disinformation:primary-target="IT"</h4>
<div class="paragraph">
<p>Italy</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetje">DFRLab-dichotomies-of-disinformation:primary-target="JE"</h4>
<div class="paragraph">
<p>Jersey</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetjm">DFRLab-dichotomies-of-disinformation:primary-target="JM"</h4>
<div class="paragraph">
<p>Jamaica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetjo">DFRLab-dichotomies-of-disinformation:primary-target="JO"</h4>
<div class="paragraph">
<p>Jordan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetjp">DFRLab-dichotomies-of-disinformation:primary-target="JP"</h4>
<div class="paragraph">
<p>Japan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetke">DFRLab-dichotomies-of-disinformation:primary-target="KE"</h4>
<div class="paragraph">
<p>Kenya</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkg">DFRLab-dichotomies-of-disinformation:primary-target="KG"</h4>
<div class="paragraph">
<p>Kyrgyzstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkh">DFRLab-dichotomies-of-disinformation:primary-target="KH"</h4>
<div class="paragraph">
<p>Cambodia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetki">DFRLab-dichotomies-of-disinformation:primary-target="KI"</h4>
<div class="paragraph">
<p>Kiribati</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkm">DFRLab-dichotomies-of-disinformation:primary-target="KM"</h4>
<div class="paragraph">
<p>Comoros</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkn">DFRLab-dichotomies-of-disinformation:primary-target="KN"</h4>
<div class="paragraph">
<p>Saint Kitts and Nevis</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkp">DFRLab-dichotomies-of-disinformation:primary-target="KP"</h4>
<div class="paragraph">
<p>Korea, Democratic People&#8217;s Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkr">DFRLab-dichotomies-of-disinformation:primary-target="KR"</h4>
<div class="paragraph">
<p>Korea, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkw">DFRLab-dichotomies-of-disinformation:primary-target="KW"</h4>
<div class="paragraph">
<p>Kuwait</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetky">DFRLab-dichotomies-of-disinformation:primary-target="KY"</h4>
<div class="paragraph">
<p>Cayman Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetkz">DFRLab-dichotomies-of-disinformation:primary-target="KZ"</h4>
<div class="paragraph">
<p>Kazakhstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetla">DFRLab-dichotomies-of-disinformation:primary-target="LA"</h4>
<div class="paragraph">
<p>Lao People&#8217;s Democratic Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetlb">DFRLab-dichotomies-of-disinformation:primary-target="LB"</h4>
<div class="paragraph">
<p>Lebanon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetlc">DFRLab-dichotomies-of-disinformation:primary-target="LC"</h4>
<div class="paragraph">
<p>Saint Lucia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetli">DFRLab-dichotomies-of-disinformation:primary-target="LI"</h4>
<div class="paragraph">
<p>Liechtenstein</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetlk">DFRLab-dichotomies-of-disinformation:primary-target="LK"</h4>
<div class="paragraph">
<p>Sri Lanka</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetlr">DFRLab-dichotomies-of-disinformation:primary-target="LR"</h4>
<div class="paragraph">
<p>Liberia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetls">DFRLab-dichotomies-of-disinformation:primary-target="LS"</h4>
<div class="paragraph">
<p>Lesotho</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetlt">DFRLab-dichotomies-of-disinformation:primary-target="LT"</h4>
<div class="paragraph">
<p>Lithuania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetlu">DFRLab-dichotomies-of-disinformation:primary-target="LU"</h4>
<div class="paragraph">
<p>Luxembourg</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetlv">DFRLab-dichotomies-of-disinformation:primary-target="LV"</h4>
<div class="paragraph">
<p>Latvia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetly">DFRLab-dichotomies-of-disinformation:primary-target="LY"</h4>
<div class="paragraph">
<p>Libya</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetma">DFRLab-dichotomies-of-disinformation:primary-target="MA"</h4>
<div class="paragraph">
<p>Morocco</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmc">DFRLab-dichotomies-of-disinformation:primary-target="MC"</h4>
<div class="paragraph">
<p>Monaco</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmd">DFRLab-dichotomies-of-disinformation:primary-target="MD"</h4>
<div class="paragraph">
<p>Moldova, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetme">DFRLab-dichotomies-of-disinformation:primary-target="ME"</h4>
<div class="paragraph">
<p>Montenegro</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmf">DFRLab-dichotomies-of-disinformation:primary-target="MF"</h4>
<div class="paragraph">
<p>Saint Martin (French part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmg">DFRLab-dichotomies-of-disinformation:primary-target="MG"</h4>
<div class="paragraph">
<p>Madagascar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmh">DFRLab-dichotomies-of-disinformation:primary-target="MH"</h4>
<div class="paragraph">
<p>Marshall Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmk">DFRLab-dichotomies-of-disinformation:primary-target="MK"</h4>
<div class="paragraph">
<p>Macedonia, The former Yugoslav Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetml">DFRLab-dichotomies-of-disinformation:primary-target="ML"</h4>
<div class="paragraph">
<p>Mali</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmm">DFRLab-dichotomies-of-disinformation:primary-target="MM"</h4>
<div class="paragraph">
<p>Myanmar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmn">DFRLab-dichotomies-of-disinformation:primary-target="MN"</h4>
<div class="paragraph">
<p>Mongolia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmo">DFRLab-dichotomies-of-disinformation:primary-target="MO"</h4>
<div class="paragraph">
<p>Macao</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmp">DFRLab-dichotomies-of-disinformation:primary-target="MP"</h4>
<div class="paragraph">
<p>Northern Mariana Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmq">DFRLab-dichotomies-of-disinformation:primary-target="MQ"</h4>
<div class="paragraph">
<p>Martinique</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmr">DFRLab-dichotomies-of-disinformation:primary-target="MR"</h4>
<div class="paragraph">
<p>Mauritania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetms">DFRLab-dichotomies-of-disinformation:primary-target="MS"</h4>
<div class="paragraph">
<p>Montserrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmt">DFRLab-dichotomies-of-disinformation:primary-target="MT"</h4>
<div class="paragraph">
<p>Malta</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmu">DFRLab-dichotomies-of-disinformation:primary-target="MU"</h4>
<div class="paragraph">
<p>Mauritius</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmv">DFRLab-dichotomies-of-disinformation:primary-target="MV"</h4>
<div class="paragraph">
<p>Maldives</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmw">DFRLab-dichotomies-of-disinformation:primary-target="MW"</h4>
<div class="paragraph">
<p>Malawi</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmx">DFRLab-dichotomies-of-disinformation:primary-target="MX"</h4>
<div class="paragraph">
<p>Mexico</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmy">DFRLab-dichotomies-of-disinformation:primary-target="MY"</h4>
<div class="paragraph">
<p>Malaysia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetmz">DFRLab-dichotomies-of-disinformation:primary-target="MZ"</h4>
<div class="paragraph">
<p>Mozambique</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetna">DFRLab-dichotomies-of-disinformation:primary-target="NA"</h4>
<div class="paragraph">
<p>Namibia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetnc">DFRLab-dichotomies-of-disinformation:primary-target="NC"</h4>
<div class="paragraph">
<p>New Caledonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetne">DFRLab-dichotomies-of-disinformation:primary-target="NE"</h4>
<div class="paragraph">
<p>Niger</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetnf">DFRLab-dichotomies-of-disinformation:primary-target="NF"</h4>
<div class="paragraph">
<p>Norfolk Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetng">DFRLab-dichotomies-of-disinformation:primary-target="NG"</h4>
<div class="paragraph">
<p>Nigeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetni">DFRLab-dichotomies-of-disinformation:primary-target="NI"</h4>
<div class="paragraph">
<p>Nicaragua</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetnl">DFRLab-dichotomies-of-disinformation:primary-target="NL"</h4>
<div class="paragraph">
<p>Netherlands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetno">DFRLab-dichotomies-of-disinformation:primary-target="NO"</h4>
<div class="paragraph">
<p>Norway</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetnp">DFRLab-dichotomies-of-disinformation:primary-target="NP"</h4>
<div class="paragraph">
<p>Nepal</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetnr">DFRLab-dichotomies-of-disinformation:primary-target="NR"</h4>
<div class="paragraph">
<p>Nauru</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetnu">DFRLab-dichotomies-of-disinformation:primary-target="NU"</h4>
<div class="paragraph">
<p>Niue</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetnz">DFRLab-dichotomies-of-disinformation:primary-target="NZ"</h4>
<div class="paragraph">
<p>New Zealand</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetom">DFRLab-dichotomies-of-disinformation:primary-target="OM"</h4>
<div class="paragraph">
<p>Oman</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetother">DFRLab-dichotomies-of-disinformation:primary-target="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpa">DFRLab-dichotomies-of-disinformation:primary-target="PA"</h4>
<div class="paragraph">
<p>Panama</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpe">DFRLab-dichotomies-of-disinformation:primary-target="PE"</h4>
<div class="paragraph">
<p>Peru</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpf">DFRLab-dichotomies-of-disinformation:primary-target="PF"</h4>
<div class="paragraph">
<p>French Polynesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpg">DFRLab-dichotomies-of-disinformation:primary-target="PG"</h4>
<div class="paragraph">
<p>Papua New Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetph">DFRLab-dichotomies-of-disinformation:primary-target="PH"</h4>
<div class="paragraph">
<p>Philippines</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpk">DFRLab-dichotomies-of-disinformation:primary-target="PK"</h4>
<div class="paragraph">
<p>Pakistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpl">DFRLab-dichotomies-of-disinformation:primary-target="PL"</h4>
<div class="paragraph">
<p>Poland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpm">DFRLab-dichotomies-of-disinformation:primary-target="PM"</h4>
<div class="paragraph">
<p>Saint Pierre and Miquelon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpn">DFRLab-dichotomies-of-disinformation:primary-target="PN"</h4>
<div class="paragraph">
<p>Pitcairn</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpr">DFRLab-dichotomies-of-disinformation:primary-target="PR"</h4>
<div class="paragraph">
<p>Puerto Rico</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetps">DFRLab-dichotomies-of-disinformation:primary-target="PS"</h4>
<div class="paragraph">
<p>Palestinian Territory, Occupied</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpt">DFRLab-dichotomies-of-disinformation:primary-target="PT"</h4>
<div class="paragraph">
<p>Portugal</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpw">DFRLab-dichotomies-of-disinformation:primary-target="PW"</h4>
<div class="paragraph">
<p>Palau</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetpy">DFRLab-dichotomies-of-disinformation:primary-target="PY"</h4>
<div class="paragraph">
<p>Paraguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetqa">DFRLab-dichotomies-of-disinformation:primary-target="QA"</h4>
<div class="paragraph">
<p>Qatar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetre">DFRLab-dichotomies-of-disinformation:primary-target="RE"</h4>
<div class="paragraph">
<p>Reunion</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetro">DFRLab-dichotomies-of-disinformation:primary-target="RO"</h4>
<div class="paragraph">
<p>Romania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetrs">DFRLab-dichotomies-of-disinformation:primary-target="RS"</h4>
<div class="paragraph">
<p>Serbia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetru">DFRLab-dichotomies-of-disinformation:primary-target="RU"</h4>
<div class="paragraph">
<p>Russian Federation</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetrw">DFRLab-dichotomies-of-disinformation:primary-target="RW"</h4>
<div class="paragraph">
<p>Rwanda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsa">DFRLab-dichotomies-of-disinformation:primary-target="SA"</h4>
<div class="paragraph">
<p>Saudi Arabia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsb">DFRLab-dichotomies-of-disinformation:primary-target="SB"</h4>
<div class="paragraph">
<p>Solomon Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsc">DFRLab-dichotomies-of-disinformation:primary-target="SC"</h4>
<div class="paragraph">
<p>Seychelles</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsd">DFRLab-dichotomies-of-disinformation:primary-target="SD"</h4>
<div class="paragraph">
<p>Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetse">DFRLab-dichotomies-of-disinformation:primary-target="SE"</h4>
<div class="paragraph">
<p>Sweden</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsg">DFRLab-dichotomies-of-disinformation:primary-target="SG"</h4>
<div class="paragraph">
<p>Singapore</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsh">DFRLab-dichotomies-of-disinformation:primary-target="SH"</h4>
<div class="paragraph">
<p>Saint Helena</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsi">DFRLab-dichotomies-of-disinformation:primary-target="SI"</h4>
<div class="paragraph">
<p>Slovenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsj">DFRLab-dichotomies-of-disinformation:primary-target="SJ"</h4>
<div class="paragraph">
<p>Svalbard and Jan Mayen Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsk">DFRLab-dichotomies-of-disinformation:primary-target="SK"</h4>
<div class="paragraph">
<p>Slovakia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsl">DFRLab-dichotomies-of-disinformation:primary-target="SL"</h4>
<div class="paragraph">
<p>Sierra Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsm">DFRLab-dichotomies-of-disinformation:primary-target="SM"</h4>
<div class="paragraph">
<p>San Marino</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsn">DFRLab-dichotomies-of-disinformation:primary-target="SN"</h4>
<div class="paragraph">
<p>Senegal</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetso">DFRLab-dichotomies-of-disinformation:primary-target="SO"</h4>
<div class="paragraph">
<p>Somalia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsr">DFRLab-dichotomies-of-disinformation:primary-target="SR"</h4>
<div class="paragraph">
<p>Suriname</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetss">DFRLab-dichotomies-of-disinformation:primary-target="SS"</h4>
<div class="paragraph">
<p>South Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetst">DFRLab-dichotomies-of-disinformation:primary-target="ST"</h4>
<div class="paragraph">
<p>Sao Tome and Principe</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsv">DFRLab-dichotomies-of-disinformation:primary-target="SV"</h4>
<div class="paragraph">
<p>El Salvador</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsx">DFRLab-dichotomies-of-disinformation:primary-target="SX"</h4>
<div class="paragraph">
<p>Sint Maarten (Dutch part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsy">DFRLab-dichotomies-of-disinformation:primary-target="SY"</h4>
<div class="paragraph">
<p>Syrian Arab Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetsz">DFRLab-dichotomies-of-disinformation:primary-target="SZ"</h4>
<div class="paragraph">
<p>Swaziland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettc">DFRLab-dichotomies-of-disinformation:primary-target="TC"</h4>
<div class="paragraph">
<p>Turks and Caicos Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettd">DFRLab-dichotomies-of-disinformation:primary-target="TD"</h4>
<div class="paragraph">
<p>Chad</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettf">DFRLab-dichotomies-of-disinformation:primary-target="TF"</h4>
<div class="paragraph">
<p>French Southern Territories</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettg">DFRLab-dichotomies-of-disinformation:primary-target="TG"</h4>
<div class="paragraph">
<p>Togo</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetth">DFRLab-dichotomies-of-disinformation:primary-target="TH"</h4>
<div class="paragraph">
<p>Thailand</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettj">DFRLab-dichotomies-of-disinformation:primary-target="TJ"</h4>
<div class="paragraph">
<p>Tajikistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettk">DFRLab-dichotomies-of-disinformation:primary-target="TK"</h4>
<div class="paragraph">
<p>Tokelau</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettl">DFRLab-dichotomies-of-disinformation:primary-target="TL"</h4>
<div class="paragraph">
<p>Timor-Leste</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettm">DFRLab-dichotomies-of-disinformation:primary-target="TM"</h4>
<div class="paragraph">
<p>Turkmenistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettn">DFRLab-dichotomies-of-disinformation:primary-target="TN"</h4>
<div class="paragraph">
<p>Tunisia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetto">DFRLab-dichotomies-of-disinformation:primary-target="TO"</h4>
<div class="paragraph">
<p>Tonga</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettr">DFRLab-dichotomies-of-disinformation:primary-target="TR"</h4>
<div class="paragraph">
<p>Turkey</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettt">DFRLab-dichotomies-of-disinformation:primary-target="TT"</h4>
<div class="paragraph">
<p>Trinidad and Tobago</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettv">DFRLab-dichotomies-of-disinformation:primary-target="TV"</h4>
<div class="paragraph">
<p>Tuvalu</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettw">DFRLab-dichotomies-of-disinformation:primary-target="TW"</h4>
<div class="paragraph">
<p>Taiwan, Province of China</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targettz">DFRLab-dichotomies-of-disinformation:primary-target="TZ"</h4>
<div class="paragraph">
<p>Tanzania, United Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetua">DFRLab-dichotomies-of-disinformation:primary-target="UA"</h4>
<div class="paragraph">
<p>Ukraine</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetug">DFRLab-dichotomies-of-disinformation:primary-target="UG"</h4>
<div class="paragraph">
<p>Uganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetum">DFRLab-dichotomies-of-disinformation:primary-target="UM"</h4>
<div class="paragraph">
<p>United States Minor Outlying Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetus">DFRLab-dichotomies-of-disinformation:primary-target="US"</h4>
<div class="paragraph">
<p>United States of America</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetuy">DFRLab-dichotomies-of-disinformation:primary-target="UY"</h4>
<div class="paragraph">
<p>Uruguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetuz">DFRLab-dichotomies-of-disinformation:primary-target="UZ"</h4>
<div class="paragraph">
<p>Uzbekistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetunknown">DFRLab-dichotomies-of-disinformation:primary-target="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetva">DFRLab-dichotomies-of-disinformation:primary-target="VA"</h4>
<div class="paragraph">
<p>Holy See</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetvc">DFRLab-dichotomies-of-disinformation:primary-target="VC"</h4>
<div class="paragraph">
<p>Saint Vincent and the Grenadines</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetve">DFRLab-dichotomies-of-disinformation:primary-target="VE"</h4>
<div class="paragraph">
<p>Venezuela (Bolivarian Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetvg">DFRLab-dichotomies-of-disinformation:primary-target="VG"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetvi">DFRLab-dichotomies-of-disinformation:primary-target="VI"</h4>
<div class="paragraph">
<p>United States Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetvn">DFRLab-dichotomies-of-disinformation:primary-target="VN"</h4>
<div class="paragraph">
<p>Viet Nam</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetvu">DFRLab-dichotomies-of-disinformation:primary-target="VU"</h4>
<div class="paragraph">
<p>Vanuatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetwf">DFRLab-dichotomies-of-disinformation:primary-target="WF"</h4>
<div class="paragraph">
<p>Wallis and Futuna Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetws">DFRLab-dichotomies-of-disinformation:primary-target="WS"</h4>
<div class="paragraph">
<p>Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetye">DFRLab-dichotomies-of-disinformation:primary-target="YE"</h4>
<div class="paragraph">
<p>Yemen</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetyt">DFRLab-dichotomies-of-disinformation:primary-target="YT"</h4>
<div class="paragraph">
<p>Mayotte</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetza">DFRLab-dichotomies-of-disinformation:primary-target="ZA"</h4>
<div class="paragraph">
<p>South Africa</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetzm">DFRLab-dichotomies-of-disinformation:primary-target="ZM"</h4>
<div class="paragraph">
<p>Zambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_targetzw">DFRLab-dichotomies-of-disinformation:primary-target="ZW"</h4>
<div class="paragraph">
<p>Zimbabwe</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_platforms_advertisement">platforms-advertisement</h3>
<div class="paragraph">
<p>Advertisement through which a campaign targets an actor.</p>
</div>
</div>
<div class="sect2">
<h3 id="_platforms_email">platforms-email</h3>
<div class="paragraph">
<p>Email through which a campaign targets an actor.</p>
</div>
</div>
<div class="sect2">
<h3 id="_primary_disinformant">primary-disinformant</h3>
<div class="paragraph">
<p>This should be filled out even when the attacker is not a national government. When a campaign is run by a non-state political actor, the nation of origin of that non-state political actor is filled in this field, if that information is available. Likewise, this should be filled out if the preponderance of attacker activity originates from within a single nation. Distinguishable territories are nations.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantad">DFRLab-dichotomies-of-disinformation:primary-disinformant="AD"</h4>
<div class="paragraph">
<p>Andorra</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantae">DFRLab-dichotomies-of-disinformation:primary-disinformant="AE"</h4>
<div class="paragraph">
<p>United Arab Emirates</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantaf">DFRLab-dichotomies-of-disinformation:primary-disinformant="AF"</h4>
<div class="paragraph">
<p>Afghanistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantag">DFRLab-dichotomies-of-disinformation:primary-disinformant="AG"</h4>
<div class="paragraph">
<p>Antigua and Barbuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantai">DFRLab-dichotomies-of-disinformation:primary-disinformant="AI"</h4>
<div class="paragraph">
<p>Anguilla</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantal">DFRLab-dichotomies-of-disinformation:primary-disinformant="AL"</h4>
<div class="paragraph">
<p>Albania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantam">DFRLab-dichotomies-of-disinformation:primary-disinformant="AM"</h4>
<div class="paragraph">
<p>Armenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantao">DFRLab-dichotomies-of-disinformation:primary-disinformant="AO"</h4>
<div class="paragraph">
<p>Angola</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantaq">DFRLab-dichotomies-of-disinformation:primary-disinformant="AQ"</h4>
<div class="paragraph">
<p>Antarctica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantar">DFRLab-dichotomies-of-disinformation:primary-disinformant="AR"</h4>
<div class="paragraph">
<p>Argentina</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantas">DFRLab-dichotomies-of-disinformation:primary-disinformant="AS"</h4>
<div class="paragraph">
<p>American Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantat">DFRLab-dichotomies-of-disinformation:primary-disinformant="AT"</h4>
<div class="paragraph">
<p>Austria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantau">DFRLab-dichotomies-of-disinformation:primary-disinformant="AU"</h4>
<div class="paragraph">
<p>Australia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantaw">DFRLab-dichotomies-of-disinformation:primary-disinformant="AW"</h4>
<div class="paragraph">
<p>Aruba</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantax">DFRLab-dichotomies-of-disinformation:primary-disinformant="AX"</h4>
<div class="paragraph">
<p>Aland Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantaz">DFRLab-dichotomies-of-disinformation:primary-disinformant="AZ"</h4>
<div class="paragraph">
<p>Azerbaijan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantba">DFRLab-dichotomies-of-disinformation:primary-disinformant="BA"</h4>
<div class="paragraph">
<p>Bosnia and Herzegovina</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbb">DFRLab-dichotomies-of-disinformation:primary-disinformant="BB"</h4>
<div class="paragraph">
<p>Barbados</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbd">DFRLab-dichotomies-of-disinformation:primary-disinformant="BD"</h4>
<div class="paragraph">
<p>Bangladesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbe">DFRLab-dichotomies-of-disinformation:primary-disinformant="BE"</h4>
<div class="paragraph">
<p>Belgium</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbf">DFRLab-dichotomies-of-disinformation:primary-disinformant="BF"</h4>
<div class="paragraph">
<p>Burkina Faso</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbg">DFRLab-dichotomies-of-disinformation:primary-disinformant="BG"</h4>
<div class="paragraph">
<p>Bulgaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbh">DFRLab-dichotomies-of-disinformation:primary-disinformant="BH"</h4>
<div class="paragraph">
<p>Bahrain</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbi">DFRLab-dichotomies-of-disinformation:primary-disinformant="BI"</h4>
<div class="paragraph">
<p>Burundi</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbj">DFRLab-dichotomies-of-disinformation:primary-disinformant="BJ"</h4>
<div class="paragraph">
<p>Benin</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbl">DFRLab-dichotomies-of-disinformation:primary-disinformant="BL"</h4>
<div class="paragraph">
<p>Saint-Barthelemy</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbm">DFRLab-dichotomies-of-disinformation:primary-disinformant="BM"</h4>
<div class="paragraph">
<p>Bermuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbn">DFRLab-dichotomies-of-disinformation:primary-disinformant="BN"</h4>
<div class="paragraph">
<p>Brunei Darussalam</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbo">DFRLab-dichotomies-of-disinformation:primary-disinformant="BO"</h4>
<div class="paragraph">
<p>Bolivia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbq">DFRLab-dichotomies-of-disinformation:primary-disinformant="BQ"</h4>
<div class="paragraph">
<p>Bonaire, Saint Eustatius and Saba</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbr">DFRLab-dichotomies-of-disinformation:primary-disinformant="BR"</h4>
<div class="paragraph">
<p>Brazil</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbs">DFRLab-dichotomies-of-disinformation:primary-disinformant="BS"</h4>
<div class="paragraph">
<p>Bahamas</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbt">DFRLab-dichotomies-of-disinformation:primary-disinformant="BT"</h4>
<div class="paragraph">
<p>Bhutan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbv">DFRLab-dichotomies-of-disinformation:primary-disinformant="BV"</h4>
<div class="paragraph">
<p>Bouvet Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbw">DFRLab-dichotomies-of-disinformation:primary-disinformant="BW"</h4>
<div class="paragraph">
<p>Botswana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantby">DFRLab-dichotomies-of-disinformation:primary-disinformant="BY"</h4>
<div class="paragraph">
<p>Belarus</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantbz">DFRLab-dichotomies-of-disinformation:primary-disinformant="BZ"</h4>
<div class="paragraph">
<p>Belize</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantca">DFRLab-dichotomies-of-disinformation:primary-disinformant="CA"</h4>
<div class="paragraph">
<p>Canada</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcc">DFRLab-dichotomies-of-disinformation:primary-disinformant="CC"</h4>
<div class="paragraph">
<p>Cocos (Keeling) Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcd">DFRLab-dichotomies-of-disinformation:primary-disinformant="CD"</h4>
<div class="paragraph">
<p>Congo, Democratic Republic of the</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcf">DFRLab-dichotomies-of-disinformation:primary-disinformant="CF"</h4>
<div class="paragraph">
<p>Central African Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcg">DFRLab-dichotomies-of-disinformation:primary-disinformant="CG"</h4>
<div class="paragraph">
<p>Congo</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantch">DFRLab-dichotomies-of-disinformation:primary-disinformant="CH"</h4>
<div class="paragraph">
<p>Switzerland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantci">DFRLab-dichotomies-of-disinformation:primary-disinformant="CI"</h4>
<div class="paragraph">
<p>Cote d&#8217;Ivoire</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantck">DFRLab-dichotomies-of-disinformation:primary-disinformant="CK"</h4>
<div class="paragraph">
<p>Cook Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcl">DFRLab-dichotomies-of-disinformation:primary-disinformant="CL"</h4>
<div class="paragraph">
<p>Chile</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcm">DFRLab-dichotomies-of-disinformation:primary-disinformant="CM"</h4>
<div class="paragraph">
<p>Cameroon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcn">DFRLab-dichotomies-of-disinformation:primary-disinformant="CN"</h4>
<div class="paragraph">
<p>China</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantco">DFRLab-dichotomies-of-disinformation:primary-disinformant="CO"</h4>
<div class="paragraph">
<p>Colombia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcr">DFRLab-dichotomies-of-disinformation:primary-disinformant="CR"</h4>
<div class="paragraph">
<p>Costa Rica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcu">DFRLab-dichotomies-of-disinformation:primary-disinformant="CU"</h4>
<div class="paragraph">
<p>Cuba</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcv">DFRLab-dichotomies-of-disinformation:primary-disinformant="CV"</h4>
<div class="paragraph">
<p>Cape Verde</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcw">DFRLab-dichotomies-of-disinformation:primary-disinformant="CW"</h4>
<div class="paragraph">
<p>Curacao</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcx">DFRLab-dichotomies-of-disinformation:primary-disinformant="CX"</h4>
<div class="paragraph">
<p>Christmas Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcy">DFRLab-dichotomies-of-disinformation:primary-disinformant="CY"</h4>
<div class="paragraph">
<p>Cyprus</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantcz">DFRLab-dichotomies-of-disinformation:primary-disinformant="CZ"</h4>
<div class="paragraph">
<p>Czech Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantde">DFRLab-dichotomies-of-disinformation:primary-disinformant="DE"</h4>
<div class="paragraph">
<p>Germany</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantdj">DFRLab-dichotomies-of-disinformation:primary-disinformant="DJ"</h4>
<div class="paragraph">
<p>Djibouti</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantdk">DFRLab-dichotomies-of-disinformation:primary-disinformant="DK"</h4>
<div class="paragraph">
<p>Denmark</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantdm">DFRLab-dichotomies-of-disinformation:primary-disinformant="DM"</h4>
<div class="paragraph">
<p>Dominica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantdo">DFRLab-dichotomies-of-disinformation:primary-disinformant="DO"</h4>
<div class="paragraph">
<p>Dominican Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantdz">DFRLab-dichotomies-of-disinformation:primary-disinformant="DZ"</h4>
<div class="paragraph">
<p>Algeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantec">DFRLab-dichotomies-of-disinformation:primary-disinformant="EC"</h4>
<div class="paragraph">
<p>Ecuador</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantee">DFRLab-dichotomies-of-disinformation:primary-disinformant="EE"</h4>
<div class="paragraph">
<p>Estonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanteg">DFRLab-dichotomies-of-disinformation:primary-disinformant="EG"</h4>
<div class="paragraph">
<p>Egypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanteh">DFRLab-dichotomies-of-disinformation:primary-disinformant="EH"</h4>
<div class="paragraph">
<p>Western Sahara</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanter">DFRLab-dichotomies-of-disinformation:primary-disinformant="ER"</h4>
<div class="paragraph">
<p>Eritrea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantes">DFRLab-dichotomies-of-disinformation:primary-disinformant="ES"</h4>
<div class="paragraph">
<p>Spain</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantet">DFRLab-dichotomies-of-disinformation:primary-disinformant="ET"</h4>
<div class="paragraph">
<p>Ethiopia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantfi">DFRLab-dichotomies-of-disinformation:primary-disinformant="FI"</h4>
<div class="paragraph">
<p>Finland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantfj">DFRLab-dichotomies-of-disinformation:primary-disinformant="FJ"</h4>
<div class="paragraph">
<p>Fiji</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantfk">DFRLab-dichotomies-of-disinformation:primary-disinformant="FK"</h4>
<div class="paragraph">
<p>Faeroe Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantfm">DFRLab-dichotomies-of-disinformation:primary-disinformant="FM"</h4>
<div class="paragraph">
<p>Micronesia (Federated States of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantfo">DFRLab-dichotomies-of-disinformation:primary-disinformant="FO"</h4>
<div class="paragraph">
<p>Falkland Islands (Malvinas)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantfr">DFRLab-dichotomies-of-disinformation:primary-disinformant="FR"</h4>
<div class="paragraph">
<p>France</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantga">DFRLab-dichotomies-of-disinformation:primary-disinformant="GA"</h4>
<div class="paragraph">
<p>Gabon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgb">DFRLab-dichotomies-of-disinformation:primary-disinformant="GB"</h4>
<div class="paragraph">
<p>United Kingdom</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgd">DFRLab-dichotomies-of-disinformation:primary-disinformant="GD"</h4>
<div class="paragraph">
<p>Grenada</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantge">DFRLab-dichotomies-of-disinformation:primary-disinformant="GE"</h4>
<div class="paragraph">
<p>Georgia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgf">DFRLab-dichotomies-of-disinformation:primary-disinformant="GF"</h4>
<div class="paragraph">
<p>French Guiana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgg">DFRLab-dichotomies-of-disinformation:primary-disinformant="GG"</h4>
<div class="paragraph">
<p>Guernsey</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgh">DFRLab-dichotomies-of-disinformation:primary-disinformant="GH"</h4>
<div class="paragraph">
<p>Ghana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgi">DFRLab-dichotomies-of-disinformation:primary-disinformant="GI"</h4>
<div class="paragraph">
<p>Gibraltar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgl">DFRLab-dichotomies-of-disinformation:primary-disinformant="GL"</h4>
<div class="paragraph">
<p>Greenland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgm">DFRLab-dichotomies-of-disinformation:primary-disinformant="GM"</h4>
<div class="paragraph">
<p>Gambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgn">DFRLab-dichotomies-of-disinformation:primary-disinformant="GN"</h4>
<div class="paragraph">
<p>Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgp">DFRLab-dichotomies-of-disinformation:primary-disinformant="GP"</h4>
<div class="paragraph">
<p>Guadeloupe</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgq">DFRLab-dichotomies-of-disinformation:primary-disinformant="GQ"</h4>
<div class="paragraph">
<p>Equatorial Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgr">DFRLab-dichotomies-of-disinformation:primary-disinformant="GR"</h4>
<div class="paragraph">
<p>Greece</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgs">DFRLab-dichotomies-of-disinformation:primary-disinformant="GS"</h4>
<div class="paragraph">
<p>South Georgia and the South Sandwich Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgt">DFRLab-dichotomies-of-disinformation:primary-disinformant="GT"</h4>
<div class="paragraph">
<p>Guatemala</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgu">DFRLab-dichotomies-of-disinformation:primary-disinformant="GU"</h4>
<div class="paragraph">
<p>Guam</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgw">DFRLab-dichotomies-of-disinformation:primary-disinformant="GW"</h4>
<div class="paragraph">
<p>Guinea-Bissau</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantgy">DFRLab-dichotomies-of-disinformation:primary-disinformant="GY"</h4>
<div class="paragraph">
<p>Guyana</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanthk">DFRLab-dichotomies-of-disinformation:primary-disinformant="HK"</h4>
<div class="paragraph">
<p>Hong Kong</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanthm">DFRLab-dichotomies-of-disinformation:primary-disinformant="HM"</h4>
<div class="paragraph">
<p>Heard Island and McDonal Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanthn">DFRLab-dichotomies-of-disinformation:primary-disinformant="HN"</h4>
<div class="paragraph">
<p>Honduras</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanthr">DFRLab-dichotomies-of-disinformation:primary-disinformant="HR"</h4>
<div class="paragraph">
<p>Croatia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantht">DFRLab-dichotomies-of-disinformation:primary-disinformant="HT"</h4>
<div class="paragraph">
<p>Haiti</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanthu">DFRLab-dichotomies-of-disinformation:primary-disinformant="HU"</h4>
<div class="paragraph">
<p>Hungary</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantid">DFRLab-dichotomies-of-disinformation:primary-disinformant="ID"</h4>
<div class="paragraph">
<p>Indonesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantie">DFRLab-dichotomies-of-disinformation:primary-disinformant="IE"</h4>
<div class="paragraph">
<p>Ireland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantil">DFRLab-dichotomies-of-disinformation:primary-disinformant="IL"</h4>
<div class="paragraph">
<p>Israel</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantim">DFRLab-dichotomies-of-disinformation:primary-disinformant="IM"</h4>
<div class="paragraph">
<p>Isle of Man</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantin">DFRLab-dichotomies-of-disinformation:primary-disinformant="IN"</h4>
<div class="paragraph">
<p>India</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantio">DFRLab-dichotomies-of-disinformation:primary-disinformant="IO"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantiq">DFRLab-dichotomies-of-disinformation:primary-disinformant="IQ"</h4>
<div class="paragraph">
<p>Iraq</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantir">DFRLab-dichotomies-of-disinformation:primary-disinformant="IR"</h4>
<div class="paragraph">
<p>Iran (Islamic Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantis">DFRLab-dichotomies-of-disinformation:primary-disinformant="IS"</h4>
<div class="paragraph">
<p>Iceland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantit">DFRLab-dichotomies-of-disinformation:primary-disinformant="IT"</h4>
<div class="paragraph">
<p>Italy</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantje">DFRLab-dichotomies-of-disinformation:primary-disinformant="JE"</h4>
<div class="paragraph">
<p>Jersey</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantjm">DFRLab-dichotomies-of-disinformation:primary-disinformant="JM"</h4>
<div class="paragraph">
<p>Jamaica</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantjo">DFRLab-dichotomies-of-disinformation:primary-disinformant="JO"</h4>
<div class="paragraph">
<p>Jordan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantjp">DFRLab-dichotomies-of-disinformation:primary-disinformant="JP"</h4>
<div class="paragraph">
<p>Japan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantke">DFRLab-dichotomies-of-disinformation:primary-disinformant="KE"</h4>
<div class="paragraph">
<p>Kenya</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkg">DFRLab-dichotomies-of-disinformation:primary-disinformant="KG"</h4>
<div class="paragraph">
<p>Kyrgyzstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkh">DFRLab-dichotomies-of-disinformation:primary-disinformant="KH"</h4>
<div class="paragraph">
<p>Cambodia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantki">DFRLab-dichotomies-of-disinformation:primary-disinformant="KI"</h4>
<div class="paragraph">
<p>Kiribati</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkm">DFRLab-dichotomies-of-disinformation:primary-disinformant="KM"</h4>
<div class="paragraph">
<p>Comoros</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkn">DFRLab-dichotomies-of-disinformation:primary-disinformant="KN"</h4>
<div class="paragraph">
<p>Saint Kitts and Nevis</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkp">DFRLab-dichotomies-of-disinformation:primary-disinformant="KP"</h4>
<div class="paragraph">
<p>Korea, Democratic People&#8217;s Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkr">DFRLab-dichotomies-of-disinformation:primary-disinformant="KR"</h4>
<div class="paragraph">
<p>Korea, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkw">DFRLab-dichotomies-of-disinformation:primary-disinformant="KW"</h4>
<div class="paragraph">
<p>Kuwait</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantky">DFRLab-dichotomies-of-disinformation:primary-disinformant="KY"</h4>
<div class="paragraph">
<p>Cayman Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantkz">DFRLab-dichotomies-of-disinformation:primary-disinformant="KZ"</h4>
<div class="paragraph">
<p>Kazakhstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantla">DFRLab-dichotomies-of-disinformation:primary-disinformant="LA"</h4>
<div class="paragraph">
<p>Lao People&#8217;s Democratic Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantlb">DFRLab-dichotomies-of-disinformation:primary-disinformant="LB"</h4>
<div class="paragraph">
<p>Lebanon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantlc">DFRLab-dichotomies-of-disinformation:primary-disinformant="LC"</h4>
<div class="paragraph">
<p>Saint Lucia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantli">DFRLab-dichotomies-of-disinformation:primary-disinformant="LI"</h4>
<div class="paragraph">
<p>Liechtenstein</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantlk">DFRLab-dichotomies-of-disinformation:primary-disinformant="LK"</h4>
<div class="paragraph">
<p>Sri Lanka</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantlr">DFRLab-dichotomies-of-disinformation:primary-disinformant="LR"</h4>
<div class="paragraph">
<p>Liberia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantls">DFRLab-dichotomies-of-disinformation:primary-disinformant="LS"</h4>
<div class="paragraph">
<p>Lesotho</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantlt">DFRLab-dichotomies-of-disinformation:primary-disinformant="LT"</h4>
<div class="paragraph">
<p>Lithuania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantlu">DFRLab-dichotomies-of-disinformation:primary-disinformant="LU"</h4>
<div class="paragraph">
<p>Luxembourg</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantlv">DFRLab-dichotomies-of-disinformation:primary-disinformant="LV"</h4>
<div class="paragraph">
<p>Latvia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantly">DFRLab-dichotomies-of-disinformation:primary-disinformant="LY"</h4>
<div class="paragraph">
<p>Libya</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantma">DFRLab-dichotomies-of-disinformation:primary-disinformant="MA"</h4>
<div class="paragraph">
<p>Morocco</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmc">DFRLab-dichotomies-of-disinformation:primary-disinformant="MC"</h4>
<div class="paragraph">
<p>Monaco</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmd">DFRLab-dichotomies-of-disinformation:primary-disinformant="MD"</h4>
<div class="paragraph">
<p>Moldova, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantme">DFRLab-dichotomies-of-disinformation:primary-disinformant="ME"</h4>
<div class="paragraph">
<p>Montenegro</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmf">DFRLab-dichotomies-of-disinformation:primary-disinformant="MF"</h4>
<div class="paragraph">
<p>Saint Martin (French part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmg">DFRLab-dichotomies-of-disinformation:primary-disinformant="MG"</h4>
<div class="paragraph">
<p>Madagascar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmh">DFRLab-dichotomies-of-disinformation:primary-disinformant="MH"</h4>
<div class="paragraph">
<p>Marshall Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmk">DFRLab-dichotomies-of-disinformation:primary-disinformant="MK"</h4>
<div class="paragraph">
<p>Macedonia, The former Yugoslav Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantml">DFRLab-dichotomies-of-disinformation:primary-disinformant="ML"</h4>
<div class="paragraph">
<p>Mali</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmm">DFRLab-dichotomies-of-disinformation:primary-disinformant="MM"</h4>
<div class="paragraph">
<p>Myanmar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmn">DFRLab-dichotomies-of-disinformation:primary-disinformant="MN"</h4>
<div class="paragraph">
<p>Mongolia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmo">DFRLab-dichotomies-of-disinformation:primary-disinformant="MO"</h4>
<div class="paragraph">
<p>Macao</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmp">DFRLab-dichotomies-of-disinformation:primary-disinformant="MP"</h4>
<div class="paragraph">
<p>Northern Mariana Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmq">DFRLab-dichotomies-of-disinformation:primary-disinformant="MQ"</h4>
<div class="paragraph">
<p>Martinique</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmr">DFRLab-dichotomies-of-disinformation:primary-disinformant="MR"</h4>
<div class="paragraph">
<p>Mauritania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantms">DFRLab-dichotomies-of-disinformation:primary-disinformant="MS"</h4>
<div class="paragraph">
<p>Montserrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmt">DFRLab-dichotomies-of-disinformation:primary-disinformant="MT"</h4>
<div class="paragraph">
<p>Malta</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmu">DFRLab-dichotomies-of-disinformation:primary-disinformant="MU"</h4>
<div class="paragraph">
<p>Mauritius</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmv">DFRLab-dichotomies-of-disinformation:primary-disinformant="MV"</h4>
<div class="paragraph">
<p>Maldives</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmw">DFRLab-dichotomies-of-disinformation:primary-disinformant="MW"</h4>
<div class="paragraph">
<p>Malawi</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmx">DFRLab-dichotomies-of-disinformation:primary-disinformant="MX"</h4>
<div class="paragraph">
<p>Mexico</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmy">DFRLab-dichotomies-of-disinformation:primary-disinformant="MY"</h4>
<div class="paragraph">
<p>Malaysia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantmz">DFRLab-dichotomies-of-disinformation:primary-disinformant="MZ"</h4>
<div class="paragraph">
<p>Mozambique</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantna">DFRLab-dichotomies-of-disinformation:primary-disinformant="NA"</h4>
<div class="paragraph">
<p>Namibia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantnc">DFRLab-dichotomies-of-disinformation:primary-disinformant="NC"</h4>
<div class="paragraph">
<p>New Caledonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantne">DFRLab-dichotomies-of-disinformation:primary-disinformant="NE"</h4>
<div class="paragraph">
<p>Niger</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantnf">DFRLab-dichotomies-of-disinformation:primary-disinformant="NF"</h4>
<div class="paragraph">
<p>Norfolk Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantng">DFRLab-dichotomies-of-disinformation:primary-disinformant="NG"</h4>
<div class="paragraph">
<p>Nigeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantni">DFRLab-dichotomies-of-disinformation:primary-disinformant="NI"</h4>
<div class="paragraph">
<p>Nicaragua</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantnl">DFRLab-dichotomies-of-disinformation:primary-disinformant="NL"</h4>
<div class="paragraph">
<p>Netherlands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantno">DFRLab-dichotomies-of-disinformation:primary-disinformant="NO"</h4>
<div class="paragraph">
<p>Norway</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantnp">DFRLab-dichotomies-of-disinformation:primary-disinformant="NP"</h4>
<div class="paragraph">
<p>Nepal</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantnr">DFRLab-dichotomies-of-disinformation:primary-disinformant="NR"</h4>
<div class="paragraph">
<p>Nauru</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantnu">DFRLab-dichotomies-of-disinformation:primary-disinformant="NU"</h4>
<div class="paragraph">
<p>Niue</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantnz">DFRLab-dichotomies-of-disinformation:primary-disinformant="NZ"</h4>
<div class="paragraph">
<p>New Zealand</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantom">DFRLab-dichotomies-of-disinformation:primary-disinformant="OM"</h4>
<div class="paragraph">
<p>Oman</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantother">DFRLab-dichotomies-of-disinformation:primary-disinformant="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpa">DFRLab-dichotomies-of-disinformation:primary-disinformant="PA"</h4>
<div class="paragraph">
<p>Panama</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpe">DFRLab-dichotomies-of-disinformation:primary-disinformant="PE"</h4>
<div class="paragraph">
<p>Peru</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpf">DFRLab-dichotomies-of-disinformation:primary-disinformant="PF"</h4>
<div class="paragraph">
<p>French Polynesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpg">DFRLab-dichotomies-of-disinformation:primary-disinformant="PG"</h4>
<div class="paragraph">
<p>Papua New Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantph">DFRLab-dichotomies-of-disinformation:primary-disinformant="PH"</h4>
<div class="paragraph">
<p>Philippines</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpk">DFRLab-dichotomies-of-disinformation:primary-disinformant="PK"</h4>
<div class="paragraph">
<p>Pakistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpl">DFRLab-dichotomies-of-disinformation:primary-disinformant="PL"</h4>
<div class="paragraph">
<p>Poland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpm">DFRLab-dichotomies-of-disinformation:primary-disinformant="PM"</h4>
<div class="paragraph">
<p>Saint Pierre and Miquelon</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpn">DFRLab-dichotomies-of-disinformation:primary-disinformant="PN"</h4>
<div class="paragraph">
<p>Pitcairn</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpr">DFRLab-dichotomies-of-disinformation:primary-disinformant="PR"</h4>
<div class="paragraph">
<p>Puerto Rico</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantps">DFRLab-dichotomies-of-disinformation:primary-disinformant="PS"</h4>
<div class="paragraph">
<p>Palestinian Territory, Occupied</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpt">DFRLab-dichotomies-of-disinformation:primary-disinformant="PT"</h4>
<div class="paragraph">
<p>Portugal</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpw">DFRLab-dichotomies-of-disinformation:primary-disinformant="PW"</h4>
<div class="paragraph">
<p>Palau</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantpy">DFRLab-dichotomies-of-disinformation:primary-disinformant="PY"</h4>
<div class="paragraph">
<p>Paraguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantqa">DFRLab-dichotomies-of-disinformation:primary-disinformant="QA"</h4>
<div class="paragraph">
<p>Qatar</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantre">DFRLab-dichotomies-of-disinformation:primary-disinformant="RE"</h4>
<div class="paragraph">
<p>Reunion</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantro">DFRLab-dichotomies-of-disinformation:primary-disinformant="RO"</h4>
<div class="paragraph">
<p>Romania</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantrs">DFRLab-dichotomies-of-disinformation:primary-disinformant="RS"</h4>
<div class="paragraph">
<p>Serbia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantru">DFRLab-dichotomies-of-disinformation:primary-disinformant="RU"</h4>
<div class="paragraph">
<p>Russian Federation</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantrw">DFRLab-dichotomies-of-disinformation:primary-disinformant="RW"</h4>
<div class="paragraph">
<p>Rwanda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsa">DFRLab-dichotomies-of-disinformation:primary-disinformant="SA"</h4>
<div class="paragraph">
<p>Saudi Arabia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsb">DFRLab-dichotomies-of-disinformation:primary-disinformant="SB"</h4>
<div class="paragraph">
<p>Solomon Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsc">DFRLab-dichotomies-of-disinformation:primary-disinformant="SC"</h4>
<div class="paragraph">
<p>Seychelles</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsd">DFRLab-dichotomies-of-disinformation:primary-disinformant="SD"</h4>
<div class="paragraph">
<p>Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantse">DFRLab-dichotomies-of-disinformation:primary-disinformant="SE"</h4>
<div class="paragraph">
<p>Sweden</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsg">DFRLab-dichotomies-of-disinformation:primary-disinformant="SG"</h4>
<div class="paragraph">
<p>Singapore</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsh">DFRLab-dichotomies-of-disinformation:primary-disinformant="SH"</h4>
<div class="paragraph">
<p>Saint Helena</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsi">DFRLab-dichotomies-of-disinformation:primary-disinformant="SI"</h4>
<div class="paragraph">
<p>Slovenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsj">DFRLab-dichotomies-of-disinformation:primary-disinformant="SJ"</h4>
<div class="paragraph">
<p>Svalbard and Jan Mayen Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsk">DFRLab-dichotomies-of-disinformation:primary-disinformant="SK"</h4>
<div class="paragraph">
<p>Slovakia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsl">DFRLab-dichotomies-of-disinformation:primary-disinformant="SL"</h4>
<div class="paragraph">
<p>Sierra Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsm">DFRLab-dichotomies-of-disinformation:primary-disinformant="SM"</h4>
<div class="paragraph">
<p>San Marino</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsn">DFRLab-dichotomies-of-disinformation:primary-disinformant="SN"</h4>
<div class="paragraph">
<p>Senegal</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantso">DFRLab-dichotomies-of-disinformation:primary-disinformant="SO"</h4>
<div class="paragraph">
<p>Somalia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsr">DFRLab-dichotomies-of-disinformation:primary-disinformant="SR"</h4>
<div class="paragraph">
<p>Suriname</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantss">DFRLab-dichotomies-of-disinformation:primary-disinformant="SS"</h4>
<div class="paragraph">
<p>South Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantst">DFRLab-dichotomies-of-disinformation:primary-disinformant="ST"</h4>
<div class="paragraph">
<p>Sao Tome and Principe</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsv">DFRLab-dichotomies-of-disinformation:primary-disinformant="SV"</h4>
<div class="paragraph">
<p>El Salvador</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsx">DFRLab-dichotomies-of-disinformation:primary-disinformant="SX"</h4>
<div class="paragraph">
<p>Sint Maarten (Dutch part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsy">DFRLab-dichotomies-of-disinformation:primary-disinformant="SY"</h4>
<div class="paragraph">
<p>Syrian Arab Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantsz">DFRLab-dichotomies-of-disinformation:primary-disinformant="SZ"</h4>
<div class="paragraph">
<p>Swaziland</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttc">DFRLab-dichotomies-of-disinformation:primary-disinformant="TC"</h4>
<div class="paragraph">
<p>Turks and Caicos Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttd">DFRLab-dichotomies-of-disinformation:primary-disinformant="TD"</h4>
<div class="paragraph">
<p>Chad</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttf">DFRLab-dichotomies-of-disinformation:primary-disinformant="TF"</h4>
<div class="paragraph">
<p>French Southern Territories</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttg">DFRLab-dichotomies-of-disinformation:primary-disinformant="TG"</h4>
<div class="paragraph">
<p>Togo</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantth">DFRLab-dichotomies-of-disinformation:primary-disinformant="TH"</h4>
<div class="paragraph">
<p>Thailand</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttj">DFRLab-dichotomies-of-disinformation:primary-disinformant="TJ"</h4>
<div class="paragraph">
<p>Tajikistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttk">DFRLab-dichotomies-of-disinformation:primary-disinformant="TK"</h4>
<div class="paragraph">
<p>Tokelau</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttl">DFRLab-dichotomies-of-disinformation:primary-disinformant="TL"</h4>
<div class="paragraph">
<p>Timor-Leste</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttm">DFRLab-dichotomies-of-disinformation:primary-disinformant="TM"</h4>
<div class="paragraph">
<p>Turkmenistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttn">DFRLab-dichotomies-of-disinformation:primary-disinformant="TN"</h4>
<div class="paragraph">
<p>Tunisia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantto">DFRLab-dichotomies-of-disinformation:primary-disinformant="TO"</h4>
<div class="paragraph">
<p>Tonga</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttr">DFRLab-dichotomies-of-disinformation:primary-disinformant="TR"</h4>
<div class="paragraph">
<p>Turkey</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttt">DFRLab-dichotomies-of-disinformation:primary-disinformant="TT"</h4>
<div class="paragraph">
<p>Trinidad and Tobago</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttv">DFRLab-dichotomies-of-disinformation:primary-disinformant="TV"</h4>
<div class="paragraph">
<p>Tuvalu</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttw">DFRLab-dichotomies-of-disinformation:primary-disinformant="TW"</h4>
<div class="paragraph">
<p>Taiwan, Province of China</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformanttz">DFRLab-dichotomies-of-disinformation:primary-disinformant="TZ"</h4>
<div class="paragraph">
<p>Tanzania, United Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantua">DFRLab-dichotomies-of-disinformation:primary-disinformant="UA"</h4>
<div class="paragraph">
<p>Ukraine</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantug">DFRLab-dichotomies-of-disinformation:primary-disinformant="UG"</h4>
<div class="paragraph">
<p>Uganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantum">DFRLab-dichotomies-of-disinformation:primary-disinformant="UM"</h4>
<div class="paragraph">
<p>United States Minor Outlying Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantus">DFRLab-dichotomies-of-disinformation:primary-disinformant="US"</h4>
<div class="paragraph">
<p>United States of America</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantuy">DFRLab-dichotomies-of-disinformation:primary-disinformant="UY"</h4>
<div class="paragraph">
<p>Uruguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantuz">DFRLab-dichotomies-of-disinformation:primary-disinformant="UZ"</h4>
<div class="paragraph">
<p>Uzbekistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantunknown">DFRLab-dichotomies-of-disinformation:primary-disinformant="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantva">DFRLab-dichotomies-of-disinformation:primary-disinformant="VA"</h4>
<div class="paragraph">
<p>Holy See</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantvc">DFRLab-dichotomies-of-disinformation:primary-disinformant="VC"</h4>
<div class="paragraph">
<p>Saint Vincent and the Grenadines</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantve">DFRLab-dichotomies-of-disinformation:primary-disinformant="VE"</h4>
<div class="paragraph">
<p>Venezuela (Bolivarian Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantvg">DFRLab-dichotomies-of-disinformation:primary-disinformant="VG"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantvi">DFRLab-dichotomies-of-disinformation:primary-disinformant="VI"</h4>
<div class="paragraph">
<p>United States Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantvn">DFRLab-dichotomies-of-disinformation:primary-disinformant="VN"</h4>
<div class="paragraph">
<p>Viet Nam</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantvu">DFRLab-dichotomies-of-disinformation:primary-disinformant="VU"</h4>
<div class="paragraph">
<p>Vanuatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantwf">DFRLab-dichotomies-of-disinformation:primary-disinformant="WF"</h4>
<div class="paragraph">
<p>Wallis and Futuna Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantws">DFRLab-dichotomies-of-disinformation:primary-disinformant="WS"</h4>
<div class="paragraph">
<p>Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantye">DFRLab-dichotomies-of-disinformation:primary-disinformant="YE"</h4>
<div class="paragraph">
<p>Yemen</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantyt">DFRLab-dichotomies-of-disinformation:primary-disinformant="YT"</h4>
<div class="paragraph">
<p>Mayotte</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantza">DFRLab-dichotomies-of-disinformation:primary-disinformant="ZA"</h4>
<div class="paragraph">
<p>South Africa</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantzm">DFRLab-dichotomies-of-disinformation:primary-disinformant="ZM"</h4>
<div class="paragraph">
<p>Zambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationprimary_disinformantzw">DFRLab-dichotomies-of-disinformation:primary-disinformant="ZW"</h4>
<div class="paragraph">
<p>Zimbabwe</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_target_category">target-category</h3>
<div class="paragraph">
<p>When a campaign targets an actor, the category of that actor is filled in this field, if that information is available. Categories are not mutually exclusive. All relevant categories can be added.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categorygovernment_civilian">DFRLab-dichotomies-of-disinformation:target-category="government-civilian"</h4>
<div class="paragraph">
<p>Government: Civilian</p>
</div>
<div class="paragraph">
<p>The governing body and functions of a state, including national leaders, institutions, and non-military departments and agencies. Includes incumbent politicians running for re-election.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categorygovernment_military">DFRLab-dichotomies-of-disinformation:target-category="government-military"</h4>
<div class="paragraph">
<p>Government: Military</p>
</div>
<div class="paragraph">
<p>Military departments and agencies which enjoy the sanctioned use of force</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categorypolitical_party">DFRLab-dichotomies-of-disinformation:target-category="political-party"</h4>
<div class="paragraph">
<p>Political Party</p>
</div>
<div class="paragraph">
<p>Organized competitors for political power who can obtain or wield power directly. Includes politicians currently in office, as well as non-incumbent politicians running for office who are associated with a political party. Can also be an individual working for a party.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categorynon_state_political_actor">DFRLab-dichotomies-of-disinformation:target-category="non-state-political-actor"</h4>
<div class="paragraph">
<p>Non-State Political Actor</p>
</div>
<div class="paragraph">
<p>Organized competitors for political power who can obtain or wield power, even if indirectly; not necessarily enfranchised. Non-state political actors are formally organized, coordinated, and cohesive. e.g. Greenpeace, the NRA, or the KKK.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categorybusiness">DFRLab-dichotomies-of-disinformation:target-category="business"</h4>
<div class="paragraph">
<p>Business</p>
</div>
<div class="paragraph">
<p>Includes groups that contract out to the government, individuals looking for financial gain, and mercenaries.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categoryinfluential_individuals">DFRLab-dichotomies-of-disinformation:target-category="influential-individuals"</h4>
<div class="paragraph">
<p>Influential Individuals</p>
</div>
<div class="paragraph">
<p>Individuals who are influential but who do not belong to a ruling government coalition. Includes groups of individuals who are not formally organized but work together. e.g. journalists, former politicians, or organized 4channers. For individuals who operate their own charitable foundations (and thus could be placed in Non-State Political Actor), coding depends on whether or not the disinformation is foremost targeting the individual, their foundation, or both.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categoryelectorate">DFRLab-dichotomies-of-disinformation:target-category="electorate"</h4>
<div class="paragraph">
<p>Electorate</p>
</div>
<div class="paragraph">
<p>The enfranchised population in a specific country or within a demarcated boundary.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categoryracial">DFRLab-dichotomies-of-disinformation:target-category="racial"</h4>
<div class="paragraph">
<p>Racial</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categoryethnic">DFRLab-dichotomies-of-disinformation:target-category="ethnic"</h4>
<div class="paragraph">
<p>Ethnic</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categorysexual_identity_group">DFRLab-dichotomies-of-disinformation:target-category="sexual-identity-group"</h4>
<div class="paragraph">
<p>Sexual Identity Group</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_categoryreligious">DFRLab-dichotomies-of-disinformation:target-category="religious"</h4>
<div class="paragraph">
<p>Religious</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_target_concurrent_events">target-concurrent-events</h3>
<div class="paragraph">
<p>When a campaign targets an actor, events which take place during the campaign are said to be concurrent events.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_concurrent_eventsinter_state_war">DFRLab-dichotomies-of-disinformation:target-concurrent-events="inter-state-war"</h4>
<div class="paragraph">
<p>Inter-State War</p>
</div>
<div class="paragraph">
<p>Threshold is 1,000 conflict deaths. Use COW data for 2007 and before. 2008 and after, supplement with research.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_concurrent_eventsextra_state_war">DFRLab-dichotomies-of-disinformation:target-concurrent-events="extra-state-war"</h4>
<div class="paragraph">
<p>Extra-State War</p>
</div>
<div class="paragraph">
<p>Threshold is 1,000 conflict deaths. Use COW data for 2007 and before.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_concurrent_eventsintra_state_war">DFRLab-dichotomies-of-disinformation:target-concurrent-events="intra-state-war"</h4>
<div class="paragraph">
<p>Intra-State War</p>
</div>
<div class="paragraph">
<p>Threshold is 1,000 conflict deaths. Use COW data for 2007 and before. 2008 and after, supplement with research.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_concurrent_eventsnon_state_war">DFRLab-dichotomies-of-disinformation:target-concurrent-events="non-state-war"</h4>
<div class="paragraph">
<p>Non-State War</p>
</div>
<div class="paragraph">
<p>War in non-state territory or across state borders. Threshold is 1,000 conflict deaths. Use COW data for 2007 and before. 2008 and after, supplement with research.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_concurrent_eventsfederal_election">DFRLab-dichotomies-of-disinformation:target-concurrent-events="federal-election"</h4>
<div class="paragraph">
<p>Federal Election</p>
</div>
<div class="paragraph">
<p>Includes elections at province, municipality, administrative region, department, prefecture, and local levels.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationtarget_concurrent_eventsstate_election">DFRLab-dichotomies-of-disinformation:target-concurrent-events="state-election"</h4>
<div class="paragraph">
<p>State Election</p>
</div>
<div class="paragraph">
<p>Includes elections at province, municipality, administrative region, department, prefecture, and local levels.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_platforms_open_web">platforms-open-web</h3>
<div class="paragraph">
<p>Open web media platform through which a campaign targets an actor.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_open_webstate_media">DFRLab-dichotomies-of-disinformation:platforms-open-web="state-media"</h4>
<div class="paragraph">
<p>State Media</p>
</div>
<div class="paragraph">
<p>Includes “state-adjacent” media, operated by government proxies or otherwise beholden to the state.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_open_webindependent_media">DFRLab-dichotomies-of-disinformation:platforms-open-web="independent-media"</h4>
<div class="paragraph">
<p>Independent Media</p>
</div>
<div class="paragraph">
<p>Media institutions that are not beholden to the government and can be reasonably assessed to score &gt; 60 by the NewsGuard rating process.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_open_webjunk_news_websites">DFRLab-dichotomies-of-disinformation:platforms-open-web="junk-news-websites"</h4>
<div class="paragraph">
<p>Junk News Websites</p>
</div>
<div class="paragraph">
<p>A website that trafficks in deceptive headlines, fails to correct errors, avoids disclosure of funding sources, and avoids labeling advertisements. One that can be reasonably assessed to score &lt; 60 by the NewsGuard rating process.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_platforms_social_media">platforms-social-media</h3>
<div class="paragraph">
<p>Social media platform through which a campaign targets an actor.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediafacebook">DFRLab-dichotomies-of-disinformation:platforms-social-media="facebook"</h4>
<div class="paragraph">
<p>Facebook</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediainstagram">DFRLab-dichotomies-of-disinformation:platforms-social-media="instagram"</h4>
<div class="paragraph">
<p>Instagram</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediatwitter">DFRLab-dichotomies-of-disinformation:platforms-social-media="twitter"</h4>
<div class="paragraph">
<p>Twitter</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediayoutube">DFRLab-dichotomies-of-disinformation:platforms-social-media="youtube"</h4>
<div class="paragraph">
<p>YouTube</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_medialinkedin">DFRLab-dichotomies-of-disinformation:platforms-social-media="linkedin"</h4>
<div class="paragraph">
<p>LinkedIn</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediareddit">DFRLab-dichotomies-of-disinformation:platforms-social-media="reddit"</h4>
<div class="paragraph">
<p>Reddit</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediavk">DFRLab-dichotomies-of-disinformation:platforms-social-media="vk"</h4>
<div class="paragraph">
<p>VK</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediaforum">DFRLab-dichotomies-of-disinformation:platforms-social-media="forum"</h4>
<div class="paragraph">
<p>Forum</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_social_mediaother">DFRLab-dichotomies-of-disinformation:platforms-social-media="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Social media accounts created by the disinformants for deceptive purposes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_platforms_messaging">platforms-messaging</h3>
<div class="paragraph">
<p>Messaging platform through which a campaign targets an actor.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_messagingwhatsapp">DFRLab-dichotomies-of-disinformation:platforms-messaging="whatsapp"</h4>
<div class="paragraph">
<p>WhatsApp</p>
</div>
<div class="paragraph">
<p>Messaging platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_messagingtelegram">DFRLab-dichotomies-of-disinformation:platforms-messaging="telegram"</h4>
<div class="paragraph">
<p>Telegram</p>
</div>
<div class="paragraph">
<p>Messaging platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_messagingsignal">DFRLab-dichotomies-of-disinformation:platforms-messaging="signal"</h4>
<div class="paragraph">
<p>Signal</p>
</div>
<div class="paragraph">
<p>Messaging platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_messagingline">DFRLab-dichotomies-of-disinformation:platforms-messaging="line"</h4>
<div class="paragraph">
<p>Line</p>
</div>
<div class="paragraph">
<p>Messaging platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_messagingwechat">DFRLab-dichotomies-of-disinformation:platforms-messaging="wechat"</h4>
<div class="paragraph">
<p>WeChat</p>
</div>
<div class="paragraph">
<p>Messaging platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_messagingsms">DFRLab-dichotomies-of-disinformation:platforms-messaging="sms"</h4>
<div class="paragraph">
<p>SMS</p>
</div>
<div class="paragraph">
<p>Messaging platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatforms_messagingother">DFRLab-dichotomies-of-disinformation:platforms-messaging="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Messaging platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_platforms">platforms</h3>
<div class="paragraph">
<p>Platforms through which a campaign targets an actor.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatformsadvertisement">DFRLab-dichotomies-of-disinformation:platforms="advertisement"</h4>
<div class="paragraph">
<p>Advertisement</p>
</div>
<div class="paragraph">
<p>Advertisements purchased by disinformants to disseminate a message of disinformation. Includes ads on social media and the open web.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatformsemail">DFRLab-dichotomies-of-disinformation:platforms="email"</h4>
<div class="paragraph">
<p>Email</p>
</div>
<div class="paragraph">
<p>Email used by the disinformants for deceptive purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationplatformsother">DFRLab-dichotomies-of-disinformation:platforms="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other platforms used by the disinformants for deceptive purposes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_content_language">content-language</h3>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languageenglish">DFRLab-dichotomies-of-disinformation:content-language="english"</h4>
<div class="paragraph">
<p>English</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagerussian">DFRLab-dichotomies-of-disinformation:content-language="russian"</h4>
<div class="paragraph">
<p>Russian</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagefrench">DFRLab-dichotomies-of-disinformation:content-language="french"</h4>
<div class="paragraph">
<p>French</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagechinese">DFRLab-dichotomies-of-disinformation:content-language="chinese"</h4>
<div class="paragraph">
<p>Chinese</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagegerman">DFRLab-dichotomies-of-disinformation:content-language="german"</h4>
<div class="paragraph">
<p>German</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagespanish">DFRLab-dichotomies-of-disinformation:content-language="spanish"</h4>
<div class="paragraph">
<p>Spanish</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagehindi">DFRLab-dichotomies-of-disinformation:content-language="hindi"</h4>
<div class="paragraph">
<p>Hindi</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languageportuguese">DFRLab-dichotomies-of-disinformation:content-language="portuguese"</h4>
<div class="paragraph">
<p>Portuguese</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagebengali">DFRLab-dichotomies-of-disinformation:content-language="bengali"</h4>
<div class="paragraph">
<p>Bengali</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagejapanese">DFRLab-dichotomies-of-disinformation:content-language="japanese"</h4>
<div class="paragraph">
<p>Japanese</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languageturkish">DFRLab-dichotomies-of-disinformation:content-language="turkish"</h4>
<div class="paragraph">
<p>Turkish</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagepolish">DFRLab-dichotomies-of-disinformation:content-language="polish"</h4>
<div class="paragraph">
<p>Polish</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languageukrainian">DFRLab-dichotomies-of-disinformation:content-language="ukrainian"</h4>
<div class="paragraph">
<p>Ukrainian</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languagearabic">DFRLab-dichotomies-of-disinformation:content-language="arabic"</h4>
<div class="paragraph">
<p>Arabic</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_languageiranian_persian">DFRLab-dichotomies-of-disinformation:content-language="iranian-persian"</h4>
<div class="paragraph">
<p>iranian-persian</p>
</div>
<div class="paragraph">
<p>The language of the disinformation.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_content_topic">content-topic</h3>
<div class="paragraph">
<p>The subject evident in the campaign.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicgovernment">DFRLab-dichotomies-of-disinformation:content-topic="government"</h4>
<div class="paragraph">
<p>Government</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicmilitary">DFRLab-dichotomies-of-disinformation:content-topic="military"</h4>
<div class="paragraph">
<p>Mility</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicpolitical_party">DFRLab-dichotomies-of-disinformation:content-topic="political-party"</h4>
<div class="paragraph">
<p>Political Party</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicelections">DFRLab-dichotomies-of-disinformation:content-topic="elections"</h4>
<div class="paragraph">
<p>Elections</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicnon_state_political_actor">DFRLab-dichotomies-of-disinformation:content-topic="non-state-political-actor"</h4>
<div class="paragraph">
<p>Non-State Political Actor</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicbusiness">DFRLab-dichotomies-of-disinformation:content-topic="business"</h4>
<div class="paragraph">
<p>Business</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicinfluential_individuals">DFRLab-dichotomies-of-disinformation:content-topic="influential-individuals"</h4>
<div class="paragraph">
<p>Influential Individuals</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicracial">DFRLab-dichotomies-of-disinformation:content-topic="racial"</h4>
<div class="paragraph">
<p>Racial</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicethnic">DFRLab-dichotomies-of-disinformation:content-topic="ethnic"</h4>
<div class="paragraph">
<p>Ethnic</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicreligious">DFRLab-dichotomies-of-disinformation:content-topic="religious"</h4>
<div class="paragraph">
<p>Religious</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicsexual_identity_group">DFRLab-dichotomies-of-disinformation:content-topic="sexual-identity-group"</h4>
<div class="paragraph">
<p>Sexual Identity Group</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicterrorism">DFRLab-dichotomies-of-disinformation:content-topic="terrorism"</h4>
<div class="paragraph">
<p>Terrorism</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicimmigration">DFRLab-dichotomies-of-disinformation:content-topic="immigration"</h4>
<div class="paragraph">
<p>Immigration</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topiceconomic_issue">DFRLab-dichotomies-of-disinformation:content-topic="economic-issue"</h4>
<div class="paragraph">
<p>Economic Issue</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationcontent_topicother">DFRLab-dichotomies-of-disinformation:content-topic="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Subject evident in the campaign.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_methods_tactics">methods-tactics</h3>
<div class="paragraph">
<p>The tactics evident in the campaign.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticsbrigading">DFRLab-dichotomies-of-disinformation:methods-tactics="brigading"</h4>
<div class="paragraph">
<p>Brigading</p>
</div>
<div class="paragraph">
<p>Patriotic trolls or organic coordination in which disinformants seemingly operate under their real identities. A concentrated effort by one online group to manipulate another, e.g. through mass-commenting a certain message.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticssockpuppets">DFRLab-dichotomies-of-disinformation:methods-tactics="sockpuppets"</h4>
<div class="paragraph">
<p>Sockpuppets</p>
</div>
<div class="paragraph">
<p>Inauthentic social media accounts used for the purpose of deception which evidence a high likelihood of human operation. This includes catfishing and other highly tailored operations conducted under inauthentic personas.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticsbotnets">DFRLab-dichotomies-of-disinformation:methods-tactics="botnets"</h4>
<div class="paragraph">
<p>Botnets</p>
</div>
<div class="paragraph">
<p>Inauthentic social media accounts used for the purpose of deception which evidence a high likelihood of automation. These accounts evidence no sustained human intervention beyond the effort necessary to program them initially. They often form large networks for the purpose of inauthentic amplification. This includes both fresh and repurposed accounts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticssearch_engine_manipulation">DFRLab-dichotomies-of-disinformation:methods-tactics="search-engine-manipulation"</h4>
<div class="paragraph">
<p>Search Engine Manipulation</p>
</div>
<div class="paragraph">
<p>Undermining search engine optimization techniques with the intention of creating an inorganic correlation of search queries and results. Often realized by way of cooperative efforts by online communities. e.g. “Google Bombing.” May also include typosquatting with the intention to mislead or redirect to another URL.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticsddos">DFRLab-dichotomies-of-disinformation:methods-tactics="ddos"</h4>
<div class="paragraph">
<p>Hacking: DDos</p>
</div>
<div class="paragraph">
<p>Distributed denial-of-service. Malicious attempt to disrupt server traffic. In the context of political disinformation campaigns, this is intended to make it more difficult for the target to launch an effective counter-messaging effort.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticsdata_exfiltration">DFRLab-dichotomies-of-disinformation:methods-tactics="data-exfiltration"</h4>
<div class="paragraph">
<p>Hacking: Data Exfiltration</p>
</div>
<div class="paragraph">
<p>The unauthorized movement of data. In the context of political disinformation campaigns, this is the acquisition of sensitive information through spearphishing or similar techniques that can be subsequently released by the disinformant to boost their messaging effort.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticsdeep_learning_processes">DFRLab-dichotomies-of-disinformation:methods-tactics="deep-learning-processes"</h4>
<div class="paragraph">
<p>Deceptive Content Manipulation: Deep Learning Processes</p>
</div>
<div class="paragraph">
<p>Any content that has been deceptively edited by use of Photoshop or similar software. This includes the deceptive co-option and re-use of extant media branding and style guides. This does not include the use of deep learning processes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_tacticsother">DFRLab-dichotomies-of-disinformation:methods-tactics="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Inauthentic social media accounts used for the purpose of deception which evidence a high likelihood of human operation. This includes catfishing and other highly tailored operations conducted under inauthentic personas.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_methods_narrative_techniques">methods-narrative-techniques</h3>
<div class="paragraph">
<p>The narrative techniques evident in the campaign.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_narrative_techniquesconstructive_activate">DFRLab-dichotomies-of-disinformation:methods-narrative-techniques="constructive-activate"</h4>
<div class="paragraph">
<p>Constructive: Activate</p>
</div>
<div class="paragraph">
<p>Bandwagon, pander, ignite. e.g., “If you love Mr. Trump, RT this.”</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_narrative_techniquesconstructive_astroturf">DFRLab-dichotomies-of-disinformation:methods-narrative-techniques="constructive-astroturf"</h4>
<div class="paragraph">
<p>Constructive: Astroturf</p>
</div>
<div class="paragraph">
<p>Artificial consensus-building, inflation, or amplification. Also called a “Potemkin Village.” e.g., “The #1 trending hashtag cant be wrong.”</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_narrative_techniquesdestructive_suppress">DFRLab-dichotomies-of-disinformation:methods-narrative-techniques="destructive-suppress"</h4>
<div class="paragraph">
<p>Destructive: Suppress</p>
</div>
<div class="paragraph">
<p>Harass, intimidate, exhaust. Often targets influential individuals.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_narrative_techniquesdestructive_discredit">DFRLab-dichotomies-of-disinformation:methods-narrative-techniques="destructive-discredit"</h4>
<div class="paragraph">
<p>Destructive: Discredit</p>
</div>
<div class="paragraph">
<p>Libel, leak, tarnish. Often targets government, political parties, elections, or other institutions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_narrative_techniquesoblique_troll">DFRLab-dichotomies-of-disinformation:methods-narrative-techniques="oblique-troll"</h4>
<div class="paragraph">
<p>Oblique: Troll</p>
</div>
<div class="paragraph">
<p>Confusion by way of discourse infiltration and targeted distraction. Conscious efforts by disinformants to derail political movements through tailored engagement.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationmethods_narrative_techniquesoblique_flood">DFRLab-dichotomies-of-disinformation:methods-narrative-techniques="oblique-flood"</h4>
<div class="paragraph">
<p>Oblique: Flood</p>
</div>
<div class="paragraph">
<p>Confusion by way of hashtag invasion and mass noise generation. The hijacking of an online political movement through appropriation of an existing hashtag and addition of large quantity of unrelated material.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disinformant_category">disinformant-category</h3>
<div class="paragraph">
<p>When a disinformant targets an actor, the category of that disinformant is filled in this field, if that information is available. Categories are not mutually exclusive. All relevant categories can be added.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categorygovernment_direct_attribution">DFRLab-dichotomies-of-disinformation:disinformant-category="government-direct-attribution"</h4>
<div class="paragraph">
<p>Government: Direct Attribution</p>
</div>
<div class="paragraph">
<p>Public, definitive attribution to a national government by a social media platform or trusted government entity. These entities have access to signals intelligence and other publicly unavailable information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categorygovernment_inferred_attribution">DFRLab-dichotomies-of-disinformation:disinformant-category="government-inferred-attribution"</h4>
<div class="paragraph">
<p>Government: Proxy/Inferred Attribution</p>
</div>
<div class="paragraph">
<p>Informed attribution to a government or government-adjacent proxy in which definitive proof is absent. Such attribution is based on open-source data and inference. This includes attribution to political parties, non-state political actors, businesses, and influential individuals who are suspected to be working at the governments direction.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categorypolitical_party">DFRLab-dichotomies-of-disinformation:disinformant-category="political-party"</h4>
<div class="paragraph">
<p>Political Party</p>
</div>
<div class="paragraph">
<p>Organized competitors for political power who can obtain or wield power directly. Includes politicians currently in office, as well as non-incumbent politicians running for office who are associated with a political party. Can also be an individual working for a party.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categorynon_state_political_actor">DFRLab-dichotomies-of-disinformation:disinformant-category="non-state-political-actor"</h4>
<div class="paragraph">
<p>Non-State Political Actor</p>
</div>
<div class="paragraph">
<p>Organized competitors for political power who can obtain or wield power, even if indirectly; not necessarily enfranchised. Non-state political actors are formally organized, coordinated, and cohesive. e.g. Greenpeace, the NRA, or the KKK.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categorybusiness">DFRLab-dichotomies-of-disinformation:disinformant-category="business"</h4>
<div class="paragraph">
<p>Business</p>
</div>
<div class="paragraph">
<p>Includes groups that contract out to the government, individuals looking for financial gain, and mercenaries.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categoryinfluential_individuals">DFRLab-dichotomies-of-disinformation:disinformant-category="influential-individuals"</h4>
<div class="paragraph">
<p>Influential Individuals</p>
</div>
<div class="paragraph">
<p>Individuals who are influential but who do not belong to a ruling government coalition. Includes groups of individuals who are not formally organized but work together. e.g. journalists, former politicians, or organized 4channers. For individuals who operate their own charitable foundations (and thus could be placed in Non-State Political Actor), coding depends on whether or not the disinformation is foremost targeting the individual, their foundation, or both.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categoryelectorate">DFRLab-dichotomies-of-disinformation:disinformant-category="electorate"</h4>
<div class="paragraph">
<p>Electorate</p>
</div>
<div class="paragraph">
<p>The enfranchised population in a specific country or within a demarcated boundary.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categoryracial">DFRLab-dichotomies-of-disinformation:disinformant-category="racial"</h4>
<div class="paragraph">
<p>Racial</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categoryethnic">DFRLab-dichotomies-of-disinformation:disinformant-category="ethnic"</h4>
<div class="paragraph">
<p>Ethnic</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categorysexual_identity_group">DFRLab-dichotomies-of-disinformation:disinformant-category="sexual-identity-group"</h4>
<div class="paragraph">
<p>Sexual Identity Group</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_categoryreligious">DFRLab-dichotomies-of-disinformation:disinformant-category="religious"</h4>
<div class="paragraph">
<p>Religious</p>
</div>
<div class="paragraph">
<p>A specific minority/majority group.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disinformant_concurrent_events">disinformant-concurrent-events</h3>
<div class="paragraph">
<p>When a disinformant targets an actor, the category of that disinformant is filled in this field, if that information is available. Categories are not mutually exclusive. All relevant categories can be added.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_concurrent_eventsinter_state_war">DFRLab-dichotomies-of-disinformation:disinformant-concurrent-events="inter-state-war"</h4>
<div class="paragraph">
<p>Inter-State War</p>
</div>
<div class="paragraph">
<p>Threshold is 1,000 conflict deaths. Use COW data for 2007 and before. 2008 and after, supplement with research.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_concurrent_eventsextra_state_war">DFRLab-dichotomies-of-disinformation:disinformant-concurrent-events="extra-state-war"</h4>
<div class="paragraph">
<p>Extra-State War</p>
</div>
<div class="paragraph">
<p>Threshold is 1,000 conflict deaths. Use COW data for 2007 and before.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_concurrent_eventsintra_state_war">DFRLab-dichotomies-of-disinformation:disinformant-concurrent-events="intra-state-war"</h4>
<div class="paragraph">
<p>Intra-State War</p>
</div>
<div class="paragraph">
<p>Threshold is 1,000 conflict deaths. Use COW data for 2007 and before. 2008 and after, supplement with research.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_concurrent_eventsnon_state_war">DFRLab-dichotomies-of-disinformation:disinformant-concurrent-events="non-state-war"</h4>
<div class="paragraph">
<p>Non-State War</p>
</div>
<div class="paragraph">
<p>War in non-state territory or across state borders. Threshold is 1,000 conflict deaths. Use COW data for 2007 and before. 2008 and after, supplement with research.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_concurrent_eventsfederal_election">DFRLab-dichotomies-of-disinformation:disinformant-concurrent-events="federal-election"</h4>
<div class="paragraph">
<p>Federal Election</p>
</div>
<div class="paragraph">
<p>Includes elections at province, municipality, administrative region, department, prefecture, and local levels.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_concurrent_eventsstate_election">DFRLab-dichotomies-of-disinformation:disinformant-concurrent-events="state-election"</h4>
<div class="paragraph">
<p>State Election</p>
</div>
<div class="paragraph">
<p>Includes elections at province, municipality, administrative region, department, prefecture, and local levels.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disinformant_intent">disinformant-intent</h3>
<div class="paragraph">
<p>This is the intent of the primary disinformant and any other disinformants coded.</p>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_intentcivil">DFRLab-dichotomies-of-disinformation:disinformant-intent="civil"</h4>
<div class="paragraph">
<p>Civil</p>
</div>
<div class="paragraph">
<p>To include electoral interference, policy change.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_intentsocial">DFRLab-dichotomies-of-disinformation:disinformant-intent="social"</h4>
<div class="paragraph">
<p>Social</p>
</div>
<div class="paragraph">
<p>To include marginalization of majority/minority groups and general social fissure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_intenteconomic">DFRLab-dichotomies-of-disinformation:disinformant-intent="economic"</h4>
<div class="paragraph">
<p>Economic</p>
</div>
<div class="paragraph">
<p>To include suppression of economic activity, destruction of capital.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dfrlab_dichotomies_of_disinformationdisinformant_intentmilitary">DFRLab-dichotomies-of-disinformation:disinformant-intent="military"</h4>
<div class="paragraph">
<p>Military</p>
</div>
<div class="paragraph">
<p>To include complement to offensive military campaign, or information paralysis of an adversarys military institutions.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dml">DML</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
DML namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/DML/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks. It&#8217;s designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program.</p>
</div>
<div class="sect2">
<h3 id="_8">8</h3>
<div class="paragraph">
<p>If the actor is part of a larger organized operation they may be receiving their goals from a higher level source or handler. Depending on how organized and sophisticated the adversary&#8217;s campaigns are, these goals may not even be shared with the operator(s) themselves. In cases of non-targeted threat actors, this may be much less organized or distributed.
Goals are nearly impossible to detect (directly) but they&#8217;re almost always the toughest question C-level leaders ask about post-breach. "Who was it and why?" These kinds of questions can never truthfully be answered unless you&#8217;re operating at Detection Maturity Level 8 against your adversary and can prove reliably that you know what their goals are. Short of that, it&#8217;s guessing at what the adversary&#8217;s true intentions were based on behavioral observations made at lower DMLs (e.g. data stolen, directories listed, employees or programs targeted, etc). I anticipate less than a handful of organizations truly operate at this level, consistently, against the threat actors they face because it&#8217;s nearly impossible to detect based on goals alone.</p>
</div>
<div class="sect3">
<h4 id="_dml8">DML:8</h4>
<div class="paragraph">
<p>Goals</p>
</div>
<div class="paragraph">
<p>If the actor is part of a larger organized operation they may be receiving their goals from a higher level source or handler. Depending on how organized and sophisticated the adversary&#8217;s campaigns are, these goals may not even be shared with the operator(s) themselves. In cases of non-targeted threat actors, this may be much less organized or distributed.
Goals are nearly impossible to detect (directly) but they&#8217;re almost always the toughest question C-level leaders ask about post-breach. "Who was it and why?" These kinds of questions can never truthfully be answered unless you&#8217;re operating at Detection Maturity Level 8 against your adversary and can prove reliably that you know what their goals are. Short of that, it&#8217;s guessing at what the adversary&#8217;s true intentions were based on behavioral observations made at lower DMLs (e.g. data stolen, directories listed, employees or programs targeted, etc). I anticipate less than a handful of organizations truly operate at this level, consistently, against the threat actors they face because it&#8217;s nearly impossible to detect based on goals alone.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_7">7</h3>
<div class="literalblock">
<div class="content">
<pre> If the adversary's high level goal is to "replicate Acme Company's Super Awesome Product Foo in 2 years or less" their supporting strategies might include:
1. Implant physical persons into the companies that produce this technology, in positions with physical access to the information necessary to fulfill this goal.
2. Compromise these organizations via cyber attack, and exfiltrate data from the systems containing the information necessary to fulfill this goal.
For less targeted attacks, the strategy may be completely different, with shorter durations or different objectives. The important distinguishing factor about Goals (DML-8) and Strategy (DML-7) is that they are largely subjective in nature. They are very non-technical, and are often reflective of the adversary's (or their handler's) true intentions (and strategies for fulfilling those intentions). They represent what the adversary wants. For these reasons, they are not easily detectable via conventional cyber means for most private organizations. It's very common for DML-8 or DML-7 to not even be on the day-to-day radar of most Detection or Response specialists, and if they are it's typically in the context of having received a strategic intelligence report from an intelligence source about the adversary.</pre>
</div>
</div>
<div class="sect3">
<h4 id="_dml7">DML:7</h4>
<div class="paragraph">
<p>Strategy</p>
</div>
<div class="literalblock">
<div class="content">
<pre> If the adversary's high level goal is to "replicate Acme Company's Super Awesome Product Foo in 2 years or less" their supporting strategies might include:
1. Implant physical persons into the companies that produce this technology, in positions with physical access to the information necessary to fulfill this goal.
2. Compromise these organizations via cyber attack, and exfiltrate data from the systems containing the information necessary to fulfill this goal.
For less targeted attacks, the strategy may be completely different, with shorter durations or different objectives. The important distinguishing factor about Goals (DML-8) and Strategy (DML-7) is that they are largely subjective in nature. They are very non-technical, and are often reflective of the adversary's (or their handler's) true intentions (and strategies for fulfilling those intentions). They represent what the adversary wants. For these reasons, they are not easily detectable via conventional cyber means for most private organizations. It's very common for DML-8 or DML-7 to not even be on the day-to-day radar of most Detection or Response specialists, and if they are it's typically in the context of having received a strategic intelligence report from an intelligence source about the adversary.</pre>
</div>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_6">6</h3>
<div class="paragraph">
<p>To successfully operate at DML-6, one must be able to reliably detect a tactic being employed regardless of the Technique or Procedure used by the adversary, the Tools they chose to use, or the Artifacts and Atomic Indicators left behind as a result of employing the tactic. While this may sound impossible on the surface, it absolutely is possible. In nearly all cases, tactics are not detected directly by a single indicator or artifact serving as the smoking gun, or a single detection signature or analytic technique. Tactics become known only after observation of multiple activities in aggregate, with respect to time and circumstance. As a result, detection of tactics are usually done by skilled analysts, rather than technical correlation or analytics systems.</p>
</div>
<div class="sect3">
<h4 id="_dml6">DML:6</h4>
<div class="paragraph">
<p>Tactics</p>
</div>
<div class="paragraph">
<p>To successfully operate at DML-6, one must be able to reliably detect a tactic being employed regardless of the Technique or Procedure used by the adversary, the Tools they chose to use, or the Artifacts and Atomic Indicators left behind as a result of employing the tactic. While this may sound impossible on the surface, it absolutely is possible. In nearly all cases, tactics are not detected directly by a single indicator or artifact serving as the smoking gun, or a single detection signature or analytic technique. Tactics become known only after observation of multiple activities in aggregate, with respect to time and circumstance. As a result, detection of tactics are usually done by skilled analysts, rather than technical correlation or analytics systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_5">5</h3>
<div class="paragraph">
<p>From a maturity perspective, being able to detect an adversary&#8217;s techniques is superior to being able to detect their procedures. The primary difference being techniques are specific to an individual. So when respecting this distinction, the ability to detect a specific actor operating within your environment by technique exclusively is an advantage. The best analogy to this is a rifled barrel, which leaves uniquely identifiable characteristics in the side of a bullet. Because of this, ballistics specialists can forensically match a spent round to the exact weapon from which it was fired with a high degree of certainty. Not just any weapon by calibur or model, but the exact weapon used to fire that specific round. Human beings are creatures of habit, and most adversaries aren&#8217;t aware of the fact that every time they attack they&#8217;re leaving evidence of their personal techniques behind for us to find. The same applies for the tool builders writing the tools these adversaries use. It&#8217;s our obligation to find these distinctions and ensure we&#8217;re looking for them. It&#8217;s personal behavior and habits that are the hardest for humans to change, so put the hurt on your adversaries by finding creative ways to detect their behaviors and habits in your environment.</p>
</div>
<div class="sect3">
<h4 id="_dml5">DML:5</h4>
<div class="paragraph">
<p>Techniques</p>
</div>
<div class="paragraph">
<p>From a maturity perspective, being able to detect an adversary&#8217;s techniques is superior to being able to detect their procedures. The primary difference being techniques are specific to an individual. So when respecting this distinction, the ability to detect a specific actor operating within your environment by technique exclusively is an advantage. The best analogy to this is a rifled barrel, which leaves uniquely identifiable characteristics in the side of a bullet. Because of this, ballistics specialists can forensically match a spent round to the exact weapon from which it was fired with a high degree of certainty. Not just any weapon by calibur or model, but the exact weapon used to fire that specific round. Human beings are creatures of habit, and most adversaries aren&#8217;t aware of the fact that every time they attack they&#8217;re leaving evidence of their personal techniques behind for us to find. The same applies for the tool builders writing the tools these adversaries use. It&#8217;s our obligation to find these distinctions and ensure we&#8217;re looking for them. It&#8217;s personal behavior and habits that are the hardest for humans to change, so put the hurt on your adversaries by finding creative ways to detect their behaviors and habits in your environment.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_4">4</h3>
<div class="paragraph">
<p>Given today&#8217;s detection technology, and readily available correlation and analytics techniques, it&#8217;s amazing that more organizations haven&#8217;t reached Detection Maturity Level 4 for most of their adversaries. Procedures are one of the most effective ways of detecting adversary activity and can really inflict the most pain against lesser experienced "B-teams". In it&#8217;s most simple form, detecting a procedure is as simple as detecting a sequence of two or more of the individual steps employed by the actor. The goal here is to isolate activities that the adversary appears to perform methodically, two or more times during an incident.</p>
</div>
<div class="sect3">
<h4 id="_dml4">DML:4</h4>
<div class="paragraph">
<p>Procedures</p>
</div>
<div class="paragraph">
<p>Given today&#8217;s detection technology, and readily available correlation and analytics techniques, it&#8217;s amazing that more organizations haven&#8217;t reached Detection Maturity Level 4 for most of their adversaries. Procedures are one of the most effective ways of detecting adversary activity and can really inflict the most pain against lesser experienced "B-teams". In it&#8217;s most simple form, detecting a procedure is as simple as detecting a sequence of two or more of the individual steps employed by the actor. The goal here is to isolate activities that the adversary appears to perform methodically, two or more times during an incident.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_3">3</h3>
<div class="paragraph">
<p>Being able to detect at DML-3 means you can reliably detect the adversary&#8217;s tools, regardless of minor functionality changes to the tool, or the Artifacts or Atomic Indicators it may leave behind. Detecting tools falls into two main areas. The first is detecting the transfer and presence of the tool. This includes being able to observe the tool being transferred over the network, being able to locate it sitting at rest on a file system, or being able to identify it loaded in memory.
The second, and more important area of tool detection, is detecting the tool reliably by functionality. For example, let&#8217;s take a given webshell that has 25 functions. If we want to claim DML-3 level detection for this webshell we have to exercise each of those 25 functions and understand what each of them do. What do they look like at the host, network, and event log level when they are exercised? We then aim to build detections for as many of those 25 functions across those data domains as we possibly can, reliably, balancing false positives and other constraints. The reason behind this is simple, we want to be able to detect this version of the tool and as many future variants of the tool as we can by function that it performs. If the adversary decides to change up 5 of the 25 functions for which we have detections, we&#8217;re still detecting the entire tool. In order for the adversary to use this tool completely undetected in our environment, they&#8217;ll be forced to change every one of those functions; or at least the ones that we were able to reliably build detections against.</p>
</div>
<div class="sect3">
<h4 id="_dml3">DML:3</h4>
<div class="paragraph">
<p>Tools</p>
</div>
<div class="paragraph">
<p>Being able to detect at DML-3 means you can reliably detect the adversary&#8217;s tools, regardless of minor functionality changes to the tool, or the Artifacts or Atomic Indicators it may leave behind. Detecting tools falls into two main areas. The first is detecting the transfer and presence of the tool. This includes being able to observe the tool being transferred over the network, being able to locate it sitting at rest on a file system, or being able to identify it loaded in memory.
The second, and more important area of tool detection, is detecting the tool reliably by functionality. For example, let&#8217;s take a given webshell that has 25 functions. If we want to claim DML-3 level detection for this webshell we have to exercise each of those 25 functions and understand what each of them do. What do they look like at the host, network, and event log level when they are exercised? We then aim to build detections for as many of those 25 functions across those data domains as we possibly can, reliably, balancing false positives and other constraints. The reason behind this is simple, we want to be able to detect this version of the tool and as many future variants of the tool as we can by function that it performs. If the adversary decides to change up 5 of the 25 functions for which we have detections, we&#8217;re still detecting the entire tool. In order for the adversary to use this tool completely undetected in our environment, they&#8217;ll be forced to change every one of those functions; or at least the ones that we were able to reliably build detections against.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_2">2</h3>
<div class="paragraph">
<p>DML-2 is where most organizations spend too much of their resources; attempting to collect what they call "threat intelligence" in the form of Host &amp; Network Artifacts. The reality is, these are merely just indicators that are observed either during or after the attack. They&#8217;re like symptoms of the flu but not the flu itself. I often use the analogy "chasing the vapor trail" when I think of DML-2 because chasing after Host &amp; Network Artifacts is much like chasing the vapor trail behind an aircraft. We know the enemy aircraft is up there in front of us somewhere, if we just keep chasing this vapor trial we&#8217;ll eventually catch up to the aircraft and find our enemy right? Wrong. Having a mature detection and response program means your operating above DML-2 and you&#8217;re actually locked onto the aircraft itself. You know how it operates, you know what it&#8217;s capabilities are, you know the Tactics, Techniques, and Procedures of it&#8217;s pilot and you can almost predict what it&#8217;s next moves might be. This is precisely why good Cyber Intelligence Analysts will almost never attribute activity to a specific threat actor, group, or country based on just Host &amp; Network Artifacts alone; they understand this DML concept and realize when they&#8217;re likely just staring at the vapor trail. They understand that in reality the vapor trail (indicators) could be from any number of aircraft (tools), with any number of pilots (actors) behind the stick.</p>
</div>
<div class="sect3">
<h4 id="_dml2">DML:2</h4>
<div class="paragraph">
<p>Host &amp; Network Artifacts</p>
</div>
<div class="paragraph">
<p>DML-2 is where most organizations spend too much of their resources; attempting to collect what they call "threat intelligence" in the form of Host &amp; Network Artifacts. The reality is, these are merely just indicators that are observed either during or after the attack. They&#8217;re like symptoms of the flu but not the flu itself. I often use the analogy "chasing the vapor trail" when I think of DML-2 because chasing after Host &amp; Network Artifacts is much like chasing the vapor trail behind an aircraft. We know the enemy aircraft is up there in front of us somewhere, if we just keep chasing this vapor trial we&#8217;ll eventually catch up to the aircraft and find our enemy right? Wrong. Having a mature detection and response program means your operating above DML-2 and you&#8217;re actually locked onto the aircraft itself. You know how it operates, you know what it&#8217;s capabilities are, you know the Tactics, Techniques, and Procedures of it&#8217;s pilot and you can almost predict what it&#8217;s next moves might be. This is precisely why good Cyber Intelligence Analysts will almost never attribute activity to a specific threat actor, group, or country based on just Host &amp; Network Artifacts alone; they understand this DML concept and realize when they&#8217;re likely just staring at the vapor trail. They understand that in reality the vapor trail (indicators) could be from any number of aircraft (tools), with any number of pilots (actors) behind the stick.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_1">1</h3>
<div class="paragraph">
<p>These are the atomic particles that make up Host &amp; Network artifacts. If you&#8217;re detecting at Detection Maturity Level 1, it means you are probably taking "feeds of intel" from various sharing organizations and vendors in the form of lists, like domains and IP addresses, and feeding them into your detection technologies. Let me be clear on my position here. There are a few, and I mean a very precious few, circumstances where this makes sense and can be done reliably. These are edge cases where specific atomic indicators have a high enough "shelf life" where it makes sense to go ahead and create detection capabilities from them. Examples of this include unique strings found inside a binary, or perhaps an adversary is foolish enough to sit on the same recon, delivery, C2, or exfiltration infrastructure allowing you to detect reliably on their domain names or IP addresses. These might be viable cases where detecting on atomic indicator alone makes sense. Unfortunately, for the remaining 99% of the time, attempting to detect on this kind of data is suboptimal, for a number of reasons.</p>
</div>
<div class="sect3">
<h4 id="_dml1">DML:1</h4>
<div class="paragraph">
<p>Atomic IOCs</p>
</div>
<div class="paragraph">
<p>These are the atomic particles that make up Host &amp; Network artifacts. If you&#8217;re detecting at Detection Maturity Level 1, it means you are probably taking "feeds of intel" from various sharing organizations and vendors in the form of lists, like domains and IP addresses, and feeding them into your detection technologies. Let me be clear on my position here. There are a few, and I mean a very precious few, circumstances where this makes sense and can be done reliably. These are edge cases where specific atomic indicators have a high enough "shelf life" where it makes sense to go ahead and create detection capabilities from them. Examples of this include unique strings found inside a binary, or perhaps an adversary is foolish enough to sit on the same recon, delivery, C2, or exfiltration infrastructure allowing you to detect reliably on their domain names or IP addresses. These might be viable cases where detecting on atomic indicator alone makes sense. Unfortunately, for the remaining 99% of the time, attempting to detect on this kind of data is suboptimal, for a number of reasons.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_0">0</h3>
<div class="paragraph">
<p>For organizations who either don&#8217;t operate at DML-1 or higher, or they don&#8217;t even know where they operate on this scale, we have Detection Maturity Level - 0. Instead of pointing out all the negative things associated with this level, I&#8217;ll take the high road and lend a bit of positive encouragement. Congratulations, you are at ground zero. It can only get better from here.</p>
</div>
<div class="sect3">
<h4 id="_dml0">DML:0</h4>
<div class="paragraph">
<p>None or Unknown</p>
</div>
<div class="paragraph">
<p>For organizations who either don&#8217;t operate at DML-1 or higher, or they don&#8217;t even know where they operate on this scale, we have Detection Maturity Level - 0. Instead of pointing out all the negative things associated with this level, I&#8217;ll take the high road and lend a bit of positive encouragement. Congratulations, you are at ground zero. It can only get better from here.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_pap">PAP</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
PAP namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/PAP/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_red">RED</h3>
<div class="sect3">
<h4 id="_papred">PAP:RED</h4>
<div class="paragraph">
<p>(PAP:RED) Non-detectable actions only. Recipients may not use PAP:RED information on the network. Only passive actions on logs, that are not detectable from the outside.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_amber">AMBER</h3>
<div class="sect3">
<h4 id="_papamber">PAP:AMBER</h4>
<div class="paragraph">
<p>(PAP:AMBER) Passive cross check. Recipients may use PAP:AMBER information for conducting online checks, like using services provided by third parties (e.g. VirusTotal), or set up a monitoring honeypot.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_green">GREEN</h3>
<div class="sect3">
<h4 id="_papgreen">PAP:GREEN</h4>
<div class="paragraph">
<p>(PAP:GREEN) Active actions allowed. Recipients may use PAP:GREEN information to ping the target, block incoming/outgoing traffic from/to the target or specifically configure honeypots to interact with the target.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_white">WHITE</h3>
<div class="sect3">
<h4 id="_papwhite">PAP:WHITE</h4>
<div class="paragraph">
<p>(PAP:WHITE) No restrictions in using this information.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_access_method">access-method</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
access-method namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/access-method/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The access method used to remotely access a system.</p>
</div>
<div class="sect2">
<h3 id="_brute_force">brute-force</h3>
<div class="paragraph">
<p>Access was gained through systematic trial of credentials in bulk.</p>
</div>
<div class="sect3">
<h4 id="_access_methodbrute_force">access-method:brute-force</h4>
<div class="paragraph">
<p>Brute force</p>
</div>
<div class="paragraph">
<p>Access was gained through systematic trial of credentials in bulk.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_password_guessing">password-guessing</h3>
<div class="paragraph">
<p>Access was gained through guessing passwords through trial and error.</p>
</div>
<div class="sect3">
<h4 id="_access_methodpassword_guessing">access-method:password-guessing</h4>
<div class="paragraph">
<p>Password guessing</p>
</div>
<div class="paragraph">
<p>Access was gained through guessing passwords through trial and error.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_remote_desktop_application">remote-desktop-application</h3>
<div class="paragraph">
<p>Access was gained through an application designed for remote access.</p>
</div>
<div class="sect3">
<h4 id="_access_methodremote_desktop_application">access-method:remote-desktop-application</h4>
<div class="paragraph">
<p>Remote desktop application</p>
</div>
<div class="paragraph">
<p>Access was gained through an application designed for remote access.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_stolen_credentials">stolen-credentials</h3>
<div class="paragraph">
<p>Access was gained with stolen credentials.</p>
</div>
<div class="sect3">
<h4 id="_access_methodstolen_credentials">access-method:stolen-credentials</h4>
<div class="paragraph">
<p>Stolen credentials</p>
</div>
<div class="paragraph">
<p>Access was gained with stolen credentials.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_pass_the_hash">pass-the-hash</h3>
<div class="paragraph">
<p>Access was gained through use of an existing known hash.</p>
</div>
<div class="sect3">
<h4 id="_access_methodpass_the_hash">access-method:pass-the-hash</h4>
<div class="paragraph">
<p>Pass the hash</p>
</div>
<div class="paragraph">
<p>Access was gained through use of an existing known hash.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_default_credentials">default-credentials</h3>
<div class="paragraph">
<p>Access was gained through use of the system&#8217;s default credentials.</p>
</div>
<div class="sect3">
<h4 id="_access_methoddefault_credentials">access-method:default-credentials</h4>
<div class="paragraph">
<p>Default credentials</p>
</div>
<div class="paragraph">
<p>Access was gained through use of the system&#8217;s default credentials.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_shell">shell</h3>
<div class="paragraph">
<p>Access was gained through the use of a shell.</p>
</div>
<div class="sect3">
<h4 id="_access_methodshell">access-method:shell</h4>
<div class="paragraph">
<p>Shell</p>
</div>
<div class="paragraph">
<p>Access was gained through the use of a shell.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_2">other</h3>
<div class="paragraph">
<p>Access was gained through another method.</p>
</div>
<div class="sect3">
<h4 id="_access_methodother">access-method:other</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Access was gained through another method.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_accessnow">accessnow</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
accessnow namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/accessnow/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Access Now classification to classify an issue (such as security, human rights, youth rights).</p>
</div>
<div class="sect2">
<h3 id="_anti_corruption_transparency">anti-corruption-transparency</h3>
<div class="paragraph">
<p>The organization campaigns, or takes other actions against corruption and transparency.</p>
</div>
<div class="sect3">
<h4 id="_accessnowanti_corruption_transparency">accessnow:anti-corruption-transparency</h4>
<div class="paragraph">
<p>Anti-Corruption and transparency</p>
</div>
<div class="paragraph">
<p>The organization campaigns, or takes other actions against corruption and transparency.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_anti_war_violence">anti-war-violence</h3>
<div class="paragraph">
<p>The organization campaigns, or takes other actions against war</p>
</div>
<div class="sect3">
<h4 id="_accessnowanti_war_violence">accessnow:anti-war-violence</h4>
<div class="paragraph">
<p>Anti-War / Anti-Violence</p>
</div>
<div class="paragraph">
<p>The organization campaigns, or takes other actions against war</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_culture">culture</h3>
<div class="paragraph">
<p>The organization campaigns or acts to promote cultural events</p>
</div>
<div class="sect3">
<h4 id="_accessnowculture">accessnow:culture</h4>
<div class="paragraph">
<p>Culture</p>
</div>
<div class="paragraph">
<p>The organization campaigns or acts to promote cultural events</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_economic_change">economic-change</h3>
<div class="paragraph">
<p>Issues of economic policy, wealth distribution, etc.</p>
</div>
<div class="sect3">
<h4 id="_accessnoweconomic_change">accessnow:economic-change</h4>
<div class="paragraph">
<p>Economic Change</p>
</div>
<div class="paragraph">
<p>Issues of economic policy, wealth distribution, etc.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_education">education</h3>
<div class="paragraph">
<p>The organization is concerned with some form of education</p>
</div>
<div class="sect3">
<h4 id="_accessnoweducation">accessnow:education</h4>
<div class="paragraph">
<p>Education</p>
</div>
<div class="paragraph">
<p>The organization is concerned with some form of education</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_election_monitoring">election-monitoring</h3>
<div class="paragraph">
<p>The organization is an election monitor, or involved in election monitoring</p>
</div>
<div class="sect3">
<h4 id="_accessnowelection_monitoring">accessnow:election-monitoring</h4>
<div class="paragraph">
<p>Election Monitoring</p>
</div>
<div class="paragraph">
<p>The organization is an election monitor, or involved in election monitoring</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_environment">environment</h3>
<div class="paragraph">
<p>The organization campaigns or acts to protect the environment</p>
</div>
<div class="sect3">
<h4 id="_accessnowenvironment">accessnow:environment</h4>
<div class="paragraph">
<p>Environment</p>
</div>
<div class="paragraph">
<p>The organization campaigns or acts to protect the environment</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_freedom_expression">freedom-expression</h3>
<div class="paragraph">
<p>The organization is concerned with freedom of speech issues</p>
</div>
<div class="sect3">
<h4 id="_accessnowfreedom_expression">accessnow:freedom-expression</h4>
<div class="paragraph">
<p>Freedom of Expression</p>
</div>
<div class="paragraph">
<p>The organization is concerned with freedom of speech issues</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_freedom_tool_development">freedom-tool-development</h3>
<div class="paragraph">
<p>The organization develops tools for use in defending or extending digital rights</p>
</div>
<div class="sect3">
<h4 id="_accessnowfreedom_tool_development">accessnow:freedom-tool-development</h4>
<div class="paragraph">
<p>Freedom Tool Development</p>
</div>
<div class="paragraph">
<p>The organization develops tools for use in defending or extending digital rights</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_funding">funding</h3>
<div class="literalblock">
<div class="content">
<pre>The organization is a funder of organizations or projects working with at risk users</pre>
</div>
</div>
<div class="sect3">
<h4 id="_accessnowfunding">accessnow:funding</h4>
<div class="paragraph">
<p>Funding</p>
</div>
<div class="literalblock">
<div class="content">
<pre>The organization is a funder of organizations or projects working with at risk users</pre>
</div>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_health">health</h3>
<div class="paragraph">
<p>The organization prevents epidemic illness or acts on curing them</p>
</div>
<div class="sect3">
<h4 id="_accessnowhealth">accessnow:health</h4>
<div class="paragraph">
<p>Health Issues</p>
</div>
<div class="paragraph">
<p>The organization prevents epidemic illness or acts on curing them</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_human_rights">human-rights</h3>
<div class="paragraph">
<p>relating to the detection, recording, exposure, or challenging of abuses of human rights</p>
</div>
<div class="sect3">
<h4 id="_accessnowhuman_rights">accessnow:human-rights</h4>
<div class="paragraph">
<p>Human Rights Issues</p>
</div>
<div class="paragraph">
<p>relating to the detection, recording, exposure, or challenging of abuses of human rights</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_internet_telecom">internet-telecom</h3>
<div class="paragraph">
<p>Issues of digital rights in electronic communications</p>
</div>
<div class="sect3">
<h4 id="_accessnowinternet_telecom">accessnow:internet-telecom</h4>
<div class="paragraph">
<p>Internet and Telecoms</p>
</div>
<div class="paragraph">
<p>Issues of digital rights in electronic communications</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_lgbt_gender_sexuality">lgbt-gender-sexuality</h3>
<div class="paragraph">
<p>Issues relating to the Lesbian, Gay, Bi, Transgender community</p>
</div>
<div class="sect3">
<h4 id="_accessnowlgbt_gender_sexuality">accessnow:lgbt-gender-sexuality</h4>
<div class="paragraph">
<p>LGBT / Gender / Sexuality</p>
</div>
<div class="paragraph">
<p>Issues relating to the Lesbian, Gay, Bi, Transgender community</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_policy">policy</h3>
<div class="paragraph">
<p>The organization is a policy think-tank, or policy advocate</p>
</div>
<div class="sect3">
<h4 id="_accessnowpolicy">accessnow:policy</h4>
<div class="paragraph">
<p>Policy</p>
</div>
<div class="paragraph">
<p>The organization is a policy think-tank, or policy advocate</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_politics">politics</h3>
<div class="paragraph">
<p>The organization takes a strong political view or is a political entity</p>
</div>
<div class="sect3">
<h4 id="_accessnowpolitics">accessnow:politics</h4>
<div class="paragraph">
<p>Politics</p>
</div>
<div class="paragraph">
<p>The organization takes a strong political view or is a political entity</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_privacy">privacy</h3>
<div class="paragraph">
<p>Issues relating to the individual&#8217;s reasonable right to privacy</p>
</div>
<div class="sect3">
<h4 id="_accessnowprivacy">accessnow:privacy</h4>
<div class="paragraph">
<p>Privacy</p>
</div>
<div class="paragraph">
<p>Issues relating to the individual&#8217;s reasonable right to privacy</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_rapid_response">rapid-response</h3>
<div class="paragraph">
<p>The organization provides rapid response type capability for civil society</p>
</div>
<div class="sect3">
<h4 id="_accessnowrapid_response">accessnow:rapid-response</h4>
<div class="paragraph">
<p>Rapid Response</p>
</div>
<div class="paragraph">
<p>The organization provides rapid response type capability for civil society</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_refugees">refugees</h3>
<div class="paragraph">
<p>Issues relating to displaced people</p>
</div>
<div class="sect3">
<h4 id="_accessnowrefugees">accessnow:refugees</h4>
<div class="paragraph">
<p>Refugees</p>
</div>
<div class="paragraph">
<p>Issues relating to displaced people</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_security">security</h3>
<div class="paragraph">
<p>Issues relating to physical or information security</p>
</div>
<div class="sect3">
<h4 id="_accessnowsecurity">accessnow:security</h4>
<div class="paragraph">
<p>Security</p>
</div>
<div class="paragraph">
<p>Issues relating to physical or information security</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_womens_right">womens-right</h3>
<div class="paragraph">
<p>Issues pertaining to inequality between men and women, or issues of particular relevance to women</p>
</div>
<div class="sect3">
<h4 id="_accessnowwomens_right">accessnow:womens-right</h4>
<div class="paragraph">
<p>Women&#8217;s Rights</p>
</div>
<div class="paragraph">
<p>Issues pertaining to inequality between men and women, or issues of particular relevance to women</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_youth_rights">youth-rights</h3>
<div class="paragraph">
<p>Issues of particular relevance to youth</p>
</div>
<div class="sect3">
<h4 id="_accessnowyouth_rights">accessnow:youth-rights</h4>
<div class="paragraph">
<p>Youth Rights</p>
</div>
<div class="paragraph">
<p>Issues of particular relevance to youth</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_action_taken">action-taken</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
action-taken namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/action-taken/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Action taken in the case of a security incident (CSIRT perspective).</p>
</div>
<div class="sect2">
<h3 id="_informed_isphosting_service_provider">informed ISP/Hosting Service Provider</h3>
<div class="sect3">
<h4 id="_action_takeninformed_isphosting_service_provider">action-taken:informed ISP/Hosting Service Provider</h4>
<div class="paragraph">
<p>Informed ISP/Hosting Service Provider</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_informed_registrar">informed Registrar</h3>
<div class="sect3">
<h4 id="_action_takeninformed_registrar">action-taken:informed Registrar</h4>
<div class="paragraph">
<p>Informed Registrar</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_informed_registrant">informed Registrant</h3>
<div class="sect3">
<h4 id="_action_takeninformed_registrant">action-taken:informed Registrant</h4>
<div class="paragraph">
<p>Informed Registrant</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_informed_abuse_contact_domain">informed abuse-contact (domain)</h3>
<div class="sect3">
<h4 id="_action_takeninformed_abuse_contact_domain">action-taken:informed abuse-contact (domain)</h4>
<div class="paragraph">
<p>Informed abuse-contact (domain)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_informed_abuse_contact_ip">informed abuse-contact (IP)</h3>
<div class="sect3">
<h4 id="_action_takeninformed_abuse_contact_ip">action-taken:informed abuse-contact (IP)</h4>
<div class="paragraph">
<p>Informed abuse-contact (IP)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_informed_legal_department">informed legal department</h3>
<div class="sect3">
<h4 id="_action_takeninformed_legal_department">action-taken:informed legal department</h4>
<div class="paragraph">
<p>Informed legal department</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_admiralty_scale">admiralty-scale</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
admiralty-scale namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/admiralty-scale/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.</p>
</div>
<div class="sect2">
<h3 id="_source_reliability">source-reliability</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_admiralty_scalesource_reliabilitya">admiralty-scale:source-reliability="a"</h4>
<div class="paragraph">
<p>Completely reliable</p>
</div>
<div class="paragraph">
<p>No doubt of authenticity, trustworthiness, or competency; has a history of complete reliability</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scalesource_reliabilityb">admiralty-scale:source-reliability="b"</h4>
<div class="paragraph">
<p>Usually reliable</p>
</div>
<div class="paragraph">
<p>Minor doubt about authenticity, trustworthiness, or competency; has a history of valid information most of the time</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scalesource_reliabilityc">admiralty-scale:source-reliability="c"</h4>
<div class="paragraph">
<p>Fairly reliable</p>
</div>
<div class="paragraph">
<p>Doubt of authenticity, trustworthiness, or competency but has provided valid information in the past</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scalesource_reliabilityd">admiralty-scale:source-reliability="d"</h4>
<div class="paragraph">
<p>Not usually reliable</p>
</div>
<div class="paragraph">
<p>Significant doubt about authenticity, trustworthiness, or co mpetency but has provided valid information in the past</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scalesource_reliabilitye">admiralty-scale:source-reliability="e"</h4>
<div class="paragraph">
<p>Unreliable</p>
</div>
<div class="paragraph">
<p>Lacking in authenticity, trustworthiness, and competency; history of invalid information</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scalesource_reliabilityf">admiralty-scale:source-reliability="f"</h4>
<div class="paragraph">
<p>Reliability cannot be judged</p>
</div>
<div class="paragraph">
<p>No basis exists for evaluating the reliability of the source</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scalesource_reliabilityg">admiralty-scale:source-reliability="g"</h4>
<div class="paragraph">
<p>Deliberatly deceptive</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_credibility">information-credibility</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_admiralty_scaleinformation_credibility1">admiralty-scale:information-credibility="1"</h4>
<div class="paragraph">
<p>Confirmed by other sources</p>
</div>
<div class="paragraph">
<p>Confirmed by other independent sources; logical in itself; Consistent with other information on the subject</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scaleinformation_credibility2">admiralty-scale:information-credibility="2"</h4>
<div class="paragraph">
<p>Probably true</p>
</div>
<div class="paragraph">
<p>Not confirmed; logical in itself; consistent with other information on the subject</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scaleinformation_credibility3">admiralty-scale:information-credibility="3"</h4>
<div class="paragraph">
<p>Possibly true</p>
</div>
<div class="paragraph">
<p>Not confirmed; reasonably logical in itself; agrees with some other information on the subject</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scaleinformation_credibility4">admiralty-scale:information-credibility="4"</h4>
<div class="paragraph">
<p>Doubtful</p>
</div>
<div class="paragraph">
<p>Not confirmed; possible but not logical ; no other information on the subject</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scaleinformation_credibility5">admiralty-scale:information-credibility="5"</h4>
<div class="paragraph">
<p>Improbable</p>
</div>
<div class="paragraph">
<p>Not confirmed; not logical in itself; contradicted by other information on the subject</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scaleinformation_credibility6">admiralty-scale:information-credibility="6"</h4>
<div class="paragraph">
<p>Truth cannot be judged</p>
</div>
<div class="paragraph">
<p>No basis exists for evaluating the validity of the information</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_adversary">adversary</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
adversary namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/adversary/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>An overview and description of the adversary infrastructure</p>
</div>
<div class="sect2">
<h3 id="_infrastructure_status">infrastructure-status</h3>
<div class="sect3">
<h4 id="_adversaryinfrastructure_statusunknown">adversary:infrastructure-status="unknown"</h4>
<div class="paragraph">
<p>Infrastructure ownership and status is unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_statuscompromised">adversary:infrastructure-status="compromised"</h4>
<div class="paragraph">
<p>Infrastructure compromised by or in the benefit of the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_statusown_and_operated">adversary:infrastructure-status="own-and-operated"</h4>
<div class="paragraph">
<p>Infrastructure own and operated by the adversary</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure_action">infrastructure-action</h3>
<div class="sect3">
<h4 id="_adversaryinfrastructure_actionpassive_only">adversary:infrastructure-action="passive-only"</h4>
<div class="paragraph">
<p>Only passive requests shall be performed to avoid detection by the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_actiontake_down">adversary:infrastructure-action="take-down"</h4>
<div class="paragraph">
<p>Take down requests can be performed in order to deactivate the adversary infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_actionmonitoring_active">adversary:infrastructure-action="monitoring-active"</h4>
<div class="paragraph">
<p>Monitoring requests are ongoing on the adversary infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_actionpending_law_enforcement_request">adversary:infrastructure-action="pending-law-enforcement-request"</h4>
<div class="paragraph">
<p>Law enforcement requests are ongoing on the adversary infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_actionsinkholed">adversary:infrastructure-action="sinkholed"</h4>
<div class="paragraph">
<p>Infrastructure of the adversary is sinkholed and information is collected</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure_state">infrastructure-state</h3>
<div class="sect3">
<h4 id="_adversaryinfrastructure_stateunknown">adversary:infrastructure-state="unknown"</h4>
<div class="paragraph">
<p>Infrastructure state is unknown or cannot be evaluated</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_stateactive">adversary:infrastructure-state="active"</h4>
<div class="paragraph">
<p>Infrastructure state is active and actively used by the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_statedown">adversary:infrastructure-state="down"</h4>
<div class="paragraph">
<p>Infrastructure state is known to be down</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure_type">infrastructure-type</h3>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typeunknown">adversary:infrastructure-type="unknown"</h4>
<div class="paragraph">
<p>Infrastructure usage by the adversary is unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typeproxy">adversary:infrastructure-type="proxy"</h4>
<div class="paragraph">
<p>Infrastructure used as proxy between the target and the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typedrop_zone">adversary:infrastructure-type="drop-zone"</h4>
<div class="paragraph">
<p>Infrastructure used by the adversary to store information related to his campaigns</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typeexploit_distribution_point">adversary:infrastructure-type="exploit-distribution-point"</h4>
<div class="paragraph">
<p>Infrastructure used to distribute exploit towards target(s)</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typevpn">adversary:infrastructure-type="vpn"</h4>
<div class="paragraph">
<p>Infrastructure used by the adversary as Virtual Private Network to hide activities and reduce the traffic analysis surface</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typepanel">adversary:infrastructure-type="panel"</h4>
<div class="paragraph">
<p>Panel used by the adversary to control or maintain his infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typetds">adversary:infrastructure-type="tds"</h4>
<div class="paragraph">
<p>Traffic Distribution Systems including exploit delivery or/and web monetization channels</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversaryinfrastructure_typec2">adversary:infrastructure-type="c2"</h4>
<div class="paragraph">
<p>C2 infrastructure without known specific type.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ais_marking">ais-marking</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ais-marking namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ais-marking/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS)</p>
</div>
<div class="sect2">
<h3 id="_tlpmarking">TLPMarking</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_ais_markingtlpmarkingwhite">ais-marking:TLPMarking="WHITE"</h4>
<div class="paragraph">
<p>WHITE</p>
</div>
</div>
<div class="sect3">
<h4 id="_ais_markingtlpmarkinggreen">ais-marking:TLPMarking="GREEN"</h4>
<div class="paragraph">
<p>GREEN</p>
</div>
</div>
<div class="sect3">
<h4 id="_ais_markingtlpmarkingamber">ais-marking:TLPMarking="AMBER"</h4>
<div class="paragraph">
<p>AMBER</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_aisconsent">AISConsent</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_ais_markingaisconsenteveryone">ais-marking:AISConsent="EVERYONE"</h4>
<div class="paragraph">
<p>EVERYONE</p>
</div>
</div>
<div class="sect3">
<h4 id="_ais_markingaisconsentusg">ais-marking:AISConsent="USG"</h4>
<div class="paragraph">
<p>USG</p>
</div>
</div>
<div class="sect3">
<h4 id="_ais_markingaisconsentnone">ais-marking:AISConsent="NONE"</h4>
<div class="paragraph">
<p>NONE</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cisa_proprietary">CISA_Proprietary</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_ais_markingcisa_proprietarytrue">ais-marking:CISA_Proprietary="true"</h4>
<div class="paragraph">
<p>true</p>
</div>
</div>
<div class="sect3">
<h4 id="_ais_markingcisa_proprietaryfalse">ais-marking:CISA_Proprietary="false"</h4>
<div class="paragraph">
<p>false</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_aismarking">AISMarking</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_ais_markingaismarkingis_proprietary">ais-marking:AISMarking="Is_Proprietary"</h4>
<div class="paragraph">
<p>Is_Proprietary</p>
</div>
</div>
<div class="sect3">
<h4 id="_ais_markingaismarkingnot_proprietary">ais-marking:AISMarking="Not_Proprietary"</h4>
<div class="paragraph">
<p>Not_Proprietary</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_analyst_assessment">analyst-assessment</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
analyst-assessment namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/analyst-assessment/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A series of assessment predicates describing the analyst capabilities to perform analysis. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst.</p>
</div>
<div class="sect2">
<h3 id="_experience">experience</h3>
<div class="paragraph">
<p>The analyst experience expressed in years range in the field tagged. The year range is based on a standard 40-hour work week.</p>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentexperienceless_than_1_year">analyst-assessment:experience="less-than-1-year"</h4>
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentexperiencebetween_1_and_5_years">analyst-assessment:experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentexperiencebetween_5_and_10_years">analyst-assessment:experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="60"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentexperiencebetween_10_and_20_years">analyst-assessment:experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentexperiencemore_than_20_years">analyst-assessment:experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_binary_reversing_arch">binary-reversing-arch</h3>
<div class="paragraph">
<p>Architecture that the analyst has experience with.</p>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_archx86">analyst-assessment:binary-reversing-arch="x86"</h4>
<div class="paragraph">
<p>x86-32 &amp; x86-64</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_archarm">analyst-assessment:binary-reversing-arch="arm"</h4>
<div class="paragraph">
<p>ARM &amp; ARM-64</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_archmips">analyst-assessment:binary-reversing-arch="mips"</h4>
<div class="paragraph">
<p>mips &amp; mips-64</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_archpowerpc">analyst-assessment:binary-reversing-arch="powerpc"</h4>
<div class="paragraph">
<p>PowerPC</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_binary_reversing_experience">binary-reversing-experience</h3>
<div class="paragraph">
<p>The analyst experience in reversing expressed in years range in the field tagged. The year range is based on a standard 40-hour work week.</p>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_experienceless_than_1_year">analyst-assessment:binary-reversing-experience="less-than-1-year"</h4>
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_experiencebetween_1_and_5_years">analyst-assessment:binary-reversing-experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_experiencebetween_5_and_10_years">analyst-assessment:binary-reversing-experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="60"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_experiencebetween_10_and_20_years">analyst-assessment:binary-reversing-experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentbinary_reversing_experiencemore_than_20_years">analyst-assessment:binary-reversing-experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_os">os</h3>
<div class="paragraph">
<p>Operating System that the analyst has experience with.</p>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentoswindows">analyst-assessment:os="windows"</h4>
<div class="paragraph">
<p>Current Microsoft Windows system</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentoslinux">analyst-assessment:os="linux"</h4>
<div class="paragraph">
<p>GNU/linux derivative OS</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentosios">analyst-assessment:os="ios"</h4>
<div class="paragraph">
<p>Current IOS</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentosmacos">analyst-assessment:os="macos"</h4>
<div class="paragraph">
<p>Current Apple OS</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentosandroid">analyst-assessment:os="android"</h4>
<div class="paragraph">
<p>Current Android OS</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentosbsd">analyst-assessment:os="bsd"</h4>
<div class="paragraph">
<p>BSD</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_web">web</h3>
<div class="paragraph">
<p>Web application vulnerabilities and technique that the analyst has experience with.</p>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentwebipex">analyst-assessment:web="ipex"</h4>
<div class="paragraph">
<p>Inter-protocol exploitations</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentwebcommon">analyst-assessment:web="common"</h4>
<div class="paragraph">
<p>Common vulnerabilities as SQL injections, CSRF, XSS, CSP bypasses, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentwebjs_desobfuscation">analyst-assessment:web="js-desobfuscation"</h4>
<div class="paragraph">
<p>De-obfuscation of Javascript payloads</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_web_experience">web-experience</h3>
<div class="paragraph">
<p>The analyst experience expressed to web application security in years range in the field tagged.</p>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentweb_experienceless_than_1_year">analyst-assessment:web-experience="less-than-1-year"</h4>
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentweb_experiencebetween_1_and_5_years">analyst-assessment:web-experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentweb_experiencebetween_5_and_10_years">analyst-assessment:web-experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="60"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentweb_experiencebetween_10_and_20_years">analyst-assessment:web-experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentweb_experiencemore_than_20_years">analyst-assessment:web-experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_crypto_experience">crypto-experience</h3>
<div class="paragraph">
<p>The analyst experience related to cryptography expressed in years range in the field tagged.</p>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentcrypto_experienceless_than_1_year">analyst-assessment:crypto-experience="less-than-1-year"</h4>
<div class="paragraph">
<p>Less than 1 year</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentcrypto_experiencebetween_1_and_5_years">analyst-assessment:crypto-experience="between-1-and-5-years"</h4>
<div class="paragraph">
<p>Between 1 and 5 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentcrypto_experiencebetween_5_and_10_years">analyst-assessment:crypto-experience="between-5-and-10-years"</h4>
<div class="paragraph">
<p>Between 5 and 10 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="60"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentcrypto_experiencebetween_10_and_20_years">analyst-assessment:crypto-experience="between-10-and-20-years"</h4>
<div class="paragraph">
<p>Between 10 and 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
<div class="sect3">
<h4 id="_analyst_assessmentcrypto_experiencemore_than_20_years">analyst-assessment:crypto-experience="more-than-20-years"</h4>
<div class="paragraph">
<p>More than 20 years</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_approved_category_of_action">approved-category-of-action</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
approved-category-of-action namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/approved-category-of-action/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A pre-approved category of action for indicators being shared with partners (MIMIC).</p>
</div>
<div class="sect2">
<h3 id="_cat1">cat1</h3>
<div class="paragraph">
<p>Minimal Exposure - Passive Collection: CAT 1 actions provide the least exposure of an indicator, either through adversary observation or disclosure. Usage of the indicator is restricted to passive monitoring on Government or Cleared Partner networks, or through a classified passive capability or Operation. CAT 1 actions do not interact with or affect malicious network traffic.</p>
</div>
<div class="sect3">
<h4 id="_approved_category_of_actioncat1">approved-category-of-action:cat1</h4>
<div class="paragraph">
<p>Cat1</p>
</div>
<div class="paragraph">
<p>Minimal Exposure - Passive Collection: CAT 1 actions provide the least exposure of an indicator, either through adversary observation or disclosure. Usage of the indicator is restricted to passive monitoring on Government or Cleared Partner networks, or through a classified passive capability or Operation. CAT 1 actions do not interact with or affect malicious network traffic.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cat2">cat2</h3>
<div class="paragraph">
<p>Moderate Exposure - Government or Cleared Partner Internal Active Collection: CAT 2 actions expose the usage of an indicator through non-disruptive collection techniques which require interactions with an adversary, within Government or Cleared Partner networks. While it is not the intent to disrupt the adversary it is possible that an adversary may discover they are subject to such techniques.</p>
</div>
<div class="sect3">
<h4 id="_approved_category_of_actioncat2">approved-category-of-action:cat2</h4>
<div class="paragraph">
<p>Cat2</p>
</div>
<div class="paragraph">
<p>Moderate Exposure - Government or Cleared Partner Internal Active Collection: CAT 2 actions expose the usage of an indicator through non-disruptive collection techniques which require interactions with an adversary, within Government or Cleared Partner networks. While it is not the intent to disrupt the adversary it is possible that an adversary may discover they are subject to such techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cat3">cat3</h3>
<div class="paragraph">
<p>Moderate Exposure - Government or Cleared Partner Internal Countermeasures: CAT 3 actions expose the usage of an indicator through inward-facing countermeasures. Malicious network traffic is affected in some manner, however the results are not directly observable to the adversary or external parties and is, therefore, more difficult to attribute as a deliberate action. Usage of the indicator is restricted to Government and Cleared Partner networks, or a classified capability or Operation. This implies a lower likelihood for non-approved disclosures.</p>
</div>
<div class="sect3">
<h4 id="_approved_category_of_actioncat3">approved-category-of-action:cat3</h4>
<div class="paragraph">
<p>Cat3</p>
</div>
<div class="paragraph">
<p>Moderate Exposure - Government or Cleared Partner Internal Countermeasures: CAT 3 actions expose the usage of an indicator through inward-facing countermeasures. Malicious network traffic is affected in some manner, however the results are not directly observable to the adversary or external parties and is, therefore, more difficult to attribute as a deliberate action. Usage of the indicator is restricted to Government and Cleared Partner networks, or a classified capability or Operation. This implies a lower likelihood for non-approved disclosures.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cat4">cat4</h3>
<div class="paragraph">
<p>Moderate Exposure - Government Actions on External Networks: CAT 4 actions expose the usage of an indicator through actions which occur on internet accessible networks, without the authorization of the network or information owner. Such actions are conducted as classified Operations under the auspices of national legislative and compliance provisions. Action consequences are observable to the adversary and other, public parties and it is possible they may be attributed as Government sanctioned actions.</p>
</div>
<div class="sect3">
<h4 id="_approved_category_of_actioncat4">approved-category-of-action:cat4</h4>
<div class="paragraph">
<p>Cat4</p>
</div>
<div class="paragraph">
<p>Moderate Exposure - Government Actions on External Networks: CAT 4 actions expose the usage of an indicator through actions which occur on internet accessible networks, without the authorization of the network or information owner. Such actions are conducted as classified Operations under the auspices of national legislative and compliance provisions. Action consequences are observable to the adversary and other, public parties and it is possible they may be attributed as Government sanctioned actions.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cat5">cat5</h3>
<div class="paragraph">
<p>High Exposure - Public Actions Which Enable Internal Countermeasures: CAT 5 actions expose the usage of an indicator through the public release of information which enables internal actions on networks not owned and controlled by the Government (i.e. industry, commercial or foreign governments). These actions are official public releases and are attributable as Government sanctioned actions.</p>
</div>
<div class="sect3">
<h4 id="_approved_category_of_actioncat5">approved-category-of-action:cat5</h4>
<div class="paragraph">
<p>Cat5</p>
</div>
<div class="paragraph">
<p>High Exposure - Public Actions Which Enable Internal Countermeasures: CAT 5 actions expose the usage of an indicator through the public release of information which enables internal actions on networks not owned and controlled by the Government (i.e. industry, commercial or foreign governments). These actions are official public releases and are attributable as Government sanctioned actions.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cat6">cat6</h3>
<div class="paragraph">
<p>High Exposure - Actions on Adversary Infrastructure: CAT 6 actions expose the usage of an indicator through actions which occur on adversary owned networks, without the authorization of the network or information owner. Such actions are conducted as classified Operations under the auspices of national legislative and compliance provisions. Action consequences are observable to the adversary, and possibly other public parties, and it is possible they may deduce this as FVEY action.</p>
</div>
<div class="sect3">
<h4 id="_approved_category_of_actioncat6">approved-category-of-action:cat6</h4>
<div class="paragraph">
<p>Cat6</p>
</div>
<div class="paragraph">
<p>High Exposure - Actions on Adversary Infrastructure: CAT 6 actions expose the usage of an indicator through actions which occur on adversary owned networks, without the authorization of the network or information owner. Such actions are conducted as classified Operations under the auspices of national legislative and compliance provisions. Action consequences are observable to the adversary, and possibly other public parties, and it is possible they may deduce this as FVEY action.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_binary_class">binary-class</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
binary-class namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/binary-class/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Custom taxonomy for types of binary file.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_type">type</h3>
<div class="sect3">
<h4 id="_binary_classtypegood">binary-class:type="good"</h4>
<div class="paragraph">
<p>Known Good/Safe</p>
</div>
</div>
<div class="sect3">
<h4 id="_binary_classtypemalicious">binary-class:type="malicious"</h4>
<div class="paragraph">
<p>Known Bad/Malicious</p>
</div>
</div>
<div class="sect3">
<h4 id="_binary_classtypeunknown">binary-class:type="unknown"</h4>
<div class="paragraph">
<p>Not yet known</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_cccs">cccs</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cccs namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/cccs/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Internal taxonomy for CCCS.</p>
</div>
<div class="sect2">
<h3 id="_event">event</h3>
<div class="paragraph">
<p>Type of event associated to the internal reference</p>
</div>
<div class="sect3">
<h4 id="_cccseventbeacon">cccs:event="beacon"</h4>
<div class="paragraph">
<p>Beacon</p>
</div>
<div class="paragraph">
<p>A host infected with malware is connecting to threat actor owned infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventbrowser_based_exploitation">cccs:event="browser-based-exploitation"</h4>
<div class="paragraph">
<p>Browser based exploitation</p>
</div>
<div class="paragraph">
<p>A browser component is being exploited in order to infect a host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventdos">cccs:event="dos"</h4>
<div class="paragraph">
<p>Dos</p>
</div>
<div class="paragraph">
<p>An attack in which the goal is to disrupt access to a host or resource.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventemail">cccs:event="email"</h4>
<div class="paragraph">
<p>Email</p>
</div>
<div class="paragraph">
<p>Malicious emails sent to a department (baiting, content delivery, phishing).</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventexfiltration">cccs:event="exfiltration"</h4>
<div class="paragraph">
<p>Exfiltration</p>
</div>
<div class="paragraph">
<p>Unauthorized transfer of data from a target&#8217;s network to a location a threat actor controls.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventgeneric_event">cccs:event="generic-event"</h4>
<div class="paragraph">
<p>Generic event</p>
</div>
<div class="paragraph">
<p>Represents a collection of virtually identical events within a range of time.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventimproper_usage">cccs:event="improper-usage"</h4>
<div class="paragraph">
<p>Improper usage</p>
</div>
<div class="paragraph">
<p>Technology used in a way that compromises security or violates policy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventmalware_artifacts">cccs:event="malware-artifacts"</h4>
<div class="paragraph">
<p>Malware artifacts</p>
</div>
<div class="paragraph">
<p>Signs of the presence of malware observed on a host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventmalware_download">cccs:event="malware-download"</h4>
<div class="paragraph">
<p>Malware download</p>
</div>
<div class="paragraph">
<p>Malware was transferred (downloaded/uploaded) to a host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventphishing">cccs:event="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Information or credentials disclosed to a threat actor.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventremote_access">cccs:event="remote-access"</h4>
<div class="paragraph">
<p>Remote access</p>
</div>
<div class="paragraph">
<p>A threat actor is attempting to or succeeding in remotely logging in to a host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventremote_exploitation">cccs:event="remote-exploitation"</h4>
<div class="paragraph">
<p>Remote exploitation</p>
</div>
<div class="paragraph">
<p>A threat actor is attempting to exploit vulnerabilities remotely.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventscan">cccs:event="scan"</h4>
<div class="paragraph">
<p>Scan</p>
</div>
<div class="paragraph">
<p>A threat actor is scanning the network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventscraping">cccs:event="scraping"</h4>
<div class="paragraph">
<p>Scraping</p>
</div>
<div class="paragraph">
<p>Represents a collection of virtually identical scraping events within a range of time.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccseventtraffic_interception">cccs:event="traffic-interception"</h4>
<div class="paragraph">
<p>Traffic interception</p>
</div>
<div class="paragraph">
<p>Represents a collection of virtually identical traffic interception events within a range of time.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disclosure_type">disclosure-type</h3>
<div class="paragraph">
<p>Type of information being disclosed.</p>
</div>
<div class="sect3">
<h4 id="_cccsdisclosure_typegoc_credential_disclosure">cccs:disclosure-type="goc-credential-disclosure"</h4>
<div class="paragraph">
<p>Goc credential disclosure</p>
</div>
<div class="paragraph">
<p>Credentials for a GoC system or user were disclosed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdisclosure_typepersonal_credential_disclosure">cccs:disclosure-type="personal-credential-disclosure"</h4>
<div class="paragraph">
<p>Personal credential disclosure</p>
</div>
<div class="paragraph">
<p>Credentials not related to a GoC system or user were disclosed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdisclosure_typepersonal_information_disclosure">cccs:disclosure-type="personal-information-disclosure"</h4>
<div class="paragraph">
<p>Personal information disclosure</p>
</div>
<div class="paragraph">
<p>Information about a person or persons was disclosed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdisclosure_typenone">cccs:disclosure-type="none"</h4>
<div class="paragraph">
<p>None</p>
</div>
<div class="paragraph">
<p>No information was disclosed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdisclosure_typeother">cccs:disclosure-type="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Information other than credentials and personal information was disclosed.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_domain_category">domain-category</h3>
<div class="paragraph">
<p>The Domain Category.</p>
</div>
<div class="sect3">
<h4 id="_cccsdomain_categoryc2">cccs:domain-category="c2"</h4>
<div class="paragraph">
<p>C2</p>
</div>
<div class="paragraph">
<p>Domain is being used as command-and-control infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdomain_categoryproxy">cccs:domain-category="proxy"</h4>
<div class="paragraph">
<p>Proxy</p>
</div>
<div class="paragraph">
<p>Domain is being used as a proxy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdomain_categoryseeded">cccs:domain-category="seeded"</h4>
<div class="paragraph">
<p>Seeded</p>
</div>
<div class="paragraph">
<p>Domain has been seeded with malware or other malicious code.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdomain_categorywateringhole">cccs:domain-category="wateringhole"</h4>
<div class="paragraph">
<p>Wateringhole</p>
</div>
<div class="paragraph">
<p>Domain is being used a wateringhole.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdomain_categorycloud_infrastructure">cccs:domain-category="cloud-infrastructure"</h4>
<div class="paragraph">
<p>Cloud infrastructure</p>
</div>
<div class="paragraph">
<p>Domain is hosted on cloud infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdomain_categoryname_server">cccs:domain-category="name-server"</h4>
<div class="paragraph">
<p>Name server</p>
</div>
<div class="paragraph">
<p>Domain is a name server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsdomain_categorysinkholed">cccs:domain-category="sinkholed"</h4>
<div class="paragraph">
<p>Sinkholed</p>
</div>
<div class="paragraph">
<p>Domain is being re-directed to a sinkhole.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_email_type">email-type</h3>
<div class="paragraph">
<p>Type of email event.</p>
</div>
<div class="sect3">
<h4 id="_cccsemail_typespam">cccs:email-type="spam"</h4>
<div class="paragraph">
<p>Spam</p>
</div>
<div class="paragraph">
<p>Unsolicited or junk email named after a Monty Python sketch.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsemail_typecontent_delivery_attack">cccs:email-type="content\-delivery\-attack"</h4>
<div class="paragraph">
<p>Content\-delivery\-attack</p>
</div>
<div class="paragraph">
<p>Email contained malicious content or attachments.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsemail_typephishing">cccs:email-type="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Email designed to trick the recipient into providing sensitive information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsemail_typebaiting">cccs:email-type="baiting"</h4>
<div class="paragraph">
<p>Baiting</p>
</div>
<div class="paragraph">
<p>Email designed to trick the recipient into providing sensitive information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsemail_typeunknown">cccs:email-type="unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
<div class="paragraph">
<p>Type of email was unknown.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploitation_technique">exploitation-technique</h3>
<div class="paragraph">
<p>The technique used to remotely exploit a GoC system.</p>
</div>
<div class="sect3">
<h4 id="_cccsexploitation_techniquesql_injection">cccs:exploitation-technique="sql-injection"</h4>
<div class="paragraph">
<p>Sql injection</p>
</div>
<div class="paragraph">
<p>Exploitation occurred due to malicious SQL queries being executed against a database.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsexploitation_techniquedirectory_traversal">cccs:exploitation-technique="directory-traversal"</h4>
<div class="paragraph">
<p>Directory traversal</p>
</div>
<div class="paragraph">
<p>Exploitation occurred through a directory traversal attack allowing access to a restricted directory.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsexploitation_techniqueremote_file_inclusion">cccs:exploitation-technique="remote-file-inclusion"</h4>
<div class="paragraph">
<p>Remote file inclusion</p>
</div>
<div class="paragraph">
<p>Exploitation occurred due to vulnerabilities allowing malicious files to be sent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsexploitation_techniquecode_injection">cccs:exploitation-technique="code-injection"</h4>
<div class="paragraph">
<p>Code injection</p>
</div>
<div class="paragraph">
<p>Exploitation occurred due to malicious code being injected.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsexploitation_techniqueother">cccs:exploitation-technique="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ip_category">ip-category</h3>
<div class="paragraph">
<p>The IP Category.</p>
</div>
<div class="sect3">
<h4 id="_cccsip_categoryc2">cccs:ip-category="c2"</h4>
<div class="paragraph">
<p>C2</p>
</div>
<div class="paragraph">
<p>IP address is a command-and-control server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categoryproxy">cccs:ip-category="proxy"</h4>
<div class="paragraph">
<p>Proxy</p>
</div>
<div class="paragraph">
<p>IP address is a proxy server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categoryseeded">cccs:ip-category="seeded"</h4>
<div class="paragraph">
<p>Seeded</p>
</div>
<div class="paragraph">
<p>IP address has been seeded with malware or other malicious code.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorywateringhole">cccs:ip-category="wateringhole"</h4>
<div class="paragraph">
<p>Wateringhole</p>
</div>
<div class="paragraph">
<p>IP address is a wateringhole.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorycloud_infrastructure">cccs:ip-category="cloud-infrastructure"</h4>
<div class="paragraph">
<p>Cloud infrastructure</p>
</div>
<div class="paragraph">
<p>IP address is part of cloud infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorynetwork_gateway">cccs:ip-category="network-gateway"</h4>
<div class="paragraph">
<p>Network gateway</p>
</div>
<div class="paragraph">
<p>IP address is a network gateway.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categoryserver">cccs:ip-category="server"</h4>
<div class="paragraph">
<p>Server</p>
</div>
<div class="paragraph">
<p>IP address is a server of some type.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorydns_server">cccs:ip-category="dns-server"</h4>
<div class="paragraph">
<p>Dns server</p>
</div>
<div class="paragraph">
<p>IP address is a DNS server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorysmtp_server">cccs:ip-category="smtp-server"</h4>
<div class="paragraph">
<p>Smtp server</p>
</div>
<div class="paragraph">
<p>IP address is a mail server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categoryweb_server">cccs:ip-category="web-server"</h4>
<div class="paragraph">
<p>Web server</p>
</div>
<div class="paragraph">
<p>IP address is a web server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categoryfile_server">cccs:ip-category="file-server"</h4>
<div class="paragraph">
<p>File server</p>
</div>
<div class="paragraph">
<p>IP address is a file server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorydatabase_server">cccs:ip-category="database-server"</h4>
<div class="paragraph">
<p>Database server</p>
</div>
<div class="paragraph">
<p>IP address is a database server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorysecurity_appliance">cccs:ip-category="security-appliance"</h4>
<div class="paragraph">
<p>Security appliance</p>
</div>
<div class="paragraph">
<p>IP address is a security appliance of some type.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorytor_node">cccs:ip-category="tor-node"</h4>
<div class="paragraph">
<p>Tor node</p>
</div>
<div class="paragraph">
<p>IP address is a node of the TOR anonymization system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categorysinkhole">cccs:ip-category="sinkhole"</h4>
<div class="paragraph">
<p>Sinkhole</p>
</div>
<div class="paragraph">
<p>IP address is a sinkhole.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsip_categoryrouter">cccs:ip-category="router"</h4>
<div class="paragraph">
<p>Router</p>
</div>
<div class="paragraph">
<p>IP address is a router device.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_maliciousness">maliciousness</h3>
<div class="paragraph">
<p>Level of maliciousness.</p>
</div>
<div class="sect3">
<h4 id="_cccsmaliciousnessnon_malicious">cccs:maliciousness="non-malicious"</h4>
<div class="paragraph">
<p>Non-malicious</p>
</div>
<div class="paragraph">
<p>Non-malicious is not malicious or suspicious.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmaliciousnesssuspicious">cccs:maliciousness="suspicious"</h4>
<div class="paragraph">
<p>Suspicious</p>
</div>
<div class="paragraph">
<p>Suspicious is not non-malicious and not malicious.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmaliciousnessmalicious">cccs:maliciousness="malicious"</h4>
<div class="paragraph">
<p>Malicious</p>
</div>
<div class="paragraph">
<p>Malicious is not non-malicious or suspicious.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_category">malware-category</h3>
<div class="paragraph">
<p>The Malware Category.</p>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryexploit_kit">cccs:malware-category="exploit-kit"</h4>
<div class="paragraph">
<p>Exploit kit</p>
</div>
<div class="paragraph">
<p>Toolkit used to attack vulnerabilities in systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryfirst_stage">cccs:malware-category="first-stage"</h4>
<div class="paragraph">
<p>First stage</p>
</div>
<div class="paragraph">
<p>Malware used in the initial phase of an attack and commonly used to retrieve a second stage.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categorysecond_stage">cccs:malware-category="second-stage"</h4>
<div class="paragraph">
<p>Second stage</p>
</div>
<div class="paragraph">
<p>Typical more complex malware retrieved by first stage malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryscanner">cccs:malware-category="scanner"</h4>
<div class="paragraph">
<p>Scanner</p>
</div>
<div class="paragraph">
<p>Malware used to look for common vulnerabilities or running software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categorydownloader">cccs:malware-category="downloader"</h4>
<div class="paragraph">
<p>Downloader</p>
</div>
<div class="paragraph">
<p>Malware used to retrieve additional malware or tools.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryproxy">cccs:malware-category="proxy"</h4>
<div class="paragraph">
<p>Proxy</p>
</div>
<div class="paragraph">
<p>Malware used to proxy traffic on an infected host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryreverse_proxy">cccs:malware-category="reverse-proxy"</h4>
<div class="paragraph">
<p>Reverse proxy</p>
</div>
<div class="paragraph">
<p>If you choose this option please provide a description of what it is to the ALFRED PO.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categorywebshell">cccs:malware-category="webshell"</h4>
<div class="paragraph">
<p>Webshell</p>
</div>
<div class="paragraph">
<p>Malware uploaded to a web server allowing remote access to an attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryransomware">cccs:malware-category="ransomware"</h4>
<div class="paragraph">
<p>Ransomware</p>
</div>
<div class="paragraph">
<p>Malware used to hold infected host&#8217;s data hostage, typically through encryption until a payment is made to the attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryadware">cccs:malware-category="adware"</h4>
<div class="paragraph">
<p>Adware</p>
</div>
<div class="paragraph">
<p>Malware used to display ads to the infected host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryspyware">cccs:malware-category="spyware"</h4>
<div class="paragraph">
<p>Spyware</p>
</div>
<div class="paragraph">
<p>Malware used to collect information from the infected host, such as credentials.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryvirus">cccs:malware-category="virus"</h4>
<div class="paragraph">
<p>Virus</p>
</div>
<div class="paragraph">
<p>Malware that propogates by inserting a copy of itself into another program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryworm">cccs:malware-category="worm"</h4>
<div class="paragraph">
<p>Worm</p>
</div>
<div class="paragraph">
<p>Standalone malware that propogates by copying itself..</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categorytrojan">cccs:malware-category="trojan"</h4>
<div class="paragraph">
<p>Trojan</p>
</div>
<div class="paragraph">
<p>Malware that looks like legitimate software but hides malicious code.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categoryrootkit">cccs:malware-category="rootkit"</h4>
<div class="paragraph">
<p>Rootkit</p>
</div>
<div class="paragraph">
<p>Malware that can hide the existance of other malware by modifying operating system functions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categorykeylogger">cccs:malware-category="keylogger"</h4>
<div class="paragraph">
<p>Keylogger</p>
</div>
<div class="paragraph">
<p>Malware that runs in the background, capturing keystrokes from a user unknowingly for exfiltration.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmalware_categorybrowser_hijacker">cccs:malware-category="browser-hijacker"</h4>
<div class="paragraph">
<p>Browser hijacker</p>
</div>
<div class="paragraph">
<p>Malware that re-directs or otherwise intercepts Internet browsing by the user.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_misusage_type">misusage-type</h3>
<div class="paragraph">
<p>The type of misusage.</p>
</div>
<div class="sect3">
<h4 id="_cccsmisusage_typeunauthorized_usage">cccs:misusage-type="unauthorized-usage"</h4>
<div class="paragraph">
<p>Unauthorized usage</p>
</div>
<div class="paragraph">
<p>Usage of the system or resource was without appropriate permission or authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmisusage_typemisconfiguration">cccs:misusage-type="misconfiguration"</h4>
<div class="paragraph">
<p>Misconfiguration</p>
</div>
<div class="paragraph">
<p>System or resource is misconfigured.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmisusage_typelack_of_encryption">cccs:misusage-type="lack-of-encryption"</h4>
<div class="paragraph">
<p>Lack of encryption</p>
</div>
<div class="paragraph">
<p>System or resources has insufficient encryption or no encryption.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmisusage_typevulnerable_software">cccs:misusage-type="vulnerable-software"</h4>
<div class="paragraph">
<p>Vulnerable software</p>
</div>
<div class="paragraph">
<p>System or resource has software with known vulnerabilities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmisusage_typeprivilege_escalation">cccs:misusage-type="privilege-escalation"</h4>
<div class="paragraph">
<p>Privilege escalation</p>
</div>
<div class="paragraph">
<p>System or resource was exploited to gain higher privilege level.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmisusage_typeother">cccs:misusage-type="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_mitigation_type">mitigation-type</h3>
<div class="paragraph">
<p>The type of mitigation.</p>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeanti_virus">cccs:mitigation-type="anti-virus"</h4>
<div class="paragraph">
<p>Anti-virus</p>
</div>
<div class="paragraph">
<p>Anti-Virus</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typecontent_filtering_system">cccs:mitigation-type="content-filtering-system"</h4>
<div class="paragraph">
<p>Content filtering system</p>
</div>
<div class="paragraph">
<p>Content Filtering System</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typedynamic_defense">cccs:mitigation-type="dynamic-defense"</h4>
<div class="paragraph">
<p>Dynamic defense</p>
</div>
<div class="paragraph">
<p>Dynamic Defense</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeinsufficient_privileges">cccs:mitigation-type="insufficient-privileges"</h4>
<div class="paragraph">
<p>Insufficient privileges</p>
</div>
<div class="paragraph">
<p>Insufficient Privileges</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeids">cccs:mitigation-type="ids"</h4>
<div class="paragraph">
<p>Ids</p>
</div>
<div class="paragraph">
<p>Intrusion Detection System</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typesink_hole_take_down_by_third_party">cccs:mitigation-type="sink-hole-/-take-down-by-third-party"</h4>
<div class="paragraph">
<p>Sink hole / take down by third party</p>
</div>
<div class="paragraph">
<p>Sink Hole / Take Down by Third Party</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeisp">cccs:mitigation-type="isp"</h4>
<div class="paragraph">
<p>Isp</p>
</div>
<div class="paragraph">
<p>Internet Service Provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeinvalid_credentials">cccs:mitigation-type="invalid-credentials"</h4>
<div class="paragraph">
<p>Invalid credentials</p>
</div>
<div class="paragraph">
<p>Invalid Credentials</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typenot_vulnerable">cccs:mitigation-type="not-vulnerable"</h4>
<div class="paragraph">
<p>Not vulnerable</p>
</div>
<div class="paragraph">
<p>No mitigation was required because the system was not vulnerable to the attack.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeother">cccs:mitigation-type="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeunknown">cccs:mitigation-type="unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsmitigation_typeuser">cccs:mitigation-type="user"</h4>
<div class="paragraph">
<p>User</p>
</div>
<div class="paragraph">
<p>User</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_origin">origin</h3>
<div class="paragraph">
<p>Where the request originated from.</p>
</div>
<div class="sect3">
<h4 id="_cccsoriginsubscriber">cccs:origin="subscriber"</h4>
<div class="paragraph">
<p>Subscriber</p>
</div>
<div class="paragraph">
<p>Subscriber.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsorigininternet">cccs:origin="internet"</h4>
<div class="paragraph">
<p>Internet</p>
</div>
<div class="paragraph">
<p>Internet.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_originating_organization">originating-organization</h3>
<div class="paragraph">
<p>Origin of a signature.</p>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organizationcse">cccs:originating-organization="cse"</h4>
<div class="paragraph">
<p>Cse</p>
</div>
<div class="paragraph">
<p>Communications Security Establishment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organizationnsa">cccs:originating-organization="nsa"</h4>
<div class="paragraph">
<p>Nsa</p>
</div>
<div class="paragraph">
<p>National Security Agency.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organizationgchq">cccs:originating-organization="gchq"</h4>
<div class="paragraph">
<p>Gchq</p>
</div>
<div class="paragraph">
<p>Government Communications Headquarters.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organizationasd">cccs:originating-organization="asd"</h4>
<div class="paragraph">
<p>Asd</p>
</div>
<div class="paragraph">
<p>Australian Signals Directorate.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organizationgcsb">cccs:originating-organization="gcsb"</h4>
<div class="paragraph">
<p>Gcsb</p>
</div>
<div class="paragraph">
<p>Government Communications Security Bureau.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organizationopen_source">cccs:originating-organization="open-source"</h4>
<div class="paragraph">
<p>Open source</p>
</div>
<div class="paragraph">
<p>Originated from publically available information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organization3rd_party">cccs:originating-organization="3rd-party"</h4>
<div class="paragraph">
<p>3rd party</p>
</div>
<div class="paragraph">
<p>Originated from a 3rd party organization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsoriginating_organizationother">cccs:originating-organization="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_scan_type">scan-type</h3>
<div class="paragraph">
<p>The type of scan event.</p>
</div>
<div class="sect3">
<h4 id="_cccsscan_typeopen_port">cccs:scan-type="open-port"</h4>
<div class="paragraph">
<p>Open port</p>
</div>
<div class="paragraph">
<p>Scan was looking for open ports corresponding to common applications or protocols.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsscan_typeicmp">cccs:scan-type="icmp"</h4>
<div class="paragraph">
<p>Icmp</p>
</div>
<div class="paragraph">
<p>Scan was attempting to enumerate devices through the ICMP protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsscan_typeos_fingerprinting">cccs:scan-type="os-fingerprinting"</h4>
<div class="paragraph">
<p>Os fingerprinting</p>
</div>
<div class="paragraph">
<p>Scan was looking for operating system information through unique characteristics in responses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsscan_typeweb">cccs:scan-type="web"</h4>
<div class="paragraph">
<p>Web</p>
</div>
<div class="paragraph">
<p>Scan was enumerating or otherwise traversing web hosts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsscan_typeother">cccs:scan-type="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_severity">severity</h3>
<div class="paragraph">
<p>Severity of the event.</p>
</div>
<div class="sect3">
<h4 id="_cccsseverityreconnaissance">cccs:severity="reconnaissance"</h4>
<div class="paragraph">
<p>Reconnaissance</p>
</div>
<div class="paragraph">
<p>An actor attempted or succeeded in gaining information that may be used to identify and/or compromise systems or data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsseverityattempted_compromise">cccs:severity="attempted-compromise"</h4>
<div class="paragraph">
<p>Attempted compromise</p>
</div>
<div class="paragraph">
<p>An actor attempted affecting the confidentiality, integrity or availability of a system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsseverityexploited">cccs:severity="exploited"</h4>
<div class="paragraph">
<p>Exploited</p>
</div>
<div class="paragraph">
<p>A vulnerability was successfully exploited.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_threat_vector">threat-vector</h3>
<div class="paragraph">
<p>Specifies how the threat actor gained or attempted to gain initial access to the target GoC host.</p>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorapplicationcms">cccs:threat-vector="application:cms"</h4>
<div class="paragraph">
<p>Application:cms</p>
</div>
<div class="paragraph">
<p>Content Management System.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorapplicationbash">cccs:threat-vector="application:bash"</h4>
<div class="paragraph">
<p>Application:bash</p>
</div>
<div class="paragraph">
<p>BASH script.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorapplicationacrobat_reader">cccs:threat-vector="application:acrobat-reader"</h4>
<div class="paragraph">
<p>Application:acrobat reader</p>
</div>
<div class="paragraph">
<p>Adobe Acrobat Reader.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorapplicationms_excel">cccs:threat-vector="application:ms-excel"</h4>
<div class="paragraph">
<p>Application:ms excel</p>
</div>
<div class="paragraph">
<p>Microsoft Excel.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorapplicationother">cccs:threat-vector="application:other"</h4>
<div class="paragraph">
<p>Application:other</p>
</div>
<div class="paragraph">
<p>Other Application.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorlanguagesql">cccs:threat-vector="language:sql"</h4>
<div class="paragraph">
<p>Language:sql</p>
</div>
<div class="paragraph">
<p>Structured Query Language.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorlanguagephp">cccs:threat-vector="language:php"</h4>
<div class="paragraph">
<p>Language:php</p>
</div>
<div class="paragraph">
<p>PHP: Hypertext Preprocessor.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorlanguagejavascript">cccs:threat-vector="language:javascript"</h4>
<div class="paragraph">
<p>Language:javascript</p>
</div>
<div class="paragraph">
<p>JavaScript.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorlanguageother">cccs:threat-vector="language:other"</h4>
<div class="paragraph">
<p>Language:other</p>
</div>
<div class="paragraph">
<p>Other Language.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocoldns">cccs:threat-vector="protocol:dns"</h4>
<div class="paragraph">
<p>Protocol:dns</p>
</div>
<div class="paragraph">
<p>Domain Name System.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolftp">cccs:threat-vector="protocol:ftp"</h4>
<div class="paragraph">
<p>Protocol:ftp</p>
</div>
<div class="paragraph">
<p>File Transfer Protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolhttp">cccs:threat-vector="protocol:http"</h4>
<div class="paragraph">
<p>Protocol:http</p>
</div>
<div class="paragraph">
<p>Hyper Text Transfer Protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolicmp">cccs:threat-vector="protocol:icmp"</h4>
<div class="paragraph">
<p>Protocol:icmp</p>
</div>
<div class="paragraph">
<p>Internet Control Message Protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolntp">cccs:threat-vector="protocol:ntp"</h4>
<div class="paragraph">
<p>Protocol:ntp</p>
</div>
<div class="paragraph">
<p>Network Time Protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolrdp">cccs:threat-vector="protocol:rdp"</h4>
<div class="paragraph">
<p>Protocol:rdp</p>
</div>
<div class="paragraph">
<p>Remote Desktop Protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolsmb">cccs:threat-vector="protocol:smb"</h4>
<div class="paragraph">
<p>Protocol:smb</p>
</div>
<div class="paragraph">
<p>Server Message Block.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolsnmp">cccs:threat-vector="protocol:snmp"</h4>
<div class="paragraph">
<p>Protocol:snmp</p>
</div>
<div class="paragraph">
<p>Simple Network Management Protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolssl">cccs:threat-vector="protocol:ssl"</h4>
<div class="paragraph">
<p>Protocol:ssl</p>
</div>
<div class="paragraph">
<p>Secure Sockets Layer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocoltelnet">cccs:threat-vector="protocol:telnet"</h4>
<div class="paragraph">
<p>Protocol:telnet</p>
</div>
<div class="paragraph">
<p>Network Virtual Terminal Protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cccsthreat_vectorprotocolsip">cccs:threat-vector="protocol:sip"</h4>
<div class="paragraph">
<p>Protocol:sip</p>
</div>
<div class="paragraph">
<p>Session Initiation Protocol.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_circl">circl</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
circl namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/circl/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection</p>
</div>
<div class="sect2">
<h3 id="_incident_classification">incident-classification</h3>
<div class="sect3">
<h4 id="_circlincident_classificationspam">circl:incident-classification="spam"</h4>
<div class="paragraph">
<p>Spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationsystem_compromise">circl:incident-classification="system-compromise"</h4>
<div class="paragraph">
<p>System compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationsabotage">circl:incident-classification="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationprivacy_violation">circl:incident-classification="privacy-violation"</h4>
<div class="paragraph">
<p>Privacy violation</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationscan">circl:incident-classification="scan"</h4>
<div class="paragraph">
<p>Scan</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationdenial_of_service">circl:incident-classification="denial-of-service"</h4>
<div class="paragraph">
<p>Denial of Service</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationcopyright_issue">circl:incident-classification="copyright-issue"</h4>
<div class="paragraph">
<p>Copyright issue</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationphishing">circl:incident-classification="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationwhaling">circl:incident-classification="whaling"</h4>
<div class="paragraph">
<p>Whaling</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationsmishing">circl:incident-classification="smishing"</h4>
<div class="paragraph">
<p>SMS Phishing</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationmalware">circl:incident-classification="malware"</h4>
<div class="paragraph">
<p>Malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationxss">circl:incident-classification="XSS"</h4>
<div class="paragraph">
<p>XSS</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationvulnerability">circl:incident-classification="vulnerability"</h4>
<div class="paragraph">
<p>Vulnerability</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationfastflux">circl:incident-classification="fastflux"</h4>
<div class="paragraph">
<p>Fastflux</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationdomain_fronting">circl:incident-classification="domain-fronting"</h4>
<div class="paragraph">
<p>Domain Fronting</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationsql_injection">circl:incident-classification="sql-injection"</h4>
<div class="paragraph">
<p>SQL Injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationinformation_leak">circl:incident-classification="information-leak"</h4>
<div class="paragraph">
<p>Information leak</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationscam">circl:incident-classification="scam"</h4>
<div class="paragraph">
<p>Scam</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationcryptojacking">circl:incident-classification="cryptojacking"</h4>
<div class="paragraph">
<p>Cryptojacking</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationlocker">circl:incident-classification="locker"</h4>
<div class="paragraph">
<p>Locker</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationscreenlocker">circl:incident-classification="screenlocker"</h4>
<div class="paragraph">
<p>Screenlocker</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationwiper">circl:incident-classification="wiper"</h4>
<div class="paragraph">
<p>Wiper</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationransomware">circl:incident-classification="ransomware"</h4>
<div class="paragraph">
<p>ransomware</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationsextortion">circl:incident-classification="sextortion"</h4>
<div class="paragraph">
<p>sextortion</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationsocial_engineering">circl:incident-classification="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationgdpr_violation">circl:incident-classification="gdpr-violation"</h4>
<div class="paragraph">
<p>GDPR Violation</p>
</div>
</div>
<div class="sect3">
<h4 id="_circlincident_classificationcovid_19">circl:incident-classification="covid-19"</h4>
<div class="paragraph">
<p>covid-19</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_topic">topic</h3>
<div class="sect3">
<h4 id="_circltopicfinance">circl:topic="finance"</h4>
<div class="paragraph">
<p>Finance</p>
</div>
</div>
<div class="sect3">
<h4 id="_circltopicict">circl:topic="ict"</h4>
<div class="paragraph">
<p>ICT</p>
</div>
</div>
<div class="sect3">
<h4 id="_circltopicindividual">circl:topic="individual"</h4>
<div class="paragraph">
<p>Individual</p>
</div>
</div>
<div class="sect3">
<h4 id="_circltopicindustry">circl:topic="industry"</h4>
<div class="paragraph">
<p>Industry</p>
</div>
</div>
<div class="sect3">
<h4 id="_circltopicmedical">circl:topic="medical"</h4>
<div class="paragraph">
<p>Medical</p>
</div>
</div>
<div class="sect3">
<h4 id="_circltopicservices">circl:topic="services"</h4>
<div class="paragraph">
<p>Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_circltopicundefined">circl:topic="undefined"</h4>
<div class="paragraph">
<p>Undefined</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_coa">coa</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
coa namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/coa/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Course of action taken within organization to discover, detect, deny, disrupt, degrade, deceive and/or destroy an attack.</p>
</div>
<div class="sect2">
<h3 id="_discover">discover</h3>
<div class="sect3">
<h4 id="_coadiscoverproxy">coa:discover="proxy"</h4>
<div class="paragraph">
<p>Searched historical proxy logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverids">coa:discover="ids"</h4>
<div class="paragraph">
<p>Searched historical IDS logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverfirewall">coa:discover="firewall"</h4>
<div class="paragraph">
<p>Searched historical firewall logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverpcap">coa:discover="pcap"</h4>
<div class="paragraph">
<p>Discovered in packet-capture logs</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverremote_access">coa:discover="remote-access"</h4>
<div class="paragraph">
<p>Searched historical remote access logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverauthentication">coa:discover="authentication"</h4>
<div class="paragraph">
<p>Searched historical authentication logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverhoneypot">coa:discover="honeypot"</h4>
<div class="paragraph">
<p>Searched historical honeypot data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoversyslog">coa:discover="syslog"</h4>
<div class="paragraph">
<p>Searched historical system logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverweb">coa:discover="web"</h4>
<div class="paragraph">
<p>Searched historical WAF and web application logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverdatabase">coa:discover="database"</h4>
<div class="paragraph">
<p>Searched historcial database logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscovermail">coa:discover="mail"</h4>
<div class="paragraph">
<p>Searched historical mail logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverantivirus">coa:discover="antivirus"</h4>
<div class="paragraph">
<p>Searched historical antivirus alerts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscovermalware_collection">coa:discover="malware-collection"</h4>
<div class="paragraph">
<p>Retro hunted in a malware collection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverother">coa:discover="other"</h4>
<div class="paragraph">
<p>Searched other historical data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadiscoverunspecified">coa:discover="unspecified"</h4>
<div class="paragraph">
<p>Unspecified information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_detect">detect</h3>
<div class="sect3">
<h4 id="_coadetectproxy">coa:detect="proxy"</h4>
<div class="paragraph">
<p>Detect by Proxy infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectnids">coa:detect="nids"</h4>
<div class="paragraph">
<p>Detect by Network Intrusion detection system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetecthids">coa:detect="hids"</h4>
<div class="paragraph">
<p>Detect by Host Intrusion detection system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectother">coa:detect="other"</h4>
<div class="paragraph">
<p>Detect by other tools.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectsyslog">coa:detect="syslog"</h4>
<div class="paragraph">
<p>Detect in system logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectfirewall">coa:detect="firewall"</h4>
<div class="paragraph">
<p>Detect by firewall.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectemail">coa:detect="email"</h4>
<div class="paragraph">
<p>Detect by MTA.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectweb">coa:detect="web"</h4>
<div class="paragraph">
<p>Detect by web infrastructure including WAF.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectdatabase">coa:detect="database"</h4>
<div class="paragraph">
<p>Detect in database.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectremote_access">coa:detect="remote-access"</h4>
<div class="paragraph">
<p>Detect in remote-access logs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectmalware_collection">coa:detect="malware-collection"</h4>
<div class="paragraph">
<p>Detect in malware-collection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectantivirus">coa:detect="antivirus"</h4>
<div class="paragraph">
<p>Detect with antivirus.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadetectunspecified">coa:detect="unspecified"</h4>
<div class="paragraph">
<p>Unspecified information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_deny">deny</h3>
<div class="sect3">
<h4 id="_coadenyproxy">coa:deny="proxy"</h4>
<div class="paragraph">
<p>Implemented a proxy filter.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadenyfirewall">coa:deny="firewall"</h4>
<div class="paragraph">
<p>Implemented a block rule on a firewall.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadenywaf">coa:deny="waf"</h4>
<div class="paragraph">
<p>Implemented a block rule on a web application firewall.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadenyemail">coa:deny="email"</h4>
<div class="paragraph">
<p>Implemented a filter on a mail transfer agent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadenychroot">coa:deny="chroot"</h4>
<div class="paragraph">
<p>Implemented a chroot jail.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadenyremote_access">coa:deny="remote-access"</h4>
<div class="paragraph">
<p>Blocked an account for remote access.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadenyother">coa:deny="other"</h4>
<div class="paragraph">
<p>Denied an action by other means.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadenyunspecified">coa:deny="unspecified"</h4>
<div class="paragraph">
<p>Unspecified information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disrupt">disrupt</h3>
<div class="sect3">
<h4 id="_coadisruptnips">coa:disrupt="nips"</h4>
<div class="paragraph">
<p>Implemented a rule on a network IPS.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadisrupthips">coa:disrupt="hips"</h4>
<div class="paragraph">
<p>Implemented a rule on a host-based IPS.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadisruptother">coa:disrupt="other"</h4>
<div class="paragraph">
<p>Disrupted an action by other means.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadisruptemail">coa:disrupt="email"</h4>
<div class="paragraph">
<p>Quarantined an email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadisruptmemory_protection">coa:disrupt="memory-protection"</h4>
<div class="paragraph">
<p>Implemented memory protection like DEP and/or ASLR.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadisruptsandboxing">coa:disrupt="sandboxing"</h4>
<div class="paragraph">
<p>Exploded in a sandbox.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadisruptantivirus">coa:disrupt="antivirus"</h4>
<div class="paragraph">
<p>Activated an antivirus signature.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadisruptunspecified">coa:disrupt="unspecified"</h4>
<div class="paragraph">
<p>Unspecified information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_degrade">degrade</h3>
<div class="sect3">
<h4 id="_coadegradebandwidth">coa:degrade="bandwidth"</h4>
<div class="paragraph">
<p>Throttled the bandwidth.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadegradetarpit">coa:degrade="tarpit"</h4>
<div class="paragraph">
<p>Implement a network tarpit.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadegradeother">coa:degrade="other"</h4>
<div class="paragraph">
<p>Degraded an action by other means.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadegradeemail">coa:degrade="email"</h4>
<div class="paragraph">
<p>Queued an email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadegradeunspecified">coa:degrade="unspecified"</h4>
<div class="paragraph">
<p>Unspecified information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_deceive">deceive</h3>
<div class="sect3">
<h4 id="_coadeceivehoneypot">coa:deceive="honeypot"</h4>
<div class="paragraph">
<p>Implemented an interactive honeypot.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadeceivedns">coa:deceive="DNS"</h4>
<div class="paragraph">
<p>Implemented DNS redirects, e.g. a response policy zone.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadeceiveother">coa:deceive="other"</h4>
<div class="paragraph">
<p>Deceived the attacker with other technology.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadeceiveemail">coa:deceive="email"</h4>
<div class="paragraph">
<p>Implemented email redirection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadeceiveunspecified">coa:deceive="unspecified"</h4>
<div class="paragraph">
<p>Unspecified information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_destroy">destroy</h3>
<div class="sect3">
<h4 id="_coadestroyarrest">coa:destroy="arrest"</h4>
<div class="paragraph">
<p>Arrested the threat actor.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadestroyseize">coa:destroy="seize"</h4>
<div class="paragraph">
<p>Seized attacker infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadestroyphysical">coa:destroy="physical"</h4>
<div class="paragraph">
<p>Physically destroyed attacker hardware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadestroydos">coa:destroy="dos"</h4>
<div class="paragraph">
<p>Performed a denial-of-service attack against attacker infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadestroyhack_back">coa:destroy="hack-back"</h4>
<div class="paragraph">
<p>Hack back against the threat actor.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadestroyother">coa:destroy="other"</h4>
<div class="paragraph">
<p>Carried out other offensive actions against the attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_coadestroyunspecified">coa:destroy="unspecified"</h4>
<div class="paragraph">
<p>Unspecified information.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_collaborative_intelligence">collaborative-intelligence</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
collaborative-intelligence namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/collaborative-intelligence/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later.</p>
</div>
<div class="sect2">
<h3 id="_request">request</h3>
<div class="paragraph">
<p>Request predicate covers all the requests which can be done by analysts or organisations willing to get additional information to support their analysis.</p>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestsample">collaborative-intelligence:request="sample"</h4>
<div class="paragraph">
<p>Request a binary sample</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestextracted_malware_config">collaborative-intelligence:request="extracted-malware-config"</h4>
<div class="paragraph">
<p>Extracted malware config</p>
</div>
<div class="paragraph">
<p>Request of the malware configuration extracted from the malware sample tagged.</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestdeobfuscated_sample">collaborative-intelligence:request="deobfuscated-sample"</h4>
<div class="paragraph">
<p>Request a deobfuscated sample of the shared sample</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestmore_samples">collaborative-intelligence:request="more-samples"</h4>
<div class="paragraph">
<p>Request additional samples compared to the original analysis to build a competitive analysis on the reversing aspect</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestrelated_samples">collaborative-intelligence:request="related-samples"</h4>
<div class="paragraph">
<p>Request related samples required for further analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequeststatic_analysis">collaborative-intelligence:request="static-analysis"</h4>
<div class="paragraph">
<p>Request additional static analysis or reversing on the information shared</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestdetection_signature">collaborative-intelligence:request="detection-signature"</h4>
<div class="paragraph">
<p>Request detection signature from</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestcontext">collaborative-intelligence:request="context"</h4>
<div class="paragraph">
<p>Request more contextual information</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestabuse_contact">collaborative-intelligence:request="abuse-contact"</h4>
<div class="paragraph">
<p>Request an abuse contact to report to</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequesthistorical_information">collaborative-intelligence:request="historical-information"</h4>
<div class="paragraph">
<p>Request more historical information from</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestcomplementary_validation">collaborative-intelligence:request="complementary-validation"</h4>
<div class="paragraph">
<p>Request complementary validation</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequesttarget_information">collaborative-intelligence:request="target-information"</h4>
<div class="paragraph">
<p>Request about the target(s) including field of activities or companies</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestrequest_analysis">collaborative-intelligence:request="request-analysis"</h4>
<div class="paragraph">
<p>Request further technical or tactical analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_collaborative_intelligencerequestmore_information">collaborative-intelligence:request="more-information"</h4>
<div class="paragraph">
<p>Request for generic additional information</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_common_taxonomy">common-taxonomy</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
common-taxonomy namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/common-taxonomy/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Common Taxonomy for Law enforcement and CSIRTs</p>
</div>
<div class="sect2">
<h3 id="_malware">malware</h3>
<div class="paragraph">
<p>Infection of one or various systems with a specific type of malware / Connection performed by/from/to (a) suspicious system(s)</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomymalwareinfection">common-taxonomy:malware="infection"</h4>
<div class="paragraph">
<p>Infection</p>
</div>
<div class="paragraph">
<p>Malware detected in a system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomymalwaredistribution">common-taxonomy:malware="distribution"</h4>
<div class="paragraph">
<p>Distribution</p>
</div>
<div class="paragraph">
<p>Malware attached to a message or email message containing link to malicious URL or IP.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomymalwarecommand_and_control">common-taxonomy:malware="command-and-control"</h4>
<div class="paragraph">
<p>Command &amp; Control (C&amp;C)</p>
</div>
<div class="paragraph">
<p>System used as a command-and-control point by a botnet. Also included in this field are systems serving as a point for gathering information stolen by botnets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomymalwaremalicious_connection">common-taxonomy:malware="malicious-connection"</h4>
<div class="paragraph">
<p>Malicious connection</p>
</div>
<div class="paragraph">
<p>System attempting to gain access to a port normally linked to a specific type of malware / System attempting to gain access to an IP address or URL normally linked to a specific type of malware, e.g. C&amp;C or a distribution page for components linked to a specific botnet.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability_2">availability</h3>
<div class="paragraph">
<p>Disruption of the processing and response capacity of systems and networks in order to render them inoperative / Premeditated action to damage a system, interrupt a process, change or delete information, etc.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyavailabilitydos_ddos">common-taxonomy:availability="dos-ddos"</h4>
<div class="paragraph">
<p>Denial of Service (DoS) / Distributed Denial of Service (DDoS)</p>
</div>
<div class="paragraph">
<p>Single source using specially designed software to affect the normal functioning of a specific service, by exploiting vulnerability / Mass mailing of requests (network packets, emails, etc.) from one single source to a specific service, aimed at affecting its normal functioning.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyavailabilitysabotage">common-taxonomy:availability="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
<div class="paragraph">
<p>Logical and physical activities which although they are not aimed at causing damage to information or at preventing its transmission among systems have this effect.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering_2">information-gathering</h3>
<div class="paragraph">
<p>Active and passive gathering of information on systems or networks / Unauthorised monitoring and reading of network traffic / Attempt to gather information on a user or a system through phishing methods.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyinformation_gatheringscanning">common-taxonomy:information-gathering="scanning"</h4>
<div class="paragraph">
<p>Scanning</p>
</div>
<div class="paragraph">
<p>Single system scan searching for open ports or services using these ports for responding / Scanning a network aimed at identifying systems which are active in the same network / Transfer of a specific DNS zone.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyinformation_gatheringsniffing">common-taxonomy:information-gathering="sniffing"</h4>
<div class="paragraph">
<p>Sniffing</p>
</div>
<div class="paragraph">
<p>Logical or physical interception of communications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyinformation_gatheringphishing">common-taxonomy:information-gathering="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Mass emailing aimed at collecting data for phishing purposes with regard to the victims / Hosting web sites for phishing purposes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempt">intrusion-attempt</h3>
<div class="paragraph">
<p>Attempt to intrude by exploiting vulnerability in a system, component or network / Attempt to log in to services or authentication/access control mechanisms.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyintrusion_attemptvulnerability_exploitation_attempt">common-taxonomy:intrusion-attempt="vulnerability-exploitation-attempt"</h4>
<div class="paragraph">
<p>Exploitation of vulnerability attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful use of a tool exploiting a specific vulnerability of the system / Unsuccessful attempt to manipulate or read the information of a database by using the SQL injection technique / Unsuccessful attempts to perform attacks by using cross-site scripting techniques / Unsuccessful attempt to include files in the system under attack by using file inclusion techniques / Unauthorised access to a system or component by bypassing an access control system in place.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyintrusion_attemptlogin_attempt">common-taxonomy:intrusion-attempt="login-attempt"</h4>
<div class="paragraph">
<p>Login attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful login by using sequential credentials for gaining access to the system / Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys / Unsuccessful login by using system access credentials previously loaded into a dictionary.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_2">intrusion</h3>
<div class="paragraph">
<p>Actual intrusion by exploiting vulnerability in the system, component or network / Actual intrusion in a system, component or network by compromising a user or administrator account.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyintrusionvulnerability_exploitation">common-taxonomy:intrusion="vulnerability-exploitation"</h4>
<div class="paragraph">
<p>(Successful) Exploitation of vulnerability</p>
</div>
<div class="paragraph">
<p>Unauthorised use of a tool exploiting a specific vulnerability of the system / Unauthorised manipulation or reading of information contained in a database by using the SQL injection technique / Attack performed with the use of cross-site scripting techniques / Unauthorised inclusion of files into a system under attack with the use of file inclusion techniques / Unauthorised access to a system or component by bypassing an access control system in place.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyintrusionaccount_compromise">common-taxonomy:intrusion="account-compromise"</h4>
<div class="paragraph">
<p>Compromising an account</p>
</div>
<div class="paragraph">
<p>Unauthorised access to a system or component by using stolen access credentials.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_security">information-security</h3>
<div class="paragraph">
<p>Unauthorised access to a particular set of information / Unauthorised change or elimination of a particular set of information.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyinformation_securityunauthorised_access">common-taxonomy:information-security="unauthorised-access"</h4>
<div class="paragraph">
<p>Unauthorised access</p>
</div>
<div class="paragraph">
<p>Unauthorised access to a system or component / Unauthorised access to a set of information / Unauthorised access to and sharing of a specific set of information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyinformation_securityunauthorised_modification_or_deletion">common-taxonomy:information-security="unauthorised-modification-or-deletion"</h4>
<div class="paragraph">
<p>Unauthorised modification / deletion</p>
</div>
<div class="paragraph">
<p>Unauthorised changes to a specific set of information / Unauthorised deleting of a specific set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud_2">fraud</h3>
<div class="paragraph">
<p>Loss of property caused with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyfraudresources_misuse">common-taxonomy:fraud="resources-misuse"</h4>
<div class="paragraph">
<p>Misuse or unauthorised use of resources</p>
</div>
<div class="paragraph">
<p>Use of institutional resources for purposes other than those intended.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyfraudfalse_representation">common-taxonomy:fraud="false-representation"</h4>
<div class="paragraph">
<p>False representation</p>
</div>
<div class="paragraph">
<p>Unauthorised use of the name of an institution.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_abusive_content_2">abusive-content</h3>
<div class="paragraph">
<p>Sending SPAM messages / Distribution and sharing of copyright protected content / Dissemination of content forbidden by law.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyabusive_contentspam">common-taxonomy:abusive-content="spam"</h4>
<div class="paragraph">
<p>SPAM</p>
</div>
<div class="paragraph">
<p>Sending an unusually large quantity of email messages / Unsolicited or unwanted email message sent to the recipient.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyabusive_contentcopyright">common-taxonomy:abusive-content="copyright"</h4>
<div class="paragraph">
<p>Copyright</p>
</div>
<div class="paragraph">
<p>Unauthorised distribution or sharing of content protected by Copyright and related rights.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyabusive_contentcse_racism_violence_incitement">common-taxonomy:abusive-content="cse-racism-violence-incitement"</h4>
<div class="paragraph">
<p>Child Sexual Exploitation, racism or incitement to violence</p>
</div>
<div class="paragraph">
<p>Distribution or sharing of illegal content such as child sexual exploitation material, racism, xenophobia, etc.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_3">other</h3>
<div class="paragraph">
<p>Incidents not classified in the existing classification.</p>
</div>
<div class="sect3">
<h4 id="_common_taxonomyotherunclassified_incident">common-taxonomy:other="unclassified-incident"</h4>
<div class="paragraph">
<p>Unclassified incident</p>
</div>
<div class="paragraph">
<p>Incidents which do not fit the existing classification, acting as an indicator for the classifications update.</p>
</div>
</div>
<div class="sect3">
<h4 id="_common_taxonomyotherundetermined_incident">common-taxonomy:other="undetermined-incident"</h4>
<div class="paragraph">
<p>Undetermined incident</p>
</div>
<div class="paragraph">
<p>Unprocessed incidents which have remained undetermined from the beginning.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_copine_scale">copine-scale</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
copine-scale namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/copine-scale/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. The scale was developed by staff at the COPINE (Combating Paedophile Information Networks in Europe) project. The COPINE Project was founded in 1997, and is based in the Department of Applied Psychology, University College Cork, Ireland.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_level_10">level-10</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_10">copine-scale:level-10</h4>
<div class="paragraph">
<p>Sadistic/bestiality: (a) Pictures showing a child being tied, bound, beaten, whipped, or otherwise subjected to something that implies pain; (b) Pictures where an animal is involved in some form of sexual behavior with a child</p>
</div>
<div class="paragraph">
<p>100</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_9">level-9</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_9">copine-scale:level-9</h4>
<div class="paragraph">
<p>Gross assault: Grossly obscene pictures of sexual assault, involving penetrative sex, masturbation, or oral sex involving an adult</p>
</div>
<div class="paragraph">
<p>90</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_8">level-8</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_8">copine-scale:level-8</h4>
<div class="paragraph">
<p>Assault: Pictures of children being subjected to a sexual assault, involving digital touching, involving an adult</p>
</div>
<div class="paragraph">
<p>80</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_7">level-7</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_7">copine-scale:level-7</h4>
<div class="paragraph">
<p>Explicit sexual activity: Involves touching, mutual and self-masturbation, oral sex, and intercourse by child, not involving an adult</p>
</div>
<div class="paragraph">
<p>70</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_6">level-6</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_6">copine-scale:level-6</h4>
<div class="paragraph">
<p>Explicit erotic posing: Emphasizing genital areas where the child is posing either naked, partially clothed, or fully clothed</p>
</div>
<div class="paragraph">
<p>60</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_5">level-5</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_5">copine-scale:level-5</h4>
<div class="paragraph">
<p>Erotic posing: Deliberately posed pictures of fully or partially clothed or naked children in sexualized or provocative poses</p>
</div>
<div class="paragraph">
<p>50</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_4">level-4</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_4">copine-scale:level-4</h4>
<div class="paragraph">
<p>Posing: Deliberately posed pictures of children fully or partially clothed or naked (where the amount, context, and organization suggests sexual interest)</p>
</div>
<div class="paragraph">
<p>40</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_3">level-3</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_3">copine-scale:level-3</h4>
<div class="paragraph">
<p>Erotica: Surreptitiously taken photographs of children in play areas or other safe environments showing either underwear or varying degrees of nakedness</p>
</div>
<div class="paragraph">
<p>30</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_2">level-2</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_2">copine-scale:level-2</h4>
<div class="paragraph">
<p>Nudist: Pictures of naked or seminaked children in appropriate nudist settings, and from legitimate sources</p>
</div>
<div class="paragraph">
<p>20</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_level_1">level-1</h3>
<div class="sect3">
<h4 id="_copine_scalelevel_1">copine-scale:level-1</h4>
<div class="paragraph">
<p>Indicative: Nonerotic and nonsexualized pictures showing children in their underwear, swimming costumes, and so on, from either commercial sources or family albums; pictures of children playing in normal settings, in which the context or organization of pictures by the collector indicates inappropriateness</p>
</div>
<div class="paragraph">
<p>10</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_course_of_action">course-of-action</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
course-of-action namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/course-of-action/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability.</p>
</div>
<div class="sect2">
<h3 id="_passive">passive</h3>
<div class="sect3">
<h4 id="_course_of_actionpassivediscover">course-of-action:passive="discover"</h4>
<div class="paragraph">
<p>The discover action is a 'historical look at the data'. This action heavily relies on your capability to store logs for a reasonable amount of time and have them accessible for searching. Typically, this type of action is applied against security information and event management (SIEM) or stored network data. The goal is to determine whether you have seen a specific indicator in the past.</p>
</div>
</div>
<div class="sect3">
<h4 id="_course_of_actionpassivedetect">course-of-action:passive="detect"</h4>
<div class="paragraph">
<p>The passive action is setting up detection rules of an indicator for future traffic. These actions are most often executed via an intrusion detection system (IDS) or a specific logging rule on your firewall or application. It can also be configured as an alert in a SIEM when a specific condition is triggered.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_active">active</h3>
<div class="sect3">
<h4 id="_course_of_actionactivedeny">course-of-action:active="deny"</h4>
<div class="paragraph">
<p>The deny action prevents the event from taking place. Common examples include a firewall block or a proxy filter.</p>
</div>
</div>
<div class="sect3">
<h4 id="_course_of_actionactivedisrupt">course-of-action:active="disrupt"</h4>
<div class="paragraph">
<p>Disruption makes the event fail as it is occurring. Examples include quarantining or memory protection measures.</p>
</div>
</div>
<div class="sect3">
<h4 id="_course_of_actionactivedegrade">course-of-action:active="degrade"</h4>
<div class="paragraph">
<p>Degrading will not immediately fail an event, but it will slow down the further actions of the attacker. This tactic allows you to catch up during an incident response process, but you have to consider that the attackers may eventually succeed in achieving their objectives. Throttling bandwidth is one way to degrade an intrusion.</p>
</div>
</div>
<div class="sect3">
<h4 id="_course_of_actionactivedeceive">course-of-action:active="deceive"</h4>
<div class="paragraph">
<p>Deception allows you to learn more about the intentions of the attacker by making them think the action was successful. One way to do this is to put a honeypot in place and redirect the traffic, based on an indicator, towards the honeypot.</p>
</div>
</div>
<div class="sect3">
<h4 id="_course_of_actionactivedestroy">course-of-action:active="destroy"</h4>
<div class="paragraph">
<p>The destroy action is rarely for 'usual' defenders, as this is an offensive action against the attacker. These actions, including physical destructive actions and arresting the attackers, are usually left to law enforcement agencies.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_cryptocurrency_threat">cryptocurrency-threat</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cryptocurrency-threat namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/cryptocurrency-threat/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Threats targetting cryptocurrency, based on CipherTrace report.</p>
</div>
<div class="sect2">
<h3 id="_sim_swapping">SIM Swapping</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatsim_swapping">cryptocurrency-threat:SIM Swapping</h4>
<div class="paragraph">
<p>An identity theft technique that takes over a victim&#8217;s mobile device to steal credentials and break into wallets or exchange accounts to steal cryptocurrency.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_crypto_dusting">Crypto Dusting</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatcrypto_dusting">cryptocurrency-threat:Crypto Dusting</h4>
<div class="paragraph">
<p>A new form of blockchain spam that erodes the recipient&#8217;s reputation by sending cryptocurrency from known money mixers.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sanction_evasion">Sanction Evasion</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatsanction_evasion">cryptocurrency-threat:Sanction Evasion</h4>
<div class="paragraph">
<p>Nation states using cryptocurrencies has been promoted by the Iranian and Venezuelan governments.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_next_generation_crypto_mixers">Next-Generation Crypto Mixers</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatnext_generation_crypto_mixers">cryptocurrency-threat:Next-Generation Crypto Mixers</h4>
<div class="paragraph">
<p>Money laundering services that promise to exchange tainted tokens for freshly mined crypto, but in reality, cleanse cryptocurrency through exchanges.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_shadow_money_service_businesses">Shadow Money Service Businesses</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatshadow_money_service_businesses">cryptocurrency-threat:Shadow Money Service Businesses</h4>
<div class="paragraph">
<p>Unlicensed Money Service Businesses (MSBs) banking cryptocurrency without the knowledge of host financial institutions, and thus exposing banks to unknown risk.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_datacenter_scale_crypto_jacking">Datacenter-Scale Crypto Jacking:</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatdatacenter_scale_crypto_jacking">cryptocurrency-threat:Datacenter-Scale Crypto Jacking:</h4>
<div class="paragraph">
<p>Takeover attacks that mine for cryptocurrency at a massive scale have been discovered in datacenters, including AWS.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_lightning_network_transactions">Lightning Network Transactions</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatlightning_network_transactions">cryptocurrency-threat:Lightning Network Transactions</h4>
<div class="paragraph">
<p>Enable anonymous bitcoin transactions by going "off-chain," and cannow scale to $2,150,000.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_decentralized_stable_coins">Decentralized Stable Coins</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatdecentralized_stable_coins">cryptocurrency-threat:Decentralized Stable Coins</h4>
<div class="paragraph">
<p>Stabilized tokens that can be designed for use as private coins.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_email_extortion_and_bomb_threats">Email Extortion and Bomb Threats</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatemail_extortion_and_bomb_threats">cryptocurrency-threat:Email Extortion and Bomb Threats</h4>
<div class="paragraph">
<p>Cyber-extortionists stepped up mass-customized phishing emails campaigns using old passwords and spouse names in 2018. Bomb threat extortion scams demanding bitcoin spiked in December.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_crypto_robbing_ransomware">Crypto Robbing Ransomware</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatcrypto_robbing_ransomware">cryptocurrency-threat:Crypto Robbing Ransomware</h4>
<div class="paragraph">
<p>Cyber-extortionists began distributing new malware that empties cryptocurrency wallets and steals private keys while holding user data hostage.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_csirt_americas">csirt-americas</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
csirt-americas namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/csirt-americas/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomía CSIRT Américas.</p>
</div>
<div class="sect2">
<h3 id="_defacement">defacement</h3>
<div class="sect3">
<h4 id="_csirt_americasdefacement">csirt-americas:defacement</h4>
<div class="paragraph">
<p>Defacement</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_2">malware</h3>
<div class="sect3">
<h4 id="_csirt_americasmalware">csirt-americas:malware</h4>
<div class="paragraph">
<p>Malware</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ddos">ddos</h3>
<div class="sect3">
<h4 id="_csirt_americasddos">csirt-americas:ddos</h4>
<div class="paragraph">
<p>DDoS</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_phishing">phishing</h3>
<div class="sect3">
<h4 id="_csirt_americasphishing">csirt-americas:phishing</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_spam">spam</h3>
<div class="sect3">
<h4 id="_csirt_americasspam">csirt-americas:spam</h4>
<div class="paragraph">
<p>Spam</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_botnet">botnet</h3>
<div class="sect3">
<h4 id="_csirt_americasbotnet">csirt-americas:botnet</h4>
<div class="paragraph">
<p>Botnet</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fastflux">fastflux</h3>
<div class="sect3">
<h4 id="_csirt_americasfastflux">csirt-americas:fastflux</h4>
<div class="paragraph">
<p>Fastflux</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cryptojacking">cryptojacking</h3>
<div class="sect3">
<h4 id="_csirt_americascryptojacking">csirt-americas:cryptojacking</h4>
<div class="paragraph">
<p>Cryptojacking</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_xss">xss</h3>
<div class="sect3">
<h4 id="_csirt_americasxss">csirt-americas:xss</h4>
<div class="paragraph">
<p>XSS</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sqli">sqli</h3>
<div class="sect3">
<h4 id="_csirt_americassqli">csirt-americas:sqli</h4>
<div class="paragraph">
<p>SQL Injection</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerability">vulnerability</h3>
<div class="sect3">
<h4 id="_csirt_americasvulnerability">csirt-americas:vulnerability</h4>
<div class="paragraph">
<p>Vulnerability</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infoleak">infoleak</h3>
<div class="sect3">
<h4 id="_csirt_americasinfoleak">csirt-americas:infoleak</h4>
<div class="paragraph">
<p>Information leak</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_compromise">compromise</h3>
<div class="sect3">
<h4 id="_csirt_americascompromise">csirt-americas:compromise</h4>
<div class="paragraph">
<p>System compromise</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_4">other</h3>
<div class="sect3">
<h4 id="_csirt_americasother">csirt-americas:other</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_csirt_case_classification">csirt_case_classification</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
csirt_case_classification namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/csirt_case_classification/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>It is critical that the CSIRT provide consistent and timely response to the customer, and that sensitive information is handled appropriately. This document provides the guidelines needed for CSIRT Incident Managers (IM) to classify the case category, criticality level, and sensitivity level for each CSIRT case. This information will be entered into the Incident Tracking System (ITS) when a case is created. Consistent case classification is required for the CSIRT to provide accurate reporting to management on a regular basis. In addition, the classifications will provide CSIRT IMs with proper case handling procedures and will form the basis of SLAs between the CSIRT and other Company departments.</p>
</div>
<div class="sect2">
<h3 id="_incident_category">incident-category</h3>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categorydos">csirt_case_classification:incident-category="DOS"</h4>
<div class="paragraph">
<p>Denial of service / Distributed Denial of service</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categoryforensics">csirt_case_classification:incident-category="forensics"</h4>
<div class="paragraph">
<p>Forensics work</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categorycompromised_information">csirt_case_classification:incident-category="compromised-information"</h4>
<div class="paragraph">
<p>Attempted or successful destruction, corruption, or disclosure of sensitive corporate information or Intellectual Property</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categorycompromised_asset">csirt_case_classification:incident-category="compromised-asset"</h4>
<div class="paragraph">
<p>Compromised host (root account, Trojan, rootkit), network device, application, user account.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categoryunlawful_activity">csirt_case_classification:incident-category="unlawful-activity"</h4>
<div class="paragraph">
<p>Theft / Fraud / Human Safety / Child Porn</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categoryinternal_hacking">csirt_case_classification:incident-category="internal-hacking"</h4>
<div class="paragraph">
<p>Reconnaissance or Suspicious activity originating from inside the Company corporate network, excluding malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categoryexternal_hacking">csirt_case_classification:incident-category="external-hacking"</h4>
<div class="paragraph">
<p>Reconnaissance or Suspicious Activity originating from outside the Company corporate network (partner network, Internet), excluding malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categorymalware">csirt_case_classification:incident-category="malware"</h4>
<div class="paragraph">
<p>A virus or worm typically affecting multiple corporate devices. This does not include compromised hosts that are being actively controlled by an attacker via a backdoor or Trojan.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categoryemail">csirt_case_classification:incident-category="email"</h4>
<div class="paragraph">
<p>Spoofed email, SPAM, and other email security-related events.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categoryconsulting">csirt_case_classification:incident-category="consulting"</h4>
<div class="paragraph">
<p>Security consulting unrelated to any confirmed incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationincident_categorypolicy_violation">csirt_case_classification:incident-category="policy-violation"</h4>
<div class="paragraph">
<p>Violation of various policies</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_criticality_classification">criticality-classification</h3>
<div class="sect3">
<h4 id="_csirt_case_classificationcriticality_classification1">csirt_case_classification:criticality-classification="1"</h4>
<div class="paragraph">
<p>Incident affecting critical systems or information with potential to be revenue or customer impacting.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationcriticality_classification2">csirt_case_classification:criticality-classification="2"</h4>
<div class="paragraph">
<p>Incident affecting non-critical systems or information, not revenue or customer impacting. Employee investigations that are time sensitive should typically be classified at this level.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationcriticality_classification3">csirt_case_classification:criticality-classification="3"</h4>
<div class="paragraph">
<p>Possible incident, non-critical systems. Incident or employee investigations that are not time sensitive. Long-term investigations involving extensive research and/or detailed forensic work.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sensitivity_classification">sensitivity-classification</h3>
<div class="sect3">
<h4 id="_csirt_case_classificationsensitivity_classification1">csirt_case_classification:sensitivity-classification="1"</h4>
<div class="paragraph">
<p>Extremely Sensitive</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationsensitivity_classification2">csirt_case_classification:sensitivity-classification="2"</h4>
<div class="paragraph">
<p>Sensitive</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classificationsensitivity_classification3">csirt_case_classification:sensitivity-classification="3"</h4>
<div class="paragraph">
<p>Not Sensitive</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_cssa">cssa</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cssa namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/cssa/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The CSSA agreed sharing taxonomy.</p>
</div>
<div class="sect2">
<h3 id="_sharing_class">sharing-class</h3>
<div class="sect3">
<h4 id="_cssasharing_classhigh_profile">cssa:sharing-class="high_profile"</h4>
<div class="paragraph">
<p>Generated within the company during incident/case related investigations or forensic analysis or via malware reversing, validated by humans and highly contextualized.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="95"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssasharing_classvetted">cssa:sharing-class="vetted"</h4>
<div class="paragraph">
<p>Generated within the company, validated by a human prior to sharing, data points have been contextualized (to a degree) e.g. IPs are related to C2 or drop site.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssasharing_classunvetted">cssa:sharing-class="unvetted"</h4>
<div class="paragraph">
<p>Generated within the company by automated means without human interaction e.g., by malware sandbox, honeypots, IDS, etc.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="10"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_report">report</h3>
<div class="sect3">
<h4 id="_cssareportdetails">cssa:report="details"</h4>
<div class="paragraph">
<p>Description of the incidence.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssareportlink">cssa:report="link"</h4>
<div class="paragraph">
<p>Link to the original report location.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssareportattached">cssa:report="attached"</h4>
<div class="paragraph">
<p>Attached report.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_origin_2">origin</h3>
<div class="sect3">
<h4 id="_cssaoriginmanual_investigation">cssa:origin="manual_investigation"</h4>
<div class="paragraph">
<p>Information gathered by an analyst/incident responder/forensic expert/etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssaoriginhoneypot">cssa:origin="honeypot"</h4>
<div class="paragraph">
<p>Information coming out of honeypots.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssaoriginsandbox">cssa:origin="sandbox"</h4>
<div class="paragraph">
<p>Information coming out of sandboxes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssaoriginemail">cssa:origin="email"</h4>
<div class="paragraph">
<p>Information coming out of email infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssaorigin3rd_party">cssa:origin="3rd-party"</h4>
<div class="paragraph">
<p>Information from outside the company.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssaoriginreport">cssa:origin="report"</h4>
<div class="paragraph">
<p>Information coming from a report.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssaoriginother">cssa:origin="other"</h4>
<div class="paragraph">
<p>If none of the other origins applies.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cssaoriginunknown">cssa:origin="unknown"</h4>
<div class="paragraph">
<p>Origin of the data unknown.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_analyse">analyse</h3>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_cti">cti</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cti namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/cti/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Cyber Threat Intelligence cycle to control workflow state of your process.</p>
</div>
<div class="sect2">
<h3 id="_planning">planning</h3>
<div class="paragraph">
<p>CTI requirementes being generated.</p>
</div>
<div class="sect3">
<h4 id="_ctiplanning">cti:planning</h4>
<div class="paragraph">
<p>Phase</p>
</div>
<div class="paragraph">
<p>CTI requirementes being generated.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_collection">collection</h3>
<div class="paragraph">
<p>Data collection initiated.</p>
</div>
<div class="sect3">
<h4 id="_cticollection">cti:collection</h4>
<div class="paragraph">
<p>Phase</p>
</div>
<div class="paragraph">
<p>Data collection initiated.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_processing_and_analysis">processing-and-analysis</h3>
<div class="paragraph">
<p>Data is being processed and analyzed</p>
</div>
<div class="sect3">
<h4 id="_ctiprocessing_and_analysis">cti:processing-and-analysis</h4>
<div class="paragraph">
<p>Phase</p>
</div>
<div class="paragraph">
<p>Data is being processed and analyzed</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dissemination_done">dissemination-done</h3>
<div class="paragraph">
<p>CTI product created and delivered to stakeholders.</p>
</div>
<div class="sect3">
<h4 id="_ctidissemination_done">cti:dissemination-done</h4>
<div class="paragraph">
<p>Phase</p>
</div>
<div class="paragraph">
<p>CTI product created and delivered to stakeholders.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_feedback_received">feedback-received</h3>
<div class="paragraph">
<p>Feedback received by stakeholders.</p>
</div>
<div class="sect3">
<h4 id="_ctifeedback_received">cti:feedback-received</h4>
<div class="paragraph">
<p>Phase</p>
</div>
<div class="paragraph">
<p>Feedback received by stakeholders.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_feedback_pending">feedback-pending</h3>
<div class="paragraph">
<p>Feedback pending by stakeholders.</p>
</div>
<div class="sect3">
<h4 id="_ctifeedback_pending">cti:feedback-pending</h4>
<div class="paragraph">
<p>Phase</p>
</div>
<div class="paragraph">
<p>Feedback pending by stakeholders.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_current_event">current-event</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
current-event namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/current-event/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Current events - Schemes of Classification in Incident Response and Detection</p>
</div>
<div class="sect2">
<h3 id="_pandemic">pandemic</h3>
<div class="sect3">
<h4 id="_current_eventpandemicsars_cov">current-event:pandemic="sars-cov"</h4>
<div class="paragraph">
<p>SARS-CoV 2003</p>
</div>
</div>
<div class="sect3">
<h4 id="_current_eventpandemiccovid_19">current-event:pandemic="covid-19"</h4>
<div class="paragraph">
<p>COVID-19</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_election">election</h3>
<div class="sect3">
<h4 id="_current_eventelectioneu_par_2019">current-event:election="eu-par-2019"</h4>
<div class="paragraph">
<p>European Parliament election, 2019</p>
</div>
</div>
<div class="sect3">
<h4 id="_current_eventelectionus_pres_2020">current-event:election="us-pres-2020"</h4>
<div class="paragraph">
<p>United States Presidential election, 2020</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_cyber_threat_framework">cyber-threat-framework</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cyber-threat-framework namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/cyber-threat-framework/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of cyber adversaries. <a href="https://www.dni.gov/index.php/cyber-threat-framework" class="bare">https://www.dni.gov/index.php/cyber-threat-framework</a></p>
</div>
<div class="sect2">
<h3 id="_preparation">Preparation</h3>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpreparationplan_activity">cyber-threat-framework:Preparation="plan-activity"</h4>
<div class="paragraph">
<p>Plan activity</p>
</div>
<div class="paragraph">
<p>Associated numerical value="10"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpreparationconduct_research_and_analysis">cyber-threat-framework:Preparation="conduct-research-and-analysis"</h4>
<div class="paragraph">
<p>Conduct research &amp; analysis</p>
</div>
<div class="paragraph">
<p>Associated numerical value="11"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpreparationdevelop_resource_and_capabilities">cyber-threat-framework:Preparation="develop-resource-and-capabilities"</h4>
<div class="paragraph">
<p>Develop resources &amp; capabilities</p>
</div>
<div class="paragraph">
<p>Associated numerical value="12"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpreparationacquire_victim_and_specific_knowledge">cyber-threat-framework:Preparation="acquire-victim-and-specific-knowledge"</h4>
<div class="paragraph">
<p>Acquire victim &amp; specific knowledge</p>
</div>
<div class="paragraph">
<p>Associated numerical value="13"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpreparationcomplete_preparations">cyber-threat-framework:Preparation="complete-preparations"</h4>
<div class="paragraph">
<p>Complete preparations</p>
</div>
<div class="paragraph">
<p>Associated numerical value="14"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_engagement">Engagement</h3>
<div class="sect3">
<h4 id="_cyber_threat_frameworkengagementdeploy_capability">cyber-threat-framework:Engagement="deploy-capability"</h4>
<div class="paragraph">
<p>Deploy capability</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkengagementinteract_with_intended_victim">cyber-threat-framework:Engagement="interact-with-intended-victim"</h4>
<div class="paragraph">
<p>Interact with intended victim</p>
</div>
<div class="paragraph">
<p>Associated numerical value="21"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkengagementexploit_vulnerabilities">cyber-threat-framework:Engagement="exploit-vulnerabilities"</h4>
<div class="paragraph">
<p>Exploit vulnerabilities</p>
</div>
<div class="paragraph">
<p>Associated numerical value="22"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkengagementdeliver_malicious_capabilities">cyber-threat-framework:Engagement="deliver-malicious-capabilities"</h4>
<div class="paragraph">
<p>Deliver malicious capabilities</p>
</div>
<div class="paragraph">
<p>Associated numerical value="23"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_presence">Presence</h3>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpresenceestablish_controlled_access">cyber-threat-framework:Presence="establish-controlled-access"</h4>
<div class="paragraph">
<p>Establish controlled access</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpresencehide">cyber-threat-framework:Presence="hide"</h4>
<div class="paragraph">
<p>Hide</p>
</div>
<div class="paragraph">
<p>Associated numerical value="31"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpresenceexpand_presence">cyber-threat-framework:Presence="expand-presence"</h4>
<div class="paragraph">
<p>Expand presence</p>
</div>
<div class="paragraph">
<p>Associated numerical value="32"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpresencerefine_focus_of_activity">cyber-threat-framework:Presence="refine-focus-of-activity"</h4>
<div class="paragraph">
<p>Refine focus of activity</p>
</div>
<div class="paragraph">
<p>Associated numerical value="33"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkpresenceestablish_persistence">cyber-threat-framework:Presence="establish-persistence"</h4>
<div class="paragraph">
<p>Establish persistence</p>
</div>
<div class="paragraph">
<p>Associated numerical value="34"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_effectconsequence">Effect/Consequence</h3>
<div class="sect3">
<h4 id="_cyber_threat_frameworkeffectconsequenceenable_other_operations">cyber-threat-framework:Effect/Consequence="enable-other-operations"</h4>
<div class="paragraph">
<p>Enable other operations</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkeffectconsequencedeny_access">cyber-threat-framework:Effect/Consequence="deny-access"</h4>
<div class="paragraph">
<p>Deny access</p>
</div>
<div class="paragraph">
<p>Associated numerical value="41"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkeffectconsequenceextract_data">cyber-threat-framework:Effect/Consequence="extract-data"</h4>
<div class="paragraph">
<p>Extract data</p>
</div>
<div class="paragraph">
<p>Associated numerical value="42"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkeffectconsequencealter_data_and_or_computer_network_or_system_behavior">cyber-threat-framework:Effect/Consequence="alter-data-and-or-computer-network-or-system-behavior"</h4>
<div class="paragraph">
<p>Alter data and/or computer, network or system behavior</p>
</div>
<div class="paragraph">
<p>Associated numerical value="43"</p>
</div>
</div>
<div class="sect3">
<h4 id="_cyber_threat_frameworkeffectconsequencedestroy_hardware_software_or_data">cyber-threat-framework:Effect/Consequence="destroy-hardware-software-or-data"</h4>
<div class="paragraph">
<p>Destroy HW/SW/data</p>
</div>
<div class="paragraph">
<p>Associated numerical value="44"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_cycat">cycat</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cycat namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/cycat/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy used by CyCAT, the Universal Cybersecurity Resource Catalogue, to categorize the namespaces it supports and uses.</p>
</div>
<div class="sect2">
<h3 id="_type_2">type</h3>
<div class="paragraph">
<p>Type of entry in the catalogue.</p>
</div>
<div class="sect3">
<h4 id="_cycattypetool">cycat:type="tool"</h4>
<div class="paragraph">
<p>Tool</p>
</div>
<div class="paragraph">
<p>Open source or proprietary tool used in cybersecurity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypeplaybook">cycat:type="playbook"</h4>
<div class="paragraph">
<p>Playbook</p>
</div>
<div class="paragraph">
<p>Playbook, such as a defined set of rules with one or more actions triggered by different events to respond to, orchestrate or automate cybersecurity related actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypetaxonomy">cycat:type="taxonomy"</h4>
<div class="paragraph">
<p>Taxonomy</p>
</div>
<div class="paragraph">
<p>Cybersecurity taxonomy is a set of labels used to classify (in both terms - arrange in classes or/and design to national classification) cybersecurity related information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattyperule">cycat:type="rule"</h4>
<div class="paragraph">
<p>Rule</p>
</div>
<div class="paragraph">
<p>Detection rule or set of detection rules used in the cybersecurity field. Rulesets can be in different formats for (N/L)IDS/SIEM (such as Snort, Suricata, Zeek, SIGMA or YARA) or any other tool capable of parsing them.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypenotebook">cycat:type="notebook"</h4>
<div class="paragraph">
<p>Notebook</p>
</div>
<div class="paragraph">
<p>Interactive document to code, experiment, train or visualize cybersecurity-related information. A notebook can be transcribed in a format such as Jupyter Notebooks, Apache Zeppelin, Pluton or Google Colab.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypevulnerability">cycat:type="vulnerability"</h4>
<div class="paragraph">
<p>Vulnerability</p>
</div>
<div class="paragraph">
<p>Public or non-public information about a security vulnerability in a specific software, hardware or service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypeproof_of_concept">cycat:type="proof-of-concept"</h4>
<div class="paragraph">
<p>Proof-of-concept</p>
</div>
<div class="paragraph">
<p>Code to validate a known vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypefingerprint">cycat:type="fingerprint"</h4>
<div class="paragraph">
<p>Fingerprint</p>
</div>
<div class="paragraph">
<p>Code to uniquely identify specific cybersecurity-relevant patterns. Fingerprints can be expressed in different formats such as ja3, ja3s, hassh, jarm or favicon-mmh3.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypemitigation">cycat:type="mitigation"</h4>
<div class="paragraph">
<p>Mitigation</p>
</div>
<div class="paragraph">
<p>Mitigating control to prevent unwanted activity from happening, like a specific configuration of the operating system/tools or an implementation policy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycattypedataset">cycat:type="dataset"</h4>
<div class="paragraph">
<p>Dataset</p>
</div>
<div class="paragraph">
<p>Dataset for validation of detections and tool stacks,</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_scope">scope</h3>
<div class="paragraph">
<p>Scope of usage for the entry in the catalogue.</p>
</div>
<div class="sect3">
<h4 id="_cycatscopeidentify">cycat:scope="identify"</h4>
<div class="paragraph">
<p>Identify</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscopeprotect">cycat:scope="protect"</h4>
<div class="paragraph">
<p>Protect</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscopedetect">cycat:scope="detect"</h4>
<div class="paragraph">
<p>Detect</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscoperespond">cycat:scope="respond"</h4>
<div class="paragraph">
<p>Respond</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscoperecover">cycat:scope="recover"</h4>
<div class="paragraph">
<p>Recover</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscopeexploit">cycat:scope="exploit"</h4>
<div class="paragraph">
<p>Exploit</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscopeinvestigate">cycat:scope="investigate"</h4>
<div class="paragraph">
<p>Investigate</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscopetrain">cycat:scope="train"</h4>
<div class="paragraph">
<p>Train</p>
</div>
</div>
<div class="sect3">
<h4 id="_cycatscopetest">cycat:scope="test"</h4>
<div class="paragraph">
<p>Test</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_cytomic_orion">cytomic-orion</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
cytomic-orion namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/cytomic-orion/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy to describe desired actions for Cytomic Orion</p>
</div>
<div class="sect2">
<h3 id="_action">action</h3>
<div class="paragraph">
<p>Desired action of background jobs with the API</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_cytomic_orionactionupload">cytomic-orion:action="upload"</h4>
<div class="paragraph">
<p>upload</p>
</div>
<div class="paragraph">
<p>Upload IOC to Cytomic Orion</p>
</div>
</div>
<div class="sect3">
<h4 id="_cytomic_orionactiondelete">cytomic-orion:action="delete"</h4>
<div class="paragraph">
<p>delete</p>
</div>
<div class="paragraph">
<p>Delete IOC from Cytomic Orion</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dark_web">dark-web</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
dark-web namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/dark-web/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Criminal motivation on the dark web: A categorisation model for law enforcement. ref: Janis Dalins, Campbell Wilson, Mark Carman. Taxonomy updated by MISP Project</p>
</div>
<div class="sect2">
<h3 id="_topic_2">topic</h3>
<div class="paragraph">
<p>Topic associated with the materials tagged</p>
</div>
<div class="sect3">
<h4 id="_dark_webtopicdrugs_narcotics">dark-web:topic="drugs-narcotics"</h4>
<div class="paragraph">
<p>Drugs/Narcotics</p>
</div>
<div class="paragraph">
<p>Illegal drugs/chemical compounds for consumption/ingestion - either via blanket unlawfulness (e.g. proscribed drugs) or via unlawful access (e.g. prescription-only/restricted medications sold without lawful accessibility).</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicelectronics">dark-web:topic="electronics"</h4>
<div class="paragraph">
<p>Electronics</p>
</div>
<div class="paragraph">
<p>Electronics and high tech materials, described or to sell for example.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicfinance">dark-web:topic="finance"</h4>
<div class="paragraph">
<p>Finance</p>
</div>
<div class="paragraph">
<p>Any monetary/currency/exchangeable materials. Includes carding, Paypal etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicfinance_crypto">dark-web:topic="finance-crypto"</h4>
<div class="paragraph">
<p>CryptoFinance</p>
</div>
<div class="paragraph">
<p>Any monetary/currency/exchangeable materials based on cryptocurrencies. Includes Bitcoin, Litecoin etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopiccredit_card">dark-web:topic="credit-card"</h4>
<div class="paragraph">
<p>Credit-Card</p>
</div>
<div class="paragraph">
<p>Credit cards and payments materials</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopiccash_in">dark-web:topic="cash-in"</h4>
<div class="paragraph">
<p>Cash-in</p>
</div>
<div class="paragraph">
<p>Buying parts of assets, conversion from liquid assets, currency, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopiccash_out">dark-web:topic="cash-out"</h4>
<div class="paragraph">
<p>Cash-out</p>
</div>
<div class="paragraph">
<p>Selling parts of assets, conversion to liquid assets, currency, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicescrow">dark-web:topic="escrow"</h4>
<div class="paragraph">
<p>Escrow</p>
</div>
<div class="paragraph">
<p>Third party keeping assets in behalf of two other parties making a transactions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopichacking">dark-web:topic="hacking"</h4>
<div class="paragraph">
<p>Hacking</p>
</div>
<div class="paragraph">
<p>Materials relating to the illegal access to or alteration of data and/or electronic services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicidentification_credentials">dark-web:topic="identification-credentials"</h4>
<div class="paragraph">
<p>Identification/Credentials</p>
</div>
<div class="paragraph">
<p>Materials used for providing/establishing identification with third parties. Examples include passports, driver licenses and login credentials.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicintellectual_property_copyright_materials">dark-web:topic="intellectual-property-copyright-materials"</h4>
<div class="paragraph">
<p>Intellectual Property/Copyright Materials</p>
</div>
<div class="paragraph">
<p>Otherwise lawful materials stored, transferred or made available without consent of their legal rights holders.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicpornography_adult">dark-web:topic="pornography-adult"</h4>
<div class="paragraph">
<p>Pornography - Adult</p>
</div>
<div class="paragraph">
<p>Lawful, ethical pornography (i.e. involving only consenting adults).</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicpornography_child_exploitation">dark-web:topic="pornography-child-exploitation"</h4>
<div class="paragraph">
<p>Pornography - Child (Child Exploitation)</p>
</div>
<div class="paragraph">
<p>Child abuse materials (aka child pornography), including 'fantasy' fiction materials, CGI. Also includes the provision/offering of child abuse materials and/or activities</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicpornography_illicit_or_illegal">dark-web:topic="pornography-illicit-or-illegal"</h4>
<div class="paragraph">
<p>Pornography - Illicit or Illegal</p>
</div>
<div class="paragraph">
<p>Illegal pornography NOT including children/child abuse. Includes bestiality, stolen/revenge porn, hidden cameras etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicsearch_engine_index">dark-web:topic="search-engine-index"</h4>
<div class="paragraph">
<p>Search Engine/Index</p>
</div>
<div class="paragraph">
<p>Site providing links/references to other sites/services. Referred to as a nexus by (Moore and Rid, 2016)</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicunclear">dark-web:topic="unclear"</h4>
<div class="paragraph">
<p>Unclear</p>
</div>
<div class="paragraph">
<p>Unable to completely establish topic of material.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicextremism">dark-web:topic="extremism"</h4>
<div class="paragraph">
<p>Extremism</p>
</div>
<div class="paragraph">
<p>Illegal or of concern levels of extremist ideology. Note this does not provide blanket coverage of fundamentalist ideologies and dogma - only those associated with illegal acts. Socialist/anarchist/religious materials (for example) will not be included unless inclusive or indicative of associated illegal conduct, such as hate crimes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicviolence">dark-web:topic="violence"</h4>
<div class="paragraph">
<p>Violence</p>
</div>
<div class="paragraph">
<p>Materials relating to violence against persons or property.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicweapons">dark-web:topic="weapons"</h4>
<div class="paragraph">
<p>Weapons</p>
</div>
<div class="paragraph">
<p>Materials specifically associated with materials and/or items for use in violent acts against persons or property. Examples include firearms and bomb-making ingredients.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicsoftwares">dark-web:topic="softwares"</h4>
<div class="paragraph">
<p>Softwares</p>
</div>
<div class="paragraph">
<p>Illegal or armful software distribution</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopiccounteir_feit_materials">dark-web:topic="counteir-feit-materials"</h4>
<div class="paragraph">
<p>Counter-feit materials</p>
</div>
<div class="paragraph">
<p>Fake identification papers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicgambling">dark-web:topic="gambling"</h4>
<div class="paragraph">
<p>Gambling</p>
</div>
<div class="paragraph">
<p>Games involving money</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopiclibrary">dark-web:topic="library"</h4>
<div class="paragraph">
<p>Library</p>
</div>
<div class="paragraph">
<p>Library or list of books</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicother_not_illegal">dark-web:topic="other-not-illegal"</h4>
<div class="paragraph">
<p>Other not illegal</p>
</div>
<div class="paragraph">
<p>Material not of interest to law enforcement - e.g. personal sites, Facebook mirrors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopiclegitimate">dark-web:topic="legitimate"</h4>
<div class="paragraph">
<p>Legitimate</p>
</div>
<div class="paragraph">
<p>Legitimate websites</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicchat">dark-web:topic="chat"</h4>
<div class="paragraph">
<p>Chats platforms</p>
</div>
<div class="paragraph">
<p>Chats space or equivalent, which are not forums</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicmixer">dark-web:topic="mixer"</h4>
<div class="paragraph">
<p>Mixer</p>
</div>
<div class="paragraph">
<p>Anonymization tools for crypto-currencies transactions</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicmystery_box">dark-web:topic="mystery-box"</h4>
<div class="paragraph">
<p>Mystery-Box</p>
</div>
<div class="paragraph">
<p>Mystery Box seller</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicanonymizer">dark-web:topic="anonymizer"</h4>
<div class="paragraph">
<p>Anonymizer</p>
</div>
<div class="paragraph">
<p>Anonymization tools</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicvpn_provider">dark-web:topic="vpn-provider"</h4>
<div class="paragraph">
<p>VPN-Provider</p>
</div>
<div class="paragraph">
<p>Provides VPN services and related</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicemail_provider">dark-web:topic="email-provider"</h4>
<div class="paragraph">
<p>EMail-Provider</p>
</div>
<div class="paragraph">
<p>Provides e-mail services and related</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicponies">dark-web:topic="ponies"</h4>
<div class="paragraph">
<p>Ponies</p>
</div>
<div class="paragraph">
<p>self-explanatory. It&#8217;s ponies</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicgames">dark-web:topic="games"</h4>
<div class="paragraph">
<p>Games</p>
</div>
<div class="paragraph">
<p>Flash or online games</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicparody">dark-web:topic="parody"</h4>
<div class="paragraph">
<p>Parody or Joke</p>
</div>
<div class="paragraph">
<p>Meme, Parody, Jokes, Trolling, &#8230;&#8203;</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicwhistleblower">dark-web:topic="whistleblower"</h4>
<div class="paragraph">
<p>Whistleblower</p>
</div>
<div class="paragraph">
<p>Exposition and sharing of confidential information with protection of the witness in mind</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webtopicransomware_group">dark-web:topic="ransomware-group"</h4>
<div class="paragraph">
<p>Ransomware Group</p>
</div>
<div class="paragraph">
<p>Ransomware group PR or leak website</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_motivation">motivation</h3>
<div class="paragraph">
<p>Motivation with the materials tagged</p>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationeducation_training">dark-web:motivation="education-training"</h4>
<div class="paragraph">
<p>Education &amp; Training</p>
</div>
<div class="paragraph">
<p>Materials providing instruction - e.g. how to guides</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationwiki">dark-web:motivation="wiki"</h4>
<div class="paragraph">
<p>Wiki</p>
</div>
<div class="paragraph">
<p>Wiki pages, documentation and information display</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationforum">dark-web:motivation="forum"</h4>
<div class="paragraph">
<p>Forum</p>
</div>
<div class="paragraph">
<p>Sites specifically designed for multiple users to communicate as peers</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationfile_sharing">dark-web:motivation="file-sharing"</h4>
<div class="paragraph">
<p>File Sharing</p>
</div>
<div class="paragraph">
<p>General file sharing, typically (but not limited to) movie/image sharing</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationhosting">dark-web:motivation="hosting"</h4>
<div class="paragraph">
<p>Hosting</p>
</div>
<div class="paragraph">
<p>Hosting providers, e-mails, websites, file-storage etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationddos_services">dark-web:motivation="ddos-services"</h4>
<div class="paragraph">
<p>DDoS-Services</p>
</div>
<div class="paragraph">
<p>Stresser, Booter, DDoSer, DDoS as a Service provider, DDoS tools, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationgeneral">dark-web:motivation="general"</h4>
<div class="paragraph">
<p>General</p>
</div>
<div class="paragraph">
<p>Materials not covered by the other motivations. Typically, materials of a nature not of interest to law enforcement. For example, personal biography sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationinformation_sharing_reportage">dark-web:motivation="information-sharing-reportage"</h4>
<div class="paragraph">
<p>Information Sharing/Reportage</p>
</div>
<div class="paragraph">
<p>Journalism/reporting on topics. Can include biased coverage, but obvious propaganda materials are covered by Recruitment/Advocacy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationscam">dark-web:motivation="scam"</h4>
<div class="paragraph">
<p>Scam</p>
</div>
<div class="paragraph">
<p>Intentional confidence trick to fraud people or group of people</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationpolitical_speech">dark-web:motivation="political-speech"</h4>
<div class="paragraph">
<p>Political-Speech</p>
</div>
<div class="paragraph">
<p>Political, activism, without extremism.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationconspirationist">dark-web:motivation="conspirationist"</h4>
<div class="paragraph">
<p>Conspirationist</p>
</div>
<div class="paragraph">
<p>Conspirationist content, fake news, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationhate_speech">dark-web:motivation="hate-speech"</h4>
<div class="paragraph">
<p>Hate-Speech</p>
</div>
<div class="paragraph">
<p>Racism, violent, hate&#8230;&#8203; speech.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationreligious">dark-web:motivation="religious"</h4>
<div class="paragraph">
<p>Religious</p>
</div>
<div class="paragraph">
<p>Religious, faith, doctrinal related content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationmarketplace_for_sale">dark-web:motivation="marketplace-for-sale"</h4>
<div class="paragraph">
<p>Marketplace/For Sale</p>
</div>
<div class="paragraph">
<p>Services/goods for sale, regardless of means of payment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationsmuggling">dark-web:motivation="smuggling"</h4>
<div class="paragraph">
<p>Smuggling</p>
</div>
<div class="paragraph">
<p>Information or trading of wild animals, prohibited goods, &#8230;&#8203;</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationrecruitment_advocacy">dark-web:motivation="recruitment-advocacy"</h4>
<div class="paragraph">
<p>Recruitment/Advocacy</p>
</div>
<div class="paragraph">
<p>Propaganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationsystem_placeholder">dark-web:motivation="system-placeholder"</h4>
<div class="paragraph">
<p>System/Placeholder</p>
</div>
<div class="paragraph">
<p>Automatically generated content, not designed for any identifiable purpose other than diagnostics - e.g. “It Works” message provided by default by Apache2</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webmotivationunclear">dark-web:motivation="unclear"</h4>
<div class="paragraph">
<p>Unclear</p>
</div>
<div class="paragraph">
<p>Unable to completely establish motivation of material.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_structure">structure</h3>
<div class="paragraph">
<p>Structure of the materials tagged</p>
</div>
<div class="sect3">
<h4 id="_dark_webstructureincomplete">dark-web:structure="incomplete"</h4>
<div class="paragraph">
<p>Incomplete websites or information</p>
</div>
<div class="paragraph">
<p>Websites and pages that are unable to load completely properly</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructurecaptcha">dark-web:structure="captcha"</h4>
<div class="paragraph">
<p>Captcha and Solvers</p>
</div>
<div class="paragraph">
<p>Captchas and solvers elements</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructurelogin_forms">dark-web:structure="login-forms"</h4>
<div class="paragraph">
<p>Logins forms and gates</p>
</div>
<div class="paragraph">
<p>Authentication pages, login page, login forms that block access to an internal part of a website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructurecontact_forms">dark-web:structure="contact-forms"</h4>
<div class="paragraph">
<p>Contact forms and gates</p>
</div>
<div class="paragraph">
<p>Forms to perform a contact request, send an e-mail, fill information, enter a password, &#8230;&#8203;</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructureencryption_keys">dark-web:structure="encryption-keys"</h4>
<div class="paragraph">
<p>Encryption and decryption keys</p>
</div>
<div class="paragraph">
<p>e.g. PGP Keys, passwords, &#8230;&#8203;</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructurepolice_notice">dark-web:structure="police-notice"</h4>
<div class="paragraph">
<p>Police Notice</p>
</div>
<div class="paragraph">
<p>Closed websites, with police-equivalent banners</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructurelegal_statement">dark-web:structure="legal-statement"</h4>
<div class="paragraph">
<p>Legal-Statement</p>
</div>
<div class="paragraph">
<p>RGPD statement, Privacy-policy, guidelines of a websites or forum&#8230;&#8203;</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructuretest">dark-web:structure="test"</h4>
<div class="paragraph">
<p>Test</p>
</div>
<div class="paragraph">
<p>Test websites without any real consequences or effects</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructurevideos">dark-web:structure="videos"</h4>
<div class="paragraph">
<p>Videos</p>
</div>
<div class="paragraph">
<p>Videos and streaming</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructureunclear">dark-web:structure="unclear"</h4>
<div class="paragraph">
<p>Unclear</p>
</div>
<div class="paragraph">
<p>Unable to completely establish structure of material.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_data_classification">data-classification</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
data-classification namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/data-classification/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book.</p>
</div>
<div class="sect2">
<h3 id="_regulated_data">regulated-data</h3>
<div class="paragraph">
<p>Data which is regulated under a specific regulation or law such as PII, SPD, PCI or PHI.</p>
</div>
<div class="sect3">
<h4 id="_data_classificationregulated_data">data-classification:regulated-data</h4>
<div class="paragraph">
<p>Regulated data</p>
</div>
<div class="paragraph">
<p>Data which is regulated under a specific regulation or law such as PII, SPD, PCI or PHI.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_commercially_confidential_information">commercially-confidential-information</h3>
<div class="paragraph">
<p>Data which represents a specific commercial value and is confidential to an organisation such as trade secrets, customer accounts.</p>
</div>
<div class="sect3">
<h4 id="_data_classificationcommercially_confidential_information">data-classification:commercially-confidential-information</h4>
<div class="paragraph">
<p>Commercially confidential information (CCI)</p>
</div>
<div class="paragraph">
<p>Data which represents a specific commercial value and is confidential to an organisation such as trade secrets, customer accounts.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_financially_sensitive_information">financially-sensitive-information</h3>
<div class="paragraph">
<p>Data which represents a specific financial value to an organisation such as payroll, investment information.</p>
</div>
<div class="sect3">
<h4 id="_data_classificationfinancially_sensitive_information">data-classification:financially-sensitive-information</h4>
<div class="paragraph">
<p>Financially sensitive information (FSI)</p>
</div>
<div class="paragraph">
<p>Data which represents a specific financial value to an organisation such as payroll, investment information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_valuation_sensitive_information">valuation-sensitive-information</h3>
<div class="paragraph">
<p>Data which is sensitive to the valuation of an organisation such as inside information (as defined by a Financial Services Authority).</p>
</div>
<div class="sect3">
<h4 id="_data_classificationvaluation_sensitive_information">data-classification:valuation-sensitive-information</h4>
<div class="paragraph">
<p>Valuation sensitive information (VSI)</p>
</div>
<div class="paragraph">
<p>Data which is sensitive to the valuation of an organisation such as inside information (as defined by a Financial Services Authority).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sensitive_information">sensitive-information</h3>
<div class="paragraph">
<p>Data which is sensitive such as email or letters.</p>
</div>
<div class="sect3">
<h4 id="_data_classificationsensitive_information">data-classification:sensitive-information</h4>
<div class="paragraph">
<p>Sensitive information</p>
</div>
<div class="paragraph">
<p>Data which is sensitive such as email or letters.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dcso_sharing">dcso-sharing</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
dcso-sharing namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/dcso-sharing/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy defined in the DCSO MISP Event Guide. It provides guidance for the creation and consumption of MISP events in a way that minimises the extra effort for the sending party, while enhancing the usefulness for receiving parties.</p>
</div>
<div class="sect2">
<h3 id="_event_type">event-type</h3>
<div class="sect3">
<h4 id="_dcso_sharingevent_typeobservation">dcso-sharing:event-type="Observation"</h4>
<div class="paragraph">
<p>This event describes traits and indicators closely related to a single entity, like an email campaign or sighting of a reference sample on VirusTotal. Events of this type are typically created by CSOC staff and may be verified by analysts. Observed and verified indicators would be consumed by automated filtering systems in order to support near-time threat prevention. In retrospect, observations could be correlated with reports and analysis events in order to help understand the motivation for an attack and to reassess the associated risk.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dcso_sharingevent_typeincident">dcso-sharing:event-type="Incident"</h4>
<div class="paragraph">
<p>This event describes traits and indicators related to a security incident. As such, the event may refer to multiple entities like organizations, bank account numbers, files, and URLs. Events of this type contain first-hand information, that is, the reporting organization took part in the analysis of the incident. Use event type "Report" for second-hand information. Events of this type are typically created and consumed by analysts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dcso_sharingevent_typereport">dcso-sharing:event-type="Report"</h4>
<div class="paragraph">
<p>Traceability of indicators can be essential to document compliance of processes with legal obligations or company regulations. This event preserves a report to document the origin and context of indicators. Events of this type need to be checked by a human to ensure correct reproduction of indicators and context. Intended consumers are automated processes. Events may also serve as a basis for analysis reports or to justify preventive measures. If your organization is or was directly involved in an incident and you want to provide a first-hand account, then please use event type "Incident" instead.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dcso_sharingevent_typeanalysis">dcso-sharing:event-type="Analysis"</h4>
<div class="paragraph">
<p>This event builds on "observation", "incident", and "report" events; adds enrichments; and provides context. Events of this type will be created by analysts with support by automated tools. Analysts are also the main consumers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dcso_sharingevent_typecollection">dcso-sharing:event-type="Collection"</h4>
<div class="paragraph">
<p>This event collects unrelated IoCs. For example, an event could combine all network IoCs that were learned of during a day or a week from events of other types.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ddos_2">ddos</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ddos namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ddos/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Distributed Denial of Service - or short: DDoS - taxonomy supports the description of Denial of Service attacks and especially the types they belong too.</p>
</div>
<div class="sect2">
<h3 id="_type_3">type</h3>
<div class="paragraph">
<p>Types and techniques described the way that the attack is performed to launch the Denial of Service attacks. A combination of type values can be used to explain combined techniques and methods.</p>
</div>
<div class="sect3">
<h4 id="_ddostypeamplification_attack">ddos:type="amplification-attack"</h4>
<div class="paragraph">
<p>Amplification attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_ddostypereflected_spoofed_attack">ddos:type="reflected-spoofed-attack"</h4>
<div class="paragraph">
<p>Reflected and Spoofed attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_ddostypeslow_read_attack">ddos:type="slow-read-attack"</h4>
<div class="paragraph">
<p>Slow Read attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_ddostypeflooding_attack">ddos:type="flooding-attack"</h4>
<div class="paragraph">
<p>Flooding attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_ddostypepost_attack">ddos:type="post-attack"</h4>
<div class="paragraph">
<p>Large POST HTTP attack</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_de_vs">de-vs</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
de-vs namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/de-vs/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>German (DE) Government classification markings (VS).</p>
</div>
<div class="sect2">
<h3 id="_einstufung">Einstufung</h3>
<div class="sect3">
<h4 id="_de_vseinstufungstreng_geheim">de-vs:Einstufung="STRENG GEHEIM"</h4>
<div class="paragraph">
<p>STRENG GEHEIM</p>
</div>
<div class="paragraph">
<p>Kenntnisnahme durch Unbefugte kann den Bestand oder lebenswichtige Interessen der Bundesrepublik Deutschland oder eines ihrer Länder gefährden.</p>
</div>
</div>
<div class="sect3">
<h4 id="_de_vseinstufunggeheim">de-vs:Einstufung="GEHEIM"</h4>
<div class="paragraph">
<p>GEHEIM</p>
</div>
<div class="paragraph">
<p>Kenntnisnahme durch Unbefugte kann die Sicherheit der Bundesrepublik Deutschland oder eines ihrer Länder gefährden oder ihren Interessen schweren Schaden zufügen.</p>
</div>
</div>
<div class="sect3">
<h4 id="_de_vseinstufungvs_vertraulich">de-vs:Einstufung="VS-VERTRAULICH"</h4>
<div class="paragraph">
<p>VS-VERTRAULICH</p>
</div>
<div class="paragraph">
<p>Kenntnisnahme durch Unbefugte kann für die Interessen der Bundesrepublik Deutschland oder eines ihrer Länder schädlich sein.</p>
</div>
</div>
<div class="sect3">
<h4 id="_de_vseinstufungvs_nfd">de-vs:Einstufung="VS-NfD"</h4>
<div class="paragraph">
<p>VS-NUR FÜR DEN DIENSTGEBRAUCH</p>
</div>
<div class="paragraph">
<p>Kenntnisnahme durch Unbefugte kann für die Interessen der Bundesrepublik Deutschland oder eines ihrer Länder nachteilig sein.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_schutzwort">Schutzwort</h3>
<div class="sect3">
<h4 id="_de_vsschutzwortdummy">de-vs:Schutzwort="Dummy"</h4>
<div class="paragraph">
<p>Dummy</p>
</div>
<div class="paragraph">
<p>Platzhalter.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_deception">deception</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
deception namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/deception/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Deception is an important component of information operations, valuable for both offense and defense.</p>
</div>
<div class="sect2">
<h3 id="_space">space</h3>
<div class="paragraph">
<p>Actions have associated locations, and deception can apply to those references.</p>
</div>
<div class="sect3">
<h4 id="_deceptionspacedirection">deception:space="direction"</h4>
<div class="paragraph">
<p>Direction</p>
</div>
<div class="paragraph">
<p>direction of the action. Direction cases can arise with some actions that are supposedly one-way like file transfers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionspacelocation_at">deception:space="location-at"</h4>
<div class="paragraph">
<p>Location at</p>
</div>
<div class="paragraph">
<p>Location where something occured</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionspacelocation_from">deception:space="location-from"</h4>
<div class="paragraph">
<p>Location from</p>
</div>
<div class="paragraph">
<p>Location where something started</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionspacelocation_to">deception:space="location-to"</h4>
<div class="paragraph">
<p>Location to</p>
</div>
<div class="paragraph">
<p>Location where something finished</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionspacelocation_through">deception:space="location-through"</h4>
<div class="paragraph">
<p>Location through</p>
</div>
<div class="paragraph">
<p>Location where some action passed through</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionspaceorientation">deception:space="orientation"</h4>
<div class="paragraph">
<p>Orientation</p>
</div>
<div class="paragraph">
<p>Orientation (in some space). Orientation cases can arise with some actions that are supposedly one-way like file transfers.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_time">time</h3>
<div class="paragraph">
<p>Many actions on computer are timestamped, and attackers and defenders can deceive in regard to those times. An attacker could change the times of events recorded in a log file or the directory information about files to conceal records of their activities.</p>
</div>
<div class="sect3">
<h4 id="_deceptiontimefrequency">deception:time="frequency"</h4>
<div class="paragraph">
<p>Frequency</p>
</div>
<div class="paragraph">
<p>Frequency of occurrence of a repeated action. Frequency is an excellent case for deception, as in denial-of-service attacks that greatly increase the frequency of requests or transactions to tie up computer resources.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptiontimetime_at">deception:time="time-at"</h4>
<div class="paragraph">
<p>Time at</p>
</div>
<div class="paragraph">
<p>Time at which something occurred</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptiontimetime_from">deception:time="time-from"</h4>
<div class="paragraph">
<p>Time from</p>
</div>
<div class="paragraph">
<p>Time at which something started</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptiontimetime_to">deception:time="time-to"</h4>
<div class="paragraph">
<p>Time to</p>
</div>
<div class="paragraph">
<p>Time at which something ended</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptiontimetime_through">deception:time="time-through"</h4>
<div class="paragraph">
<p>Time through</p>
</div>
<div class="paragraph">
<p>Time through which something occurred</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_participant">participant</h3>
<div class="paragraph">
<p>Actions have associated participants and the tools or objects by actions are accomplished.</p>
</div>
<div class="sect3">
<h4 id="_deceptionparticipantagent">deception:participant="agent"</h4>
<div class="paragraph">
<p>Agent</p>
</div>
<div class="paragraph">
<p>Who initiates the action.Identification of participants responsible for actions ("agents") is a key problem in cyberspace, and is an easy target for deception.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionparticipantbeneficiary">deception:participant="beneficiary"</h4>
<div class="paragraph">
<p>Beneficiary</p>
</div>
<div class="paragraph">
<p>Who benefits. Deceptions involving the beneficiary of an action occur with phishing and other email scams.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionparticipantexperiencer">deception:participant="experiencer"</h4>
<div class="paragraph">
<p>Experiencer</p>
</div>
<div class="paragraph">
<p>Who senses, experiences the action. Deception in the "experiencer" case occurs with secret monitoring of adversary activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionparticipantinstrument">deception:participant="instrument"</h4>
<div class="paragraph">
<p>Instrument</p>
</div>
<div class="paragraph">
<p>What helps accomplish the action. Deception is easy with the instrument case because details of how software accomplishes things are often hidden in cyberspace.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionparticipantobject">deception:participant="object"</h4>
<div class="paragraph">
<p>Object</p>
</div>
<div class="paragraph">
<p>What the action is done for. Deception in objects of the action is easy: Honeypots deceive as to the hardware and software objects of an attack, and "bait" data such as credit-card numbers can also be deceptive objects.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionparticipantrecipient">deception:participant="recipient"</h4>
<div class="paragraph">
<p>Recipient</p>
</div>
<div class="paragraph">
<p>Who receives the action. The recipient of an action in cyberspace is usually the object.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_causality">causality</h3>
<div class="paragraph">
<p>Deception in cause, purpose, and effect is important in many kinds of social-engineering attacks where false reasons like "I have a deadline" or "It didn&#8217;t work" are given for requests for actions or information that aid the adversary. Deception in a contradiction action is not possible in cyberspace because commands do not generally relate actions.</p>
</div>
<div class="sect3">
<h4 id="_deceptioncausalitycause">deception:causality="cause"</h4>
<div class="paragraph">
<p>Cause</p>
</div>
<div class="paragraph">
<p>Cause of the action</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptioncausalitycontradiction">deception:causality="contradiction"</h4>
<div class="paragraph">
<p>Contradiction</p>
</div>
<div class="paragraph">
<p>What this action opposes if anything</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptioncausalityeffect">deception:causality="effect"</h4>
<div class="paragraph">
<p>Effect</p>
</div>
<div class="paragraph">
<p>Effect of the action</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptioncausalitypurpose">deception:causality="purpose"</h4>
<div class="paragraph">
<p>Purpose</p>
</div>
<div class="paragraph">
<p>Purpose of the action</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_quality">quality</h3>
<div class="paragraph">
<p>The "quality" semantic cases cover the manner in which actions are performed.</p>
</div>
<div class="sect3">
<h4 id="_deceptionqualityaccompaniment">deception:quality="accompaniment"</h4>
<div class="paragraph">
<p>Accompaniment</p>
</div>
<div class="paragraph">
<p>An additionnal object associated with the action</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionqualitycontent">deception:quality="content"</h4>
<div class="paragraph">
<p>Content</p>
</div>
<div class="paragraph">
<p>What is contained by th eaction object</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionqualitymanner">deception:quality="manner"</h4>
<div class="paragraph">
<p>Manner</p>
</div>
<div class="paragraph">
<p>The way in which action is done. (Deception in manner does not generally apply because the manner in which a command is issued or executed should not affect the outcome.)</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionqualitymaterial">deception:quality="material"</h4>
<div class="paragraph">
<p>Material</p>
</div>
<div class="paragraph">
<p>The atomic units out of which the action is composed. Deception in material does not apply much because everything is represented as bits in cyberspace, though defenders can deceive this way by simulating commands rather than executing them.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionqualitymeasure">deception:quality="measure"</h4>
<div class="paragraph">
<p>Measure</p>
</div>
<div class="paragraph">
<p>The mesurement associated with the action. Deception in measure (the amount of data) is important in denial-of-service attacks and can also done defensively by swamping the attacker with data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionqualityorder">deception:quality="order"</h4>
<div class="paragraph">
<p>Order</p>
</div>
<div class="paragraph">
<p>With respect to other actions</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionqualityvalue">deception:quality="value"</h4>
<div class="paragraph">
<p>Value</p>
</div>
<div class="paragraph">
<p>The data transmitted by the action (the software sense of the term). Deception in value (or subroutine "argument") can occur defensively as in a ploy of misunderstanding attacker commands.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_essence">essence</h3>
<div class="paragraph">
<p>Deception can occur in the ontological features of an action, its type and the context to which is belongs.</p>
</div>
<div class="sect3">
<h4 id="_deceptionessencesupertype">deception:essence="supertype"</h4>
<div class="paragraph">
<p>Supertype</p>
</div>
<div class="paragraph">
<p>a generalization of the action type. Phishing email is an example of deception in supertype.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionessencewhole">deception:essence="whole"</h4>
<div class="paragraph">
<p>Whole</p>
</div>
<div class="paragraph">
<p>of which the action is a part</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_speech_act_theory">speech-act-theory</h3>
<div class="paragraph">
<p>Deception can involve semantic cases related to communication. Both internal and external preconditions provide useful deceptions by defenders since it is often hard to confirm deception in such conditions in cyberspace.</p>
</div>
<div class="sect3">
<h4 id="_deceptionspeech_act_theoryexternal_precondition">deception:speech-act-theory="external-precondition"</h4>
<div class="paragraph">
<p>External precondition</p>
</div>
<div class="paragraph">
<p>external precondition on the action. External preconditions are on the rest of the world such as the ability of a site to accept a particular user-supplied password.</p>
</div>
</div>
<div class="sect3">
<h4 id="_deceptionspeech_act_theoryinternal_precondition">deception:speech-act-theory="internal-precondition"</h4>
<div class="paragraph">
<p>Internal precondition</p>
</div>
<div class="paragraph">
<p>internal precondition, on the ability of the agent to perform the action. Internal preconditions are on the agent of the action, such as ability of a user to change their password.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dhs_ciip_sectors">dhs-ciip-sectors</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
dhs-ciip-sectors namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/dhs-ciip-sectors/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>DHS critical sectors as in <a href="https://www.dhs.gov/critical-infrastructure-sectors" class="bare">https://www.dhs.gov/critical-infrastructure-sectors</a></p>
</div>
<div class="sect2">
<h3 id="_dhs_critical_sectors">DHS-critical-sectors</h3>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorschemical">dhs-ciip-sectors:DHS-critical-sectors="chemical"</h4>
<div class="paragraph">
<p>Chemical</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorscommercial_facilities">dhs-ciip-sectors:DHS-critical-sectors="commercial-facilities"</h4>
<div class="paragraph">
<p>Commercial Facilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorscommunications">dhs-ciip-sectors:DHS-critical-sectors="communications"</h4>
<div class="paragraph">
<p>Communications</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorscritical_manufacturing">dhs-ciip-sectors:DHS-critical-sectors="critical-manufacturing"</h4>
<div class="paragraph">
<p>Critical Manufacturing</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsdams">dhs-ciip-sectors:DHS-critical-sectors="dams"</h4>
<div class="paragraph">
<p>Dams</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsdib">dhs-ciip-sectors:DHS-critical-sectors="dib"</h4>
<div class="paragraph">
<p>Defense Industrial Base</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsemergency_services">dhs-ciip-sectors:DHS-critical-sectors="emergency-services"</h4>
<div class="paragraph">
<p>Emergency services</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsenergy">dhs-ciip-sectors:DHS-critical-sectors="energy"</h4>
<div class="paragraph">
<p>energy</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsfinancial_services">dhs-ciip-sectors:DHS-critical-sectors="financial-services"</h4>
<div class="paragraph">
<p>Financial Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsfood_agriculture">dhs-ciip-sectors:DHS-critical-sectors="food-agriculture"</h4>
<div class="paragraph">
<p>Food and Agriculture</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsgovernment_facilities">dhs-ciip-sectors:DHS-critical-sectors="government-facilities"</h4>
<div class="paragraph">
<p>Government Facilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorshealthcare_public">dhs-ciip-sectors:DHS-critical-sectors="healthcare-public"</h4>
<div class="paragraph">
<p>Healthcare and Public Health</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsit">dhs-ciip-sectors:DHS-critical-sectors="it"</h4>
<div class="paragraph">
<p>Information Technology</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorsnuclear">dhs-ciip-sectors:DHS-critical-sectors="nuclear"</h4>
<div class="paragraph">
<p>Nuclear</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorstransport">dhs-ciip-sectors:DHS-critical-sectors="transport"</h4>
<div class="paragraph">
<p>Transportation Systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectorsdhs_critical_sectorswater">dhs-ciip-sectors:DHS-critical-sectors="water"</h4>
<div class="paragraph">
<p>Water and water systems</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sector">sector</h3>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_diamond_model">diamond-model</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
diamond-model namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/diamond-model/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Diamond Model for Intrusion Analysis establishes the basic atomic element of any intrusion activity, the event, composed of four core features: adversary, infrastructure, capability, and victim.</p>
</div>
<div class="sect2">
<h3 id="_adversary_2">Adversary</h3>
<div class="sect3">
<h4 id="_diamond_modeladversary">diamond-model:Adversary</h4>
<div class="paragraph">
<p>An adversary is the actor/organization responsible for utilizing a capability against the victim to achieve their intent.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_capability">Capability</h3>
<div class="sect3">
<h4 id="_diamond_modelcapability">diamond-model:Capability</h4>
<div class="paragraph">
<p>The capability describes the tools and/or techniques of the adversary used in the event. It includes all means to affect the victim from the most manual “unsophisticated” methods (e.g., manual password guessing) to the most sophisticated automated techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure">Infrastructure</h3>
<div class="sect3">
<h4 id="_diamond_modelinfrastructure">diamond-model:Infrastructure</h4>
<div class="paragraph">
<p>The infrastructure feature describes the physical and/or logical communication structures the adversary uses to deliver a capability, maintain control of capabilities (e.g., commandand-control/C2), and effect results from the victim (e.g., exfiltrate data). As with the other features, the infrastructure can be as specific or broad as necessary. Examples include: Internet Protocol (IP) addresses, domain names, e-mail addresses, Morse code flashes from a phones voice-mail light watched from across a street, USB devices found in a parking lot and inserted into a workstation, or the compromising emanations from hardware (e.g., Van Eck Phreaking) being collected by a nearby listening post.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_victim">Victim</h3>
<div class="sect3">
<h4 id="_diamond_modelvictim">diamond-model:Victim</h4>
<div class="paragraph">
<p>A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis..</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dni_ism">dni-ism</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
dni-ism namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/dni-ism/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A subset of Information Security Marking Metadata ISM as required by Executive Order (EO) 13526. As described by DNI.gov as Data Encoding Specifications for Information Security Marking Metadata in Controlled Vocabulary Enumeration Values for ISM</p>
</div>
<div class="sect2">
<h3 id="_classificationall">classification:all</h3>
<div class="sect3">
<h4 id="_dni_ismclassificationallr">dni-ism:classification:all="R"</h4>
<div class="paragraph">
<p>RESTRICTED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismclassificationallc">dni-ism:classification:all="C"</h4>
<div class="paragraph">
<p>CONFIDENTIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismclassificationalls">dni-ism:classification:all="S"</h4>
<div class="paragraph">
<p>SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismclassificationallts">dni-ism:classification:all="TS"</h4>
<div class="paragraph">
<p>TOP SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismclassificationallu">dni-ism:classification:all="U"</h4>
<div class="paragraph">
<p>UNCLASSIFIED</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_classificationus">classification:us</h3>
<div class="sect3">
<h4 id="_dni_ismclassificationusc">dni-ism:classification:us="C"</h4>
<div class="paragraph">
<p>CONFIDENTIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismclassificationuss">dni-ism:classification:us="S"</h4>
<div class="paragraph">
<p>SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismclassificationusts">dni-ism:classification:us="TS"</h4>
<div class="paragraph">
<p>TOP SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismclassificationusu">dni-ism:classification:us="U"</h4>
<div class="paragraph">
<p>UNCLASSIFIED</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_scicontrols">scicontrols</h3>
<div class="sect3">
<h4 id="_dni_ismscicontrolsel">dni-ism:scicontrols="EL"</h4>
<div class="paragraph">
<p>ENDSEAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolsel_eu">dni-ism:scicontrols="EL-EU"</h4>
<div class="paragraph">
<p>ECRU</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolsel_nk">dni-ism:scicontrols="EL-NK"</h4>
<div class="paragraph">
<p>NONBOOK</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolshcs">dni-ism:scicontrols="HCS"</h4>
<div class="paragraph">
<p>HCS</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolshcs_o">dni-ism:scicontrols="HCS-O"</h4>
<div class="paragraph">
<p>HCS-O</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolshcs_p">dni-ism:scicontrols="HCS-P"</h4>
<div class="paragraph">
<p>HCS-P</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolskdk">dni-ism:scicontrols="KDK"</h4>
<div class="paragraph">
<p>KLONDIKE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolskdk_blfh">dni-ism:scicontrols="KDK-BLFH"</h4>
<div class="paragraph">
<p>KDK BLUEFISH</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolskdk_idit">dni-ism:scicontrols="KDK-IDIT"</h4>
<div class="paragraph">
<p>KDK IDITAROD</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolskdk_kand">dni-ism:scicontrols="KDK-KAND"</h4>
<div class="paragraph">
<p>KDK KANDIK</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolsrsv">dni-ism:scicontrols="RSV"</h4>
<div class="paragraph">
<p>RESERVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolssi">dni-ism:scicontrols="SI"</h4>
<div class="paragraph">
<p>SPECIAL INTELLIGENCE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolssi_g">dni-ism:scicontrols="SI-G"</h4>
<div class="paragraph">
<p>SI-GAMMA</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismscicontrolstk">dni-ism:scicontrols="TK"</h4>
<div class="paragraph">
<p>TALENT KEYHOLE</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_complieswith">complies:with</h3>
<div class="sect3">
<h4 id="_dni_ismcomplieswithusgov">dni-ism:complies:with="USGov"</h4>
<div class="paragraph">
<p>Document claims compliance with all rules encoded in ISM for documents produced by the US Federal Government. This is the minimum set of rules for US documents to adhere to, and all US documents should claim compliance with USGov.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismcomplieswithusic">dni-ism:complies:with="USIC"</h4>
<div class="paragraph">
<p>Document claims compliance with all rules encoded in ISM for documents produced by the US Intelligence Community. Documents that claim compliance with USIC MUST also claim compliance with USGov.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismcomplieswithusdod">dni-ism:complies:with="USDOD"</h4>
<div class="paragraph">
<p>Document claims compliance with all rules encoded in ISM for documents produced by the US Department of Defense. Documents that claim compliance with USDOD MUST also claim compliance with USGov.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismcomplieswithotherauthority">dni-ism:complies:with="OtherAuthority"</h4>
<div class="paragraph">
<p>Document claims compliance with an authority other than the USGov, USIC, or USDOD.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_atomicenergymarkings">atomicenergymarkings</h3>
<div class="sect3">
<h4 id="_dni_ismatomicenergymarkingsrd">dni-ism:atomicenergymarkings="RD"</h4>
<div class="paragraph">
<p>RESTRICTED DATA</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismatomicenergymarkingsrd_cnwdi">dni-ism:atomicenergymarkings="RD-CNWDI"</h4>
<div class="paragraph">
<p>RD-CRITICAL NUCLEAR WEAPON DESIGN INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismatomicenergymarkingsfrd">dni-ism:atomicenergymarkings="FRD"</h4>
<div class="paragraph">
<p>FORMERLY RESTRICTED DATA</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismatomicenergymarkingsdcni">dni-ism:atomicenergymarkings="DCNI"</h4>
<div class="paragraph">
<p>DoD CONTROLLED NUCLEAR INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismatomicenergymarkingsucni">dni-ism:atomicenergymarkings="UCNI"</h4>
<div class="paragraph">
<p>DoE CONTROLLED NUCLEAR INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismatomicenergymarkingstfni">dni-ism:atomicenergymarkings="TFNI"</h4>
<div class="paragraph">
<p>TRANSCLASSIFIED FOREIGN NUCLEAR INFORMATION</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_notice">notice</h3>
<div class="sect3">
<h4 id="_dni_ismnoticefisa">dni-ism:notice="FISA"</h4>
<div class="paragraph">
<p>FISA Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticeimc">dni-ism:notice="IMC"</h4>
<div class="paragraph">
<p>IMCON Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticecnwdi">dni-ism:notice="CNWDI"</h4>
<div class="paragraph">
<p>Controled Nuclear Weapon Design Information Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticerd">dni-ism:notice="RD"</h4>
<div class="paragraph">
<p>RD Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticefrd">dni-ism:notice="FRD"</h4>
<div class="paragraph">
<p>FRD Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticeds">dni-ism:notice="DS"</h4>
<div class="paragraph">
<p>LIMDIS caveat</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticeles">dni-ism:notice="LES"</h4>
<div class="paragraph">
<p>LES Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticeles_nf">dni-ism:notice="LES-NF"</h4>
<div class="paragraph">
<p>LES-NF Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedsen">dni-ism:notice="DSEN"</h4>
<div class="paragraph">
<p>DSEN Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedod_dist_a">dni-ism:notice="DoD-Dist-A"</h4>
<div class="paragraph">
<p>DoD Distribution statement A from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedod_dist_b">dni-ism:notice="DoD-Dist-B"</h4>
<div class="paragraph">
<p>DoD Distribution statement B from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedod_dist_c">dni-ism:notice="DoD-Dist-C"</h4>
<div class="paragraph">
<p>DoD Distribution statement C from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedod_dist_d">dni-ism:notice="DoD-Dist-D"</h4>
<div class="paragraph">
<p>DoD Distribution statement D from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedod_dist_e">dni-ism:notice="DoD-Dist-E"</h4>
<div class="paragraph">
<p>DoD Distribution statement E from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedod_dist_f">dni-ism:notice="DoD-Dist-F"</h4>
<div class="paragraph">
<p>DoD Distribution statement F from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticedod_dist_x">dni-ism:notice="DoD-Dist-X"</h4>
<div class="paragraph">
<p>DoD Distribution statement X from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticeus_person">dni-ism:notice="US-Person"</h4>
<div class="paragraph">
<p>US Person info Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticepre13526orcon">dni-ism:notice="pre13526ORCON"</h4>
<div class="paragraph">
<p>Indicates that an instance document must abide by rules pertaining to ORIGINATOR CONTROLLED data issued prior to Executive Order 13526.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticepoc">dni-ism:notice="POC"</h4>
<div class="paragraph">
<p>Indicates that the contents of this notice specify the contact information for a required point-of-contact.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnoticecomsec">dni-ism:notice="COMSEC"</h4>
<div class="paragraph">
<p>COMSEC Notice</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nonic">nonic</h3>
<div class="sect3">
<h4 id="_dni_ismnonicnnpi">dni-ism:nonic="NNPI"</h4>
<div class="paragraph">
<p>NAVAL NUCLEAR PROPULSION INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicds">dni-ism:nonic="DS"</h4>
<div class="paragraph">
<p>LIMITED DISTRIBUTION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicxd">dni-ism:nonic="XD"</h4>
<div class="paragraph">
<p>EXCLUSIVE DISTRIBUTION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicnd">dni-ism:nonic="ND"</h4>
<div class="paragraph">
<p>NO DISTRIBUTION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicsbu">dni-ism:nonic="SBU"</h4>
<div class="paragraph">
<p>SENSITIVE BUT UNCLASSIFIED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicsbu_nf">dni-ism:nonic="SBU-NF"</h4>
<div class="paragraph">
<p>SENSITIVE BUT UNCLASSIFIED NOFORN</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicles">dni-ism:nonic="LES"</h4>
<div class="paragraph">
<p>LAW ENFORCEMENT SENSITIVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicles_nf">dni-ism:nonic="LES-NF"</h4>
<div class="paragraph">
<p>LAW ENFORCEMENT SENSITIVE NOFORN</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonicssi">dni-ism:nonic="SSI"</h4>
<div class="paragraph">
<p>SENSITIVE SECURITY INFORMATION</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nonuscontrols">nonuscontrols</h3>
<div class="sect3">
<h4 id="_dni_ismnonuscontrolsatomal">dni-ism:nonuscontrols="ATOMAL"</h4>
<div class="paragraph">
<p>NATO Atomal mark</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonuscontrolsbohemia">dni-ism:nonuscontrols="BOHEMIA"</h4>
<div class="paragraph">
<p>NATO Bohemia mark</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismnonuscontrolsbalk">dni-ism:nonuscontrols="BALK"</h4>
<div class="paragraph">
<p>NATO Balk mark</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dissem">dissem</h3>
<div class="sect3">
<h4 id="_dni_ismdissemrs">dni-ism:dissem="RS"</h4>
<div class="paragraph">
<p>RISK SENSITIVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemfouo">dni-ism:dissem="FOUO"</h4>
<div class="paragraph">
<p>FOR OFFICIAL USE ONLY</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemoc">dni-ism:dissem="OC"</h4>
<div class="paragraph">
<p>ORIGINATOR CONTROLLED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemoc_usgov">dni-ism:dissem="OC-USGOV"</h4>
<div class="paragraph">
<p>ORIGINATOR CONTROLLED US GOVERNMENT</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemimc">dni-ism:dissem="IMC"</h4>
<div class="paragraph">
<p>CONTROLLED IMAGERY</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemnf">dni-ism:dissem="NF"</h4>
<div class="paragraph">
<p>NOT RELEASABLE TO FOREIGN NATIONALS</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissempr">dni-ism:dissem="PR"</h4>
<div class="paragraph">
<p>CAUTION-PROPRIETARY INFORMATION INVOLVED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemrel">dni-ism:dissem="REL"</h4>
<div class="paragraph">
<p>AUTHORIZED FOR RELEASE TO</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemrelido">dni-ism:dissem="RELIDO"</h4>
<div class="paragraph">
<p>RELEASABLE BY INFORMATION DISCLOSURE OFFICIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemdsen">dni-ism:dissem="DSEN"</h4>
<div class="paragraph">
<p>DEA SENSITIVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemfisa">dni-ism:dissem="FISA"</h4>
<div class="paragraph">
<p>FOREIGN INTELLIGENCE SURVEILLANCE ACT</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ismdissemdisplayonly">dni-ism:dissem="DISPLAYONLY"</h4>
<div class="paragraph">
<p>AUTHORIZED FOR DISPLAY BUT NOT RELEASE TO</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_domain_abuse">domain-abuse</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
domain-abuse namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/domain-abuse/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Domain Name Abuse - taxonomy to tag domain names used for cybercrime.</p>
</div>
<div class="sect2">
<h3 id="_domain_status">domain-status</h3>
<div class="paragraph">
<p>Domain status - describes the registration status of the domain name</p>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_statusactive">domain-abuse:domain-status="active"</h4>
<div class="paragraph">
<p>Registered &amp; active</p>
</div>
<div class="paragraph">
<p>Domain name is registered and DNS is delegated</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_statusinactive">domain-abuse:domain-status="inactive"</h4>
<div class="paragraph">
<p>Registered &amp; inactive</p>
</div>
<div class="paragraph">
<p>Domain name is registered and DNS is not delegated</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_statussuspended">domain-abuse:domain-status="suspended"</h4>
<div class="paragraph">
<p>Registered &amp; suspended</p>
</div>
<div class="paragraph">
<p>Domain name is registered &amp; DNS delegation is temporarily removed by the registry</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_statusnot_registered">domain-abuse:domain-status="not-registered"</h4>
<div class="paragraph">
<p>Not registered</p>
</div>
<div class="paragraph">
<p>Domain name is not registered and open for registration</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_statusnot_registrable">domain-abuse:domain-status="not-registrable"</h4>
<div class="paragraph">
<p>Not registrable</p>
</div>
<div class="paragraph">
<p>Domain is not registered and cannot be registered</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_statusgrace_period">domain-abuse:domain-status="grace-period"</h4>
<div class="paragraph">
<p>Grace period</p>
</div>
<div class="paragraph">
<p>Domain is deleted and still reserved for previous owner</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_domain_access_method">domain-access-method</h3>
<div class="paragraph">
<p>Domain Access - describes how the adversary has gained access to the domain name</p>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_access_methodcriminal_registration">domain-abuse:domain-access-method="criminal-registration"</h4>
<div class="paragraph">
<p>Criminal registration</p>
</div>
<div class="paragraph">
<p>Domain name is registered for criminal purposes</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_access_methodcompromised_webserver">domain-abuse:domain-access-method="compromised-webserver"</h4>
<div class="paragraph">
<p>Compromised webserver</p>
</div>
<div class="paragraph">
<p>Webserver is compromised for criminal purposes</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_access_methodcompromised_dns">domain-abuse:domain-access-method="compromised-dns"</h4>
<div class="paragraph">
<p>Compromised DNS</p>
</div>
<div class="paragraph">
<p>Compromised authoritative DNS or compromised delegation</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_access_methodsinkhole">domain-abuse:domain-access-method="sinkhole"</h4>
<div class="paragraph">
<p>Sinkhole</p>
</div>
<div class="paragraph">
<p>Domain Name is sinkholed for research, detection, LE</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_access_methodcompromised_domain_name_registrar">domain-abuse:domain-access-method="compromised-domain-name-registrar"</h4>
<div class="paragraph">
<p>Compromised domain name registrar</p>
</div>
<div class="paragraph">
<p>Domain name is compromised due to an incident at the registrar</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abusedomain_access_methodcompromised_domain_name_registry">domain-abuse:domain-access-method="compromised-domain-name-registry"</h4>
<div class="paragraph">
<p>Compromised domain name registry</p>
</div>
<div class="paragraph">
<p>Domain name is compromised due to an incident at the registry</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_drugs">drugs</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
drugs namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/drugs/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A taxonomy based on the superclass and class of drugs. Based on <a href="https://www.drugbank.ca/releases/latest" class="bare">https://www.drugbank.ca/releases/latest</a></p>
</div>
<div class="sect2">
<h3 id="_alkaloids_and_derivatives">alkaloids-and-derivatives</h3>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesajmaline_sarpagine_alkaloids">drugs:alkaloids-and-derivatives="ajmaline-sarpagine-alkaloids"</h4>
<div class="paragraph">
<p>Ajmaline-sarpagine alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivatives_allocolchicine_alkaloids">drugs:alkaloids-and-derivatives=" allocolchicine-alkaloids"</h4>
<div class="literalblock">
<div class="content">
<pre>Allocolchicine alkaloids</pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivatives_amaryllidaceae_alkaloids">drugs:alkaloids-and-derivatives=" Amaryllidaceae alkaloids"</h4>
<div class="literalblock">
<div class="content">
<pre>Amaryllidaceae alkaloids</pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesaporphines">drugs:alkaloids-and-derivatives="aporphines"</h4>
<div class="paragraph">
<p>Aporphines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativescamptothecins">drugs:alkaloids-and-derivatives="camptothecins"</h4>
<div class="paragraph">
<p>Camptothecins</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativescephalotaxus_alkaloids">drugs:alkaloids-and-derivatives="cephalotaxus-alkaloids"</h4>
<div class="paragraph">
<p>Cephalotaxus alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativescinchona_alkaloids">drugs:alkaloids-and-derivatives="cinchona-alkaloids"</h4>
<div class="paragraph">
<p>Cinchona alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativeseburnan_type_alkaloids">drugs:alkaloids-and-derivatives="eburnan-type-alkaloids"</h4>
<div class="paragraph">
<p>Eburnan-type alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesepibatidine_analogues">drugs:alkaloids-and-derivatives="epibatidine-analogues"</h4>
<div class="paragraph">
<p>Epibatidine analogues</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesergoline_and_derivatives">drugs:alkaloids-and-derivatives="ergoline-and-derivatives"</h4>
<div class="paragraph">
<p>Ergoline and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesharmala_alkaloids">drugs:alkaloids-and-derivatives="harmala-alkaloids"</h4>
<div class="paragraph">
<p>Harmala alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesibogan_type_alkaloids">drugs:alkaloids-and-derivatives="ibogan-type-alkaloids"</h4>
<div class="paragraph">
<p>Ibogan-type alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativeslupin_alkaloids">drugs:alkaloids-and-derivatives="lupin-alkaloids"</h4>
<div class="paragraph">
<p>Lupin alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesmorphinans">drugs:alkaloids-and-derivatives="morphinans"</h4>
<div class="paragraph">
<p>Morphinans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesphthalide_isoquinolines">drugs:alkaloids-and-derivatives="phthalide-isoquinolines"</h4>
<div class="paragraph">
<p>Phthalide isoquinolines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesprotoberberine_alkaloids_and_derivatives">drugs:alkaloids-and-derivatives="protoberberine-alkaloids-and-derivatives"</h4>
<div class="paragraph">
<p>Protoberberine alkaloids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativestropane_alkaloids">drugs:alkaloids-and-derivatives="tropane-alkaloids"</h4>
<div class="paragraph">
<p>Tropane alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesvinca_alkaloids">drugs:alkaloids-and-derivatives="vinca-alkaloids"</h4>
<div class="paragraph">
<p>Vinca alkaloids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsalkaloids_and_derivativesyohimbine_alkaloids">drugs:alkaloids-and-derivatives="yohimbine-alkaloids"</h4>
<div class="paragraph">
<p>Yohimbine alkaloids</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_benzenoids">benzenoids</h3>
<div class="sect3">
<h4 id="_drugsbenzenoidsanthracenes">drugs:benzenoids="anthracenes"</h4>
<div class="paragraph">
<p>Anthracenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsbenzene_and_substituted_derivatives">drugs:benzenoids="benzene-and-substituted-derivatives"</h4>
<div class="paragraph">
<p>Benzene and substituted derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsdibenzocycloheptenes">drugs:benzenoids="dibenzocycloheptenes"</h4>
<div class="paragraph">
<p>Dibenzocycloheptenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsfluorenes">drugs:benzenoids="fluorenes"</h4>
<div class="paragraph">
<p>Fluorenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsindanes">drugs:benzenoids="indanes"</h4>
<div class="paragraph">
<p>Indanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsindenes_and_isoindenes">drugs:benzenoids="indenes-and-isoindenes"</h4>
<div class="paragraph">
<p>Indenes and isoindenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsnaphthacenes">drugs:benzenoids="naphthacenes"</h4>
<div class="paragraph">
<p>Naphthacenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsphenanthrenes_and_derivatives">drugs:benzenoids="phenanthrenes-and-derivatives"</h4>
<div class="paragraph">
<p>Phenanthrenes and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsphenol_esters">drugs:benzenoids="phenol-esters"</h4>
<div class="paragraph">
<p>Phenol esters</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsphenol_ethers">drugs:benzenoids="phenol-ethers"</h4>
<div class="paragraph">
<p>Phenol ethers</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidsphenols">drugs:benzenoids="phenols"</h4>
<div class="paragraph">
<p>Phenols</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidspyrenes">drugs:benzenoids="pyrenes"</h4>
<div class="paragraph">
<p>Pyrenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidstetralins">drugs:benzenoids="tetralins"</h4>
<div class="paragraph">
<p>Tetralins</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsbenzenoidstriphenyl_compounds">drugs:benzenoids="triphenyl-compounds"</h4>
<div class="paragraph">
<p>Triphenyl compounds</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_homogeneous_metal_compounds">homogeneous-metal-compounds</h3>
<div class="sect3">
<h4 id="_drugshomogeneous_metal_compoundshomogeneous_actinide_compounds">drugs:homogeneous-metal-compounds="homogeneous-actinide-compounds"</h4>
<div class="paragraph">
<p>Homogeneous actinide compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_metal_compoundshomogeneous_alkali_metal_compounds">drugs:homogeneous-metal-compounds="homogeneous-alkali-metal-compounds"</h4>
<div class="paragraph">
<p>Homogeneous alkali metal compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_metal_compoundshomogeneous_alkaline_earth_metal_compounds">drugs:homogeneous-metal-compounds="homogeneous-alkaline-earth-metal-compounds"</h4>
<div class="paragraph">
<p>Homogeneous alkaline earth metal compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_metal_compoundshomogeneous_lanthanide_compounds">drugs:homogeneous-metal-compounds="homogeneous-lanthanide-compounds"</h4>
<div class="paragraph">
<p>Homogeneous lanthanide compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_metal_compoundshomogeneous_metalloid_compounds">drugs:homogeneous-metal-compounds="homogeneous-metalloid-compounds"</h4>
<div class="paragraph">
<p>Homogeneous metalloid compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_metal_compoundshomogeneous_post_transition_metal_compounds">drugs:homogeneous-metal-compounds="homogeneous-post-transition-metal-compounds"</h4>
<div class="paragraph">
<p>Homogeneous post-transition metal compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_metal_compoundshomogeneous_transition_metal_compounds">drugs:homogeneous-metal-compounds="homogeneous-transition-metal-compounds"</h4>
<div class="paragraph">
<p>Homogeneous transition metal compounds</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_homogeneous_non_metal_compounds">homogeneous-non-metal-compounds</h3>
<div class="sect3">
<h4 id="_drugshomogeneous_non_metal_compoundshalogen_organides">drugs:homogeneous-non-metal-compounds="halogen-organides"</h4>
<div class="paragraph">
<p>Halogen organides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_non_metal_compoundshomogeneous_halogens">drugs:homogeneous-non-metal-compounds="homogeneous-halogens"</h4>
<div class="paragraph">
<p>Homogeneous halogens</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_non_metal_compoundshomogeneous_noble_gases">drugs:homogeneous-non-metal-compounds="homogeneous-noble-gases"</h4>
<div class="paragraph">
<p>Homogeneous noble gases</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_non_metal_compoundshomogeneous_other_non_metal_compounds">drugs:homogeneous-non-metal-compounds="homogeneous-other-non-metal-compounds"</h4>
<div class="paragraph">
<p>Homogeneous other non-metal compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_non_metal_compoundsnon_metal_oxoanionic_compounds">drugs:homogeneous-non-metal-compounds="non-metal-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Non-metal oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_non_metal_compoundsother_non_metal_halides">drugs:homogeneous-non-metal-compounds="other-non-metal-halides"</h4>
<div class="paragraph">
<p>Other non-metal halides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugshomogeneous_non_metal_compoundsother_non_metal_organides">drugs:homogeneous-non-metal-compounds="other-non-metal-organides"</h4>
<div class="paragraph">
<p>Other non-metal organides</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_hydrocarbons">hydrocarbons</h3>
<div class="sect3">
<h4 id="_drugshydrocarbonspolycyclic_hydrocarbons">drugs:hydrocarbons="polycyclic-hydrocarbons"</h4>
<div class="paragraph">
<p>Polycyclic hydrocarbons</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_hydrocarbon_derivatives">hydrocarbon-derivatives</h3>
<div class="sect3">
<h4 id="_drugshydrocarbon_derivativestropones">drugs:hydrocarbon-derivatives="tropones"</h4>
<div class="paragraph">
<p>Tropones</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_lignans_neolignans_and_related_compounds">lignans,-neolignans-and-related-compounds</h3>
<div class="sect3">
<h4 id="_drugslignans_neolignans_and_related_compoundsaryltetralin_lignans">drugs:lignans,-neolignans-and-related-compounds="aryltetralin-lignans"</h4>
<div class="paragraph">
<p>Aryltetralin lignans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslignans_neolignans_and_related_compoundsdibenzylbutane_lignans">drugs:lignans,-neolignans-and-related-compounds="dibenzylbutane-lignans"</h4>
<div class="paragraph">
<p>Dibenzylbutane lignans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslignans_neolignans_and_related_compoundsflavonolignans">drugs:lignans,-neolignans-and-related-compounds="flavonolignans"</h4>
<div class="paragraph">
<p>Flavonolignans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslignans_neolignans_and_related_compoundsfuranoid_lignans">drugs:lignans,-neolignans-and-related-compounds="furanoid-lignans"</h4>
<div class="paragraph">
<p>Furanoid lignans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslignans_neolignans_and_related_compoundslignan_lactones">drugs:lignans,-neolignans-and-related-compounds="lignan-lactones"</h4>
<div class="paragraph">
<p>Lignan lactones</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_lipids_and_lipid_like_molecules">lipids-and-lipid-like-molecules</h3>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculesfatty_acyls">drugs:lipids-and-lipid-like-molecules="fatty-acyls"</h4>
<div class="paragraph">
<p>Fatty Acyls</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculesglycero_3_dithiophosphocholines">drugs:lipids-and-lipid-like-molecules="glycero-3-dithiophosphocholines"</h4>
<div class="paragraph">
<p>Glycero-3-dithiophosphocholines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculesglycerolipids">drugs:lipids-and-lipid-like-molecules="glycerolipids"</h4>
<div class="paragraph">
<p>Glycerolipids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculesglycerophospholipids">drugs:lipids-and-lipid-like-molecules="glycerophospholipids"</h4>
<div class="paragraph">
<p>Glycerophospholipids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculesprenol_lipids">drugs:lipids-and-lipid-like-molecules="prenol-lipids"</h4>
<div class="paragraph">
<p>Prenol lipids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculessaccharolipids">drugs:lipids-and-lipid-like-molecules="saccharolipids"</h4>
<div class="paragraph">
<p>Saccharolipids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculess_alkyl_coas">drugs:lipids-and-lipid-like-molecules="s-alkyl-coas"</h4>
<div class="paragraph">
<p>S-alkyl-CoAs</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculessphingolipids">drugs:lipids-and-lipid-like-molecules="sphingolipids"</h4>
<div class="paragraph">
<p>Sphingolipids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugslipids_and_lipid_like_moleculessteroids_and_steroid_derivatives">drugs:lipids-and-lipid-like-molecules="steroids-and-steroid-derivatives"</h4>
<div class="paragraph">
<p>Steroids and steroid derivatives</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_mixed_metalnon_metal_compounds">mixed-metal/non-metal-compounds</h3>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsalkali_metal_organides">drugs:mixed-metal/non-metal-compounds="alkali-metal-organides"</h4>
<div class="paragraph">
<p>Alkali metal organides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsalkali_metal_oxoanionic_compounds">drugs:mixed-metal/non-metal-compounds="alkali-metal-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Alkali metal oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsalkali_metal_salts">drugs:mixed-metal/non-metal-compounds="alkali-metal-salts"</h4>
<div class="paragraph">
<p>Alkali metal salts</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsalkaline_earth_metal_organides">drugs:mixed-metal/non-metal-compounds="alkaline-earth-metal-organides"</h4>
<div class="paragraph">
<p>Alkaline earth metal organides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsalkaline_earth_metal_oxoanionic_compounds">drugs:mixed-metal/non-metal-compounds="alkaline-earth-metal-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Alkaline earth metal oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsalkaline_earth_metal_salts">drugs:mixed-metal/non-metal-compounds="alkaline-earth-metal-salts"</h4>
<div class="paragraph">
<p>Alkaline earth metal salts</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsmetalloid_organides">drugs:mixed-metal/non-metal-compounds="metalloid-organides"</h4>
<div class="paragraph">
<p>Metalloid organides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsmetalloid_oxoanionic_compounds">drugs:mixed-metal/non-metal-compounds="metalloid-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Metalloid oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsmiscellaneous_mixed_metalnon_metals">drugs:mixed-metal/non-metal-compounds="miscellaneous-mixed-metal/non-metals"</h4>
<div class="paragraph">
<p>Miscellaneous mixed metal/non-metals</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundsother_mixed_metalnon_metal_oxoanionic_compounds">drugs:mixed-metal/non-metal-compounds="other-mixed-metal/non-metal-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Other mixed metal/non-metal oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundspost_transition_metal_organides">drugs:mixed-metal/non-metal-compounds="post-transition-metal-organides"</h4>
<div class="paragraph">
<p>Post-transition metal organides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundspost_transition_metal_oxoanionic_compounds">drugs:mixed-metal/non-metal-compounds="post-transition-metal-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Post-transition metal oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundspost_transition_metal_salts">drugs:mixed-metal/non-metal-compounds="post-transition-metal-salts"</h4>
<div class="paragraph">
<p>Post-transition metal salts</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundstransition_metal_organides">drugs:mixed-metal/non-metal-compounds="transition-metal-organides"</h4>
<div class="paragraph">
<p>Transition metal organides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundstransition_metal_oxoanionic_compounds">drugs:mixed-metal/non-metal-compounds="transition-metal-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Transition metal oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsmixed_metalnon_metal_compoundstransition_metal_salts">drugs:mixed-metal/non-metal-compounds="transition-metal-salts"</h4>
<div class="paragraph">
<p>Transition metal salts</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nucleosides_nucleotides_and_analogues">nucleosides,-nucleotides,-and-analogues</h3>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analogues23_dideoxy_3_thionucleoside_monophosphates">drugs:nucleosides,-nucleotides,-and-analogues="2',3'-dideoxy-3'-thionucleoside-monophosphates"</h4>
<div class="paragraph">
<p>2',3'-dideoxy-3'-thionucleoside monophosphates</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analogues25_dideoxyribonucleosides">drugs:nucleosides,-nucleotides,-and-analogues="2',5'-dideoxyribonucleosides"</h4>
<div class="paragraph">
<p>2',5'-dideoxyribonucleosides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analogues3_5_dinucleotides_and_analogues">drugs:nucleosides,-nucleotides,-and-analogues="(3'-&gt;5')-dinucleotides-and-analogues"</h4>
<div class="paragraph">
<p>(3'-&gt;5')-dinucleotides and analogues</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analogues5_deoxyribonucleosides">drugs:nucleosides,-nucleotides,-and-analogues="5'-deoxyribonucleosides"</h4>
<div class="paragraph">
<p>5'-deoxyribonucleosides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analogues5_5_dinucleotides">drugs:nucleosides,-nucleotides,-and-analogues="(5'-&gt;5')-dinucleotides"</h4>
<div class="paragraph">
<p>(5'-&gt;5')-dinucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesbenzimidazole_ribonucleosides_and_ribonucleotides">drugs:nucleosides,-nucleotides,-and-analogues="benzimidazole-ribonucleosides-and-ribonucleotides"</h4>
<div class="paragraph">
<p>Benzimidazole ribonucleosides and ribonucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesflavin_nucleotides">drugs:nucleosides,-nucleotides,-and-analogues="flavin-nucleotides"</h4>
<div class="paragraph">
<p>Flavin nucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesglycinamide_ribonucleotides">drugs:nucleosides,-nucleotides,-and-analogues="glycinamide-ribonucleotides"</h4>
<div class="paragraph">
<p>Glycinamide ribonucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesimidazole45_cpyridine_ribonucleosides_and_ribonucleotides">drugs:nucleosides,-nucleotides,-and-analogues="imidazole[4,5-c]pyridine-ribonucleosides-and-ribonucleotides"</h4>
<div class="paragraph">
<p>Imidazole[4,5-c]pyridine ribonucleosides and ribonucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesimidazole_ribonucleosides_and_ribonucleotides">drugs:nucleosides,-nucleotides,-and-analogues="imidazole-ribonucleosides-and-ribonucleotides"</h4>
<div class="paragraph">
<p>Imidazole ribonucleosides and ribonucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesmolybdopterin_dinucleotides">drugs:nucleosides,-nucleotides,-and-analogues="molybdopterin-dinucleotides"</h4>
<div class="paragraph">
<p>Molybdopterin dinucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesnucleoside_and_nucleotide_analogues">drugs:nucleosides,-nucleotides,-and-analogues="nucleoside-and-nucleotide-analogues"</h4>
<div class="paragraph">
<p>Nucleoside and nucleotide analogues</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguespurine_nucleosides">drugs:nucleosides,-nucleotides,-and-analogues="purine-nucleosides"</h4>
<div class="paragraph">
<p>Purine nucleosides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguespyrazolo34_dpyrimidine_glycosides">drugs:nucleosides,-nucleotides,-and-analogues="pyrazolo[3,4-d]pyrimidine-glycosides"</h4>
<div class="paragraph">
<p>Pyrazolo[3,4-d]pyrimidine glycosides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguespyridine_nucleotides">drugs:nucleosides,-nucleotides,-and-analogues="pyridine-nucleotides"</h4>
<div class="paragraph">
<p>Pyridine nucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguespyrimidine_nucleosides">drugs:nucleosides,-nucleotides,-and-analogues="pyrimidine-nucleosides"</h4>
<div class="paragraph">
<p>Pyrimidine nucleosides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguespyrimidine_nucleotides">drugs:nucleosides,-nucleotides,-and-analogues="pyrimidine-nucleotides"</h4>
<div class="paragraph">
<p>Pyrimidine nucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguespyrrolopyrimidine_nucleosides_and_nucleotides">drugs:nucleosides,-nucleotides,-and-analogues="pyrrolopyrimidine-nucleosides-and-nucleotides"</h4>
<div class="paragraph">
<p>Pyrrolopyrimidine nucleosides and nucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguesribonucleoside_3_phosphates">drugs:nucleosides,-nucleotides,-and-analogues="ribonucleoside-3'-phosphates"</h4>
<div class="paragraph">
<p>Ribonucleoside 3'-phosphates</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsnucleosides_nucleotides_and_analoguestriazole_ribonucleosides_and_ribonucleotides">drugs:nucleosides,-nucleotides,-and-analogues="triazole-ribonucleosides-and-ribonucleotides"</h4>
<div class="paragraph">
<p>Triazole ribonucleosides and ribonucleotides</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organic_13_dipolar_compounds">organic-1,3-dipolar-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganic_13_dipolar_compoundsallyl_type_13_dipolar_organic_compounds">drugs:organic-1,3-dipolar-compounds="allyl-type-1,3-dipolar-organic-compounds"</h4>
<div class="paragraph">
<p>Allyl-type 1,3-dipolar organic compounds</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organic_acids_and_derivatives">organic-acids-and-derivatives</h3>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesboronic_acid_derivatives">drugs:organic-acids-and-derivatives="boronic-acid-derivatives"</h4>
<div class="paragraph">
<p>Boronic acid derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativescarboximidic_acids_and_derivatives">drugs:organic-acids-and-derivatives="carboximidic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Carboximidic acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativescarboxylic_acids_and_derivatives">drugs:organic-acids-and-derivatives="carboxylic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Carboxylic acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativeshydroxy_acids_and_derivatives">drugs:organic-acids-and-derivatives="hydroxy-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Hydroxy acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesketo_acids_and_derivatives">drugs:organic-acids-and-derivatives="keto-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Keto acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesorganic_carbonic_acids_and_derivatives">drugs:organic-acids-and-derivatives="organic-carbonic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Organic carbonic acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesorganic_phosphonic_acids_and_derivatives">drugs:organic-acids-and-derivatives="organic-phosphonic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Organic phosphonic acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesorganic_phosphoric_acids_and_derivatives">drugs:organic-acids-and-derivatives="organic-phosphoric-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Organic phosphoric acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesorganic_sulfonic_acids_and_derivatives">drugs:organic-acids-and-derivatives="organic-sulfonic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Organic sulfonic acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesorganic_sulfuric_acids_and_derivatives">drugs:organic-acids-and-derivatives="organic-sulfuric-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Organic sulfuric acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesorganic_thiophosphoric_acids_and_derivatives">drugs:organic-acids-and-derivatives="organic-thiophosphoric-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Organic thiophosphoric acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesorthocarboxylic_acid_derivatives">drugs:organic-acids-and-derivatives="orthocarboxylic-acid-derivatives"</h4>
<div class="paragraph">
<p>Orthocarboxylic acid derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativespeptidomimetics">drugs:organic-acids-and-derivatives="peptidomimetics"</h4>
<div class="paragraph">
<p>Peptidomimetics</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_acids_and_derivativesthiosulfinic_acid_esters">drugs:organic-acids-and-derivatives="thiosulfinic-acid-esters"</h4>
<div class="paragraph">
<p>Thiosulfinic acid esters</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organic_acids">organic-acids</h3>
<div class="sect3">
<h4 id="_drugsorganic_acidscarboxylic_acids_and_derivatives">drugs:organic-acids="carboxylic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Carboxylic Acids and Derivatives</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organic_nitrogen_compounds">organic-nitrogen-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganic_nitrogen_compoundsorganonitrogen_compounds">drugs:organic-nitrogen-compounds="organonitrogen-compounds"</h4>
<div class="paragraph">
<p>Organonitrogen compounds</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organic_oxygen_compounds">organic-oxygen-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganic_oxygen_compoundsorganic_oxides">drugs:organic-oxygen-compounds="organic-oxides"</h4>
<div class="paragraph">
<p>Organic oxides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_oxygen_compoundsorganic_oxoanionic_compounds">drugs:organic-oxygen-compounds="organic-oxoanionic-compounds"</h4>
<div class="paragraph">
<p>Organic oxoanionic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_oxygen_compoundsorganooxygen_compounds">drugs:organic-oxygen-compounds="organooxygen-compounds"</h4>
<div class="paragraph">
<p>Organooxygen compounds</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organic_polymers">organic-polymers</h3>
<div class="sect3">
<h4 id="_drugsorganic_polymersphosphorothioate_polynucleotides">drugs:organic-polymers="phosphorothioate-polynucleotides"</h4>
<div class="paragraph">
<p>Phosphorothioate polynucleotides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_polymerspolypeptides">drugs:organic-polymers="polypeptides"</h4>
<div class="paragraph">
<p>Polypeptides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganic_polymerspolysaccharides">drugs:organic-polymers="polysaccharides"</h4>
<div class="paragraph">
<p>Polysaccharides</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organic_salts">organic-salts</h3>
<div class="sect3">
<h4 id="_drugsorganic_saltsorganic_metal_salts">drugs:organic-salts="organic-metal-salts"</h4>
<div class="paragraph">
<p>Organic metal salts</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organohalogen_compounds">organohalogen-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundsacyl_halides">drugs:organohalogen-compounds="acyl-halides"</h4>
<div class="paragraph">
<p>Acyl halides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundsalkyl_halides">drugs:organohalogen-compounds="alkyl-halides"</h4>
<div class="paragraph">
<p>Alkyl halides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundsaryl_halides">drugs:organohalogen-compounds="aryl-halides"</h4>
<div class="paragraph">
<p>Aryl halides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundshalohydrins">drugs:organohalogen-compounds="halohydrins"</h4>
<div class="paragraph">
<p>Halohydrins</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundsorganochlorides">drugs:organohalogen-compounds="organochlorides"</h4>
<div class="paragraph">
<p>Organochlorides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundsorganofluorides">drugs:organohalogen-compounds="organofluorides"</h4>
<div class="paragraph">
<p>Organofluorides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundssulfonyl_halides">drugs:organohalogen-compounds="sulfonyl-halides"</h4>
<div class="paragraph">
<p>Sulfonyl halides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganohalogen_compoundsvinyl_halides">drugs:organohalogen-compounds="vinyl-halides"</h4>
<div class="paragraph">
<p>Vinyl halides</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organoheterocyclic_compounds">organoheterocyclic-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsazaspirodecane_derivatives">drugs:organoheterocyclic-compounds="azaspirodecane-derivatives"</h4>
<div class="paragraph">
<p>Azaspirodecane derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsazepanes">drugs:organoheterocyclic-compounds="azepanes"</h4>
<div class="paragraph">
<p>Azepanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsazobenzenes">drugs:organoheterocyclic-compounds="azobenzenes"</h4>
<div class="paragraph">
<p>Azobenzenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsazoles">drugs:organoheterocyclic-compounds="azoles"</h4>
<div class="paragraph">
<p>Azoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsazolidines">drugs:organoheterocyclic-compounds="azolidines"</h4>
<div class="paragraph">
<p>Azolidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsazolines">drugs:organoheterocyclic-compounds="azolines"</h4>
<div class="paragraph">
<p>Azolines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzazepines">drugs:organoheterocyclic-compounds="benzazepines"</h4>
<div class="paragraph">
<p>Benzazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzimidazoles">drugs:organoheterocyclic-compounds="benzimidazoles"</h4>
<div class="paragraph">
<p>Benzimidazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzisoxazoles">drugs:organoheterocyclic-compounds="benzisoxazoles"</h4>
<div class="paragraph">
<p>Benzisoxazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzocycloheptapyridines">drugs:organoheterocyclic-compounds="benzocycloheptapyridines"</h4>
<div class="paragraph">
<p>Benzocycloheptapyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzodiazepines">drugs:organoheterocyclic-compounds="benzodiazepines"</h4>
<div class="paragraph">
<p>Benzodiazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzodioxanes">drugs:organoheterocyclic-compounds="benzodioxanes"</h4>
<div class="paragraph">
<p>Benzodioxanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzodioxoles">drugs:organoheterocyclic-compounds="benzodioxoles"</h4>
<div class="paragraph">
<p>Benzodioxoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzofurans">drugs:organoheterocyclic-compounds="benzofurans"</h4>
<div class="paragraph">
<p>Benzofurans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzopyrans">drugs:organoheterocyclic-compounds="benzopyrans"</h4>
<div class="paragraph">
<p>Benzopyrans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzopyrazoles">drugs:organoheterocyclic-compounds="benzopyrazoles"</h4>
<div class="paragraph">
<p>Benzopyrazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzothiadiazoles">drugs:organoheterocyclic-compounds="benzothiadiazoles"</h4>
<div class="paragraph">
<p>Benzothiadiazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzothiazepines">drugs:organoheterocyclic-compounds="benzothiazepines"</h4>
<div class="paragraph">
<p>Benzothiazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzothiazines">drugs:organoheterocyclic-compounds="benzothiazines"</h4>
<div class="paragraph">
<p>Benzothiazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzothiazoles">drugs:organoheterocyclic-compounds="benzothiazoles"</h4>
<div class="paragraph">
<p>Benzothiazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzothiepins">drugs:organoheterocyclic-compounds="benzothiepins"</h4>
<div class="paragraph">
<p>Benzothiepins</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzothiophenes">drugs:organoheterocyclic-compounds="benzothiophenes"</h4>
<div class="paragraph">
<p>Benzothiophenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzothiopyrans">drugs:organoheterocyclic-compounds="benzothiopyrans"</h4>
<div class="paragraph">
<p>Benzothiopyrans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzotriazoles">drugs:organoheterocyclic-compounds="benzotriazoles"</h4>
<div class="paragraph">
<p>Benzotriazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzoxadiazoles">drugs:organoheterocyclic-compounds="benzoxadiazoles"</h4>
<div class="paragraph">
<p>Benzoxadiazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzoxazepines">drugs:organoheterocyclic-compounds="benzoxazepines"</h4>
<div class="paragraph">
<p>Benzoxazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzoxazines">drugs:organoheterocyclic-compounds="benzoxazines"</h4>
<div class="paragraph">
<p>Benzoxazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzoxazoles">drugs:organoheterocyclic-compounds="benzoxazoles"</h4>
<div class="paragraph">
<p>Benzoxazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbenzoxepines">drugs:organoheterocyclic-compounds="benzoxepines"</h4>
<div class="paragraph">
<p>Benzoxepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbiand_oligothiophenes">drugs:organoheterocyclic-compounds="bi&#8212;&#8203;and-oligothiophenes"</h4>
<div class="paragraph">
<p>Bi- and oligothiophenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsbiotin_and_derivatives">drugs:organoheterocyclic-compounds="biotin-and-derivatives"</h4>
<div class="paragraph">
<p>Biotin and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundscoumarans">drugs:organoheterocyclic-compounds="coumarans"</h4>
<div class="paragraph">
<p>Coumarans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundscycloheptapyrans">drugs:organoheterocyclic-compounds="cycloheptapyrans"</h4>
<div class="paragraph">
<p>Cycloheptapyrans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundscycloheptathiophenes">drugs:organoheterocyclic-compounds="cycloheptathiophenes"</h4>
<div class="paragraph">
<p>Cycloheptathiophenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdiazanaphthalenes">drugs:organoheterocyclic-compounds="diazanaphthalenes"</h4>
<div class="paragraph">
<p>Diazanaphthalenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdiazepanes">drugs:organoheterocyclic-compounds="diazepanes"</h4>
<div class="paragraph">
<p>Diazepanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdiazinanes">drugs:organoheterocyclic-compounds="diazinanes"</h4>
<div class="paragraph">
<p>Diazinanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdiazines">drugs:organoheterocyclic-compounds="diazines"</h4>
<div class="paragraph">
<p>Diazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdihydrofurans">drugs:organoheterocyclic-compounds="dihydrofurans"</h4>
<div class="paragraph">
<p>Dihydrofurans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdihydroisoquinolines">drugs:organoheterocyclic-compounds="dihydroisoquinolines"</h4>
<div class="paragraph">
<p>Dihydroisoquinolines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdihydrothiophenes">drugs:organoheterocyclic-compounds="dihydrothiophenes"</h4>
<div class="paragraph">
<p>Dihydrothiophenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdioxaborolanes">drugs:organoheterocyclic-compounds="dioxaborolanes"</h4>
<div class="paragraph">
<p>Dioxaborolanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdioxanes">drugs:organoheterocyclic-compounds="dioxanes"</h4>
<div class="paragraph">
<p>Dioxanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdioxolopyrans">drugs:organoheterocyclic-compounds="dioxolopyrans"</h4>
<div class="paragraph">
<p>Dioxolopyrans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdithianes">drugs:organoheterocyclic-compounds="dithianes"</h4>
<div class="paragraph">
<p>Dithianes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsdithiolanes">drugs:organoheterocyclic-compounds="dithiolanes"</h4>
<div class="paragraph">
<p>Dithiolanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsepoxides">drugs:organoheterocyclic-compounds="epoxides"</h4>
<div class="paragraph">
<p>Epoxides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsfurans">drugs:organoheterocyclic-compounds="furans"</h4>
<div class="paragraph">
<p>Furans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsfurofurans">drugs:organoheterocyclic-compounds="furofurans"</h4>
<div class="paragraph">
<p>Furofurans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsfuropyrans">drugs:organoheterocyclic-compounds="furopyrans"</h4>
<div class="paragraph">
<p>Furopyrans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsfuropyridines">drugs:organoheterocyclic-compounds="furopyridines"</h4>
<div class="paragraph">
<p>Furopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsfuropyrroles">drugs:organoheterocyclic-compounds="furopyrroles"</h4>
<div class="paragraph">
<p>Furopyrroles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsheteroaromatic_compounds">drugs:organoheterocyclic-compounds="heteroaromatic-compounds"</h4>
<div class="paragraph">
<p>Heteroaromatic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsimidazo15_apyrazines">drugs:organoheterocyclic-compounds="imidazo[1,5-a]pyrazines"</h4>
<div class="paragraph">
<p>Imidazo[1,5-a]pyrazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsimidazodiazepines">drugs:organoheterocyclic-compounds="imidazodiazepines"</h4>
<div class="paragraph">
<p>Imidazodiazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsimidazopyrazines">drugs:organoheterocyclic-compounds="imidazopyrazines"</h4>
<div class="paragraph">
<p>Imidazopyrazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsimidazopyridines">drugs:organoheterocyclic-compounds="imidazopyridines"</h4>
<div class="paragraph">
<p>Imidazopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsimidazopyrimidines">drugs:organoheterocyclic-compounds="imidazopyrimidines"</h4>
<div class="paragraph">
<p>Imidazopyrimidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsimidazotetrazines">drugs:organoheterocyclic-compounds="imidazotetrazines"</h4>
<div class="paragraph">
<p>Imidazotetrazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsimidazothiazoles">drugs:organoheterocyclic-compounds="imidazothiazoles"</h4>
<div class="paragraph">
<p>Imidazothiazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsindoles_and_derivatives">drugs:organoheterocyclic-compounds="indoles-and-derivatives"</h4>
<div class="paragraph">
<p>Indoles and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsindolizidines">drugs:organoheterocyclic-compounds="indolizidines"</h4>
<div class="paragraph">
<p>Indolizidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsisocoumarans">drugs:organoheterocyclic-compounds="isocoumarans"</h4>
<div class="paragraph">
<p>Isocoumarans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsisoindoles_and_derivatives">drugs:organoheterocyclic-compounds="isoindoles-and-derivatives"</h4>
<div class="paragraph">
<p>Isoindoles and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsisoquinolines_and_derivatives">drugs:organoheterocyclic-compounds="isoquinolines-and-derivatives"</h4>
<div class="paragraph">
<p>Isoquinolines and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsisoxazolopyridines">drugs:organoheterocyclic-compounds="isoxazolopyridines"</h4>
<div class="paragraph">
<p>Isoxazolopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundslactams">drugs:organoheterocyclic-compounds="lactams"</h4>
<div class="paragraph">
<p>Lactams</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundslactones">drugs:organoheterocyclic-compounds="lactones"</h4>
<div class="paragraph">
<p>Lactones</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsmetalloheterocyclic_compounds">drugs:organoheterocyclic-compounds="metalloheterocyclic-compounds"</h4>
<div class="paragraph">
<p>Metalloheterocyclic compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsnaphthofurans">drugs:organoheterocyclic-compounds="naphthofurans"</h4>
<div class="paragraph">
<p>Naphthofurans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsnaphthopyrans">drugs:organoheterocyclic-compounds="naphthopyrans"</h4>
<div class="paragraph">
<p>Naphthopyrans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsoxanes">drugs:organoheterocyclic-compounds="oxanes"</h4>
<div class="paragraph">
<p>Oxanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsoxazaphosphinanes">drugs:organoheterocyclic-compounds="oxazaphosphinanes"</h4>
<div class="paragraph">
<p>Oxazaphosphinanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsoxazinanes">drugs:organoheterocyclic-compounds="oxazinanes"</h4>
<div class="paragraph">
<p>Oxazinanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsoxepanes">drugs:organoheterocyclic-compounds="oxepanes"</h4>
<div class="paragraph">
<p>Oxepanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsphenanthrolines">drugs:organoheterocyclic-compounds="phenanthrolines"</h4>
<div class="paragraph">
<p>Phenanthrolines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspiperazinoazepines">drugs:organoheterocyclic-compounds="piperazinoazepines"</h4>
<div class="paragraph">
<p>Piperazinoazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspiperidines">drugs:organoheterocyclic-compounds="piperidines"</h4>
<div class="paragraph">
<p>Piperidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspteridines_and_derivatives">drugs:organoheterocyclic-compounds="pteridines-and-derivatives"</h4>
<div class="paragraph">
<p>Pteridines and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyranodioxins">drugs:organoheterocyclic-compounds="pyranodioxins"</h4>
<div class="paragraph">
<p>Pyranodioxins</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyranopyridines">drugs:organoheterocyclic-compounds="pyranopyridines"</h4>
<div class="paragraph">
<p>Pyranopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyranopyrimidines">drugs:organoheterocyclic-compounds="pyranopyrimidines"</h4>
<div class="paragraph">
<p>Pyranopyrimidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrans">drugs:organoheterocyclic-compounds="pyrans"</h4>
<div class="paragraph">
<p>Pyrans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrazolopyridines">drugs:organoheterocyclic-compounds="pyrazolopyridines"</h4>
<div class="paragraph">
<p>Pyrazolopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrazolopyrimidines">drugs:organoheterocyclic-compounds="pyrazolopyrimidines"</h4>
<div class="paragraph">
<p>Pyrazolopyrimidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrazolotriazines">drugs:organoheterocyclic-compounds="pyrazolotriazines"</h4>
<div class="paragraph">
<p>Pyrazolotriazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyridines_and_derivatives">drugs:organoheterocyclic-compounds="pyridines-and-derivatives"</h4>
<div class="paragraph">
<p>Pyridines and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyridopyrimidines">drugs:organoheterocyclic-compounds="pyridopyrimidines"</h4>
<div class="paragraph">
<p>Pyridopyrimidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrroles">drugs:organoheterocyclic-compounds="pyrroles"</h4>
<div class="paragraph">
<p>Pyrroles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolidines">drugs:organoheterocyclic-compounds="pyrrolidines"</h4>
<div class="paragraph">
<p>Pyrrolidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolines">drugs:organoheterocyclic-compounds="pyrrolines"</h4>
<div class="paragraph">
<p>Pyrrolines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolizines">drugs:organoheterocyclic-compounds="pyrrolizines"</h4>
<div class="paragraph">
<p>Pyrrolizines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrroloazepines">drugs:organoheterocyclic-compounds="pyrroloazepines"</h4>
<div class="paragraph">
<p>Pyrroloazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolopyrazines">drugs:organoheterocyclic-compounds="pyrrolopyrazines"</h4>
<div class="paragraph">
<p>Pyrrolopyrazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolopyrazoles">drugs:organoheterocyclic-compounds="pyrrolopyrazoles"</h4>
<div class="paragraph">
<p>Pyrrolopyrazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolopyridines">drugs:organoheterocyclic-compounds="pyrrolopyridines"</h4>
<div class="paragraph">
<p>Pyrrolopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolopyrimidines">drugs:organoheterocyclic-compounds="pyrrolopyrimidines"</h4>
<div class="paragraph">
<p>Pyrrolopyrimidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundspyrrolotriazines">drugs:organoheterocyclic-compounds="pyrrolotriazines"</h4>
<div class="paragraph">
<p>Pyrrolotriazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsquinolines_and_derivatives">drugs:organoheterocyclic-compounds="quinolines-and-derivatives"</h4>
<div class="paragraph">
<p>Quinolines and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsquinuclidines">drugs:organoheterocyclic-compounds="quinuclidines"</h4>
<div class="paragraph">
<p>Quinuclidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsselenazoles">drugs:organoheterocyclic-compounds="selenazoles"</h4>
<div class="paragraph">
<p>Selenazoles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstetrahydrofurans">drugs:organoheterocyclic-compounds="tetrahydrofurans"</h4>
<div class="paragraph">
<p>Tetrahydrofurans</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstetrahydroisoquinolines">drugs:organoheterocyclic-compounds="tetrahydroisoquinolines"</h4>
<div class="paragraph">
<p>Tetrahydroisoquinolines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstetrapyrroles_and_derivatives">drugs:organoheterocyclic-compounds="tetrapyrroles-and-derivatives"</h4>
<div class="paragraph">
<p>Tetrapyrroles and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiadiazinanes">drugs:organoheterocyclic-compounds="thiadiazinanes"</h4>
<div class="paragraph">
<p>Thiadiazinanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiadiazines">drugs:organoheterocyclic-compounds="thiadiazines"</h4>
<div class="paragraph">
<p>Thiadiazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthianes">drugs:organoheterocyclic-compounds="thianes"</h4>
<div class="paragraph">
<p>Thianes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiazepines">drugs:organoheterocyclic-compounds="thiazepines"</h4>
<div class="paragraph">
<p>Thiazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiazinanes">drugs:organoheterocyclic-compounds="thiazinanes"</h4>
<div class="paragraph">
<p>Thiazinanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiazines">drugs:organoheterocyclic-compounds="thiazines"</h4>
<div class="paragraph">
<p>Thiazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthienodiazepines">drugs:organoheterocyclic-compounds="thienodiazepines"</h4>
<div class="paragraph">
<p>Thienodiazepines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthienoimidazolidines">drugs:organoheterocyclic-compounds="thienoimidazolidines"</h4>
<div class="paragraph">
<p>Thienoimidazolidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthienopyridines">drugs:organoheterocyclic-compounds="thienopyridines"</h4>
<div class="paragraph">
<p>Thienopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthienopyrimidines">drugs:organoheterocyclic-compounds="thienopyrimidines"</h4>
<div class="paragraph">
<p>Thienopyrimidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthienopyrroles">drugs:organoheterocyclic-compounds="thienopyrroles"</h4>
<div class="paragraph">
<p>Thienopyrroles</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthienothiazines">drugs:organoheterocyclic-compounds="thienothiazines"</h4>
<div class="paragraph">
<p>Thienothiazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiochromanes">drugs:organoheterocyclic-compounds="thiochromanes"</h4>
<div class="paragraph">
<p>Thiochromanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiochromenes">drugs:organoheterocyclic-compounds="thiochromenes"</h4>
<div class="paragraph">
<p>Thiochromenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiolanes">drugs:organoheterocyclic-compounds="thiolanes"</h4>
<div class="paragraph">
<p>Thiolanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundsthiophenes">drugs:organoheterocyclic-compounds="thiophenes"</h4>
<div class="paragraph">
<p>Thiophenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstriazinanes">drugs:organoheterocyclic-compounds="triazinanes"</h4>
<div class="paragraph">
<p>Triazinanes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstriazines">drugs:organoheterocyclic-compounds="triazines"</h4>
<div class="paragraph">
<p>Triazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstriazolopyrazines">drugs:organoheterocyclic-compounds="triazolopyrazines"</h4>
<div class="paragraph">
<p>Triazolopyrazines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstriazolopyridines">drugs:organoheterocyclic-compounds="triazolopyridines"</h4>
<div class="paragraph">
<p>Triazolopyridines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstriazolopyrimidines">drugs:organoheterocyclic-compounds="triazolopyrimidines"</h4>
<div class="paragraph">
<p>Triazolopyrimidines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganoheterocyclic_compoundstrioxanes">drugs:organoheterocyclic-compounds="trioxanes"</h4>
<div class="paragraph">
<p>Trioxanes</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organometallic_compounds">organometallic-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganometallic_compoundsorganometalloid_compounds">drugs:organometallic-compounds="organometalloid-compounds"</h4>
<div class="paragraph">
<p>Organometalloid compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganometallic_compoundsorgano_post_transition_metal_compounds">drugs:organometallic-compounds="organo-post-transition-metal-compounds"</h4>
<div class="paragraph">
<p>Organo-post-transition metal compounds</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organophosphorus_compounds">organophosphorus-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganophosphorus_compoundsorganic_phosphines_and_derivatives">drugs:organophosphorus-compounds="organic-phosphines-and-derivatives"</h4>
<div class="paragraph">
<p>Organic phosphines and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganophosphorus_compoundsorganophosphinic_acids_and_derivatives">drugs:organophosphorus-compounds="organophosphinic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Organophosphinic acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganophosphorus_compoundsorganothiophosphorus_compounds">drugs:organophosphorus-compounds="organothiophosphorus-compounds"</h4>
<div class="paragraph">
<p>Organothiophosphorus compounds</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_organosulfur_compounds">organosulfur-compounds</h3>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundsisothioureas">drugs:organosulfur-compounds="isothioureas"</h4>
<div class="paragraph">
<p>Isothioureas</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundsorganic_disulfides">drugs:organosulfur-compounds="organic-disulfides"</h4>
<div class="paragraph">
<p>Organic disulfides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundssulfonyls">drugs:organosulfur-compounds="sulfonyls"</h4>
<div class="paragraph">
<p>Sulfonyls</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundssulfoxides">drugs:organosulfur-compounds="sulfoxides"</h4>
<div class="paragraph">
<p>Sulfoxides</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundsthiocarbonyl_compounds">drugs:organosulfur-compounds="thiocarbonyl-compounds"</h4>
<div class="paragraph">
<p>Thiocarbonyl compounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundsthioethers">drugs:organosulfur-compounds="thioethers"</h4>
<div class="paragraph">
<p>Thioethers</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundsthiols">drugs:organosulfur-compounds="thiols"</h4>
<div class="paragraph">
<p>Thiols</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsorganosulfur_compoundsthioureas">drugs:organosulfur-compounds="thioureas"</h4>
<div class="paragraph">
<p>Thioureas</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_phenylpropanoids_and_polyketides">phenylpropanoids-and-polyketides</h3>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketides2_arylbenzofuran_flavonoids">drugs:phenylpropanoids-and-polyketides="2-arylbenzofuran-flavonoids"</h4>
<div class="paragraph">
<p>2-arylbenzofuran flavonoids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesanthracyclines">drugs:phenylpropanoids-and-polyketides="anthracyclines"</h4>
<div class="paragraph">
<p>Anthracyclines</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesaurone_flavonoids">drugs:phenylpropanoids-and-polyketides="aurone-flavonoids"</h4>
<div class="paragraph">
<p>Aurone flavonoids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidescinnamic_acids_and_derivatives">drugs:phenylpropanoids-and-polyketides="cinnamic-acids-and-derivatives"</h4>
<div class="paragraph">
<p>Cinnamic acids and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidescinnamyl_alcohols">drugs:phenylpropanoids-and-polyketides="cinnamyl-alcohols"</h4>
<div class="paragraph">
<p>Cinnamyl alcohols</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidescoumarins_and_derivatives">drugs:phenylpropanoids-and-polyketides="coumarins-and-derivatives"</h4>
<div class="paragraph">
<p>Coumarins and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesdepsides_and_depsidones">drugs:phenylpropanoids-and-polyketides="depsides-and-depsidones"</h4>
<div class="paragraph">
<p>Depsides and depsidones</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesdiarylheptanoids">drugs:phenylpropanoids-and-polyketides="diarylheptanoids"</h4>
<div class="paragraph">
<p>Diarylheptanoids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesflavonoids">drugs:phenylpropanoids-and-polyketides="flavonoids"</h4>
<div class="paragraph">
<p>Flavonoids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesisochromanequinones">drugs:phenylpropanoids-and-polyketides="isochromanequinones"</h4>
<div class="paragraph">
<p>Isochromanequinones</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesisocoumarins_and_derivatives">drugs:phenylpropanoids-and-polyketides="isocoumarins-and-derivatives"</h4>
<div class="paragraph">
<p>Isocoumarins and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesisoflavonoids">drugs:phenylpropanoids-and-polyketides="isoflavonoids"</h4>
<div class="paragraph">
<p>Isoflavonoids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketideslinear_13_diarylpropanoids">drugs:phenylpropanoids-and-polyketides="linear-1,3-diarylpropanoids"</h4>
<div class="paragraph">
<p>Linear 1,3-diarylpropanoids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesmacrolactams">drugs:phenylpropanoids-and-polyketides="macrolactams"</h4>
<div class="paragraph">
<p>Macrolactams</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesmacrolide_lactams">drugs:phenylpropanoids-and-polyketides="macrolide-lactams"</h4>
<div class="paragraph">
<p>Macrolide lactams</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesmacrolides_and_analogues">drugs:phenylpropanoids-and-polyketides="macrolides-and-analogues"</h4>
<div class="paragraph">
<p>Macrolides and analogues</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesneoflavonoids">drugs:phenylpropanoids-and-polyketides="neoflavonoids"</h4>
<div class="paragraph">
<p>Neoflavonoids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesphenylpropanoic_acids">drugs:phenylpropanoids-and-polyketides="phenylpropanoic-acids"</h4>
<div class="paragraph">
<p>Phenylpropanoic acids</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidessaxitoxins_gonyautoxins_and_derivatives">drugs:phenylpropanoids-and-polyketides="saxitoxins,-gonyautoxins,-and-derivatives"</h4>
<div class="paragraph">
<p>Saxitoxins, gonyautoxins, and derivatives</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidesstilbenes">drugs:phenylpropanoids-and-polyketides="stilbenes"</h4>
<div class="paragraph">
<p>Stilbenes</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidestannins">drugs:phenylpropanoids-and-polyketides="tannins"</h4>
<div class="paragraph">
<p>Tannins</p>
</div>
</div>
<div class="sect3">
<h4 id="_drugsphenylpropanoids_and_polyketidestetracyclines">drugs:phenylpropanoids-and-polyketides="tetracyclines"</h4>
<div class="paragraph">
<p>Tetracyclines</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_economical_impact">economical-impact</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
economical-impact namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/economical-impact/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).</p>
</div>
<div class="sect2">
<h3 id="_loss">loss</h3>
<div class="paragraph">
<p>A financial impact evaluated as a casuality.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_economical_impactlossnone">economical-impact:loss="none"</h4>
<div class="paragraph">
<p>No loss</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossless_than_25k_eur">economical-impact:loss="less-than-25k-eur"</h4>
<div class="paragraph">
<p>Less than 25K EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="10"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossless_than_50k_euro">economical-impact:loss="less-than-50k-euro"</h4>
<div class="paragraph">
<p>Less than 50K EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossless_than_100k_euro">economical-impact:loss="less-than-100k-euro"</h4>
<div class="paragraph">
<p>Less than 100K EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossless_than_1m_euro">economical-impact:loss="less-than-1M-euro"</h4>
<div class="paragraph">
<p>Less than 1 million EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossless_than_10m_euro">economical-impact:loss="less-than-10M-euro"</h4>
<div class="paragraph">
<p>Less than 10 million EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossless_than_100m_euro">economical-impact:loss="less-than-100M-euro"</h4>
<div class="paragraph">
<p>Less than 100 million EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="60"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossless_than_1b_euro">economical-impact:loss="less-than-1B-euro"</h4>
<div class="paragraph">
<p>Less than 1 billion EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="70"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactlossmore_than_1b_euro">economical-impact:loss="more-than-1B-euro"</h4>
<div class="paragraph">
<p>More than 1 billion EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_gain">gain</h3>
<div class="paragraph">
<p>A financial impact evaluated as a benefit.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_economical_impactgainnone">economical-impact:gain="none"</h4>
<div class="paragraph">
<p>No gain</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainless_than_25k_eur">economical-impact:gain="less-than-25k-eur"</h4>
<div class="paragraph">
<p>Less than 25K EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="10"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainless_than_50k_euro">economical-impact:gain="less-than-50k-euro"</h4>
<div class="paragraph">
<p>Less than 50K EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainless_than_100k_euro">economical-impact:gain="less-than-100k-euro"</h4>
<div class="paragraph">
<p>Less than 100K EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainless_than_1m_euro">economical-impact:gain="less-than-1M-euro"</h4>
<div class="paragraph">
<p>Less than 1 million EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainless_than_10m_euro">economical-impact:gain="less-than-10M-euro"</h4>
<div class="paragraph">
<p>Less than 10 million EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainless_than_100m_euro">economical-impact:gain="less-than-100M-euro"</h4>
<div class="paragraph">
<p>Less than 100 million EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="60"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainless_than_1b_euro">economical-impact:gain="less-than-1B-euro"</h4>
<div class="paragraph">
<p>Less than 1 billion EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="70"</p>
</div>
</div>
<div class="sect3">
<h4 id="_economical_impactgainmore_than_1b_euro">economical-impact:gain="more-than-1B-euro"</h4>
<div class="paragraph">
<p>More than 1 billion EUR</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ecsirt">ecsirt</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ecsirt namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ecsirt/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Incident Classification by the ecsirt.net version mkVI of 31 March 2015 enriched with IntelMQ taxonomy-type mapping.</p>
</div>
<div class="sect2">
<h3 id="_abusive_content_3">abusive-content</h3>
<div class="paragraph">
<p>Abusive Content.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtabusive_contentspam">ecsirt:abusive-content="spam"</h4>
<div class="paragraph">
<p>spam</p>
</div>
<div class="paragraph">
<p>Or 'Unsolicited Bulk Email', this means that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having a functionally comparable content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtabusive_contentharmful_speech">ecsirt:abusive-content="harmful-speech"</h4>
<div class="paragraph">
<p>Harmful Speech</p>
</div>
<div class="paragraph">
<p>Discreditation or discrimination of somebody e.g. cyber stalking, racism and threats against one or more individuals).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtabusive_contentviolence">ecsirt:abusive-content="violence"</h4>
<div class="paragraph">
<p>Child/Sexual/Violence/&#8230;&#8203;</p>
</div>
<div class="paragraph">
<p>Child Pornography, glorification of violence, &#8230;&#8203;</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malicious_code_2">malicious-code</h3>
<div class="paragraph">
<p>Software that is intentionally included or inserted in a system for a harmful purpose. A user interaction is normally necessary to activate the code.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codevirus">ecsirt:malicious-code="virus"</h4>
<div class="paragraph">
<p>Virus</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codeworm">ecsirt:malicious-code="worm"</h4>
<div class="paragraph">
<p>Worm</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codetrojan">ecsirt:malicious-code="trojan"</h4>
<div class="paragraph">
<p>Trojan</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codespyware">ecsirt:malicious-code="spyware"</h4>
<div class="paragraph">
<p>Spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codedialer">ecsirt:malicious-code="dialer"</h4>
<div class="paragraph">
<p>Dialer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_coderootkit">ecsirt:malicious-code="rootkit"</h4>
<div class="paragraph">
<p>Rootkit</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codemalware">ecsirt:malicious-code="malware"</h4>
<div class="paragraph">
<p>Malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codebotnet_drone">ecsirt:malicious-code="botnet-drone"</h4>
<div class="paragraph">
<p>Botnet drone</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_coderansomware">ecsirt:malicious-code="ransomware"</h4>
<div class="paragraph">
<p>Ransomware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codemalware_configuration">ecsirt:malicious-code="malware-configuration"</h4>
<div class="paragraph">
<p>Malware configuration</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtmalicious_codecc">ecsirt:malicious-code="c&amp;c"</h4>
<div class="paragraph">
<p>C&amp;C</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering_3">information-gathering</h3>
<div class="paragraph">
<p>Information Gathering.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtinformation_gatheringscanner">ecsirt:information-gathering="scanner"</h4>
<div class="paragraph">
<p>Scanning</p>
</div>
<div class="paragraph">
<p>Attacks that send requests to a system to discover weak points. This includes also some kind of testing processes to gather information about hosts, services and accounts. Examples: fingerd, DNS querying, ICMP, SMTP (EXPN, RCPT, &#8230;&#8203;), port scanning.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtinformation_gatheringsniffing">ecsirt:information-gathering="sniffing"</h4>
<div class="paragraph">
<p>Sniffing</p>
</div>
<div class="paragraph">
<p>Observing and recording of network traffic (wiretapping).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtinformation_gatheringsocial_engineering">ecsirt:information-gathering="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
<div class="paragraph">
<p>Gathering information from a human being in a non-technical way (e.g. lies, tricks, bribes, or threats).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempts_2">intrusion-attempts</h3>
<div class="paragraph">
<p>Intrusion Attempts.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusion_attemptsids_alert">ecsirt:intrusion-attempts="ids-alert"</h4>
<div class="paragraph">
<p>Exploiting of known Vulnerabilities</p>
</div>
<div class="paragraph">
<p>An attempt to compromise a system or to disrupt any service by exploiting vunerabilities with a standardised identifier such as CVE name (e.g. buffer overflow, backdoor, cross site scripting, etc.)</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusion_attemptsbrute_force">ecsirt:intrusion-attempts="brute-force"</h4>
<div class="paragraph">
<p>Login attempts</p>
</div>
<div class="paragraph">
<p>Multiple login attempts (Guessing / cracking of passwords, brute force).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusion_attemptsexploit">ecsirt:intrusion-attempts="exploit"</h4>
<div class="paragraph">
<p>New attack signature</p>
</div>
<div class="paragraph">
<p>An attempt using an unknown exploit.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusions">intrusions</h3>
<div class="paragraph">
<p>A successful compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorized local access. Also includes being part of a botnet.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusionsprivileged_account_compromise">ecsirt:intrusions="privileged-account-compromise"</h4>
<div class="paragraph">
<p>Privileged Account Compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusionsunprivileged_account_compromise">ecsirt:intrusions="unprivileged-account-compromise"</h4>
<div class="paragraph">
<p>Unprivileged Account Compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusionsapplication_compromise">ecsirt:intrusions="application-compromise"</h4>
<div class="paragraph">
<p>Application Compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusionsbot">ecsirt:intrusions="bot"</h4>
<div class="paragraph">
<p>Bot</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusionsdefacement">ecsirt:intrusions="defacement"</h4>
<div class="paragraph">
<p>defacement</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusionscompromised">ecsirt:intrusions="compromised"</h4>
<div class="paragraph">
<p>compromised</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtintrusionsbackdoor">ecsirt:intrusions="backdoor"</h4>
<div class="paragraph">
<p>backdoor</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability_3">availability</h3>
<div class="paragraph">
<p>By this kind of an attack a system is bombarded with so many packets that the operations are delayed or the system crashes. DoS examples are ICMP and SYN floods, Teardrop attacks and mail-bombing. DDoS often is based on DoS attacks originating from botnets, but also other scenarios exist like DNS Amplification attacks. However, the availability also can be affected by local actions (destruction, disruption of power supply, etc.) or by Act of God, spontaneous failures or human error, without malice or gross neglect being involved.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtavailabilitydos">ecsirt:availability="dos"</h4>
<div class="paragraph">
<p>DoS</p>
</div>
<div class="paragraph">
<p>Denial of Service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtavailabilityddos">ecsirt:availability="ddos"</h4>
<div class="paragraph">
<p>DDoS</p>
</div>
<div class="paragraph">
<p>Distributed Denial of Service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtavailabilitysabotage">ecsirt:availability="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
<div class="paragraph">
<p>Sabotage.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtavailabilityoutage">ecsirt:availability="outage"</h4>
<div class="paragraph">
<p>Outage (no malice)</p>
</div>
<div class="paragraph">
<p>Outage (no malice).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_content_security_2">information-content-security</h3>
<div class="paragraph">
<p>Besides a local abuse of data and systems the information security can be endangered by a successful account or application compromise. Furthermore attacks are possible that intercept and access information during transmission (wiretapping, spoofing or hijacking). Human/configuration/software error can also be the cause.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtinformation_content_securityunauthorised_information_access">ecsirt:information-content-security="Unauthorised-information-access"</h4>
<div class="paragraph">
<p>Unauthorised access to information</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtinformation_content_securityunauthorised_information_modification">ecsirt:information-content-security="Unauthorised-information-modification"</h4>
<div class="paragraph">
<p>Unauthorised modification of information</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtinformation_content_securitydropzone">ecsirt:information-content-security="dropzone"</h4>
<div class="paragraph">
<p>dropzone</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud_3">fraud</h3>
<div class="paragraph">
<p>Fraud.</p>
</div>
<div class="sect3">
<h4 id="_ecsirtfraudunauthorized_use_of_resources">ecsirt:fraud="unauthorized-use-of-resources"</h4>
<div class="paragraph">
<p>Unauthorized use of resources</p>
</div>
<div class="paragraph">
<p>Using resources for unauthorized purposes including profit-making ventures (E.g. the use of e-mail to participate in illegal profit chain letters or pyramid schemes).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtfraudcopyright">ecsirt:fraud="copyright"</h4>
<div class="paragraph">
<p>Copyright</p>
</div>
<div class="paragraph">
<p>Offering or Installing copies of unlicensed commercial software or other copyright protected materials (Warez).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtfraudmasquerade">ecsirt:fraud="masquerade"</h4>
<div class="paragraph">
<p>Masquerade</p>
</div>
<div class="paragraph">
<p>Type of attacks in which one entity illegitimately assumes the identity of another in order to benefit from it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtfraudphishing">ecsirt:fraud="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Masquerading as another entity in order to persuade the user to reveal a private credential.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerable_2">vulnerable</h3>
<div class="paragraph">
<p>Open resolvers, world readable printers, vulnerability apparent from Nessus etc scans, virus signatures not up-to-date, etc</p>
</div>
<div class="sect3">
<h4 id="_ecsirtvulnerablevulnerable_service">ecsirt:vulnerable="vulnerable-service"</h4>
<div class="paragraph">
<p>Open for abuse</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_5">other</h3>
<div class="paragraph">
<p>All incidents which don&#8217;t fit in one of the given categories should be put into this class. If the number of incidents in this category increases, it is an indicator that the classification scheme must be revised</p>
</div>
<div class="sect3">
<h4 id="_ecsirtotherblacklist">ecsirt:other="blacklist"</h4>
<div class="paragraph">
<p>blacklist</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtotherunknown">ecsirt:other="unknown"</h4>
<div class="paragraph">
<p>unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirtotherother">ecsirt:other="other"</h4>
<div class="paragraph">
<p>other</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_test_2">test</h3>
<div class="paragraph">
<p>Meant for testing.</p>
</div>
<div class="sect3">
<h4 id="_ecsirttesttest">ecsirt:test="test"</h4>
<div class="paragraph">
<p>Test</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_enisa">enisa</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
enisa namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/enisa/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.</p>
</div>
<div class="sect2">
<h3 id="_physical_attack">physical-attack</h3>
<div class="paragraph">
<p>Threats of intentional, hostile human actions.</p>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackfraud">enisa:physical-attack="fraud"</h4>
<div class="paragraph">
<p>Fraud</p>
</div>
<div class="paragraph">
<p>Fraud committed by humans.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackfraud_by_employees">enisa:physical-attack="fraud-by-employees"</h4>
<div class="paragraph">
<p>Fraud committed by employees</p>
</div>
<div class="paragraph">
<p>Fraud committed by employees or others that are in relation with entities, who have access to entities' information and IT assets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attacksabotage">enisa:physical-attack="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
<div class="paragraph">
<p>Intentional actions (non-fulfilment or defective fulfilment of personal duties) aimed to cause disruption or damage to IT assets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackvandalism">enisa:physical-attack="vandalism"</h4>
<div class="paragraph">
<p>Vandalism</p>
</div>
<div class="paragraph">
<p>Act of physically damaging IT assets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attacktheft">enisa:physical-attack="theft"</h4>
<div class="paragraph">
<p>Theft (of devices, storage media and documents)</p>
</div>
<div class="paragraph">
<p>Stealing information or IT assets. Robbery.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attacktheft_of_mobile_devices">enisa:physical-attack="theft-of-mobile-devices"</h4>
<div class="paragraph">
<p>Theft of mobile devices (smartphones/ tablets)</p>
</div>
<div class="paragraph">
<p>Taking away another person&#8217;s property in the form of mobile devices, for example smartphones, tablets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attacktheft_of_fixed_hardware">enisa:physical-attack="theft-of-fixed-hardware"</h4>
<div class="paragraph">
<p>Theft of fixed hardware</p>
</div>
<div class="paragraph">
<p>Taking away another person&#8217;s hardware property (except mobile devices), which often contains business-sensitive data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attacktheft_of_documents">enisa:physical-attack="theft-of-documents"</h4>
<div class="paragraph">
<p>Theft of documents</p>
</div>
<div class="paragraph">
<p>Stealing documents from private/company archives, often for the purpose of re-sale or to achieve personal benefits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attacktheft_of_backups">enisa:physical-attack="theft-of-backups"</h4>
<div class="paragraph">
<p>Theft of backups</p>
</div>
<div class="paragraph">
<p>Stealing media devices, on which copies of essential information are kept.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackinformation_leak_or_unauthorised_sharing">enisa:physical-attack="information-leak-or-unauthorised-sharing"</h4>
<div class="paragraph">
<p>Information leak /sharing</p>
</div>
<div class="paragraph">
<p>Sharing information with unauthorised entities. Loss of information confidentiality due to intentional human actions (e.g., information leak may occur due to loss of paper copies of confidential information).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackunauthorised_physical_access_or_unauthorised_entry_to_premises">enisa:physical-attack="unauthorised-physical-access-or-unauthorised-entry-to-premises"</h4>
<div class="paragraph">
<p>Unauthorized physical access / Unauthorised entry to premises</p>
</div>
<div class="paragraph">
<p>Unapproved access to facility.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackcoercion_or_extortion_or_corruption">enisa:physical-attack="coercion-or-extortion-or-corruption"</h4>
<div class="paragraph">
<p>Coercion, extortion or corruption</p>
</div>
<div class="paragraph">
<p>Actions following acts of coercion, extortion or corruption.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackdamage_from_the_wafare">enisa:physical-attack="damage-from-the-wafare"</h4>
<div class="paragraph">
<p>Damage from the warfare</p>
</div>
<div class="paragraph">
<p>Threats of direct impact of warfare activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaphysical_attackterrorist_attack">enisa:physical-attack="terrorist-attack"</h4>
<div class="paragraph">
<p>Terrorist attack</p>
</div>
<div class="paragraph">
<p>Threats from terrorists.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unintentional_damage">unintentional-damage</h3>
<div class="paragraph">
<p>Threats of unintentional human actions or errors.</p>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageinformation_leak_or_sharing_due_to_human_error">enisa:unintentional-damage="information-leak-or-sharing-due-to-human-error"</h4>
<div class="paragraph">
<p>Information leak /sharing due to human error</p>
</div>
<div class="paragraph">
<p>Information leak / sharing caused by humans, due to their mistakes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageaccidental_leaks_or_sharing_of_data_by_employees">enisa:unintentional-damage="accidental-leaks-or-sharing-of-data-by-employees"</h4>
<div class="paragraph">
<p>Accidental leaks/sharing of data by employees</p>
</div>
<div class="paragraph">
<p>Unintentional distribution of private or sensitive data to an unauthorized entity by a staff member.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageleaks_of_data_via_mobile_applications">enisa:unintentional-damage="leaks-of-data-via-mobile-applications"</h4>
<div class="paragraph">
<p>Leaks of data via mobile applications</p>
</div>
<div class="paragraph">
<p>Threat of leaking private data (a result of using applications for mobile devices).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageleaks_of_data_via_web_applications">enisa:unintentional-damage="leaks-of-data-via-web-applications"</h4>
<div class="paragraph">
<p>Leaks of data via Web applications</p>
</div>
<div class="paragraph">
<p>Threat of leaking important information using web applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageleaks_of_information_transferred_by_network">enisa:unintentional-damage="leaks-of-information-transferred-by-network"</h4>
<div class="paragraph">
<p>Leaks of information transferred by network</p>
</div>
<div class="paragraph">
<p>Threat of eavesdropping of unsecured network traffic.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageerroneous_use_or_administration_of_devices_and_systems">enisa:unintentional-damage="erroneous-use-or-administration-of-devices-and-systems"</h4>
<div class="paragraph">
<p>Erroneous use or administration of devices and systems</p>
</div>
<div class="paragraph">
<p>Information leak / sharing / damage caused by misuse of IT assets (lack of awareness of application features) or wrong / improper IT assets configuration or management.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_information_due_to_maintenance_errors_or_operators_errors">enisa:unintentional-damage="loss-of-information-due-to-maintenance-errors-or-operators-errors"</h4>
<div class="paragraph">
<p>Loss of information due to maintenance errors / operators' errors</p>
</div>
<div class="paragraph">
<p>Threat of loss of information by incorrectly performed maintenance of devices or systems or other operator activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_information_due_to_configuration_or_installation_error">enisa:unintentional-damage="loss-of-information-due-to-configuration-or-installation error"</h4>
<div class="paragraph">
<p>Loss of information due to configuration/ installation error</p>
</div>
<div class="paragraph">
<p>Threat of loss of information due to errors in installation or system configuration.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageincreasing_recovery_time">enisa:unintentional-damage="increasing-recovery-time"</h4>
<div class="paragraph">
<p>Increasing recovery time</p>
</div>
<div class="paragraph">
<p>Threat of unavailability of information due to errors in the use of backup media and increasing information recovery time.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damagelost_of_information_due_to_user_errors">enisa:unintentional-damage="lost-of-information-due-to-user-errors"</h4>
<div class="paragraph">
<p>Loss of information due to user errors</p>
</div>
<div class="paragraph">
<p>Threat of unavailability of information or damage to IT assets caused by user errors (using IT infrastructure) or IT software recovery time.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageusing_information_from_an_unreliable_source">enisa:unintentional-damage="using-information-from-an-unreliable-source"</h4>
<div class="paragraph">
<p>Using information from an unreliable source</p>
</div>
<div class="paragraph">
<p>Bad decisions based on unreliable sources of information or unchecked information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageunintentional_change_of_data_in_an_information_system">enisa:unintentional-damage="unintentional-change-of-data-in-an-information-system"</h4>
<div class="paragraph">
<p>Unintentional change of data in an information system</p>
</div>
<div class="paragraph">
<p>Loss of information integrity due to human error (information system user mistake).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageinadequate_design_and_planning_or_improper_adaptation">enisa:unintentional-damage="inadequate-design-and-planning-or-improper-adaptation"</h4>
<div class="paragraph">
<p>Inadequate design and planning or improper adaptation</p>
</div>
<div class="paragraph">
<p>Threats caused by improper IT assets or business processes design (inadequate specifications of IT products, inadequate usability, insecure interfaces, policy/procedure flows, design errors).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damagedamage_caused_by_a_third_party">enisa:unintentional-damage="damage-caused-by-a-third-party"</h4>
<div class="paragraph">
<p>Damage caused by a third party</p>
</div>
<div class="paragraph">
<p>Threats of damage to IT assets caused by third party.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damagesecurity_failure_caused_by_third_party">enisa:unintentional-damage="security-failure-caused-by-third-party"</h4>
<div class="paragraph">
<p>Security failure caused by third party</p>
</div>
<div class="paragraph">
<p>Threats of damage to IT assets caused by breach of security regulations by third party.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damagedamages_resulting_from_penetration_testing">enisa:unintentional-damage="damages-resulting-from-penetration-testing"</h4>
<div class="paragraph">
<p>Damages resulting from penetration testing</p>
</div>
<div class="paragraph">
<p>Threats to information systems caused by conducting IT penetration tests inappropriately.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_information_in_the_cloud">enisa:unintentional-damage="loss-of-information-in-the-cloud"</h4>
<div class="paragraph">
<p>Loss of information in the cloud</p>
</div>
<div class="paragraph">
<p>Threats of losing information or data stored in the cloud.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_integrity_of_sensitive_information">enisa:unintentional-damage="loss-of-(integrity-of)-sensitive-information"</h4>
<div class="paragraph">
<p>Loss of (integrity of) sensitive information</p>
</div>
<div class="paragraph">
<p>Threats of losing information or data, or changing information classified as sensitive.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_integrity_of_certificates">enisa:unintentional-damage="loss-of-integrity-of-certificates"</h4>
<div class="paragraph">
<p>Loss of integrity of certificates</p>
</div>
<div class="paragraph">
<p>Threat of losing integrity of certificates used for authorisation services</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_devices_and_storage_media_and_documents">enisa:unintentional-damage="loss-of-devices-and-storage-media-and-documents"</h4>
<div class="paragraph">
<p>Loss of devices, storage media and documents</p>
</div>
<div class="paragraph">
<p>Threats of unavailability (losing) of IT assets and documents.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_devices_or_mobile_devices">enisa:unintentional-damage="loss-of-devices-or-mobile-devices"</h4>
<div class="paragraph">
<p>Loss of devices/ mobile devices</p>
</div>
<div class="paragraph">
<p>Threat of losing mobile devices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_storage_media">enisa:unintentional-damage="loss-of-storage-media"</h4>
<div class="paragraph">
<p>Loss of storage media</p>
</div>
<div class="paragraph">
<p>Threat of losing data-storage media.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageloss_of_documentation_of_it_infrastructure">enisa:unintentional-damage="loss-of-documentation-of-IT-Infrastructure"</h4>
<div class="paragraph">
<p>Loss of documentation of IT Infrastructure</p>
</div>
<div class="paragraph">
<p>Threat of losing important documentation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damagedestruction_of_records">enisa:unintentional-damage="destruction-of-records"</h4>
<div class="paragraph">
<p>Destruction of records</p>
</div>
<div class="paragraph">
<p>Threats of unavailability (destruction) of data and records (information) stored in devices and storage media.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageinfection_of_removable_media">enisa:unintentional-damage="infection-of-removable-media"</h4>
<div class="paragraph">
<p>Infection of removable media</p>
</div>
<div class="paragraph">
<p>Threat of loss of important data due to using removable media, web or mail infection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaunintentional_damageabuse_of_storage">enisa:unintentional-damage="abuse-of-storage"</h4>
<div class="paragraph">
<p>Abuse of storage</p>
</div>
<div class="paragraph">
<p>Threat of loss of records by improper /unauthorised use of storage devices.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disaster">disaster</h3>
<div class="paragraph">
<p>Threats of damage to information assets caused by natural or environmental factors.</p>
</div>
<div class="sect3">
<h4 id="_enisadisasterdisaster">enisa:disaster="disaster"</h4>
<div class="paragraph">
<p>Disaster (natural earthquakes, floods, landslides, tsunamis, heavy rains, heavy snowfalls, heavy winds)</p>
</div>
<div class="paragraph">
<p>Large scale natural disasters.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterfire">enisa:disaster="fire"</h4>
<div class="paragraph">
<p>Fire</p>
</div>
<div class="paragraph">
<p>Threat of fire.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterpollution_dust_corrosion">enisa:disaster="pollution-dust-corrosion"</h4>
<div class="paragraph">
<p>Pollution, dust, corrosion</p>
</div>
<div class="paragraph">
<p>Threat of disruption of work of IT systems (hardware) due to pollution, dust or corrosion (arising from the air).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterthunderstrike">enisa:disaster="thunderstrike"</h4>
<div class="paragraph">
<p>Thunderstrike</p>
</div>
<div class="paragraph">
<p>Threat of damage to IT hardware caused by thunder strike (overvoltage).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterwater">enisa:disaster="water"</h4>
<div class="paragraph">
<p>Water</p>
</div>
<div class="paragraph">
<p>Threat of damage to IT hardware caused by water.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterexplosion">enisa:disaster="explosion"</h4>
<div class="paragraph">
<p>Explosion</p>
</div>
<div class="paragraph">
<p>Threat of damage to IT hardware caused by explosion.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterdangerous_radiation_leak">enisa:disaster="dangerous-radiation-leak"</h4>
<div class="paragraph">
<p>Dangerous radiation leak</p>
</div>
<div class="paragraph">
<p>Threat of damage to IT hardware caused by radiation leak.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterunfavourable_climatic_conditions">enisa:disaster="unfavourable-climatic-conditions"</h4>
<div class="paragraph">
<p>Unfavourable climatic conditions</p>
</div>
<div class="paragraph">
<p>Threat of disruption of work of IT systems due to climatic conditions that have a negative effect on hardware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterloss_of_data_or_accessibility_of_it_infrastructure_as_a_result_of_heightened_humidity">enisa:disaster="loss-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-heightened-humidity"</h4>
<div class="paragraph">
<p>Loss of data or accessibility of IT infrastructure as a result of heightened humidity</p>
</div>
<div class="paragraph">
<p>Threat of disruption of work of IT systems due to high humidity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterlost_of_data_or_accessibility_of_it_infrastructure_as_a_result_of_very_high_temperature">enisa:disaster="lost-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-very-high-temperature"</h4>
<div class="paragraph">
<p>Lost of data or accessibility of IT infrastructure as a result of very high temperature</p>
</div>
<div class="paragraph">
<p>Threat of disruption of work of IT systems due to high or low temperature.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterthreats_from_space_or_electromagnetic_storm">enisa:disaster="threats-from-space-or-electromagnetic-storm"</h4>
<div class="paragraph">
<p>Threats from space / Electromagnetic storm</p>
</div>
<div class="paragraph">
<p>Threats of the negative impact of solar radiation to satellites and radio wave communication systems - electromagnetic storm.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisadisasterwildlife">enisa:disaster="wildlife"</h4>
<div class="paragraph">
<p>Wildlife</p>
</div>
<div class="paragraph">
<p>Threat of destruction of IT assets caused by animals: mice, rats, birds.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_failures_malfunction">failures-malfunction</h3>
<div class="paragraph">
<p>Threat of failure/malfunction of IT supporting infrastructure (i.e. degradation of quality, improper working parameters, jamming). The cause of a failure is mostly an internal issue (e.g.. overload of the power grid in a building).</p>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_devices_or_systems">enisa:failures-malfunction="failure-of-devices-or-systems"</h4>
<div class="paragraph">
<p>Failure of devices or systems</p>
</div>
<div class="paragraph">
<p>Threat of failure of IT hardware and/or software assets or its parts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_data_media">enisa:failures-malfunction="failure-of-data-media"</h4>
<div class="paragraph">
<p>Failure of data media</p>
</div>
<div class="paragraph">
<p>Threat of failure of data media.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionhardware_failure">enisa:failures-malfunction="hardware-failure"</h4>
<div class="paragraph">
<p>Hardware failure</p>
</div>
<div class="paragraph">
<p>Threat of failure of IT hardware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_applications_and_services">enisa:failures-malfunction="failure-of-applications-and-services"</h4>
<div class="paragraph">
<p>Failure of applications and services</p>
</div>
<div class="paragraph">
<p>Threat of failure of software/applications or services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_parts_of_devices_connectors_plug_ins">enisa:failures-malfunction="failure-of-parts-of-devices-connectors-plug-ins"</h4>
<div class="paragraph">
<p>Failure of parts of devices (connectors, plug-ins)</p>
</div>
<div class="paragraph">
<p>Threat of failure of IT equipment or its part.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_or_disruption_of_communication_links_communication_networks">enisa:failures-malfunction="failure-or-disruption-of-communication-links-communication networks"</h4>
<div class="paragraph">
<p>Failure or disruption of communication links (communication networks)</p>
</div>
<div class="paragraph">
<p>Threat of failure or malfunction of communications links.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_cable_networks">enisa:failures-malfunction="failure-of-cable-networks"</h4>
<div class="paragraph">
<p>Failure of cable networks</p>
</div>
<div class="paragraph">
<p>Threat of failure of communications links due to problems with cable network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_wireless_networks">enisa:failures-malfunction="failure-of-wireless-networks"</h4>
<div class="paragraph">
<p>Failure of wireless networks</p>
</div>
<div class="paragraph">
<p>Threat of failure of communications links due to problems with wireless networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_mobile_networks">enisa:failures-malfunction="failure-of-mobile-networks"</h4>
<div class="paragraph">
<p>Failure of mobile networks</p>
</div>
<div class="paragraph">
<p>Threat of failure of communications links due to problems with mobile networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_or_disruption_of_main_supply">enisa:failures-malfunction="failure-or-disruption-of-main-supply"</h4>
<div class="paragraph">
<p>Failure or disruption of main supply</p>
</div>
<div class="paragraph">
<p>Threat of failure or disruption of supply required for information systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_or_disruption_of_power_supply">enisa:failures-malfunction="failure-or-disruption-of-power-supply"</h4>
<div class="paragraph">
<p>Failure or disruption of power supply</p>
</div>
<div class="paragraph">
<p>Threat of failure or malfunction of power supply.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_of_cooling_infrastructure">enisa:failures-malfunction="failure-of-cooling-infrastructure"</h4>
<div class="paragraph">
<p>Failure of cooling infrastructure</p>
</div>
<div class="paragraph">
<p>Threat of failure of IT assets due to improper work of cooling infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionfailure_or_disruption_of_service_providers_supply_chain">enisa:failures-malfunction="failure-or-disruption-of-service-providers-supply-chain"</h4>
<div class="paragraph">
<p>Failure or disruption of service providers (supply chain)</p>
</div>
<div class="paragraph">
<p>Threat of failure or disruption of third party services required for proper operation of information systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisafailures_malfunctionmalfunction_of_equipment_devices_or_systems">enisa:failures-malfunction="malfunction-of-equipment-devices-or-systems"</h4>
<div class="paragraph">
<p>Malfunction of equipment (devices or systems)</p>
</div>
<div class="paragraph">
<p>Threat of malfunction of IT hardware and/or software assets or its parts (i.e. improper working parameters, jamming, rebooting).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_outages">outages</h3>
<div class="paragraph">
<p>Threat of complete lack or loss of resources necessary for IT infrastructure. The cause of an outage is mostly an external issue (i.e electricity blackout in the whole city).</p>
</div>
<div class="sect3">
<h4 id="_enisaoutagesabsence_of_personnel">enisa:outages="absence-of-personnel"</h4>
<div class="paragraph">
<p>Absence of personnel</p>
</div>
<div class="paragraph">
<p>Unavailability of key personnel and their competences.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaoutagesstrike">enisa:outages="strike"</h4>
<div class="paragraph">
<p>Strike</p>
</div>
<div class="paragraph">
<p>Unavailability of staff due to a strike (large scale absence of personnel).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaoutagesloss_of_support_services">enisa:outages="loss-of-support-services"</h4>
<div class="paragraph">
<p>Loss of support services</p>
</div>
<div class="paragraph">
<p>Unavailability of support services required for proper operation of the information system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaoutagesinternet_outage">enisa:outages="internet-outage"</h4>
<div class="paragraph">
<p>Internet outage</p>
</div>
<div class="paragraph">
<p>Unavailability of the Internet connection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaoutagesnetwork_outage">enisa:outages="network-outage"</h4>
<div class="paragraph">
<p>Network outage</p>
</div>
<div class="paragraph">
<p>Unavailability of communication links.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaoutagesoutage_of_cable_networks">enisa:outages="outage-of-cable-networks"</h4>
<div class="paragraph">
<p>Outage of cable networks</p>
</div>
<div class="paragraph">
<p>Threat of lack of communications links due to problems with cable network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaoutagesoutage_of_short_range_wireless_networks">enisa:outages="Outage-of-short-range-wireless-networks"</h4>
<div class="paragraph">
<p>Outage of short-range wireless networks</p>
</div>
<div class="paragraph">
<p>Threat of lack of communications links due to problems with wireless networks (802.11 networks, Bluetooth, NFC etc.).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaoutagesoutages_of_long_range_wireless_networks">enisa:outages="outages-of-long-range-wireless-networks"</h4>
<div class="paragraph">
<p>Outages of long-range wireless networks</p>
</div>
<div class="paragraph">
<p>Threat of lack of communications links due to problems with mobile networks like cellular network (3G, LTE, GSM etc.) or satellite links.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_eavesdropping_interception_hijacking">eavesdropping-interception-hijacking</h3>
<div class="paragraph">
<p>Threats that alter communication between two parties. These attacks do not have to install additional tools/software on a victim&#8217;s site.</p>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackingwar_driving">enisa:eavesdropping-interception-hijacking="war-driving"</h4>
<div class="paragraph">
<p>War driving</p>
</div>
<div class="paragraph">
<p>Threat of locating and possibly exploiting connection to the wireless network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackingintercepting_compromising_emissions">enisa:eavesdropping-interception-hijacking="intercepting-compromising-emissions"</h4>
<div class="paragraph">
<p>Intercepting compromising emissions</p>
</div>
<div class="paragraph">
<p>Threat of disclosure of transmitted information using interception and analysis of compromising emission.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackinginterception_of_information">enisa:eavesdropping-interception-hijacking="interception-of-information"</h4>
<div class="paragraph">
<p>Interception of information</p>
</div>
<div class="paragraph">
<p>Threat of interception of information which is improperly secured in transmission or by improper actions of staff.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackingcorporate_espionage">enisa:eavesdropping-interception-hijacking="corporate-espionage"</h4>
<div class="paragraph">
<p>Corporate espionage</p>
</div>
<div class="paragraph">
<p>Threat of obtaining information secrets by dishonest means.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackingnation_state_espionage">enisa:eavesdropping-interception-hijacking="nation-state-espionage"</h4>
<div class="paragraph">
<p>Nation state espionage</p>
</div>
<div class="paragraph">
<p>Threats of stealing information by nation state espionage (e.g. China based governmental espionage, NSA from USA).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackinginformation_leakage_due_to_unsecured_wi_fi_like_rogue_access_points">enisa:eavesdropping-interception-hijacking="information-leakage-due-to-unsecured-wi-fi-like-rogue-access-points"</h4>
<div class="paragraph">
<p>Information leakage due to unsecured Wi-Fi, rogue access points</p>
</div>
<div class="paragraph">
<p>Threat of obtaining important information by insecure network rogue access points etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackinginterfering_radiation">enisa:eavesdropping-interception-hijacking="interfering-radiation"</h4>
<div class="paragraph">
<p>Interfering radiation</p>
</div>
<div class="paragraph">
<p>Threat of failure of IT hardware or transmission connection due to electromagnetic induction or electromagnetic radiation emitted by an outside source.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackingreplay_of_messages">enisa:eavesdropping-interception-hijacking="replay-of-messages"</h4>
<div class="paragraph">
<p>Replay of messages</p>
</div>
<div class="paragraph">
<p>Threat in which valid data transmission is maliciously or fraudulently repeated or delayed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackingnetwork_reconnaissance_network_traffic_manipulation_and_information_gathering">enisa:eavesdropping-interception-hijacking="network-reconnaissance-network-traffic-manipulation-and-information-gathering"</h4>
<div class="paragraph">
<p>Network Reconnaissance, Network traffic manipulation and Information gathering</p>
</div>
<div class="paragraph">
<p>Threat of identifying information about a network to find security weaknesses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisaeavesdropping_interception_hijackingman_in_the_middle_session_hijacking">enisa:eavesdropping-interception-hijacking="man-in-the-middle-session-hijacking"</h4>
<div class="paragraph">
<p>Man in the middle/ Session hijacking</p>
</div>
<div class="paragraph">
<p>Threats that relay or alter communication between two parties.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_legal">legal</h3>
<div class="paragraph">
<p>Threat of financial or legal penalty or loss of trust of customers and collaborators due to legislation.</p>
</div>
<div class="sect3">
<h4 id="_enisalegalviolation_of_rules_and_regulations_breach_of_legislation">enisa:legal="violation-of-rules-and-regulations-breach-of-legislation"</h4>
<div class="paragraph">
<p>Violation of rules and regulations / Breach of legislation</p>
</div>
<div class="paragraph">
<p>Threat of financial or legal penalty or loss of trust of customers and collaborators due to violation of law or regulations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisalegalfailure_to_meet_contractual_requirements">enisa:legal="failure-to-meet-contractual-requirements"</h4>
<div class="paragraph">
<p>Failure to meet contractual requirements</p>
</div>
<div class="paragraph">
<p>Threat of financial penalty or loss of trust of customers and collaborators due to failure to meet contractual requirements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisalegalfailure_to_meet_contractual_requirements_by_third_party">enisa:legal="failure-to-meet-contractual-requirements-by-third-party"</h4>
<div class="paragraph">
<p>Failure to meet contractual requirements by third party</p>
</div>
<div class="paragraph">
<p>Threat of financial penalty or loss of trust of customers and collaborators due to a third party&#8217;s failure to meet contractual requirements</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisalegalunauthorized_use_of_ipr_protected_resources">enisa:legal="unauthorized-use-of-IPR-protected-resources"</h4>
<div class="paragraph">
<p>Unauthorized use of IPR protected resources</p>
</div>
<div class="paragraph">
<p>Threat of financial or legal penalty or loss of trust of customers and collaborators due to improper/illegal use of IPR protected material (IPR- Intellectual Property Rights.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisalegalillegal_usage_of_file_sharing_services">enisa:legal="illegal-usage-of-file-sharing-services"</h4>
<div class="paragraph">
<p>Illegal usage of File Sharing services</p>
</div>
<div class="paragraph">
<p>Threat of financial or legal penalty or loss of trust of customers and collaborators due to improper/illegal use of file sharing services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisalegalabuse_of_personal_data">enisa:legal="abuse-of-personal-data"</h4>
<div class="paragraph">
<p>Abuse of personal data</p>
</div>
<div class="paragraph">
<p>Threat of illegal use of personal data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisalegaljudiciary_decisions_or_court_order">enisa:legal="judiciary-decisions-or-court-order"</h4>
<div class="paragraph">
<p>Judiciary decisions/court order</p>
</div>
<div class="paragraph">
<p>Threat of financial or legal penalty or loss of trust of customers and collaborators due to judiciary decisions/court order.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nefarious_activity_abuse">nefarious-activity-abuse</h3>
<div class="paragraph">
<p>Threats of nefarious activities that require use of tools by the attacker. These attacks require installation of additional tools/software or performing additional steps on the victim&#8217;s IT infrastructure/software.</p>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseidentity_theft_identity_fraud_account">enisa:nefarious-activity-abuse="identity-theft-identity-fraud-account)"</h4>
<div class="paragraph">
<p>Identity theft (Identity Fraud/ Account)</p>
</div>
<div class="paragraph">
<p>Threat of identity theft action.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusecredentials_stealing_trojans">enisa:nefarious-activity-abuse="credentials-stealing-trojans"</h4>
<div class="paragraph">
<p>Credentials-stealing trojans</p>
</div>
<div class="paragraph">
<p>Threat of identity theft action by malware computer programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusereceiving_unsolicited_e_mail">enisa:nefarious-activity-abuse="receiving-unsolicited-e-mail"</h4>
<div class="paragraph">
<p>Receiving unsolicited E-mail</p>
</div>
<div class="paragraph">
<p>Threat of receiving unsolicited email which affects information security and efficiency.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusespam">enisa:nefarious-activity-abuse="spam"</h4>
<div class="paragraph">
<p>SPAM</p>
</div>
<div class="paragraph">
<p>Threat of receiving unsolicited, undesired, or illegal email messages.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseunsolicited_infected_e_mails">enisa:nefarious-activity-abuse="unsolicited-infected-e-mails"</h4>
<div class="paragraph">
<p>Unsolicited infected e-mails</p>
</div>
<div class="paragraph">
<p>Threat emanating from unwanted emails that may contain infected attachments or links to malicious / infected web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusedenial_of_service">enisa:nefarious-activity-abuse="denial-of-service"</h4>
<div class="paragraph">
<p>Denial of service</p>
</div>
<div class="paragraph">
<p>Threat of service unavailability due to massive requests for services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusedistributed_denial_of_network_service_network_layer_attack">enisa:nefarious-activity-abuse="distributed-denial-of-network-service-network-layer-attack"</h4>
<div class="paragraph">
<p>Distributed denial of network service (DDoS) (network layer attack i.e. Protocol exploitation / Malformed packets / Flooding / Spoofing)</p>
</div>
<div class="paragraph">
<p>Threat of service unavailability due to a massive number of requests for access to network services from malicious clients.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusedistributed_denial_of_network_service_application_layer_attack">enisa:nefarious-activity-abuse="distributed-denial-of-network-service-application-layer-attack"</h4>
<div class="paragraph">
<p>Distributed denial of application service (DDoS) (application layer attack i.e. Ping of Death / XDoS / WinNuke / HTTP Floods)</p>
</div>
<div class="paragraph">
<p>Threat of service unavailability due to massive requests sent by multiple malicious clients.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusedistributed_denial_of_network_service_amplification_reflection_attack">enisa:nefarious-activity-abuse="distributed-denial-of-network-service-amplification-reflection-attack"</h4>
<div class="paragraph">
<p>Distributed DoS (DDoS) to both network and application services (amplification/reflection methods i.e. NTP/ DNS /&#8230;&#8203;/ BitTorrent)</p>
</div>
<div class="paragraph">
<p>Threat of creating a massive number of requests, using multiplication/amplification methods.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusemalicious_code_software_activity">enisa:nefarious-activity-abuse="malicious-code-software-activity"</h4>
<div class="paragraph">
<p>Malicious code/ software/ activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusesearch_engine_poisoning">enisa:nefarious-activity-abuse="search-engine-poisoning"</h4>
<div class="paragraph">
<p>Search Engine Poisoning</p>
</div>
<div class="paragraph">
<p>Threat of deliberate manipulation of search engine indexes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseexploitation_of_fake_trust_of_social_media">enisa:nefarious-activity-abuse="exploitation-of-fake-trust-of-social-media"</h4>
<div class="paragraph">
<p>Exploitation of fake trust of social media</p>
</div>
<div class="paragraph">
<p>Threat of malicious activities making use of trusted social media.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseworms_trojans">enisa:nefarious-activity-abuse="worms-trojans"</h4>
<div class="paragraph">
<p>Worms/ Trojans</p>
</div>
<div class="paragraph">
<p>Threat of malware computer programs (trojans/worms).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuserootkits">enisa:nefarious-activity-abuse="rootkits"</h4>
<div class="paragraph">
<p>Rootkits</p>
</div>
<div class="paragraph">
<p>Threat of stealthy types of malware software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusemobile_malware">enisa:nefarious-activity-abuse="mobile-malware"</h4>
<div class="paragraph">
<p>Mobile malware</p>
</div>
<div class="paragraph">
<p>Threat of mobile malware programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseinfected_trusted_mobile_apps">enisa:nefarious-activity-abuse="infected-trusted-mobile-apps"</h4>
<div class="paragraph">
<p>Infected trusted mobile apps</p>
</div>
<div class="paragraph">
<p>Threat of using mobile malware software that is recognised as trusted one.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseelevation_of_privileges">enisa:nefarious-activity-abuse="elevation-of-privileges"</h4>
<div class="paragraph">
<p>Elevation of privileges</p>
</div>
<div class="paragraph">
<p>Threat of exploiting bugs, design flaws or configuration oversights in an operating system or software application to gain elevated access to resources.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseweb_application_attacks_injection_attacks_code_injection_sql_xss">enisa:nefarious-activity-abuse="web-application-attacks-injection-attacks-code-injection-SQL-XSS"</h4>
<div class="paragraph">
<p>Web application attacks / injection attacks (Code injection: SQL, XSS)</p>
</div>
<div class="paragraph">
<p>Threat of utilizing custom web applications embedded within social media sites, which can lead to installation of malicious code onto computers to be used to gain unauthorized access.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusespyware_or_deceptive_adware">enisa:nefarious-activity-abuse="spyware-or-deceptive-adware"</h4>
<div class="paragraph">
<p>Spyware or deceptive adware</p>
</div>
<div class="paragraph">
<p>Threat of using software that aims to gather information about a person or organization without their knowledge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseviruses">enisa:nefarious-activity-abuse="viruses"</h4>
<div class="paragraph">
<p>Viruses</p>
</div>
<div class="paragraph">
<p>Threat of infection by viruses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuserogue_security_software_rogueware_scareware">enisa:nefarious-activity-abuse="rogue-security-software-rogueware-scareware"</h4>
<div class="paragraph">
<p>Rogue security software/ Rogueware / Scareware</p>
</div>
<div class="paragraph">
<p>Threat of internet fraud or malicious software that mislead users into believing there is a virus on their computer, and manipulates them to pay money for fake removal tool.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseransomware">enisa:nefarious-activity-abuse="ransomware"</h4>
<div class="paragraph">
<p>Ransomware</p>
</div>
<div class="paragraph">
<p>Threat of infection of computer system or device by malware that restricts access to it and demands that the user pay a ransom to remove the restriction.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseexploits_exploit_kits">enisa:nefarious-activity-abuse="exploits-exploit-kits"</h4>
<div class="paragraph">
<p>Exploits/Exploit Kits</p>
</div>
<div class="paragraph">
<p>Threat to IT assets due to the use of web available exploits or exploits software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusesocial_engineering">enisa:nefarious-activity-abuse="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
<div class="paragraph">
<p>Threat of social engineering type attacks (target: manipulation of personnel behaviour).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusephishing_attacks">enisa:nefarious-activity-abuse="phishing-attacks"</h4>
<div class="paragraph">
<p>Phishing attacks</p>
</div>
<div class="paragraph">
<p>Threat of an email fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusespear_phishing_attacks">enisa:nefarious-activity-abuse="spear-phishing-attacks"</h4>
<div class="paragraph">
<p>Spear phishing attacks</p>
</div>
<div class="paragraph">
<p>Spear-phishing is a targeted e-mail message that has been crafted to create fake trust and thus lure the victim to unveil some business or personal secrets that can be abused by the adversary.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseabuse_of_information_leakage">enisa:nefarious-activity-abuse="abuse-of-information-leakage"</h4>
<div class="paragraph">
<p>Abuse of Information Leakage</p>
</div>
<div class="paragraph">
<p>Threat of leaking important information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseleakage_affecting_mobile_privacy_and_mobile_applications">enisa:nefarious-activity-abuse="leakage-affecting-mobile-privacy-and-mobile-applications"</h4>
<div class="paragraph">
<p>Leakage affecting mobile privacy and mobile applications</p>
</div>
<div class="paragraph">
<p>Threat of leaking important information due to using malware mobile applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseleakage_affecting_web_privacy_and_web_applications">enisa:nefarious-activity-abuse="leakage-affecting-web-privacy-and-web-applications"</h4>
<div class="paragraph">
<p>Leakage affecting web privacy and web applications</p>
</div>
<div class="paragraph">
<p>Threat of leakage important information due to using malware web applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseleakage_affecting_network_traffic">enisa:nefarious-activity-abuse="leakage-affecting-network-traffic"</h4>
<div class="paragraph">
<p>Leakage affecting network traffic</p>
</div>
<div class="paragraph">
<p>Threat of leaking important information in network traffic.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseleakage_affecting_cloud_computing">enisa:nefarious-activity-abuse="leakage-affecting-cloud-computing"</h4>
<div class="paragraph">
<p>Leakage affecting cloud computing</p>
</div>
<div class="paragraph">
<p>Threat of leaking important information in cloud computing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusegeneration_and_use_of_rogue_certificates">enisa:nefarious-activity-abuse="generation-and-use-of-rogue-certificates"</h4>
<div class="paragraph">
<p>Generation and use of rogue certificates</p>
</div>
<div class="paragraph">
<p>Threat of use of rogue certificates.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseloss_of_integrity_of_sensitive_information">enisa:nefarious-activity-abuse="loss-of-integrity-of-sensitive-information"</h4>
<div class="paragraph">
<p>Loss of (integrity of) sensitive information</p>
</div>
<div class="paragraph">
<p>Threat of loss of sensitive information due to loss of integrity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseman_in_the_middle_session_hijacking">enisa:nefarious-activity-abuse="man-in-the-middle-session-hijacking"</h4>
<div class="paragraph">
<p>Man in the middle / Session hijacking</p>
</div>
<div class="paragraph">
<p>Threat of attack consisting in the exploitation of the web session control mechanism, which is normally managed by a session token.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusesocial_engineering_via_signed_malware">enisa:nefarious-activity-abuse="social-engineering-via-signed-malware"</h4>
<div class="paragraph">
<p>Social Engineering / signed malware</p>
</div>
<div class="paragraph">
<p>Threat of install fake trust signed software (malware) e.g. fake OS updates.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusefake_ssl_certificates">enisa:nefarious-activity-abuse="fake-SSL-certificates"</h4>
<div class="paragraph">
<p>Fake SSL certificates</p>
</div>
<div class="paragraph">
<p>Threat of attack due to malware application signed by a certificate that is typically inherently trusted by an endpoint.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusemanipulation_of_hardware_and_software">enisa:nefarious-activity-abuse="manipulation-of-hardware-and-software"</h4>
<div class="paragraph">
<p>Manipulation of hardware and software</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised manipulation of hardware and software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseanonymous_proxies">enisa:nefarious-activity-abuse="anonymous-proxies"</h4>
<div class="paragraph">
<p>Anonymous proxies</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised manipulation by anonymous proxies.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseabuse_of_computing_power_of_cloud_to_launch_attacks_cybercrime_as_a_service">enisa:nefarious-activity-abuse="abuse-of-computing-power-of-cloud-to-launch-attacks-cybercrime-as-a-service)"</h4>
<div class="paragraph">
<p>Abuse of computing power of cloud to launch attacks (cybercrime as a service)</p>
</div>
<div class="paragraph">
<p>Threat of using large computing powers to generate attacks on demand.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseabuse_of_vulnerabilities_0_day_vulnerabilities">enisa:nefarious-activity-abuse="abuse-of-vulnerabilities-0-day-vulnerabilities"</h4>
<div class="paragraph">
<p>Abuse of vulnerabilities, 0-day vulnerabilities</p>
</div>
<div class="paragraph">
<p>Threat of attacks using 0-day or known IT assets vulnerabilities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseaccess_of_web_sites_through_chains_of_http_proxies_obfuscation">enisa:nefarious-activity-abuse="access-of-web-sites-through-chains-of-HTTP-Proxies-Obfuscation"</h4>
<div class="paragraph">
<p>Access of web sites through chains of HTTP Proxies (Obfuscation)</p>
</div>
<div class="paragraph">
<p>Threat of bypassing the security mechanism using HTTP proxies (bypassing the website blacklist).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseaccess_to_device_software">enisa:nefarious-activity-abuse="access-to-device-software"</h4>
<div class="paragraph">
<p>Access to device software</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised manipulation by access to device software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusealternation_of_software">enisa:nefarious-activity-abuse="alternation-of-software"</h4>
<div class="paragraph">
<p>Alternation of software</p>
</div>
<div class="paragraph">
<p>Threat of unauthorized modifications to code or data, attacking its integrity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuserogue_hardware">enisa:nefarious-activity-abuse="rogue-hardware"</h4>
<div class="paragraph">
<p>Rogue hardware</p>
</div>
<div class="paragraph">
<p>Threat of manipulation due to unauthorized access to hardware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusemanipulation_of_information">enisa:nefarious-activity-abuse="manipulation-of-information"</h4>
<div class="paragraph">
<p>Manipulation of information</p>
</div>
<div class="paragraph">
<p>Threat of intentional data manipulation to mislead information systems or somebody or to cover other nefarious activities (loss of integrity of information).</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuserepudiation_of_actions">enisa:nefarious-activity-abuse="repudiation-of-actions"</h4>
<div class="paragraph">
<p>Repudiation of actions</p>
</div>
<div class="paragraph">
<p>Threat of intentional data manipulation to repudiate action.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseaddress_space_hijacking_ip_prefixes">enisa:nefarious-activity-abuse="address-space-hijacking-IP-prefixes"</h4>
<div class="paragraph">
<p>Address space hijacking (IP prefixes)</p>
</div>
<div class="paragraph">
<p>Threat of the illegitimate takeover of groups of IP addresses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuserouting_table_manipulation">enisa:nefarious-activity-abuse="routing-table-manipulation"</h4>
<div class="paragraph">
<p>Routing table manipulation</p>
</div>
<div class="paragraph">
<p>Threat of route packets of network to IP addresses other than that was intended via sender by unauthorised manipulation of routing table.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusedns_poisoning_or_dns_spoofing_or_dns_manipulations">enisa:nefarious-activity-abuse="DNS-poisoning-or-DNS-spoofing-or-DNS-Manipulations"</h4>
<div class="paragraph">
<p>DNS poisoning / DNS spoofing / DNS Manipulations</p>
</div>
<div class="paragraph">
<p>Threat of falsification of DNS information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusefalsification_of_record">enisa:nefarious-activity-abuse="falsification-of-record"</h4>
<div class="paragraph">
<p>Falsification of record</p>
</div>
<div class="paragraph">
<p>Threat of intentional data manipulation to falsify records.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseautonomous_system_hijacking">enisa:nefarious-activity-abuse="autonomous-system-hijacking"</h4>
<div class="paragraph">
<p>Autonomous System hijacking</p>
</div>
<div class="paragraph">
<p>Threat of overtaking by the attacker the ownership of a whole autonomous system and its prefixes despite origin validation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseautonomous_system_manipulation">enisa:nefarious-activity-abuse="autonomous-system-manipulation"</h4>
<div class="paragraph">
<p>Autonomous System manipulation</p>
</div>
<div class="paragraph">
<p>Threat of manipulation by the attacker of a whole autonomous system in order to perform malicious actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusefalsification_of_configurations">enisa:nefarious-activity-abuse="falsification-of-configurations"</h4>
<div class="paragraph">
<p>Falsification of configurations</p>
</div>
<div class="paragraph">
<p>Threat of intentional manipulation due to falsification of configurations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusemisuse_of_audit_tools">enisa:nefarious-activity-abuse="misuse-of-audit-tools"</h4>
<div class="paragraph">
<p>Misuse of audit tools</p>
</div>
<div class="paragraph">
<p>Threat of nefarious actions performed using audit tools (discovery of security weaknesses in information systems)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusemisuse_of_information_or_information_systems_including_mobile_apps">enisa:nefarious-activity-abuse="misuse-of-information-or-information systems-including-mobile-apps"</h4>
<div class="paragraph">
<p>Misuse of information/ information systems (including mobile apps)</p>
</div>
<div class="paragraph">
<p>Threat of nefarious action due to misuse of information / information systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseunauthorized_activities">enisa:nefarious-activity-abuse="unauthorized-activities"</h4>
<div class="paragraph">
<p>Unauthorized activities</p>
</div>
<div class="paragraph">
<p>Threat of nefarious action due to unauthorised activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseunauthorised_use_or_administration_of_devices_and_systems">enisa:nefarious-activity-abuse="Unauthorised-use-or-administration-of-devices-and-systems"</h4>
<div class="paragraph">
<p>Unauthorised use or administration of devices and systems</p>
</div>
<div class="paragraph">
<p>Threat of nefarious action due to unauthorised use of devices and systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseunauthorised_use_of_software">enisa:nefarious-activity-abuse="unauthorised-use-of-software"</h4>
<div class="paragraph">
<p>Unauthorised use of software</p>
</div>
<div class="paragraph">
<p>Threat of nefarious action due to unauthorised use of software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseunauthorized_access_to_the_information_systems_or_networks_like_impi_protocol_dns_registrar_hijacking">enisa:nefarious-activity-abuse="unauthorized-access-to-the-information-systems-or-networks-like-IMPI-Protocol-DNS-Registrar-Hijacking)"</h4>
<div class="paragraph">
<p>Unauthorized access to the information systems-or-networks (IMPI Protocol / DNS Registrar Hijacking)</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised access to the information systems / network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusenetwork_intrusion">enisa:nefarious-activity-abuse="network-intrusion"</h4>
<div class="paragraph">
<p>Network Intrusion</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised access to network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseunauthorized_changes_of_records">enisa:nefarious-activity-abuse="unauthorized-changes-of-records"</h4>
<div class="paragraph">
<p>Unauthorized changes of records</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised changes of information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseunauthorized_installation_of_software">enisa:nefarious-activity-abuse="unauthorized-installation-of-software"</h4>
<div class="paragraph">
<p>Unauthorized installation of software</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised installation of software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseweb_based_attacks_drive_by_download_or_malicious_urls_or_browser_based_attacks">enisa:nefarious-activity-abuse="Web-based-attacks-drive-by-download-or-malicious-URLs-or-browser-based-attacks"</h4>
<div class="paragraph">
<p>Web based attacks (Drive-by download / malicious URLs / Browser based attacks)</p>
</div>
<div class="paragraph">
<p>Threat of installation of unwanted malware software by misusing websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusecompromising_confidential_information_like_data_breaches">enisa:nefarious-activity-abuse="compromising-confidential-information-like-data-breaches"</h4>
<div class="paragraph">
<p>Compromising confidential information (data breaches)</p>
</div>
<div class="paragraph">
<p>Threat of data breach.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusehoax">enisa:nefarious-activity-abuse="hoax"</h4>
<div class="paragraph">
<p>Hoax</p>
</div>
<div class="paragraph">
<p>Threat of loss of IT assets security due to cheating.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusefalse_rumour_and_or_fake_warning">enisa:nefarious-activity-abuse="false-rumour-and-or-fake-warning"</h4>
<div class="paragraph">
<p>False rumour and/or fake warning</p>
</div>
<div class="paragraph">
<p>Threat of disruption of work due to rumours and/or a fake warning.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseremote_activity_execution">enisa:nefarious-activity-abuse="remote-activity-execution"</h4>
<div class="paragraph">
<p>Remote activity (execution)</p>
</div>
<div class="paragraph">
<p>Threat of nefarious action by attacker remote activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseremote_command_execution">enisa:nefarious-activity-abuse="remote-command-execution"</h4>
<div class="paragraph">
<p>Remote Command Execution</p>
</div>
<div class="paragraph">
<p>Threat of nefarious action due to remote command execution.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseremote_access_tool">enisa:nefarious-activity-abuse="remote-access-tool"</h4>
<div class="paragraph">
<p>Remote Access Tool (RAT)</p>
</div>
<div class="paragraph">
<p>Threat of infection of software that has a remote administration capabilities allowing an attacker to control the victim&#8217;s computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusebotnets_remote_activity">enisa:nefarious-activity-abuse="botnets-remote-activity"</h4>
<div class="paragraph">
<p>Botnets / Remote activity</p>
</div>
<div class="paragraph">
<p>Threat of penetration by software from malware distribution.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusetargeted_attacks">enisa:nefarious-activity-abuse="targeted-attacks"</h4>
<div class="paragraph">
<p>Targeted attacks (APTs etc.)</p>
</div>
<div class="paragraph">
<p>Threat of sophisticated, targeted attack which combine many attack techniques.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusemobile_malware_exfiltration">enisa:nefarious-activity-abuse="mobile-malware-exfiltration"</h4>
<div class="paragraph">
<p>Mobile malware (exfiltration)</p>
</div>
<div class="paragraph">
<p>Threat of mobile software that aims to gather information about a person or organization without their knowledge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusespear_phishing_attacks_targeted">enisa:nefarious-activity-abuse="spear-phishing-attacks-targeted"</h4>
<div class="paragraph">
<p>Spear phishing attacks (targeted)</p>
</div>
<div class="paragraph">
<p>Threat of attack focused on a single user or department within an organization, coming from someone within the company in a position of trust and requesting information such as login, IDs and passwords.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseinstallation_of_sophisticated_and_targeted_malware">enisa:nefarious-activity-abuse="installation-of-sophisticated-and-targeted-malware"</h4>
<div class="paragraph">
<p>Installation of sophisticated and targeted malware</p>
</div>
<div class="paragraph">
<p>Threat of malware delivered by sophisticated and targeted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusewatering_hole_attacks">enisa:nefarious-activity-abuse="watering-hole-attacks"</h4>
<div class="paragraph">
<p>Watering Hole attacks</p>
</div>
<div class="paragraph">
<p>Threat of malware residing on the websites which a group often uses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusefailed_business_process">enisa:nefarious-activity-abuse="failed-business-process"</h4>
<div class="paragraph">
<p>Failed business process</p>
</div>
<div class="paragraph">
<p>Threat of damage or loss of IT assets due to improperly executed business process.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abusebrute_force">enisa:nefarious-activity-abuse="brute-force"</h4>
<div class="paragraph">
<p>Brute force</p>
</div>
<div class="paragraph">
<p>Threat of unauthorised access via systematically checking all possible keys or passwords until the correct one is found.</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisanefarious_activity_abuseabuse_of_authorizations">enisa:nefarious-activity-abuse="abuse-of-authorizations"</h4>
<div class="paragraph">
<p>Abuse of authorizations</p>
</div>
<div class="paragraph">
<p>Threat of using authorised access to perform illegitimate actions.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_estimative_language">estimative-language</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
estimative-language namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/estimative-language/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence</p>
</div>
<div class="sect2">
<h3 id="_likelihood_probability">likelihood-probability</h3>
<div class="paragraph">
<p>Properly expresses and explains uncertainties associated with major analytic judgments: Analytic products should indicate and explain the basis for the uncertainties associated with major analytic judgments, specifically the likelihood of occurrence of an event or development, and the analyst&#8217;s confidence in the basis for this judgment. Degrees of likelihood encompass a full spectrum from remote to nearly certain. Analysts' confidence in an assessment or judgment may be based on the logic and evidentiary base that underpin it, including the quantity and quality of source material, and their understanding of the topic. Analytic products should note causes of uncertainty (e.g., type, currency, and amount of information, knowledge gaps, and the nature of the issue) and explain how uncertainties affect analysis (e.g., to what degree and how a judgment depends on assumptions). As appropriate, products should identify indicators that would alter the levels of uncertainty for major analytic judgments. Consistency in the terms used and the supporting information and logic advanced is critical to success in expressing uncertainty, regardless of whether likelihood or confidence expressions are used.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_estimative_languagelikelihood_probabilityalmost_no_chance">estimative-language:likelihood-probability="almost-no-chance"</h4>
<div class="paragraph">
<p>Almost no chance - remote - 01-05%</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languagelikelihood_probabilityvery_unlikely">estimative-language:likelihood-probability="very-unlikely"</h4>
<div class="paragraph">
<p>Very unlikely - highly improbable - 05-20%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languagelikelihood_probabilityunlikely">estimative-language:likelihood-probability="unlikely"</h4>
<div class="paragraph">
<p>Unlikely - improbable (improbably) - 20-45%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languagelikelihood_probabilityroughly_even_chance">estimative-language:likelihood-probability="roughly-even-chance"</h4>
<div class="paragraph">
<p>Roughly even change - roughly even odds - 45-55%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="45"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languagelikelihood_probabilitylikely">estimative-language:likelihood-probability="likely"</h4>
<div class="paragraph">
<p>Likely - probable (probably) - 55-80%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="55"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languagelikelihood_probabilityvery_likely">estimative-language:likelihood-probability="very-likely"</h4>
<div class="paragraph">
<p>Very likely - highly probable - 80-95%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languagelikelihood_probabilityalmost_certain">estimative-language:likelihood-probability="almost-certain"</h4>
<div class="paragraph">
<p>Almost certain(ly) - nearly certain - 95-99%</p>
</div>
<div class="paragraph">
<p>Associated numerical value="95"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confidence_in_analytic_judgment">confidence-in-analytic-judgment</h3>
<div class="paragraph">
<p>Confidence in a judgment is based on three factors: number of key assumptions required, the credibility and diversity of sourcing in the knowledge base, and the strength of argumentation. Each factor should be assessed independently and then in concert with the other factors to determine the confidence level. Multiple judgments in a product may contain varying levels of confidence. Confidence levels are stated as Low, Moderate, and High.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_estimative_languageconfidence_in_analytic_judgmentlow">estimative-language:confidence-in-analytic-judgment="low"</h4>
<div class="paragraph">
<p>Low</p>
</div>
<div class="paragraph">
<p>Uncorroborated information from good or marginal sources. Many assumptions. Mostly weak logical inferences, minimal methods application. Glaring intelligence gaps exist. Terms or expressions used: 'Possible', 'Could, may, might', 'Cannot judge, unclear.'</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languageconfidence_in_analytic_judgmentmoderate">estimative-language:confidence-in-analytic-judgment="moderate"</h4>
<div class="paragraph">
<p>Moderate</p>
</div>
<div class="paragraph">
<p>Partially corroborated information from good sources. Several assumptions. Mix of strong and weak inferences and methods. Minimum intelligence gaps exist. Terms or expressions used: 'Likely, unlikely', 'Probable, improbable' 'Anticipate, appear'.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="55"</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_languageconfidence_in_analytic_judgmenthigh">estimative-language:confidence-in-analytic-judgment="high"</h4>
<div class="paragraph">
<p>High</p>
</div>
<div class="paragraph">
<p>Well-corroborated information from proven sources. Minimal assumptions. Strong logical inferences and methods. No or minor intelligence gaps exist. Terms or expressions used: 'Will, will not', 'Almost certainly, remote', 'Highly likely, highly unlikely', 'Expect, assert, affirm'.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="95"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_eu_marketop_and_publicadmin">eu-marketop-and-publicadmin</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
eu-marketop-and-publicadmin namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/eu-marketop-and-publicadmin/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Market operators and public administrations that must comply to some notifications requirements under EU NIS directive</p>
</div>
<div class="sect2">
<h3 id="_critical_infra_operators">critical-infra-operators</h3>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmincritical_infra_operatorstransport">eu-marketop-and-publicadmin:critical-infra-operators="transport"</h4>
<div class="paragraph">
<p>Transport</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmincritical_infra_operatorsenergy">eu-marketop-and-publicadmin:critical-infra-operators="energy"</h4>
<div class="paragraph">
<p>Energy</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmincritical_infra_operatorshealth">eu-marketop-and-publicadmin:critical-infra-operators="health"</h4>
<div class="paragraph">
<p>Health</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmincritical_infra_operatorsfinancial">eu-marketop-and-publicadmin:critical-infra-operators="financial"</h4>
<div class="paragraph">
<p>Financial market operators</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmincritical_infra_operatorsbanking">eu-marketop-and-publicadmin:critical-infra-operators="banking"</h4>
<div class="paragraph">
<p>Banking</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_info_services">info-services</h3>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmininfo_servicese_commerce">eu-marketop-and-publicadmin:info-services="e-commerce"</h4>
<div class="paragraph">
<p>e-commerce platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmininfo_servicesinternet_payment">eu-marketop-and-publicadmin:info-services="internet-payment"</h4>
<div class="paragraph">
<p>Internet payment</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmininfo_servicescloud">eu-marketop-and-publicadmin:info-services="cloud"</h4>
<div class="paragraph">
<p>cloud computing</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmininfo_servicessearch_engines">eu-marketop-and-publicadmin:info-services="search-engines"</h4>
<div class="paragraph">
<p>search engines</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmininfo_servicessocnet">eu-marketop-and-publicadmin:info-services="socnet"</h4>
<div class="paragraph">
<p>social networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmininfo_servicesapp_stores">eu-marketop-and-publicadmin:info-services="app-stores"</h4>
<div class="paragraph">
<p>application stores</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_public_admin">public-admin</h3>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadminpublic_adminpublic_admin">eu-marketop-and-publicadmin:public-admin="public-admin"</h4>
<div class="paragraph">
<p>Public Administrations</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_eu_nis_sector_and_subsectors">eu-nis-sector-and-subsectors</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
eu-nis-sector-and-subsectors namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/eu-nis-sector-and-subsectors/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Sectors, subsectors, and digital services as identified by the NIS Directive</p>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes">eu-nis-oes</h3>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oesenergy">eu-nis-sector-and-subsectors:eu-nis-oes="energy"</h4>
<div class="paragraph">
<p>Energy</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oestransport">eu-nis-sector-and-subsectors:eu-nis-oes="transport"</h4>
<div class="paragraph">
<p>Transport</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oesbanking">eu-nis-sector-and-subsectors:eu-nis-oes="banking"</h4>
<div class="paragraph">
<p>Banking</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oesfinancial">eu-nis-sector-and-subsectors:eu-nis-oes="financial"</h4>
<div class="paragraph">
<p>Financial Market Infrastructures</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oeshealth">eu-nis-sector-and-subsectors:eu-nis-oes="health"</h4>
<div class="paragraph">
<p>Health</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oeswater">eu-nis-sector-and-subsectors:eu-nis-oes="water"</h4>
<div class="paragraph">
<p>Drinking Water Supply and Distribution</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oesdigitalinfrastructure">eu-nis-sector-and-subsectors:eu-nis-oes="digitalinfrastructure"</h4>
<div class="paragraph">
<p>Digital Infrastructure</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes_energy">eu-nis-oes-energy</h3>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oes_energyelectricity_energy">eu-nis-sector-and-subsectors:eu-nis-oes-energy="electricity-energy"</h4>
<div class="paragraph">
<p>Electricity Subsector</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oes_energyoil_energy">eu-nis-sector-and-subsectors:eu-nis-oes-energy="oil-energy"</h4>
<div class="paragraph">
<p>Oil Subsector</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oes_energygas_energy">eu-nis-sector-and-subsectors:eu-nis-oes-energy="gas-energy"</h4>
<div class="paragraph">
<p>Gas Subsector</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes_transport">eu-nis-oes-transport</h3>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oes_transportair_transport">eu-nis-sector-and-subsectors:eu-nis-oes-transport="air-transport"</h4>
<div class="paragraph">
<p>Air Transport Subsector</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oes_transportrail_transport">eu-nis-sector-and-subsectors:eu-nis-oes-transport="rail-transport"</h4>
<div class="paragraph">
<p>Rail Transport Subsector</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oes_transportwater_transport">eu-nis-sector-and-subsectors:eu-nis-oes-transport="water-transport"</h4>
<div class="paragraph">
<p>Water Transport Subsector</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_oes_transportroad_transport">eu-nis-sector-and-subsectors:eu-nis-oes-transport="road-transport"</h4>
<div class="paragraph">
<p>Road Transport Subsector</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes_banking">eu-nis-oes-banking</h3>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes_financial">eu-nis-oes-financial</h3>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes_health">eu-nis-oes-health</h3>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes_water">eu-nis-oes-water</h3>
</div>
<div class="sect2">
<h3 id="_eu_nis_oes_diginfra">eu-nis-oes-diginfra</h3>
</div>
<div class="sect2">
<h3 id="_eu_nis_dsp">eu-nis-dsp</h3>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_dspmarket_dsp">eu-nis-sector-and-subsectors:eu-nis-dsp="market-dsp"</h4>
<div class="paragraph">
<p>Online Marketplace Digital Service</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_dspsearch_dsp">eu-nis-sector-and-subsectors:eu-nis-dsp="search-dsp"</h4>
<div class="paragraph">
<p>Online Search Engine Digital Service</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_nis_sector_and_subsectorseu_nis_dspcloud_dsp">eu-nis-sector-and-subsectors:eu-nis-dsp="cloud-dsp"</h4>
<div class="paragraph">
<p>Cloud Computing Digital Service</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_euci">euci</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
euci namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/euci/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_ts_ueeu_ts">TS-UE/EU-TS</h3>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could cause exceptionally grave prejudice to the essential interests of the European Union or of one or more of the Member States.</p>
</div>
<div class="sect3">
<h4 id="_eucits_ueeu_ts">euci:TS-UE/EU-TS</h4>
<div class="paragraph">
<p>TRES SECRET UE/EU TOP SECRET</p>
</div>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could cause exceptionally grave prejudice to the essential interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_s_ueeu_s">S-UE/EU-S</h3>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could seriously harm the essential interests of the European Union or of one or more of the Member States.</p>
</div>
<div class="sect3">
<h4 id="_eucis_ueeu_s">euci:S-UE/EU-S</h4>
<div class="paragraph">
<p>SECRET UE/EU SECRET</p>
</div>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could seriously harm the essential interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_c_ueeu_c">C-UE/EU-C</h3>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could harm the essential interests of the European Union or of one or more of the Member States.</p>
</div>
<div class="sect3">
<h4 id="_eucic_ueeu_c">euci:C-UE/EU-C</h4>
<div class="paragraph">
<p>CONFIDENTIEL UE/EU CONFIDENTIAL</p>
</div>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could harm the essential interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_r_ueeu_r">R-UE/EU-R</h3>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States.</p>
</div>
<div class="sect3">
<h4 id="_eucir_ueeu_r">euci:R-UE/EU-R</h4>
<div class="paragraph">
<p>RESTREINT UE/EU RESTRICTED</p>
</div>
<div class="paragraph">
<p>Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_europol_event">europol-event</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
europol-event namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/europol-event/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>This taxonomy was designed to describe the type of events</p>
</div>
<div class="sect2">
<h3 id="_infected_by_known_malware">infected-by-known-malware</h3>
<div class="paragraph">
<p>The presence of any of the types of malware was detected in a system.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventinfected_by_known_malware">europol-event:infected-by-known-malware</h4>
<div class="paragraph">
<p>System(s) infected by known malware</p>
</div>
<div class="paragraph">
<p>The presence of any of the types of malware was detected in a system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dissemination_malware_email">dissemination-malware-email</h3>
<div class="paragraph">
<p>Malware attached to a message or email message containing link to malicious URL.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventdissemination_malware_email">europol-event:dissemination-malware-email</h4>
<div class="paragraph">
<p>Dissemination of malware by email</p>
</div>
<div class="paragraph">
<p>Malware attached to a message or email message containing link to malicious URL.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_hosting_malware_webpage">hosting-malware-webpage</h3>
<div class="literalblock">
<div class="content">
<pre>Web page disseminating one or various types of malware.</pre>
</div>
</div>
<div class="sect3">
<h4 id="_europol_eventhosting_malware_webpage">europol-event:hosting-malware-webpage</h4>
<div class="paragraph">
<p>Hosting of malware on web page</p>
</div>
<div class="literalblock">
<div class="content">
<pre>Web page disseminating one or various types of malware.</pre>
</div>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cc_server_hosting">c&amp;c-server-hosting</h3>
<div class="paragraph">
<p>Web page disseminating one or various types of malware.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventcc_server_hosting">europol-event:c&amp;c-server-hosting</h4>
<div class="paragraph">
<p>Hosting of malware on web page</p>
</div>
<div class="paragraph">
<p>Web page disseminating one or various types of malware.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_worm_spreading">worm-spreading</h3>
<div class="paragraph">
<p>System infected by a worm trying to infect other systems.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventworm_spreading">europol-event:worm-spreading</h4>
<div class="paragraph">
<p>Replication and spreading of a worm</p>
</div>
<div class="paragraph">
<p>System infected by a worm trying to infect other systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_connection_malware_port">connection-malware-port</h3>
<div class="paragraph">
<p>System attempting to gain access to a port normally linked to a specific type of malware.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventconnection_malware_port">europol-event:connection-malware-port</h4>
<div class="paragraph">
<p>Connection to (a) suspicious port(s) linked to specific malware</p>
</div>
<div class="paragraph">
<p>System attempting to gain access to a port normally linked to a specific type of malware.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_connection_malware_system">connection-malware-system</h3>
<div class="paragraph">
<p>System attempting to gain access to an IP address or URL normally linked to a specific type of malware, e.g. C&amp;C or a distribution page for components linked to a specific botnet.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventconnection_malware_system">europol-event:connection-malware-system</h4>
<div class="paragraph">
<p>Connection to (a) suspicious system(s) linked to specific malware</p>
</div>
<div class="paragraph">
<p>System attempting to gain access to an IP address or URL normally linked to a specific type of malware, e.g. C&amp;C or a distribution page for components linked to a specific botnet.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_flood">flood</h3>
<div class="paragraph">
<p>Mass mailing of requests (network packets, emails, etc&#8230;&#8203;) from one single source to a specific service, aimed at affecting its normal functioning.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventflood">europol-event:flood</h4>
<div class="paragraph">
<p>Flood of requests</p>
</div>
<div class="paragraph">
<p>Mass mailing of requests (network packets, emails, etc&#8230;&#8203;) from one single source to a specific service, aimed at affecting its normal functioning.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_tool_exhausting_resources">exploit-tool-exhausting-resources</h3>
<div class="paragraph">
<p>One single source using specially designed software to affect the normal functioning of a specific service, by exploiting a vulnerability.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventexploit_tool_exhausting_resources">europol-event:exploit-tool-exhausting-resources</h4>
<div class="paragraph">
<p>Exploit or tool aimed at exhausting resources (network, processing capacity, sessions, etc&#8230;&#8203;)</p>
</div>
<div class="paragraph">
<p>One single source using specially designed software to affect the normal functioning of a specific service, by exploiting a vulnerability.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_packet_flood">packet-flood</h3>
<div class="paragraph">
<p>Mass mailing of requests (network packets, emails, etc&#8230;&#8203;) from various sources to a specific service, aimed at affecting its normal functioning.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventpacket_flood">europol-event:packet-flood</h4>
<div class="paragraph">
<p>Packet flooding</p>
</div>
<div class="paragraph">
<p>Mass mailing of requests (network packets, emails, etc&#8230;&#8203;) from various sources to a specific service, aimed at affecting its normal functioning.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_framework_exhausting_resources">exploit-framework-exhausting-resources</h3>
<div class="paragraph">
<p>Various sources using specially designed software to affect the normal functioning of a specific service, by exploiting a vulnerability.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventexploit_framework_exhausting_resources">europol-event:exploit-framework-exhausting-resources</h4>
<div class="paragraph">
<p>Exploit or tool distribution aimed at exhausting resources</p>
</div>
<div class="paragraph">
<p>Various sources using specially designed software to affect the normal functioning of a specific service, by exploiting a vulnerability.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vandalism">vandalism</h3>
<div class="paragraph">
<p>Logical and physical activities which although they are not aimed at causing damage to information or at preventing its transmission among systems have this effect.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventvandalism">europol-event:vandalism</h4>
<div class="paragraph">
<p>Vandalism</p>
</div>
<div class="paragraph">
<p>Logical and physical activities which although they are not aimed at causing damage to information or at preventing its transmission among systems have this effect.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disruption_data_transmission">disruption-data-transmission</h3>
<div class="paragraph">
<p>Logical and physical activities aimed at causing damage to information or at preventing its transmission among systems.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventdisruption_data_transmission">europol-event:disruption-data-transmission</h4>
<div class="paragraph">
<p>Intentional disruption of data transmission and processing mechanisms</p>
</div>
<div class="paragraph">
<p>Logical and physical activities aimed at causing damage to information or at preventing its transmission among systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_system_probe">system-probe</h3>
<div class="paragraph">
<p>Single system scan searching for open ports or services using these ports for responding.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventsystem_probe">europol-event:system-probe</h4>
<div class="paragraph">
<p>System probe</p>
</div>
<div class="paragraph">
<p>Single system scan searching for open ports or services using these ports for responding.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_network_scanning">network-scanning</h3>
<div class="paragraph">
<p>Scanning a network aimed at identifying systems which are active in the same network.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventnetwork_scanning">europol-event:network-scanning</h4>
<div class="paragraph">
<p>Network scanning</p>
</div>
<div class="paragraph">
<p>Scanning a network aimed at identifying systems which are active in the same network.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dns_zone_transfer">dns-zone-transfer</h3>
<div class="paragraph">
<p>Transfer of a specific DNS zone.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventdns_zone_transfer">europol-event:dns-zone-transfer</h4>
<div class="paragraph">
<p>DNS zone transfer</p>
</div>
<div class="paragraph">
<p>Transfer of a specific DNS zone.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_wiretapping">wiretapping</h3>
<div class="paragraph">
<p>Logical or physical interception of communications.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventwiretapping">europol-event:wiretapping</h4>
<div class="paragraph">
<p>Wiretapping</p>
</div>
<div class="paragraph">
<p>Logical or physical interception of communications.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dissemination_phishing_emails">dissemination-phishing-emails</h3>
<div class="paragraph">
<p>Mass emailing aimed at collecting data for phishing purposes with regard to the victims.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventdissemination_phishing_emails">europol-event:dissemination-phishing-emails</h4>
<div class="paragraph">
<p>Dissemination of phishing emails</p>
</div>
<div class="paragraph">
<p>Mass emailing aimed at collecting data for phishing purposes with regard to the victims.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_hosting_phishing_sites">hosting-phishing-sites</h3>
<div class="paragraph">
<p>Hosting web sites for phishing purposes.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventhosting_phishing_sites">europol-event:hosting-phishing-sites</h4>
<div class="paragraph">
<p>Hosting phishing sites</p>
</div>
<div class="paragraph">
<p>Hosting web sites for phishing purposes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_aggregation_information_phishing_schemes">aggregation-information-phishing-schemes</h3>
<div class="paragraph">
<p>Collecting data obtained through phishing attacks on web pages, email accounts, etc&#8230;&#8203;</p>
</div>
<div class="sect3">
<h4 id="_europol_eventaggregation_information_phishing_schemes">europol-event:aggregation-information-phishing-schemes</h4>
<div class="paragraph">
<p>Aggregation of information gathered through phishing schemes</p>
</div>
<div class="paragraph">
<p>Collecting data obtained through phishing attacks on web pages, email accounts, etc&#8230;&#8203;</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_attempt">exploit-attempt</h3>
<div class="paragraph">
<p>Unsuccessful use of a tool exploiting a specific vulnerability of the system.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventexploit_attempt">europol-event:exploit-attempt</h4>
<div class="paragraph">
<p>Exploit attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful use of a tool exploiting a specific vulnerability of the system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sql_injection_attempt">sql-injection-attempt</h3>
<div class="paragraph">
<p>Unsuccessful attempt to manipulate or read the information of a database by using the SQL injection technique.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventsql_injection_attempt">europol-event:sql-injection-attempt</h4>
<div class="paragraph">
<p>SQL injection attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful attempt to manipulate or read the information of a database by using the SQL injection technique.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_xss_attempt">xss-attempt</h3>
<div class="paragraph">
<p>Unsuccessful attempts to perform attacks by using cross-site scripting techniques.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventxss_attempt">europol-event:xss-attempt</h4>
<div class="paragraph">
<p>XSS attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful attempts to perform attacks by using cross-site scripting techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_file_inclusion_attempt">file-inclusion-attempt</h3>
<div class="paragraph">
<p>Unsuccessful attempt to include files in the system under attack by using file inclusion techniques.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventfile_inclusion_attempt">europol-event:file-inclusion-attempt</h4>
<div class="paragraph">
<p>File inclusion attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful attempt to include files in the system under attack by using file inclusion techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_brute_force_attempt">brute-force-attempt</h3>
<div class="paragraph">
<p>Unsuccessful login attempt by using sequential credentials for gaining access to the system.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventbrute_force_attempt">europol-event:brute-force-attempt</h4>
<div class="paragraph">
<p>Brute force attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful login attempt by using sequential credentials for gaining access to the system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_password_cracking_attempt">password-cracking-attempt</h3>
<div class="paragraph">
<p>Attempt to acquire access credentials by breaking the protective cryptographic keys.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventpassword_cracking_attempt">europol-event:password-cracking-attempt</h4>
<div class="paragraph">
<p>Password cracking attempt</p>
</div>
<div class="paragraph">
<p>Attempt to acquire access credentials by breaking the protective cryptographic keys.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dictionary_attack_attempt">dictionary-attack-attempt</h3>
<div class="paragraph">
<p>Unsuccessful login attempt by using system access credentials previously loaded into a dictionary.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventdictionary_attack_attempt">europol-event:dictionary-attack-attempt</h4>
<div class="paragraph">
<p>Dictionary attack attempt</p>
</div>
<div class="paragraph">
<p>Unsuccessful login attempt by using system access credentials previously loaded into a dictionary.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit">exploit</h3>
<div class="paragraph">
<p>Successful use of a tool exploiting a specific vulnerability of the system.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventexploit">europol-event:exploit</h4>
<div class="paragraph">
<p>Use of a local or remote exploit</p>
</div>
<div class="paragraph">
<p>Successful use of a tool exploiting a specific vulnerability of the system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sql_injection">sql-injection</h3>
<div class="paragraph">
<p>Manipulation or reading of information contained in a database by using the SQL injection technique.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventsql_injection">europol-event:sql-injection</h4>
<div class="paragraph">
<p>SQL injection</p>
</div>
<div class="paragraph">
<p>Manipulation or reading of information contained in a database by using the SQL injection technique.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_xss_2">xss</h3>
<div class="paragraph">
<p>Attacks performed with the use of cross-site scripting techniques.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventxss">europol-event:xss</h4>
<div class="paragraph">
<p>XSS</p>
</div>
<div class="paragraph">
<p>Attacks performed with the use of cross-site scripting techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_file_inclusion">file-inclusion</h3>
<div class="paragraph">
<p>Inclusion of files into a system under attack with the use of file inclusion techniques.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventfile_inclusion">europol-event:file-inclusion</h4>
<div class="paragraph">
<p>File inclusion</p>
</div>
<div class="paragraph">
<p>Inclusion of files into a system under attack with the use of file inclusion techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_control_system_bypass">control-system-bypass</h3>
<div class="paragraph">
<p>Unauthorised access to a system or component by bypassing an access control system in place.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventcontrol_system_bypass">europol-event:control-system-bypass</h4>
<div class="paragraph">
<p>Control system bypass</p>
</div>
<div class="paragraph">
<p>Unauthorised access to a system or component by bypassing an access control system in place.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_theft_access_credentials">theft-access-credentials</h3>
<div class="paragraph">
<p>Unauthorised access to a system or component by using stolen access credentials.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventtheft_access_credentials">europol-event:theft-access-credentials</h4>
<div class="paragraph">
<p>Theft of access credentials</p>
</div>
<div class="paragraph">
<p>Unauthorised access to a system or component by using stolen access credentials.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unauthorized_access_system">unauthorized-access-system</h3>
<div class="paragraph">
<p>Unauthorised access to a system or component.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventunauthorized_access_system">europol-event:unauthorized-access-system</h4>
<div class="paragraph">
<p>Unauthorised access to a system</p>
</div>
<div class="paragraph">
<p>Unauthorised access to a system or component.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unauthorized_access_information">unauthorized-access-information</h3>
<div class="paragraph">
<p>Unauthorised access to a set of information.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventunauthorized_access_information">europol-event:unauthorized-access-information</h4>
<div class="paragraph">
<p>Unauthorised access to information</p>
</div>
<div class="paragraph">
<p>Unauthorised access to a set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_data_exfiltration">data-exfiltration</h3>
<div class="paragraph">
<p>Unauthorised access to and sharing of a specific set of information.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventdata_exfiltration">europol-event:data-exfiltration</h4>
<div class="paragraph">
<p>Data exfiltration</p>
</div>
<div class="paragraph">
<p>Unauthorised access to and sharing of a specific set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_modification_information">modification-information</h3>
<div class="paragraph">
<p>Unauthorised changes to a specific set of information.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventmodification_information">europol-event:modification-information</h4>
<div class="paragraph">
<p>Modification of information</p>
</div>
<div class="paragraph">
<p>Unauthorised changes to a specific set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_deletion_information">deletion-information</h3>
<div class="paragraph">
<p>Unauthorised deleting of a specific set of information.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventdeletion_information">europol-event:deletion-information</h4>
<div class="paragraph">
<p>Deletion of information</p>
</div>
<div class="paragraph">
<p>Unauthorised deleting of a specific set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_illegitimate_use_resources">illegitimate-use-resources</h3>
<div class="paragraph">
<p>Use of institutional resources for purposes other than those intended.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventillegitimate_use_resources">europol-event:illegitimate-use-resources</h4>
<div class="paragraph">
<p>Misuse or unauthorised use of resources</p>
</div>
<div class="paragraph">
<p>Use of institutional resources for purposes other than those intended.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_illegitimate_use_name">illegitimate-use-name</h3>
<div class="paragraph">
<p>Using the name of an institution without permission to do so.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventillegitimate_use_name">europol-event:illegitimate-use-name</h4>
<div class="paragraph">
<p>Illegitimate use of the name of an institution or third party</p>
</div>
<div class="paragraph">
<p>Using the name of an institution without permission to do so.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_email_flooding">email-flooding</h3>
<div class="paragraph">
<p>Sending an unusually large quantity of email messages.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventemail_flooding">europol-event:email-flooding</h4>
<div class="paragraph">
<p>Email flooding</p>
</div>
<div class="paragraph">
<p>Sending an unusually large quantity of email messages.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_spam_2">spam</h3>
<div class="paragraph">
<p>Sending an email message that was unsolicited or unwanted by the recipient.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventspam">europol-event:spam</h4>
<div class="paragraph">
<p>Sending an unsolicited message</p>
</div>
<div class="paragraph">
<p>Sending an email message that was unsolicited or unwanted by the recipient.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_copyrighted_content">copyrighted-content</h3>
<div class="paragraph">
<p>Distribution or sharing of content protected by copyright and related rights.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventcopyrighted_content">europol-event:copyrighted-content</h4>
<div class="paragraph">
<p>Distribution or sharing of copyright protected content</p>
</div>
<div class="paragraph">
<p>Distribution or sharing of content protected by copyright and related rights.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_content_forbidden_by_law">content-forbidden-by-law</h3>
<div class="paragraph">
<p>Distribution or sharing of illegal content such as child pornography, racism, xenophobia, etc&#8230;&#8203;</p>
</div>
<div class="sect3">
<h4 id="_europol_eventcontent_forbidden_by_law">europol-event:content-forbidden-by-law</h4>
<div class="paragraph">
<p>Dissemination of content forbidden by law (publicly prosecuted offences)</p>
</div>
<div class="paragraph">
<p>Distribution or sharing of illegal content such as child pornography, racism, xenophobia, etc&#8230;&#8203;</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unspecified">unspecified</h3>
<div class="paragraph">
<p>Other unlisted events.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventunspecified">europol-event:unspecified</h4>
<div class="paragraph">
<p>Other unspecified event</p>
</div>
<div class="paragraph">
<p>Other unlisted events.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_undetermined">undetermined</h3>
<div class="paragraph">
<p>Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning.</p>
</div>
<div class="sect3">
<h4 id="_europol_eventundetermined">europol-event:undetermined</h4>
<div class="paragraph">
<p>Undetermined</p>
</div>
<div class="paragraph">
<p>Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_europol_incident">europol-incident</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
europol-incident namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/europol-incident/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>This taxonomy was designed to describe the type of incidents by class.</p>
</div>
<div class="sect2">
<h3 id="_malware_3">malware</h3>
<div class="sect3">
<h4 id="_europol_incidentmalwareinfection">europol-incident:malware="infection"</h4>
<div class="paragraph">
<p>Infection</p>
</div>
<div class="paragraph">
<p>Infecting one or various systems with a specific type of malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentmalwaredistribution">europol-incident:malware="distribution"</h4>
<div class="paragraph">
<p>Distribution</p>
</div>
<div class="paragraph">
<p>Infecting one or various systems with a specific type of malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentmalwarecc">europol-incident:malware="c&amp;c"</h4>
<div class="paragraph">
<p>C&amp;C</p>
</div>
<div class="paragraph">
<p>Infecting one or various systems with a specific type of malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentmalwareundetermined">europol-incident:malware="undetermined"</h4>
<div class="paragraph">
<p>Undetermined</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability_4">availability</h3>
<div class="sect3">
<h4 id="_europol_incidentavailabilitydos_ddos">europol-incident:availability="dos-ddos"</h4>
<div class="paragraph">
<p>DoS/DDoS</p>
</div>
<div class="paragraph">
<p>Disruption of the processing and response capacity of systems and networks in order to render them inoperative.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentavailabilitysabotage">europol-incident:availability="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
<div class="paragraph">
<p>Premeditated action to damage a system, interrupt a process, change or delete information, etc.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering_4">information-gathering</h3>
<div class="sect3">
<h4 id="_europol_incidentinformation_gatheringscanning">europol-incident:information-gathering="scanning"</h4>
<div class="paragraph">
<p>Scanning</p>
</div>
<div class="paragraph">
<p>Active and passive gathering of information on systems or networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentinformation_gatheringsniffing">europol-incident:information-gathering="sniffing"</h4>
<div class="paragraph">
<p>Sniffing</p>
</div>
<div class="paragraph">
<p>Unauthorised monitoring and reading of network traffic.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentinformation_gatheringphishing">europol-incident:information-gathering="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Attempt to gather information on a user or a system through phishing methods.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempt_2">intrusion-attempt</h3>
<div class="sect3">
<h4 id="_europol_incidentintrusion_attemptexploitation_vulnerability">europol-incident:intrusion-attempt="exploitation-vulnerability"</h4>
<div class="paragraph">
<p>Exploitation of vulnerability</p>
</div>
<div class="paragraph">
<p>Attempt to intrude by exploiting a vulnerability in a system, component or network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentintrusion_attemptlogin_attempt">europol-incident:intrusion-attempt="login-attempt"</h4>
<div class="paragraph">
<p>Login attempt</p>
</div>
<div class="paragraph">
<p>Attempt to log in to services or authentication / access control mechanisms.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_3">intrusion</h3>
<div class="sect3">
<h4 id="_europol_incidentintrusionexploitation_vulnerability">europol-incident:intrusion="exploitation-vulnerability"</h4>
<div class="paragraph">
<p>Exploitation of vulnerability</p>
</div>
<div class="paragraph">
<p>Actual intrusion by exploiting a vulnerability in the system, component or network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentintrusioncompromising_account">europol-incident:intrusion="compromising-account"</h4>
<div class="paragraph">
<p>Compromising an account</p>
</div>
<div class="paragraph">
<p>Actual intrusion in a system, component or network by compromising a user or administrator account.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_security_2">information-security</h3>
<div class="sect3">
<h4 id="_europol_incidentinformation_securityunauthorized_access">europol-incident:information-security="unauthorized-access"</h4>
<div class="paragraph">
<p>Unauthorised access</p>
</div>
<div class="paragraph">
<p>Unauthorised access to a particular set of information</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentinformation_securityunauthorized_modification">europol-incident:information-security="unauthorized-modification"</h4>
<div class="paragraph">
<p>Unauthorised modification/deletion</p>
</div>
<div class="paragraph">
<p>Unauthorised change or elimination of a particular set of information</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud_4">fraud</h3>
<div class="sect3">
<h4 id="_europol_incidentfraudillegitimate_use_resources">europol-incident:fraud="illegitimate-use-resources"</h4>
<div class="paragraph">
<p>Misuse or unauthorised use of resources</p>
</div>
<div class="paragraph">
<p>Use of institutional resources for purposes other than those intended.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentfraudillegitimate_use_name">europol-incident:fraud="illegitimate-use-name"</h4>
<div class="paragraph">
<p>Illegitimate use of the name of a third party</p>
</div>
<div class="paragraph">
<p>Use of the name of an institution without permission to do so.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_abusive_content_4">abusive-content</h3>
<div class="sect3">
<h4 id="_europol_incidentabusive_contentspam">europol-incident:abusive-content="spam"</h4>
<div class="paragraph">
<p>SPAM</p>
</div>
<div class="literalblock">
<div class="content">
<pre>Sending SPAM messages.</pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentabusive_contentcopyright">europol-incident:abusive-content="copyright"</h4>
<div class="paragraph">
<p>Copyright</p>
</div>
<div class="paragraph">
<p>Distribution and sharing of copyright protected content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incidentabusive_contentcontent_forbidden_by_law">europol-incident:abusive-content="content-forbidden-by-law"</h4>
<div class="paragraph">
<p>Dissemination of content forbidden by law.</p>
</div>
<div class="paragraph">
<p>Child pornography, racism and apology of violence.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_6">other</h3>
<div class="sect3">
<h4 id="_europol_incidentotherother">europol-incident:other="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="literalblock">
<div class="content">
<pre>Other type of unspecified incident</pre>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_event_assessment">event-assessment</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
event-assessment namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/event-assessment/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty.</p>
</div>
<div class="sect2">
<h3 id="_alternative_points_of_view_process">alternative-points-of-view-process</h3>
<div class="paragraph">
<p>A list of procedures or practices which describe alternative points of view to validate or rate an analysis. The list describes techniques or methods which could reinforce the estimative language in a human analysis and/or challenge the assumptions to reduce the potential bias of the analysis introduced by the analyst(s).</p>
</div>
<div class="sect3">
<h4 id="_event_assessmentalternative_points_of_view_processanalytic_debates_within_the_organisation">event-assessment:alternative-points-of-view-process="analytic-debates-within-the-organisation"</h4>
<div class="paragraph">
<p>analytic debates within the organisation</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_assessmentalternative_points_of_view_processdevils_advocates_methodology">event-assessment:alternative-points-of-view-process="devils-advocates-methodology"</h4>
<div class="paragraph">
<p>Devil&#8217;s advocates methodology</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_assessmentalternative_points_of_view_processcompetitive_analysis">event-assessment:alternative-points-of-view-process="competitive-analysis"</h4>
<div class="paragraph">
<p>competitive analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_assessmentalternative_points_of_view_processinterdisciplinary_brainstorming">event-assessment:alternative-points-of-view-process="interdisciplinary-brainstorming"</h4>
<div class="paragraph">
<p>interdisciplinary brainstorming</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_assessmentalternative_points_of_view_processintra_office_peer_review">event-assessment:alternative-points-of-view-process="intra-office-peer-review"</h4>
<div class="paragraph">
<p>intra-office peer review</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_assessmentalternative_points_of_view_processoutside_expertise_review">event-assessment:alternative-points-of-view-process="outside-expertise-review"</h4>
<div class="paragraph">
<p>Outside expertise review</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_event_classification">event-classification</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
event-classification namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/event-classification/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification of events as seen in tools such as RT/IR, MISP and other</p>
</div>
<div class="sect2">
<h3 id="_event_class">event-class</h3>
<div class="sect3">
<h4 id="_event_classificationevent_classincident_report">event-classification:event-class="incident_report"</h4>
<div class="paragraph">
<p>Incident Report</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_classificationevent_classincident">event-classification:event-class="incident"</h4>
<div class="paragraph">
<p>Incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_classificationevent_classinvestigation">event-classification:event-class="investigation"</h4>
<div class="paragraph">
<p>Investigation</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_classificationevent_classcountermeasure">event-classification:event-class="countermeasure"</h4>
<div class="paragraph">
<p>Countermeasure</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_classificationevent_classgeneral">event-classification:event-class="general"</h4>
<div class="paragraph">
<p>General</p>
</div>
</div>
<div class="sect3">
<h4 id="_event_classificationevent_classexercise">event-classification:event-class="exercise"</h4>
<div class="paragraph">
<p>Exercise</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_exercise">exercise</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
exercise namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/exercise/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise.</p>
</div>
<div class="sect2">
<h3 id="_cyber_europe">cyber-europe</h3>
<div class="paragraph">
<p>ENISA manages the programme of pan-European exercises CE2018 logonamed Cyber Europe. This is a series of EU-level cyber incident and crisis management exercises for both the public and private sectors from the EU and EFTA Member States. The Cyber Europe exercises are simulations of large-scale cybersecurity incidents that escalate to become cyber crises. The exercises offer opportunities to analyse advanced technical cybersecurity incidents but also to deal with complex business continuity and crisis management situations.</p>
</div>
<div class="sect3">
<h4 id="_exercisecyber_europe2022">exercise:cyber-europe="2022"</h4>
<div class="paragraph">
<p>2022</p>
</div>
<div class="paragraph">
<p>6th pan European cyber crisis exercise: Cyber Europe 2022 (CE2022)</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_europe2018">exercise:cyber-europe="2018"</h4>
<div class="paragraph">
<p>2018</p>
</div>
<div class="paragraph">
<p>5th pan European cyber crisis exercise, Cyber Europe 2018 (CE2018)</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_europe2016">exercise:cyber-europe="2016"</h4>
<div class="paragraph">
<p>2016</p>
</div>
<div class="paragraph">
<p>4th pan-European cyber exercise, Cyber Europe 2016</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cyber_storm">cyber-storm</h3>
<div class="paragraph">
<p>Cyber Storm, the Department of Homeland Securitys (DHS) biennial exercise series, provides the framework for the most extensive government-sponsored cybersecurity exercise of its kind. Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is the DHS Office of Cybersecurity and Communications' top priority.</p>
</div>
<div class="sect3">
<h4 id="_exercisecyber_stormspring_2018">exercise:cyber-storm="spring-2018"</h4>
<div class="paragraph">
<p>Spring 2018</p>
</div>
<div class="paragraph">
<p>The sixth iteration of the Cyber Storm exercise series, Cyber Storm VI, is scheduled for Spring 2018</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_locked_shields">locked-shields</h3>
<div class="paragraph">
<p>Locked Shields is the worlds largest and most advanced international technical live-fire cyber defence exercise. This annual scenario-based, real-time network defence exercise, which has been organised by the NATO Cooperative Cyber Defence Centre of Excellence since 2010, focuses on training for security experts who protect national IT systems.</p>
</div>
<div class="sect3">
<h4 id="_exerciselocked_shields2017">exercise:locked-shields="2017"</h4>
<div class="paragraph">
<p>2017</p>
</div>
<div class="paragraph">
<p>Locked Shields 2017</p>
</div>
</div>
<div class="sect3">
<h4 id="_exerciselocked_shields2018">exercise:locked-shields="2018"</h4>
<div class="paragraph">
<p>2018</p>
</div>
<div class="paragraph">
<p>Locked Shields 2018</p>
</div>
</div>
<div class="sect3">
<h4 id="_exerciselocked_shields2019">exercise:locked-shields="2019"</h4>
<div class="paragraph">
<p>2019</p>
</div>
<div class="paragraph">
<p>Locked Shields 2019</p>
</div>
</div>
<div class="sect3">
<h4 id="_exerciselocked_shields2020">exercise:locked-shields="2020"</h4>
<div class="paragraph">
<p>2020</p>
</div>
<div class="paragraph">
<p>Locked Shields 2020</p>
</div>
</div>
<div class="sect3">
<h4 id="_exerciselocked_shields2021">exercise:locked-shields="2021"</h4>
<div class="paragraph">
<p>2021</p>
</div>
<div class="paragraph">
<p>Locked Shields 2021</p>
</div>
</div>
<div class="sect3">
<h4 id="_exerciselocked_shields2022">exercise:locked-shields="2022"</h4>
<div class="paragraph">
<p>2022</p>
</div>
<div class="paragraph">
<p>Locked Shields 2022</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_lukex">lukex</h3>
<div class="paragraph">
<p>LÜKEX ist ein Kurzwort für Länderübergreifende Krisenmanagementübung (EXercise) und die Bezeichnung für regelmäßig stattfindende Übungen in der Bundesrepublik Deutschland. Ziel von Lükex ist es, das gemeinsame Management des Bundes und der Länder in nationalen Krisen aufgrund von außergewöhnlichen Gefahren- und Schadenslagen auf strategischer Ebene zu verbessern.</p>
</div>
<div class="sect3">
<h4 id="_exerciselukex2020">exercise:lukex="2020"</h4>
<div class="paragraph">
<p>2020</p>
</div>
<div class="paragraph">
<p>Cyber-Angriff auf die deutsche Stromversorgung</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cyber_coalition">cyber-coalition</h3>
<div class="paragraph">
<p>Cyber Coalition tests and trains cyber defenders from across the Alliance in their ability to defend NATO and national networks. From defence against malware, through tackling hybrid challenges involving social media, to attacks on mobile devices, the exercise has a challenging, realistic scenario that helps prepare our cyber defenders for real-life cyber challenges. The training includes testing of operational and legal procedures, exchange of information and work with industry and partners.</p>
</div>
<div class="sect3">
<h4 id="_exercisecyber_coalition2017">exercise:cyber-coalition="2017"</h4>
<div class="paragraph">
<p>2017</p>
</div>
<div class="paragraph">
<p>NATO Cyber Coalition 2017</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_coalition2018">exercise:cyber-coalition="2018"</h4>
<div class="paragraph">
<p>2018</p>
</div>
<div class="paragraph">
<p>NATO Cyber Coalition 2018</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_coalition2019">exercise:cyber-coalition="2019"</h4>
<div class="paragraph">
<p>2019</p>
</div>
<div class="paragraph">
<p>NATO Cyber Coalition 2019</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_coalition2020">exercise:cyber-coalition="2020"</h4>
<div class="paragraph">
<p>2020</p>
</div>
<div class="paragraph">
<p>NATO Cyber Coalition 2020</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_coalition2021">exercise:cyber-coalition="2021"</h4>
<div class="paragraph">
<p>2021</p>
</div>
<div class="paragraph">
<p>NATO Cyber Coalition 2021</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_pace">pace</h3>
<div class="paragraph">
<p>NATO-EU Parallel and Coordinated Exercise. PACE focuses on four key areas, namely situational awareness, effectiveness of our instruments to counter cyber threats at EU level, speed of reaction and appropriate reactivity of our crisis response mechanisms, as well as our capacity to communicate fast and in a coordinated way.</p>
</div>
<div class="sect3">
<h4 id="_exercisepace2017">exercise:pace="2017"</h4>
<div class="paragraph">
<p>2017</p>
</div>
<div class="paragraph">
<p>PACE17 will focus on four key areas, namely situational awareness, effectiveness of our instruments to counter cyber threats at EU level, speed of reaction and appropriate reactivity of our crisis response mechanisms, as well as our capacity to communicate fast and in a coordinated way. The exercise will be followed by an evaluation phase, to identify lessons learned and improve our toolbox.</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisepace2018">exercise:pace="2018"</h4>
<div class="paragraph">
<p>2018</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cyber_sopex">cyber-sopex</h3>
<div class="paragraph">
<p>Cyber SOPEx (formerly known as EuroSOPEx) is the first step in a series of ENISA exercises focusing on training the participants on situational awareness, information sharing, understanding roles and responsibilities and utilising related tools, as agreed by the CSIRTs Network</p>
</div>
<div class="sect3">
<h4 id="_exercisecyber_sopex2019">exercise:cyber-sopex="2019"</h4>
<div class="paragraph">
<p>2019</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_sopex2018">exercise:cyber-sopex="2018"</h4>
<div class="paragraph">
<p>2018</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_sopex2020">exercise:cyber-sopex="2020"</h4>
<div class="paragraph">
<p>2020</p>
</div>
</div>
<div class="sect3">
<h4 id="_exercisecyber_sopex2021">exercise:cyber-sopex="2021"</h4>
<div class="paragraph">
<p>2021</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_generic">generic</h3>
<div class="paragraph">
<p>Generic exercise which are not named.</p>
</div>
<div class="sect3">
<h4 id="_exercisegenericcomcheck">exercise:generic="comcheck"</h4>
<div class="paragraph">
<p>Communication check</p>
</div>
<div class="paragraph">
<p>A communication check exercise which can include digital or non-digital communication.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_extended_event">extended-event</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
extended-event namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/extended-event/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Reasons why an event has been extended.</p>
</div>
<div class="sect2">
<h3 id="_competitive_analysis">competitive-analysis</h3>
<div class="sect3">
<h4 id="_extended_eventcompetitive_analysisdevil_advocate">extended-event:competitive-analysis="devil-advocate"</h4>
<div class="paragraph">
<p>Devil&#8217;s advocate</p>
</div>
<div class="paragraph">
<p>Is a competitive analysis of devil&#8217;s advocate type.</p>
</div>
</div>
<div class="sect3">
<h4 id="_extended_eventcompetitive_analysisabsurd_reasoning">extended-event:competitive-analysis="absurd-reasoning"</h4>
<div class="paragraph">
<p>Absurd reasoning</p>
</div>
<div class="paragraph">
<p>Is a competitive analysis of absurd reasoning type</p>
</div>
</div>
<div class="sect3">
<h4 id="_extended_eventcompetitive_analysisrole_playing">extended-event:competitive-analysis="role-playing"</h4>
<div class="paragraph">
<p>Role playing</p>
</div>
<div class="paragraph">
<p>Is a competitive analysis of role playing type</p>
</div>
</div>
<div class="sect3">
<h4 id="_extended_eventcompetitive_analysiscrystal_ball">extended-event:competitive-analysis="crystal-ball"</h4>
<div class="paragraph">
<p>Crystal ball</p>
</div>
<div class="paragraph">
<p>Is a competitive analysis of crystal ball type</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_extended_analysis">extended-analysis</h3>
<div class="sect3">
<h4 id="_extended_eventextended_analysisautomatic_expansion">extended-event:extended-analysis="automatic-expansion"</h4>
<div class="paragraph">
<p>Automatic expansion</p>
</div>
<div class="paragraph">
<p>This extended event is composed of elements derived from automatic expanxions services</p>
</div>
</div>
<div class="sect3">
<h4 id="_extended_eventextended_analysisaggressive_pivoting">extended-event:extended-analysis="aggressive-pivoting"</h4>
<div class="paragraph">
<p>Aggressive pivoting</p>
</div>
<div class="paragraph">
<p>This extended event is composed of elements resulting of a careless pivoting</p>
</div>
</div>
<div class="sect3">
<h4 id="_extended_eventextended_analysiscomplementary_analysis">extended-event:extended-analysis="complementary-analysis"</h4>
<div class="paragraph">
<p>Complementary analysis</p>
</div>
<div class="paragraph">
<p>This extended event is composed of elements gathered by a different analyst than the original one</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_human_readable">human-readable</h3>
<div class="paragraph">
<p>This extended event makes a human readable output of a machine or technical report.</p>
</div>
</div>
<div class="sect2">
<h3 id="_chunked_event">chunked-event</h3>
<div class="paragraph">
<p>This extended event is a part of a large event.</p>
</div>
<div class="sect3">
<h4 id="_extended_eventchunked_eventtime_based">extended-event:chunked-event="time-based"</h4>
<div class="paragraph">
<p>Time based</p>
</div>
<div class="paragraph">
<p>is an element of a serie of extended events, split by matter of time</p>
</div>
</div>
<div class="sect3">
<h4 id="_extended_eventchunked_eventcounter_based">extended-event:chunked-event="counter-based"</h4>
<div class="paragraph">
<p>Counter based</p>
</div>
<div class="paragraph">
<p>is an element of a serie of extended events, split by number of elements</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_update">update</h3>
<div class="paragraph">
<p>Original event is deprecated</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_failure_mode_in_machine_learning">failure-mode-in-machine-learning</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
failure-mode-in-machine-learning namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/failure-mode-in-machine-learning/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The purpose of this taxonomy is to jointly tabulate both the of these failure modes in a single place. Intentional failures wherein the failure is caused by an active adversary attempting to subvert the system to attain her goals either to misclassify the result, infer private training data, or to steal the underlying algorithm. Unintentional failures wherein the failure is because an ML system produces a formally correct but completely unsafe outcome.</p>
</div>
<div class="sect2">
<h3 id="_intentionally_motivated_failures_summary">intentionally-motivated-failures-summary</h3>
<div class="paragraph">
<p>Intentional failures wherein the failure is caused by an active adversary attempting to subvert the system to attain her goals either to misclassify the result, infer private training data, or to steal the underlying algorithm.</p>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary1_perturbation_attack">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="1-perturbation-attack"</h4>
<div class="paragraph">
<p>Perturbation attack</p>
</div>
<div class="paragraph">
<p>Attacker modifies the query to get appropriate response. It doesn&#8217;t violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary2_poisoning_attack">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="2-poisoning-attack"</h4>
<div class="paragraph">
<p>Poisoning attack</p>
</div>
<div class="paragraph">
<p>Attacker contaminates the training phase of ML systems to get intended result. It doesn&#8217;t violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary3_model_inversion">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="3-model-inversion"</h4>
<div class="paragraph">
<p>Model Inversion</p>
</div>
<div class="paragraph">
<p>Attacker recovers the secret features used in the model by through careful queries. It doesn&#8217;t violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary4_membership_inference">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="4-membership-inference"</h4>
<div class="paragraph">
<p>Membership Inference</p>
</div>
<div class="paragraph">
<p>Attacker can infer if a given data record was part of the models training dataset or not. It doesn&#8217;t violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary5_model_stealing">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="5-model-stealing"</h4>
<div class="paragraph">
<p>Model Stealing</p>
</div>
<div class="paragraph">
<p>Attacker is able to recover the model through carefully-crafted queries. It doesn&#8217;t violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary6_reprogramming_ml_system">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="6-reprogramming-ML-system"</h4>
<div class="paragraph">
<p>Reprogramming ML system</p>
</div>
<div class="paragraph">
<p>Repurpose the ML system to perform an activity it was not programmed for. It doesn&#8217;t violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary7_adversarial_example_in_physical_domain">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="7-adversarial-example-in-physical-domain"</h4>
<div class="paragraph">
<p>Adversarial Example in Physical Domain</p>
</div>
<div class="paragraph">
<p>Repurpose the ML system to perform an activity it was not programmed for. It doesn&#8217;t violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary8_malicious_ml_provider_recovering_training_data">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="8-malicious-ML-provider-recovering-training-data"</h4>
<div class="paragraph">
<p>Malicious ML provider recovering training data</p>
</div>
<div class="paragraph">
<p>Malicious ML provider can query the model used by customer and recover customers training data. It does violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary9_attacking_the_ml_supply_chain">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="9-attacking-the-ML-supply-chain"</h4>
<div class="paragraph">
<p>Attacking the ML supply chain</p>
</div>
<div class="paragraph">
<p>Attacker compromises the ML models as it is being downloaded for use. It does violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary10_backdoor_ml">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="10-backdoor-ML"</h4>
<div class="paragraph">
<p>Backdoor ML</p>
</div>
<div class="paragraph">
<p>Malicious ML provider backdoors algorithm to activate with a specific trigger. It does violate traditional technological notion of access/authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningintentionally_motivated_failures_summary10_exploit_software_dependencies">failure-mode-in-machine-learning:intentionally-motivated-failures-summary="10-exploit-software-dependencies"</h4>
<div class="paragraph">
<p>Exploit Software Dependencies</p>
</div>
<div class="paragraph">
<p>Attacker uses traditional software exploits like buffer overflow to confuse/control ML systems. It does violate traditional technological notion of access/authorization.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unintended_failures_summary">unintended-failures-summary</h3>
<div class="paragraph">
<p>Unintentional failures wherein the failure is because an ML system produces a formally correct but completely unsafe outcome.</p>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningunintended_failures_summary12_reward_hacking">failure-mode-in-machine-learning:unintended-failures-summary="12-reward-hacking"</h4>
<div class="paragraph">
<p>Reward Hacking</p>
</div>
<div class="paragraph">
<p>Reinforcement Learning (RL) systems act in unintended ways because of mismatch between stated reward and true reward</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningunintended_failures_summary13_side_effects">failure-mode-in-machine-learning:unintended-failures-summary="13-side-effects"</h4>
<div class="paragraph">
<p>Side Effects</p>
</div>
<div class="paragraph">
<p>RL system disrupts the environment as it tries to attain its goal</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningunintended_failures_summary14_distributional_shifts">failure-mode-in-machine-learning:unintended-failures-summary="14-distributional-shifts"</h4>
<div class="paragraph">
<p>Distributional shifts</p>
</div>
<div class="paragraph">
<p>The system is tested in one kind of environment, but is unable to adapt to changes in other kinds of environment</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningunintended_failures_summary15_natural_adversarial_examples">failure-mode-in-machine-learning:unintended-failures-summary="15-natural-adversarial-examples"</h4>
<div class="paragraph">
<p>Natural Adversarial Examples</p>
</div>
<div class="paragraph">
<p>Without attacker perturbations, the ML system fails owing to hard negative mining</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningunintended_failures_summary16_common_corruption">failure-mode-in-machine-learning:unintended-failures-summary="16-common-corruption"</h4>
<div class="paragraph">
<p>Common Corruption</p>
</div>
<div class="paragraph">
<p>The system is not able to handle common corruptions and perturbations such as tilting, zooming, or noisy images</p>
</div>
</div>
<div class="sect3">
<h4 id="_failure_mode_in_machine_learningunintended_failures_summary17_incomplete_testing">failure-mode-in-machine-learning:unintended-failures-summary="17-incomplete-testing"</h4>
<div class="paragraph">
<p>Incomplete Testing</p>
</div>
<div class="paragraph">
<p>The ML system is not tested in the realistic conditions that it is meant to operate in</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_false_positive">false-positive</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
false-positive namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/false-positive/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>This taxonomy aims to ballpark the expected amount of false positives.</p>
</div>
<div class="sect2">
<h3 id="_risk">risk</h3>
<div class="paragraph">
<p>Risk of having false positives in the tagged value.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_false_positiverisklow">false-positive:risk="low"</h4>
<div class="paragraph">
<p>Low</p>
</div>
<div class="paragraph">
<p>The risk of having false positives in the tagged value is low.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_false_positiveriskmedium">false-positive:risk="medium"</h4>
<div class="paragraph">
<p>Medium</p>
</div>
<div class="paragraph">
<p>The risk of having false positives in the tagged value is medium.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_false_positiveriskhigh">false-positive:risk="high"</h4>
<div class="paragraph">
<p>High</p>
</div>
<div class="paragraph">
<p>The risk of having false positives in the tagged value is high.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confirmed">confirmed</h3>
<div class="paragraph">
<p>Confirmed false positives in the tagged value.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_false_positiveconfirmedtrue">false-positive:confirmed="true"</h4>
<div class="paragraph">
<p>True</p>
</div>
<div class="paragraph">
<p>The false positive is confirmed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_false_positiveconfirmedfalse">false-positive:confirmed="false"</h4>
<div class="paragraph">
<p>False</p>
</div>
<div class="paragraph">
<p>The flase positive is not confirmed.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_file_type">file-type</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
file-type namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/file-type/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>List of known file types.</p>
</div>
<div class="sect2">
<h3 id="_type_4">type</h3>
<div class="sect3">
<h4 id="_file_typetypepeexe">file-type:type="peexe"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepedll">file-type:type="pedll"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeneexe">file-type:type="neexe"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypenedll">file-type:type="nedll"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemz">file-type:type="mz"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemsi">file-type:type="msi"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypecom">file-type:type="com"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypecoff">file-type:type="coff"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeelf">file-type:type="elf"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypekrnl">file-type:type="krnl"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetyperpm">file-type:type="rpm"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypelinux">file-type:type="linux"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemacho">file-type:type="macho"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeelf32">file-type:type="elf32"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeelf64">file-type:type="elf64"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeelfso">file-type:type="elfso"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepeexe32">file-type:type="peexe32"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepeexe64">file-type:type="peexe64"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeassembly">file-type:type="assembly"</h4>
<div class="paragraph">
<p>executable</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypehtml">file-type:type="html"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypexml">file-type:type="xml"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeflash">file-type:type="flash"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypefla">file-type:type="fla"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeiecookie">file-type:type="iecookie"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypebittorrent">file-type:type="bittorrent"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeemail">file-type:type="email"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeoutlook">file-type:type="outlook"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypecap">file-type:type="cap"</h4>
<div class="paragraph">
<p>internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypesymbian">file-type:type="symbian"</h4>
<div class="paragraph">
<p>phone and tablet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepalmos">file-type:type="palmos"</h4>
<div class="paragraph">
<p>phone and tablet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypewince">file-type:type="wince"</h4>
<div class="paragraph">
<p>phone and tablet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeandroid">file-type:type="android"</h4>
<div class="paragraph">
<p>phone and tablet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeiphone">file-type:type="iphone"</h4>
<div class="paragraph">
<p>phone and tablet</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypejpeg">file-type:type="jpeg"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeemf">file-type:type="emf"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypetiff">file-type:type="tiff"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypegif">file-type:type="gif"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepng">file-type:type="png"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypebmp">file-type:type="bmp"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypegimp">file-type:type="gimp"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeindesign">file-type:type="indesign"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepsd">file-type:type="psd"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypetarga">file-type:type="targa"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypexws">file-type:type="xws"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypedib">file-type:type="dib"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypejng">file-type:type="jng"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeico">file-type:type="ico"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypefpx">file-type:type="fpx"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeeps">file-type:type="eps"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypesvg">file-type:type="svg"</h4>
<div class="paragraph">
<p>image</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeogg">file-type:type="ogg"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeflc">file-type:type="flc"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypefli">file-type:type="fli"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemp3">file-type:type="mp3"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeflac">file-type:type="flac"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypewav">file-type:type="wav"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemidi">file-type:type="midi"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeavi">file-type:type="avi"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypempeg">file-type:type="mpeg"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeqt">file-type:type="qt"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeasf">file-type:type="asf"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypedivx">file-type:type="divx"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeflv">file-type:type="flv"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypewma">file-type:type="wma"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypewmv">file-type:type="wmv"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetyperm">file-type:type="rm"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemov">file-type:type="mov"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemp4">file-type:type="mp4"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetype3gp">file-type:type="3gp"</h4>
<div class="paragraph">
<p>video and audio</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypetext">file-type:type="text"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepdf">file-type:type="pdf"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeps">file-type:type="ps"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypedoc">file-type:type="doc"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypedocx">file-type:type="docx"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypertf">file-type:type="rtf"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeppt">file-type:type="ppt"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepptx">file-type:type="pptx"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypexls">file-type:type="xls"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypexlsx">file-type:type="xlsx"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeodp">file-type:type="odp"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeods">file-type:type="ods"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeodt">file-type:type="odt"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypehwp">file-type:type="hwp"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypegul">file-type:type="gul"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeebook">file-type:type="ebook"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypelatex">file-type:type="latex"</h4>
<div class="paragraph">
<p>document</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeisoimage">file-type:type="isoimage"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypezip">file-type:type="zip"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypegzip">file-type:type="gzip"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypebzip">file-type:type="bzip"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetyperzip">file-type:type="rzip"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypedzip">file-type:type="dzip"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetype7zip">file-type:type="7zip"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypecab">file-type:type="cab"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypejar">file-type:type="jar"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetyperar">file-type:type="rar"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemscompress">file-type:type="mscompress"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeace">file-type:type="ace"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypearc">file-type:type="arc"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypearj">file-type:type="arj"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeasd">file-type:type="asd"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeblackhole">file-type:type="blackhole"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypekgb">file-type:type="kgb"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypexz">file-type:type="xz"</h4>
<div class="paragraph">
<p>bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypescript">file-type:type="script"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypephp">file-type:type="php"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepython">file-type:type="python"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeperl">file-type:type="perl"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetyperuby">file-type:type="ruby"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypec">file-type:type="c"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypecpp">file-type:type="cpp"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypejava">file-type:type="java"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeshell">file-type:type="shell"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypepascal">file-type:type="pascal"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeawk">file-type:type="awk"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypedyalog">file-type:type="dyalog"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypefortran">file-type:type="fortran"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypejava_bytecode">file-type:type="java-bytecode"</h4>
<div class="paragraph">
<p>code</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeapple">file-type:type="apple"</h4>
<div class="paragraph">
<p>apple</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemac">file-type:type="mac"</h4>
<div class="paragraph">
<p>apple</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeapplesingle">file-type:type="applesingle"</h4>
<div class="paragraph">
<p>apple</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeappledouble">file-type:type="appledouble"</h4>
<div class="paragraph">
<p>apple</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemachfs">file-type:type="machfs"</h4>
<div class="paragraph">
<p>apple</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypeappleplist">file-type:type="appleplist"</h4>
<div class="paragraph">
<p>apple</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypemaclib">file-type:type="maclib"</h4>
<div class="paragraph">
<p>apple</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypelnk">file-type:type="lnk"</h4>
<div class="paragraph">
<p>miscellaneous</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypettf">file-type:type="ttf"</h4>
<div class="paragraph">
<p>miscellaneous</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetyperom">file-type:type="rom"</h4>
<div class="paragraph">
<p>miscellaneous</p>
</div>
</div>
<div class="sect3">
<h4 id="_file_typetypedata">file-type:type="data"</h4>
<div class="paragraph">
<p>miscellaneous</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_flesch_reading_ease">flesch-reading-ease</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
flesch-reading-ease namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/flesch-reading-ease/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid).</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_score">score</h3>
<div class="sect3">
<h4 id="_flesch_reading_easescore90_100">flesch-reading-ease:score="90-100"</h4>
<div class="paragraph">
<p>Very Easy</p>
</div>
<div class="paragraph">
<p>Very easy to read. Easily understood by an average 11-year-old student.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_flesch_reading_easescore80_89">flesch-reading-ease:score="80-89"</h4>
<div class="paragraph">
<p>Easy</p>
</div>
<div class="paragraph">
<p>Easy to read. Conversational English for consumers.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="89"</p>
</div>
</div>
<div class="sect3">
<h4 id="_flesch_reading_easescore70_79">flesch-reading-ease:score="70-79"</h4>
<div class="paragraph">
<p>Fairly Easy</p>
</div>
<div class="paragraph">
<p>Fairly easy to read.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="79"</p>
</div>
</div>
<div class="sect3">
<h4 id="_flesch_reading_easescore60_69">flesch-reading-ease:score="60-69"</h4>
<div class="paragraph">
<p>Standard</p>
</div>
<div class="paragraph">
<p>Plain English. Easily understood by 13- to 15-year-old students.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="69"</p>
</div>
</div>
<div class="sect3">
<h4 id="_flesch_reading_easescore50_59">flesch-reading-ease:score="50-59"</h4>
<div class="paragraph">
<p>Fairly Difficult</p>
</div>
<div class="paragraph">
<p>Fairly difficult to read.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="59"</p>
</div>
</div>
<div class="sect3">
<h4 id="_flesch_reading_easescore30_49">flesch-reading-ease:score="30-49"</h4>
<div class="paragraph">
<p>Difficult</p>
</div>
<div class="paragraph">
<p>Difficult to read.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="49"</p>
</div>
</div>
<div class="sect3">
<h4 id="_flesch_reading_easescore0_29">flesch-reading-ease:score="0-29"</h4>
<div class="paragraph">
<p>Very Confusing</p>
</div>
<div class="paragraph">
<p>Very difficult to read. Best understood by university graduates.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="29"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_fpf">fpf</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
fpf namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/fpf/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Future of Privacy Forum (FPF) [visual guide to practical de-identification](<a href="https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-identification/" class="bare">https://fpf.org/2016/04/25/a-visual-guide-to-practical-data-de-identification/</a>) taxonomy is used to evaluate the degree of identifiability of personal data and the types of pseudonymous data, de-identified data and anonymous data. The work of FPF is licensed under a creative commons attribution 4.0 international license.</p>
</div>
<div class="sect2">
<h3 id="_degrees_of_identifiability">degrees-of-identifiability</h3>
<div class="paragraph">
<p>Information containing direct and indirect identifiers.</p>
</div>
<div class="sect3">
<h4 id="_fpfdegrees_of_identifiabilityexplicitly_personal">fpf:degrees-of-identifiability="explicitly-personal"</h4>
<div class="paragraph">
<p>Explicitly personal</p>
</div>
<div class="paragraph">
<p>Name, address, phone number, SSN, government-issued ID (e.g., Jane Smith, 123 Main Street, 555-555-5555)</p>
</div>
</div>
<div class="sect3">
<h4 id="_fpfdegrees_of_identifiabilitypotentially_identifiable">fpf:degrees-of-identifiability="potentially-identifiable"</h4>
<div class="paragraph">
<p>Potentially identifiable</p>
</div>
<div class="paragraph">
<p>Unique device ID, license plate, medical record number, cookie, IP address (e.g., MAC address 68:A8:6D:35:65:03)</p>
</div>
</div>
<div class="sect3">
<h4 id="_fpfdegrees_of_identifiabilitynot_readily_identifiable">fpf:degrees-of-identifiability="not-readily-identifiable"</h4>
<div class="paragraph">
<p>Not readily identifiable</p>
</div>
<div class="paragraph">
<p>Same as Potentially Identifiable except data are also protected by safeguards and controls (e.g., hashed MAC addresses &amp; legal representations)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_pseudonymous_data">pseudonymous-data</h3>
<div class="paragraph">
<p>Information from which direct identifiers have been eliminated or transformed, but indirect entifiers remain intact.</p>
</div>
<div class="sect3">
<h4 id="_fpfpseudonymous_datakey_coded">fpf:pseudonymous-data="key-coded"</h4>
<div class="paragraph">
<p>Key coded</p>
</div>
<div class="paragraph">
<p>Clinical or research datasets where only curator retains key (e.g., Jane Smith, diabetes, HgB 15.1 g/dl = Csrk123)</p>
</div>
</div>
<div class="sect3">
<h4 id="_fpfpseudonymous_datapseudonymous">fpf:pseudonymous-data="pseudonymous"</h4>
<div class="paragraph">
<p>Pseudonymous</p>
</div>
<div class="paragraph">
<p>Unique, artificial pseudonyms replace direct identifiers (e.g., HIPAA Limited Datasets, John Doe = 5L7T LX619Z) (unique sequence not used anywhere else)</p>
</div>
</div>
<div class="sect3">
<h4 id="_fpfpseudonymous_dataprotected_pseudonymous">fpf:pseudonymous-data="protected-pseudonymous"</h4>
<div class="paragraph">
<p>Protected pseudonymous</p>
</div>
<div class="paragraph">
<p>Same as Pseudonymous, except data are also protected by safeguards and controls</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_de_identified_data">de-identified-data</h3>
<div class="paragraph">
<p>Direct and known indirect identifiers have been removed or manipulated to break the linkage to real world identities.</p>
</div>
<div class="sect3">
<h4 id="_fpfde_identified_datade_identified">fpf:de-identified-data="de-identified"</h4>
<div class="paragraph">
<p>De-identified</p>
</div>
<div class="paragraph">
<p>Data are suppressed, generalized, perturbed, swapped, etc. (e.g., GPA: 3.2 = 3.0-3.5, gender: female = gender: male)</p>
</div>
</div>
<div class="sect3">
<h4 id="_fpfde_identified_dataprotected_de_identified">fpf:de-identified-data="protected-de-identified"</h4>
<div class="paragraph">
<p>Protected de-identified</p>
</div>
<div class="paragraph">
<p>Same as De-Identified, except data are also protected by safeguards and controls</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_anonymous_data">anonymous-data</h3>
<div class="paragraph">
<p>Direct and indirect identifiers have en removed or manipulated together with mathematical and technical guarantees to prevent re-identification.</p>
</div>
<div class="sect3">
<h4 id="_fpfanonymous_dataanonymous">fpf:anonymous-data="anonymous"</h4>
<div class="paragraph">
<p>Anonymous</p>
</div>
<div class="paragraph">
<p>For example, noise is calibrated to a data set to hide whether an individual is present or not (differential privacy)</p>
</div>
</div>
<div class="sect3">
<h4 id="_fpfanonymous_dataaggregated_anonymous">fpf:anonymous-data="aggregated-anonymous"</h4>
<div class="paragraph">
<p>Aggregated anonymous</p>
</div>
<div class="paragraph">
<p>Very highly aggregated data (e.g., statistical data, census data, or population data that 52.6% of Washington, DC residents are women)</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_fr_classif">fr-classif</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
fr-classif namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/fr-classif/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>French gov information classification system</p>
</div>
<div class="sect2">
<h3 id="_classifiees">classifiees</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_fr_classifclassifieestres_secret">fr-classif:classifiees="TRES_SECRET"</h4>
<div class="paragraph">
<p>TRES SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_fr_classifclassifieessecret">fr-classif:classifiees="SECRET"</h4>
<div class="paragraph">
<p>SECRET</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_non_classifiees">non-classifiees</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_fr_classifnon_classifieesdiffusion_restreinte">fr-classif:non-classifiees="DIFFUSION_RESTREINTE"</h4>
<div class="paragraph">
<p>DIFFUSION RESTREINTE</p>
</div>
</div>
<div class="sect3">
<h4 id="_fr_classifnon_classifieesnon_protege">fr-classif:non-classifiees="NON-PROTEGE"</h4>
<div class="paragraph">
<p>NON PROTEGE</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_special_france">special-france</h3>
<div class="sect3">
<h4 id="_fr_classifspecial_francespecial_france">fr-classif:special-france="SPECIAL_FRANCE"</h4>
<div class="paragraph">
<p>SPECIAL FRANCE</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_gdpr">gdpr</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
gdpr namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/gdpr/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy related to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)</p>
</div>
<div class="sect2">
<h3 id="_special_categories">special-categories</h3>
<div class="paragraph">
<p>Special categories of personal data, refer to Art. 9 of the GDPR</p>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categoriesracial_or_ethnic_origin">gdpr:special-categories="racial-or-ethnic-origin"</h4>
<div class="paragraph">
<p>Racial or ethnic origin</p>
</div>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categoriespolitical_opinions">gdpr:special-categories="political-opinions"</h4>
<div class="paragraph">
<p>Political opinions</p>
</div>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categoriesreligious_or_philosophical_beliefs">gdpr:special-categories="religious-or-philosophical-beliefs"</h4>
<div class="paragraph">
<p>Religious or philosophical beliefs</p>
</div>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categoriestrade_union_membership">gdpr:special-categories="trade-union-membership"</h4>
<div class="paragraph">
<p>Trade union membership</p>
</div>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categoriesgenetic_data">gdpr:special-categories="genetic-data"</h4>
<div class="paragraph">
<p>Genetic data</p>
</div>
<div class="paragraph">
<p>Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categoriesbiometric_data">gdpr:special-categories="biometric-data"</h4>
<div class="paragraph">
<p>Biometric data</p>
</div>
<div class="paragraph">
<p>Biometric data for the purpose of uniquely identifying a natural person. Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categorieshealth">gdpr:special-categories="health"</h4>
<div class="paragraph">
<p>Health</p>
</div>
<div class="paragraph">
<p>Data concerning health. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gdprspecial_categoriessex_life_or_sexual_orientation">gdpr:special-categories="sex-life-or-sexual-orientation"</h4>
<div class="paragraph">
<p>Sex life or sexual orientation</p>
</div>
<div class="paragraph">
<p>Data concerning a natural person&#8217;s sex life or sexual orientation</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_gea_nz_activities">gea-nz-activities</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
gea-nz-activities namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/gea-nz-activities/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Information needed to track or monitor moments, periods or events that occur over time. This type of information is focused on occurrences that must be tracked for business reasons or represent a specific point in the evolution of The Business.</p>
</div>
<div class="sect2">
<h3 id="_cases_compliance">cases-compliance</h3>
<div class="paragraph">
<p>Information about an occurrence by a person or organisation that is under official investigation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_complianceassessment">gea-nz-activities:cases-compliance="assessment"</h4>
<div class="paragraph">
<p>Assessment</p>
</div>
<div class="paragraph">
<p>Detailed information related to performing an assessment, the act of assessing; appraisal; evaluation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_complianceaudit">gea-nz-activities:cases-compliance="audit"</h4>
<div class="paragraph">
<p>Audit</p>
</div>
<div class="paragraph">
<p>Detailed information related to performing an audit, to make an audit of; examine (accounts, records, etc.) for purposes of verification.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_complianceinspection">gea-nz-activities:cases-compliance="inspection"</h4>
<div class="paragraph">
<p>Inspection</p>
</div>
<div class="paragraph">
<p>Detailed information related to performing an inspection or viewing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_complianceinvestigation">gea-nz-activities:cases-compliance="investigation"</h4>
<div class="paragraph">
<p>Investigation</p>
</div>
<div class="paragraph">
<p>Detailed information related to performing an investigation, to search out and examine the particulars of in an attempt to learn the facts about something hidden, unique, or complex, especially in an attempt to find a motive, cause, or culprit.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_compliancereview">gea-nz-activities:cases-compliance="review"</h4>
<div class="paragraph">
<p>Review</p>
</div>
<div class="paragraph">
<p>Detailed information related to performing a review, to survey mentally; take a survey of.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cases_proceeding">cases-proceeding</h3>
<div class="paragraph">
<p>Information about a case held by an organisation related to interpretation of the law.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_proceedingbreach">gea-nz-activities:cases-proceeding="breach"</h4>
<div class="paragraph">
<p>Breach</p>
</div>
<div class="paragraph">
<p>Detailed information related to breaches, such as breach of contract, defamation, the recovering of debts, and family disputes over care arrangements for children, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_proceedingfine">gea-nz-activities:cases-proceeding="fine"</h4>
<div class="paragraph">
<p>Fine</p>
</div>
<div class="paragraph">
<p>Detailed information related to fines, such as parking fine, speeding fine, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_proceedingfraud">gea-nz-activities:cases-proceeding="fraud"</h4>
<div class="paragraph">
<p>Fraud</p>
</div>
<div class="paragraph">
<p>Detailed information related to fraud.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_proceedingoffence">gea-nz-activities:cases-proceeding="offence"</h4>
<div class="paragraph">
<p>Offence</p>
</div>
<div class="paragraph">
<p>Detailed information related to an offence.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cases_episode">cases-episode</h3>
<div class="paragraph">
<p>Information focused on individuals interactions with an agency, organisation or enterprise, which is tacked as a sequence over a period of time.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodedefect">gea-nz-activities:cases-episode="defect"</h4>
<div class="paragraph">
<p>Defect</p>
</div>
<div class="paragraph">
<p>Detailed information related to cases concerning defects, such as time of occurrence, a repeated defect, solution, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodeemergency">gea-nz-activities:cases-episode="emergency"</h4>
<div class="paragraph">
<p>Emergency</p>
</div>
<div class="paragraph">
<p>Detailed information related to emergency cases.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodeerror">gea-nz-activities:cases-episode="error"</h4>
<div class="paragraph">
<p>Error</p>
</div>
<div class="paragraph">
<p>Detailed information related to errors, a deviation from accuracy or correctness.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodefault">gea-nz-activities:cases-episode="fault"</h4>
<div class="paragraph">
<p>Fault</p>
</div>
<div class="paragraph">
<p>Detailed information related to cases concerning faults, a defect or imperfection; flaw; failing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodehistory">gea-nz-activities:cases-episode="history"</h4>
<div class="paragraph">
<p>History</p>
</div>
<div class="paragraph">
<p>Detailed information related to history, meaning a sequence of events, such as family history.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodeincident">gea-nz-activities:cases-episode="incident"</h4>
<div class="paragraph">
<p>Incident</p>
</div>
<div class="paragraph">
<p>Detailed information related to cases concerning incidents, an individual occurrence or event.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodeissue">gea-nz-activities:cases-episode="issue"</h4>
<div class="paragraph">
<p>Issue</p>
</div>
<div class="paragraph">
<p>Detailed information related to cases concerning issues, a point in question or a matter that is in dispute which needs a decision.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodeproblem">gea-nz-activities:cases-episode="problem"</h4>
<div class="paragraph">
<p>Problem</p>
</div>
<div class="paragraph">
<p>Detailed information related to problems, any question or matter involving doubt, uncertainty, or difficulty.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodecrime">gea-nz-activities:cases-episode="crime"</h4>
<div class="paragraph">
<p>Crime</p>
</div>
<div class="paragraph">
<p>Detailed information related to cases concerning crimes, actions or instances of negligence that is deemed injurious to the public welfare or morals or to the interests of the state and that is legally prohibited.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_episodeinfrigement">gea-nz-activities:cases-episode="infrigement"</h4>
<div class="paragraph">
<p>Infrigement</p>
</div>
<div class="paragraph">
<p>Detailed information related to cases concerning infringements, a breach or infraction, as of a law, right, or obligation; violation; transgression.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cases_commission_of_inquiry">cases-commission-of-inquiry</h3>
<div class="paragraph">
<p>Information relating to inquiries into various issues. Commissions report findings, give advice and make recommendations.</p>
</div>
</div>
<div class="sect2">
<h3 id="_cases_claim">cases-claim</h3>
<div class="paragraph">
<p>Information about claims.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_claimclaim_of_definition">gea-nz-activities:cases-claim="claim-of-definition"</h4>
<div class="paragraph">
<p>Claim of Definition</p>
</div>
<div class="paragraph">
<p>Detailed information related to claims of definition.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_claimclaim_of_cause">gea-nz-activities:cases-claim="claim-of-cause"</h4>
<div class="paragraph">
<p>Claim of Cause</p>
</div>
<div class="paragraph">
<p>Detailed information related to claims of cause.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_claimclaim_of_value">gea-nz-activities:cases-claim="claim-of-value"</h4>
<div class="paragraph">
<p>Claim of Value</p>
</div>
<div class="paragraph">
<p>Detailed information related to claims of value.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_claimclaim_of_policy">gea-nz-activities:cases-claim="claim-of-policy"</h4>
<div class="paragraph">
<p>Claim of Policy</p>
</div>
<div class="paragraph">
<p>Detailed information related to claims of policy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_claimclaim_of_fact">gea-nz-activities:cases-claim="claim-of-fact"</h4>
<div class="paragraph">
<p>Claim of Fact</p>
</div>
<div class="paragraph">
<p>Detailed information related to claims of fact.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cases_request">cases-request</h3>
<div class="paragraph">
<p>Information about requests that need to be tracked.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_requestrequest_for_information">gea-nz-activities:cases-request="request-for-information"</h4>
<div class="paragraph">
<p>Request for Information</p>
</div>
<div class="paragraph">
<p>Detailed information related to requests for information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_requestrequest_for_proposal">gea-nz-activities:cases-request="request-for-proposal"</h4>
<div class="paragraph">
<p>Request for proposal</p>
</div>
<div class="paragraph">
<p>Detailed information related to requests for proposals.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_requestrequest_for_quotation">gea-nz-activities:cases-request="request-for-quotation"</h4>
<div class="paragraph">
<p>Request for quotation</p>
</div>
<div class="paragraph">
<p>Detailed information related to requests for quotation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_requestrequest_for_tender">gea-nz-activities:cases-request="request-for-tender"</h4>
<div class="paragraph">
<p>Request for Tender</p>
</div>
<div class="paragraph">
<p>Detailed information related to requests for tender.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_requestrequest_for_approval">gea-nz-activities:cases-request="request-for-approval"</h4>
<div class="paragraph">
<p>Request for Approval</p>
</div>
<div class="paragraph">
<p>Detailed information related to requests for approval.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_requestrequest_for_comments">gea-nz-activities:cases-request="request-for-comments"</h4>
<div class="paragraph">
<p>Request for Comments</p>
</div>
<div class="paragraph">
<p>Detailed information related to requests for comments.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiescases_requestorder">gea-nz-activities:cases-request="order"</h4>
<div class="paragraph">
<p>Order</p>
</div>
<div class="paragraph">
<p>Information relating to orders and tracking of the orders.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cases_order">cases-order</h3>
<div class="paragraph">
<p>Information relating to orders and tracking of the orders.</p>
</div>
</div>
<div class="sect2">
<h3 id="_events_personal">events-personal</h3>
<div class="paragraph">
<p>Information around personal events like birth, starting school, getting married, etc.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalbirth">gea-nz-activities:events-personal="birth"</h4>
<div class="paragraph">
<p>Birth</p>
</div>
<div class="paragraph">
<p>Detailed information related to giving birth.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalstarting_school">gea-nz-activities:events-personal="starting-school"</h4>
<div class="paragraph">
<p>Starting School</p>
</div>
<div class="paragraph">
<p>Detailed information related to starting school.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personaladoption">gea-nz-activities:events-personal="adoption"</h4>
<div class="paragraph">
<p>Adoption</p>
</div>
<div class="paragraph">
<p>Detailed information related to adopting a child.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalmarriage">gea-nz-activities:events-personal="marriage"</h4>
<div class="paragraph">
<p>Marriage</p>
</div>
<div class="paragraph">
<p>Detailed information related to get married.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalsenior_citizenship">gea-nz-activities:events-personal="senior-citizenship"</h4>
<div class="paragraph">
<p>Senior Citizenship</p>
</div>
<div class="paragraph">
<p>Detailed information related to becoming a senior citizen.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalcare">gea-nz-activities:events-personal="care"</h4>
<div class="paragraph">
<p>Care</p>
</div>
<div class="paragraph">
<p>Detailed information related to going into care.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personaldeath">gea-nz-activities:events-personal="death"</h4>
<div class="paragraph">
<p>Death</p>
</div>
<div class="paragraph">
<p>Detailed information related to a death.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalfostering">gea-nz-activities:events-personal="fostering"</h4>
<div class="paragraph">
<p>Fostering</p>
</div>
<div class="paragraph">
<p>Detailed information related to fostering a child.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalenrol_to_vote">gea-nz-activities:events-personal="enrol-to-vote"</h4>
<div class="paragraph">
<p>Enrol to Vote</p>
</div>
<div class="paragraph">
<p>Detailed information related to the event of enrolling to vote and voting.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personalvolunteering">gea-nz-activities:events-personal="volunteering"</h4>
<div class="paragraph">
<p>Volunteering</p>
</div>
<div class="paragraph">
<p>Detailed information related to the event of volunteering for public services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_personaldrivers_licence">gea-nz-activities:events-personal="driver&#8217;s-licence"</h4>
<div class="paragraph">
<p>Driver&#8217;s Licence</p>
</div>
<div class="paragraph">
<p>Detailed information related to getting a driver&#8217;s licence.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_crisis">events-crisis</h3>
<div class="paragraph">
<p>Information about events that describe a personal crisis.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_crisisvictim_of_a_crime">gea-nz-activities:events-crisis="victim-of-a-crime"</h4>
<div class="paragraph">
<p>Victim of a Crime</p>
</div>
<div class="paragraph">
<p>Detailed information related to the event of being a victim of a crime.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_crisiswitness_of_a_crime">gea-nz-activities:events-crisis="witness-of-a-crime"</h4>
<div class="paragraph">
<p>Witness of a Crime</p>
</div>
<div class="paragraph">
<p>Detailed information related to the event of being a witness of a crime.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_crisishealth">gea-nz-activities:events-crisis="health"</h4>
<div class="paragraph">
<p>Health</p>
</div>
<div class="paragraph">
<p>Detailed information related to a health event, such as illness and operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_crisisemergency">gea-nz-activities:events-crisis="emergency"</h4>
<div class="paragraph">
<p>Emergency</p>
</div>
<div class="paragraph">
<p>Detailed information related to an emergency.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_crisisaccused">gea-nz-activities:events-crisis="accused"</h4>
<div class="paragraph">
<p>Accused</p>
</div>
<div class="paragraph">
<p>Detailed information related to being accused of a crime.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_crisisconvicted">gea-nz-activities:events-crisis="convicted"</h4>
<div class="paragraph">
<p>Convicted</p>
</div>
<div class="paragraph">
<p>Detailed information related to being convicted of a crime.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_social">events-social</h3>
<div class="paragraph">
<p>Information relating to planned or spontaneous occurrences of a social nature that may require a response by an organisation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_socialceremony">gea-nz-activities:events-social="ceremony"</h4>
<div class="paragraph">
<p>Ceremony</p>
</div>
<div class="paragraph">
<p>Detailed information related to ceremonies.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_socialconference">gea-nz-activities:events-social="conference"</h4>
<div class="paragraph">
<p>Conference</p>
</div>
<div class="paragraph">
<p>Detailed information related to conferences.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_socialconcert">gea-nz-activities:events-social="concert"</h4>
<div class="paragraph">
<p>Concert</p>
</div>
<div class="paragraph">
<p>Detailed information related to concerts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_socialsporting_event">gea-nz-activities:events-social="sporting-event"</h4>
<div class="paragraph">
<p>Spporting Event</p>
</div>
<div class="paragraph">
<p>Detailed information related to sporting events, an activity involving physical exertion and skill that is governed by a set of rules or customs and often undertaken competitively, often sports.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_socialprotest">gea-nz-activities:events-social="protest"</h4>
<div class="paragraph">
<p>Protest</p>
</div>
<div class="paragraph">
<p>Detailed information related to protests, an event at which people gather together to show strong disapproval about something.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_socialfestival">gea-nz-activities:events-social="festival"</h4>
<div class="paragraph">
<p>Festival</p>
</div>
<div class="paragraph">
<p>Detailed information related to festivals.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_business">events-business</h3>
<div class="paragraph">
<p>Information related to a type of event relating to the business of the organisation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businessseed_capital">gea-nz-activities:events-business="seed-capital"</h4>
<div class="paragraph">
<p>Seed Capital</p>
</div>
<div class="paragraph">
<p>Detailed information related to seeding a business.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businessstart_up">gea-nz-activities:events-business="start-up"</h4>
<div class="paragraph">
<p>Start-up</p>
</div>
<div class="paragraph">
<p>Detailed information related to starting up a business.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businesshiring">gea-nz-activities:events-business="hiring"</h4>
<div class="paragraph">
<p>Hiring</p>
</div>
<div class="paragraph">
<p>Detailed information related to hiring staff.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businesstermination_of_employment">gea-nz-activities:events-business="termination-of-employment"</h4>
<div class="paragraph">
<p>Termination of Employment</p>
</div>
<div class="paragraph">
<p>Detailed information related to terminating a employment contract.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businessmerge">gea-nz-activities:events-business="merge"</h4>
<div class="paragraph">
<p>Merge</p>
</div>
<div class="paragraph">
<p>Detailed information related to merging of two or more companies, generally by offering the stockholders of one company securities in the acquiring company in exchange for the surrender of their stock.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businessdemerge">gea-nz-activities:events-business="demerge"</h4>
<div class="paragraph">
<p>Demerge</p>
</div>
<div class="paragraph">
<p>Detailed information related to a demerger, the separation of a large company into two or more smaller organizations, particularly as the dissolution of an earlier merger.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businessstock_exchange_listing">gea-nz-activities:events-business="stock-exchange-listing"</h4>
<div class="paragraph">
<p>Stock Exchange Listing</p>
</div>
<div class="paragraph">
<p>Detailed information related to listing a company on the stock exchange.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businessstock_exchange_delisting">gea-nz-activities:events-business="stock-exchange-delisting"</h4>
<div class="paragraph">
<p>Stock Exchange Delisting</p>
</div>
<div class="paragraph">
<p>Detailed information related to de-listing or removing a company from the stock exchange.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businesschange_name">gea-nz-activities:events-business="change-name"</h4>
<div class="paragraph">
<p>Change Name</p>
</div>
<div class="paragraph">
<p>Detailed information related to changing the name of a company.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businessbankruptcy">gea-nz-activities:events-business="bankruptcy"</h4>
<div class="paragraph">
<p>Bankruptcy</p>
</div>
<div class="paragraph">
<p>Detailed information related to a company going bankrupt.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_businesscease">gea-nz-activities:events-business="cease"</h4>
<div class="paragraph">
<p>Cease</p>
</div>
<div class="paragraph">
<p>Detailed information related to closing a company.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_trade">events-trade</h3>
<div class="paragraph">
<p>Information about events that hold substantial meaning for an individual but which are tracked by an organisation such as birth, deaths, health condition etc.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_tradebuying">gea-nz-activities:events-trade="buying"</h4>
<div class="paragraph">
<p>Buying</p>
</div>
<div class="paragraph">
<p>Detailed information related to buying goods or real estates.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_tradeselling">gea-nz-activities:events-trade="selling"</h4>
<div class="paragraph">
<p>Selling</p>
</div>
<div class="paragraph">
<p>Detailed information related to selling goods or real estates.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_tradeimporting">gea-nz-activities:events-trade="importing"</h4>
<div class="paragraph">
<p>Importing</p>
</div>
<div class="paragraph">
<p>Detailed information related to importing goods.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_tradeexporting">gea-nz-activities:events-trade="exporting"</h4>
<div class="paragraph">
<p>Exporting</p>
</div>
<div class="paragraph">
<p>Detailed information related to exporting goods.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_traderenting">gea-nz-activities:events-trade="renting"</h4>
<div class="paragraph">
<p>Renting</p>
</div>
<div class="paragraph">
<p>Detailed information related to renting goods or real estate.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_travel">events-travel</h3>
<div class="paragraph">
<p>Information related to traveling overseas or coming into France.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_traveltravelling_overseas">gea-nz-activities:events-travel="travelling-overseas"</h4>
<div class="paragraph">
<p>Travelling Overseas</p>
</div>
<div class="paragraph">
<p>Detailed information related to traveling overseas.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_travelextended_stay_in_france">gea-nz-activities:events-travel="extended-stay-in-france"</h4>
<div class="paragraph">
<p>Extended Stay in France</p>
</div>
<div class="paragraph">
<p>Detailed information related to an extended stay in France.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_environmental">events-environmental</h3>
<div class="paragraph">
<p>Information held by an organisation about environmental activities such as atmospheric pressures, geological formations, rainfall etc.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_environmentalatmospheric">gea-nz-activities:events-environmental="atmospheric"</h4>
<div class="paragraph">
<p>Atmospheric</p>
</div>
<div class="paragraph">
<p>Detailed information related to atmospheric event, such as cyclone, hail, hurricane, lightning, rain, snow, typhoon, wind, pressure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_environmentalelemental">gea-nz-activities:events-environmental="elemental"</h4>
<div class="paragraph">
<p>Elemental</p>
</div>
<div class="paragraph">
<p>Detailed information related to elemental event, such as avalanche, fire, flood, landslide, tsunami, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_environmentalgeological">gea-nz-activities:events-environmental="geological"</h4>
<div class="paragraph">
<p>Geological</p>
</div>
<div class="paragraph">
<p>Detailed information related to geological event, such as earthquake, eruption, formation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_environmentalseasonal">gea-nz-activities:events-environmental="seasonal"</h4>
<div class="paragraph">
<p>Seasonal</p>
</div>
<div class="paragraph">
<p>Detailed information related to seasonal events.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_uncontrolled">events-uncontrolled</h3>
<div class="paragraph">
<p>Information about events that occur spontaneously, but to which the organisation is required to respond.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_uncontrolledaccident">gea-nz-activities:events-uncontrolled="accident"</h4>
<div class="paragraph">
<p>Accident</p>
</div>
<div class="paragraph">
<p>Detailed information related to an accident, such as crash, explosion, implosion, spill, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_uncontrolledattack">gea-nz-activities:events-uncontrolled="attack"</h4>
<div class="paragraph">
<p>Attack</p>
</div>
<div class="paragraph">
<p>Detailed information related to attacks, such as arson, bombing, coup, kidnapping, biological attack, terrorism, uprising, and threats which lead to an offence.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_uncontrolledfailure">gea-nz-activities:events-uncontrolled="failure"</h4>
<div class="paragraph">
<p>Failure</p>
</div>
<div class="paragraph">
<p>Detailed information related to a failure, such as blackout, nuclear meltdown, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_uncontrolledother">gea-nz-activities:events-uncontrolled="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Detailed information related to other uncontrolled events.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_events_interaction">events-interaction</h3>
<div class="paragraph">
<p>Information about activity that describes a relevant process or action undertaken by the enterprise.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_interactionchannel">gea-nz-activities:events-interaction="channel"</h4>
<div class="paragraph">
<p>Channel</p>
</div>
<div class="paragraph">
<p>A channel or mode by which an interaction takes place. For example face-to-face, in-person or by mail etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_interactionmedium">gea-nz-activities:events-interaction="medium"</h4>
<div class="paragraph">
<p>Medium</p>
</div>
<div class="paragraph">
<p>The format in which information content is supplied to others, provided internally to the organisation or purchased from an external provider.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesevents_interactioninteraction_type">gea-nz-activities:events-interaction="interaction-type"</h4>
<div class="paragraph">
<p>Interaction Type</p>
</div>
<div class="paragraph">
<p>Actions represent the information about key interactions that occur. Concepts such as Operators Assisted and Self Service are just relationships from parties in their appropriate roles to an action.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_services_france_society">services-france-society</h3>
<div class="paragraph">
<p>Information related to services delivered across France individuals, communities, and businesses.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyborder_control">gea-nz-activities:services-france-society="border-control"</h4>
<div class="paragraph">
<p>Border Control</p>
</div>
<div class="paragraph">
<p>Detailed information related to border control services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyculture_and_heritage">gea-nz-activities:services-france-society="culture-and-heritage"</h4>
<div class="paragraph">
<p>Culture and Heritage</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support culture and heritage.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societydefence">gea-nz-activities:services-france-society="defence"</h4>
<div class="paragraph">
<p>Defence</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the defence and protection of the nation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyeconomic_service">gea-nz-activities:services-france-society="economic-service"</h4>
<div class="paragraph">
<p>Economic Service</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the economic management of public funds and other resources.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyenvironment">gea-nz-activities:services-france-society="environment"</h4>
<div class="paragraph">
<p>Environment</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the management of surrounding natural and built environment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyfinancial_transaction_with_government">gea-nz-activities:services-france-society="financial-transaction-with-government"</h4>
<div class="paragraph">
<p>Financial Transaction with Government</p>
</div>
<div class="paragraph">
<p>Detailed information related to provisioning earned and unearned financial or monetary-like benefits to individuals, groups, or corporations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyinternational_relationship">gea-nz-activities:services-france-society="international-relationship"</h4>
<div class="paragraph">
<p>International Relationship</p>
</div>
<div class="paragraph">
<p>Detailed information related to services around international relationships.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyjustice">gea-nz-activities:services-france-society="justice"</h4>
<div class="paragraph">
<p>Justice</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to provide justice, apply legislation, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyfrance_society">gea-nz-activities:services-france-society="france-society"</h4>
<div class="paragraph">
<p>France Society</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to assist individuals and organisations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societynatural_resources">gea-nz-activities:services-france-society="natural-resources"</h4>
<div class="paragraph">
<p>Natural Resources</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the sustainability use and management of energy, minerals, land, and water.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyopen_government">gea-nz-activities:services-france-society="open-government"</h4>
<div class="paragraph">
<p>Open Government</p>
</div>
<div class="paragraph">
<p>Detailed information related to services around transparency that gives citizens oversight of the government.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyregulatory_compliance_and_enforcement">gea-nz-activities:services-france-society="regulatory-compliance-and-enforcement"</h4>
<div class="paragraph">
<p>Regulatory Compliance and Enforcement</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to monitor and oversight of specific individuals, groups, industries, or communities participating in regulated activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societyscience_and_research">gea-nz-activities:services-france-society="science-and-research"</h4>
<div class="paragraph">
<p>Science and Research</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support and promote research and systematic studies.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societysecurity">gea-nz-activities:services-france-society="security"</h4>
<div class="paragraph">
<p>Security</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to maintain the safety of New Zealand at all levels of society.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_france_societystatistical_services">gea-nz-activities:services-france-society="statistical-services"</h4>
<div class="paragraph">
<p>Statistical Services</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to provide high quality, objective and responsive statistics</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_services_inviduals_communities">services-inviduals-&amp;-communities</h3>
<div class="paragraph">
<p>Information related to services delivered specifically to France individuals and communities.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiesadopting_and_fostering">gea-nz-activities:services-inviduals-&amp;-communities="adopting-and-fostering"</h4>
<div class="paragraph">
<p>Adopting and Fostering</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support a person who wants to adopt or foster another person, usually a child.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiesbirths_deaths_and_marriages">gea-nz-activities:services-inviduals-&amp;-communities="births-deaths-and-marriages"</h4>
<div class="paragraph">
<p>Births, Deaths and Marriages</p>
</div>
<div class="paragraph">
<p>Detailed information related to these life events of France citizens, and residents.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiescitizenship_and_immigration">gea-nz-activities:services-inviduals-&amp;-communities="citizenship-and-immigration"</h4>
<div class="paragraph">
<p>Citizenship and Immigration</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to assist people wishing to enter France on a permanent or temporary basis</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiescommunity_support">gea-nz-activities:services-inviduals-&amp;-communities="community-support"</h4>
<div class="paragraph">
<p>Community Support</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to assist citizens in a particular district or those with common interests and needs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitieseducation_and_training">gea-nz-activities:services-inviduals-&amp;-communities="education-and-training"</h4>
<div class="paragraph">
<p>Education and Training</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the provisioning of skills and knowledge to citizens and the strategies to make education available to the broadest possible cross-section of the community.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiesemergency_and_disaster_preparedness">gea-nz-activities:services-inviduals-&amp;-communities="emergency-and-disaster-preparedness"</h4>
<div class="paragraph">
<p>Emergency and Disaster Preparedness</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to deal with and avoid both natural and manmade disasters.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiesinformation_from_citizens">gea-nz-activities:services-inviduals-&amp;-communities="information-from-citizens"</h4>
<div class="paragraph">
<p>Information from Citizens</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support avenues through which the government exchange information and explicit knowledge with individuals.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitieshealth_care">gea-nz-activities:services-inviduals-&amp;-communities="health-care"</h4>
<div class="paragraph">
<p>Health Care</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to prevent, diagnose and treat diseases or injuries, to provision health care services and medical research.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiespassport_travel_and_tourism">gea-nz-activities:services-inviduals-&amp;-communities="passport-travel-and-tourism"</h4>
<div class="paragraph">
<p>Passport, Travel and Tourism</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support France citizens traveling or living overseas, and local and overseas tourists traveling within France.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitiessport_and_recreation">gea-nz-activities:services-inviduals-&amp;-communities="sport-and-recreation"</h4>
<div class="paragraph">
<p>Sport and Recreation</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support, promote and encourage operating and marinating amenities or facilities for cultural, recreational and sporting activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_inviduals_communitieswork_and_jobs">gea-nz-activities:services-inviduals-&amp;-communities="work-and-jobs"</h4>
<div class="paragraph">
<p>Work and Jobs</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support employment, develop careers, and gain professional accreditation for individuals.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_services_services_to_business">services-services-to-business</h3>
<div class="paragraph">
<p>Information related to services delivered specifically to France businesses.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_to_businessbusiness_development">gea-nz-activities:services-services-to-business="business-development"</h4>
<div class="paragraph">
<p>Business Development</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to assist business growth and management, and support advocacy programs and advising on regulations surrounding business activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_to_businessbusiness_support">gea-nz-activities:services-services-to-business="business-support"</h4>
<div class="paragraph">
<p>Business Support</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the private sector, including small business and non-profit organisations assisting businesses to comply with reporting requirements of the government.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_to_businesscommercial_sport">gea-nz-activities:services-services-to-business="commercial-sport"</h4>
<div class="paragraph">
<p>Commercial Sport</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to cover the commercial aspects of sport when run as a business.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_to_businessemployment">gea-nz-activities:services-services-to-business="employment"</h4>
<div class="paragraph">
<p>Employment</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the employment growth and working environment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_to_businessprimal_industries">gea-nz-activities:services-services-to-business="primal-industries"</h4>
<div class="paragraph">
<p>Primal Industries</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support rural and marine industries.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_to_businesstourism">gea-nz-activities:services-services-to-business="tourism"</h4>
<div class="paragraph">
<p>Tourism</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to encourage recreational visitors to a region, and support the tourism industry.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_to_businesstrade">gea-nz-activities:services-services-to-business="trade"</h4>
<div class="paragraph">
<p>Trade</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support purchase, sale or exchange of commodities and advising on trade regulations.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_services_civic_infrastructure">services-civic-infrastructure</h3>
<div class="paragraph">
<p>Information related to services delivering France infrastructure.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_civic_infrastructurecivic_management">gea-nz-activities:services-civic-infrastructure="civic-management"</h4>
<div class="paragraph">
<p>Civic Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to provision integrated support for town planning and building projects, coordinate of building projects, provide advice on building regulations and guidelines.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_civic_infrastructurecommunications">gea-nz-activities:services-civic-infrastructure="communications"</h4>
<div class="paragraph">
<p>Communications</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support the growth of industries that enable and facilitate communication and transmission of information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_civic_infrastructureessential_services">gea-nz-activities:services-civic-infrastructure="essential-services"</h4>
<div class="paragraph">
<p>Essential Services</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to provision essential community services, evaluate land use, town planning, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_civic_infrastructuremaritime_services">gea-nz-activities:services-civic-infrastructure="maritime-services"</h4>
<div class="paragraph">
<p>Maritime Services</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to negotiate passage for sea transport and maritime jurisdiction, provide advice on regulations and manage maritime infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_civic_infrastructurepublic_housing">gea-nz-activities:services-civic-infrastructure="public-housing"</h4>
<div class="paragraph">
<p>Public Housing</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to supply low cost accommodations, provide advice on guidelines, evaluate the need for public housing, setting construction targets, support on-going maintenance of public houses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_civic_infrastructureregional_development">gea-nz-activities:services-civic-infrastructure="regional-development"</h4>
<div class="paragraph">
<p>Regional Development</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support infrastructure projects, extend facilities beyond urban boundaries and support the installation of equipment to enable communications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_civic_infrastructuretransport">gea-nz-activities:services-civic-infrastructure="transport"</h4>
<div class="paragraph">
<p>Transport</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support road, rail and air transportation systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_services_government_administration">services-government-administration</h3>
<div class="paragraph">
<p>Information related to delivering France government wide operations and support services.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_administration_management">gea-nz-activities:services-government-administration="government-administration-management"</h4>
<div class="paragraph">
<p>Government Administration Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve day-to day management and maintenance of the internal administrative operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_business_management">gea-nz-activities:services-government-administration="government-business-management"</h4>
<div class="paragraph">
<p>Government Business Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve activities associated with the management of how the government conduct its business.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_credit_and_insurance">gea-nz-activities:services-government-administration="government-credit-and-insurance"</h4>
<div class="paragraph">
<p>Government Credit and Insurance</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve the use of government funds to cover the subsidy cost of a direct loan or loan guarantee or to protect/indemnify members of the public from financial losses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_financial_management">gea-nz-activities:services-government-administration="government-financial-management"</h4>
<div class="paragraph">
<p>Government Financial Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve agency&#8217;s use of financial information to measure, operate and predict the effectiveness of efficiency of an entity&#8217;s activities in relation to its objectives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_human_ressource_management">gea-nz-activities:services-government-administration="government-human-ressource-management"</h4>
<div class="paragraph">
<p>Government Human Ressource Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve all activities associated with the recruitment and management of personnel.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_ict_management">gea-nz-activities:services-government-administration="government-ict-management"</h4>
<div class="paragraph">
<p>Government ICT Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve the coordination of information and technology resources and solutions required to support or provide a service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_information_and_knowledge_management">gea-nz-activities:services-government-administration="government-information-and-knowledge-management"</h4>
<div class="paragraph">
<p>Government Information and Knowledge Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve the ownership or custody of information and intellectual assets held by the government.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationgovernment_strategy_planning_and_budgeting">gea-nz-activities:services-government-administration="government-strategy-planning-and-budgeting"</h4>
<div class="paragraph">
<p>Government Strategy, Planning and Budgeting</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve the government activities of determining strategic direction, identifying and establishing programs, services and processes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_government_administrationmachinery_of_government">gea-nz-activities:services-government-administration="machinery-of-government"</h4>
<div class="paragraph">
<p>Machinery of Government</p>
</div>
<div class="paragraph">
<p>Detailed information related to services that involve executing legislative processes in Houses of Parliament, assemblies or councils.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_services_services_from_business">services-services-from-business</h3>
<div class="paragraph">
<p>Information related to services delivered by businesses.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessadvertising">gea-nz-activities:services-services-from-business="advertising"</h4>
<div class="paragraph">
<p>Advertising</p>
</div>
<div class="paragraph">
<p>Detailed information related to advertising services rendered by advertising establishments primarily undertaking communications to the public, declarations or announcements by all means of diffusion and concerning all kinds of goods or services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessbusiness_management">gea-nz-activities:services-services-from-business="business-management"</h4>
<div class="paragraph">
<p>Business Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to services to support business management, mainly services rendered by persons or organizations principally with the object of help in the working or management of a commercial undertaking, or help in the management of the business affairs or commercial functions of an industrial or commercial enterprise.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessinsurance">gea-nz-activities:services-services-from-business="insurance"</h4>
<div class="paragraph">
<p>Insurance</p>
</div>
<div class="paragraph">
<p>Detailed information related to services rendered in relation to insurance contracts of all kinds, such as services dealing with insurance such as services rendered by agents or brokers engaged in insurance, services rendered to insured, and insurance underwriting services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessfinancial_service">gea-nz-activities:services-services-from-business="financial-service"</h4>
<div class="paragraph">
<p>Finalcial Service</p>
</div>
<div class="paragraph">
<p>Detailed information related to services rendered in financial and monetary affairs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessreal_estate_affairs">gea-nz-activities:services-services-from-business="real-estate-affairs"</h4>
<div class="paragraph">
<p>Real Estate Affairs</p>
</div>
<div class="paragraph">
<p>Detailed information related to services of realty administrators of buildings, i.e., services of letting or valuation, or financing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessbuilding_construction">gea-nz-activities:services-services-from-business="building-construction"</h4>
<div class="paragraph">
<p>Building-Construction</p>
</div>
<div class="paragraph">
<p>Detailed information related to services rendered by contractors or subcontractors in the construction or making of permanent buildings, as well as services rendered by persons or organizations engaged in the restoration of objects to their original condition or in their preservation without altering their physical or chemical properties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businesstelecommunication">gea-nz-activities:services-services-from-business="telecommunication"</h4>
<div class="paragraph">
<p>Telecommunication</p>
</div>
<div class="paragraph">
<p>Detailed information related to services allowing at least one person to communicate with another by a sensory means.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businesstransportation">gea-nz-activities:services-services-from-business="transportation"</h4>
<div class="paragraph">
<p>Transportation</p>
</div>
<div class="paragraph">
<p>Detailed information related to services rendered in transporting people or goods from one place to another (by rail, road, water, air or pipeline) and services necessarily connected with such transport.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businesspackaging_and_storage_of_goods">gea-nz-activities:services-services-from-business="packaging-and-storage-of-goods"</h4>
<div class="paragraph">
<p>Packaging and Storage of Goods</p>
</div>
<div class="paragraph">
<p>Detailed information related to services relating to the storing of goods in a warehouse or other building for their preservation or guarding.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businesstravel_arrangement">gea-nz-activities:services-services-from-business="travel-arrangement"</h4>
<div class="paragraph">
<p>Travel Arrangement</p>
</div>
<div class="paragraph">
<p>Detailed information related to services consisting of information about journeys by tourist agencies, information relating to tariffs, timetables and methods of travel.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businesstreatment_of_material">gea-nz-activities:services-services-from-business="treatment-of-material"</h4>
<div class="paragraph">
<p>Treatment of Material</p>
</div>
<div class="paragraph">
<p>Detailed information related to services not included in other categories, rendered by the mechanical or chemical processing or transformation of objects or inorganic or organic substances and any process involving a change in its essential properties (for example, dyeing a garment), and services of material treatment which may be present during the production of any substance or object other than a building, for example, services which involve cutting, shaping, polishing by abrasion or metal coating.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessproviding_training">gea-nz-activities:services-services-from-business="providing-training"</h4>
<div class="paragraph">
<p>Providing Training</p>
</div>
<div class="paragraph">
<p>Detailed information related to services rendered by persons or institutions in the development of the mental faculties of persons or animals.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessentertainment">gea-nz-activities:services-services-from-business="entertainment"</h4>
<div class="paragraph">
<p>Entertainment</p>
</div>
<div class="paragraph">
<p>Detailed information related to services having the basic aim of the entertainment, amusement or recreation of people.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessscientific_service">gea-nz-activities:services-services-from-business="scientific-service"</h4>
<div class="paragraph">
<p>Scientific Service</p>
</div>
<div class="paragraph">
<p>Detailed information related to services provided by persons, individually or collectively, in relation to the theoretical and practical aspects of complex fields of activities, such services are provided by members of professions such as chemists, physicists, engineers, computer programmers, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessproviding_food_drink_and_accomodation">gea-nz-activities:services-services-from-business="providing-food-drink-and-accomodation"</h4>
<div class="paragraph">
<p>Providing Food, Drinking and Accomodation</p>
</div>
<div class="paragraph">
<p>Detailed information related to services provided by persons or establishments whose aim is to prepare food and drink for consumption and services provided to obtain bed and board in hotels, boarding houses or other establishments providing temporary accommodation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businessmedical_service">gea-nz-activities:services-services-from-business="medical-service"</h4>
<div class="paragraph">
<p>Medical Service</p>
</div>
<div class="paragraph">
<p>Detailed information related to medical care, hygienic and beauty care given by persons or establishments to human beings and animals, it also includes services relating to the fields of agriculture, horticulture and forestry.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_activitiesservices_services_from_businesslegal_service">gea-nz-activities:services-services-from-business="legal-service"</h4>
<div class="paragraph">
<p>Legal Service</p>
</div>
<div class="paragraph">
<p>Detailed information related to legal services, security services for the protection of property and individuals, personal and social services rendered by others to meet the needs of individuals.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_gea_nz_entities">gea-nz-entities</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
gea-nz-entities namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/gea-nz-entities/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Information relating to instances of entities or things.</p>
</div>
<div class="sect2">
<h3 id="_parties_party">parties-party</h3>
<div class="paragraph">
<p>Information dealing with people or organisations.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_partyorganisation">gea-nz-entities:parties-party="organisation"</h4>
<div class="paragraph">
<p>Organisation</p>
</div>
<div class="paragraph">
<p>Information dealing with organisations, particularly where an information asset has no requirement to address either of these party sub-types directly.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_partyindividual">gea-nz-entities:parties-party="individual"</h4>
<div class="paragraph">
<p>Individual</p>
</div>
<div class="paragraph">
<p>Information dealing with an individual.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_parties_qualification">parties-qualification</h3>
<div class="paragraph">
<p>Information which relates to persons or organisations of a qualifying nature.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_qualificationcompetence">gea-nz-entities:parties-qualification="competence"</h4>
<div class="paragraph">
<p>Competence</p>
</div>
<div class="paragraph">
<p>Detailed information relating to party&#8217;s competencies, experience based or professional.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_qualificationeducation">gea-nz-entities:parties-qualification="education"</h4>
<div class="paragraph">
<p>Education</p>
</div>
<div class="paragraph">
<p>Detailed information relating to party&#8217;s education history, such as higher education, schools, vocations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_qualificationindustry">gea-nz-entities:parties-qualification="industry"</h4>
<div class="paragraph">
<p>Industry</p>
</div>
<div class="paragraph">
<p>Detailed information relating to party&#8217;s (mostly of an organisation) specific industry.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_qualificationoccupation">gea-nz-entities:parties-qualification="occupation"</h4>
<div class="paragraph">
<p>Occupation</p>
</div>
<div class="paragraph">
<p>Detailed information relating to a party&#8217;s occupation.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_parties_role">parties-role</h3>
<div class="paragraph">
<p>Role information which relates to persons or organisations.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_rolecommerce">gea-nz-entities:parties-role="commerce"</h4>
<div class="paragraph">
<p>Commerce</p>
</div>
<div class="paragraph">
<p>Detailed information relating to commercial roles.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_rolelegal">gea-nz-entities:parties-role="legal"</h4>
<div class="paragraph">
<p>Legal</p>
</div>
<div class="paragraph">
<p>Detailed information relating to legal roles, such as commissioner, counsel, defendant, investigator, offender, source, suspect, witness.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_roleof_interest">gea-nz-entities:parties-role="of-interest"</h4>
<div class="paragraph">
<p>Of Interest</p>
</div>
<div class="paragraph">
<p>Detailed information relating to roles a party plays in any subject of interest.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_rolesocial">gea-nz-entities:parties-role="social"</h4>
<div class="paragraph">
<p>Social</p>
</div>
<div class="paragraph">
<p>Detailed information relating to social roles.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_parties_party_relationship">parties-party-relationship</h3>
<div class="paragraph">
<p>Information about the relationship between two or more parties.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_party_relationshipmembership">gea-nz-entities:parties-party-relationship="membership"</h4>
<div class="paragraph">
<p>Membership</p>
</div>
<div class="paragraph">
<p>Detailed information relating to membership to groups, forums, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_party_relationshipemployer">gea-nz-entities:parties-party-relationship="employer"</h4>
<div class="paragraph">
<p>Employer</p>
</div>
<div class="paragraph">
<p>Detailed information relating to relationship of an employer towards other parties, such as employee, government, industry.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_party_relationshipprovider">gea-nz-entities:parties-party-relationship="provider"</h4>
<div class="paragraph">
<p>Provider</p>
</div>
<div class="paragraph">
<p>Detailed information relating to relationship as a provider of services towards other parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesparties_party_relationshipdelegation">gea-nz-entities:parties-party-relationship="delegation"</h4>
<div class="paragraph">
<p>Delegation</p>
</div>
<div class="paragraph">
<p>Detailed information related to the relationship of delegation, both delegator / delegated.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_places_address">places-address</h3>
<div class="paragraph">
<p>Detailed information related to an address.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_addresselectronic_address">gea-nz-entities:places-address="electronic-address"</h4>
<div class="paragraph">
<p>Electronic Address</p>
</div>
<div class="paragraph">
<p>Detailed information around an electronic address.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_addressphysical_address">gea-nz-entities:places-address="physical-address"</h4>
<div class="paragraph">
<p>Physical Address</p>
</div>
<div class="paragraph">
<p>Detailed information related to geographic addresses.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_places_location_type">places-location-type</h3>
<div class="paragraph">
<p>Information of a geospatial or geopolitical nature held by an organisation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_location_typegeopolitical">gea-nz-entities:places-location-type="geopolitical"</h4>
<div class="paragraph">
<p>Geopolitical</p>
</div>
<div class="paragraph">
<p>Detailed information related to geopolitical places, such as council, country, electorate, locality, nation, region, and province.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_location_typegeospatial">gea-nz-entities:places-location-type="geospatial"</h4>
<div class="paragraph">
<p>Geospatial</p>
</div>
<div class="paragraph">
<p>Detailed information related to geospatial places, such as area, lot, parish, statistical area, suburb, town, village, and zone.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_places_address_type">places-address-type</h3>
<div class="paragraph">
<p>Identifies the types of address.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_address_typenz_standard_addresss">gea-nz-entities:places-address-type="nz-standard-addresss"</h4>
<div class="paragraph">
<p>NZ Standard Address</p>
</div>
<div class="paragraph">
<p>Detailed information relating to standard New Zealand addresses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_address_typepo_box">gea-nz-entities:places-address-type="po-box"</h4>
<div class="paragraph">
<p>PO Box</p>
</div>
<div class="paragraph">
<p>Detailed information relating to PO Box, a numbered box in a post office assigned to a person or organization, where letters for them are kept until called for.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_address_typerural_delivery_address">gea-nz-entities:places-address-type="rural-delivery-address"</h4>
<div class="paragraph">
<p>Rural Delivery Address</p>
</div>
<div class="paragraph">
<p>Detailed information relating to rural delivery addresses which have no standard NZ format.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_address_typeovearseas_address">gea-nz-entities:places-address-type="ovearseas-address"</h4>
<div class="paragraph">
<p>Overseas Address</p>
</div>
<div class="paragraph">
<p>Detailed information relating to addresses in other countries.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_address_typelocation_addresss">gea-nz-entities:places-address-type="location-addresss"</h4>
<div class="paragraph">
<p>Location Address</p>
</div>
<div class="paragraph">
<p>Detailed information relating to physical location addresses including coordinates.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_places_purpose_of_location">places-purpose-of-location</h3>
<div class="paragraph">
<p>Information about the purpose of a given address or location.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationresidency">gea-nz-entities:places-purpose-of-location="residency"</h4>
<div class="paragraph">
<p>Residency</p>
</div>
<div class="paragraph">
<p>Detailed information relating to home addresses, both current and previous.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationdelivery">gea-nz-entities:places-purpose-of-location="delivery"</h4>
<div class="paragraph">
<p>Delivery</p>
</div>
<div class="paragraph">
<p>Detailed information related to delivery addresses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationbilling">gea-nz-entities:places-purpose-of-location="billing"</h4>
<div class="paragraph">
<p>Billing</p>
</div>
<div class="paragraph">
<p>Detailed information related to billing addresses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationplace_of_birth">gea-nz-entities:places-purpose-of-location="place-of-birth"</h4>
<div class="paragraph">
<p>Place of Birth</p>
</div>
<div class="paragraph">
<p>Detailed information related to the place of birth.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationconsultation">gea-nz-entities:places-purpose-of-location="consultation"</h4>
<div class="paragraph">
<p>Consultation</p>
</div>
<div class="paragraph">
<p>Detailed information related to the location of a consultation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationreferral">gea-nz-entities:places-purpose-of-location="referral"</h4>
<div class="paragraph">
<p>Referral</p>
</div>
<div class="paragraph">
<p>Detailed information related to location of a referral.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationadmission">gea-nz-entities:places-purpose-of-location="admission"</h4>
<div class="paragraph">
<p>Admission</p>
</div>
<div class="paragraph">
<p>Detailed information related to the location of an admission.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationtreatment">gea-nz-entities:places-purpose-of-location="treatment"</h4>
<div class="paragraph">
<p>Treatment</p>
</div>
<div class="paragraph">
<p>Detailed information related to the location of a treatment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationwork_place">gea-nz-entities:places-purpose-of-location="work-place"</h4>
<div class="paragraph">
<p>Work Place</p>
</div>
<div class="paragraph">
<p>Detailed information related to the workplace location or address.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationfacility_location">gea-nz-entities:places-purpose-of-location="facility-location"</h4>
<div class="paragraph">
<p>Facility Location</p>
</div>
<div class="paragraph">
<p>Detailed information related to the location of a facility.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationstorage">gea-nz-entities:places-purpose-of-location="storage"</h4>
<div class="paragraph">
<p>Storage</p>
</div>
<div class="paragraph">
<p>Detailed information related to the location of storage of goods or other items.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesplaces_purpose_of_locationplace_of_event">gea-nz-entities:places-purpose-of-location="place-of-event"</h4>
<div class="paragraph">
<p>Place of Event</p>
</div>
<div class="paragraph">
<p>Detailed information related to the location of an event.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_application_ict_services">items-application-&amp;-ict-services</h3>
<div class="paragraph">
<p>Information about application and ICT service assets.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicescorporate_application">gea-nz-entities:items-application-&amp;-ict-services="corporate-application"</h4>
<div class="paragraph">
<p>Corporate Application</p>
</div>
<div class="paragraph">
<p>Detailed information related to corporate applications, such as applications for enterprise resource planning, financial and asset management, HR management, business continuity, etc..</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicescommon_line_of_business_application">gea-nz-entities:items-application-&amp;-ict-services="common-line-of-business-application"</h4>
<div class="paragraph">
<p>Common Line of Business Application</p>
</div>
<div class="paragraph">
<p>Detailed information related to common LoB application, such as applications to manage product and services, marketing, customer and partner relationships, customer accounting, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicesend_user_computing">gea-nz-entities:items-application-&amp;-ict-services="end-user-computing"</h4>
<div class="paragraph">
<p>End User Computing</p>
</div>
<div class="paragraph">
<p>Detailed information related to end user computing, such as applications to manage end user devices, end user tools, mobile applications, productivity suits, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicesdata_and_information_management">gea-nz-entities:items-application-&amp;-ict-services="data-and-information-management"</h4>
<div class="paragraph">
<p>Data and Information Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to data and information management ICT services, such as services for interoperability, data governance, quality management, data protection etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicesidentity_and_accesd_management">gea-nz-entities:items-application-&amp;-ict-services="identity-and-accesd-management"</h4>
<div class="paragraph">
<p>Identity and Access Management</p>
</div>
<div class="paragraph">
<p>Detailed information related to identity and access management ICT services, such as services for identity governance, identity administration, authentication, authorisation, directory, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicessecurity_service">gea-nz-entities:items-application-&amp;-ict-services="security-service"</h4>
<div class="paragraph">
<p>Security Service</p>
</div>
<div class="paragraph">
<p>Detailed information related to security ICT services, such as encryption, network security; public key infrastructure, security controls, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicesict_components_services_and_tools">gea-nz-entities:items-application-&amp;-ict-services="ict-components-services-and-tools"</h4>
<div class="paragraph">
<p>ICT Components, Services and Tools</p>
</div>
<div class="paragraph">
<p>Detailed information related to software and ICT services for operational management and maintenance of applications, ICT components and services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_application_ict_servicesinterface_and_integration">gea-nz-entities:items-application-&amp;-ict-services="interface-and-integration"</h4>
<div class="paragraph">
<p>Interface and Integration</p>
</div>
<div class="paragraph">
<p>Detailed information related to software and ICT services that support how agencies will interface and integrate both internally and externally.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_ict_infrastructure">items-ict-infrastructure</h3>
<div class="paragraph">
<p>Information about man made surroundings that provide setting for organisational activity, such as platforms, networks, facilities, and end user equipment.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_ict_infrastructureplatform">gea-nz-entities:items-ict-infrastructure="platform"</h4>
<div class="paragraph">
<p>Platform</p>
</div>
<div class="paragraph">
<p>Detailed information related to platforms, such as hardware, platform operating systems, and virtualisation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_ict_infrastructurenetwork">gea-nz-entities:items-ict-infrastructure="network"</h4>
<div class="paragraph">
<p>Network</p>
</div>
<div class="paragraph">
<p>Detailed information related to networks, such as network types, traffic types, network infrastructure, transmission types, and network protocol layering.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_ict_infrastructurefacility">gea-nz-entities:items-ict-infrastructure="facility"</h4>
<div class="paragraph">
<p>Facility</p>
</div>
<div class="paragraph">
<p>Detailed information related to facilities, such as facility types, operational controls, facility physical security, and facility infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_ict_infrastructureend_user_equipment">gea-nz-entities:items-ict-infrastructure="end-user-equipment"</h4>
<div class="paragraph">
<p>End User Equipment</p>
</div>
<div class="paragraph">
<p>Detailed information related to end user equipment, such as desktop equipment, mobility equipment, user peripherals, embedded technology devices, and equipment operating systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_natural">items-natural</h3>
<div class="paragraph">
<p>Information held by organisation which relate to natural resources.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_naturalair">gea-nz-entities:items-natural="air"</h4>
<div class="paragraph">
<p>Air</p>
</div>
<div class="paragraph">
<p>Detailed information related to air, such as condition, pollution, health.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_naturalfauna">gea-nz-entities:items-natural="fauna"</h4>
<div class="paragraph">
<p>Fauna</p>
</div>
<div class="paragraph">
<p>Detailed information related to fauna.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_naturalflora">gea-nz-entities:items-natural="flora"</h4>
<div class="paragraph">
<p>Flora</p>
</div>
<div class="paragraph">
<p>Detailed information related to flora.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_naturalland">gea-nz-entities:items-natural="land"</h4>
<div class="paragraph">
<p>Land</p>
</div>
<div class="paragraph">
<p>Detailed information related to land or earth, such as percentage of rocks, soil, mud, pollution, usage, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_naturalminerals">gea-nz-entities:items-natural="minerals"</h4>
<div class="paragraph">
<p>Minerals</p>
</div>
<div class="paragraph">
<p>Detailed information related to minerals.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_naturalwater">gea-nz-entities:items-natural="water"</h4>
<div class="paragraph">
<p>Water</p>
</div>
<div class="paragraph">
<p>Detailed information related to water, such as ground water, river water, sea water.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_naturalenergy">gea-nz-entities:items-natural="energy"</h4>
<div class="paragraph">
<p>Energy</p>
</div>
<div class="paragraph">
<p>Detailed information related to energy.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_financial">items-financial</h3>
<div class="paragraph">
<p>Information related to financial assistance products.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialallowance">gea-nz-entities:items-financial="allowance"</h4>
<div class="paragraph">
<p>Allowance</p>
</div>
<div class="paragraph">
<p>Detailed information related to allowances.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialaward">gea-nz-entities:items-financial="award"</h4>
<div class="paragraph">
<p>Award</p>
</div>
<div class="paragraph">
<p>Detailed information related to awards.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialbenefit">gea-nz-entities:items-financial="benefit"</h4>
<div class="paragraph">
<p>Benefit</p>
</div>
<div class="paragraph">
<p>Detailed information related to benefits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialbonus">gea-nz-entities:items-financial="bonus"</h4>
<div class="paragraph">
<p>Bonus</p>
</div>
<div class="paragraph">
<p>Detailed information related to bonuses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialcompensation">gea-nz-entities:items-financial="compensation"</h4>
<div class="paragraph">
<p>Compensation</p>
</div>
<div class="paragraph">
<p>Detail information related to compensations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialconcession">gea-nz-entities:items-financial="concession"</h4>
<div class="paragraph">
<p>Concession</p>
</div>
<div class="paragraph">
<p>Detailed information related to concessions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialgrant">gea-nz-entities:items-financial="grant"</h4>
<div class="paragraph">
<p>Grant</p>
</div>
<div class="paragraph">
<p>Detailed information related to grants.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialpension">gea-nz-entities:items-financial="pension"</h4>
<div class="paragraph">
<p>Pension</p>
</div>
<div class="paragraph">
<p>Detailed information related to pensions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialsubsidy">gea-nz-entities:items-financial="subsidy"</h4>
<div class="paragraph">
<p>Subsidy</p>
</div>
<div class="paragraph">
<p>Detailed information related to subsidies.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialwage">gea-nz-entities:items-financial="wage"</h4>
<div class="paragraph">
<p>Wage</p>
</div>
<div class="paragraph">
<p>Detailed information related to wages.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialbond">gea-nz-entities:items-financial="bond"</h4>
<div class="paragraph">
<p>Bond</p>
</div>
<div class="paragraph">
<p>Detailed information related to bonds.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialduty">gea-nz-entities:items-financial="duty"</h4>
<div class="paragraph">
<p>Duty</p>
</div>
<div class="paragraph">
<p>Detailed information related to income from duties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialexcise">gea-nz-entities:items-financial="excise"</h4>
<div class="paragraph">
<p>Excise</p>
</div>
<div class="paragraph">
<p>Detailed information related to income from internal tax or duty on certain commodities, as liquor or tobacco, levied on their manufacture, sale, or consumption within the country.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialinsurance">gea-nz-entities:items-financial="insurance"</h4>
<div class="paragraph">
<p>Insurance</p>
</div>
<div class="paragraph">
<p>Detailed information related to insurance.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialloan">gea-nz-entities:items-financial="loan"</h4>
<div class="paragraph">
<p>Loan</p>
</div>
<div class="paragraph">
<p>Detailed information related to revenue from loans.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_financialtax">gea-nz-entities:items-financial="tax"</h4>
<div class="paragraph">
<p>Tax</p>
</div>
<div class="paragraph">
<p>Detailed information related to revenue from taxes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_goods">items-goods</h3>
<div class="paragraph">
<p>Information related to goods.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodschemical">gea-nz-entities:items-goods="chemical"</h4>
<div class="paragraph">
<p>Chemical</p>
</div>
<div class="paragraph">
<p>Detailed information relating to chemicals used in industry, science and photography, as well as in agriculture, horticulture and forestry, unprocessed artificial resins, unprocessed plastics, manures, fire extinguishing compositions, tempering and soldering preparations, chemical substances for preserving foodstuffs, tanning substances, adhesives used in industry.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodspaint">gea-nz-entities:items-goods="paint"</h4>
<div class="paragraph">
<p>Paint</p>
</div>
<div class="paragraph">
<p>Detailed information relating to paints, varnishes, lacquers, preservatives against rust and against deterioration of wood, colorants, mordant, raw natural resins, metals in foil and powder form for painters, decorators, printers and artists.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsbleach">gea-nz-entities:items-goods="bleach"</h4>
<div class="paragraph">
<p>Bleach</p>
</div>
<div class="paragraph">
<p>Detailed information relating to bleaching preparations and other substances for laundry use, cleaning, polishing, scouring and abrasive preparations, soaps, perfumery, essential oils, cosmetics, hair lotions, dentifrices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsindustrial_oil">gea-nz-entities:items-goods="industrial-oil"</h4>
<div class="paragraph">
<p>Industrial Oil</p>
</div>
<div class="paragraph">
<p>Detailed information relating to industrial oils and greases, lubricants, dust absorbing, wetting and binding compositions, fuels (including motor spirit) and illuminants, candles and wicks for lighting.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodspharmaceutical_preparation">gea-nz-entities:items-goods="pharmaceutical-preparation"</h4>
<div class="paragraph">
<p>Pharmaceutical Preparation</p>
</div>
<div class="paragraph">
<p>Detailed information relating to pharmaceutical and veterinary preparations, sanitary preparations for medical purposes, dietetic substances adapted for medical use, food for babies, plasters, materials for dressings, material for stopping teeth, dental wax, disinfectants, preparations for destroying vermin, fungicides, herbicides.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodscommon_metal">gea-nz-entities:items-goods="common-metal"</h4>
<div class="paragraph">
<p>Common Metal</p>
</div>
<div class="paragraph">
<p>Detailed information relating to common metals and their alloys, metal building materials, transportable buildings of metal, materials of metal for railway tracks, non-electric cables and wires of common metal, ironmongery, small items of metal hardware, pipes and tubes of metal, safes, goods of common metal not included in other classes, ores.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsmachine">gea-nz-entities:items-goods="machine"</h4>
<div class="paragraph">
<p>Machine</p>
</div>
<div class="paragraph">
<p>Detailed information relating to machines and machine tools, motors and engines (except for land vehicles), machine coupling and transmission components (except for land vehicles), agricultural implements other than hand-operated, incubators for eggs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodshand_tool">gea-nz-entities:items-goods="hand-tool"</h4>
<div class="paragraph">
<p>Hand Tool</p>
</div>
<div class="paragraph">
<p>Detailed information relating to hand tools and implements (hand-operated), cutlery, side arms, razors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsscientific_apparatus_and_instrument">gea-nz-entities:items-goods="scientific-apparatus-and-instrument"</h4>
<div class="paragraph">
<p>Scientific Apparatus and Instrument</p>
</div>
<div class="paragraph">
<p>Detailed information relating to scientific, nautical, surveying, photographic, cinematographic, optical, weighing, measuring, signalling, checking (supervision), life-saving and teaching apparatus and instruments, apparatus and instruments for conducting, switching, transforming, accumulating, regulating or controlling electricity, apparatus for recording, transmission or reproduction of sound or images, magnetic data carriers, recording discs, automatic vending machines and mechanisms for coin-operated apparatus, cash registers, calculating machines, data processing equipment and computers, fire-extinguishing apparatus.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsmedical_apparatus_and_instrument">gea-nz-entities:items-goods="medical-apparatus-and-instrument"</h4>
<div class="paragraph">
<p>Medical Apparatus and Instrument</p>
</div>
<div class="paragraph">
<p>Detailed information relating to surgical, medical, dental and veterinary apparatus and instruments, artificial limbs, eyes and teeth, orthopaedic articles, suture materials.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodselectrical_apparatus">gea-nz-entities:items-goods="electrical-apparatus"</h4>
<div class="paragraph">
<p>Electrical Apparatus</p>
</div>
<div class="paragraph">
<p>Detailed information relating to apparatus for lighting, heating, steam generating, cooking, refrigerating, drying, ventilating, water supply and sanitary purposes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsvehicle">gea-nz-entities:items-goods="vehicle"</h4>
<div class="paragraph">
<p>Vehicle</p>
</div>
<div class="paragraph">
<p>Detailed information relating to vehicles, apparatus for locomotion by land, air or water.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsfirearm">gea-nz-entities:items-goods="firearm"</h4>
<div class="paragraph">
<p>Firearm</p>
</div>
<div class="paragraph">
<p>Detailed information relating to firearms, ammunition and projectiles, explosives, fireworks</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsprecious_metal">gea-nz-entities:items-goods="precious-metal"</h4>
<div class="paragraph">
<p>Precious Metal</p>
</div>
<div class="paragraph">
<p>Detailed information relating to precious metals and their alloys and goods in precious metals or coated therewith, not included in other classes, jewellery, precious stones, horologic and chronometrical instruments.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsmusical_instrument">gea-nz-entities:items-goods="musical-instrument"</h4>
<div class="paragraph">
<p>Musical Instrument</p>
</div>
<div class="paragraph">
<p>Detailed information relating to musical instruments.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodspaper">gea-nz-entities:items-goods="paper"</h4>
<div class="paragraph">
<p>Paper</p>
</div>
<div class="paragraph">
<p>Detailed information relating to paper, cardboard and goods made from these materials, not included in other classes, printed matter, bookbinding material, photographs, stationery, adhesives for stationery or household purposes, artists' materials, paint brushes, typewriters and office requisites (except furniture), instructional and teaching material (except apparatus), plastic materials for packaging (not included in other classes), printers' type, printing blocks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsrubber_good">gea-nz-entities:items-goods="rubber-good"</h4>
<div class="paragraph">
<p>Rubber Good</p>
</div>
<div class="paragraph">
<p>Detailed information relating to rubber, gutta-percha, gum, asbestos, mica and goods made from these materials and not included in other classes, plastics in extruded form for use in manufacture, packing, stopping and insulating materials, flexible pipes, not of metal.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsleather">gea-nz-entities:items-goods="leather"</h4>
<div class="paragraph">
<p>Leather</p>
</div>
<div class="paragraph">
<p>Detailed information relating to leather and imitations of leather, and goods made of these materials and not included in other classes, animal skins, hides, trunks and traveling bags, umbrellas, parasols and walking sticks, whips, harness and saddlery.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsbuilding_material">gea-nz-entities:items-goods="building-material"</h4>
<div class="paragraph">
<p>Building Material</p>
</div>
<div class="paragraph">
<p>Detailed information relating to Building materials (non-metallic), non-metallic rigid pipes for building, asphalt, pitch and bitumen, non-metallic transportable buildings, monuments, not of metal.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsfurniture">gea-nz-entities:items-goods="furniture"</h4>
<div class="paragraph">
<p>Furniture</p>
</div>
<div class="paragraph">
<p>Detailed information relating to furniture, mirrors, picture frames, goods (not included in other categories) of wood, cork, reed, cane, wicker, horn, bone, ivory, whalebone, shell, amber, mother-of-pearl, meerschaum and substitutes for all these materials, or of plastics.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodshousehold_utensil">gea-nz-entities:items-goods="household-utensil"</h4>
<div class="paragraph">
<p>Household Utensil</p>
</div>
<div class="paragraph">
<p>Detailed information relating to Household or kitchen utensils and containers (not of precious metal or coated therewith), combs and sponges, brushes (except paint brushes), brush-making materials, articles for cleaning purposes, steel wool, unworked or semi-worked glass (except glass used in building), glassware, porcelain and earthenware not included in other classes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsrope">gea-nz-entities:items-goods="rope"</h4>
<div class="paragraph">
<p>Rope</p>
</div>
<div class="paragraph">
<p>Detailed information relating to ropes, string, nets, tents, awnings, tarpaulins, sails, sacks and bags (not included in other classes), padding and stuffing materials (except of rubber or plastics), raw fibrous textile materials.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsyarn">gea-nz-entities:items-goods="yarn"</h4>
<div class="paragraph">
<p>Yarn</p>
</div>
<div class="paragraph">
<p>Detailed information relating to yarns and threads, for textile use.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodstextile">gea-nz-entities:items-goods="textile"</h4>
<div class="paragraph">
<p>Textile</p>
</div>
<div class="paragraph">
<p>Detailed information relating to textiles and textile goods not included in other categories, like bed and table covers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsclothing">gea-nz-entities:items-goods="clothing"</h4>
<div class="paragraph">
<p>Clothing</p>
</div>
<div class="paragraph">
<p>Detailed information relating to clothing, footwear, headgear.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodslace">gea-nz-entities:items-goods="lace"</h4>
<div class="paragraph">
<p>Lace</p>
</div>
<div class="paragraph">
<p>Detailed information relating to lace and embroidery, ribbons and braid, buttons, hooks and eyes, pins and needles, artificial flowers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodscarpet">gea-nz-entities:items-goods="carpet"</h4>
<div class="paragraph">
<p>Carpet</p>
</div>
<div class="paragraph">
<p>Detailed information relating to carpets, rugs, mats and matting, linoleum and other materials for covering existing floors wall hangings (non-textile).</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodstoy">gea-nz-entities:items-goods="toy"</h4>
<div class="paragraph">
<p>Toy</p>
</div>
<div class="paragraph">
<p>Detailed information relating to games and toys, gymnastic and sporting articles not included in other classes, decorations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsfood">gea-nz-entities:items-goods="food"</h4>
<div class="paragraph">
<p>Food</p>
</div>
<div class="paragraph">
<p>Detailed information relating to food, such as meat, fish, poultry and game, meat extracts, preserved, dried and cooked fruits and vegetables, jellies, jams, compotes, eggs, milk and milk products, edible oils and fats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsliquid_food">gea-nz-entities:items-goods="liquid-food"</h4>
<div class="paragraph">
<p>Liquid Food</p>
</div>
<div class="paragraph">
<p>Detailed information relating to coffee, tea, cocoa, sugar, rice, tapioca, sago, artificial coffee, flour and preparations made from cereals, bread, pastry and confectionery, ices, honey, treacle, yeast, baking-powder, salt, mustard, vinegar, sauces (condiments), spices, ice.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsagricultural_product">gea-nz-entities:items-goods="agricultural-product"</h4>
<div class="paragraph">
<p>Agricultural Product</p>
</div>
<div class="paragraph">
<p>Detailed information relating to agricultural, horticultural and forestry products and grains not included in other classes, live animals, fresh fruits and vegetables, seeds, natural plants and flowers, foodstuffs for animals, malt.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsbeverages">gea-nz-entities:items-goods="beverages"</h4>
<div class="paragraph">
<p>Beverages</p>
</div>
<div class="paragraph">
<p>Detailed information relating to beers, mineral and aerated waters and other non-alcoholic drinks, fruit drinks and fruit juices, syrups and other preparations for making beverages.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodsalcoholic_beverage">gea-nz-entities:items-goods="alcoholic-beverage"</h4>
<div class="paragraph">
<p>Alcoholic Beverage</p>
</div>
<div class="paragraph">
<p>Detailed information relating to Alcoholic beverages (except beers).</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_goodstobacco">gea-nz-entities:items-goods="tobacco"</h4>
<div class="paragraph">
<p>Tobacco</p>
</div>
<div class="paragraph">
<p>Detailed information relating to tobacco, smokers' articles, matches.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_regulatory">items-regulatory</h3>
<div class="paragraph">
<p>Information on regulatory products managed by an organisation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_regulatorycertificate">gea-nz-entities:items-regulatory="certificate"</h4>
<div class="paragraph">
<p>Certificate</p>
</div>
<div class="paragraph">
<p>Detailed information related to certificates.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_regulatorylicense">gea-nz-entities:items-regulatory="license"</h4>
<div class="paragraph">
<p>License</p>
</div>
<div class="paragraph">
<p>Detailed information related to licenses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_regulatorypermit">gea-nz-entities:items-regulatory="permit"</h4>
<div class="paragraph">
<p>Permit</p>
</div>
<div class="paragraph">
<p>Detailed information related to permits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_regulatoryregistration">gea-nz-entities:items-regulatory="registration"</h4>
<div class="paragraph">
<p>Registration</p>
</div>
<div class="paragraph">
<p>Detailed information related to registrations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_regulatorydeclaration">gea-nz-entities:items-regulatory="declaration"</h4>
<div class="paragraph">
<p>Declaration</p>
</div>
<div class="paragraph">
<p>Detailed information related to declarations.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_urban_infrastructure">items-urban-infrastructure</h3>
<div class="paragraph">
<p>Information related to urban infrastructure.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_urban_infrastructurewater_supply_system">gea-nz-entities:items-urban-infrastructure="water-supply-system"</h4>
<div class="paragraph">
<p>Water Supply System</p>
</div>
<div class="paragraph">
<p>Detailed information related to a water supply system. A water supply system or water supply network is a system of engineered hydrologic and hydraulic components which provide water supply.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_urban_infrastructureelectric_power_system">gea-nz-entities:items-urban-infrastructure="electric-power-system"</h4>
<div class="paragraph">
<p>Electric Power System</p>
</div>
<div class="paragraph">
<p>Detailed information related to an electric power supply system. An electric power system is a network of electrical components used to supply, transmit and use electric power.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_urban_infrastructuretransport_network">gea-nz-entities:items-urban-infrastructure="transport-network"</h4>
<div class="paragraph">
<p>Transport Network</p>
</div>
<div class="paragraph">
<p>Detailed information related to transport networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_urban_infrastructuresanitation_system">gea-nz-entities:items-urban-infrastructure="sanitation-system"</h4>
<div class="paragraph">
<p>Sanitation System</p>
</div>
<div class="paragraph">
<p>Detailed information related to sanitation systems to provide a hygienic means of promoting health through prevention of human contact with the hazards of wastes as well as the treatment and proper disposal of sewage or wastewater.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_urban_infrastructurecommunication_system">gea-nz-entities:items-urban-infrastructure="communication-system"</h4>
<div class="paragraph">
<p>Communication System</p>
</div>
<div class="paragraph">
<p>Detailed information related to a communication system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_accommodation">items-accommodation</h3>
<div class="paragraph">
<p>Information related to shortterm accommodation provided on a commercial basis, excluding longterm accommodation and accommodation that is provided on a noncommercial basis.</p>
</div>
</div>
<div class="sect2">
<h3 id="_items_dwelling_type">items-dwelling-type</h3>
<div class="paragraph">
<p>Information related to occupied dwelling type is used to monitor trends and developments in housing and institutional dwellings, to plan for the future housing and service needs of the community.</p>
</div>
</div>
<div class="sect2">
<h3 id="_items_artefact">items-artefact</h3>
<div class="paragraph">
<p>An artefact is an item of value and manifests in a concrete form such as reports, documents, tables, books, instruction manuals, evidence, etc.</p>
</div>
</div>
<div class="sect2">
<h3 id="_items_waste">items-waste</h3>
<div class="paragraph">
<p>Information related to the waste used, managed or produced by the organisation.</p>
</div>
</div>
<div class="sect2">
<h3 id="_items_item_usage">items-item-usage</h3>
<div class="paragraph">
<p>Identifies the ways in which an organisation may use an item.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_item_usageproduct">gea-nz-entities:items-item-usage="product"</h4>
<div class="paragraph">
<p>Product</p>
</div>
<div class="paragraph">
<p>Information about tangible outputs of processes which an organisation can offer to other parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_entitiesitems_item_usageresource">gea-nz-entities:items-item-usage="resource"</h4>
<div class="paragraph">
<p>Resource</p>
</div>
<div class="paragraph">
<p>Resources are not kept or assigned to parties except to accomplish an activity within the organisation, typically during an interaction or the supply of products or delivery of services.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_items_other_item">items-other-item</h3>
<div class="paragraph">
<p>Detailed information of other items not categorised within Items.</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_gea_nz_motivators">gea-nz-motivators</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
gea-nz-motivators namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/gea-nz-motivators/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Information relating to authority or governance.</p>
</div>
<div class="sect2">
<h3 id="_plans_budget">plans-budget</h3>
<div class="paragraph">
<p>Information relating to budget direction or processes.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_budgetcapital">gea-nz-motivators:plans-budget="capital"</h4>
<div class="paragraph">
<p>Capital</p>
</div>
<div class="paragraph">
<p>Detailed information relating to capital budget planning.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_budgetoperating">gea-nz-motivators:plans-budget="operating"</h4>
<div class="paragraph">
<p>Operating</p>
</div>
<div class="paragraph">
<p>Detailed information relating to operational budget planning.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_plans_strategy">plans-strategy</h3>
<div class="paragraph">
<p>Detailed information relating to strategic management.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_strategystrategic_directive">gea-nz-motivators:plans-strategy="strategic-directive"</h4>
<div class="paragraph">
<p>Strategic Directive</p>
</div>
<div class="paragraph">
<p>Detailed information relating to planning of strategic or organisational directives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_strategystrategic_goal">gea-nz-motivators:plans-strategy="strategic-goal"</h4>
<div class="paragraph">
<p>Strategic Goal</p>
</div>
<div class="paragraph">
<p>Detailed information relating to strategic and organisational goals, such as key learning, key results, targets, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_strategystrategic_objective">gea-nz-motivators:plans-strategy="strategic-objective"</h4>
<div class="paragraph">
<p>Strategic Objective</p>
</div>
<div class="paragraph">
<p>Detailed information relating to strategic and organisational objectives, such as KPIs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_strategystrategic_outcome">gea-nz-motivators:plans-strategy="strategic-outcome"</h4>
<div class="paragraph">
<p>Strategic Outcome</p>
</div>
<div class="paragraph">
<p>Detailed information relating to strategic business outcomes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_strategyroad_map">gea-nz-motivators:plans-strategy="road-map"</h4>
<div class="paragraph">
<p>Road Map</p>
</div>
<div class="paragraph">
<p>Detailed information relating to strategic business road maps.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_strategychallenge">gea-nz-motivators:plans-strategy="challenge"</h4>
<div class="paragraph">
<p>Challenge</p>
</div>
<div class="paragraph">
<p>Detailed information relating to strategic and organisational challenges.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_strategyopportunity">gea-nz-motivators:plans-strategy="opportunity"</h4>
<div class="paragraph">
<p>Opportunity</p>
</div>
<div class="paragraph">
<p>Detailed information relating to strategic and organisational opportunities.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_plans_effort">plans-effort</h3>
<div class="paragraph">
<p>Information relating to the required effort to achieve or fulfil a work related activity.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_effortactivity">gea-nz-motivators:plans-effort="activity"</h4>
<div class="paragraph">
<p>Activity</p>
</div>
<div class="paragraph">
<p>Detailed information relating to planning of activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_effortcampaign">gea-nz-motivators:plans-effort="campaign"</h4>
<div class="paragraph">
<p>Campaign</p>
</div>
<div class="paragraph">
<p>Detailed information relating to planned campaigns.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_effortcare">gea-nz-motivators:plans-effort="care"</h4>
<div class="paragraph">
<p>Care</p>
</div>
<div class="paragraph">
<p>Detailed information relating to planning of activities for an individual to achieve an outcome (PDP).</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_effortprogramme">gea-nz-motivators:plans-effort="programme"</h4>
<div class="paragraph">
<p>Programme</p>
</div>
<div class="paragraph">
<p>Detailed information relating to programmes plans.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_effortproject">gea-nz-motivators:plans-effort="project"</h4>
<div class="paragraph">
<p>Project</p>
</div>
<div class="paragraph">
<p>Detailed information relating to project plans.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_effortroster">gea-nz-motivators:plans-effort="roster"</h4>
<div class="paragraph">
<p>Roster</p>
</div>
<div class="paragraph">
<p>Detailed information relating to rosters.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_effortschedule">gea-nz-motivators:plans-effort="schedule"</h4>
<div class="paragraph">
<p>Schedule</p>
</div>
<div class="paragraph">
<p>Detailed information relating to schedules.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_efforttask">gea-nz-motivators:plans-effort="task"</h4>
<div class="paragraph">
<p>Task</p>
</div>
<div class="paragraph">
<p>Detailed information relating to planning of tasks.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_plans_measure">plans-measure</h3>
<div class="paragraph">
<p>Information which tracks the effectiveness in relation to activities managed by the organisation (inputs/outputs) or employee performance.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_measureinput">gea-nz-motivators:plans-measure="input"</h4>
<div class="paragraph">
<p>Input</p>
</div>
<div class="paragraph">
<p>Detailed information relating to input measurements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_measureoutput">gea-nz-motivators:plans-measure="output"</h4>
<div class="paragraph">
<p>Output</p>
</div>
<div class="paragraph">
<p>Detailed information relating to output measurements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_measureperformance">gea-nz-motivators:plans-measure="performance"</h4>
<div class="paragraph">
<p>Performance</p>
</div>
<div class="paragraph">
<p>Detailed information regarding the performance of an individual, group, organization, system or component.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_measurebenefit">gea-nz-motivators:plans-measure="benefit"</h4>
<div class="paragraph">
<p>Benefit</p>
</div>
<div class="paragraph">
<p>Detailed information regarding the benefits of individual, group, organization, system or component.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_plans_risk">plans-risk</h3>
<div class="paragraph">
<p>Information about person(s) or thing(s) which relate to risk management within organisation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_riskconsequence">gea-nz-motivators:plans-risk="consequence"</h4>
<div class="paragraph">
<p>Consequence</p>
</div>
<div class="paragraph">
<p>Detailed information relating to consequences of a risk.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_riskhazard">gea-nz-motivators:plans-risk="hazard"</h4>
<div class="paragraph">
<p>Hazard</p>
</div>
<div class="paragraph">
<p>Detailed information relating to risk hazards.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_risklikelihood">gea-nz-motivators:plans-risk="likelihood"</h4>
<div class="paragraph">
<p>Likelihood</p>
</div>
<div class="paragraph">
<p>Detailed information relating to likelihood of a risk.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_riskmitigation">gea-nz-motivators:plans-risk="mitigation"</h4>
<div class="paragraph">
<p>Mitigation</p>
</div>
<div class="paragraph">
<p>Detailed information relating to risk mitigation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_riskinfluence">gea-nz-motivators:plans-risk="influence"</h4>
<div class="paragraph">
<p>Influence</p>
</div>
<div class="paragraph">
<p>Detailed information relating to influences that can impact the organisation&#8217;s operations, strategic goals, outcomes, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_riskdisruption">gea-nz-motivators:plans-risk="disruption"</h4>
<div class="paragraph">
<p>Disruption</p>
</div>
<div class="paragraph">
<p>Detailed information relating to disruptions that can impact the organisation&#8217;s operations, objectives, goals, outcomes, etc.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_plans_specification">plans-specification</h3>
<div class="paragraph">
<p>Information dealing with properties and constraints.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_specificationfunctional_requirement">gea-nz-motivators:plans-specification="functional-requirement"</h4>
<div class="paragraph">
<p>Functional Requirement</p>
</div>
<div class="paragraph">
<p>Detailed information relating to functional requirements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_specificationnon_functional_requirement">gea-nz-motivators:plans-specification="non-functional-requirement"</h4>
<div class="paragraph">
<p>Non-Functional Requirement</p>
</div>
<div class="paragraph">
<p>Detailed information relating to non-functional requirements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorsplans_specificationdesign">gea-nz-motivators:plans-specification="design"</h4>
<div class="paragraph">
<p>Design</p>
</div>
<div class="paragraph">
<p>Detailed information relating to solution designs.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_operational">controls-operational</h3>
<div class="paragraph">
<p>Information about controls that provide the foundation for administration of an organisation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalconvention">gea-nz-motivators:controls-operational="convention"</h4>
<div class="paragraph">
<p>Convention</p>
</div>
<div class="paragraph">
<p>Detailed information relating to conventions, which are general agreements about basic principles or procedures.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalguideline">gea-nz-motivators:controls-operational="guideline"</h4>
<div class="paragraph">
<p>Guideline</p>
</div>
<div class="paragraph">
<p>Detailed information relating to guidelines, which are principles put forward to set standards or determine a course of action. For example guidelines on tax reform.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalpolicy">gea-nz-motivators:controls-operational="policy"</h4>
<div class="paragraph">
<p>Policy</p>
</div>
<div class="paragraph">
<p>Detailed information relating to policies. A policy is a plan or course of action intended to influence and determine decisions, actions, and other matters.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalprinciple">gea-nz-motivators:controls-operational="principle"</h4>
<div class="paragraph">
<p>Principle</p>
</div>
<div class="paragraph">
<p>Detailed information relating to principles, which are accepted rules or actions on conduct.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalstandard">gea-nz-motivators:controls-operational="standard"</h4>
<div class="paragraph">
<p>Standard</p>
</div>
<div class="paragraph">
<p>Detailed information relating to standards, which are accepted or approved examples of something against which people, processes, items are measured.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalprocedure">gea-nz-motivators:controls-operational="procedure"</h4>
<div class="paragraph">
<p>Procedure</p>
</div>
<div class="paragraph">
<p>Detailed information relating to procedures. A procedure is a series of steps taken to accomplish an end.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalprocess">gea-nz-motivators:controls-operational="process"</h4>
<div class="paragraph">
<p>Process</p>
</div>
<div class="paragraph">
<p>Detailed information relating to processes. A process is a series of operations performed in the making or treatment of a product.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalcapability">gea-nz-motivators:controls-operational="capability"</h4>
<div class="paragraph">
<p>Capability</p>
</div>
<div class="paragraph">
<p>Detailed information relating to capabilities; capacity to be used, treated, or developed for a specific purpose.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalrule">gea-nz-motivators:controls-operational="rule"</h4>
<div class="paragraph">
<p>Rule</p>
</div>
<div class="paragraph">
<p>Detailed information relating to rules.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalexception">gea-nz-motivators:controls-operational="exception"</h4>
<div class="paragraph">
<p>Exception</p>
</div>
<div class="paragraph">
<p>Detailed information around anything excluded from or not in conformance with a general rules, principles, regulations, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_operationalscope_of_use">gea-nz-motivators:controls-operational="scope-of-use"</h4>
<div class="paragraph">
<p>Scope of Use</p>
</div>
<div class="paragraph">
<p>Detailed information around the scope of use of assets.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_finance">controls-finance</h3>
<div class="paragraph">
<p>Information about the financial structures that provide management and control over the economic resources of the organisation.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_financefinancial_asset">gea-nz-motivators:controls-finance="financial-asset"</h4>
<div class="paragraph">
<p>Financial Asset</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the financial control of assets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_financeequity">gea-nz-motivators:controls-finance="equity"</h4>
<div class="paragraph">
<p>Equity</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the financial control of equities, monetary value of a property or business beyond any amounts owed on it in mortgages, claims, liens, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_financeexpense">gea-nz-motivators:controls-finance="expense"</h4>
<div class="paragraph">
<p>Expense</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the financial control of expenses. An expense is a cost of something, such as time or labour, necessary for the attainment of a goal.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_financefee">gea-nz-motivators:controls-finance="fee"</h4>
<div class="paragraph">
<p>Fee</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the financial control of fees; a fixed sum charged, as by an institution or by law, for a privilege: a license fee; tuition fees. Also a charge for professional services: a surgeon&#8217;s fee.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_financeincome">gea-nz-motivators:controls-finance="income"</h4>
<div class="paragraph">
<p>Income</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the financial control of income.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_financefinancial_liability">gea-nz-motivators:controls-finance="financial-liability"</h4>
<div class="paragraph">
<p>Financial Liability</p>
</div>
<div class="paragraph">
<p>Detailed information relating to financial obligations entered in the balance sheet of the organisation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_financeacquisition_method">gea-nz-motivators:controls-finance="acquisition-method"</h4>
<div class="paragraph">
<p>Acquisition Method</p>
</div>
<div class="paragraph">
<p>Detailed information relating to acquisition methods. An acquisition method defines the method by which assets are acquired.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_industry">controls-industry</h3>
<div class="paragraph">
<p>Information about industry practice issued by an industry specific regulation or professional body.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_industrybest_practice">gea-nz-motivators:controls-industry="best-practice"</h4>
<div class="paragraph">
<p>Best Practice</p>
</div>
<div class="paragraph">
<p>Detailed information relating to endorsed or recommended industry practices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_industryregulation">gea-nz-motivators:controls-industry="regulation"</h4>
<div class="paragraph">
<p>Regulation</p>
</div>
<div class="paragraph">
<p>Detailed information relating to endorsed or recommended industry specific regulations, rules of behaviour and procedure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_industryterminology">gea-nz-motivators:controls-industry="terminology"</h4>
<div class="paragraph">
<p>Terminology</p>
</div>
<div class="paragraph">
<p>Detailed information of defined sets of concepts and related terms, including definitions and usage guidelines, and the industry-specific business context within which they are to be used.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_technological">controls-technological</h3>
<div class="paragraph">
<p>Information about technical constraints.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_technologicalenforced_rules">gea-nz-motivators:controls-technological="enforced-rules"</h4>
<div class="paragraph">
<p>Enforced Rules</p>
</div>
<div class="paragraph">
<p>Detailed information relating to enforced rules around chosen or legacy systems, i.e. Windows policies.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_technologicalconstraints">gea-nz-motivators:controls-technological="constraints"</h4>
<div class="paragraph">
<p>Constraints</p>
</div>
<div class="paragraph">
<p>Detailed information relating to technical constraints imposed by a chosen or legacy technology.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_law">controls-law</h3>
<div class="paragraph">
<p>Information about controls in the form of legislation (statues, regulations, etc.).</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_lawcommon_law">gea-nz-motivators:controls-law="common-law"</h4>
<div class="paragraph">
<p>Common Law</p>
</div>
<div class="paragraph">
<p>Detailed information relating to common laws A common law is established by court decisions rather than by statutes enacted by legislatures.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_lawlegislative_instrument">gea-nz-motivators:controls-law="legislative-instrument"</h4>
<div class="paragraph">
<p>Legislative Instrument</p>
</div>
<div class="paragraph">
<p>Detailed information relating to legislation, which are laws enacted by a legislative body.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_lawact">gea-nz-motivators:controls-law="act"</h4>
<div class="paragraph">
<p>Act</p>
</div>
<div class="paragraph">
<p>Detailed information relating to Acts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_lawcabinet_minute">gea-nz-motivators:controls-law="cabinet-minute"</h4>
<div class="paragraph">
<p>Cabinet Minute</p>
</div>
<div class="paragraph">
<p>Detailed information relating to Cabinet minutes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_personal">controls-personal</h3>
<div class="paragraph">
<p>Information about the constraints an individual places on interactions with the government, or agency.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_personalpersonal_directive">gea-nz-motivators:controls-personal="personal-directive"</h4>
<div class="paragraph">
<p>Personal Directive</p>
</div>
<div class="paragraph">
<p>Detailed information relating to directives of an individual, such as release of personal information, advance care directive.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_security">controls-security</h3>
<div class="paragraph">
<p>Information about the constraints security places on interactions within and across the government, agencies and 3th parties.</p>
</div>
</div>
<div class="sect2">
<h3 id="_contracts_arrangement">contracts-arrangement</h3>
<div class="paragraph">
<p>Information relating to contracts, agreements or other arrangements with other agencies, governments, public or private organizations.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementmemorandum_of_understanding">gea-nz-motivators:contracts-arrangement="memorandum-of-understanding"</h4>
<div class="paragraph">
<p>Memorandum of Understanding</p>
</div>
<div class="paragraph">
<p>Detailed information relating to terms of agreement, not the legal instrument.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementoffer">gea-nz-motivators:contracts-arrangement="offer"</h4>
<div class="paragraph">
<p>Offer</p>
</div>
<div class="paragraph">
<p>Detailed information relating to offers, such as proposals, quotes, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementorder">gea-nz-motivators:contracts-arrangement="order"</h4>
<div class="paragraph">
<p>Order</p>
</div>
<div class="paragraph">
<p>Detailed information relating to orders, official request to be made, supplied, or served.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementagreement">gea-nz-motivators:contracts-arrangement="agreement"</h4>
<div class="paragraph">
<p>Agreement</p>
</div>
<div class="paragraph">
<p>Detailed information relating to Service level Agreements (SLA), Master Service Agreements (MSA), Statement of Work (SoW), Purchase Agreement (PA), etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementrequest">gea-nz-motivators:contracts-arrangement="request"</h4>
<div class="paragraph">
<p>Request</p>
</div>
<div class="paragraph">
<p>Detailed information relating to requests, such as request for information, request for assistance, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementconfidentiality">gea-nz-motivators:contracts-arrangement="confidentiality"</h4>
<div class="paragraph">
<p>Confidentiality</p>
</div>
<div class="paragraph">
<p>Detailed information relating to confidentiality, such as commercial-in-confidence (CIC), non-disclosure, privacy, and other</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementemployment">gea-nz-motivators:contracts-arrangement="employment"</h4>
<div class="paragraph">
<p>Employment</p>
</div>
<div class="paragraph">
<p>Detailed information relating to employment contracts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementservice">gea-nz-motivators:contracts-arrangement="service"</h4>
<div class="paragraph">
<p>Service</p>
</div>
<div class="paragraph">
<p>Detailed information relating to service contracts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_arrangementsupply">gea-nz-motivators:contracts-arrangement="supply"</h4>
<div class="paragraph">
<p>Supply</p>
</div>
<div class="paragraph">
<p>Detailed information relating to supply contracts.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_contracts_rights">contracts-rights</h3>
<div class="paragraph">
<p>Information relating to moral or legal entitlement to have or do something.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightseligibility">gea-nz-motivators:contracts-rights="eligibility"</h4>
<div class="paragraph">
<p>Eligibility</p>
</div>
<div class="paragraph">
<p>Detailed information related to eligibilities (fit or proper to be chosen; worthy of choice; desirable).</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightscredits">gea-nz-motivators:contracts-rights="credits"</h4>
<div class="paragraph">
<p>Credits</p>
</div>
<div class="paragraph">
<p>Detailed information relating to credit rights like account receivable, e. i. a legally enforceable claim for payment held by a business against its customer/clients for goods supplied and/or services rendered in execution of the customer&#8217;s order.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightsaccess_right">gea-nz-motivators:contracts-rights="access-right"</h4>
<div class="paragraph">
<p>Access Right</p>
</div>
<div class="paragraph">
<p>Detailed information related to access rights to facilities, services, processes, information, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightsauthorisation">gea-nz-motivators:contracts-rights="authorisation"</h4>
<div class="paragraph">
<p>Authorisation</p>
</div>
<div class="paragraph">
<p>Detailed information related to authorisation, e. i. right to give orders or make decisions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightshuman_right">gea-nz-motivators:contracts-rights="human-right"</h4>
<div class="paragraph">
<p>Human Right</p>
</div>
<div class="paragraph">
<p>Detailed information related to human rights.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightsemployment_right">gea-nz-motivators:contracts-rights="employment-right"</h4>
<div class="paragraph">
<p>Employment Right</p>
</div>
<div class="paragraph">
<p>Detailed information related to employment rights. New Zealand has a comprehensive set of employment laws that help keep workplaces fair.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightsproperty_right">gea-nz-motivators:contracts-rights="property-right"</h4>
<div class="paragraph">
<p>Property Right</p>
</div>
<div class="paragraph">
<p>Detailed information related to property rights.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_rightsconsumer_right">gea-nz-motivators:contracts-rights="consumer-right"</h4>
<div class="paragraph">
<p>Consumer Right</p>
</div>
<div class="paragraph">
<p>Detailed information related to consumer rights.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_contracts_obligation">contracts-obligation</h3>
<div class="paragraph">
<p>Information which is held by an organisation which relates to its obligations.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationduty_of_care">gea-nz-motivators:contracts-obligation="duty-of-care"</h4>
<div class="paragraph">
<p>Duty of Care</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the obligations of duty of care.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationfitness_for_purpose">gea-nz-motivators:contracts-obligation="fitness-for-purpose"</h4>
<div class="paragraph">
<p>Fitness for Purpose</p>
</div>
<div class="paragraph">
<p>Detailed information relating to something that is good enough to do the job it was designed to do.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationwarranty">gea-nz-motivators:contracts-obligation="warranty"</h4>
<div class="paragraph">
<p>Warranty</p>
</div>
<div class="paragraph">
<p>Detailed information relating to warranties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationprivacy">gea-nz-motivators:contracts-obligation="privacy"</h4>
<div class="paragraph">
<p>Privacy</p>
</div>
<div class="paragraph">
<p>Detailed information relating to privacy obligations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationtruthfulness">gea-nz-motivators:contracts-obligation="truthfulness"</h4>
<div class="paragraph">
<p>Truthfulness</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the obligation to be truthful.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationenforce_the_law">gea-nz-motivators:contracts-obligation="enforce-the-law"</h4>
<div class="paragraph">
<p>Enforce the Law</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the obligation to enforce laws and regulations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationobey_the_law">gea-nz-motivators:contracts-obligation="obey-the-law"</h4>
<div class="paragraph">
<p>Obey the Law</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the obligation to obey laws and regulations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationaccount_payable">gea-nz-motivators:contracts-obligation="account-payable"</h4>
<div class="paragraph">
<p>Account Payable</p>
</div>
<div class="paragraph">
<p>Detailed information related to account payables or billable, i.e. money which an agency owes to vendors for products and services purchased on credit.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationenforce_rules">gea-nz-motivators:contracts-obligation="enforce-rules"</h4>
<div class="paragraph">
<p>Enforce Rules</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the obligation to enforce rules, like organisational rules, educational rules, industrial rules, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_obligationobey_rules">gea-nz-motivators:contracts-obligation="obey-rules"</h4>
<div class="paragraph">
<p>Obey Rules</p>
</div>
<div class="paragraph">
<p>Detailed information relating to the obligation to obey rules, like organisational rules, educational rules, industrial rules, etc.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_contracts_jurisdiction">contracts-jurisdiction</h3>
<div class="paragraph">
<p>nformation about political and geographical areas in which an organisation operates.</p>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_jurisdictionnational">gea-nz-motivators:contracts-jurisdiction="national"</h4>
<div class="paragraph">
<p>National</p>
</div>
<div class="paragraph">
<p>Detailed information relating to national jurisdictions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_jurisdictioninternational">gea-nz-motivators:contracts-jurisdiction="international"</h4>
<div class="paragraph">
<p>International</p>
</div>
<div class="paragraph">
<p>Detailed information relating to international jurisdictions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_jurisdictionlocal">gea-nz-motivators:contracts-jurisdiction="local"</h4>
<div class="paragraph">
<p>Local</p>
</div>
<div class="paragraph">
<p>Detailed information relating to local jurisdictions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_jurisdictionpolitical">gea-nz-motivators:contracts-jurisdiction="political"</h4>
<div class="paragraph">
<p>Political</p>
</div>
<div class="paragraph">
<p>Detailed information relating to political jurisdictions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontracts_jurisdictionregional">gea-nz-motivators:contracts-jurisdiction="regional"</h4>
<div class="paragraph">
<p>Regional</p>
</div>
<div class="paragraph">
<p>Detailed information relating to regional jurisdictions.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_controls_risk_governance">controls-risk-governance</h3>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_risk_governanceresidual">gea-nz-motivators:controls-risk-governance="residual"</h4>
<div class="paragraph">
<p>Residual</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_risk_governanceacceptance">gea-nz-motivators:controls-risk-governance="acceptance"</h4>
<div class="paragraph">
<p>Acceptance</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_risk_governanceanalysis">gea-nz-motivators:controls-risk-governance="analysis"</h4>
<div class="paragraph">
<p>Analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_risk_governanceassessement">gea-nz-motivators:controls-risk-governance="assessement"</h4>
<div class="paragraph">
<p>Assessement</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_risk_governancemanagement">gea-nz-motivators:controls-risk-governance="management"</h4>
<div class="paragraph">
<p>Management</p>
</div>
</div>
<div class="sect3">
<h4 id="_gea_nz_motivatorscontrols_risk_governancetreatment">gea-nz-motivators:controls-risk-governance="treatment"</h4>
<div class="paragraph">
<p>Treatment</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_gsma_attack_category">gsma-attack-category</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
gsma-attack-category namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/gsma-attack-category/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy used by GSMA for their information sharing program with telco describing the attack categories</p>
</div>
<div class="sect2">
<h3 id="_denial_of_service">denial-of-service</h3>
<div class="sect3">
<h4 id="_gsma_attack_categorydenial_of_service">gsma-attack-category:denial-of-service</h4>
<div class="paragraph">
<p>(Distributed) Denial of Service</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_attack">exploit-attack</h3>
<div class="sect3">
<h4 id="_gsma_attack_categoryexploit_attack">gsma-attack-category:exploit-attack</h4>
<div class="paragraph">
<p>Exploit attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering_5">information-gathering</h3>
<div class="sect3">
<h4 id="_gsma_attack_categoryinformation_gathering">gsma-attack-category:information-gathering</h4>
<div class="paragraph">
<p>Information gathering</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_insider_attack">insider-attack</h3>
<div class="sect3">
<h4 id="_gsma_attack_categoryinsider_attack">gsma-attack-category:insider-attack</h4>
<div class="paragraph">
<p>Insider attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_interception_attack">interception-attack</h3>
<div class="sect3">
<h4 id="_gsma_attack_categoryinterception_attack">gsma-attack-category:interception-attack</h4>
<div class="paragraph">
<p>Interception attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_manipulation_attack">manipulation-attack</h3>
<div class="sect3">
<h4 id="_gsma_attack_categorymanipulation_attack">gsma-attack-category:manipulation-attack</h4>
<div class="paragraph">
<p>Manipulation attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_physical_attack_2">physical-attack</h3>
<div class="sect3">
<h4 id="_gsma_attack_categoryphysical_attack">gsma-attack-category:physical-attack</h4>
<div class="paragraph">
<p>Physical attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_spoofing">spoofing</h3>
<div class="sect3">
<h4 id="_gsma_attack_categoryspoofing">gsma-attack-category:spoofing</h4>
<div class="paragraph">
<p>Spoofing</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_gsma_fraud">gsma-fraud</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
gsma-fraud namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/gsma-fraud/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy used by GSMA for their information sharing program with telco describing the various aspects of fraud</p>
</div>
<div class="sect2">
<h3 id="_technical">technical</h3>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalmailbox_hacking">gsma-fraud:technical="mailbox-hacking"</h4>
<div class="paragraph">
<p>Mailbox Hacking (CLI Spoofing)</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalimei_reprogramming">gsma-fraud:technical="imei-reprogramming"</h4>
<div class="paragraph">
<p>IMEI Reprogramming</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalcall_forwarding_fraud">gsma-fraud:technical="call-forwarding-fraud"</h4>
<div class="paragraph">
<p>Call Forwarding Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalcall_conference">gsma-fraud:technical="call-conference"</h4>
<div class="paragraph">
<p>Call Conference / Multi-Party Calls</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalhlr_tampering">gsma-fraud:technical="hlr-tampering"</h4>
<div class="paragraph">
<p>HLR Tampering / Switch Manipulation</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalsim_card_cloning">gsma-fraud:technical="sim-card-cloning"</h4>
<div class="paragraph">
<p>SIM Card Cloning</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalfalse_base_station_attack">gsma-fraud:technical="false-base-station-attack"</h4>
<div class="paragraph">
<p>False Base Station Attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalspamming">gsma-fraud:technical="spamming"</h4>
<div class="paragraph">
<p>Spamming (SMS &amp; IP services)</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalphishing_pharming">gsma-fraud:technical="phishing-pharming"</h4>
<div class="paragraph">
<p>Phishing and Pharming</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalmobile_malware">gsma-fraud:technical="mobile-malware"</h4>
<div class="paragraph">
<p>Mobile Malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalfraud_risks_associated_with_voice_over_ip_services">gsma-fraud:technical="fraud-risks-associated-with-voice-over-ip-services"</h4>
<div class="paragraph">
<p>Fraud Risks associated with Voice over IP Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalpbx_hacking">gsma-fraud:technical="pbx-hacking"</h4>
<div class="paragraph">
<p>PBX Hacking</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicalfraud_risks_associated_with_m2m_services">gsma-fraud:technical="fraud-risks-associated-with-m2m-services"</h4>
<div class="paragraph">
<p>Fraud Risks Associated with M2M Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudtechnicaldata_charing_bypass">gsma-fraud:technical="data-charing-bypass"</h4>
<div class="paragraph">
<p>Data Charing Bypass</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_subscription">subscription</h3>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptionsubscription_fraud">gsma-fraud:subscription="subscription-fraud"</h4>
<div class="paragraph">
<p>Subscription Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptionproxy_fraud">gsma-fraud:subscription="proxy-fraud"</h4>
<div class="paragraph">
<p>Proxy Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptionaccount_takeover">gsma-fraud:subscription="account-takeover"</h4>
<div class="paragraph">
<p>Account Takeover</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptioncall_selling">gsma-fraud:subscription="call-selling"</h4>
<div class="paragraph">
<p>Call Selling</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptiondirect_debit_fraud">gsma-fraud:subscription="direct-debit-fraud"</h4>
<div class="paragraph">
<p>Direct Debug Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptioncredit_card_fraud">gsma-fraud:subscription="credit-card-fraud"</h4>
<div class="paragraph">
<p>Credit Card Fraud (Card Present)</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptioncredit_card_not_present_transactions">gsma-fraud:subscription="credit-card-not-present-transactions"</h4>
<div class="paragraph">
<p>Credit Card Not Present Transactions</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudsubscriptioncheque_fraud">gsma-fraud:subscription="cheque-fraud"</h4>
<div class="paragraph">
<p>Cheque Fraud</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_distribution">distribution</h3>
<div class="sect3">
<h4 id="_gsma_frauddistributiondealer_fraud">gsma-fraud:distribution="dealer-fraud"</h4>
<div class="paragraph">
<p>Dealer Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_frauddistributionfalse_agent">gsma-fraud:distribution="false-agent"</h4>
<div class="paragraph">
<p>False Agent / Remote Activation Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_frauddistributiontheft_and_handling_stolen_goods">gsma-fraud:distribution="theft-and-handling-stolen-goods"</h4>
<div class="paragraph">
<p>Theft and Handling Stolen Goods</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_frauddistributionhandset_subsidy_loss">gsma-fraud:distribution="handset-subsidy-loss"</h4>
<div class="paragraph">
<p>Handset Subsidy Loss</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_frauddistributionremote_order_fraud">gsma-fraud:distribution="remote-order-fraud"</h4>
<div class="paragraph">
<p>Remote Order Fraud</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_business">business</h3>
<div class="sect3">
<h4 id="_gsma_fraudbusinesspremium_rate">gsma-fraud:business="premium-rate"</h4>
<div class="paragraph">
<p>Premium Rate / Audiotext Services Fraud (PRS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessroaming_fraud">gsma-fraud:business="roaming-fraud"</h4>
<div class="paragraph">
<p>Roaming Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessinternational_revenue_share_fraud">gsma-fraud:business="international-revenue-share-fraud"</h4>
<div class="paragraph">
<p>International Revenue Share Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessinbound_roaming_fraud_risk_to_vpmn">gsma-fraud:business="inbound-roaming-fraud-risk-to-vpmn"</h4>
<div class="paragraph">
<p>Inbound Roaming Fraud Risk to VPMN</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessinterconnect_abuse">gsma-fraud:business="interconnect-abuse"</h4>
<div class="paragraph">
<p>Interconnect Abuse (GSM Gateways)</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessrefiling">gsma-fraud:business="refiling"</h4>
<div class="paragraph">
<p>Refiling</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessmobile_to_fixed_network_gateway_abuse">gsma-fraud:business="mobile-to-fixed-network-gateway-abuse"</h4>
<div class="paragraph">
<p>Mobile to Fixed Network Gateways Abuse</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessfalse_answer_false_ring">gsma-fraud:business="false-answer-false-ring"</h4>
<div class="paragraph">
<p>False Answer / False Ring</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinesssocial_engineering">gsma-fraud:business="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessinternal_fraud">gsma-fraud:business="internal-fraud"</h4>
<div class="paragraph">
<p>Internal Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessnormal_business_fraud_crime">gsma-fraud:business="normal-business-fraud-crime"</h4>
<div class="paragraph">
<p>Normal Business Fraud and Crime</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessbrand_name_logo_abuse">gsma-fraud:business="brand-name-logo-abuse"</h4>
<div class="paragraph">
<p>Brand Name / Logo Abuse</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessm_commerce_provider_content_fraud">gsma-fraud:business="m-commerce-provider-content-fraud"</h4>
<div class="paragraph">
<p>M-Commerce Provider Content Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessm_commerce_provider_prs_fraud">gsma-fraud:business="m-commerce-provider-prs-fraud"</h4>
<div class="paragraph">
<p>M-Commerce Provider PRS Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinesscontent_theft">gsma-fraud:business="content-theft"</h4>
<div class="paragraph">
<p>Content Theft</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinesswangiri">gsma-fraud:business="wangiri"</h4>
<div class="paragraph">
<p>Wangiri</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudbusinessairtime_reseller_fraud">gsma-fraud:business="airtime-reseller-fraud"</h4>
<div class="paragraph">
<p>Airtime Reseller Fraud</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_prepaid">prepaid</h3>
<div class="sect3">
<h4 id="_gsma_fraudprepaidservices_fraud">gsma-fraud:prepaid="services-fraud"</h4>
<div class="paragraph">
<p>Prepaid Services Fraud - General</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudprepaidhlr_profile_manipulation">gsma-fraud:prepaid="hlr-profile-manipulation"</h4>
<div class="paragraph">
<p>HLR Profile Manipulation</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudprepaidmanual_recharging">gsma-fraud:prepaid="manual-recharging"</h4>
<div class="paragraph">
<p>Manual Recharging</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudprepaidgeneration_of_abusive_credits">gsma-fraud:prepaid="generation-of-abusive-credits"</h4>
<div class="paragraph">
<p>Generation of Abusive Calls</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_fraudprepaidscartch_card_abuse">gsma-fraud:prepaid="scartch-card-abuse"</h4>
<div class="paragraph">
<p>Scratch Card Abuse</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_gsma_network_technology">gsma-network-technology</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
gsma-network-technology namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/gsma-network-technology/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy used by GSMA for their information sharing program with telco describing the types of infrastructure. WiP</p>
</div>
<div class="sect2">
<h3 id="_user">user</h3>
</div>
<div class="sect2">
<h3 id="_applications">applications</h3>
</div>
<div class="sect2">
<h3 id="_end_devices_and_components">end-devices-and-components</h3>
<div class="sect3">
<h4 id="_gsma_network_technologyend_devices_and_componentsms">gsma-network-technology:end-devices-and-components="ms"</h4>
<div class="paragraph">
<p>Mobile Station</p>
</div>
</div>
<div class="sect3">
<h4 id="_gsma_network_technologyend_devices_and_componentsmobile_equipment_radio">gsma-network-technology:end-devices-and-components="mobile-equipment-radio"</h4>
<div class="paragraph">
<p>Mobile Equipment Radio</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_services">services</h3>
</div>
<div class="sect2">
<h3 id="_radio_access_network">radio-access-network</h3>
</div>
<div class="sect2">
<h3 id="_support_and_provisioning_systems">support-and-provisioning-systems</h3>
</div>
<div class="sect2">
<h3 id="_interconnects">interconnects</h3>
</div>
<div class="sect2">
<h3 id="_core">core</h3>
</div>
<div class="sect2">
<h3 id="_sim_secure_element_modules">sim-secure-element-modules</h3>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_honeypot_basic">honeypot-basic</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
honeypot-basic namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/honeypot-basic/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Updated (CIRCL, Seamus Dowling and EURECOM) from Christian Seifert, Ian Welch, Peter Komisarczuk, Taxonomy of Honeypots, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, <a href="http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf" class="bare">http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_interaction_level">interaction-level</h3>
<div class="paragraph">
<p>Describes whether the exposed functionality of a honeypot is limited in some way, which is usually the case for honeypots that simulate services.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basicinteraction_levelhigh">honeypot-basic:interaction-level="high"</h4>
<div class="paragraph">
<p>High Interaction Level</p>
</div>
<div class="paragraph">
<p>Exposed functionality of the honeypot is not limited.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicinteraction_levelmedium">honeypot-basic:interaction-level="medium"</h4>
<div class="paragraph">
<p>Medium Interaction Level</p>
</div>
<div class="paragraph">
<p>Exposed functionality of the honeypot is limited to the service without exposing the full operating system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicinteraction_levellow">honeypot-basic:interaction-level="low"</h4>
<div class="paragraph">
<p>low Interaction Level</p>
</div>
<div class="paragraph">
<p>Exposed functionality being limited. For example, a simulated SSH server of a honeypot is not able to authenticate against a valid login/password combination.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicinteraction_levelnone">honeypot-basic:interaction-level="none"</h4>
<div class="paragraph">
<p>No interaction capabilities</p>
</div>
<div class="paragraph">
<p>No exposed functionality in the honeypot.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicinteraction_leveladaptive">honeypot-basic:interaction-level="adaptive"</h4>
<div class="paragraph">
<p>Learns from attack interaction</p>
</div>
<div class="paragraph">
<p>Learns from attack interaction</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_data_capture">data-capture</h3>
<div class="paragraph">
<p>Describes the type of data a honeypot is able to capture</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdata_capturenetwork_capture">honeypot-basic:data-capture="network-capture"</h4>
<div class="paragraph">
<p>Network capture</p>
</div>
<div class="paragraph">
<p>The honeypot collects raw network capture.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdata_captureevents">honeypot-basic:data-capture="events"</h4>
<div class="paragraph">
<p>Events</p>
</div>
<div class="paragraph">
<p>The honeypot collects data about something that has happened or took place, a change in state.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdata_captureattacks">honeypot-basic:data-capture="attacks"</h4>
<div class="paragraph">
<p>Attacks</p>
</div>
<div class="paragraph">
<p>The honeypot collects malicious activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdata_captureintrusions">honeypot-basic:data-capture="intrusions"</h4>
<div class="paragraph">
<p>Intrusions</p>
</div>
<div class="paragraph">
<p>The honeypot collects malicious activity that leads to a security failure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdata_capturenone">honeypot-basic:data-capture="none"</h4>
<div class="paragraph">
<p>None</p>
</div>
<div class="paragraph">
<p>The honeypot does not collect events, attacks, or intrusions.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_containment">containment</h3>
<div class="paragraph">
<p>Classifies the measures a honeypot takes to defend against malicious activity spreading from itself.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basiccontainmentblock">honeypot-basic:containment="block"</h4>
<div class="paragraph">
<p>Block</p>
</div>
<div class="paragraph">
<p>Attackers actions are identified and blocked. The attack never reaches the target.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basiccontainmentdefuse">honeypot-basic:containment="defuse"</h4>
<div class="paragraph">
<p>Defuse</p>
</div>
<div class="paragraph">
<p>The attack reaches the target, but is manipulated in a way that it fails against the target.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basiccontainmentslow_down">honeypot-basic:containment="slow-down"</h4>
<div class="paragraph">
<p>Slow Down</p>
</div>
<div class="paragraph">
<p>Attacker is slowed down in his actions of spreading malicious activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basiccontainmentnone">honeypot-basic:containment="none"</h4>
<div class="paragraph">
<p>None</p>
</div>
<div class="paragraph">
<p>No action is taken to limit the intruders spread of malicious activity against other systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_distribution_appearance">distribution-appearance</h3>
<div class="paragraph">
<p>Describes whether the honeypot system appears to be confined to one system or multiple systems.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdistribution_appearancedistributed">honeypot-basic:distribution-appearance="distributed"</h4>
<div class="paragraph">
<p>Distributed</p>
</div>
<div class="paragraph">
<p>The honeypot is or appears to be composed of multiple systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicdistribution_appearancestand_alone">honeypot-basic:distribution-appearance="stand-alone"</h4>
<div class="paragraph">
<p>Stand-Alone</p>
</div>
<div class="paragraph">
<p>The honeypot is or appears to be one system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_communication_interface">communication-interface</h3>
<div class="paragraph">
<p>Describes the interfaces one can use to interact directly with the honeypot.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basiccommunication_interfacenetwork_interface">honeypot-basic:communication-interface="network-interface"</h4>
<div class="paragraph">
<p>Network Interface</p>
</div>
<div class="paragraph">
<p>The honeypot can be directly communicated with via a network interface.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basiccommunication_interfacehardware_interface">honeypot-basic:communication-interface="hardware-interface"</h4>
<div class="paragraph">
<p>Non-Network Hardware Interface</p>
</div>
<div class="paragraph">
<p>Examples: Printer port, CDROM drives, USB connections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basiccommunication_interfacesoftware_api">honeypot-basic:communication-interface="software-api"</h4>
<div class="paragraph">
<p>Software API</p>
</div>
<div class="paragraph">
<p>The honeypot can be interacted with via a software API.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_role">role</h3>
<div class="paragraph">
<p>Describes in what role the honeypot acts within a multi-tier architecture.</p>
</div>
<div class="sect3">
<h4 id="_honeypot_basicroleserver">honeypot-basic:role="server"</h4>
<div class="paragraph">
<p>Server</p>
</div>
<div class="paragraph">
<p>The honeypot is passively awaiting requests from clients.</p>
</div>
</div>
<div class="sect3">
<h4 id="_honeypot_basicroleclient">honeypot-basic:role="client"</h4>
<div class="paragraph">
<p>Client</p>
</div>
<div class="paragraph">
<p>The honeypot is actively initiating requests to servers.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ics">ics</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ics namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ics/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>FIRST.ORG CTI SIG - MISP Proposal for ICS/OT Threat Attribution (IOC) Project</p>
</div>
<div class="sect2">
<h3 id="_ot_security_issues">ot-security-issues</h3>
<div class="sect3">
<h4 id="_icsot_security_issuesmessage_authentication">ics:ot-security-issues="Message Authentication"</h4>
<div class="paragraph">
<p>Message Authentication</p>
</div>
<div class="paragraph">
<p>Auth in used protocols is attacked and falsification command can be sent</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesmessage_integrity_checking">ics:ot-security-issues="Message Integrity Checking"</h4>
<div class="paragraph">
<p>Message Integrity Checking</p>
</div>
<div class="paragraph">
<p>Message poart of the sent protocol is maliciously tampered</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesmessage_encryption">ics:ot-security-issues="Message Encryption"</h4>
<div class="paragraph">
<p>Message Encryption</p>
</div>
<div class="paragraph">
<p>Self explanatory, i.e. Weak encryption is attacked</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuescommand_injection">ics:ot-security-issues="Command Injection"</h4>
<div class="paragraph">
<p>Command Injection</p>
</div>
<div class="paragraph">
<p>Either Remote Command Injection or Local. On local can be timer triggered under tampered firmware</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesreplay_attack">ics:ot-security-issues="Replay Attack"</h4>
<div class="paragraph">
<p>Replay Attack</p>
</div>
<div class="paragraph">
<p>Self explanatory</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesman_in_the_middle_mitm_attack">ics:ot-security-issues="Man in the middle (MITM) Attack"</h4>
<div class="paragraph">
<p>Man in the middle (MITM) Attack</p>
</div>
<div class="paragraph">
<p>Self explanatory</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesundocumented_instructions">ics:ot-security-issues="Undocumented instructions"</h4>
<div class="paragraph">
<p>Undocumented instructions</p>
</div>
<div class="paragraph">
<p>Vendor&#8217;s left several instruction used for development or trouble shooting that is finally leaked and used to performed malicious activities on the devices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_security_issuesvendor_proprietary_protocols">ics:ot-security-issues="Vendor proprietary protocols"</h4>
<div class="paragraph">
<p>Vendor proprietary protocols</p>
</div>
<div class="paragraph">
<p>Internal vendor protocols used for development or trouble shooting, that is being maliciously for an attack.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_automatic_automobile_vehicle_aviation">ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationarinc_429">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="ARINC 429"</h4>
<div class="paragraph">
<p>ARINC 429</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationcan_bus_arinc_825_sae_j1939_nmea_2000_fms">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)"</h4>
<div class="paragraph">
<p>CAN bus (ARINC 825 SAE J1939 NMEA 2000 FMS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationflexray">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="FlexRay"</h4>
<div class="paragraph">
<p>FlexRay</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationiebus">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="IEBus"</h4>
<div class="paragraph">
<p>IEBus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationj1587">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="J1587"</h4>
<div class="paragraph">
<p>J1587</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationj1708">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="J1708"</h4>
<div class="paragraph">
<p>J1708</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationkeyword_protocol_2000">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Keyword Protocol 2000"</h4>
<div class="paragraph">
<p>Keyword Protocol 2000</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationunified_diagnostic_services">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="Unified Diagnostic Services"</h4>
<div class="paragraph">
<p>Unified Diagnostic Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationlin">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="LIN"</h4>
<div class="paragraph">
<p>LIN</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationmost">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="MOST"</h4>
<div class="paragraph">
<p>MOST</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_automobile_vehicle_aviationvan">ics:ot-network-data-transmission-protocols-automatic-automobile-vehicle-aviation="VAN"</h4>
<div class="paragraph">
<p>VAN</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_automatic_meter_reading">ot-network-data-transmission-protocols-automatic-meter-reading</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingansi_c12_18">ics:ot-network-data-transmission-protocols-automatic-meter-reading="ANSI C12.18"</h4>
<div class="paragraph">
<p>ANSI C12.18</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingiec_61107">ics:ot-network-data-transmission-protocols-automatic-meter-reading="IEC 61107"</h4>
<div class="paragraph">
<p>IEC 61107</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingdlmsiec_62056">ics:ot-network-data-transmission-protocols-automatic-meter-reading="DLMS/IEC 62056"</h4>
<div class="paragraph">
<p>DLMS/IEC 62056</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingm_bus">ics:ot-network-data-transmission-protocols-automatic-meter-reading="M-Bus"</h4>
<div class="paragraph">
<p>M-Bus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingmodbus">ics:ot-network-data-transmission-protocols-automatic-meter-reading="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_automatic_meter_readingzigbee">ics:ot-network-data-transmission-protocols-automatic-meter-reading="ZigBee"</h4>
<div class="paragraph">
<p>ZigBee</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_industrial_control_system">ot-network-data-transmission-protocols-industrial-control-system</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemmtconnect">ics:ot-network-data-transmission-protocols-industrial-control-system="MTConnect"</h4>
<div class="paragraph">
<p>MTConnect</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemopc">ics:ot-network-data-transmission-protocols-industrial-control-system="OPC"</h4>
<div class="paragraph">
<p>OPC</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemda">ics:ot-network-data-transmission-protocols-industrial-control-system="DA"</h4>
<div class="paragraph">
<p>DA</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemhda">ics:ot-network-data-transmission-protocols-industrial-control-system="HDA"</h4>
<div class="paragraph">
<p>HDA</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_industrial_control_systemua">ics:ot-network-data-transmission-protocols-industrial-control-system="UA"</h4>
<div class="paragraph">
<p>UA</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_building_automation">ot-network-data-transmission-protocols-building-automation</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automation1_wire">ics:ot-network-data-transmission-protocols-building-automation="1-Wire"</h4>
<div class="paragraph">
<p>1-Wire</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationbacnet">ics:ot-network-data-transmission-protocols-building-automation="BACnet"</h4>
<div class="paragraph">
<p>BACnet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationc_bus">ics:ot-network-data-transmission-protocols-building-automation="C-Bus"</h4>
<div class="paragraph">
<p>C-Bus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationcebus">ics:ot-network-data-transmission-protocols-building-automation="CEBus"</h4>
<div class="paragraph">
<p>CEBus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdali">ics:ot-network-data-transmission-protocols-building-automation="DALI"</h4>
<div class="paragraph">
<p>DALI</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdsi">ics:ot-network-data-transmission-protocols-building-automation="DSI"</h4>
<div class="paragraph">
<p>DSI</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationdynet">ics:ot-network-data-transmission-protocols-building-automation="DyNet"</h4>
<div class="paragraph">
<p>DyNet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-building-automation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationknx">ics:ot-network-data-transmission-protocols-building-automation="KNX"</h4>
<div class="paragraph">
<p>KNX</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationlontalk">ics:ot-network-data-transmission-protocols-building-automation="LonTalk"</h4>
<div class="paragraph">
<p>LonTalk</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationmodbus">ics:ot-network-data-transmission-protocols-building-automation="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationobix">ics:ot-network-data-transmission-protocols-building-automation="oBIX"</h4>
<div class="paragraph">
<p>oBIX</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationvscp">ics:ot-network-data-transmission-protocols-building-automation="VSCP"</h4>
<div class="paragraph">
<p>VSCP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationx10">ics:ot-network-data-transmission-protocols-building-automation="X10"</h4>
<div class="paragraph">
<p>X10</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationxap">ics:ot-network-data-transmission-protocols-building-automation="xAP"</h4>
<div class="paragraph">
<p>xAP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationxpl">ics:ot-network-data-transmission-protocols-building-automation="xPL"</h4>
<div class="paragraph">
<p>xPL</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_building_automationzigbee">ics:ot-network-data-transmission-protocols-building-automation="ZigBee"</h4>
<div class="paragraph">
<p>ZigBee</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_power_system_automation">ot-network-data-transmission-protocols-power-system-automation</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_60870">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 60870"</h4>
<div class="paragraph">
<p>IEC 60870</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationdnp3">ics:ot-network-data-transmission-protocols-power-system-automation="DNP3"</h4>
<div class="paragraph">
<p>DNP3</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-power-system-automation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_61850">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 61850"</h4>
<div class="paragraph">
<p>IEC 61850</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationiec_62351">ics:ot-network-data-transmission-protocols-power-system-automation="IEC 62351"</h4>
<div class="paragraph">
<p>IEC 62351</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationmodbus">ics:ot-network-data-transmission-protocols-power-system-automation="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_power_system_automationprofibus">ics:ot-network-data-transmission-protocols-power-system-automation="Profibus"</h4>
<div class="paragraph">
<p>Profibus</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_network_data_transmission_protocols_process_automation">ot-network-data-transmission-protocols-process-automation</h3>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationas_i">ics:ot-network-data-transmission-protocols-process-automation="AS-i"</h4>
<div class="paragraph">
<p>AS-i</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationbsap">ics:ot-network-data-transmission-protocols-process-automation="BSAP"</h4>
<div class="paragraph">
<p>BSAP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationcc_link_industrial_networks">ics:ot-network-data-transmission-protocols-process-automation="CC-Link Industrial Networks"</h4>
<div class="paragraph">
<p>CC-Link Industrial Networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationcip">ics:ot-network-data-transmission-protocols-process-automation="CIP"</h4>
<div class="paragraph">
<p>CIP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationcan_bus">ics:ot-network-data-transmission-protocols-process-automation="CAN bus"</h4>
<div class="paragraph">
<p>CAN bus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationcontrolnet">ics:ot-network-data-transmission-protocols-process-automation="ControlNet"</h4>
<div class="paragraph">
<p>ControlNet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationdf_1">ics:ot-network-data-transmission-protocols-process-automation="DF-1"</h4>
<div class="paragraph">
<p>DF-1</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationdirectnet">ics:ot-network-data-transmission-protocols-process-automation="DirectNET"</h4>
<div class="paragraph">
<p>DirectNET</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationethercat">ics:ot-network-data-transmission-protocols-process-automation="EtherCAT"</h4>
<div class="paragraph">
<p>EtherCAT</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationethernet_global_data_egd">ics:ot-network-data-transmission-protocols-process-automation="Ethernet Global Data (EGD)"</h4>
<div class="paragraph">
<p>Ethernet Global Data (EGD)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationethernet_powerlink">ics:ot-network-data-transmission-protocols-process-automation="Ethernet Powerlink"</h4>
<div class="paragraph">
<p>Ethernet Powerlink</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationethernetip">ics:ot-network-data-transmission-protocols-process-automation="EtherNet/IP"</h4>
<div class="paragraph">
<p>EtherNet/IP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationexperimental_physics_and_industrial_control_system_epics_streamdevice_protocol_i_e_rffreq_499_655_mhz">ics:ot-network-data-transmission-protocols-process-automation="Experimental Physics and Industrial Control System (EPICS) StreamDevice protocol (i.e RF:FREQ 499.655 MHZ)"</h4>
<div class="paragraph">
<p>Experimental Physics and Industrial Control System (EPICS) StreamDevice protocol (i.e RF:FREQ 499.655 MHZ)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationfactory_instrumentation_protocol">ics:ot-network-data-transmission-protocols-process-automation="Factory Instrumentation Protocol"</h4>
<div class="paragraph">
<p>Factory Instrumentation Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationfins">ics:ot-network-data-transmission-protocols-process-automation="FINS"</h4>
<div class="paragraph">
<p>FINS</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationfoundation_fieldbus_h1_hse">ics:ot-network-data-transmission-protocols-process-automation="FOUNDATION fieldbus (H1 HSE)"</h4>
<div class="paragraph">
<p>FOUNDATION fieldbus (H1 HSE)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationge_srtp">ics:ot-network-data-transmission-protocols-process-automation="GE SRTP"</h4>
<div class="paragraph">
<p>GE SRTP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationhart_protocol">ics:ot-network-data-transmission-protocols-process-automation="HART Protocol"</h4>
<div class="paragraph">
<p>HART Protocol</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationhoneywell_sds">ics:ot-network-data-transmission-protocols-process-automation="Honeywell SDS"</h4>
<div class="paragraph">
<p>Honeywell SDS</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationhostlink">ics:ot-network-data-transmission-protocols-process-automation="HostLink"</h4>
<div class="paragraph">
<p>HostLink</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationinterbus">ics:ot-network-data-transmission-protocols-process-automation="INTERBUS"</h4>
<div class="paragraph">
<p>INTERBUS</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationio_link">ics:ot-network-data-transmission-protocols-process-automation="IO-Link"</h4>
<div class="paragraph">
<p>IO-Link</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationmechatrolink">ics:ot-network-data-transmission-protocols-process-automation="MECHATROLINK"</h4>
<div class="paragraph">
<p>MECHATROLINK</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationmelsecnet">ics:ot-network-data-transmission-protocols-process-automation="MelsecNet"</h4>
<div class="paragraph">
<p>MelsecNet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationmodbus">ics:ot-network-data-transmission-protocols-process-automation="Modbus"</h4>
<div class="paragraph">
<p>Modbus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationoptomu">ics:ot-network-data-transmission-protocols-process-automation="Optomu"</h4>
<div class="paragraph">
<p>Optomu</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationpiep">ics:ot-network-data-transmission-protocols-process-automation="PieP"</h4>
<div class="paragraph">
<p>PieP</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationprofibus">ics:ot-network-data-transmission-protocols-process-automation="Profibus"</h4>
<div class="paragraph">
<p>Profibus</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationprofinet_io">ics:ot-network-data-transmission-protocols-process-automation="PROFINET IO"</h4>
<div class="paragraph">
<p>PROFINET IO</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationrapienet">ics:ot-network-data-transmission-protocols-process-automation="RAPIEnet"</h4>
<div class="paragraph">
<p>RAPIEnet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationsercos_interface">ics:ot-network-data-transmission-protocols-process-automation="SERCOS interface"</h4>
<div class="paragraph">
<p>SERCOS interface</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationsercos_iii">ics:ot-network-data-transmission-protocols-process-automation="SERCOS III"</h4>
<div class="paragraph">
<p>SERCOS III</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationsinec_h1">ics:ot-network-data-transmission-protocols-process-automation="Sinec H1"</h4>
<div class="paragraph">
<p>Sinec H1</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationsynqnet">ics:ot-network-data-transmission-protocols-process-automation="SynqNet"</h4>
<div class="paragraph">
<p>SynqNet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationttethernet">ics:ot-network-data-transmission-protocols-process-automation="TTEthernet"</h4>
<div class="paragraph">
<p>TTEthernet</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_network_data_transmission_protocols_process_automationtcpip">ics:ot-network-data-transmission-protocols-process-automation="TCP/IP"</h4>
<div class="paragraph">
<p>TCP/IP</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_communication_interface">ot-communication-interface</h3>
<div class="sect3">
<h4 id="_icsot_communication_interfacers_232">ics:ot-communication-interface="rs-232"</h4>
<div class="paragraph">
<p>RS-232 (comm port)</p>
</div>
<div class="paragraph">
<p>Serial communication with an implementation comprises 2 data lines, 6 control lines and one ground.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfacers_422_rs_423_or_rs_485">ics:ot-communication-interface="rs-422, rs-423 or rs-485"</h4>
<div class="paragraph">
<p>RS-422, RS-423 or RS-485</p>
</div>
<div class="paragraph">
<p>RS-422 is compatible to RS-232, used in situations where long distances are required, it can drive up to 1200m at 100kbit/s, and up to 1Mbit/s over short distances. RS-422 uses a differential driver, uses a four-conductor cable, and up to ten receivers can be on a multi-dropped network or bus. RS-485 is like RS-422 but RS-422 allows just one driver with multiple receivers whereas RS-485 supports multiple drivers and receivers RS-485 also allows up to thirty two (32) multi-dropped receivers or transmitters on a multi-dropped network or bus. At 90 kbit/s, the maximum cable length is 1250 m, and at 10 Mbit/s it is 15 m. The devices are half-duplex (i.e. send or receive, but not both at the same time). For more nodes or long distances, you can use repeaters that regenerate the signals and begin a new RS-485 line.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceieee_488_gpib">ics:ot-communication-interface="ieee-488-gpib"</h4>
<div class="paragraph">
<p>IEEE-488 (GPIB)</p>
</div>
<div class="paragraph">
<p>Known as Hewlett-Packard HP-IB but was renamed as GPIB (General Purpose Interface Bus) by the IEEE-488 (1975). IEEE-488 interface comprises 8 data lines, 8 control lines and 8 ground lines. Up to 15 devices can be interconnected on one bus. Each device is assigned a unique primary address, ranging from 4-30, by setting the address switches on the device. Devices are linked in either a daisy-chain or star (or some combination) configuration with up to 20 m of shielded 24-conductor cable. A maximum separation of 4 m is specified between any two devices, and an average of 2m over the entire bus. The data transfer rate can be up to 1 Mbyte/s. Three types of devices can be connected to an IEEE-488 bus (Listeners, Talkers, and Controllers)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceieee_1394_firewire">ics:ot-communication-interface="ieee-1394-firewire"</h4>
<div class="paragraph">
<p>IEEE-1394 (FireWire)</p>
</div>
<div class="paragraph">
<p>The IEEE-1394 defines a serial serial interface that can use the bus cable to power devices. Firewire transmits data in packets and incurs some overhead as a result. Firewire frames are 125 msec long which means that despite a 'headline' transfer speed of 400 Mbit/s Firewire can be substantially slower in responding to instruments' service requests. Firewire uses a peer-peer protocol, similar to IEEE-488. Using standard cable, the maximum length bus comprises 16 hops of 4.5m each. Each hop connects two devices, but each physical device can contain four logical nodes. A Firewire cable contains two twisted-pairs (signals and clock) and two untwisted conductors (power and ground).</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceusb_universal_serial_bus">ics:ot-communication-interface="usb-universal-serial-bus"</h4>
<div class="paragraph">
<p>USB (Universal Serial Bus)</p>
</div>
<div class="paragraph">
<p>USB is the bus topology, and host-target protocol, mean that giving existing PC-based instruments a USB port not as trivial as it could be, but instruments with USB ports are coming onto the ICS market increasing numbers. USB 1.1 has many features as serial data transmission, device powering, data sent in 1 ms packets. USB offers 1.5- and 12-Mbit/s speeds. Individual devices can use the bus for a maximum of 50% of the time. In practice, the maximum rate is not more than 0.6 Mbyte/s. USB 2.0 specification was released in 2000. In addition to increasing the signaling rate from 12 MHz to 480 MHz, the specification describes a more advanced feature set and uses bandwidth more efficiently than 'Classic' USB. Version 2 of USB seems likely to prevent IEEE 1394 becoming widely adopted in instrument systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceethernet">ics:ot-communication-interface="ethernet"</h4>
<div class="paragraph">
<p>Ethernet</p>
</div>
<div class="paragraph">
<p>Instruments with ethernet interfaces have the great advantage that they can be accessed and controlled from a desktop anywhere in the world. A web-enabled ICS device behaves can be operated with standard browser. Systems with comm based on these interface can make use of existing Ethernet networks and connecting an instrument directly into the internet makes sharing of data easy. Fast data transfer is possible. However, when connected to the public internet it is difficult to secure or maintain its security and a full evaluation of the risks involved for this interface usage is very essential.</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_communication_interfaceothers">ics:ot-communication-interface="others"</h4>
<div class="paragraph">
<p>Others</p>
</div>
<div class="paragraph">
<p>Other communication interface not listed.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_operating_systems">ot-operating-systems</h3>
<div class="sect3">
<h4 id="_icsot_operating_systemsrtos">ics:ot-operating-systems="rtos"</h4>
<div class="paragraph">
<p>RTOS</p>
</div>
<div class="paragraph">
<p>Please see the URL reference, there are a lot of it to be listed in here. These OS are also referred as Firmware. <a href="https://en.wikipedia.org/wiki/Comparison_of_real-time_operating_systems" class="bare">https://en.wikipedia.org/wiki/Comparison_of_real-time_operating_systems</a></p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_operating_systemslinux_embedded_base_os">ics:ot-operating-systems="linux-embedded-base-os"</h4>
<div class="paragraph">
<p>Linux Embedded Base OS</p>
</div>
<div class="paragraph">
<p>Yocto\nBuildroot\nOpenWRT\nB &amp; R Linux\n Scientific Linux\nRaspbian\nAndroid</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_operating_systemsbsd">ics:ot-operating-systems="bsd"</h4>
<div class="paragraph">
<p>BSD</p>
</div>
<div class="paragraph">
<p>NetBSD (NetBSD Embedded Systems)\nFreeBSD (Modified. i.e.: Orbis OS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_operating_systemsmicrosoft">ics:ot-operating-systems="microsoft"</h4>
<div class="paragraph">
<p>Microsoft</p>
</div>
<div class="paragraph">
<p>Windows 10 IoT Enterprise\n Windows Embedded 8.1 Industry Professional\n Windows 7 Professional/Ultimate\n Windows Embedded Standard 7\n Windows Embedded Standard 2009\n Windows CE 6.0\n</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ot_components_category">ot-components-category</h3>
<div class="sect3">
<h4 id="_icsot_components_categoryprogrammable_logic_controller">ics:ot-components-category="programmable-logic-controller"</h4>
<div class="paragraph">
<p>Programmable Logic Controller (PLC)</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Computing device with user-programmable memory to storing instructions to operate a physical process.\n\n 2.Various PLC types for different processses</p>
</li>
</ol>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categoryremote_terminal_unit">ics:ot-components-category="remote-terminal-unit"</h4>
<div class="paragraph">
<p>Remote Terminal Unit (RTU)</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Data aquisitionand control unit designedto support field sites and remote stations.\n\n2. Wired and wireless communication capabilities.\n\n3. No stored program logic.</p>
</li>
</ol>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categoryhuman_machine_interface">ics:ot-components-category="human-machine-interface"</h4>
<div class="paragraph">
<p>Human-Machine Interface (HMI)</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Hardware/software that operators used to interact with control system.\n\n2. From physical control panels to a complete computer systems</p>
</li>
</ol>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categorysensors">ics:ot-components-category="sensors"</h4>
<div class="paragraph">
<p>Sensors</p>
</div>
<div class="paragraph">
<p>Pressure, Temperature, Flow, Voltage, Optical, Proximity</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categoryactuators">ics:ot-components-category="actuators"</h4>
<div class="paragraph">
<p>Actuators</p>
</div>
<div class="paragraph">
<p>Variable Frequency Drive, Servo Drive, Valve, Circuit Breaker</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categorycommunications">ics:ot-components-category="communications"</h4>
<div class="paragraph">
<p>Communications</p>
</div>
<div class="paragraph">
<p>Modems, Routers, Serial - Ethernet Converters, Swtiches</p>
</div>
</div>
<div class="sect3">
<h4 id="_icsot_components_categorysupervisory_level_devices">ics:ot-components-category="supervisory-level-devices"</h4>
<div class="paragraph">
<p>Supervisory Level Devices</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Control Server (Supervisory systems that hosts control software to manage lower level control devices like PLC).\n\n2. Data Historian (Centralized database for information about process, control activity and status record).\n\n3. Engineering workstations (Creating and revising control systems anbd programs, incl. project files).</p>
</li>
</ol>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_iep">iep</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
iep namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/iep/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Forum of Incident Response and Security Teams (FIRST) Information Exchange Policy (IEP) framework</p>
</div>
<div class="sect2">
<h3 id="_commercial_use">commercial-use</h3>
<div class="paragraph">
<p>States whether Recipients are permitted to use information received in commercial products or services.</p>
</div>
<div class="sect3">
<h4 id="_iepcommercial_usemay">iep:commercial-use="MAY"</h4>
<div class="paragraph">
<p>Recipients MAY use this information in commercial products or services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepcommercial_usemust_not">iep:commercial-use="MUST NOT"</h4>
<div class="paragraph">
<p>Recipients MUST NOT use this information in commercial products or services.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_external_reference">external-reference</h3>
<div class="paragraph">
<p>This statement can be used to convey a description or reference to any applicable licenses, agreements, or conditions between the producer and receiver.</p>
</div>
<div class="sect3">
<h4 id="_iepexternal_referencetext">iep:external-reference="$text"</h4>
<div class="paragraph">
<p>An external-reference value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_encrypt_in_transit">encrypt-in-transit</h3>
<div class="paragraph">
<p>States whether the received information has to be encrypted when it is retransmitted by the recipient.</p>
</div>
<div class="sect3">
<h4 id="_iepencrypt_in_transitmust">iep:encrypt-in-transit="MUST"</h4>
<div class="paragraph">
<p>Recipients MUST encrypt the information received when it is retransmitted or redistributed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepencrypt_in_transitmay">iep:encrypt-in-transit="MAY"</h4>
<div class="paragraph">
<p>Recipients MAY encrypt the information received when it is retransmitted or redistributed.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_encrypt_at_rest">encrypt-at-rest</h3>
<div class="paragraph">
<p>States whether the received information has to be encrypted by the Recipient when it is stored at rest.</p>
</div>
<div class="sect3">
<h4 id="_iepencrypt_at_restmust">iep:encrypt-at-rest="MUST"</h4>
<div class="paragraph">
<p>Recipients MUST encrypt the information received when it is stored at rest.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepencrypt_at_restmay">iep:encrypt-at-rest="MAY"</h4>
<div class="paragraph">
<p>Recipients MAY encrypt the information received when it is stored at rest.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_permitted_actions">permitted-actions</h3>
<div class="paragraph">
<p>States the permitted actions that Recipients can take upon information received.</p>
</div>
<div class="sect3">
<h4 id="_ieppermitted_actionsnone">iep:permitted-actions="NONE"</h4>
<div class="paragraph">
<p>Recipients MUST contact the Providers before acting upon the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ieppermitted_actionscontact_for_instruction">iep:permitted-actions="CONTACT FOR INSTRUCTION"</h4>
<div class="paragraph">
<p>Recipients MUST contact the Providers before acting upon the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ieppermitted_actionsinternally_visible_actions">iep:permitted-actions="INTERNALLY VISIBLE ACTIONS"</h4>
<div class="paragraph">
<p>Recipients MAY conduct actions on the information received that are only visible on the Recipients internal networks and systems, and MUST NOT conduct actions that are visible outside of the Recipients networks and systems, or visible to third parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ieppermitted_actionsexternally_visible_indirect_actions">iep:permitted-actions="EXTERNALLY VISIBLE INDIRECT ACTIONS"</h4>
<div class="paragraph">
<p>Recipients MAY conduct indirect, or passive, actions on the information received that are externally visible and MUST NOT conduct direct, or active, actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ieppermitted_actionsexternally_visible_direct_actions">iep:permitted-actions="EXTERNALLY VISIBLE DIRECT ACTIONS"</h4>
<div class="paragraph">
<p>Recipients MAY conduct direct, or active, actions on the information received that are externally visible.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_affected_party_notifications">affected-party-notifications</h3>
<div class="paragraph">
<p>Recipients are permitted notify affected third parties of a potential compromise or threat.</p>
</div>
<div class="sect3">
<h4 id="_iepaffected_party_notificationsmay">iep:affected-party-notifications="MAY"</h4>
<div class="paragraph">
<p>Recipients MAY notify affected parties of a potential compromise or threat.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepaffected_party_notificationsmust_not">iep:affected-party-notifications="MUST NOT"</h4>
<div class="paragraph">
<p>Recipients MUST NOT notify affected parties of potential compromise or threat.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_traffic_light_protocol">traffic-light-protocol</h3>
<div class="paragraph">
<p>Recipients are permitted to redistribute the information received within the redistribution scope as defined by the enumerations.</p>
</div>
<div class="sect3">
<h4 id="_ieptraffic_light_protocolred">iep:traffic-light-protocol="RED"</h4>
<div class="paragraph">
<p>Personal for identified recipients only.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ieptraffic_light_protocolamber">iep:traffic-light-protocol="AMBER"</h4>
<div class="paragraph">
<p>Limited sharing on the basis of need-to-know.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ieptraffic_light_protocolgreen">iep:traffic-light-protocol="GREEN"</h4>
<div class="paragraph">
<p>Community wide sharing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ieptraffic_light_protocolwhite">iep:traffic-light-protocol="WHITE"</h4>
<div class="paragraph">
<p>Unlimited sharing.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_provider_attribution">provider-attribution</h3>
<div class="paragraph">
<p>Recipients could be required to attribute or anonymize the Provider when redistributing the information received.</p>
</div>
<div class="sect3">
<h4 id="_iepprovider_attributionmay">iep:provider-attribution="MAY"</h4>
<div class="paragraph">
<p>Recipients MAY attribute the Provider when redistributing the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepprovider_attributionmust">iep:provider-attribution="MUST"</h4>
<div class="paragraph">
<p>Recipients MUST attribute the Provider when redistributing the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepprovider_attributionmust_not">iep:provider-attribution="MUST NOT"</h4>
<div class="paragraph">
<p>Recipients MUST NOT attribute the Provider when redistributing the information received.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_obfuscate_affected_parties">obfuscate-affected-parties</h3>
<div class="paragraph">
<p>Recipients could be required to obfuscate or anonymize information that could be used to identify the victims before redistributing the information received.</p>
</div>
<div class="sect3">
<h4 id="_iepobfuscate_affected_partiesmay">iep:obfuscate-affected-parties="MAY"</h4>
<div class="paragraph">
<p>Recipients MAY obfuscate information about the specific affected parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepobfuscate_affected_partiesmust">iep:obfuscate-affected-parties="MUST"</h4>
<div class="paragraph">
<p>Recipients MUST obfuscate information about the specific affected parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepobfuscate_affected_partiesmust_not">iep:obfuscate-affected-parties="MUST NOT"</h4>
<div class="paragraph">
<p>Recipients MUST NOT obfuscate information about the specific affected parties.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unmodified_resale">unmodified-resale</h3>
<div class="paragraph">
<p>States whether the recipient MAY or MUST NOT resell the information received unmodified or in a semantically equivalent format.</p>
</div>
<div class="sect3">
<h4 id="_iepunmodified_resalemay">iep:unmodified-resale="MAY"</h4>
<div class="paragraph">
<p>Recipients MAY resell the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iepunmodified_resalemust_not">iep:unmodified-resale="MUST NOT"</h4>
<div class="paragraph">
<p>Recipients MUST NOT resell the information received unmodified or in a semantically equivalent format.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_start_date">start-date</h3>
<div class="paragraph">
<p>States the UTC date that the IEP is effective from.</p>
</div>
<div class="sect3">
<h4 id="_iepstart_datetext">iep:start-date="$text"</h4>
<div class="paragraph">
<p>A start-date value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_end_date">end-date</h3>
<div class="paragraph">
<p>States the UTC date that the IEP is effective until.</p>
</div>
<div class="sect3">
<h4 id="_iepend_datetext">iep:end-date="$text"</h4>
<div class="paragraph">
<p>An end-date value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_reference">reference</h3>
<div class="paragraph">
<p>This statement can be used to provide a URL reference to the specific IEP implementation.</p>
</div>
<div class="sect3">
<h4 id="_iepreferencetext">iep:reference="$text"</h4>
<div class="paragraph">
<p>A reference value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_name">name</h3>
<div class="paragraph">
<p>This statement can be used to provide a name for an IEP implementation.</p>
</div>
<div class="sect3">
<h4 id="_iepnametext">iep:name="$text"</h4>
<div class="paragraph">
<p>A name value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_version">version</h3>
<div class="paragraph">
<p>States the version of the IEP framework that has been used.</p>
</div>
<div class="sect3">
<h4 id="_iepversiontext">iep:version="$text"</h4>
<div class="paragraph">
<p>A version value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_id">id</h3>
<div class="paragraph">
<p>Provides a unique ID to identify a specific IEP implementation.</p>
</div>
<div class="sect3">
<h4 id="_iepidtext">iep:id="$text"</h4>
<div class="paragraph">
<p>An id value is required</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_iep2_policy">iep2-policy</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
iep2-policy namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/iep2-policy/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Forum of Incident Response and Security Teams (FIRST) Information Exchange Policy (IEP) v2.0 Policy</p>
</div>
<div class="sect2">
<h3 id="_id_2">id</h3>
<div class="paragraph">
<p>Provides a unique ID to identify a specific IEP policy.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyidtext">iep2-policy:id="$text"</h4>
<div class="paragraph">
<p>An id value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_name_2">name</h3>
<div class="paragraph">
<p>This statement can be used to provide a name for an IEP policy.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policynametext">iep2-policy:name="$text"</h4>
<div class="paragraph">
<p>A name value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_description">description</h3>
<div class="paragraph">
<p>This statement can be used to provide more details as a background for an IEP policy.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policydescriptiontext">iep2-policy:description="$text"</h4>
<div class="paragraph">
<p>A description value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_iep_version">iep_version</h3>
<div class="paragraph">
<p>States the version of the IEP framework that has been used. Must be set to 2.0.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyiep_version2_0">iep2-policy:iep_version="2.0"</h4>
<div class="paragraph">
<p>The IEP version value must be 2.0</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_start_date_2">start_date</h3>
<div class="paragraph">
<p>States the UTC date that the IEP is effective from.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policystart_datetext">iep2-policy:start_date="$text"</h4>
<div class="paragraph">
<p>A start_date value is required. It must be a UTC date in RFC3339 format.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_end_date_2">end_date</h3>
<div class="paragraph">
<p>States the UTC date that the IEP is effective until.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyend_datetext">iep2-policy:end_date="$text"</h4>
<div class="paragraph">
<p>An end_date value is required. It must be a UTC date in RFC3339 format, or 'null'. null is used when the IEP policy never expires.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_encrypt_in_transit_2">encrypt_in_transit</h3>
<div class="paragraph">
<p>States whether the received information has to be encrypted when it is retransmitted by the recipient.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyencrypt_in_transitmust">iep2-policy:encrypt_in_transit="must"</h4>
<div class="paragraph">
<p>Recipients MUST encrypt the information received when it is retransmitted or redistributed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policyencrypt_in_transitmay">iep2-policy:encrypt_in_transit="may"</h4>
<div class="paragraph">
<p>Recipients MAY encrypt the information received when it is retransmitted or redistributed.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_permitted_actions_2">permitted_actions</h3>
<div class="paragraph">
<p>States the permitted actions that Recipients can take upon information received.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policypermitted_actionsnone">iep2-policy:permitted_actions="none"</h4>
<div class="paragraph">
<p>Recipients MUST contact the Providers before acting upon the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policypermitted_actionscontact_for_instruction">iep2-policy:permitted_actions="contact-for-instruction"</h4>
<div class="paragraph">
<p>Recipients MUST contact the Providers before acting upon the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policypermitted_actionsinternally_visible_actions">iep2-policy:permitted_actions="internally-visible-actions"</h4>
<div class="paragraph">
<p>Recipients MAY conduct actions on the information received that are only visible on the Recipients internal networks and systems, and MUST NOT conduct actions that are visible outside of the Recipients networks and systems, or visible to third parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policypermitted_actionsexternally_visible_indirect_actions">iep2-policy:permitted_actions="externally-visible-indirect-actions"</h4>
<div class="paragraph">
<p>Recipients MAY conduct indirect, or passive, actions on the information received that are externally visible and MUST NOT conduct direct, or active, actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policypermitted_actionsexternally_visible_direct_actions">iep2-policy:permitted_actions="externally-visible-direct-actions"</h4>
<div class="paragraph">
<p>Recipients MAY conduct direct, or active, actions on the information received that are externally visible.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_affected_party_notifications_2">affected_party_notifications</h3>
<div class="paragraph">
<p>Recipients are permitted notify affected third parties of a potential compromise or threat.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyaffected_party_notificationsmay">iep2-policy:affected_party_notifications="may"</h4>
<div class="paragraph">
<p>Recipients MAY notify affected parties of a potential compromise or threat.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policyaffected_party_notificationsmust_not">iep2-policy:affected_party_notifications="must-not"</h4>
<div class="paragraph">
<p>Recipients MUST NOT notify affected parties of potential compromise or threat.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_tlp">tlp</h3>
<div class="paragraph">
<p>Recipients are permitted to redistribute the information received within the redistribution scope as defined by the enumerations.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policytlpred">iep2-policy:tlp="red"</h4>
<div class="paragraph">
<p>Personal for identified recipients only.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policytlpamber">iep2-policy:tlp="amber"</h4>
<div class="paragraph">
<p>Limited sharing on the basis of need-to-know.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policytlpgreen">iep2-policy:tlp="green"</h4>
<div class="paragraph">
<p>Community wide sharing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policytlpwhite">iep2-policy:tlp="white"</h4>
<div class="paragraph">
<p>Unlimited sharing.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attribution">attribution</h3>
<div class="paragraph">
<p>Recipients could be required to attribute or anonymize the Provider when redistributing the information received.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyattributionmay">iep2-policy:attribution="may"</h4>
<div class="paragraph">
<p>Recipients MAY attribute the Provider when redistributing the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policyattributionmust">iep2-policy:attribution="must"</h4>
<div class="paragraph">
<p>Recipients MUST attribute the Provider when redistributing the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policyattributionmust_not">iep2-policy:attribution="must-not"</h4>
<div class="paragraph">
<p>Recipients MUST NOT attribute the Provider when redistributing the information received.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unmodified_resale_2">unmodified_resale</h3>
<div class="paragraph">
<p>States whether the recipient MAY or MUST NOT resell the information received unmodified or in a semantically equivalent format.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyunmodified_resalemay">iep2-policy:unmodified_resale="may"</h4>
<div class="paragraph">
<p>Recipients MAY resell the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep2_policyunmodified_resalemust_not">iep2-policy:unmodified_resale="must-not"</h4>
<div class="paragraph">
<p>Recipients MUST NOT resell the information received unmodified or in a semantically equivalent format.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_external_reference_2">external_reference</h3>
<div class="paragraph">
<p>This statement can be used to convey a description or reference to any applicable licenses, agreements, or conditions between the producer and receiver.</p>
</div>
<div class="sect3">
<h4 id="_iep2_policyexternal_referencetext">iep2-policy:external_reference="$text"</h4>
<div class="paragraph">
<p>An external_reference value is a URL that contains information relevant for this IEP policy. The URL MUST adhere to RFC3986.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_iep2_reference">iep2-reference</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
iep2-reference namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/iep2-reference/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Forum of Incident Response and Security Teams (FIRST) Information Exchange Policy (IEP) v2.0 Reference</p>
</div>
<div class="sect2">
<h3 id="_id_ref">id_ref</h3>
<div class="paragraph">
<p>Refers to a unique IEP Policy ID to identify a specific IEP policy at a remote location.</p>
</div>
<div class="sect3">
<h4 id="_iep2_referenceid_reftext">iep2-reference:id_ref="$text"</h4>
<div class="paragraph">
<p>An id_ref value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_url">url</h3>
<div class="paragraph">
<p>This is the remote URL specifying the IEP Policy File that contains the IEP Policy you wish to use.</p>
</div>
<div class="sect3">
<h4 id="_iep2_referenceurltext">iep2-reference:url="$text"</h4>
<div class="paragraph">
<p>A URL value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_iep_version_2">iep_version</h3>
<div class="paragraph">
<p>States the version of the IEP framework that has been used. Must be set to 2.0.</p>
</div>
<div class="sect3">
<h4 id="_iep2_referenceiep_version2_0">iep2-reference:iep_version="2.0"</h4>
<div class="paragraph">
<p>The IEP version value must be 2.0</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ifx_vetting">ifx-vetting</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ifx-vetting namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ifx-vetting/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The IFX taxonomy is used to categorise information (MISP events and attributes) to aid in the intelligence vetting process</p>
</div>
<div class="sect2">
<h3 id="_vetted">vetted</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedlegit_but_compromised">ifx-vetting:vetted="legit-but-compromised"</h4>
<div class="paragraph">
<p>The attribute/event describes something that is legitly used, but seems to be compromised by 3rd parties to be used for malicious activities. Consider this if blocking is your course of action.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedlegit">ifx-vetting:vetted="legit"</h4>
<div class="paragraph">
<p>The attribute/event describes something legitly used, that does not show signes of compromise or misuse.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedlegit_uncertain">ifx-vetting:vetted="legit-uncertain"</h4>
<div class="paragraph">
<p>The attribute/event describes something where it is not 100% clear if it is used only legitly.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedmalicious">ifx-vetting:vetted="malicious"</h4>
<div class="paragraph">
<p>The attribute/event describes something that is definitly used maliciously.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedmalicious_uncertain">ifx-vetting:vetted="malicious-uncertain"</h4>
<div class="paragraph">
<p>The attribute/event describes something that seems to be used maliciously, but there is no 100% proof.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedinvalid">ifx-vetting:vetted="invalid"</h4>
<div class="paragraph">
<p>The attribute/event is invalid or wrong in respect to the situation described by the event.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedirrelevant">ifx-vetting:vetted="irrelevant"</h4>
<div class="paragraph">
<p>The attribute/event is irrelevant to your organization or CTI process.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedundetermined">ifx-vetting:vetted="undetermined"</h4>
<div class="paragraph">
<p>The nature of the attribute/event cannot be further determined. Use this only as a last resort.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingvettedfast_track">ifx-vetting:vetted="fast-track"</h4>
<div class="paragraph">
<p>The attribute/event was not vetted but passed through for operational reasons. A result might be higher false-positive rates.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_score_2">score</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore0">ifx-vetting:score="0"</h4>
<div class="paragraph">
<p>0</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore1">ifx-vetting:score="1"</h4>
<div class="paragraph">
<p>1</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore2">ifx-vetting:score="2"</h4>
<div class="paragraph">
<p>2</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore3">ifx-vetting:score="3"</h4>
<div class="paragraph">
<p>3</p>
</div>
<div class="paragraph">
<p>Associated numerical value="3"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore4">ifx-vetting:score="4"</h4>
<div class="paragraph">
<p>4</p>
</div>
<div class="paragraph">
<p>Associated numerical value="4"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore5">ifx-vetting:score="5"</h4>
<div class="paragraph">
<p>5</p>
</div>
<div class="paragraph">
<p>Associated numerical value="5"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore6">ifx-vetting:score="6"</h4>
<div class="paragraph">
<p>6</p>
</div>
<div class="paragraph">
<p>Associated numerical value="6"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore7">ifx-vetting:score="7"</h4>
<div class="paragraph">
<p>7</p>
</div>
<div class="paragraph">
<p>Associated numerical value="7"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore8">ifx-vetting:score="8"</h4>
<div class="paragraph">
<p>8</p>
</div>
<div class="paragraph">
<p>Associated numerical value="8"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore9">ifx-vetting:score="9"</h4>
<div class="paragraph">
<p>9</p>
</div>
<div class="paragraph">
<p>Associated numerical value="9"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore10">ifx-vetting:score="10"</h4>
<div class="paragraph">
<p>10</p>
</div>
<div class="paragraph">
<p>Associated numerical value="10"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore11">ifx-vetting:score="11"</h4>
<div class="paragraph">
<p>11</p>
</div>
<div class="paragraph">
<p>Associated numerical value="11"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore12">ifx-vetting:score="12"</h4>
<div class="paragraph">
<p>12</p>
</div>
<div class="paragraph">
<p>Associated numerical value="12"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore13">ifx-vetting:score="13"</h4>
<div class="paragraph">
<p>13</p>
</div>
<div class="paragraph">
<p>Associated numerical value="13"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore14">ifx-vetting:score="14"</h4>
<div class="paragraph">
<p>14</p>
</div>
<div class="paragraph">
<p>Associated numerical value="14"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore15">ifx-vetting:score="15"</h4>
<div class="paragraph">
<p>15</p>
</div>
<div class="paragraph">
<p>Associated numerical value="15"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore16">ifx-vetting:score="16"</h4>
<div class="paragraph">
<p>16</p>
</div>
<div class="paragraph">
<p>Associated numerical value="16"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore17">ifx-vetting:score="17"</h4>
<div class="paragraph">
<p>17</p>
</div>
<div class="paragraph">
<p>Associated numerical value="17"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore18">ifx-vetting:score="18"</h4>
<div class="paragraph">
<p>18</p>
</div>
<div class="paragraph">
<p>Associated numerical value="18"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore19">ifx-vetting:score="19"</h4>
<div class="paragraph">
<p>19</p>
</div>
<div class="paragraph">
<p>Associated numerical value="19"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore20">ifx-vetting:score="20"</h4>
<div class="paragraph">
<p>20</p>
</div>
<div class="paragraph">
<p>Associated numerical value="20"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore21">ifx-vetting:score="21"</h4>
<div class="paragraph">
<p>21</p>
</div>
<div class="paragraph">
<p>Associated numerical value="21"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore22">ifx-vetting:score="22"</h4>
<div class="paragraph">
<p>22</p>
</div>
<div class="paragraph">
<p>Associated numerical value="22"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore23">ifx-vetting:score="23"</h4>
<div class="paragraph">
<p>23</p>
</div>
<div class="paragraph">
<p>Associated numerical value="23"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore24">ifx-vetting:score="24"</h4>
<div class="paragraph">
<p>24</p>
</div>
<div class="paragraph">
<p>Associated numerical value="24"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore25">ifx-vetting:score="25"</h4>
<div class="paragraph">
<p>25</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore26">ifx-vetting:score="26"</h4>
<div class="paragraph">
<p>26</p>
</div>
<div class="paragraph">
<p>Associated numerical value="26"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore27">ifx-vetting:score="27"</h4>
<div class="paragraph">
<p>27</p>
</div>
<div class="paragraph">
<p>Associated numerical value="27"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore28">ifx-vetting:score="28"</h4>
<div class="paragraph">
<p>28</p>
</div>
<div class="paragraph">
<p>Associated numerical value="28"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore29">ifx-vetting:score="29"</h4>
<div class="paragraph">
<p>29</p>
</div>
<div class="paragraph">
<p>Associated numerical value="29"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore30">ifx-vetting:score="30"</h4>
<div class="paragraph">
<p>30</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore31">ifx-vetting:score="31"</h4>
<div class="paragraph">
<p>31</p>
</div>
<div class="paragraph">
<p>Associated numerical value="31"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore32">ifx-vetting:score="32"</h4>
<div class="paragraph">
<p>32</p>
</div>
<div class="paragraph">
<p>Associated numerical value="32"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore33">ifx-vetting:score="33"</h4>
<div class="paragraph">
<p>33</p>
</div>
<div class="paragraph">
<p>Associated numerical value="33"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore34">ifx-vetting:score="34"</h4>
<div class="paragraph">
<p>34</p>
</div>
<div class="paragraph">
<p>Associated numerical value="34"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore35">ifx-vetting:score="35"</h4>
<div class="paragraph">
<p>35</p>
</div>
<div class="paragraph">
<p>Associated numerical value="35"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore36">ifx-vetting:score="36"</h4>
<div class="paragraph">
<p>36</p>
</div>
<div class="paragraph">
<p>Associated numerical value="36"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore37">ifx-vetting:score="37"</h4>
<div class="paragraph">
<p>37</p>
</div>
<div class="paragraph">
<p>Associated numerical value="37"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore38">ifx-vetting:score="38"</h4>
<div class="paragraph">
<p>38</p>
</div>
<div class="paragraph">
<p>Associated numerical value="38"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore39">ifx-vetting:score="39"</h4>
<div class="paragraph">
<p>39</p>
</div>
<div class="paragraph">
<p>Associated numerical value="39"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore40">ifx-vetting:score="40"</h4>
<div class="paragraph">
<p>40</p>
</div>
<div class="paragraph">
<p>Associated numerical value="40"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore41">ifx-vetting:score="41"</h4>
<div class="paragraph">
<p>41</p>
</div>
<div class="paragraph">
<p>Associated numerical value="41"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore42">ifx-vetting:score="42"</h4>
<div class="paragraph">
<p>42</p>
</div>
<div class="paragraph">
<p>Associated numerical value="42"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore43">ifx-vetting:score="43"</h4>
<div class="paragraph">
<p>43</p>
</div>
<div class="paragraph">
<p>Associated numerical value="43"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore44">ifx-vetting:score="44"</h4>
<div class="paragraph">
<p>44</p>
</div>
<div class="paragraph">
<p>Associated numerical value="44"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore45">ifx-vetting:score="45"</h4>
<div class="paragraph">
<p>45</p>
</div>
<div class="paragraph">
<p>Associated numerical value="45"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore46">ifx-vetting:score="46"</h4>
<div class="paragraph">
<p>46</p>
</div>
<div class="paragraph">
<p>Associated numerical value="46"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore47">ifx-vetting:score="47"</h4>
<div class="paragraph">
<p>47</p>
</div>
<div class="paragraph">
<p>Associated numerical value="47"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore48">ifx-vetting:score="48"</h4>
<div class="paragraph">
<p>48</p>
</div>
<div class="paragraph">
<p>Associated numerical value="48"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore49">ifx-vetting:score="49"</h4>
<div class="paragraph">
<p>49</p>
</div>
<div class="paragraph">
<p>Associated numerical value="49"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore50">ifx-vetting:score="50"</h4>
<div class="paragraph">
<p>50</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore51">ifx-vetting:score="51"</h4>
<div class="paragraph">
<p>51</p>
</div>
<div class="paragraph">
<p>Associated numerical value="51"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore52">ifx-vetting:score="52"</h4>
<div class="paragraph">
<p>52</p>
</div>
<div class="paragraph">
<p>Associated numerical value="52"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore53">ifx-vetting:score="53"</h4>
<div class="paragraph">
<p>53</p>
</div>
<div class="paragraph">
<p>Associated numerical value="53"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore54">ifx-vetting:score="54"</h4>
<div class="paragraph">
<p>54</p>
</div>
<div class="paragraph">
<p>Associated numerical value="54"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore55">ifx-vetting:score="55"</h4>
<div class="paragraph">
<p>55</p>
</div>
<div class="paragraph">
<p>Associated numerical value="55"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore56">ifx-vetting:score="56"</h4>
<div class="paragraph">
<p>56</p>
</div>
<div class="paragraph">
<p>Associated numerical value="56"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore57">ifx-vetting:score="57"</h4>
<div class="paragraph">
<p>57</p>
</div>
<div class="paragraph">
<p>Associated numerical value="57"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore58">ifx-vetting:score="58"</h4>
<div class="paragraph">
<p>58</p>
</div>
<div class="paragraph">
<p>Associated numerical value="58"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore59">ifx-vetting:score="59"</h4>
<div class="paragraph">
<p>59</p>
</div>
<div class="paragraph">
<p>Associated numerical value="59"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore60">ifx-vetting:score="60"</h4>
<div class="paragraph">
<p>60</p>
</div>
<div class="paragraph">
<p>Associated numerical value="60"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore61">ifx-vetting:score="61"</h4>
<div class="paragraph">
<p>61</p>
</div>
<div class="paragraph">
<p>Associated numerical value="61"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore62">ifx-vetting:score="62"</h4>
<div class="paragraph">
<p>62</p>
</div>
<div class="paragraph">
<p>Associated numerical value="62"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore63">ifx-vetting:score="63"</h4>
<div class="paragraph">
<p>63</p>
</div>
<div class="paragraph">
<p>Associated numerical value="63"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore64">ifx-vetting:score="64"</h4>
<div class="paragraph">
<p>64</p>
</div>
<div class="paragraph">
<p>Associated numerical value="64"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore65">ifx-vetting:score="65"</h4>
<div class="paragraph">
<p>65</p>
</div>
<div class="paragraph">
<p>Associated numerical value="65"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore66">ifx-vetting:score="66"</h4>
<div class="paragraph">
<p>66</p>
</div>
<div class="paragraph">
<p>Associated numerical value="66"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore67">ifx-vetting:score="67"</h4>
<div class="paragraph">
<p>67</p>
</div>
<div class="paragraph">
<p>Associated numerical value="67"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore68">ifx-vetting:score="68"</h4>
<div class="paragraph">
<p>68</p>
</div>
<div class="paragraph">
<p>Associated numerical value="68"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore69">ifx-vetting:score="69"</h4>
<div class="paragraph">
<p>69</p>
</div>
<div class="paragraph">
<p>Associated numerical value="69"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore70">ifx-vetting:score="70"</h4>
<div class="paragraph">
<p>70</p>
</div>
<div class="paragraph">
<p>Associated numerical value="70"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore71">ifx-vetting:score="71"</h4>
<div class="paragraph">
<p>71</p>
</div>
<div class="paragraph">
<p>Associated numerical value="71"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore72">ifx-vetting:score="72"</h4>
<div class="paragraph">
<p>72</p>
</div>
<div class="paragraph">
<p>Associated numerical value="72"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore73">ifx-vetting:score="73"</h4>
<div class="paragraph">
<p>73</p>
</div>
<div class="paragraph">
<p>Associated numerical value="73"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore74">ifx-vetting:score="74"</h4>
<div class="paragraph">
<p>74</p>
</div>
<div class="paragraph">
<p>Associated numerical value="74"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore75">ifx-vetting:score="75"</h4>
<div class="paragraph">
<p>75</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore76">ifx-vetting:score="76"</h4>
<div class="paragraph">
<p>76</p>
</div>
<div class="paragraph">
<p>Associated numerical value="76"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore77">ifx-vetting:score="77"</h4>
<div class="paragraph">
<p>77</p>
</div>
<div class="paragraph">
<p>Associated numerical value="77"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore78">ifx-vetting:score="78"</h4>
<div class="paragraph">
<p>78</p>
</div>
<div class="paragraph">
<p>Associated numerical value="78"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore79">ifx-vetting:score="79"</h4>
<div class="paragraph">
<p>79</p>
</div>
<div class="paragraph">
<p>Associated numerical value="79"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore80">ifx-vetting:score="80"</h4>
<div class="paragraph">
<p>80</p>
</div>
<div class="paragraph">
<p>Associated numerical value="80"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore81">ifx-vetting:score="81"</h4>
<div class="paragraph">
<p>81</p>
</div>
<div class="paragraph">
<p>Associated numerical value="81"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore82">ifx-vetting:score="82"</h4>
<div class="paragraph">
<p>82</p>
</div>
<div class="paragraph">
<p>Associated numerical value="82"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore83">ifx-vetting:score="83"</h4>
<div class="paragraph">
<p>83</p>
</div>
<div class="paragraph">
<p>Associated numerical value="83"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore84">ifx-vetting:score="84"</h4>
<div class="paragraph">
<p>84</p>
</div>
<div class="paragraph">
<p>Associated numerical value="84"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore85">ifx-vetting:score="85"</h4>
<div class="paragraph">
<p>85</p>
</div>
<div class="paragraph">
<p>Associated numerical value="85"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore86">ifx-vetting:score="86"</h4>
<div class="paragraph">
<p>86</p>
</div>
<div class="paragraph">
<p>Associated numerical value="86"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore87">ifx-vetting:score="87"</h4>
<div class="paragraph">
<p>87</p>
</div>
<div class="paragraph">
<p>Associated numerical value="87"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore88">ifx-vetting:score="88"</h4>
<div class="paragraph">
<p>88</p>
</div>
<div class="paragraph">
<p>Associated numerical value="88"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore89">ifx-vetting:score="89"</h4>
<div class="paragraph">
<p>89</p>
</div>
<div class="paragraph">
<p>Associated numerical value="89"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore90">ifx-vetting:score="90"</h4>
<div class="paragraph">
<p>90</p>
</div>
<div class="paragraph">
<p>Associated numerical value="90"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore91">ifx-vetting:score="91"</h4>
<div class="paragraph">
<p>91</p>
</div>
<div class="paragraph">
<p>Associated numerical value="91"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore92">ifx-vetting:score="92"</h4>
<div class="paragraph">
<p>92</p>
</div>
<div class="paragraph">
<p>Associated numerical value="92"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore93">ifx-vetting:score="93"</h4>
<div class="paragraph">
<p>93</p>
</div>
<div class="paragraph">
<p>Associated numerical value="93"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore94">ifx-vetting:score="94"</h4>
<div class="paragraph">
<p>94</p>
</div>
<div class="paragraph">
<p>Associated numerical value="94"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore95">ifx-vetting:score="95"</h4>
<div class="paragraph">
<p>95</p>
</div>
<div class="paragraph">
<p>Associated numerical value="95"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore96">ifx-vetting:score="96"</h4>
<div class="paragraph">
<p>96</p>
</div>
<div class="paragraph">
<p>Associated numerical value="96"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore97">ifx-vetting:score="97"</h4>
<div class="paragraph">
<p>97</p>
</div>
<div class="paragraph">
<p>Associated numerical value="97"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore98">ifx-vetting:score="98"</h4>
<div class="paragraph">
<p>98</p>
</div>
<div class="paragraph">
<p>Associated numerical value="98"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore99">ifx-vetting:score="99"</h4>
<div class="paragraph">
<p>99</p>
</div>
<div class="paragraph">
<p>Associated numerical value="99"</p>
</div>
</div>
<div class="sect3">
<h4 id="_ifx_vettingscore100">ifx-vetting:score="100"</h4>
<div class="paragraph">
<p>100</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_incident_disposition">incident-disposition</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
incident-disposition namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/incident-disposition/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>How an incident is classified in its process to be resolved. The taxonomy is inspired from NASA Incident Response and Management Handbook. <a href="https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9" class="bare">https://www.nasa.gov/pdf/589502main_ITS-HBK-2810.09-02%20%5bNASA%20Information%20Security%20Incident%20Management%5d.pdf#page=9</a></p>
</div>
<div class="sect2">
<h3 id="_incident">incident</h3>
<div class="sect3">
<h4 id="_incident_dispositionincidentconfirmed">incident-disposition:incident="confirmed"</h4>
<div class="paragraph">
<p>Confirmed</p>
</div>
<div class="paragraph">
<p>The incident is confirmed and response is underway following incident response procedure of the organisation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionincidentdeferred">incident-disposition:incident="deferred"</h4>
<div class="paragraph">
<p>Deferred</p>
</div>
<div class="paragraph">
<p>The incident is deferred due to resource constraints, information type or external reasons.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionincidentunidentified">incident-disposition:incident="unidentified"</h4>
<div class="paragraph">
<p>Unidentified</p>
</div>
<div class="paragraph">
<p>The incident is unidentified because some assets, ressources or context is missing to go a state which can be handled following the incident response response procedure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionincidenttransferred">incident-disposition:incident="transferred"</h4>
<div class="paragraph">
<p>Transferred</p>
</div>
<div class="paragraph">
<p>The incident is transferred to another organisations for further processing or incident handling.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionincidentdiscarded">incident-disposition:incident="discarded"</h4>
<div class="paragraph">
<p>Discarded</p>
</div>
<div class="paragraph">
<p>The incident is discarded due to resource constraints, information type or external reasons.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionincidentsilently_discarded">incident-disposition:incident="silently-discarded"</h4>
<div class="paragraph">
<p>Silently discarded</p>
</div>
<div class="paragraph">
<p>The incident is silently discarded due to resource constraints, information type or external reasons.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_not_an_incident">not-an-incident</h3>
<div class="sect3">
<h4 id="_incident_dispositionnot_an_incidentinsufficient_data">incident-disposition:not-an-incident="insufficient-data"</h4>
<div class="paragraph">
<p>Insufficient data</p>
</div>
<div class="paragraph">
<p>When insufficient data is available to explain an ambiguous (i.e., not definitively hostile or benign) indicator, the incident may be dispositioned as Insufficient Data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionnot_an_incidentfaulty_indicator">incident-disposition:not-an-incident="faulty-indicator"</h4>
<div class="paragraph">
<p>Faulty indicator</p>
</div>
<div class="paragraph">
<p>A false positive where an investigation reveals that the source indicator used as the basis for incident detection was a Faulty Indicator.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionnot_an_incidentmisconfiguration">incident-disposition:not-an-incident="misconfiguration"</h4>
<div class="paragraph">
<p>Misconfiguration</p>
</div>
<div class="paragraph">
<p>A false positive where an event that appeared to be malicious activity was subsequently disproven and determined to be a Misconfiguration (malfunction) of a system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionnot_an_incidentscan_probe">incident-disposition:not-an-incident="scan-probe"</h4>
<div class="paragraph">
<p>Scan or Probe</p>
</div>
<div class="paragraph">
<p>Reconnaissance activity which Scanned or Probed for the presence of a vulnerability which may be later exploited to gain unauthorized access.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionnot_an_incidentfailed">incident-disposition:not-an-incident="failed"</h4>
<div class="paragraph">
<p>Failed</p>
</div>
<div class="paragraph">
<p>A Failed attempt to gain unauthorized access, conduct a denial of service, install malicious code, or misuse an IT resource, typically because a security control prevented it from succeeding.</p>
</div>
</div>
<div class="sect3">
<h4 id="_incident_dispositionnot_an_incidentrefuted">incident-disposition:not-an-incident="refuted"</h4>
<div class="paragraph">
<p>Refuted</p>
</div>
<div class="paragraph">
<p>Any other circumstance where a suspected incident was determined to not be an incident and was Refuted.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_duplicate">duplicate</h3>
<div class="sect3">
<h4 id="_incident_dispositionduplicateduplicate">incident-disposition:duplicate="duplicate"</h4>
<div class="paragraph">
<p>Duplicate</p>
</div>
<div class="paragraph">
<p>An incident may be a Duplicate of another record in the Incident Management System, and should be merged with the existing workflow.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_infoleak_2">infoleak</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
infoleak namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/infoleak/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.</p>
</div>
<div class="sect2">
<h3 id="_automatic_detection">automatic-detection</h3>
<div class="sect3">
<h4 id="_infoleakautomatic_detectioncredential">infoleak:automatic-detection="credential"</h4>
<div class="paragraph">
<p>Credential</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectioncredit_card">infoleak:automatic-detection="credit-card"</h4>
<div class="paragraph">
<p>Credit card</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectioniban">infoleak:automatic-detection="iban"</h4>
<div class="paragraph">
<p>IBAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionip">infoleak:automatic-detection="ip"</h4>
<div class="paragraph">
<p>IP address</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionmail">infoleak:automatic-detection="mail"</h4>
<div class="paragraph">
<p>Mail</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionphone_number">infoleak:automatic-detection="phone-number"</h4>
<div class="paragraph">
<p>Phone number</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionapi_key">infoleak:automatic-detection="api-key"</h4>
<div class="paragraph">
<p>API key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectiongoogle_api_key">infoleak:automatic-detection="google-api-key"</h4>
<div class="paragraph">
<p>Google API key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionaws_key">infoleak:automatic-detection="aws-key"</h4>
<div class="paragraph">
<p>AWS key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionprivate_key">infoleak:automatic-detection="private-key"</h4>
<div class="paragraph">
<p>Private key at large</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionencrypted_private_key">infoleak:automatic-detection="encrypted-private-key"</h4>
<div class="paragraph">
<p>Encrypted private key at large</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionprivate_ssh_key">infoleak:automatic-detection="private-ssh-key"</h4>
<div class="paragraph">
<p>Private SSH key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionprivate_static_key">infoleak:automatic-detection="private-static-key"</h4>
<div class="paragraph">
<p>Private state key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionvpn_static_key">infoleak:automatic-detection="vpn-static-key"</h4>
<div class="paragraph">
<p>VPN static key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionpgp_message">infoleak:automatic-detection="pgp-message"</h4>
<div class="paragraph">
<p>PGP message</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionpgp_public_key_block">infoleak:automatic-detection="pgp-public-key-block"</h4>
<div class="paragraph">
<p>PGP public key block</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionpgp_signature">infoleak:automatic-detection="pgp-signature"</h4>
<div class="paragraph">
<p>PGP signature</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionpgp_private_key">infoleak:automatic-detection="pgp-private-key"</h4>
<div class="paragraph">
<p>PGP private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectioncertificate">infoleak:automatic-detection="certificate"</h4>
<div class="paragraph">
<p>Certificate</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionrsa_private_key">infoleak:automatic-detection="rsa-private-key"</h4>
<div class="paragraph">
<p>RSA private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectiondsa_private_key">infoleak:automatic-detection="dsa-private-key"</h4>
<div class="paragraph">
<p>DSA private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionec_private_key">infoleak:automatic-detection="ec-private-key"</h4>
<div class="paragraph">
<p>EC private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionpublic_key">infoleak:automatic-detection="public-key"</h4>
<div class="paragraph">
<p>Public key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionbase64">infoleak:automatic-detection="base64"</h4>
<div class="paragraph">
<p>Base64</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionbinary">infoleak:automatic-detection="binary"</h4>
<div class="paragraph">
<p>Binary</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionhexadecimal">infoleak:automatic-detection="hexadecimal"</h4>
<div class="paragraph">
<p>Hexadecimal</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionbitcoin_address">infoleak:automatic-detection="bitcoin-address"</h4>
<div class="paragraph">
<p>Bitcoin address</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionbitcoin_private_key">infoleak:automatic-detection="bitcoin-private-key"</h4>
<div class="paragraph">
<p>Bitcoin private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectioncve">infoleak:automatic-detection="cve"</h4>
<div class="paragraph">
<p>CVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectiononion">infoleak:automatic-detection="onion"</h4>
<div class="paragraph">
<p>Onion link</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakautomatic_detectionsql_injection">infoleak:automatic-detection="sql-injection"</h4>
<div class="paragraph">
<p>SQL injection</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_analyst_detection">analyst-detection</h3>
<div class="sect3">
<h4 id="_infoleakanalyst_detectioncredential">infoleak:analyst-detection="credential"</h4>
<div class="paragraph">
<p>Credential</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectioncredit_card">infoleak:analyst-detection="credit-card"</h4>
<div class="paragraph">
<p>Credit card</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectioniban">infoleak:analyst-detection="iban"</h4>
<div class="paragraph">
<p>IBAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionip">infoleak:analyst-detection="ip"</h4>
<div class="paragraph">
<p>IP address</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionmail">infoleak:analyst-detection="mail"</h4>
<div class="paragraph">
<p>Mail</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionphone_number">infoleak:analyst-detection="phone-number"</h4>
<div class="paragraph">
<p>Phone number</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionapi_key">infoleak:analyst-detection="api-key"</h4>
<div class="paragraph">
<p>API key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectiongoogle_api_key">infoleak:analyst-detection="google-api-key"</h4>
<div class="paragraph">
<p>Google API key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionaws_key">infoleak:analyst-detection="aws-key"</h4>
<div class="paragraph">
<p>AWS key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionprivate_key">infoleak:analyst-detection="private-key"</h4>
<div class="paragraph">
<p>Private key at large</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionencrypted_private_key">infoleak:analyst-detection="encrypted-private-key"</h4>
<div class="paragraph">
<p>Encrypted private key at large</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionprivate_ssh_key">infoleak:analyst-detection="private-ssh-key"</h4>
<div class="paragraph">
<p>Private SSH key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionprivate_static_key">infoleak:analyst-detection="private-static-key"</h4>
<div class="paragraph">
<p>Private state key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionvpn_static_key">infoleak:analyst-detection="vpn-static-key"</h4>
<div class="paragraph">
<p>VPN static key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionpgp_message">infoleak:analyst-detection="pgp-message"</h4>
<div class="paragraph">
<p>PGP message</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionpgp_public_key_block">infoleak:analyst-detection="pgp-public-key-block"</h4>
<div class="paragraph">
<p>PGP public key block</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionpgp_signature">infoleak:analyst-detection="pgp-signature"</h4>
<div class="paragraph">
<p>PGP signature</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionpgp_private_key">infoleak:analyst-detection="pgp-private-key"</h4>
<div class="paragraph">
<p>PGP private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectioncertificate">infoleak:analyst-detection="certificate"</h4>
<div class="paragraph">
<p>Certificate</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionrsa_private_key">infoleak:analyst-detection="rsa-private-key"</h4>
<div class="paragraph">
<p>RSA private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectiondsa_private_key">infoleak:analyst-detection="dsa-private-key"</h4>
<div class="paragraph">
<p>DSA private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionec_private_key">infoleak:analyst-detection="ec-private-key"</h4>
<div class="paragraph">
<p>EC private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionpublic_key">infoleak:analyst-detection="public-key"</h4>
<div class="paragraph">
<p>Public key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionbase64">infoleak:analyst-detection="base64"</h4>
<div class="paragraph">
<p>Base64</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionbinary">infoleak:analyst-detection="binary"</h4>
<div class="paragraph">
<p>Binary</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionhexadecimal">infoleak:analyst-detection="hexadecimal"</h4>
<div class="paragraph">
<p>Hexadecimal</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionbitcoin_address">infoleak:analyst-detection="bitcoin-address"</h4>
<div class="paragraph">
<p>Bitcoin address</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionbitcoin_private_key">infoleak:analyst-detection="bitcoin-private-key"</h4>
<div class="paragraph">
<p>Bitcoin private key</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectioncve">infoleak:analyst-detection="cve"</h4>
<div class="paragraph">
<p>CVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectiononion">infoleak:analyst-detection="onion"</h4>
<div class="paragraph">
<p>Onion link</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakanalyst_detectionsql_injection">infoleak:analyst-detection="sql-injection"</h4>
<div class="paragraph">
<p>SQL injection</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confirmed_2">confirmed</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_infoleakconfirmedfalse_positive">infoleak:confirmed="false-positive"</h4>
<div class="paragraph">
<p>False positive</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakconfirmedfalse_negative">infoleak:confirmed="false-negative"</h4>
<div class="paragraph">
<p>False negative</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakconfirmedtrue_positive">infoleak:confirmed="true-positive"</h4>
<div class="paragraph">
<p>True positive</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakconfirmedtrue_negative">infoleak:confirmed="true-negative"</h4>
<div class="paragraph">
<p>True negative</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_source">source</h3>
<div class="sect3">
<h4 id="_infoleaksourcepublic_website">infoleak:source="public-website"</h4>
<div class="paragraph">
<p>Public website</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourcepastie_website">infoleak:source="pastie-website"</h4>
<div class="paragraph">
<p>Pastie-like website</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourceelectronic_forum">infoleak:source="electronic-forum"</h4>
<div class="paragraph">
<p>Electronic forum</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourcemailing_list">infoleak:source="mailing-list"</h4>
<div class="paragraph">
<p>Mailing-list</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourcesource_code_repository">infoleak:source="source-code-repository"</h4>
<div class="paragraph">
<p>Source code repository</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourceautomatic_collection">infoleak:source="automatic-collection"</h4>
<div class="paragraph">
<p>Automatic collection including honeypots, spamtramps or equivalent technologies</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourcemanual_analysis">infoleak:source="manual-analysis"</h4>
<div class="paragraph">
<p>Manual analysis or investigation where detection took place</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourceunknown">infoleak:source="unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksourceother">infoleak:source="other"</h4>
<div class="paragraph">
<p>Other source not specified in this list</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_submission">submission</h3>
<div class="sect3">
<h4 id="_infoleaksubmissionmanual">infoleak:submission="manual"</h4>
<div class="paragraph">
<p>Manual</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksubmissionautomatic">infoleak:submission="automatic"</h4>
<div class="paragraph">
<p>Automatic</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleaksubmissioncrawler">infoleak:submission="crawler"</h4>
<div class="paragraph">
<p>Crawler</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_output_format">output-format</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_infoleakoutput_formatail_daily">infoleak:output-format="ail-daily"</h4>
<div class="paragraph">
<p>Daily event</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakoutput_formatail_weekly">infoleak:output-format="ail-weekly"</h4>
<div class="paragraph">
<p>Weekly event</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakoutput_formatail_monthly">infoleak:output-format="ail-monthly"</h4>
<div class="paragraph">
<p>Monthly event</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_certainty">certainty</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_infoleakcertainty100">infoleak:certainty="100"</h4>
<div class="paragraph">
<p>Certainty (probability equals 1 - 100%)</p>
</div>
<div class="paragraph">
<p>Certainty</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakcertainty93">infoleak:certainty="93"</h4>
<div class="paragraph">
<p>Almost certain (probability equals 0.93 - 93%)</p>
</div>
<div class="paragraph">
<p>Almost certain</p>
</div>
<div class="paragraph">
<p>Associated numerical value="93"</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakcertainty75">infoleak:certainty="75"</h4>
<div class="paragraph">
<p>Probable (probability equals 0.75 - 75%)</p>
</div>
<div class="paragraph">
<p>Probable</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakcertainty50">infoleak:certainty="50"</h4>
<div class="paragraph">
<p>Chances about even (probability equals 0.50 - 50%)</p>
</div>
<div class="paragraph">
<p>Chances about even</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakcertainty30">infoleak:certainty="30"</h4>
<div class="paragraph">
<p>Probably not (probability equals 0.30 - 30%)</p>
</div>
<div class="paragraph">
<p>Probably not</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakcertainty7">infoleak:certainty="7"</h4>
<div class="paragraph">
<p>Almost certainly not (probability equals 0.07 - 7%)</p>
</div>
<div class="paragraph">
<p>Almost certainly not</p>
</div>
<div class="paragraph">
<p>Associated numerical value="7"</p>
</div>
</div>
<div class="sect3">
<h4 id="_infoleakcertainty0">infoleak:certainty="0"</h4>
<div class="paragraph">
<p>Impossibility (probability equals 0 - 0%)</p>
</div>
<div class="paragraph">
<p>Impossibility</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_information_security_data_source">information-security-data-source</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
information-security-data-source namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/information-security-data-source/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy to classify the information security data sources.</p>
</div>
<div class="sect2">
<h3 id="_type_of_information">type-of-information</h3>
<div class="paragraph">
<p>Type of provided information</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_informationvulnerability">information-security-data-source:type-of-information="vulnerability"</h4>
<div class="paragraph">
<p>Vulnerability</p>
</div>
<div class="paragraph">
<p>Information regarding a weakness of an asset which might be exploited by a threat</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_informationthreat">information-security-data-source:type-of-information="threat"</h4>
<div class="paragraph">
<p>Threat</p>
</div>
<div class="paragraph">
<p>Information regarding the potential cause on an unwanted incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_informationcountermeasure">information-security-data-source:type-of-information="countermeasure"</h4>
<div class="paragraph">
<p>Countermeasure</p>
</div>
<div class="paragraph">
<p>Information regarding any administrative, managerial, technical or legal control that is used to counteract an information security risk</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_informationattack">information-security-data-source:type-of-information="attack"</h4>
<div class="paragraph">
<p>Attack</p>
</div>
<div class="paragraph">
<p>Information regarding any unauthorized attempt to access, alter or destroy an asset</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_informationrisk">information-security-data-source:type-of-information="risk"</h4>
<div class="paragraph">
<p>Risk</p>
</div>
<div class="paragraph">
<p>Information describing the consequences of a potential event, such as an attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_informationasset">information-security-data-source:type-of-information="asset"</h4>
<div class="paragraph">
<p>Asset</p>
</div>
<div class="paragraph">
<p>Information regarding any object or characteristic that has value to an organization</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_originality">originality</h3>
<div class="paragraph">
<p>Originality and novelty of the provided information</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceoriginalityoriginal_source">information-security-data-source:originality="original-source"</h4>
<div class="paragraph">
<p>Original source</p>
</div>
<div class="paragraph">
<p>Information originates from the data sources which publish their own information</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceoriginalitysecondary_source">information-security-data-source:originality="secondary-source"</h4>
<div class="paragraph">
<p>Secondary source</p>
</div>
<div class="paragraph">
<p>Information is integrated or copied from another information security data source</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_timeliness_sharing_behavior">timeliness-sharing-behavior</h3>
<div class="paragraph">
<p>Timeliness of the provided information</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetimeliness_sharing_behaviorroutine_sharing">information-security-data-source:timeliness-sharing-behavior="routine-sharing"</h4>
<div class="paragraph">
<p>Routine sharing</p>
</div>
<div class="paragraph">
<p>Information is published at a specific point in time on a regular basis, such as daily, weakly or monthly reports</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetimeliness_sharing_behaviorincident_specific">information-security-data-source:timeliness-sharing-behavior="incident-specific"</h4>
<div class="paragraph">
<p>Incident specific</p>
</div>
<div class="paragraph">
<p>Information is published whenever news are available or a new incident occurs</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_integrability_format">integrability-format</h3>
<div class="paragraph">
<p>Level of integrability format for the provided information</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceintegrability_formatstructured">information-security-data-source:integrability-format="structured"</h4>
<div class="paragraph">
<p>Structured</p>
</div>
<div class="paragraph">
<p>The provided security information is available in an standardized and structured data format such as MISP core format</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceintegrability_formatunstructured">information-security-data-source:integrability-format="unstructured"</h4>
<div class="paragraph">
<p>Unstructured</p>
</div>
<div class="paragraph">
<p>The provided security information is available in unstructured form without following a common data representation format</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_integrability_interface">integrability-interface</h3>
<div class="paragraph">
<p>Level of integrability interface for the provided information</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceintegrability_interfaceno_interface">information-security-data-source:integrability-interface="no-interface"</h4>
<div class="paragraph">
<p>No interface</p>
</div>
<div class="paragraph">
<p>The information security data source doesnt provide any interface to access the information</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceintegrability_interfaceapi">information-security-data-source:integrability-interface="api"</h4>
<div class="paragraph">
<p>API</p>
</div>
<div class="paragraph">
<p>The information security data source provides an application programming interface (APIs) to obtain the provided information</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceintegrability_interfacerss_feeds">information-security-data-source:integrability-interface="rss-feeds"</h4>
<div class="paragraph">
<p>RSS Feeds</p>
</div>
<div class="paragraph">
<p>The information security data source provides an RSS Feed to keep track of the provided information</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourceintegrability_interfaceexport">information-security-data-source:integrability-interface="export"</h4>
<div class="paragraph">
<p>Export</p>
</div>
<div class="paragraph">
<p>The information security data source provides an interface to export contents as XML, JSON or plain text</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_trustworthiness_creditabilily">trustworthiness-creditabilily</h3>
<div class="paragraph">
<p>Source of the creditability</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_creditabililyvendor">information-security-data-source:trustworthiness-creditabilily="vendor"</h4>
<div class="paragraph">
<p>Vendor</p>
</div>
<div class="paragraph">
<p>The publisher of the information is a vendor</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_creditabililygovernment">information-security-data-source:trustworthiness-creditabilily="government"</h4>
<div class="paragraph">
<p>Government</p>
</div>
<div class="paragraph">
<p>The publisher of the information is a government</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_creditabililysecurity_expert">information-security-data-source:trustworthiness-creditabilily="security-expert"</h4>
<div class="paragraph">
<p>Security expert</p>
</div>
<div class="paragraph">
<p>The publisher of the information is a security expert</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_creditabililynormal_user">information-security-data-source:trustworthiness-creditabilily="normal-user"</h4>
<div class="paragraph">
<p>Normal user</p>
</div>
<div class="paragraph">
<p>The publisher of the information is a normal user</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_trustworthiness_traceability">trustworthiness-traceability</h3>
<div class="paragraph">
<p>Traceability of the provided information</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_traceabilityyes">information-security-data-source:trustworthiness-traceability="yes"</h4>
<div class="paragraph">
<p>Yes</p>
</div>
<div class="paragraph">
<p>The provided information is classified as traceable if it can be traced back, based on meta-data, to a specific publisher and a publishing date</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_traceabilityno">information-security-data-source:trustworthiness-traceability="no"</h4>
<div class="paragraph">
<p>No</p>
</div>
<div class="paragraph">
<p>The provided information cannot be traced back (meta-data are not provided)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_trustworthiness_feedback_mechanism">trustworthiness-feedback-mechanism</h3>
<div class="paragraph">
<p>Feedback such as user ratings or comments regarding the usefulness of the provided information</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_feedback_mechanismyes">information-security-data-source:trustworthiness-feedback-mechanism="yes"</h4>
<div class="paragraph">
<p>Yes</p>
</div>
<div class="paragraph">
<p>The provided information is validated by including user rating, comments or additional analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetrustworthiness_feedback_mechanismno">information-security-data-source:trustworthiness-feedback-mechanism="no"</h4>
<div class="paragraph">
<p>No</p>
</div>
<div class="paragraph">
<p>The provided information is not validated (a user rating, comments is not available)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_type_of_source">type-of-source</h3>
<div class="paragraph">
<p>Types of information security data source</p>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourcenews_website">information-security-data-source:type-of-source="news-website"</h4>
<div class="paragraph">
<p>News website</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourceexpert_blog">information-security-data-source:type-of-source="expert-blog"</h4>
<div class="paragraph">
<p>Expert blog</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourcesecurity_product_vendor_website">information-security-data-source:type-of-source="security-product-vendor-website"</h4>
<div class="paragraph">
<p>(Security product) vendor website</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourcevulnerability_database">information-security-data-source:type-of-source="vulnerability-database"</h4>
<div class="paragraph">
<p>Vulnerability database</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourcemailing_list_archive">information-security-data-source:type-of-source="mailing-list-archive"</h4>
<div class="paragraph">
<p>Mailing list archive</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourcesocial_network">information-security-data-source:type-of-source="social-network"</h4>
<div class="paragraph">
<p>Social network</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourcestreaming_portal">information-security-data-source:type-of-source="streaming-portal"</h4>
<div class="paragraph">
<p>Streaming portal</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourceforum">information-security-data-source:type-of-source="forum"</h4>
<div class="paragraph">
<p>Forum</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_data_sourcetype_of_sourceother">information-security-data-source:type-of-source="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_information_security_indicators">information-security-indicators</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
information-security-indicators namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/information-security-indicators/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A full set of operational indicators for organizations to use to benchmark their security posture.</p>
</div>
<div class="sect2">
<h3 id="_iex">IEX</h3>
<div class="paragraph">
<p>Indicators of this category give information on the occurrence of incidents caused by external malicious threat sources.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexfgy_1">information-security-indicators:IEX="FGY.1"</h4>
<div class="paragraph">
<p>Forged domain or brand names impersonating or imitating legitimate and genuine names</p>
</div>
<div class="paragraph">
<p>Forged domains are addresses very close to the domain names legitimately filed with registration companies or organizations (forged domains are harmful only when actively used to entice customers to the website for fraudulent purposes). It also includes domain names that imitate another domain name or a brand.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexfgy_2">information-security-indicators:IEX="FGY.2"</h4>
<div class="paragraph">
<p>Wholly or partly forged websites (excluding parking pages) spoiling company&#8217;s image or business</p>
</div>
<div class="paragraph">
<p>Forged websites correspond to two main threats (forgery of sites in order to steal personal data such as account identifiers and passwords, forgery of services in order to capitalize on a brand and to generate turnover that creates unfair competition). In this case, reference is often made to phishing (1st usage) or pharming.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexspm_1">information-security-indicators:IEX="SPM.1"</h4>
<div class="paragraph">
<p>Not requested received bulk messages (spam) targeting organization&#8217;s registered users</p>
</div>
<div class="paragraph">
<p>Spam are messages received in company&#8217;s or organization&#8217;s messaging systems in the framework of mass and not individualized campaigns, luring into clicking dangerous URLs (possibly Trojan laden) or enticing to carry out harmful to concerned individual actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexphi_1">information-security-indicators:IEX="PHI.1"</h4>
<div class="paragraph">
<p>Phishing targeting company&#8217;s customers' workstations spoiling company&#8217;s image or business</p>
</div>
<div class="paragraph">
<p>Phishing involves a growing number of business sectors (financial organizations, e-commerce sites, online games, social sites etc.). It includes attacks via e-mail with messages that contain either malicious URL links (to forged websites) or malicious URL links (to malware laden genuine websites).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexphi_2">information-security-indicators:IEX="PHI.2"</h4>
<div class="paragraph">
<p>Spear phishing or whaling carried out using social engineering and targeting organization&#8217;s specific registered users</p>
</div>
<div class="paragraph">
<p>Spear phishing are "spoofed" and customized messages looking like a usual professional relationship or an authority, and asking to click on or open dangerous URL links or dangerous attachments (malware laden).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexint_1">information-security-indicators:IEX="INT.1"</h4>
<div class="paragraph">
<p>Intrusion attempts on externally accessible servers</p>
</div>
<div class="paragraph">
<p>Attempts are here systematic scans (excluding network reconnaissance) and abnormal and suspicious requests on externally accessible servers, detected by an IDS/IPS or not.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexint_2">information-security-indicators:IEX="INT.2"</h4>
<div class="paragraph">
<p>Intrusion on externally accessible servers</p>
</div>
<div class="paragraph">
<p>Intrusion usually targets servers that host personal data (including data subject to regulations such as PCI DSS, for example). 3 objectives or motivations can be found wherever an intrusion exists: data theft (see before), installation of transfer links towards unlawful and rogue websites, getting a permanent internal access by installation of a backdoor for further purposes. This indicator does not include the figures from the Defacement and Misappropriation indicators, both of which however starting with an intrusion. However, it includes all means and methods to get access to servers, i.e. purely technical means (such as Command execution/injection attack) or identity usurpation to log on an admin or user account (see ETSI GS ISI 002 [4] specifications).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexint_3">information-security-indicators:IEX="INT.3"</h4>
<div class="paragraph">
<p>Intrusions on internal servers</p>
</div>
<div class="paragraph">
<p>This kind of incident typically comes after a PC malware installation or an intrusion on an externally accessible server often followed by a lateral movement. This indicator does not include the figures from the Misappropriation indicator which may however start with an intrusion on an internal server. This indicator includes the so-called APTs (Advanced Persistent Threats), which constitute however only a small part of this indicator. APTs are long lasting and stealthy incidents with large compromises of data through outbound links, which is not the case of most incidents of the IEX_INT.3 type. This type of incident is often the result of targeted attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexdfc_1">information-security-indicators:IEX="DFC.1"</h4>
<div class="paragraph">
<p>Obvious and visible websites defacements</p>
</div>
<div class="paragraph">
<p>Obvious defacements measures the defacement of homepages and of the most consulted pages of sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexmis_1">information-security-indicators:IEX="MIS.1"</h4>
<div class="paragraph">
<p>Servers resources misappropriation by external attackers</p>
</div>
<div class="paragraph">
<p>This indicator measures the amount of resources of servers misappropriated by an external attacker after a successful intrusion (on an externally accessible or an internal server).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexdos_1">information-security-indicators:IEX="DOS.1"</h4>
<div class="paragraph">
<p>Denial of service attacks on websites</p>
</div>
<div class="paragraph">
<p>This indicator measures denial-of-service attacks against websites, carried out either by sending of harmful requests (DoS), by sending a massive flow coming from multiple distributed sites (DDoS) or via other techniques. Due to the current state of the art of attack detection, the indicator is limited to DDoS attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexmlw_1">information-security-indicators:IEX="MLW.1"</h4>
<div class="paragraph">
<p>Attempts to install malware on workstations</p>
</div>
<div class="paragraph">
<p>Malware installation attempts are detected by current conventional means (Antivirus and base IPS) and blocked by the same means. This indicator (which includes desktop and laptop PC based workstations, but does not include the different types of other workstations and mobile smart devices) provides an approximate insight into the malicious external pressure suffered in this regard. This indicator should be associated with indicator on successful malware installation in order to assess the actual effectiveness of conventional detection and blockage means in the fight against malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexmlw_2">information-security-indicators:IEX="MLW.2"</h4>
<div class="paragraph">
<p>Attempts to install malware on servers</p>
</div>
<div class="paragraph">
<p>Malware installation attempts are detected by current conventional means (antivirus and base IPS) and blocked by the same means. This indicator gives an approximate insight into the malicious external pressure suffered in this regard. This indicator should be associated with indicator on successful malware installation in order to assess the actual effectiveness of conventional detection and blockage means in the fight against malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexmlw_3">information-security-indicators:IEX="MLW.3"</h4>
<div class="paragraph">
<p>Malware installed on workstations</p>
</div>
<div class="paragraph">
<p>Malware could be not detected by conventional means (lack of activation or appropriate update), or noninventoried and/or specific very stealthy incidents, most of the time not detectable by conventional means (AV and standard IPS), consequently requiring other supplementary detection means (network or WS load, outbound links, advanced network devices as DPI tools, users themselves reporting to help desks). This indicator (which includes desktop and laptop Windows-based workstations, but does not include the different types of other workstations and mobile smart devices) therefore applies to both classical viruses and worms, as well as all new malware such as Trojan horses (which are defined as malware meant to data theft or malicious transactions) or bots (which are defined here as vectors for spam or DDoS attacks).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexmlw_4">information-security-indicators:IEX="MLW.4"</h4>
<div class="paragraph">
<p>Malware installed on internal servers</p>
</div>
<div class="paragraph">
<p>Malware could be not detected by conventional means (lack of activation or of appropriate update), or noninventoried and/or specific very stealthy incidents, most of the time not detectable by conventional means (AV and standard IPS), consequently requiring other supplementary detection means (network or server load, outbound links, advanced network devices as DPI tools, administrators themselves). This indicator therefore applies to both classical viruses and worms, as well as all new malware such as Trojan horses (which are defined as malware meant to data theft or malicious transactions)</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiexphy_1">information-security-indicators:IEX="PHY.1"</h4>
<div class="paragraph">
<p>Human intrusion into the organization&#8217;s perimeter</p>
</div>
<div class="paragraph">
<p>This indicator measures illicit entrance of individuals into security perimeter.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_imf">IMF</h3>
<div class="paragraph">
<p>Indicators of this category provides information on the occurrence of incidents caused by malfunctions, breakdowns or human errors.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimfbre_1">information-security-indicators:IMF="BRE.1"</h4>
<div class="paragraph">
<p>Workstations accidental breakdowns or malfunctions</p>
</div>
<div class="paragraph">
<p>Breakdowns or malfunctions apply to both hardware and software, caused by system errors (components failure or bugs).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimfbre_2">information-security-indicators:IMF="BRE.2"</h4>
<div class="paragraph">
<p>Servers accidental breakdowns or malfunctions</p>
</div>
<div class="paragraph">
<p>Breakdowns or malfunctions apply to both hardware and software, caused by system errors (components failure or bugs).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimfbre_3">information-security-indicators:IMF="BRE.3"</h4>
<div class="paragraph">
<p>Mainframes accidental breakdowns or malfunctions</p>
</div>
<div class="paragraph">
<p>Breakdowns or malfunctions apply to both hardware and software, caused by system errors (components failure or bugs).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimfbre_4">information-security-indicators:IMF="BRE.4"</h4>
<div class="paragraph">
<p>Networks accidental breakdowns or malfunctions</p>
</div>
<div class="paragraph">
<p>Breakdowns or malfunctions apply to both hardware and software, caused by system errors (components failure or bugs).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimfmdl_1">information-security-indicators:IMF="MDL.1"</h4>
<div class="paragraph">
<p>Delivery of email to wrong recipient</p>
</div>
<div class="paragraph">
<p>This indicator measures errors from the sender when selecting or typing email addresses leading to misdelivery incidents. Consequences may be very serious when confidentiality is critical.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimflom_1">information-security-indicators:IMF="LOM.1"</h4>
<div class="paragraph">
<p>Loss (or theft) of mobile devices belonging to the organization</p>
</div>
<div class="paragraph">
<p>This indicator measures the loss of all types of systems containing sensitive or not information belonging to the organization, whether encrypted or not (laptop computers, USB tokens, CD-ROMs, diskettes, magnetic tapes, smartphones, tablets, etc.). In some cases, it could be difficult to differentiate losses from thefts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimflog_1">information-security-indicators:IMF="LOG.1"</h4>
<div class="paragraph">
<p>Downtime or malfunction of the log production function with possible legal impact</p>
</div>
<div class="paragraph">
<p>This type of event could have two main causes: an accidental system malfunction or a system manipulation error by an administrator. Logs taken into account here are systems logs and applications logs of all servers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimflog_2">information-security-indicators:IMF="LOG.2"</h4>
<div class="paragraph">
<p>Absence of possible tracking of the person involved in a security event with possible legal impact</p>
</div>
<div class="paragraph">
<p>Concerns unique data related to a given and known to organization user (identifier tied to application software or directory). This indicator is a sub-set of indicator IMF_LOG.1.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimflog_3">information-security-indicators:IMF="LOG.3"</h4>
<div class="paragraph">
<p>Downtime or malfunction of the log production function for recordings with evidential value for access to or handling of information that, at this level, is subject to law or regulatory requirements</p>
</div>
<div class="paragraph">
<p>This indicator primarily relates to Personal Identifiable Information (PII) protected by privacy laws, to information falling under the PCI-DSS regulation, to information falling under European regulation in the area of breach notification (Telcos and ISPs to begin with), and to information about electronic exchanges between employees and the exterior (electronic messaging and Internet connection). This indicator does not include possible difficulties pertaining to proof forwarding from field operations to governance (state-of-the-art unavailable). This indicator is a sub-set of indicator IMF_LOG.1, but can be identical to this one in advanced organizations.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_idb">IDB</h3>
<div class="paragraph">
<p>Indicators of this category provide information on the occurrence of incidents regarding internal deviant behaviours (including especially usurpation of rights or of identity).</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbuid_1">information-security-indicators:IDB="UID.1"</h4>
<div class="paragraph">
<p>User impersonation</p>
</div>
<div class="paragraph">
<p>A person within the organization impersonates a registered user (employee, partner, contractor, external service provider) using identifier, passwords or authentication devices that had previously been obtained in an illicit manner (using a social engineering technique or not). This measures cases of usurpation for malicious purposes, and not ones that relate to user-friendly usage. Moreover, assumption is made that ID/Password is the main way of authentication</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbrgh_1">information-security-indicators:IDB="RGH.1"</h4>
<div class="paragraph">
<p>Privilege escalation by exploitation of software or configuration vulnerability on an externally accessible server</p>
</div>
<div class="paragraph">
<p>Exploited vulnerabilities are typically tied to the underlying OS that supports the Web application, exploited notably through injection of additional characters in URL links. This behaviour specifically involves external service providers and company&#8217;s business partners that wish to access additional information or to launch unlawful actions (for example, service providers seeking information about their competitors). This type of behaviour is less frequent amongst employees, since it is often easier to get the same results by means of social engineering methods.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbrgh_2">information-security-indicators:IDB="RGH.2"</h4>
<div class="paragraph">
<p>Privilege escalation on a server or central application by social engineering</p>
</div>
<div class="paragraph">
<p>It is often easier to get the same results by means of social engineering methods than with technical means. Help desk teams are often involved in this kind of behaviour.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbrgh_3">information-security-indicators:IDB="RGH.3"</h4>
<div class="literalblock">
<div class="content">
<pre>Use on a server or central application of administrator rights illicitly granted by an administrator</pre>
</div>
</div>
<div class="paragraph">
<p>Illicitly granting administrator privileges generally comes from simple errors or more worrisome negligence on the part of the administrators (malicious action is rarer). The case of forgotten temporary rights (see next indicator), is not included in this indicator.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbrgh_4">information-security-indicators:IDB="RGH.4"</h4>
<div class="paragraph">
<p>Use on a server or central application of time-limited granted rights after the planned period</p>
</div>
<div class="paragraph">
<p>This indicator measures situations where time-limited user accounts (created for training, problem resolution, emergency access, test, etc.) are still in use after the initial planned period.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbrgh_5">information-security-indicators:IDB="RGH.5"</h4>
<div class="paragraph">
<p>Abuse of privileges by an administrator on a server or central application</p>
</div>
<div class="paragraph">
<p>The motivation of rights usurpation by an administrator is often the desire to breach the confidentiality of sensitive data (for example, human resources data). This indicator is similar to the indicator IDB_RGH.6 (but with consequences that may be however often potentially more serious).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbrgh_6">information-security-indicators:IDB="RGH.6"</h4>
<div class="paragraph">
<p>Abuse of privileges by an operator or a plain user on a server or central application</p>
</div>
<div class="paragraph">
<p>This indicator applies for example to authorized users having access to personal identifiable information aboutcelebrities with no real need for their job (thereby violating the "right to know").</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbrgh_7">information-security-indicators:IDB="RGH.7"</h4>
<div class="paragraph">
<p>Illicit use on a server or central application of rights not removed after departure or position change within the organization</p>
</div>
<div class="paragraph">
<p>This indicator also takes into account the problem of generic accounts (whose password might have been changed each time a user knowing this password is leaving organization).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbmis_1">information-security-indicators:IDB="MIS.1"</h4>
<div class="paragraph">
<p>Server resources misappropriation by an internal source</p>
</div>
<div class="paragraph">
<p>This indicators measures misappropriation of on-line IT resources for one&#8217;s own use (personal, association etc.).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidbiac_1">information-security-indicators:IDB="IAC.1"</h4>
<div class="paragraph">
<p>Access to hacking Website</p>
</div>
<div class="paragraph">
<p>This indicator measures unauthorized access to a hacking Website from an internal workstation</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsidblog_1">information-security-indicators:IDB="LOG.1"</h4>
<div class="paragraph">
<p>Deactivating of logs recording by an administrator</p>
</div>
<div class="paragraph">
<p>This event is generally decided and deployed by an administrator in order to improve performance of the system under his/her responsibility (illicit voluntary stoppage). This indicator is a reduced subset of indicator IUS_RGH.5</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_iwh">IWH</h3>
<div class="paragraph">
<p>Indicators of this category are indicators that concern all categories of incidents.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiwhvnp_1">information-security-indicators:IWH="VNP.1"</h4>
<div class="paragraph">
<p>Exploitation of a software vulnerability without available patch</p>
</div>
<div class="paragraph">
<p>This indicators measures security incidents that are the result of an exploitation of a disclosed software vulnerability that has no available patch (with or without an applied workaround measure). It is used to assess the intensity of the exploitation of recently disclosed software vulnerabilities (zero day or not). Patching here applies only to standard software (excluding bespoke software), and the scope is limited to workstations (OS, browsers and various add-ons and plug-ins, office automation standard software).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiwhvnp_2">information-security-indicators:IWH="VNP.2"</h4>
<div class="paragraph">
<p>Exploitation of a non-patched software vulnerability</p>
</div>
<div class="paragraph">
<p>This indicators measures security incidents that are the result of the exploitation of a non-patched software vulnerability though a patch exists. It is used to assess effectiveness or application of patching-related organization and processes and tools (patching not launched). It is linked with indicator VOR_VNP.2 that is intended to assess problems of exceeding the "time limit for the window of exposure to risks". It has the same limitations as IWH_VNP.1 regarding scope.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiwhvnp_3">information-security-indicators:IWH="VNP.3"</h4>
<div class="paragraph">
<p>Exploitation of a poorly-patched software vulnerability</p>
</div>
<div class="paragraph">
<p>This indicator measures security incidents that are the result of the exploitation of a poorly patched software vulnerability. It is used to assess effectiveness of patching-related organization and processes and tools (process launched but patch not operational - Cf. no reboot, etc.). It is linked with indicator VOR_VNP.1, IWH_VNP.1 and IWH_VNP.2. It has the same limitations as IWH_VNP.1 regarding scope.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiwhvcn_1">information-security-indicators:IWH="VCN.1"</h4>
<div class="paragraph">
<p>Exploitation of a configuration flaw</p>
</div>
<div class="paragraph">
<p>This indicator measures security incidents that are the result of the exploitation of a configuration flaw on servers or workstations. A configuration flaw should be considered as a nonconformity against state-of-the-art security policy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiwhukn_1">information-security-indicators:IWH="UKN.1"</h4>
<div class="paragraph">
<p>Not categorized security incidents</p>
</div>
<div class="paragraph">
<p>This indicator measures all types of incidents that are new and/or a complex combination of more basic incidents and cannot be fully qualified and therefore precisely categorized.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsiwhuna_1">information-security-indicators:IWH="UNA.1"</h4>
<div class="paragraph">
<p>Security incidents on non-inventoried and/or not managed assets</p>
</div>
<div class="paragraph">
<p>This indicator measures security incidents tied to assets (on servers) non-inventoried and not managed by appointed teams. It is a key indicator insofar as a high percentage of incidents corresponds with this indicator on average in the profession (according to some public surveys).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vbh">VBH</h3>
<div class="paragraph">
<p>Indicators of this category apply to the existence of abnormal behaviours that could lead to security incidents.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhprc_1">information-security-indicators:VBH="PRC.1"</h4>
<div class="paragraph">
<p>Server accessed by an administrator with unsecure protocols</p>
</div>
<div class="paragraph">
<p>This indicator measures the use of insecure protocols set up by an administrator to get access to organizationbased externally accessible servers making an external intrusion possible. Insecure protocol means unencrypted, without time-out, with poor authentication means etc. (for example Telnet).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhprc_2">information-security-indicators:VBH="PRC.2"</h4>
<div class="paragraph">
<p>P2P client in a workstation</p>
</div>
<div class="paragraph">
<p>This indicator measures the installation of P2P clients set up by a user on its professional workstation with the risk of partial or full sharing of the workstation content. It applies to workstations that are either connected to the organization&#8217;s network from within the organization or directly connected to the public network from outside (notably home). There is a high risk of accidental sharing (in one quarter of all cases) of files that may host confidential company data. It is most often carried out through HTTP channel (proposed on all of these services).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhprc_3">information-security-indicators:VBH="PRC.3"</h4>
<div class="paragraph">
<p>VoIP clients in a workstation</p>
</div>
<div class="paragraph">
<p>This indicator measures VoIP clients installed by a user on his/hers own workstation in order to use a peer-to-peer service. It applies to workstations connected to an organization&#8217;s network from within the organization or directly connected to the public network from outside (notably home). The associated risk is to exchange dangerous Office documents. It is most often carried out through HTTP channel (proposed on all of these services).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhprc_4">information-security-indicators:VBH="PRC.4"</h4>
<div class="paragraph">
<p>Outbound connection dangerously set up</p>
</div>
<div class="paragraph">
<p>This indicator measures outbound connection dangerously set up to get remote access to the company&#8217;s internal network without using an inbound VPN link and a focal access point with possible exploitation by an external intruder. The outbound connection method consists for example in using a GoToMyPC™ software or a LogMeIn® software or a computer to computer connection in tunnel mode.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhprc_5">information-security-indicators:VBH="PRC.5"</h4>
<div class="paragraph">
<p>Not compliant laptop computer used to establish a connection</p>
</div>
<div class="paragraph">
<p>This indicator measures remote or local connection to the organization&#8217;s internal network from a roaming laptop computer that is organization-owned and is configured with weak parameters. In this situation and in case of the existence of a software to check compliance of roaming computers, another related software blocks the connection in principle and prevents its continuation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhprc_6">information-security-indicators:VBH="PRC.6"</h4>
<div class="paragraph">
<p>Other unsecure protocols used</p>
</div>
<div class="paragraph">
<p>This indicator measures other unsecure or dangerous protocols set up with similar behaviours. The other cases are the other than the 5 previous ones (VBH_PRC.1 to VBH_PRC.5). It relates to dangerous or abusive usages, i.e. situations where usages are not required and where other more secure solutions exist.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhiac_1">information-security-indicators:VBH="IAC.1"</h4>
<div class="paragraph">
<p>Outbound controls bypassed to access Internet</p>
</div>
<div class="paragraph">
<p>This indicator measures the detection of Internet access from the internal network by means that bypass the outbound security devices. It primarily relates to Internet accesses from a perimeter area or to tunnelling (SSL port 443) or to straight accesses (via an ADSL link or public Wi-Fi access points and the telephone network) or to accesses via Smartphones connected to the workstation. The main underlying motivation is to prevent user tracking.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhiac_2">information-security-indicators:VBH="IAC.2"</h4>
<div class="paragraph">
<p>Anonymization site used to access Internet</p>
</div>
<div class="paragraph">
<p>This indicator measures the detection of anonymous Internet access from an internal workstation through an anonymization site. The goal is to maintain free access and to avoid organization&#8217;s filtering of accesses to forbidden websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhftr_1">information-security-indicators:VBH="FTR.1"</h4>
<div class="paragraph">
<p>Files recklessly downloaded</p>
</div>
<div class="paragraph">
<p>This indicator measures the download of files from an external website that is not known (no reputation) within the profession to an internal workstation. "No reputation" can be assessed by information provided by URL outbound filtering devices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhftr_2">information-security-indicators:VBH="FTR.2"</h4>
<div class="paragraph">
<p>Personal public instant messaging account used for business file exchanges</p>
</div>
<div class="paragraph">
<p>This indicator measures the use of personal public instant messaging accounts for business exchanges with outside. This file exchange method has to be avoided due to network AV software bypassing and to identify lesser effectiveness of AV software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhftr_3">information-security-indicators:VBH="FTR.3"</h4>
<div class="paragraph">
<p>Personal public messaging account used for business file exchanges</p>
</div>
<div class="paragraph">
<p>This indicator measures the use of personal public messaging accounts for business file exchanges with the exterior. The risk is to expose information to external attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhwti_1">information-security-indicators:VBH="WTI.1"</h4>
<div class="paragraph">
<p>Workstations accessed in administrator mode</p>
</div>
<div class="paragraph">
<p>This indicator measures access to workstations in administrator mode without authorization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhwti_2">information-security-indicators:VBH="WTI.2"</h4>
<div class="paragraph">
<p>Personal storage devices used</p>
</div>
<div class="paragraph">
<p>This indicator measures the use personal storage devices on a professional workstation to input or output information or software. Mobile or removable personal storage devices include USB tokens, smartphones, tablets, etc. It is not applicable to personal devices authorized by security policy (Cf. VBH_WTI.3 and BYOD).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhwti_3">information-security-indicators:VBH="WTI.3"</h4>
<div class="paragraph">
<p>Personal devices used without compartmentalization (BYOD)</p>
</div>
<div class="paragraph">
<p>This indicator measures the lack of or the removal of basic security measures meant to compartmentalize professional activities on personal devices. Personal devices (BYOD) include PCs, tablets, smartphones, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhwti_4">information-security-indicators:VBH="WTI.4"</h4>
<div class="paragraph">
<p>Not encrypted sensitive files exported</p>
</div>
<div class="paragraph">
<p>This indicator measures the lack of encryption of sensitive files uploaded from a professional workstation to professional mobile or removable storage devices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhwti_5">information-security-indicators:VBH="WTI.5"</h4>
<div class="paragraph">
<p>Personal software used</p>
</div>
<div class="paragraph">
<p>This indicator measures the presence of personal software on a professional workstation that does not comply with the corporate security policy. It corresponds with all types of local unauthorized software (with a user licence or not), such as common personal software (games, office automation etc.) or more dangerous ones (hacking etc.). It should be added that VBH_PRC.2 and VBH_PRC.3 are a share of this indicator, and that this indicator is a subset of VBH_WTI.1.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhwti_6">information-security-indicators:VBH="WTI.6"</h4>
<div class="paragraph">
<p>Mailbox or Internet access with admin mode</p>
</div>
<div class="paragraph">
<p>This indicator applies to users using their admin account on a workstation.to access their own mailbox or Internet. This behaviour is particularly dangerous since malware (through attached pieces on email or drive-by download on Web browser) are far easier to install on the workstation in this case.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhpsw_1">information-security-indicators:VBH="PSW.1"</h4>
<div class="paragraph">
<p>Weak passwords used</p>
</div>
<div class="paragraph">
<p>The required strength of passwords depends on the organization&#8217;s security policy, but usable general recommendations in ISO/IEC 27002 [2].</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhpsw_2">information-security-indicators:VBH="PSW.2"</h4>
<div class="paragraph">
<p>Passwords not changed</p>
</div>
<div class="paragraph">
<p>This indicators measures password not changed in due periodic time (case of changes not periodically imposed). Situations in which changes are not periodically imposed by accessed systems themselves remain fairly frequent within organizations (apart from Active Directory), the figure being around 25 % of the cases on average.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhpsw_3">information-security-indicators:VBH="PSW.3"</h4>
<div class="paragraph">
<p>Administrator passwords not changed</p>
</div>
<div class="paragraph">
<p>This indicators measures password not changed in due periodic time by an administrator in charge of an account used by automated applications and processes (case of changes not periodically imposed). Situations in which changes are not periodically imposed by accessed systems themselves remain fairly frequent within organizations (apart from Active Directory), the figure being around 25 % of the cases on average.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhrgh_1">information-security-indicators:VBH="RGH.1"</h4>
<div class="paragraph">
<p>Not compliant user rights granted illicitly by an administrator</p>
</div>
<div class="paragraph">
<p>This indicator measures the granting of not compliant user rights by an administrator outside any official procedure. This vulnerability may originate with an error, negligence or malice.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhhuw_1">information-security-indicators:VBH="HUW.1"</h4>
<div class="paragraph">
<p>Human weakness exploited by a spear phishing message meant to entice or appeal to do something possibly harmful to the organization</p>
</div>
<div class="paragraph">
<p>This vulnerability typically includes clicking on an Internet link or opening an attached document</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvbhhuw_2">information-security-indicators:VBH="HUW.2"</h4>
<div class="literalblock">
<div class="content">
<pre>Human weakness exploited by exchanges meant to entice or appeal to tell some secrets to be used later</pre>
</div>
</div>
<div class="paragraph">
<p>This vulnerability applies to discussions through on-line media leading to leakage of personal identifiable information (PII) or various business details to be used later (notably for identity usurpation)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vsw">VSW</h3>
<div class="paragraph">
<p>Indicators of this category apply to the existence of weaknesses in software that could be exploited and lead to security incidents.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvswwsr_1">information-security-indicators:VSW="WSR.1"</h4>
<div class="paragraph">
<p>Web applications software vulnerabilities</p>
</div>
<div class="paragraph">
<p>This indicators measures software vulnerabilities detected in Web applications running on externally accessible servers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvswosw_1">information-security-indicators:VSW="OSW.1"</h4>
<div class="paragraph">
<p>OS software vulnerabilities regarding servers</p>
</div>
<div class="paragraph">
<p>This indicators measures software vulnerabilities detected in OS running on externally accessible servers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvswwbr_1">information-security-indicators:VSW="WBR.1"</h4>
<div class="paragraph">
<p>Web browsers software vulnerabilities</p>
</div>
<div class="paragraph">
<p>This indicators measures software vulnerabilities detected in Web browsers running on workstations.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vcf">VCF</h3>
<div class="paragraph">
<p>Indicators of this category apply to the existence of weaknesses in the configuration of IT devices that could be exploited and lead to security incidents.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfdis_1">information-security-indicators:VCF="DIS.1"</h4>
<div class="paragraph">
<p>Dangerous or illicit services on externally accessible servers</p>
</div>
<div class="paragraph">
<p>This indicator measures the presence of illicit and dangerous system services running on an externally accessible server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcflog_1">information-security-indicators:VCF="LOG.1"</h4>
<div class="paragraph">
<p>Insufficient size of the space allocated for logs</p>
</div>
<div class="paragraph">
<p>Such event could cause an overflow in case of quick series of unusual actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcffwr_1">information-security-indicators:VCF="FWR.1"</h4>
<div class="paragraph">
<p>Weak firewall filtering rules</p>
</div>
<div class="paragraph">
<p>This indicator measures the gaps between the active firewall filtering rules and the security policy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfwti_1">information-security-indicators:VCF="WTI.1"</h4>
<div class="paragraph">
<p>Workstation wrongly configured</p>
</div>
<div class="paragraph">
<p>This indicator measures the use of workstation with a disabled or lacking update AV and/or FW. The lack of update includes signature file older than x days (generally at least 6 days).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfwti_2">information-security-indicators:VCF="WTI.2"</h4>
<div class="paragraph">
<p>Autorun feature enabled on workstations</p>
</div>
<div class="paragraph">
<p>This indicator measures the presence of Autorun feature enabled on workstations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfuac_1">information-security-indicators:VCF="UAC.1"</h4>
<div class="paragraph">
<p>Access rights configuration not compliant with the security policy</p>
</div>
<div class="paragraph">
<p>This indicator measures access rights configuration that are not compliant with corporate security policy. This indicator is more reliable in case of existence of a central repository of user rights within organization (and of an IAM achievement)</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfuac_2">information-security-indicators:VCF="UAC.2"</h4>
<div class="paragraph">
<p>Not compliant access rights on logs</p>
</div>
<div class="paragraph">
<p>This indicator measures non-compliant access rights on logs in servers which are sensitive and/or subject to regulations. This situation representing a key weakness since the necessary high confidence in the produced logs has been reduced to nothing. This indicator is a subset of VCF_UAC.1.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfuac_3">information-security-indicators:VCF="UAC.3"</h4>
<div class="paragraph">
<p>Generic and shared administrator accounts</p>
</div>
<div class="paragraph">
<p>This indicator measures generic and shared administration accounts that are unnecessary or accounts that are necessary but without patronage. It concerns operating systems, databases and applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfuac_4">information-security-indicators:VCF="UAC.4"</h4>
<div class="paragraph">
<p>Accounts without owners</p>
</div>
<div class="paragraph">
<p>This indicator measures accounts without owners that have not been erased. These are accounts that have no more assigned users (for example after internal transfer or departure of the users from organization).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvcfuac_5">information-security-indicators:VCF="UAC.5"</h4>
<div class="paragraph">
<p>Inactive accounts</p>
</div>
<div class="paragraph">
<p>This indicator measures accounts inactive for at least 2 months that have not been disabled. These accounts are not used by their users due to prolonged but not definitive absence (long term illness, maternity, etc.), with the exclusion of messaging accounts (which should remain accessible to users from their home).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vtc">VTC</h3>
<div class="paragraph">
<p>Indicators of this category measure the existence of weaknesses in the IT and physical architecture that could be exploited and lead to security incidents.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvtcbkp_1">information-security-indicators:VTC="BKP.1"</h4>
<div class="paragraph">
<p>Malfunction of server-hosted sensitive data safeguards</p>
</div>
<div class="paragraph">
<p>On servers hosting sensitive data with respect to availability, it concerns malfunctions of safeguards due to lack of periodic testing. This kind of event may be very serious since usually put trust is betrayed in a critical function.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvtcids_1">information-security-indicators:VTC="IDS.1"</h4>
<div class="paragraph">
<p>Full unavailability of IDS/IPS</p>
</div>
<div class="paragraph">
<p>Many causes are possible, including deliberate disconnection by a network administrator (to streamline operations or since IDS/IPS output is deemed too difficult to use), unwitting disconnection (error by a network administrator), breakdown, software malfunction, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvtcwfi_1">information-security-indicators:VTC="WFI.1"</h4>
<div class="paragraph">
<p>Wi-Fi devices installed on the network without any official authorization</p>
</div>
<div class="paragraph">
<p>Many causes are possible, including for example local decisions for easier access of mobile users, rogue user behaviours or workstations configured as access points.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvtcrap_1">information-security-indicators:VTC="RAP.1"</h4>
<div class="paragraph">
<p>Remote access points used to gain unauthorized access</p>
</div>
<div class="paragraph">
<p>This indicator is interesting to assess whether such accesses are localized (local areas, countries, etc.) or involve the whole organization or are increasing and spreading to whole organization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvtcnrg_1">information-security-indicators:VTC="NRG.1"</h4>
<div class="paragraph">
<p>Devices or servers connected to the organization&#8217;s network without being registered and managed</p>
</div>
<div class="paragraph">
<p>According to some convergent studies, this event may be at the origin of some 70 % of all security incidents associated to malice.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvtcphy_1">information-security-indicators:VTC="PHY.1"</h4>
<div class="paragraph">
<p>Not operational physical access control means</p>
</div>
<div class="paragraph">
<p>This indicator includes access to protected internal areas. The 1st cause is the lack of effective control of users at software level. The 2nd cause is hardware breakdown of a component in the chain.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vor">VOR</h3>
<div class="paragraph">
<p>Indicators of this category measure the existence of weaknesses in the organization that could be exploited and lead to security incidents.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvordsc_1">information-security-indicators:VOR="DSC.1"</h4>
<div class="paragraph">
<p>Discovery of attacks</p>
</div>
<div class="paragraph">
<p>This indicator measures stealthy security incidents difficult to detect. As most studies show, the time to discovery is often several months, time frame especially used to steal sensitive data. Incidents taken into account here are IEX_INT.3, IEX_MLW.3 and IEX_MLW.4. This indicator give landmarks regarding what may be deemed excessive, i.e. with an assumption which is above one week.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorvnp_1">information-security-indicators:VOR="VNP.1"</h4>
<div class="paragraph">
<p>Excessive time of window of risk exposure</p>
</div>
<div class="paragraph">
<p>This indicator measures situations in which the time of the window of risk exposure exceeds the time limit expressed in security policy. The window of risks exposure is the period of time between the public disclosure of a software vulnerability and the actual and checked application of a patch that corresponds with the vulnerability&#8217;s remediation (independently of the time needed for the vendor to provide the patch). This indicator only applies to workstations (OS, application software and browsers), and to critical vulnerabilities (as publicly determined via the CVSS scale) that require an action as quickly as possible.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorvnp_2">information-security-indicators:VOR="VNP.2"</h4>
<div class="paragraph">
<p>Rate of not patched systems</p>
</div>
<div class="paragraph">
<p>This indicator measures the rate of not patched systems for detected critical software vulnerabilities (see VOR_VNP.1 for criticality definition). Not patched systems to be taken into account are the ones which are not patched beyond the time limit defined in security policy. This indicator only applies to workstations (OS, application software and browsers).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorvnr_1">information-security-indicators:VOR="VNR.1"</h4>
<div class="paragraph">
<p>Rate of not reconfigured systems</p>
</div>
<div class="paragraph">
<p>This indicator measures the rate of not reconfigured systems for detected critical configuration vulnerabilities. Configuration vulnerabilities are either non-conformities relative to a level 3 security policy, or discrepancies relative to a state-of-the-art available within the profession (and that can correspond with a configuration master produced by a vendor and applied within the organization). This indicator only applies to workstations (OS, application software and browsers). Not reconfigured systems to be taken into account are the ones which are not reconfigured beyond the time limit defined in security policy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorrct_1">information-security-indicators:VOR="RCT.1"</h4>
<div class="paragraph">
<p>Reaction plans launched without experience feedback</p>
</div>
<div class="paragraph">
<p>This indicator applies to plans for responding to incidents formalized in security policy launched without experience feedback.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorrct_2">information-security-indicators:VOR="RCT.2"</h4>
<div class="paragraph">
<p>Reaction plans unsuccessfully launched</p>
</div>
<div class="paragraph">
<p>This indicator measures failure in the performance of plans, leading to non-recovery of incidents and to subsequent possible launch of an escalation procedure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorprt_1">information-security-indicators:VOR="PRT.1"</h4>
<div class="paragraph">
<p>Launch of new IT projects without information classification</p>
</div>
<div class="paragraph">
<p>This indicator measures the launch of new IT projects without information classification. Availability of a classification model and scheme within the organization would make easier this task.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorprt_2">information-security-indicators:VOR="PRT.2"</h4>
<div class="paragraph">
<p>Launch of new specific IT projects without risk analysis</p>
</div>
<div class="paragraph">
<p>This indicator measures the launch of new specific IT projects without performing a full risk analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsvorprt_3">information-security-indicators:VOR="PRT.3"</h4>
<div class="literalblock">
<div class="content">
<pre>Launch of new IT projects of a standard type without identification of vulnerabilities and threats</pre>
</div>
</div>
<div class="paragraph">
<p>This indicator measures the launch of new IT projects of a standard type without identification of vulnerabilities and threats and of related security measures. For these IT projects, potential implementation of a simplified risk analysis method or of pre-defined security profiles can be applied.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_imp">IMP</h3>
<div class="paragraph">
<p>Indicators as regards impact measurement.</p>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimpcos_1">information-security-indicators:IMP="COS.1"</h4>
<div class="paragraph">
<p>Average cost to tackle a critical security incident</p>
</div>
<div class="paragraph">
<p>The average cost taken into account includes the following kinds of overhead: disruption to business operations (increased operating costs, etc.), fraud (money, etc.) and incident recovery costs (technical individual time, asset replacement, etc.). It does not include possible (generally very heavy) breach notification costs to customers and enforcement bodies (according to US and recently EU laws or regulations).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimptim_1">information-security-indicators:IMP="TIM.1"</h4>
<div class="paragraph">
<p>Average time of Websites downtime due to whole security incidents</p>
</div>
<div class="paragraph">
<p>Applies to all 4 classes, but main security incidents concerned are malfunctions or breakdowns (software or hardware), DoS or DDoS attacks and Website defacements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimptim_2">information-security-indicators:IMP="TIM.2"</h4>
<div class="paragraph">
<p>Average time of Websites downtime due to successful malicious attacks</p>
</div>
<div class="paragraph">
<p>This indicator is a subset of the previous one (IMP_TIM.1) focusing on 3 possible classes (IEX, IUS, IMD).</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicatorsimptim_3">information-security-indicators:IMP="TIM.3"</h4>
<div class="paragraph">
<p>Average time of Websites downtime due to malfunctions or unintentional security incidents</p>
</div>
<div class="paragraph">
<p>This indicator is a subset of IMP_TIM.1 focusing on one class (IMF).</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_interactive_cyber_training_audience">interactive-cyber-training-audience</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
interactive-cyber-training-audience namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/interactive-cyber-training-audience/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Describes the target of cyber training and education.</p>
</div>
<div class="sect2">
<h3 id="_sector_2">sector</h3>
<div class="paragraph">
<p>The sector from which the audience comes determines the nature of the training.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencesectoracademic_school">interactive-cyber-training-audience:sector="academic-school"</h4>
<div class="paragraph">
<p>Academic - School</p>
</div>
<div class="paragraph">
<p>The focus is on the principles underlying cybersecurity, ranging from theoretical to applied, at school level.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencesectoracademic_university">interactive-cyber-training-audience:sector="academic-university"</h4>
<div class="paragraph">
<p>Academic - University</p>
</div>
<div class="paragraph">
<p>The focus is on the principles underlying cybersecurity, ranging from theoretical to applied, at university level.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencesectorpublic_government">interactive-cyber-training-audience:sector="public-government"</h4>
<div class="paragraph">
<p>Public - Government</p>
</div>
<div class="paragraph">
<p>In public sector such as government, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencesectorpublic_authorities">interactive-cyber-training-audience:sector="public-authorities"</h4>
<div class="paragraph">
<p>Public - Authorities</p>
</div>
<div class="paragraph">
<p>In public sector such as authorities, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencesectorpublic_ngo">interactive-cyber-training-audience:sector="public-ngo"</h4>
<div class="paragraph">
<p>Public - NGO</p>
</div>
<div class="paragraph">
<p>In public sector such as NGO, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencesectorpublic_military">interactive-cyber-training-audience:sector="public-military"</h4>
<div class="paragraph">
<p>Public - Military</p>
</div>
<div class="paragraph">
<p>In public sector such as military sector, Cybersecurity is seen as tool to protect the public interest. Hence, it emphasizes on developing policies and systems to implement laws and regulations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencesectorprivate">interactive-cyber-training-audience:sector="private"</h4>
<div class="paragraph">
<p>Private</p>
</div>
<div class="paragraph">
<p>The private sector and industry focuses more on protecting its investments. The effectiveness of security mechanisms and people are more important than principles they embody.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_purpose">purpose</h3>
<div class="paragraph">
<p>Purpose answered the question for which reason trainings should be used.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencepurposeawareness">interactive-cyber-training-audience:purpose="awareness"</h4>
<div class="paragraph">
<p>Awareness</p>
</div>
<div class="paragraph">
<p>This training should be used to raise the awareness in multiple and different security threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencepurposeskills">interactive-cyber-training-audience:purpose="skills"</h4>
<div class="paragraph">
<p>Skills</p>
</div>
<div class="paragraph">
<p>This training should be used to recognize the different skill levels of the participants so that can they be improved in a targeted manner.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencepurposecollaboration">interactive-cyber-training-audience:purpose="collaboration"</h4>
<div class="paragraph">
<p>Collaboration</p>
</div>
<div class="paragraph">
<p>This training should be used to improve the cooperation within a team or beyond.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencepurposecommunication">interactive-cyber-training-audience:purpose="communication"</h4>
<div class="paragraph">
<p>Communication</p>
</div>
<div class="paragraph">
<p>This training should be used to increase the efficiency of internal and external communication in case of an incident.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencepurposeleadership">interactive-cyber-training-audience:purpose="leadership"</h4>
<div class="paragraph">
<p>Leadership</p>
</div>
<div class="paragraph">
<p>This training should be used to improve the management and coordination of the responsible entities.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_proficiency_level">proficiency-level</h3>
<div class="paragraph">
<p>Proficiency describes the knowledge of users and what they are able to do.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audienceproficiency_levelbeginner">interactive-cyber-training-audience:proficiency-level="beginner"</h4>
<div class="paragraph">
<p>Beginner</p>
</div>
<div class="paragraph">
<p>The lowest level. Beginner are limited in abilities and knowledge. They have the possibility to use foundational conceptual and procedural knowledge in a controlled and limited environment. Beginners cannot solve critical tasks and need significant supervision. They are able to perform daily processing tasks. The focus is on learning.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audienceproficiency_levelprofessional">interactive-cyber-training-audience:proficiency-level="professional"</h4>
<div class="paragraph">
<p>Professional</p>
</div>
<div class="paragraph">
<p>The mid level. Professionals have deeper knowledge and understanding in specific sectors. For these sectors they are able to complete tasks as requested. Sometimes supervision is needed but usually they perform independently. The focus is on enhancing and applying existing knowledge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audienceproficiency_levelexpert">interactive-cyber-training-audience:proficiency-level="expert"</h4>
<div class="paragraph">
<p>Expert</p>
</div>
<div class="paragraph">
<p>The highest level. Experts have deeper knowledge and understanding in different sectors. They complete tasks self-dependent and have the possibilities to achieve goals in the most effective and efficient way. Experts have comprehensive understanding and abilities to lead and train others. The focus is on strategic action.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_target_audience">target-audience</h3>
<div class="paragraph">
<p>Target audience describes the audience, which is targeted by the training.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencetarget_audiencestudent_trainee">interactive-cyber-training-audience:target-audience="student-trainee"</h4>
<div class="paragraph">
<p>Student/Trainee</p>
</div>
<div class="paragraph">
<p>Student and trainees have little to none practical knowledge. Training can be used for students and trainees, to enhance their knowledge and to practice theoretical courses.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencetarget_audienceit_user">interactive-cyber-training-audience:target-audience="it-user"</h4>
<div class="paragraph">
<p>IT User</p>
</div>
<div class="paragraph">
<p>IT users use the IT but have little to none knowledge about IT security. Users can get trained to understand principles of IT security and to grow awareness.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencetarget_audienceit_professional">interactive-cyber-training-audience:target-audience="it-professional"</h4>
<div class="paragraph">
<p>IT Professional</p>
</div>
<div class="paragraph">
<p>Professionals have little to medium knowledge about IT security. Their professional focus is in specific sectors, therefore, they receive IT security knowledge for their sectors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencetarget_audienceit_specialist">interactive-cyber-training-audience:target-audience="it-specialist"</h4>
<div class="paragraph">
<p>IT Specialist</p>
</div>
<div class="paragraph">
<p>Specialists already have a comprehensive knowledge in IT security. Therefore, the training is focussed on specific aspects.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_audiencetarget_audiencemanagement">interactive-cyber-training-audience:target-audience="management"</h4>
<div class="paragraph">
<p>Management</p>
</div>
<div class="paragraph">
<p>Management has little knowledge about IT security, but a broad overview. By the training, management can understand changed settings better.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_interactive_cyber_training_technical_setup">interactive-cyber-training-technical-setup</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
interactive-cyber-training-technical-setup namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/interactive-cyber-training-technical-setup/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The technical setup consists of environment structure, deployment, and orchestration.</p>
</div>
<div class="sect2">
<h3 id="_environment_structure">environment-structure</h3>
<div class="paragraph">
<p>The environment structure refers to the basic characteristic of the event.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupenvironment_structuretabletop_style">interactive-cyber-training-technical-setup:environment-structure="tabletop-style"</h4>
<div class="paragraph">
<p>Tabletop Style</p>
</div>
<div class="paragraph">
<p>A session that involves the movement of counters or other objects round a board or on a flat surface</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupenvironment_structureonline_collaboration_platform">interactive-cyber-training-technical-setup:environment-structure="online-collaboration-platform"</h4>
<div class="paragraph">
<p>Online Platform - Collaboration Platform</p>
</div>
<div class="paragraph">
<p>The environment allows organizations to incorporate real-time communication capabilities and providing remote access to other systems. This includes the exchange of files and messages in text, audio, and video formats between different computers or users.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupenvironment_structureonline_e_learning_platform">interactive-cyber-training-technical-setup:environment-structure="online-e-learning-platform"</h4>
<div class="paragraph">
<p>Online Platform - E-Learning Platform</p>
</div>
<div class="paragraph">
<p>A software application for the administration, documentation, tracking, reporting, and delivery of educational courses, training programs, or learning and development programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupenvironment_structurehosting">interactive-cyber-training-technical-setup:environment-structure="hosting"</h4>
<div class="paragraph">
<p>Hosting</p>
</div>
<div class="paragraph">
<p>A cyber training based on single hosts uses primarily a personal computer to providing tasks and challenges for a user. It allows a direct interaction with the systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupenvironment_structuresimulated_network_infrastructure">interactive-cyber-training-technical-setup:environment-structure="simulated-network-infrastructure"</h4>
<div class="paragraph">
<p>Network Infrastruture - Simulated</p>
</div>
<div class="paragraph">
<p>Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). A simulation copies the network components from the real world into a virtual environment. It provides an idea about how something works. It simulates the basic behavior but does not necessarily abide to all the rules of the real systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupenvironment_structureemulated_network_infrastructure">interactive-cyber-training-technical-setup:environment-structure="emulated-network-infrastructure"</h4>
<div class="paragraph">
<p>Network Infrastruture - Emulated</p>
</div>
<div class="paragraph">
<p>Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). An emulator duplicates things exactly as they exist in real life. The emulation is effectively a complete imitation of the real thing. It operates in a virtual environment instead of the real world.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupenvironment_structurereal_network_infrastructure">interactive-cyber-training-technical-setup:environment-structure="real-network-infrastructure"</h4>
<div class="paragraph">
<p>Network Infrastruture - Real</p>
</div>
<div class="paragraph">
<p>Dependent of the realization type, a network-based environment consists of servers and clients, which are connected to each other in a local area network (LAN) or wide area network (WAN). In a real network infrastructure, physical components are used to connect the systems and to setup a scenario.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_deployment">deployment</h3>
<div class="paragraph">
<p>The environment of cyber training can either be deployed on premise or on cloud infrastructures</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupdeploymentphysical_on_premise">interactive-cyber-training-technical-setup:deployment="physical-on-premise"</h4>
<div class="paragraph">
<p>On Premise - Physical</p>
</div>
<div class="paragraph">
<p>The environment for the training run on physical machines. The data is stored locally and not on cloud; nor is a third party involved. The advantages of on premise solutions are the physical accessibility, which makes it possible to use the complete range of cyber challenges.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupdeploymentvirtual_on_premise">interactive-cyber-training-technical-setup:deployment="virtual-on-premise"</h4>
<div class="paragraph">
<p>On Premise - Virtual</p>
</div>
<div class="paragraph">
<p>The environment for the training run virtual machines. The data is stored locally and not on cloud; nor is a third party involved. The benefit of virtual machines is the maximum of configurability. The advantages of on premise solutions are the physical accessibility, which makes it possible to use the complete range of cyber challenges.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setupdeploymentcloud">interactive-cyber-training-technical-setup:deployment="cloud"</h4>
<div class="paragraph">
<p>Cloud</p>
</div>
<div class="paragraph">
<p>Training setup deployed in the cloud has on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. In contrast to on premise setups, cloud solutions are rapid elastic on request. So the training can be adapted flexible on a large amount of users and is easily usable world wide.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_orchestration">orchestration</h3>
<div class="paragraph">
<p>The composition of parts and components of a pool of tasks. The goal is to setup a holistic scenario and integrate cyber training session. Furthermore, it includes a declarative description of the overall process in the form of a composite and harmonic collaboration.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationnone_automation">interactive-cyber-training-technical-setup:orchestration="none-automation"</h4>
<div class="paragraph">
<p>None Automation</p>
</div>
<div class="paragraph">
<p>Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here none automation is present.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationpartially_automation">interactive-cyber-training-technical-setup:orchestration="partially-automation"</h4>
<div class="paragraph">
<p>Partially Automation</p>
</div>
<div class="paragraph">
<p>Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here partially automated.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationcomplete_automation">interactive-cyber-training-technical-setup:orchestration="complete-automation"</h4>
<div class="paragraph">
<p>Complete Automation</p>
</div>
<div class="paragraph">
<p>Specifies the automation of processes and the amount of human interaction with the system to maintain and administrate, especially for repetitive exercise; Here full-automated.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationportability_miscellaneous">interactive-cyber-training-technical-setup:orchestration="portability-miscellaneous"</h4>
<div class="paragraph">
<p>Portability - Miscellaneous</p>
</div>
<div class="paragraph">
<p>Miscellaneous approaches are used to ensure the possibility to exchange data, challenges, or entire scenarios to other environments or locations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationportability_exchangenable_format">interactive-cyber-training-technical-setup:orchestration="portability-exchangenable-format"</h4>
<div class="paragraph">
<p>Portability - Exchangenable Format</p>
</div>
<div class="paragraph">
<p>Common data format (YALM, XML, JSON, &#8230;&#8203;) is used to ensure the possibility to exchange data, challenges, or entire scenarios to other environments or locations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationmaintainability_modifiability">interactive-cyber-training-technical-setup:orchestration="maintainability-modifiability"</h4>
<div class="paragraph">
<p>Maintability - Modifiability</p>
</div>
<div class="paragraph">
<p>Maintainability represents effectiveness and efficiency with which a session can be modified or adapted to changes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationmaintainability_modularity">interactive-cyber-training-technical-setup:orchestration="maintainability-modularity"</h4>
<div class="paragraph">
<p>Maintability - Modularity</p>
</div>
<div class="paragraph">
<p>A modular concept has advantages in reusability and combinability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_technical_setuporchestrationcompatibility">interactive-cyber-training-technical-setup:orchestration="compatibility"</h4>
<div class="paragraph">
<p>Compatibility</p>
</div>
<div class="paragraph">
<p>The Compatibility deals with the technical interaction possibilities via interfaces to other applications, data, and protocols.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_interactive_cyber_training_training_environment">interactive-cyber-training-training-environment</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
interactive-cyber-training-training-environment namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/interactive-cyber-training-training-environment/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The training environment details the environment around the training, consisting of training type and scenario.</p>
</div>
<div class="sect2">
<h3 id="_training_type">training-type</h3>
<div class="paragraph">
<p>Education in cybersecurity follows different approaches. The level of interaction and hands-on experience distinguishes different types of training.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typetabletop_game_speech">interactive-cyber-training-training-environment:training-type="tabletop-game-speech"</h4>
<div class="paragraph">
<p>Tabletop Game - Speech</p>
</div>
<div class="paragraph">
<p>Table Top training -here based on speech-only- are a lightweight, but intellectually intense exercise. In this setting, the involved teams or participants focus on opposing missions. On a theoretical basis, the teams develop different strategies and countermeasures to explore the offensive cyber effects on operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typetabletop_game_text">interactive-cyber-training-training-environment:training-type="tabletop-game-text"</h4>
<div class="paragraph">
<p>Tabletop Game - text</p>
</div>
<div class="paragraph">
<p>Table Top training -here based on text-only- are a lightweight, but intellectually intense exercise. In this setting, the involved teams or participants focus on opposing missions. On a theoretical basis, the teams develop different strategies and countermeasures to explore the offensive cyber effects on operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typetabletop_game_multimedia">interactive-cyber-training-training-environment:training-type="tabletop-game-multimedia"</h4>
<div class="paragraph">
<p>Tabletop Game - Multimedia</p>
</div>
<div class="paragraph">
<p>Table Top training -here based on multimedia- are a lightweight, but intellectually intense exercise. In this setting, the involved teams or participants focus on opposing missions. On a theoretical basis, the teams develop different strategies and countermeasures to explore the offensive cyber effects on operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecapture_the_flag_quiz">interactive-cyber-training-training-environment:training-type="capture-the-flag-quiz"</h4>
<div class="paragraph">
<p>Capture the Flag - Quiz</p>
</div>
<div class="paragraph">
<p>Capture the Flag (CTF) is a well-known cybersecurity contest in which participants compete in real-time, which can exists as a quiz.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecapture_the_flag_jeopardy">interactive-cyber-training-training-environment:training-type="capture-the-flag-jeopardy"</h4>
<div class="paragraph">
<p>Capture the Flag - Jeopardy</p>
</div>
<div class="paragraph">
<p>Capture the Flag (CTF) is a well-known cybersecurity contest in which participants compete in real-time, which can exists as jeopardy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecapture_the_flag_attack">interactive-cyber-training-training-environment:training-type="capture-the-flag-attack"</h4>
<div class="paragraph">
<p>Capture the Flag - Attack</p>
</div>
<div class="paragraph">
<p>Capture the Flag (CTF) is a well-known cybersecurity contest in which participants compete in real-time, which can exists as an attack-only scenario.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecapture_the_flag_defence">interactive-cyber-training-training-environment:training-type="capture-the-flag-defence"</h4>
<div class="paragraph">
<p>Capture the Flag - Defence</p>
</div>
<div class="paragraph">
<p>Capture the Flag (CTF) is a well-known cybersecurity contest in which participants compete in real-time, which can exists as an defence-only scenario.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecapture_the_flag_attack_defence">interactive-cyber-training-training-environment:training-type="capture-the-flag-attack-defence"</h4>
<div class="paragraph">
<p>Capture the Flag - Attack-Defence</p>
</div>
<div class="paragraph">
<p>Capture the Flag (CTF) is a well-known cybersecurity contest in which participants compete in real-time, which can exists as an attack-defence scenario.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecyber_training_range_classroom_practice">interactive-cyber-training-training-environment:training-type="cyber-training-range-classroom-practice"</h4>
<div class="paragraph">
<p>Cyber Training Range - Classroom Practice</p>
</div>
<div class="paragraph">
<p>A cyber range provides an environment to practice network operation skills. It should represent real-world scenarios and offer isolation from other networks to contain malicious activity. In this training type, complex attacks take place in a simulated environment. The participants perform divers educational hands-on activities according to their role. In these trainings the roles that are not covered by participants are simulated or covered by the instructors. Trainings can be classroom practice.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecyber_training_range_single_team_training">interactive-cyber-training-training-environment:training-type="cyber-training-range-single-team-training"</h4>
<div class="paragraph">
<p>Cyber Training Range - Single Team Training</p>
</div>
<div class="paragraph">
<p>A cyber range provides an environment to practice network operation skills. It should represent real-world scenarios and offer isolation from other networks to contain malicious activity. In this training type, complex attacks take place in a simulated environment. The participants perform divers educational hands-on activities according to their role. In these trainings the roles that are not covered by participants are simulated or covered by the instructors. Trainings can be single team trainings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typecyber_training_range_multiple_team_training">interactive-cyber-training-training-environment:training-type="cyber-training-range-multiple-team-training"</h4>
<div class="paragraph">
<p>Cyber Training Range - Multiple Team Training</p>
</div>
<div class="paragraph">
<p>A cyber range provides an environment to practice network operation skills. It should represent real-world scenarios and offer isolation from other networks to contain malicious activity. In this training type, complex attacks take place in a simulated environment. The participants perform divers educational hands-on activities according to their role. In these trainings the roles that are not covered by participants are simulated or covered by the instructors. Trainings can be multiple team trainings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmenttraining_typeproject_approach">interactive-cyber-training-training-environment:training-type="project-approach"</h4>
<div class="paragraph">
<p>Project Approach</p>
</div>
<div class="paragraph">
<p>In this type of training, hands-on projects are to be completed during the training. Thereby, the participants learn and understand the basic concepts of security. During the projects, the teachers can intervene and control the learning process.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_scenario">scenario</h3>
<div class="paragraph">
<p>The scenario is a main component of cybersecurity training. Scenarios are needed to reach the goal of the training.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariosupervised">interactive-cyber-training-training-environment:scenario="supervised"</h4>
<div class="paragraph">
<p>Supervision: Supervised</p>
</div>
<div class="paragraph">
<p>Describes if the training is supervised. For instance, cyber range trainings are typically supervised.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariounsupervised">interactive-cyber-training-training-environment:scenario="unsupervised"</h4>
<div class="paragraph">
<p>Supervision: Unsupervised</p>
</div>
<div class="paragraph">
<p>Describes if the training is unsupervised. For instance, jeopardy CTF are usually unsupervised.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariofree_multiple_choice">interactive-cyber-training-training-environment:scenario="free-multiple-choice"</h4>
<div class="paragraph">
<p>Style: Free-/Multiple Choice</p>
</div>
<div class="paragraph">
<p>Decribes the challenges within the training as Free-/Multi Choice. (can be the case with CTFs)</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenarioproblem_driven">interactive-cyber-training-training-environment:scenario="problem-driven"</h4>
<div class="paragraph">
<p>Style: Problem-Driven</p>
</div>
<div class="paragraph">
<p>Describes the challenge within the training as Problem-driven.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariostoryline_driven">interactive-cyber-training-training-environment:scenario="storyline-driven"</h4>
<div class="paragraph">
<p>Style: Storyline-Driven</p>
</div>
<div class="paragraph">
<p>Describes the challenge within the training as Storyline-driven.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_target_network">interactive-cyber-training-training-environment:scenario="challenges-target-network"</h4>
<div class="paragraph">
<p>Challenges: Network Target</p>
</div>
<div class="paragraph">
<p>The target in this challenge is network.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_target_host">interactive-cyber-training-training-environment:scenario="challenges-target-host"</h4>
<div class="paragraph">
<p>Challenges: Host Target</p>
</div>
<div class="paragraph">
<p>The target in this challenge is host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_target_application">interactive-cyber-training-training-environment:scenario="challenges-target-application"</h4>
<div class="paragraph">
<p>Challenges: Application Target</p>
</div>
<div class="paragraph">
<p>The target in this challenge is application.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_target_protocol">interactive-cyber-training-training-environment:scenario="challenges-target-protocol"</h4>
<div class="paragraph">
<p>Challenges: Protocol Target</p>
</div>
<div class="paragraph">
<p>The target in this challenge is protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_target_data">interactive-cyber-training-training-environment:scenario="challenges-target-data"</h4>
<div class="paragraph">
<p>Challenges: Data Target</p>
</div>
<div class="paragraph">
<p>The target in this challenge is data.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_target_person">interactive-cyber-training-training-environment:scenario="challenges-target-person"</h4>
<div class="paragraph">
<p>Challenges: Person Target</p>
</div>
<div class="paragraph">
<p>The target in this challenge is person.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_target_physical">interactive-cyber-training-training-environment:scenario="challenges-target-physical"</h4>
<div class="paragraph">
<p>Challenges: Physical Target</p>
</div>
<div class="paragraph">
<p>The target in this challenge is physical.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_foot_printing">interactive-cyber-training-training-environment:scenario="challenges-type-foot-printing"</h4>
<div class="paragraph">
<p>Challenges: Foot-printing Type</p>
</div>
<div class="paragraph">
<p>Foot-printing is needed to solve this challenge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_scanning">interactive-cyber-training-training-environment:scenario="challenges-type-scanning"</h4>
<div class="paragraph">
<p>Challenges: Scanning Type</p>
</div>
<div class="paragraph">
<p>Scanning is needed to solve this challenge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_enumeration">interactive-cyber-training-training-environment:scenario="challenges-type-enumeration"</h4>
<div class="paragraph">
<p>Challenges: Enumeration Type</p>
</div>
<div class="paragraph">
<p>Enumeration is needed to solve this challenge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_pivoting">interactive-cyber-training-training-environment:scenario="challenges-type-pivoting"</h4>
<div class="paragraph">
<p>Challenges: Pivoting Type</p>
</div>
<div class="paragraph">
<p>Pivoting is needed to solve this challenge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_exploitation">interactive-cyber-training-training-environment:scenario="challenges-type-exploitation"</h4>
<div class="paragraph">
<p>Challenges: Exploitation Type</p>
</div>
<div class="paragraph">
<p>Exploitation is needed to solve this challenge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_privilege_escalation">interactive-cyber-training-training-environment:scenario="challenges-type-privilege-escalation"</h4>
<div class="paragraph">
<p>Challenges: Privilege escalation Type</p>
</div>
<div class="paragraph">
<p>Privilege escalation is needed to solve this challenge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_covering_tracks">interactive-cyber-training-training-environment:scenario="challenges-type-covering-tracks"</h4>
<div class="paragraph">
<p>Challenges: Covering tracks Type</p>
</div>
<div class="paragraph">
<p>Covering tracks is needed to solve this challenge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_environmentscenariochallenges_type_maintaining">interactive-cyber-training-training-environment:scenario="challenges-type-maintaining"</h4>
<div class="paragraph">
<p>Challenges: maintaining Type</p>
</div>
<div class="paragraph">
<p>Maintaining access is needed to solve this challenge.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_interactive_cyber_training_training_setup">interactive-cyber-training-training-setup</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
interactive-cyber-training-training-setup namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/interactive-cyber-training-training-setup/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The training setup further describes the training itself with the scoring, roles, the training mode as well as the customization level.</p>
</div>
<div class="sect2">
<h3 id="_scoring">scoring</h3>
<div class="paragraph">
<p>Scoring is not only used in competition-oriented training like CTF but also to motivate participants, give feedback, track the progress. The scoring can be based, but is not limited to monitoring systems, defined objectives, or over-the-shoulder evaluation mechanisms.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupscoringno_scoring">interactive-cyber-training-training-setup:scoring="no-scoring"</h4>
<div class="paragraph">
<p>No Scoring</p>
</div>
<div class="paragraph">
<p>The training have no type of scoring.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupscoringassessment_static">interactive-cyber-training-training-setup:scoring="assessment-static"</h4>
<div class="paragraph">
<p>Assessment: Static</p>
</div>
<div class="paragraph">
<p>The scoring in this variant relies on the static setting of different scores for tasks and objectives, possibly incluing a degree of difficulty as well.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupscoringassessment_dynamic">interactive-cyber-training-training-setup:scoring="assessment-dynamic"</h4>
<div class="paragraph">
<p>Assessment: Dynamic</p>
</div>
<div class="paragraph">
<p>The scoring in this variant is set dynamically using mathematical functions or dynamic methods such as teh Elo Rating System.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupscoringawarding_manual">interactive-cyber-training-training-setup:scoring="awarding-manual"</h4>
<div class="paragraph">
<p>Awarding: Manual</p>
</div>
<div class="paragraph">
<p>Awards are given manually.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupscoringawarding_automatic">interactive-cyber-training-training-setup:scoring="awarding-automatic"</h4>
<div class="paragraph">
<p>Awarding: Automatic</p>
</div>
<div class="paragraph">
<p>Awards are given automatically.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupscoringawarding_mixed">interactive-cyber-training-training-setup:scoring="awarding-mixed"</h4>
<div class="paragraph">
<p>Awarding: Mixed</p>
</div>
<div class="paragraph">
<p>Awards are given manually and/or automatically.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_roles">roles</h3>
<div class="paragraph">
<p>Participants in a training are split in different teams, according to their skills, role and tasks.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolesno_specific_role">interactive-cyber-training-training-setup:roles="no-specific-role"</h4>
<div class="paragraph">
<p>No specific Role</p>
</div>
<div class="paragraph">
<p>Individuals who do not fit into the defined teams can be assigned to this role.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolestransparent_team_observer_watcher">interactive-cyber-training-training-setup:roles="transparent-team-observer-watcher"</h4>
<div class="paragraph">
<p>Transparent Team - Observer/Watcher</p>
</div>
<div class="paragraph">
<p>Members of this team observe the training. Usually, these people have a defined purpose, but have no influence on the training itself. Possible purposes are learning about the training topic and roles, studying strategies of participants, or supervising employees.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuproleswhite_team_trainer_instructor">interactive-cyber-training-training-setup:roles="white-team-trainer-instructor"</h4>
<div class="paragraph">
<p>White Team - Trainer/Instructor</p>
</div>
<div class="paragraph">
<p>This team consists of instructors, referees, organizers, and training managers. They design the training scenario including objectives, rules, background story, and tasks. During the training, this team controls the progress and assigns tasks to the teams. These so-called injects also include simulated media, operation coordination, or law enforcement agencies. Giving hints for the training teams could also be part of this team.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolesgreen_team_organizer_admin">interactive-cyber-training-training-setup:roles="green-team-organizer-admin"</h4>
<div class="paragraph">
<p>Green Team - Organizer/Admin</p>
</div>
<div class="paragraph">
<p>The operators that are responsible for the exercise infrastructure build this team. Before a training, this team sets up and configures the environment and takes it down afterwards. During a training, it also monitors the environments health and handles problems that may arise.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolesred_team_attacker">interactive-cyber-training-training-setup:roles="red-team-attacker"</h4>
<div class="paragraph">
<p>Red Team - Attacker</p>
</div>
<div class="paragraph">
<p>This team consists of people authorized and organized to model security adversaries. They are responsible to identify and exploit potential vulnerabilities present in the training environment. Depending on the training environment, the tasks can follow a predefined attack path.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolesblue_team_defender">interactive-cyber-training-training-setup:roles="blue-team-defender"</h4>
<div class="paragraph">
<p>Blue Team - Defender</p>
</div>
<div class="paragraph">
<p>The group of individuals that is responsible for defending the training environment. They deal with the red teams attacks and secure the compromised networks. Guidelines for that team are the training rules and local cyber law.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolesgray_team_bystander">interactive-cyber-training-training-setup:roles="gray-team-bystander"</h4>
<div class="paragraph">
<p>Gray Team - Bystander</p>
</div>
<div class="paragraph">
<p>Bystanders of a training form this team. They do not necessarily have a specific intention or purpose, but an interest in the training event itself. It is also possible that this team interacts with participants and thereby unintentionally influences the training.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolesyellow_team_insider">interactive-cyber-training-training-setup:roles="yellow-team-insider"</h4>
<div class="paragraph">
<p>Yellow Team - Insider</p>
</div>
<div class="paragraph">
<p>Members of this team perform not only tasks like generating legitimate network traffic and user behavior but also perform erroneous actions that lead to vulnerabilities and attacks. This team can also include the regular system builders, like programmers, developers, and software engineers and architects.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuprolespurple_team_bridge">interactive-cyber-training-training-setup:roles="purple-team-bridge"</h4>
<div class="paragraph">
<p>Purple Team - Bridge</p>
</div>
<div class="paragraph">
<p>In a training, this team is a bridge between red and blue teams that helps to improve the performance of both. Through joint red-blue activities it improves the scope of the training participants. Goals are to maximize the Blue Teams capability and the effectiveness of Red Teams activities.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_training_mode">training-mode</h3>
<div class="paragraph">
<p>Defines whether the training opposes singles persons, teams or groups.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuptraining_modesingle">interactive-cyber-training-training-setup:training-mode="single"</h4>
<div class="paragraph">
<p>Single</p>
</div>
<div class="paragraph">
<p>A single player plays against others. Others can be real persons, butalso scripted opponents.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuptraining_modeteam">interactive-cyber-training-training-setup:training-mode="team"</h4>
<div class="paragraph">
<p>Team</p>
</div>
<div class="paragraph">
<p>A team plays against others. In this alignments, each player can bring its expertise into the training, focussing on different aspects. Examples are Blue and Red Teams.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setuptraining_modecross_group">interactive-cyber-training-training-setup:training-mode="cross-group"</h4>
<div class="paragraph">
<p>Cross-Group</p>
</div>
<div class="paragraph">
<p>A group plays against others. In this setting, the group members might not know each other. Example are CTF competitions and training for the entire organization in a breach scenario.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_customization_level">customization-level</h3>
<div class="paragraph">
<p>Defines the level of customization of the training.</p>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupcustomization_levelgeneral">interactive-cyber-training-training-setup:customization-level="general"</h4>
<div class="paragraph">
<p>General</p>
</div>
<div class="paragraph">
<p>A general purpose training setup is not, or only little customized. This variant is suited for an entry level training or to learn about general processes without regard to the underlying setup.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupcustomization_levelspecific">interactive-cyber-training-training-setup:customization-level="specific"</h4>
<div class="paragraph">
<p>Specific</p>
</div>
<div class="paragraph">
<p>The training setup can be customized for a specific training goal or target audience. Examples for this variant are specific trainings within the High School education or for the health sector.</p>
</div>
</div>
<div class="sect3">
<h4 id="_interactive_cyber_training_training_setupcustomization_levelindividual">interactive-cyber-training-training-setup:customization-level="individual"</h4>
<div class="paragraph">
<p>Individual</p>
</div>
<div class="paragraph">
<p>The most tailored variant is an individual customization. Hereby, the training setup corresponds to a real environment in the best possible way. Exemplary uses of this variant are the training of teams in their environment or the training of new expert-level employees.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_interception_method">interception-method</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
interception-method namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/interception-method/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The interception method used to intercept traffic.</p>
</div>
<div class="sect2">
<h3 id="_man_in_the_middle">man-in-the-middle</h3>
<div class="paragraph">
<p>Interception where an attacker secretly relayed and possibly altered the communication between two parties.</p>
</div>
<div class="sect3">
<h4 id="_interception_methodman_in_the_middle">interception-method:man-in-the-middle</h4>
<div class="paragraph">
<p>Man-in-the-middle</p>
</div>
<div class="paragraph">
<p>Interception where an attacker secretly relayed and possibly altered the communication between two parties.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_man_on_the_side">man-on-the-side</h3>
<div class="paragraph">
<p>Interception where an attacker could read and send messages between two parties but not alter messages.</p>
</div>
<div class="sect3">
<h4 id="_interception_methodman_on_the_side">interception-method:man-on-the-side</h4>
<div class="paragraph">
<p>Man-on-the-side</p>
</div>
<div class="paragraph">
<p>Interception where an attacker could read and send messages between two parties but not alter messages.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_passive_2">passive</h3>
<div class="paragraph">
<p>Interception where an attacker could read messages between two parties.</p>
</div>
<div class="sect3">
<h4 id="_interception_methodpassive">interception-method:passive</h4>
<div class="paragraph">
<p>Passive</p>
</div>
<div class="paragraph">
<p>Interception where an attacker could read messages between two parties.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_search_result_poisoning">search-result-poisoning</h3>
<div class="paragraph">
<p>Interception where an attacker creates malicious websites intended to show up in search engine queries.</p>
</div>
<div class="sect3">
<h4 id="_interception_methodsearch_result_poisoning">interception-method:search-result-poisoning</h4>
<div class="paragraph">
<p>Search result poisoning</p>
</div>
<div class="paragraph">
<p>Interception where an attacker creates malicious websites intended to show up in search engine queries.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dns">dns</h3>
<div class="paragraph">
<p>Interception where domain name resolution is altered to re-direct traffic to a malicious IP address.</p>
</div>
<div class="sect3">
<h4 id="_interception_methoddns">interception-method:dns</h4>
<div class="paragraph">
<p>Dns</p>
</div>
<div class="paragraph">
<p>Interception where domain name resolution is altered to re-direct traffic to a malicious IP address.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_host_file">host-file</h3>
<div class="paragraph">
<p>Interception where the HOSTS file is modified to re-direct traffic to a malicious IP address.</p>
</div>
<div class="sect3">
<h4 id="_interception_methodhost_file">interception-method:host-file</h4>
<div class="paragraph">
<p>Host file</p>
</div>
<div class="paragraph">
<p>Interception where the HOSTS file is modified to re-direct traffic to a malicious IP address.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_7">other</h3>
<div class="paragraph">
<p>Other.</p>
</div>
<div class="sect3">
<h4 id="_interception_methodother">interception-method:other</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ioc">ioc</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ioc namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ioc/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>An IOC classification to facilitate automation of malicious and non malicious artifacts</p>
</div>
<div class="sect2">
<h3 id="_artifact_state">artifact-state</h3>
<div class="sect3">
<h4 id="_iocartifact_statemalicious">ioc:artifact-state="malicious"</h4>
<div class="paragraph">
<p>Malicious</p>
</div>
</div>
<div class="sect3">
<h4 id="_iocartifact_statenot_malicious">ioc:artifact-state="not-malicious"</h4>
<div class="paragraph">
<p>Not Malicious</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_iot">iot</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
iot namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/iot/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Internet of Things taxonomy, based on IOT UK report <a href="https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf" class="bare">https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_tcom">TCom</h3>
<div class="paragraph">
<p>IoT projects vary tremendously in terms of their technical sophistication. Digital Catapult has developed a scale based on technology complexity (TCom) that enables us to understand the state of IoT in the UK, and to assess what is currently being researched, trialled or deployed in real-life implementations.</p>
</div>
<div class="sect3">
<h4 id="_iottcom0">iot:TCom="0"</h4>
<div class="paragraph">
<p>Unidentiable object</p>
</div>
<div class="paragraph">
<p>Dumb/passive objects . Not connected, identified or monitored. Example: Any unconnected, unidentified object</p>
</div>
</div>
<div class="sect3">
<h4 id="_iottcom1">iot:TCom="1"</h4>
<div class="paragraph">
<p>Identifiable object</p>
</div>
<div class="paragraph">
<p>Identifiable dumb/passive objects with a virtual existence that can meaningfully be counted/tracked by online systems. Examples: RFID Tags, barcoded or QR-coded objects</p>
</div>
</div>
<div class="sect3">
<h4 id="_iottcom2">iot:TCom="2"</h4>
<div class="paragraph">
<p>Connected object</p>
</div>
<div class="paragraph">
<p>Connected objects . Objects linked to an IP network, with some means of reading, programming or controlling them . These should be counted as elements within the IoT universe, but they are often underused assets. Examples: Printers, doorbells, IP connected fire alarms or security systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_iottcom3">iot:TCom="3"</h4>
<div class="paragraph">
<p>Connected homogeneous object</p>
</div>
<div class="paragraph">
<p>Connected broadly homogeneous objects in a simple integrated system, whether the benefit of that system accrues to the end user or the system provider. Examples: Networks of multiple temperature sensors within a single building or campus . Environmental monitoring networks, wearable devices (such as Fitbit or other wellness technologies)</p>
</div>
</div>
<div class="sect3">
<h4 id="_iottcom4">iot:TCom="4"</h4>
<div class="paragraph">
<p>Connected heterogeneous objects</p>
</div>
<div class="paragraph">
<p>Connected heterogeneous objects in a single, integrated system . This involves taking data from a variety of sensors of different types, all deployed for the same end user or organisation to help improve processes, make better decisions or change outcomes. Examples: The deployment of a range of sensors in a care home or hospital or the combination of parking, traffic volume and traffic control data in an urban road management system</p>
</div>
</div>
<div class="sect3">
<h4 id="_iottcom5">iot:TCom="5"</h4>
<div class="paragraph">
<p>Different objects in similar domain</p>
</div>
<div class="paragraph">
<p>Different objects deployed across multiple interconnected systems for multiple organisations, in multiple locations, all within a similar domain .System supports analysis of aggregated data derived from all deployment locations. Examples: Partnering university campuses security cameras, fire alarms, temperature sensors, access control systems and energy monitoring systems integrated into a single unified control and monitoring solution</p>
</div>
</div>
<div class="sect3">
<h4 id="_iottcom6">iot:TCom="6"</h4>
<div class="paragraph">
<p>Different objects in multiple connected domains</p>
</div>
<div class="paragraph">
<p>As for TCom 5, but where multiple domains are connected . This involves gathering data from a variety of sensor types, across a variety of systems and ecosystems, and creating combined views of the data that offer new sources of value (economic or social) or where there is a high degree of automation across homogeneous systems. Examples: Smart cities where multiple organisations, or different city departments and their partners, have built applications that draw on diverse sets of data from multiple sources to develop or improve services. Such applications might include the adjustment of street lighting in response to incoming data on night-time police activity levels, or the adjustment of traffic lights in response to real-time data sources about local environment data, or current people movement data based on mobile phone location data. Or, in the second case, the automated adjustment of environmental controls across a service providers care estate based on real-time data feeds from sensors deployed in those settings .</p>
</div>
</div>
<div class="sect3">
<h4 id="_iottcom7">iot:TCom="7"</h4>
<div class="paragraph">
<p>Involves multiple ecosystems and a high degree of automation</p>
</div>
<div class="paragraph">
<p>As for TCom 6, but involving both multiple ecosystems and a high degree of automation. Examples: A smart city solution drawing data from multiple providers and sources, which is then used for automated traffic control and routing of emergency services, or the automated adjustment of traffic lights based on real-time mobile phone location data</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ssl">SSL</h3>
<div class="paragraph">
<p>A second characteristic of an IoT system concerns the inherent level of safety, privacy and security of that system. At one end of the spectrum, an IoT system may not gather data that is sensitive either in terms of safety or privacy, while at the other it may collect data about identifiable individuals or groups of individuals, involve financial transactions, or access to system data or have the ability to control objects that could compromise health, safety or security.</p>
</div>
<div class="sect3">
<h4 id="_iotssl0">iot:SSL="0"</h4>
<div class="paragraph">
<p>No data involved</p>
</div>
<div class="paragraph">
<p>No data involved, no control of the system</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotssl1">iot:SSL="1"</h4>
<div class="paragraph">
<p>No sensitive data involved</p>
</div>
<div class="paragraph">
<p>No sensitive data involved, no control of the objects in the system. Example: Wireless doorbell</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotssl2">iot:SSL="2"</h4>
<div class="paragraph">
<p>Anonymous or aggregated data</p>
</div>
<div class="paragraph">
<p>System provides anonymous, aggregated statistics, no control of the system. Example: Remote temperature sensors</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotssl3">iot:SSL="3"</h4>
<div class="paragraph">
<p>Sensitive data</p>
</div>
<div class="paragraph">
<p>System generates sensitive data or supports some degree of remote control of the system objects. Examples: Biometric data, door actuation mechanisms</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotssl4">iot:SSL="4"</h4>
<div class="paragraph">
<p>Connects with external systems</p>
</div>
<div class="paragraph">
<p>System generates sensitive data, supports some degree of remote control of the system objects and connects with external systems. Examples: Integrated facilities management systems, tele-health monitoring, security and safety systems</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dsl">DSL</h3>
<div class="paragraph">
<p>A third characteristic of IoT systems concerns the degree of sharing of sensitive data between the object and the system, and subsequently between the system and the system operator(s) or participants, and third parties. Systems do not always need to share data, so IoT product, platform, service and system designers must be clear about when data is shared, what is shared and why.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_iotdsl0">iot:DSL="0"</h4>
<div class="paragraph">
<p>No data shared</p>
</div>
<div class="paragraph">
<p>No data is shared. Examples: Simple point-to-point monitoring systems such as consumer weather stations and wireless doorbells</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotdsl1">iot:DSL="1"</h4>
<div class="paragraph">
<p>Sharing between two parties</p>
</div>
<div class="paragraph">
<p>Basic sharing between two parties: agreed sharing of sensitive data between the customer/buyer/user and the seller or provider (whether that seller or provider operates in the commercial or public sector). Examples: Cloud-based security systems, remote cameras, home monitoring systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotdsl2">iot:DSL="2"</h4>
<div class="paragraph">
<p>Third-party sharing</p>
</div>
<div class="paragraph">
<p>Third person sharing: sharing of sensitive data between the seller or provider and unrelated third parties in a commercial context. Examples: Person tracking information to support targeted marketing offers</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotdsl3">iot:DSL="3"</h4>
<div class="paragraph">
<p>Multi-domain sharing</p>
</div>
<div class="paragraph">
<p>Multi-domain and third-party sharing: sharing of sensitive data between the customer/buyer/user and multiple sellers or providers involved in delivering services, where those providers come from different ecosystems (including the commercial and public sectors). Examples: The aggregation of parking, traffic and environmental data in an urban traffic management application</p>
</div>
</div>
<div class="sect3">
<h4 id="_iotdsl4">iot:DSL="4"</h4>
<div class="paragraph">
<p>Open access to sensitive data</p>
</div>
<div class="paragraph">
<p>Open access to sensitive data, including data generated through use of public finance or infrastructure. Examples: Integration of multiple security systems in a public safety context</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_kill_chain">kill-chain</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
kill-chain namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/kill-chain/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Cyber Kill Chain, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.</p>
</div>
<div class="sect2">
<h3 id="_reconnaissance">Reconnaissance</h3>
<div class="sect3">
<h4 id="_kill_chainreconnaissance">kill-chain:Reconnaissance</h4>
<div class="paragraph">
<p>Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and mailing lists for email addresses, social relationships, or information on specific technologies.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_weaponization">Weaponization</h3>
<div class="sect3">
<h4 id="_kill_chainweaponization">kill-chain:Weaponization</h4>
<div class="paragraph">
<p>Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). Increasingly, client application data files such as Adobe Portable Document Format (PDF) or Microsoft Office documents serve as the weaponized deliverable.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_delivery">Delivery</h3>
<div class="sect3">
<h4 id="_kill_chaindelivery">kill-chain:Delivery</h4>
<div class="paragraph">
<p>Transmission of the weapon to the targeted environment. The three most prevalent delivery vectors for weaponized payloads by APT actors, as observed by the Lockheed Martin Computer Incident Response Team (LM-CIRT) for the years 2004-2010, are email attachments, websites, and USB removable media.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploitation">Exploitation</h3>
<div class="sect3">
<h4 id="_kill_chainexploitation">kill-chain:Exploitation</h4>
<div class="paragraph">
<p>After the weapon is delivered to victim host, exploitation triggers intruders' code. Most often, exploitation targets an application or operating system vulnerability, but it could also more simply exploit the users themselves or leverage an operating system feature that auto-executes code.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_installation">Installation</h3>
<div class="sect3">
<h4 id="_kill_chaininstallation">kill-chain:Installation</h4>
<div class="paragraph">
<p>Installation of a remote access trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_command_and_control">Command and Control</h3>
<div class="sect3">
<h4 id="_kill_chaincommand_and_control">kill-chain:Command and Control</h4>
<div class="paragraph">
<p>Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel. APT malware especially requires manual interaction rather than conduct activity automatically. Once the C2 channel establishes, intruders have 'hands on the keyboard' access inside the target environment.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actions_on_objectives">Actions on Objectives</h3>
<div class="sect3">
<h4 id="_kill_chainactions_on_objectives">kill-chain:Actions on Objectives</h4>
<div class="paragraph">
<p>Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_maec_delivery_vectors">maec-delivery-vectors</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
maec-delivery-vectors namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/maec-delivery-vectors/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Vectors used to deliver malware based on MAEC 5.0</p>
</div>
<div class="sect2">
<h3 id="_maec_delivery_vector">maec-delivery-vector</h3>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectoractive_attacker">maec-delivery-vectors:maec-delivery-vector="active-attacker"</h4>
<div class="paragraph">
<p>active Attacker</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorauto_executing_media">maec-delivery-vectors:maec-delivery-vector="auto-executing-media"</h4>
<div class="paragraph">
<p>auto-executing-media</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectordownloader">maec-delivery-vectors:maec-delivery-vector="downloader"</h4>
<div class="paragraph">
<p>downloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectordropper">maec-delivery-vectors:maec-delivery-vector="dropper"</h4>
<div class="paragraph">
<p>dropper</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectoremail_attachment">maec-delivery-vectors:maec-delivery-vector="email-attachment"</h4>
<div class="paragraph">
<p>email-attachment</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorexploit_kit_landing_page">maec-delivery-vectors:maec-delivery-vector="exploit-kit-landing-page"</h4>
<div class="paragraph">
<p>exploit-kit-landing-page</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorfake_website">maec-delivery-vectors:maec-delivery-vector="fake-website"</h4>
<div class="paragraph">
<p>fake-website</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorjanitor_attack">maec-delivery-vectors:maec-delivery-vector="janitor-attack"</h4>
<div class="paragraph">
<p>janitor-attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectormalicious_iframes">maec-delivery-vectors:maec-delivery-vector="malicious-iframes"</h4>
<div class="paragraph">
<p>malicious-iframes</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectormalvertising">maec-delivery-vectors:maec-delivery-vector="malvertising"</h4>
<div class="paragraph">
<p>malvertising</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectormedia_baiting">maec-delivery-vectors:maec-delivery-vector="media-baiting"</h4>
<div class="paragraph">
<p>media-baiting</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorpharming">maec-delivery-vectors:maec-delivery-vector="pharming"</h4>
<div class="paragraph">
<p>pharming</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorphishing">maec-delivery-vectors:maec-delivery-vector="phishing"</h4>
<div class="paragraph">
<p>phishing</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectortrojanized_link">maec-delivery-vectors:maec-delivery-vector="trojanized-link"</h4>
<div class="paragraph">
<p>trojanized-link</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectortrojanized_software">maec-delivery-vectors:maec-delivery-vector="trojanized-software"</h4>
<div class="paragraph">
<p>trojanized-software</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorusb_cable_syncing">maec-delivery-vectors:maec-delivery-vector="usb-cable-syncing"</h4>
<div class="paragraph">
<p>usb-cable-syncing</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_delivery_vectorsmaec_delivery_vectorwatering_hole">maec-delivery-vectors:maec-delivery-vector="watering-hole"</h4>
<div class="paragraph">
<p>watering-hole</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_maec_malware_behavior">maec-malware-behavior</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
maec-malware-behavior namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/maec-malware-behavior/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware behaviours based on MAEC 5.0</p>
</div>
<div class="sect2">
<h3 id="_maec_malware_behavior_2">maec-malware-behavior</h3>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behavioraccess_premium_service">maec-malware-behavior:maec-malware-behavior="access-premium-service"</h4>
<div class="paragraph">
<p>access-premium-service</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorautonomous_remote_infection">maec-malware-behavior:maec-malware-behavior="autonomous-remote-infection"</h4>
<div class="paragraph">
<p>autonomous-remote-infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorblock_security_websites">maec-malware-behavior:maec-malware-behavior="block-security-websites"</h4>
<div class="paragraph">
<p>block-security-websites</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_camera_input">maec-malware-behavior:maec-malware-behavior="capture-camera-input"</h4>
<div class="paragraph">
<p>capture-camera-input</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_file_system_data">maec-malware-behavior:maec-malware-behavior="capture-file-system-data"</h4>
<div class="paragraph">
<p>capture-file-system-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_gps_data">maec-malware-behavior:maec-malware-behavior="capture-gps-data"</h4>
<div class="paragraph">
<p>capture-gps-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_keyboard_input">maec-malware-behavior:maec-malware-behavior="capture-keyboard-input"</h4>
<div class="paragraph">
<p>capture-keyboard-input</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_microphone_input">maec-malware-behavior:maec-malware-behavior="capture-microphone-input"</h4>
<div class="paragraph">
<p>capture-microphone-input</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_mouse_input">maec-malware-behavior:maec-malware-behavior="capture-mouse-input"</h4>
<div class="paragraph">
<p>capture-mouse-input</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_printer_output">maec-malware-behavior:maec-malware-behavior="capture-printer-output"</h4>
<div class="paragraph">
<p>capture-printer-output</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_system_memory">maec-malware-behavior:maec-malware-behavior="capture-system-memory"</h4>
<div class="paragraph">
<p>capture-system-memory</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_system_network_traffic">maec-malware-behavior:maec-malware-behavior="capture-system-network-traffic"</h4>
<div class="paragraph">
<p>capture-system-network-traffic</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_system_screenshot">maec-malware-behavior:maec-malware-behavior="capture-system-screenshot"</h4>
<div class="paragraph">
<p>capture-system-screenshot</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcapture_touchscreen_input">maec-malware-behavior:maec-malware-behavior="capture-touchscreen-input"</h4>
<div class="paragraph">
<p>capture-touchscreen-input</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcheck_for_payload">maec-malware-behavior:maec-malware-behavior="check-for-payload"</h4>
<div class="paragraph">
<p>check-for-payload</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorclick_fraud">maec-malware-behavior:maec-malware-behavior="click-fraud"</h4>
<div class="paragraph">
<p>click-fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcompare_host_fingerprints">maec-malware-behavior:maec-malware-behavior="compare-host-fingerprints"</h4>
<div class="paragraph">
<p>compare-host-fingerprints</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcompromise_remote_machine">maec-malware-behavior:maec-malware-behavior="compromise-remote-machine"</h4>
<div class="paragraph">
<p>compromise-remote-machinen</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcontrol_local_machine_via_remote_command">maec-malware-behavior:maec-malware-behavior="control-local-machine-via-remote-command"</h4>
<div class="paragraph">
<p>control-local-machine-via-remote-command</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcontrol_malware_via_remote_command">maec-malware-behavior:maec-malware-behavior="control-malware-via-remote-command"</h4>
<div class="paragraph">
<p>control-malware-via-remote-command</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorcrack_passwords">maec-malware-behavior:maec-malware-behavior="crack-passwords"</h4>
<div class="paragraph">
<p>crack-passwords</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordefeat_call_graph_generation">maec-malware-behavior:maec-malware-behavior="defeat-call-graph-generation"</h4>
<div class="paragraph">
<p>defeat-call-graph-generation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordefeat_emulator">maec-malware-behavior:maec-malware-behavior="defeat-emulator"</h4>
<div class="paragraph">
<p>defeat-emulator</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordefeat_flow_oriented_disassembler">maec-malware-behavior:maec-malware-behavior="defeat-flow-oriented-disassembler"</h4>
<div class="paragraph">
<p>defeat-flow-oriented-disassembler</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordefeat_linear_disassembler">maec-malware-behavior:maec-malware-behavior="defeat-linear-disassembler"</h4>
<div class="paragraph">
<p>defeat-linear-disassembler</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordegrade_security_program">maec-malware-behavior:maec-malware-behavior="degrade-security-program"</h4>
<div class="paragraph">
<p>degrade-security-program</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordenial_of_service">maec-malware-behavior:maec-malware-behavior="denial-of-service"</h4>
<div class="paragraph">
<p>denial-of-service</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordestroy_hardware">maec-malware-behavior:maec-malware-behavior="destroy-hardware"</h4>
<div class="paragraph">
<p>destroy-hardware</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordetect_debugging">maec-malware-behavior:maec-malware-behavior="detect-debugging"</h4>
<div class="paragraph">
<p>detect-debugging</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordetect_emulator">maec-malware-behavior:maec-malware-behavior="detect-emulator"</h4>
<div class="paragraph">
<p>detect-emulator</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordetect_installed_analysis_tools">maec-malware-behavior:maec-malware-behavior="detect-installed-analysis-tools"</h4>
<div class="paragraph">
<p>detect-installed-analysis-tools</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordetect_installed_av_tools">maec-malware-behavior:maec-malware-behavior="detect-installed-av-tools"</h4>
<div class="paragraph">
<p>detect-installed-av-tools</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordetect_sandbox_environment">maec-malware-behavior:maec-malware-behavior="detect-sandbox-environment"</h4>
<div class="paragraph">
<p>detect-sandbox-environment</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordetect_vm_environment">maec-malware-behavior:maec-malware-behavior="detect-vm-environment"</h4>
<div class="paragraph">
<p>detect-vm-environment</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordetermine_host_ip_address">maec-malware-behavior:maec-malware-behavior="determine-host-ip-address"</h4>
<div class="paragraph">
<p>determine-host-ip-address</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_access_rights_checking">maec-malware-behavior:maec-malware-behavior="disable-access-rights-checking"</h4>
<div class="paragraph">
<p>disable-access-rights-checking</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_firewall">maec-malware-behavior:maec-malware-behavior="disable-firewall"</h4>
<div class="paragraph">
<p>disable-firewall</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_kernel_patch_protection">maec-malware-behavior:maec-malware-behavior="disable-kernel-patch-protection"</h4>
<div class="paragraph">
<p>disable-kernel-patch-protection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_os_security_alerts">maec-malware-behavior:maec-malware-behavior="disable-os-security-alerts"</h4>
<div class="paragraph">
<p>disable-os-security-alerts</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_privilege_limiting">maec-malware-behavior:maec-malware-behavior="disable-privilege-limiting"</h4>
<div class="paragraph">
<p>disable-privilege-limiting</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_service_pack_patch_installation">maec-malware-behavior:maec-malware-behavior="disable-service-pack-patch-installation"</h4>
<div class="paragraph">
<p>disable-service-pack-patch-installation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_system_file_overwrite_protection">maec-malware-behavior:maec-malware-behavior="disable-system-file-overwrite-protection"</h4>
<div class="paragraph">
<p>disable-system-file-overwrite-protection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_update_services_daemons">maec-malware-behavior:maec-malware-behavior="disable-update-services-daemons"</h4>
<div class="paragraph">
<p>disable-update-services-daemons</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordisable_user_account_control">maec-malware-behavior:maec-malware-behavior="disable-user-account-control"</h4>
<div class="paragraph">
<p>disable-user-account-control</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviordrop_retrieve_debug_log_file">maec-malware-behavior:maec-malware-behavior="drop-retrieve-debug-log-file"</h4>
<div class="paragraph">
<p>drop-retrieve-debug-log-file</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorelevate_privilege">maec-malware-behavior:maec-malware-behavior="elevate-privilege"</h4>
<div class="paragraph">
<p>elevate-privilege</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorencrypt_data">maec-malware-behavior:maec-malware-behavior="encrypt-data"</h4>
<div class="paragraph">
<p>encrypt-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorencrypt_files">maec-malware-behavior:maec-malware-behavior="encrypt-files"</h4>
<div class="paragraph">
<p>encrypt-files</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorencrypt_self">maec-malware-behavior:maec-malware-behavior="encrypt-self"</h4>
<div class="paragraph">
<p>encrypt-self</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorerase_data">maec-malware-behavior:maec-malware-behavior="erase-data"</h4>
<div class="paragraph">
<p>erase-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorevade_static_heuristic">maec-malware-behavior:maec-malware-behavior="evade-static-heuristic"</h4>
<div class="paragraph">
<p>evade-static-heuristic</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexecute_before_external_to_kernel_hypervisor">maec-malware-behavior:maec-malware-behavior="execute-before-external-to-kernel-hypervisor"</h4>
<div class="paragraph">
<p>execute-before-external-to-kernel-hypervisor</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexecute_non_main_cpu_code">maec-malware-behavior:maec-malware-behavior="execute-non-main-cpu-code"</h4>
<div class="paragraph">
<p>execute-non-main-cpu-code</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexecute_stealthy_code">maec-malware-behavior:maec-malware-behavior="execute-stealthy-code"</h4>
<div class="paragraph">
<p>execute-stealthy-code</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexfiltrate_data_via_covert_channel">maec-malware-behavior:maec-malware-behavior="exfiltrate-data-via-covert channel"</h4>
<div class="paragraph">
<p>exfiltrate-data-via-covert channel</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexfiltrate_data_viadumpster_dive">maec-malware-behavior:maec-malware-behavior="exfiltrate-data-via&#8212;&#8203;dumpster-dive"</h4>
<div class="paragraph">
<p>exfiltrate-data-via-dumpster-dives</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexfiltrate_data_via_fax">maec-malware-behavior:maec-malware-behavior="exfiltrate-data-via-fax"</h4>
<div class="paragraph">
<p>exfiltrate-data-via-fax</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexfiltrate_data_via_network">maec-malware-behavior:maec-malware-behavior="exfiltrate-data-via-network"</h4>
<div class="paragraph">
<p>exfiltrate-data-via-network</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexfiltrate_data_via_physical_media">maec-malware-behavior:maec-malware-behavior="exfiltrate-data-via-physical-media"</h4>
<div class="paragraph">
<p>exfiltrate-data-via-physical-media</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorexfiltrate_data_via_voip_phone">maec-malware-behavior:maec-malware-behavior="exfiltrate-data-via-voip-phone"</h4>
<div class="paragraph">
<p>exfiltrate-data-via-voip-phone</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorfeed_misinformation_during_physical_memory_acquisition">maec-malware-behavior:maec-malware-behavior="feed-misinformation-during-physical-memory-acquisition"</h4>
<div class="paragraph">
<p>feed-misinformation-during-physical-memory-acquisition</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorfile_system_instantiation">maec-malware-behavior:maec-malware-behavior="file-system-instantiation"</h4>
<div class="paragraph">
<p>file-system-instantiation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorfingerprint_host">maec-malware-behavior:maec-malware-behavior="fingerprint-host"</h4>
<div class="paragraph">
<p>fingerprint-host</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorgenerate_c2_domain_names">maec-malware-behavior:maec-malware-behavior="generate-c2-domain-names"</h4>
<div class="paragraph">
<p>generate-c2-domain-names</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_arbitrary_virtual_memory">maec-malware-behavior:maec-malware-behavior="hide-arbitrary-virtual-memory"</h4>
<div class="paragraph">
<p>hide-arbitrary-virtual-memory</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_data_in_other_formats">maec-malware-behavior:maec-malware-behavior="hide-data-in-other-formats"</h4>
<div class="paragraph">
<p>hide-data-in-other-formats</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_file_system_artifacts">maec-malware-behavior:maec-malware-behavior="hide-file-system-artifacts"</h4>
<div class="paragraph">
<p>hide-file-system-artifacts</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_kernel_modules">maec-malware-behavior:maec-malware-behavior="hide-kernel-modules"</h4>
<div class="paragraph">
<p>hide-kernel-modules</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_network_traffic">maec-malware-behavior:maec-malware-behavior="hide-network-traffic"</h4>
<div class="paragraph">
<p>hide-network-traffic</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_open_network_ports">maec-malware-behavior:maec-malware-behavior="hide-open-network-ports"</h4>
<div class="paragraph">
<p>hide-open-network-ports</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_processes">maec-malware-behavior:maec-malware-behavior="hide-processes"</h4>
<div class="paragraph">
<p>hide-processes</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_services">maec-malware-behavior:maec-malware-behavior="hide-services"</h4>
<div class="paragraph">
<p>hide-services</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_threads">maec-malware-behavior:maec-malware-behavior="hide-threads"</h4>
<div class="paragraph">
<p>hide-threads</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorhide_userspace_libraries">maec-malware-behavior:maec-malware-behavior="hide-userspace-libraries"</h4>
<div class="paragraph">
<p>hide-userspace-libraries</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behavioridentify_file">maec-malware-behavior:maec-malware-behavior="identify-file"</h4>
<div class="paragraph">
<p>identify-file</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behavioridentify_os">maec-malware-behavior:maec-malware-behavior="identify-os"</h4>
<div class="paragraph">
<p>identify-os</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behavioridentify_target_machines">maec-malware-behavior:maec-malware-behavior="identify-target-machines"</h4>
<div class="paragraph">
<p>identify-target-machines</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorimpersonate_user">maec-malware-behavior:maec-malware-behavior="impersonate-user"</h4>
<div class="paragraph">
<p>impersonate-user</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorinstall_backdoor">maec-malware-behavior:maec-malware-behavior="install-backdoor"</h4>
<div class="paragraph">
<p>install-backdoor</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorinstall_legitimate_software">maec-malware-behavior:maec-malware-behavior="install-legitimate-software"</h4>
<div class="paragraph">
<p>install-legitimate-software</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorinstall_secondary_malware">maec-malware-behavior:maec-malware-behavior="install-secondary-malware"</h4>
<div class="paragraph">
<p>install-secondary-malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorinstall_secondary_module">maec-malware-behavior:maec-malware-behavior="install-secondary-module"</h4>
<div class="paragraph">
<p>install-secondary-module</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorintercept_manipulate_network_traffic">maec-malware-behavior:maec-malware-behavior="intercept-manipulate-network-traffic"</h4>
<div class="paragraph">
<p>intercept-manipulate-network-traffic</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorinventory_security_products">maec-malware-behavior:maec-malware-behavior="inventory-security-products"</h4>
<div class="paragraph">
<p>inventory-security-products</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorinventory_system_applications">maec-malware-behavior:maec-malware-behavior="inventory-system-applications"</h4>
<div class="paragraph">
<p>inventory-system-applications</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorinventory_victims">maec-malware-behavior:maec-malware-behavior="inventory-victims"</h4>
<div class="paragraph">
<p>inventory-victims</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorlimit_application_type_version">maec-malware-behavior:maec-malware-behavior="limit-application-type-version"</h4>
<div class="paragraph">
<p>limit-application-type-version</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorlog_activity">maec-malware-behavior:maec-malware-behavior="log-activity"</h4>
<div class="paragraph">
<p>log-activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviormanipulate_file_system_data">maec-malware-behavior:maec-malware-behavior="manipulate-file-system-data"</h4>
<div class="paragraph">
<p>manipulate-file-system-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviormap_local_network">maec-malware-behavior:maec-malware-behavior="map-local-network"</h4>
<div class="paragraph">
<p>map-local-network</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviormine_for_cryptocurrency">maec-malware-behavior:maec-malware-behavior="mine-for-cryptocurrency"</h4>
<div class="paragraph">
<p>mine-for-cryptocurrency</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviormodify_file">maec-malware-behavior:maec-malware-behavior="modify-file"</h4>
<div class="paragraph">
<p>modify-file</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviormodify_security_software_configuration">maec-malware-behavior:maec-malware-behavior="modify-security-software-configuration"</h4>
<div class="paragraph">
<p>modify-security-software-configuration</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviormove_data_to_staging_server">maec-malware-behavior:maec-malware-behavior="move-data-to-staging-server"</h4>
<div class="paragraph">
<p>move-data-to-staging-server</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorobfuscate_artifact_properties">maec-malware-behavior:maec-malware-behavior="obfuscate-artifact-properties"</h4>
<div class="paragraph">
<p>obfuscate-artifact-properties</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behavioroverload_sandbox">maec-malware-behavior:maec-malware-behavior="overload-sandbox"</h4>
<div class="paragraph">
<p>overload-sandbox</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorpackage_data">maec-malware-behavior:maec-malware-behavior="package-data"</h4>
<div class="paragraph">
<p>package-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorpersist_after_hardware_changes">maec-malware-behavior:maec-malware-behavior="persist-after-hardware-changes"</h4>
<div class="paragraph">
<p>persist-after-hardware-changes</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorpersist_after_os_changes">maec-malware-behavior:maec-malware-behavior="persist-after-os-changes"</h4>
<div class="paragraph">
<p>persist-after-os-changes</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorpersist_after_system_reboot">maec-malware-behavior:maec-malware-behavior="persist-after-system-reboot"</h4>
<div class="paragraph">
<p>persist-after-system-reboot</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_api_unhooking">maec-malware-behavior:maec-malware-behavior="prevent-api-unhooking"</h4>
<div class="paragraph">
<p>prevent-api-unhooking</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_concurrent_execution">maec-malware-behavior:maec-malware-behavior="prevent-concurrent-execution"</h4>
<div class="paragraph">
<p>prevent-concurrent-execution</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_debugging">maec-malware-behavior:maec-malware-behavior="prevent-debugging"</h4>
<div class="paragraph">
<p>prevent-debugging</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_file_access">maec-malware-behavior:maec-malware-behavior="prevent-file-access"</h4>
<div class="paragraph">
<p>prevent-file-access</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_file_deletion">maec-malware-behavior:maec-malware-behavior="prevent-file-deletion"</h4>
<div class="paragraph">
<p>prevent-file-deletion</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_memory_access">maec-malware-behavior:maec-malware-behavior="prevent-memory-access"</h4>
<div class="paragraph">
<p>prevent-memory-access</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_native_api_hooking">maec-malware-behavior:maec-malware-behavior="prevent-native-api-hooking"</h4>
<div class="paragraph">
<p>prevent-native-api-hooking</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_physical_memory_acquisition">maec-malware-behavior:maec-malware-behavior="prevent-physical-memory-acquisition"</h4>
<div class="paragraph">
<p>prevent-physical-memory-acquisition</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_registry_access">maec-malware-behavior:maec-malware-behavior="prevent-registry-access"</h4>
<div class="paragraph">
<p>prevent-registry-access</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_registry_deletion">maec-malware-behavior:maec-malware-behavior="prevent-registry-deletion"</h4>
<div class="paragraph">
<p>prevent-registry-deletion</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorprevent_security_software_from_executing">maec-malware-behavior:maec-malware-behavior="prevent-security-software-from-executing"</h4>
<div class="paragraph">
<p>prevent-security-software-from-executing</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorre_instantiate_self">maec-malware-behavior:maec-malware-behavior="re-instantiate-self"</h4>
<div class="paragraph">
<p>re-instantiate-self</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorremove_self">maec-malware-behavior:maec-malware-behavior="remove-self"</h4>
<div class="paragraph">
<p>remove-self</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorremove_sms_warning_messages">maec-malware-behavior:maec-malware-behavior="remove-sms-warning-messages"</h4>
<div class="paragraph">
<p>remove-sms-warning-messages</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorremove_system_artifacts">maec-malware-behavior:maec-malware-behavior="remove-system-artifacts"</h4>
<div class="paragraph">
<p>remove-system-artifacts</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorrequest_email_address_list">maec-malware-behavior:maec-malware-behavior="request-email-address-list"</h4>
<div class="paragraph">
<p>request-email-address-list</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorrequest_email_template">maec-malware-behavior:maec-malware-behavior="request-email-template"</h4>
<div class="paragraph">
<p>request-email-template</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsearch_for_remote_machines">maec-malware-behavior:maec-malware-behavior="search-for-remote-machines"</h4>
<div class="paragraph">
<p>search-for-remote-machines</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsend_beacon">maec-malware-behavior:maec-malware-behavior="send-beacon"</h4>
<div class="paragraph">
<p>send-beacon</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsend_email_message">maec-malware-behavior:maec-malware-behavior="send-email-message"</h4>
<div class="paragraph">
<p>send-email-message</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsocial_engineering_based_remote_infection">maec-malware-behavior:maec-malware-behavior="social-engineering-based-remote-infection"</h4>
<div class="paragraph">
<p>social-engineering-based-remote-infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_browser_cache">maec-malware-behavior:maec-malware-behavior="steal-browser-cache"</h4>
<div class="paragraph">
<p>steal-browser-cache</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_browser_cookies">maec-malware-behavior:maec-malware-behavior="steal-browser-cookies"</h4>
<div class="paragraph">
<p>steal-browser-cookies</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_browser_history">maec-malware-behavior:maec-malware-behavior="steal-browser-history"</h4>
<div class="paragraph">
<p>steal-browser-history</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_contact_list_data">maec-malware-behavior:maec-malware-behavior="steal-contact-list-data"</h4>
<div class="paragraph">
<p>steal-contact-list-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_cryptocurrency_data">maec-malware-behavior:maec-malware-behavior="steal-cryptocurrency-data"</h4>
<div class="paragraph">
<p>steal-cryptocurrency-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_database_content">maec-malware-behavior:maec-malware-behavior="steal-database-content"</h4>
<div class="paragraph">
<p>steal-database-content</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_dialed_phone_numbers">maec-malware-behavior:maec-malware-behavior="steal-dialed-phone-numbers"</h4>
<div class="paragraph">
<p>steal-dialed-phone-numbers</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_digital_certificates">maec-malware-behavior:maec-malware-behavior="steal-digital-certificates"</h4>
<div class="paragraph">
<p>steal-digital-certificates</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_documents">maec-malware-behavior:maec-malware-behavior="steal-documents"</h4>
<div class="paragraph">
<p>steal-documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_email_data">maec-malware-behavior:maec-malware-behavior="steal-email-data"</h4>
<div class="paragraph">
<p>steal-email-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_images">maec-malware-behavior:maec-malware-behavior="steal-images"</h4>
<div class="paragraph">
<p>steal-images</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_password_hashes">maec-malware-behavior:maec-malware-behavior="steal-password-hashes"</h4>
<div class="paragraph">
<p>steal-password-hashes</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_pki_key">maec-malware-behavior:maec-malware-behavior="steal-pki-key"</h4>
<div class="paragraph">
<p>steal-pki-key</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_referrer_urls">maec-malware-behavior:maec-malware-behavior="steal-referrer-urls"</h4>
<div class="paragraph">
<p>steal-referrer-urls</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_serial_numbers">maec-malware-behavior:maec-malware-behavior="steal-serial-numbers"</h4>
<div class="paragraph">
<p>steal-serial-numbers</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_sms_database">maec-malware-behavior:maec-malware-behavior="steal-sms-database"</h4>
<div class="paragraph">
<p>steal-sms-database</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsteal_web_network_credential">maec-malware-behavior:maec-malware-behavior="steal-web-network-credential"</h4>
<div class="paragraph">
<p>steal-web-network-credential</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorstop_execution_of_security_software">maec-malware-behavior:maec-malware-behavior="stop-execution-of-security-software"</h4>
<div class="paragraph">
<p>stop-execution-of-security-software</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorsuicide_exit">maec-malware-behavior:maec-malware-behavior="suicide-exit"</h4>
<div class="paragraph">
<p>suicide-exit</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviortest_for_firewall">maec-malware-behavior:maec-malware-behavior="test-for-firewall"</h4>
<div class="paragraph">
<p>test-for-firewall</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviortest_for_internet_connectivity">maec-malware-behavior:maec-malware-behavior="test-for-internet-connectivity"</h4>
<div class="paragraph">
<p>test-for-internet-connectivity</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviortest_for_network_drives">maec-malware-behavior:maec-malware-behavior="test-for-network-drives"</h4>
<div class="paragraph">
<p>test-for-network-drives</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviortest_for_proxy">maec-malware-behavior:maec-malware-behavior="test-for-proxy"</h4>
<div class="paragraph">
<p>test-for-proxy</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviortest_smtp_connection">maec-malware-behavior:maec-malware-behavior="test-smtp-connection"</h4>
<div class="paragraph">
<p>test-smtp-connection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorupdate_configuration">maec-malware-behavior:maec-malware-behavior="update-configuration"</h4>
<div class="paragraph">
<p>update-configuration</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorvalidate_data">maec-malware-behavior:maec-malware-behavior="validate-data"</h4>
<div class="paragraph">
<p>validate-data</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_behaviormaec_malware_behaviorwrite_code_into_file">maec-malware-behavior:maec-malware-behavior="write-code-into-file"</h4>
<div class="paragraph">
<p>write-code-into-file</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_maec_malware_capabilities">maec-malware-capabilities</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
maec-malware-capabilities namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/maec-malware-capabilities/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Capabilities based on MAEC 5.0</p>
</div>
<div class="sect2">
<h3 id="_maec_malware_capability">maec-malware-capability</h3>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_behavioral_analysis">maec-malware-capabilities:maec-malware-capability="anti-behavioral-analysis"</h4>
<div class="paragraph">
<p>anti-behavioral-analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_code_analysis">maec-malware-capabilities:maec-malware-capability="anti-code-analysis"</h4>
<div class="paragraph">
<p>anti-code-analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_detection">maec-malware-capabilities:maec-malware-capability="anti-detection"</h4>
<div class="paragraph">
<p>anti-detection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_removal">maec-malware-capabilities:maec-malware-capability="anti-removal"</h4>
<div class="paragraph">
<p>anti-removal</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityavailability_violation">maec-malware-capabilities:maec-malware-capability="availability-violation"</h4>
<div class="paragraph">
<p>availability-violation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitycollection">maec-malware-capabilities:maec-malware-capability="collection"</h4>
<div class="paragraph">
<p>collection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitycommand_and_control">maec-malware-capabilities:maec-malware-capability="command-and-control"</h4>
<div class="paragraph">
<p>command-and-control</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitydata_theft">maec-malware-capabilities:maec-malware-capability="data-theft"</h4>
<div class="paragraph">
<p>data-theft</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitydestruction">maec-malware-capabilities:maec-malware-capability="destruction"</h4>
<div class="paragraph">
<p>destruction</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitydiscovery">maec-malware-capabilities:maec-malware-capability="discovery"</h4>
<div class="paragraph">
<p>discovery</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityexfiltration">maec-malware-capabilities:maec-malware-capability="exfiltration"</h4>
<div class="paragraph">
<p>exfiltration</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityfraud">maec-malware-capabilities:maec-malware-capability="fraud"</h4>
<div class="paragraph">
<p>fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityinfection_propagation">maec-malware-capabilities:maec-malware-capability="infection-propagation"</h4>
<div class="paragraph">
<p>infection-propagation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityintegrity_violation">maec-malware-capabilities:maec-malware-capability="integrity-violation"</h4>
<div class="paragraph">
<p>integrity-violation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitymachine_access_control">maec-malware-capabilities:maec-malware-capability="machine-access-control"</h4>
<div class="paragraph">
<p>machine-access-control</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitypersistence">maec-malware-capabilities:maec-malware-capability="persistence"</h4>
<div class="paragraph">
<p>persistence</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityprivilege_escalation">maec-malware-capabilities:maec-malware-capability="privilege-escalation"</h4>
<div class="paragraph">
<p>privilege-escalation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysecondary_operation">maec-malware-capabilities:maec-malware-capability="secondary-operation"</h4>
<div class="paragraph">
<p>secondary-operation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysecurity_degradation">maec-malware-capabilities:maec-malware-capability="security-degradation"</h4>
<div class="paragraph">
<p>security-degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityaccess_control_degradation">maec-malware-capabilities:maec-malware-capability="access-control-degradation"</h4>
<div class="paragraph">
<p>access-control-degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_debugging">maec-malware-capabilities:maec-malware-capability="anti-debugging"</h4>
<div class="paragraph">
<p>anti-debugging</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_disassembly">maec-malware-capabilities:maec-malware-capability="anti-disassembly"</h4>
<div class="paragraph">
<p>anti-disassembly</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_emulation">maec-malware-capabilities:maec-malware-capability="anti-emulation"</h4>
<div class="paragraph">
<p>anti-emulation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_memory_forensics">maec-malware-capabilities:maec-malware-capability="anti-memory-forensics"</h4>
<div class="paragraph">
<p>anti-memory-forensics</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_sandbox">maec-malware-capabilities:maec-malware-capability="anti-sandbox"</h4>
<div class="paragraph">
<p>anti-sandbox</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_virus_evasion">maec-malware-capabilities:maec-malware-capability="anti-virus-evasion"</h4>
<div class="paragraph">
<p>anti-virus-evasion</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityanti_vm">maec-malware-capabilities:maec-malware-capability="anti-vm"</h4>
<div class="paragraph">
<p>anti-vm</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityauthentication_credentials_theft">maec-malware-capabilities:maec-malware-capability="authentication-credentials-theft"</h4>
<div class="paragraph">
<p>authentication-credentials-theft</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityclean_traces_of_infection">maec-malware-capabilities:maec-malware-capability="clean-traces-of-infection"</h4>
<div class="paragraph">
<p>clean-traces-of-infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitycommunicate_with_c2_server">maec-malware-capabilities:maec-malware-capability="communicate-with-c2-server"</h4>
<div class="paragraph">
<p>communicate-with-c2-server</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitycompromise_data_availability">maec-malware-capabilities:maec-malware-capability="compromise-data-availability"</h4>
<div class="paragraph">
<p>compromise-data-availability</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitycompromise_system_availability">maec-malware-capabilities:maec-malware-capability="compromise-system-availability"</h4>
<div class="paragraph">
<p>compromise-system-availability</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityconsume_system_resources">maec-malware-capabilities:maec-malware-capability="consume-system-resources"</h4>
<div class="paragraph">
<p>consume-system-resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitycontinuous_execution">maec-malware-capabilities:maec-malware-capability="continuous-execution"</h4>
<div class="paragraph">
<p>continuous-execution</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitydata_integrity_violation">maec-malware-capabilities:maec-malware-capability="data-integrity-violation"</h4>
<div class="paragraph">
<p>data-integrity-violation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitydata_obfuscation">maec-malware-capabilities:maec-malware-capability="data-obfuscation"</h4>
<div class="paragraph">
<p>data-obfuscation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitydata_staging">maec-malware-capabilities:maec-malware-capability="data-staging"</h4>
<div class="paragraph">
<p>data-staging</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitydetermine_c2_server">maec-malware-capabilities:maec-malware-capability="determine-c2-server"</h4>
<div class="paragraph">
<p>determine-c2-server</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityemail_spam">maec-malware-capabilities:maec-malware-capability="email-spam"</h4>
<div class="paragraph">
<p>email-spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityensure_compatibility">maec-malware-capabilities:maec-malware-capability="ensure-compatibility"</h4>
<div class="paragraph">
<p>ensure-compatibility</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityenvironment_awareness">maec-malware-capabilities:maec-malware-capability="environment-awareness"</h4>
<div class="paragraph">
<p>environment-awareness</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityfile_infection">maec-malware-capabilities:maec-malware-capability="file-infection"</h4>
<div class="paragraph">
<p>file-infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityhide_artifacts">maec-malware-capabilities:maec-malware-capability="hide-artifacts"</h4>
<div class="paragraph">
<p>hide-artifacts</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityhide_executing_code">maec-malware-capabilities:maec-malware-capability="hide-executing-code"</h4>
<div class="paragraph">
<p>hide-executing-code</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityhide_non_executing_code">maec-malware-capabilities:maec-malware-capability="hide-non-executing-code"</h4>
<div class="paragraph">
<p>hide-non-executing-code</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityhost_configuration_probing">maec-malware-capabilities:maec-malware-capability="host-configuration-probing"</h4>
<div class="paragraph">
<p>host-configuration-probing</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityinformation_gathering_for_improvement">maec-malware-capabilities:maec-malware-capability="information-gathering-for-improvement"</h4>
<div class="paragraph">
<p>information-gathering-for-improvement</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityinput_peripheral_capture">maec-malware-capabilities:maec-malware-capability="input-peripheral-capture"</h4>
<div class="paragraph">
<p>input-peripheral-capture</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityinstall_other_components">maec-malware-capabilities:maec-malware-capability="install-other-components"</h4>
<div class="paragraph">
<p>install-other-components</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitylocal_machine_control">maec-malware-capabilities:maec-malware-capability="local-machine-control"</h4>
<div class="paragraph">
<p>local-machine-control</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitynetwork_environment_probing">maec-malware-capabilities:maec-malware-capability="network-environment-probing"</h4>
<div class="paragraph">
<p>network-environment-probing</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityos_security_feature_degradation">maec-malware-capabilities:maec-malware-capability="os-security-feature-degradation"</h4>
<div class="paragraph">
<p>os-security-feature-degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityoutput_peripheral_capture">maec-malware-capabilities:maec-malware-capability="output-peripheral-capture"</h4>
<div class="paragraph">
<p>output-peripheral-capture</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityphysical_entity_destruction">maec-malware-capabilities:maec-malware-capability="physical-entity-destruction"</h4>
<div class="paragraph">
<p>physical-entity-destruction</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityprevent_artifact_access">maec-malware-capabilities:maec-malware-capability="prevent-artifact-access"</h4>
<div class="paragraph">
<p>prevent-artifact-access</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityprevent_artifact_deletion">maec-malware-capabilities:maec-malware-capability="prevent-artifact-deletion"</h4>
<div class="paragraph">
<p>prevent-artifact-deletion</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityremote_machine_access">maec-malware-capabilities:maec-malware-capability="remote-machine-access"</h4>
<div class="paragraph">
<p>remote-machine-access</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysecurity_software_degradation">maec-malware-capabilities:maec-malware-capability="security-software-degradation"</h4>
<div class="paragraph">
<p>security-software-degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysecurity_software_evasion">maec-malware-capabilities:maec-malware-capability="security-software-evasion"</h4>
<div class="paragraph">
<p>security-software-evasion</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityself_modification">maec-malware-capabilities:maec-malware-capability="self-modification"</h4>
<div class="paragraph">
<p>self-modification</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityservice_provider_security_feature_degradation">maec-malware-capabilities:maec-malware-capability="service-provider-security-feature-degradation"</h4>
<div class="paragraph">
<p>service-provider-security-feature-degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitystored_information_theft">maec-malware-capabilities:maec-malware-capability="stored-information-theft"</h4>
<div class="paragraph">
<p>stored-information-theft</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysystem_interface_data_capture">maec-malware-capabilities:maec-malware-capability="system-interface-data-capture"</h4>
<div class="paragraph">
<p>system-interface-data-capture</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysystem_operational_integrity_violation">maec-malware-capabilities:maec-malware-capability="system-operational-integrity-violation"</h4>
<div class="paragraph">
<p>system-operational-integrity-violation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysystem_re_infection">maec-malware-capabilities:maec-malware-capability="system-re-infection"</h4>
<div class="paragraph">
<p>system-re-infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysystem_state_data_capture">maec-malware-capabilities:maec-malware-capability="system-state-data-capture"</h4>
<div class="paragraph">
<p>system-state-data-capture</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilitysystem_update_degradation">maec-malware-capabilities:maec-malware-capability="system-update-degradation"</h4>
<div class="paragraph">
<p>system-update-degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityuser_data_theft">maec-malware-capabilities:maec-malware-capability="user-data-theft"</h4>
<div class="paragraph">
<p>user-data-theft</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_capabilitiesmaec_malware_capabilityvirtual_entity_destruction">maec-malware-capabilities:maec-malware-capability="virtual-entity-destruction"</h4>
<div class="paragraph">
<p>virtual-entity-destruction</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_maec_malware_obfuscation_methods">maec-malware-obfuscation-methods</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
maec-malware-obfuscation-methods namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/maec-malware-obfuscation-methods/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Obfuscation methods used by malware based on MAEC 5.0</p>
</div>
<div class="sect2">
<h3 id="_maec_obfuscation_methods">maec-obfuscation-methods</h3>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodspacking">maec-malware-obfuscation-methods:maec-obfuscation-methods="packing"</h4>
<div class="paragraph">
<p>packing</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodscode_encryption">maec-malware-obfuscation-methods:maec-obfuscation-methods="code-encryption"</h4>
<div class="paragraph">
<p>code-encryption</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodsdead_code_insertion">maec-malware-obfuscation-methods:maec-obfuscation-methods="dead-code-insertion"</h4>
<div class="paragraph">
<p>dead-code-insertion</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodsentry_point_obfuscation">maec-malware-obfuscation-methods:maec-obfuscation-methods="entry-point-obfuscation"</h4>
<div class="paragraph">
<p>entry-point-obfuscation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodsimport_address_table_obfuscation">maec-malware-obfuscation-methods:maec-obfuscation-methods="import-address-table-obfuscation"</h4>
<div class="paragraph">
<p>import-address-table-obfuscation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodsinterleaving_code">maec-malware-obfuscation-methods:maec-obfuscation-methods="interleaving-code"</h4>
<div class="paragraph">
<p>interleaving-code</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodssymbolic_obfuscation">maec-malware-obfuscation-methods:maec-obfuscation-methods="symbolic-obfuscation"</h4>
<div class="paragraph">
<p>symbolic-obfuscation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodsstring_obfuscation">maec-malware-obfuscation-methods:maec-obfuscation-methods="string-obfuscation"</h4>
<div class="paragraph">
<p>string-obfuscation</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodssubroutine_reordering">maec-malware-obfuscation-methods:maec-obfuscation-methods="subroutine-reordering"</h4>
<div class="paragraph">
<p>subroutine-reordering</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodscode_transposition">maec-malware-obfuscation-methods:maec-obfuscation-methods="code-transposition"</h4>
<div class="paragraph">
<p>code-transposition</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodsinstruction_substitution">maec-malware-obfuscation-methods:maec-obfuscation-methods="instruction-substitution"</h4>
<div class="paragraph">
<p>instruction-substitution</p>
</div>
</div>
<div class="sect3">
<h4 id="_maec_malware_obfuscation_methodsmaec_obfuscation_methodsregister_reassignment">maec-malware-obfuscation-methods:maec-obfuscation-methods="register-reassignment"</h4>
<div class="paragraph">
<p>register-reassignment</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_malware_classification">malware_classification</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
malware_classification namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/malware_classification/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification based on different categories. Based on <a href="https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848" class="bare">https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848</a></p>
</div>
<div class="sect2">
<h3 id="_malware_category_2">malware-category</h3>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryvirus">malware_classification:malware-category="Virus"</h4>
<div class="paragraph">
<p>Virus</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryworm">malware_classification:malware-category="Worm"</h4>
<div class="paragraph">
<p>Worm</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categorytrojan">malware_classification:malware-category="Trojan"</h4>
<div class="paragraph">
<p>Trojan</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryransomware">malware_classification:malware-category="Ransomware"</h4>
<div class="paragraph">
<p>Ransomware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryrootkit">malware_classification:malware-category="Rootkit"</h4>
<div class="paragraph">
<p>Rootkit</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categorydownloader">malware_classification:malware-category="Downloader"</h4>
<div class="paragraph">
<p>Downloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryadware">malware_classification:malware-category="Adware"</h4>
<div class="paragraph">
<p>Adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryspyware">malware_classification:malware-category="Spyware"</h4>
<div class="paragraph">
<p>Spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categorybotnet">malware_classification:malware-category="Botnet"</h4>
<div class="paragraph">
<p>Botnet</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_obfuscation_technique">obfuscation-technique</h3>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniqueno_obfuscation">malware_classification:obfuscation-technique="no-obfuscation"</h4>
<div class="paragraph">
<p>No obfuscation is used</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniqueencryption">malware_classification:obfuscation-technique="encryption"</h4>
<div class="paragraph">
<p>encryption</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniqueoligomorphism">malware_classification:obfuscation-technique="oligomorphism"</h4>
<div class="paragraph">
<p>oligomorphism</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniquemetamorphism">malware_classification:obfuscation-technique="metamorphism"</h4>
<div class="paragraph">
<p>metamorphism</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniquestealth">malware_classification:obfuscation-technique="stealth"</h4>
<div class="paragraph">
<p>stealth</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniquearmouring">malware_classification:obfuscation-technique="armouring"</h4>
<div class="paragraph">
<p>armouring</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniquetunneling">malware_classification:obfuscation-technique="tunneling"</h4>
<div class="paragraph">
<p>tunneling</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniquexor">malware_classification:obfuscation-technique="XOR"</h4>
<div class="paragraph">
<p>XOR</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniquebase64">malware_classification:obfuscation-technique="BASE64"</h4>
<div class="paragraph">
<p>BASE64</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationobfuscation_techniquerot13">malware_classification:obfuscation-technique="ROT13"</h4>
<div class="paragraph">
<p>ROT13</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_payload_classification">payload-classification</h3>
<div class="sect3">
<h4 id="_malware_classificationpayload_classificationno_payload">malware_classification:payload-classification="no-payload"</h4>
<div class="paragraph">
<p>No payload</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationpayload_classificationnon_destructive">malware_classification:payload-classification="non-destructive"</h4>
<div class="paragraph">
<p>Non-Destructive</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationpayload_classificationdestructive">malware_classification:payload-classification="destructive"</h4>
<div class="paragraph">
<p>Destructive</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationpayload_classificationdropper">malware_classification:payload-classification="dropper"</h4>
<div class="paragraph">
<p>Dropper</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_memory_classification">memory-classification</h3>
<div class="sect3">
<h4 id="_malware_classificationmemory_classificationresident">malware_classification:memory-classification="resident"</h4>
<div class="paragraph">
<p>In memory</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmemory_classificationtemporary_resident">malware_classification:memory-classification="temporary-resident"</h4>
<div class="paragraph">
<p>In memory temporarily</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmemory_classificationswapping_mode">malware_classification:memory-classification="swapping-mode"</h4>
<div class="paragraph">
<p>Only a part loaded in memory temporarily</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmemory_classificationnon_resident">malware_classification:memory-classification="non-resident"</h4>
<div class="paragraph">
<p>Not in memory</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmemory_classificationuser_process">malware_classification:memory-classification="user-process"</h4>
<div class="paragraph">
<p>As a user level process</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmemory_classificationkernel_process">malware_classification:memory-classification="kernel-process"</h4>
<div class="paragraph">
<p>As a process in the kernel</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_misinformation_website_label">misinformation-website-label</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
misinformation-website-label namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/misinformation-website-label/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical News Sources by Melissa Zimdars 2019</p>
</div>
<div class="sect2">
<h3 id="_fake_news">fake-news</h3>
<div class="paragraph">
<p>Sources that fabricate information, disseminate deceptive content, or grossly distort actual news reports</p>
</div>
</div>
<div class="sect2">
<h3 id="_satire">satire</h3>
<div class="paragraph">
<p>Sources that use humor, irony, exaggeration, ridicule, and false information to comment current events</p>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelsatirehumor">misinformation-website-label:satire="humor"</h4>
<div class="paragraph">
<p>Humor</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelsatireirony">misinformation-website-label:satire="irony"</h4>
<div class="paragraph">
<p>Irony</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelsatireexaggeration">misinformation-website-label:satire="exaggeration"</h4>
<div class="paragraph">
<p>Exaggeration</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelsatirefalse_information">misinformation-website-label:satire="false-information"</h4>
<div class="paragraph">
<p>False information</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_extreme_bias">extreme-bias</h3>
<div class="paragraph">
<p>Sources that come from a particular point of view and may rely on propaganda, decontextualized information, opinions distorded as facts</p>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelextreme_biaspropaganda">misinformation-website-label:extreme-bias="propaganda"</h4>
<div class="paragraph">
<p>Propaganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelextreme_biasdecontextualized_information">misinformation-website-label:extreme-bias="decontextualized-information"</h4>
<div class="paragraph">
<p>Decontextualized Information</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelextreme_biasopinions_distorded_as_facts">misinformation-website-label:extreme-bias="opinions-distorded-as-facts"</h4>
<div class="paragraph">
<p>Opinions distorded as facts</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_conspiracy">conspiracy</h3>
<div class="paragraph">
<p>Sources that are well-known promoters of kooky conspiracy theories. Ex: 9/11 conspiracies, chem-trails, lizard people in the sewer systems, birther rumors, flat earth theory fluoride as mind control, vaccines as mind control etc</p>
</div>
</div>
<div class="sect2">
<h3 id="_rumor">rumor</h3>
<div class="paragraph">
<p>Sources that traffic in rumors, gossip, innuendo, unverified claims</p>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelrumorrumors">misinformation-website-label:rumor="rumors"</h4>
<div class="paragraph">
<p>Rumors</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelrumorgossip">misinformation-website-label:rumor="gossip"</h4>
<div class="paragraph">
<p>Gossip</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelrumorinnuendo">misinformation-website-label:rumor="innuendo"</h4>
<div class="paragraph">
<p>Innuendo</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelrumorunverified_claims">misinformation-website-label:rumor="unverified-claims"</h4>
<div class="paragraph">
<p>Unverified Claims</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_news">state-news</h3>
<div class="paragraph">
<p>Sources in repressive states operating under government sanction</p>
</div>
</div>
<div class="sect2">
<h3 id="_junk_sciences">junk-sciences</h3>
<div class="paragraph">
<p>Sources that promotes pseudo-sciences, metaphysics, naturalistic fallacies, and other scientificallt dubious claims</p>
</div>
</div>
<div class="sect2">
<h3 id="_hate_news">hate-news</h3>
<div class="paragraph">
<p>Sources that promote racism, misogyny, homophobia, and other forms of discrimination</p>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelhate_newsracism">misinformation-website-label:hate-news="racism"</h4>
<div class="paragraph">
<p>Racism</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelhate_newsmisogyny">misinformation-website-label:hate-news="misogyny"</h4>
<div class="paragraph">
<p>Misogyny</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelhate_newshomophobia">misinformation-website-label:hate-news="homophobia"</h4>
<div class="paragraph">
<p>Homophobia</p>
</div>
</div>
<div class="sect3">
<h4 id="_misinformation_website_labelhate_newsdiscrimination_other">misinformation-website-label:hate-news="discrimination-other"</h4>
<div class="paragraph">
<p>Discrimination other</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_clickbait">clickbait</h3>
<div class="paragraph">
<p>Sources that provide generally credible content, but use exaggerated, misleading, OR questionable headlines, social media descriptions, and/or images. These sources may also use sensational language to generate interest, clickthroughs, and shares, but their content is typically verifiable</p>
</div>
</div>
<div class="sect2">
<h3 id="_proceed_with_caution">proceed-with-caution</h3>
<div class="paragraph">
<p>Sources that may be reliable but whose contents require further verification or to be read in conjunction with other sources</p>
</div>
</div>
<div class="sect2">
<h3 id="_political">political</h3>
<div class="paragraph">
<p>Sources that provide generally verifiable information in support of certain points of view or political orientations</p>
</div>
</div>
<div class="sect2">
<h3 id="_credible">credible</h3>
<div class="paragraph">
<p>Sources that circulate news and information in a manner consistent with traditional and ethical practices in journalism</p>
</div>
</div>
<div class="sect2">
<h3 id="_unknown">unknown</h3>
<div class="paragraph">
<p>Sources that have not yet been analyzed (many of these were suggested by readers/users or are found on other lists and resources).</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_misp">misp</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
misp namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/misp/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>MISP taxonomy to infer with MISP behavior or operation.</p>
</div>
<div class="sect2">
<h3 id="_ui">ui</h3>
<div class="sect3">
<h4 id="_mispuihide">misp:ui="hide"</h4>
<div class="paragraph">
<p>tag to hide from the user-interface.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_api">api</h3>
<div class="sect3">
<h4 id="_mispapihide">misp:api="hide"</h4>
<div class="paragraph">
<p>tag to hide from the API.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_expansion">expansion</h3>
<div class="paragraph">
<p>Expansion tag incluencing the MISP behavior using expansion modules</p>
</div>
<div class="sect3">
<h4 id="_mispexpansionblock">misp:expansion="block"</h4>
<div class="paragraph">
<p>block</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_contributor">contributor</h3>
<div class="sect3">
<h4 id="_mispcontributorpgpfingerprint">misp:contributor="pgpfingerprint"</h4>
<div class="paragraph">
<p>OpenPGP Fingerprint</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confidence_level">confidence-level</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_mispconfidence_levelcompletely_confident">misp:confidence-level="completely-confident"</h4>
<div class="paragraph">
<p>Completely confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispconfidence_levelusually_confident">misp:confidence-level="usually-confident"</h4>
<div class="paragraph">
<p>Usually confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispconfidence_levelfairly_confident">misp:confidence-level="fairly-confident"</h4>
<div class="paragraph">
<p>Fairly confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispconfidence_levelrarely_confident">misp:confidence-level="rarely-confident"</h4>
<div class="paragraph">
<p>Rarely confident</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispconfidence_levelunconfident">misp:confidence-level="unconfident"</h4>
<div class="paragraph">
<p>Unconfident</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispconfidence_levelconfidence_cannot_be_evaluated">misp:confidence-level="confidence-cannot-be-evaluated"</h4>
<div class="paragraph">
<p>Confidence cannot be evaluated</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_threat_level">threat-level</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_mispthreat_levelno_risk">misp:threat-level="no-risk"</h4>
<div class="paragraph">
<p>No risk</p>
</div>
<div class="paragraph">
<p>Harmless information. (CEUS threat level)</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispthreat_levellow_risk">misp:threat-level="low-risk"</h4>
<div class="paragraph">
<p>Low risk</p>
</div>
<div class="paragraph">
<p>Low risk which can include mass-malware. (CEUS threat level)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispthreat_levelmedium_risk">misp:threat-level="medium-risk"</h4>
<div class="paragraph">
<p>Medium risk</p>
</div>
<div class="paragraph">
<p>Medium risk which can include targeted attacks (e.g. APT). (CEUS threat level)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispthreat_levelhigh_risk">misp:threat-level="high-risk"</h4>
<div class="paragraph">
<p>High risk</p>
</div>
<div class="paragraph">
<p>High risk which can include highly sophisticated attacks or 0-day attack. (CEUS threat level)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_automation_level">automation-level</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_mispautomation_levelunsupervised">misp:automation-level="unsupervised"</h4>
<div class="paragraph">
<p>Generated automatically without human verification</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispautomation_levelreviewed">misp:automation-level="reviewed"</h4>
<div class="paragraph">
<p>Generated automatically but verified by a human</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispautomation_levelmanual">misp:automation-level="manual"</h4>
<div class="paragraph">
<p>Output of human analysis</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_should_not_sync">should-not-sync</h3>
<div class="paragraph">
<p>Event with this tag should not be synced to other MISP instances</p>
</div>
</div>
<div class="sect2">
<h3 id="_tool">tool</h3>
<div class="paragraph">
<p>Tool associated with the information taggged</p>
</div>
<div class="sect3">
<h4 id="_misptoolmisp2stix">misp:tool="misp2stix"</h4>
<div class="paragraph">
<p>misp2stix</p>
</div>
</div>
<div class="sect3">
<h4 id="_misptoolmisp2yara">misp:tool="misp2yara"</h4>
<div class="paragraph">
<p>misp2yara</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_misp2yara">misp2yara</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_mispmisp2yaragenerated">misp:misp2yara="generated"</h4>
<div class="paragraph">
<p>generated</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispmisp2yaraas_is">misp:misp2yara="as-is"</h4>
<div class="paragraph">
<p>as-is</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispmisp2yaravalid">misp:misp2yara="valid"</h4>
<div class="paragraph">
<p>valid</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispmisp2yarainvalid">misp:misp2yara="invalid"</h4>
<div class="paragraph">
<p>invalid</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_event_type_2">event-type</h3>
<div class="sect3">
<h4 id="_mispevent_typeobservation">misp:event-type="observation"</h4>
<div class="paragraph">
<p>observation</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typeincident">misp:event-type="incident"</h4>
<div class="paragraph">
<p>incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typereport">misp:event-type="report"</h4>
<div class="paragraph">
<p>report</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typecollection">misp:event-type="collection"</h4>
<div class="paragraph">
<p>collection</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typeanalysis">misp:event-type="analysis"</h4>
<div class="paragraph">
<p>analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typeautomatic_analysis">misp:event-type="automatic-analysis"</h4>
<div class="paragraph">
<p>automatic-analysis</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ids">ids</h3>
<div class="sect3">
<h4 id="_mispidsforce">misp:ids="force"</h4>
<div class="paragraph">
<p>force</p>
</div>
<div class="paragraph">
<p>Force the IDS flag to be the one from the tag.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispidstrue">misp:ids="true"</h4>
<div class="paragraph">
<p>true</p>
</div>
<div class="paragraph">
<p>Overwrite the current IDS flag of the information tag by IDS true.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispidsfalse">misp:ids="false"</h4>
<div class="paragraph">
<p>false</p>
</div>
<div class="paragraph">
<p>Overwrite the current IDS flag of the information tag by IDS false.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_monarc_threat">monarc-threat</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
monarc-threat namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/monarc-threat/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>MONARC Threats Taxonomy</p>
</div>
<div class="sect2">
<h3 id="_compromise_of_functions">compromise-of-functions</h3>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionserror_in_use">monarc-threat:compromise-of-functions="error-in-use"</h4>
<div class="paragraph">
<p>Error in use</p>
</div>
<div class="paragraph">
<p>A person commits an operating error, input error or utilisation error on hardware or software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsforging_of_rights">monarc-threat:compromise-of-functions="forging-of-rights"</h4>
<div class="paragraph">
<p>Forging of rights</p>
</div>
<div class="paragraph">
<p>A person assumes the identity of a different person in order to use his/her access rights to the information system, misinform the recipient, commit a fraud, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionseavesdropping">monarc-threat:compromise-of-functions="eavesdropping"</h4>
<div class="paragraph">
<p>Eavesdropping</p>
</div>
<div class="paragraph">
<p>Someone connected to communication equipment or media or located inside the transmission coverage boundaries of a communication.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsdenial_of_actions">monarc-threat:compromise-of-functions="denial-of-actions"</h4>
<div class="paragraph">
<p>Denial of actions</p>
</div>
<div class="paragraph">
<p>A person or entity denies being involved in an exchange with a third party or carrying out an operation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsabuse_of_rights">monarc-threat:compromise-of-functions="abuse-of-rights"</h4>
<div class="paragraph">
<p>Abuse of rights</p>
</div>
<div class="paragraph">
<p>Someone with special rights (network administration, computer specialists, etc.) modifies the operating characteristics of the resources.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_functionsbreach_of_personnel_availability">monarc-threat:compromise-of-functions="breach-of-personnel-availability"</h4>
<div class="paragraph">
<p>Breach of personnel availability</p>
</div>
<div class="paragraph">
<p>Absence of qualified or authorised personnel to execute the usual operations.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unauthorised_actions">unauthorised-actions</h3>
<div class="sect3">
<h4 id="_monarc_threatunauthorised_actionsfraudulent_copying_or_use_of_counterfeit_software">monarc-threat:unauthorised-actions="fraudulent-copying-or-use-of-counterfeit-software"</h4>
<div class="paragraph">
<p>Fraudulent copying or use of counterfeit software</p>
</div>
<div class="paragraph">
<p>Someone inside the organisation makes fraudulent copies (also called pirated copies) of package software or in-house software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatunauthorised_actionscorruption_of_data">monarc-threat:unauthorised-actions="corruption-of-data"</h4>
<div class="paragraph">
<p>Corruption of data</p>
</div>
<div class="paragraph">
<p>Someone gains access to the communication equipment of the information system and corrupts transmission of information (by intercepting, inserting, destroying, etc.) or repeatedly attempts access until successful.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatunauthorised_actionsillegal_processing_of_data">monarc-threat:unauthorised-actions="illegal-processing-of-data"</h4>
<div class="paragraph">
<p>Illegal processing of data</p>
</div>
<div class="paragraph">
<p>A person carries out information processing that is forbidden by the law or a regulation.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_compromise_of_information">compromise-of-information</h3>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationremote_spying">monarc-threat:compromise-of-information="remote-spying"</h4>
<div class="paragraph">
<p>Remote spying</p>
</div>
<div class="paragraph">
<p>Personnel actions observable from a distance. Visual observation with or without optical equipment, for example observation of a user entering a code or password on a keyboard.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationtampering_with_hardware">monarc-threat:compromise-of-information="tampering-with-hardware"</h4>
<div class="paragraph">
<p>Tampering with hardware</p>
</div>
<div class="paragraph">
<p>Someone with access to a communication medium or equipment installs an interception or destruction device in it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationinterception_of_compromising_interference_signals">monarc-threat:compromise-of-information="interception-of-compromising-interference-signals"</h4>
<div class="paragraph">
<p>Interception of compromising interference signals</p>
</div>
<div class="paragraph">
<p>Interfering signals from an electromagnetic source emitted by the equipment (by conduction on the electrical power supply cables or earth wires or by radiation in free space). Capture of these signals depends on the distance to the targeted equipment or the possibility of connecting to cables or any other conductor passing close to the equipment (coupling phenomenon).</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationtheft_or_destruction_of_media_documents_or_equipment">monarc-threat:compromise-of-information="theft-or-destruction-of-media-documents-or-equipment"</h4>
<div class="paragraph">
<p>Theft or destruction of media, documents or equipment</p>
</div>
<div class="paragraph">
<p>Media, documents or equipment can be accessed by foreigners either internally or externally. It can be damaged or stolen.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationretrieval_of_recycled_or_discarded_media">monarc-threat:compromise-of-information="retrieval-of-recycled-or-discarded media"</h4>
<div class="paragraph">
<p>Retrieval of recycled or discarded media</p>
</div>
<div class="paragraph">
<p>Retrieval of electronic media (hard discs, floppy discs, back-up cartridges, USB keys, ZIP discs, removable hard discs, etc.) or paper copies (lists, incomplete print-outs, messages, etc.) intended for recycling and containing retrievable information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationmalware_infection">monarc-threat:compromise-of-information="malware-infection"</h4>
<div class="paragraph">
<p>Malware infection</p>
</div>
<div class="paragraph">
<p>Unwanted software that is doing operations seeking to harm the company.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationdata_from_untrustworthy_sources">monarc-threat:compromise-of-information="data-from-untrustworthy-sources"</h4>
<div class="paragraph">
<p>Data from untrustworthy sources</p>
</div>
<div class="paragraph">
<p>Receiving false data or unsuitable equipment from outside sources and using them in the organisation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatcompromise_of_informationdisclosure">monarc-threat:compromise-of-information="disclosure"</h4>
<div class="paragraph">
<p>Disclosure</p>
</div>
<div class="paragraph">
<p>Person who voluntarily or negligently disclosure information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_loss_of_essential_services">loss-of-essential-services</h3>
<div class="sect3">
<h4 id="_monarc_threatloss_of_essential_servicesfailure_of_telecommunication_equipment">monarc-threat:loss-of-essential-services="failure-of-telecommunication-equipment"</h4>
<div class="paragraph">
<p>Failure of telecommunication equipment</p>
</div>
<div class="paragraph">
<p>Disturbance, shutdown or incorrect sizing of telecommunications services (telephone, Internet access, Internet network).</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatloss_of_essential_servicesloss_of_power_supply">monarc-threat:loss-of-essential-services="loss-of-power-supply"</h4>
<div class="paragraph">
<p>Loss of power supply</p>
</div>
<div class="paragraph">
<p>Failure, shutdown or incorrect sizing of the power supply to the assets arising either from the supplier&#8217;s service or from the internal distribution system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatloss_of_essential_servicesfailure_of_air_conditioning">monarc-threat:loss-of-essential-services="failure-of-air-conditioning"</h4>
<div class="paragraph">
<p>Failure of air-conditioning</p>
</div>
<div class="paragraph">
<p>Failure, shutdown or inadequacy of the air-conditioning service may cause assets requiring cooling or ventilation to shut down, malfunction or fail completely.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_technical_failures">technical-failures</h3>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuressoftware_malfunction">monarc-threat:technical-failures="software-malfunction"</h4>
<div class="paragraph">
<p>Software malfunction</p>
</div>
<div class="paragraph">
<p>Design error, installation error or operating error committed during modification causing incorrect execution.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuresequipment_malfunction_or_failure">monarc-threat:technical-failures="equipment-malfunction-or-failure"</h4>
<div class="paragraph">
<p>Equipment malfunction or failure</p>
</div>
<div class="paragraph">
<p>Logical or physical event causing hardware malfunctions or failures.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuressaturation_of_the_information_system">monarc-threat:technical-failures="saturation-of-the-information-system"</h4>
<div class="paragraph">
<p>Saturation of the information system</p>
</div>
<div class="paragraph">
<p>A person or resource of a hardware, software or network type simulating an intense demand on resources by setting up continuous bombardment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threattechnical_failuresbreach_of_information_system_maintainability">monarc-threat:technical-failures="breach-of-information-system-maintainability"</h4>
<div class="paragraph">
<p>Breach of information system maintainability</p>
</div>
<div class="paragraph">
<p>Lack of expertise in the system making retrofitting and upgrading impossible</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_physical_damage">physical-damage</h3>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagedestruction_of_equipment_or_supports">monarc-threat:physical-damage="destruction-of-equipment-or-supports"</h4>
<div class="paragraph">
<p>Destruction of equipment or supports</p>
</div>
<div class="paragraph">
<p>Event causing destruction of equipment or media.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagefire">monarc-threat:physical-damage="fire"</h4>
<div class="paragraph">
<p>Fire</p>
</div>
<div class="paragraph">
<p>Any situation that could facilitate the conflagration of premises or equipment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagewater_damage">monarc-threat:physical-damage="water-damage"</h4>
<div class="paragraph">
<p>Water damage</p>
</div>
<div class="paragraph">
<p>Situation facilitating the water hazard on equipment (floods, water leak, cellars, etc.)</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagemajor_accident">monarc-threat:physical-damage="major-accident"</h4>
<div class="paragraph">
<p>Major accident</p>
</div>
<div class="paragraph">
<p>Any event that can physically destroy the premises</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damagepollution">monarc-threat:physical-damage="pollution"</h4>
<div class="paragraph">
<p>Pollution</p>
</div>
<div class="paragraph">
<p>Presence of dust, vapours, corrosive or toxic gases in the ambient air.</p>
</div>
</div>
<div class="sect3">
<h4 id="_monarc_threatphysical_damageenvironmental_disaster">monarc-threat:physical-damage="environmental-disaster"</h4>
<div class="paragraph">
<p>Environmental disaster (fire, flood, dust, dirt, etc.)</p>
</div>
<div class="paragraph">
<p>Any event that can physically ruin the premises</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ms_caro_malware">ms-caro-malware</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ms-caro-malware namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ms-caro-malware/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Type and Platform classification based on Microsoft&#8217;s implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on <a href="https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx</a>, and <a href="http://www.caro.org/definitions/index.html" class="bare">http://www.caro.org/definitions/index.html</a>. Malware families are extracted from Microsoft SIRs since 2008 based on <a href="https://www.microsoft.com/security/sir/archive/default.aspx" class="bare">https://www.microsoft.com/security/sir/archive/default.aspx</a> and <a href="https://www.microsoft.com/en-us/security/portal/threat/threats.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/threat/threats.aspx</a>. Note that SIRs do NOT include all Microsoft malware families.</p>
</div>
<div class="sect2">
<h3 id="_malware_type">malware-type</h3>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeadware">ms-caro-malware:malware-type="Adware"</h4>
<div class="paragraph">
<p>Adware - Software that shows you extra promotions that you cannot control as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typebackdoor">ms-caro-malware:malware-type="Backdoor"</h4>
<div class="paragraph">
<p>A type of trojan that gives a malicious hacker access to and control of your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typebehavior">ms-caro-malware:malware-type="Behavior"</h4>
<div class="paragraph">
<p>A type of detection based on file actions that are often associated with malicious activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typebroswermodifier">ms-caro-malware:malware-type="BroswerModifier"</h4>
<div class="paragraph">
<p>A program than makes changes to your Internet browser without your permission</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeconstructor">ms-caro-malware:malware-type="Constructor"</h4>
<div class="paragraph">
<p>A program that can be used to automatically create malware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeddos">ms-caro-malware:malware-type="DDoS"</h4>
<div class="paragraph">
<p>When a number of PCs are made to access a website, network or server repeatedly within a given time period. The aim of the attack is to overload the target so that it crashes and can&#8217;t respond</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typedialer">ms-caro-malware:malware-type="Dialer"</h4>
<div class="paragraph">
<p>A program that makes unauthorized telephone calls. These calls may be charged at a premium rate and cost you a lot of money</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typedos">ms-caro-malware:malware-type="DoS"</h4>
<div class="paragraph">
<p>When a target PC or server is deliberately overloaded so that it doesn&#8217;t work for any visitors anymore</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeexploit">ms-caro-malware:malware-type="Exploit"</h4>
<div class="paragraph">
<p>A piece of code that uses software vulnerabilities to access information on your PC or install malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typehacktool">ms-caro-malware:malware-type="HackTool"</h4>
<div class="paragraph">
<p>A type of tool that can be used to allow and maintain unauthorized access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typejoke">ms-caro-malware:malware-type="Joke"</h4>
<div class="paragraph">
<p>A program that pretends to do something malicious but actually doesn&#8217;t actually do anything harmful. For example, some joke programs pretend to delete files or format disks</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typemisleading">ms-caro-malware:malware-type="Misleading"</h4>
<div class="paragraph">
<p>The program that makes misleading or fraudulent claims about files, registry entries or other items on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typemonitoringtool">ms-caro-malware:malware-type="MonitoringTool"</h4>
<div class="paragraph">
<p>A commercial program that monitors what you do on your PC. This can include monitoring what keys you press; your email or instant messages; your voice or video conversations; and your banking details and passwords. It can also take screenshots as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeprogram">ms-caro-malware:malware-type="Program"</h4>
<div class="paragraph">
<p>Software that you may or may not want installed on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typepua">ms-caro-malware:malware-type="PUA"</h4>
<div class="paragraph">
<p>Potentially Unwanted Applications. Characteristics of unwanted software can include depriving users of adequate choice or control over what the software does to the computer, preventing users from removing the software, or displaying advertisements without clearly identifying their source.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typepws">ms-caro-malware:malware-type="PWS"</h4>
<div class="paragraph">
<p>A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeransom">ms-caro-malware:malware-type="Ransom"</h4>
<div class="paragraph">
<p>A detection for malicious programs that seize control of the computer on which they are installed. This trojan usually locks the screen and prevents the user from using the computer. It usually displays an alert message.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeremoteaccess">ms-caro-malware:malware-type="RemoteAccess"</h4>
<div class="paragraph">
<p>A program that gives someone access to your PC from a remote location. This type of program is often installed by the computer owner</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typerogue">ms-caro-malware:malware-type="Rogue"</h4>
<div class="paragraph">
<p>Software that pretends to be an antivirus program but doesn&#8217;t actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don&#8217;t exist. It also tries to convince you to pay for its services</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typesettingsmodifier">ms-caro-malware:malware-type="SettingsModifier"</h4>
<div class="paragraph">
<p>A program that changes your PC settings</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typesoftwarebundler">ms-caro-malware:malware-type="SoftwareBundler"</h4>
<div class="paragraph">
<p>A program that installs unwanted software on your PC at the same time as the software you are trying to install, without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typespammer">ms-caro-malware:malware-type="Spammer"</h4>
<div class="paragraph">
<p>A trojan that sends large numbers of spam emails. It may also describe the person or business responsible for sending spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typespoofer">ms-caro-malware:malware-type="Spoofer"</h4>
<div class="paragraph">
<p>A type of trojan that makes fake emails that look like they are from a legitimate source</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typespyware">ms-caro-malware:malware-type="Spyware"</h4>
<div class="paragraph">
<p>A program that collects your personal information, such as your browsing history, and uses it without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetool">ms-caro-malware:malware-type="Tool"</h4>
<div class="paragraph">
<p>A type of software that may have a legitimate purpose, but which may also be abused by malware authors</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetrojan">ms-caro-malware:malware-type="Trojan"</h4>
<div class="paragraph">
<p>A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm , a trojan doesn&#8217;t spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetrojanclicker">ms-caro-malware:malware-type="TrojanClicker"</h4>
<div class="paragraph">
<p>A type of trojan that can use your PC to click on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetrojandownloader">ms-caro-malware:malware-type="TrojanDownloader"</h4>
<div class="paragraph">
<p>A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetrojandropper">ms-caro-malware:malware-type="TrojanDropper"</h4>
<div class="paragraph">
<p>A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetrojannotifier">ms-caro-malware:malware-type="TrojanNotifier"</h4>
<div class="paragraph">
<p>A type of trojan that sends information about your PC to a malicious hacker. It is similar to a password stealer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetrojanproxy">ms-caro-malware:malware-type="TrojanProxy"</h4>
<div class="paragraph">
<p>A type of trojan that installs a proxy server on your PC. The server can be configured so that when you use the Internet, any requests you make are sent through a server controlled by a malicious hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typetrojanspy">ms-caro-malware:malware-type="TrojanSpy"</h4>
<div class="paragraph">
<p>A program that collects your personal information, such as your browsing history, and uses it without adequate consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typevirtool">ms-caro-malware:malware-type="VirTool"</h4>
<div class="paragraph">
<p>A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typevirus">ms-caro-malware:malware-type="Virus"</h4>
<div class="paragraph">
<p>A type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_typeworm">ms-caro-malware:malware-type="Worm"</h4>
<div class="paragraph">
<p>A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: Email programs, Instant messaging programs, File-sharing programs, Social networking sites, Network shares, Removable drives with Autorun enabled, Software vulnerabilities</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_platform">malware-platform</h3>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformandroidos">ms-caro-malware:malware-platform="AndroidOS"</h4>
<div class="paragraph">
<p>Android operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformdos">ms-caro-malware:malware-platform="DOS"</h4>
<div class="paragraph">
<p>MS-DOS platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformepoc">ms-caro-malware:malware-platform="EPOC"</h4>
<div class="paragraph">
<p>Psion devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformfreebsd">ms-caro-malware:malware-platform="FreeBSD"</h4>
<div class="paragraph">
<p>FreeBSD platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformiphoneos">ms-caro-malware:malware-platform="iPhoneOS"</h4>
<div class="paragraph">
<p>iPhone operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformlinux">ms-caro-malware:malware-platform="Linux"</h4>
<div class="paragraph">
<p>Linux platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformmacos">ms-caro-malware:malware-platform="MacOS"</h4>
<div class="paragraph">
<p>MAC 9.x platform or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformmacos_x">ms-caro-malware:malware-platform="MacOS_X"</h4>
<div class="paragraph">
<p>MacOS X or later</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformos2">ms-caro-malware:malware-platform="OS2"</h4>
<div class="paragraph">
<p>OS2 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformpalm">ms-caro-malware:malware-platform="Palm"</h4>
<div class="paragraph">
<p>Palm operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformsolaris">ms-caro-malware:malware-platform="Solaris"</h4>
<div class="paragraph">
<p>System V-based Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformsunos">ms-caro-malware:malware-platform="SunOS"</h4>
<div class="paragraph">
<p>Unix platforms 4.1.3 or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformsymbos">ms-caro-malware:malware-platform="SymbOS"</h4>
<div class="paragraph">
<p>Symbian operatings system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformunix">ms-caro-malware:malware-platform="Unix"</h4>
<div class="paragraph">
<p>General Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwin16">ms-caro-malware:malware-platform="Win16"</h4>
<div class="paragraph">
<p>Win16 (3.1) platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwin2k">ms-caro-malware:malware-platform="Win2K"</h4>
<div class="paragraph">
<p>Windows 2000 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwin32">ms-caro-malware:malware-platform="Win32"</h4>
<div class="paragraph">
<p>Windows 32-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwin64">ms-caro-malware:malware-platform="Win64"</h4>
<div class="paragraph">
<p>Windows 64-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwin95">ms-caro-malware:malware-platform="Win95"</h4>
<div class="paragraph">
<p>Windows 95, 98 and ME platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwin98">ms-caro-malware:malware-platform="Win98"</h4>
<div class="paragraph">
<p>Windows 98 platform only</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwince">ms-caro-malware:malware-platform="WinCE"</h4>
<div class="paragraph">
<p>Windows CE platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwinnt">ms-caro-malware:malware-platform="WinNT"</h4>
<div class="paragraph">
<p>WinNT</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformabap">ms-caro-malware:malware-platform="ABAP"</h4>
<div class="paragraph">
<p>Advanced Business Application Programming scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformalisp">ms-caro-malware:malware-platform="ALisp"</h4>
<div class="paragraph">
<p>ALisp scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformamipro">ms-caro-malware:malware-platform="AmiPro"</h4>
<div class="paragraph">
<p>AmiPro script</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformansi">ms-caro-malware:malware-platform="ANSI"</h4>
<div class="paragraph">
<p>American National Standards Institute scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformapplescript">ms-caro-malware:malware-platform="AppleScript"</h4>
<div class="paragraph">
<p>compiled Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformasp">ms-caro-malware:malware-platform="ASP"</h4>
<div class="paragraph">
<p>Active Server Pages scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformautoit">ms-caro-malware:malware-platform="AutoIt"</h4>
<div class="paragraph">
<p>AutoIT scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformbas">ms-caro-malware:malware-platform="BAS"</h4>
<div class="paragraph">
<p>Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformbat">ms-caro-malware:malware-platform="BAT"</h4>
<div class="paragraph">
<p>Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformcorelscript">ms-caro-malware:malware-platform="CorelScript"</h4>
<div class="paragraph">
<p>Corelscript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformhta">ms-caro-malware:malware-platform="HTA"</h4>
<div class="paragraph">
<p>HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformhtml">ms-caro-malware:malware-platform="HTML"</h4>
<div class="paragraph">
<p>HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platforminf">ms-caro-malware:malware-platform="INF"</h4>
<div class="paragraph">
<p>Install scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformirc">ms-caro-malware:malware-platform="IRC"</h4>
<div class="paragraph">
<p>mIRC/pIRC scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformjava">ms-caro-malware:malware-platform="Java"</h4>
<div class="paragraph">
<p>Java binaries (classes)</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformjs">ms-caro-malware:malware-platform="JS"</h4>
<div class="paragraph">
<p>Javascript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformlogo">ms-caro-malware:malware-platform="LOGO"</h4>
<div class="paragraph">
<p>LOGO scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformmpb">ms-caro-malware:malware-platform="MPB"</h4>
<div class="paragraph">
<p>MapBasic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformmsh">ms-caro-malware:malware-platform="MSH"</h4>
<div class="paragraph">
<p>Monad shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformmsil">ms-caro-malware:malware-platform="MSIL"</h4>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformperl">ms-caro-malware:malware-platform="Perl"</h4>
<div class="paragraph">
<div class="title">Net intermediate language scripts</div>
<p>Perl scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformphp">ms-caro-malware:malware-platform="PHP"</h4>
<div class="paragraph">
<p>Hypertext Preprocessor scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformpython">ms-caro-malware:malware-platform="Python"</h4>
<div class="paragraph">
<p>Python scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformsap">ms-caro-malware:malware-platform="SAP"</h4>
<div class="paragraph">
<p>SAP platform scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformsh">ms-caro-malware:malware-platform="SH"</h4>
<div class="paragraph">
<p>Shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformvba">ms-caro-malware:malware-platform="VBA"</h4>
<div class="paragraph">
<p>Visual Basic for Applications scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformvbs">ms-caro-malware:malware-platform="VBS"</h4>
<div class="paragraph">
<p>Visual Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwinbat">ms-caro-malware:malware-platform="WinBAT"</h4>
<div class="paragraph">
<p>Winbatch scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwinhlp">ms-caro-malware:malware-platform="WinHlp"</h4>
<div class="paragraph">
<p>Windows Help scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwinreg">ms-caro-malware:malware-platform="WinREG"</h4>
<div class="paragraph">
<p>Windows registry scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platforma97m">ms-caro-malware:malware-platform="A97M"</h4>
<div class="paragraph">
<p>Access 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformhe">ms-caro-malware:malware-platform="HE"</h4>
<div class="paragraph">
<p>macro scripting</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformo97m">ms-caro-malware:malware-platform="O97M"</h4>
<div class="paragraph">
<p>Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformpp97m">ms-caro-malware:malware-platform="PP97M"</h4>
<div class="paragraph">
<p>PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformv5m">ms-caro-malware:malware-platform="V5M"</h4>
<div class="paragraph">
<p>Visio5 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformw1m">ms-caro-malware:malware-platform="W1M"</h4>
<div class="paragraph">
<p>Word1Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformw2m">ms-caro-malware:malware-platform="W2M"</h4>
<div class="paragraph">
<p>Word2Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformw97m">ms-caro-malware:malware-platform="W97M"</h4>
<div class="paragraph">
<p>Word 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformwm">ms-caro-malware:malware-platform="WM"</h4>
<div class="paragraph">
<p>Word 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformx97m">ms-caro-malware:malware-platform="X97M"</h4>
<div class="paragraph">
<p>Excel 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformxf">ms-caro-malware:malware-platform="XF"</h4>
<div class="paragraph">
<p>Excel formulas</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformxm">ms-caro-malware:malware-platform="XM"</h4>
<div class="paragraph">
<p>Excel 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformasx">ms-caro-malware:malware-platform="ASX"</h4>
<div class="paragraph">
<p>XML metafile of Windows Media .asf files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformhc">ms-caro-malware:malware-platform="HC"</h4>
<div class="paragraph">
<p>HyperCard Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformmime">ms-caro-malware:malware-platform="MIME"</h4>
<div class="paragraph">
<p>MIME packets</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformnetware">ms-caro-malware:malware-platform="Netware"</h4>
<div class="paragraph">
<p>Novell Netware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformqt">ms-caro-malware:malware-platform="QT"</h4>
<div class="paragraph">
<p>Quicktime files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformsb">ms-caro-malware:malware-platform="SB"</h4>
<div class="paragraph">
<p>StarBasic (Staroffice XML) files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformswf">ms-caro-malware:malware-platform="SWF"</h4>
<div class="paragraph">
<p>Shockwave Flash files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformtsql">ms-caro-malware:malware-platform="TSQL"</h4>
<div class="paragraph">
<p>MS SQL server files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malwaremalware_platformxml">ms-caro-malware:malware-platform="XML"</h4>
<div class="paragraph">
<p>XML files</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ms_caro_malware_full">ms-caro-malware-full</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ms-caro-malware-full namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ms-caro-malware-full/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Type and Platform classification based on Microsoft&#8217;s implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on <a href="https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx</a>, and <a href="http://www.caro.org/definitions/index.html" class="bare">http://www.caro.org/definitions/index.html</a>. Malware families are extracted from Microsoft SIRs since 2008 based on <a href="https://www.microsoft.com/security/sir/archive/default.aspx" class="bare">https://www.microsoft.com/security/sir/archive/default.aspx</a> and <a href="https://www.microsoft.com/en-us/security/portal/threat/threats.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/threat/threats.aspx</a>. Note that SIRs do NOT include all Microsoft malware families.</p>
</div>
<div class="sect2">
<h3 id="_malware_type_2">malware-type</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeadware">ms-caro-malware-full:malware-type="Adware"</h4>
<div class="paragraph">
<p>Adware - Software that shows you extra promotions that you cannot control as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typebackdoor">ms-caro-malware-full:malware-type="Backdoor"</h4>
<div class="paragraph">
<p>A type of trojan that gives a malicious hacker access to and control of your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typebehavior">ms-caro-malware-full:malware-type="Behavior"</h4>
<div class="paragraph">
<p>A type of detection based on file actions that are often associated with malicious activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typebroswermodifier">ms-caro-malware-full:malware-type="BroswerModifier"</h4>
<div class="paragraph">
<p>A program than makes changes to your Internet browser without your permission</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeconstructor">ms-caro-malware-full:malware-type="Constructor"</h4>
<div class="paragraph">
<p>A program that can be used to automatically create malware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeddos">ms-caro-malware-full:malware-type="DDoS"</h4>
<div class="paragraph">
<p>When a number of PCs are made to access a website, network or server repeatedly within a given time period. The aim of the attack is to overload the target so that it crashes and can&#8217;t respond</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typedialer">ms-caro-malware-full:malware-type="Dialer"</h4>
<div class="paragraph">
<p>A program that makes unauthorized telephone calls. These calls may be charged at a premium rate and cost you a lot of money</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typedos">ms-caro-malware-full:malware-type="DoS"</h4>
<div class="paragraph">
<p>When a target PC or server is deliberately overloaded so that it doesn&#8217;t work for any visitors anymore</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeexploit">ms-caro-malware-full:malware-type="Exploit"</h4>
<div class="paragraph">
<p>A piece of code that uses software vulnerabilities to access information on your PC or install malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typehacktool">ms-caro-malware-full:malware-type="HackTool"</h4>
<div class="paragraph">
<p>A type of tool that can be used to allow and maintain unauthorized access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typejoke">ms-caro-malware-full:malware-type="Joke"</h4>
<div class="paragraph">
<p>A program that pretends to do something malicious but actually doesn&#8217;t actually do anything harmful. For example, some joke programs pretend to delete files or format disks</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typemisleading">ms-caro-malware-full:malware-type="Misleading"</h4>
<div class="paragraph">
<p>The program that makes misleading or fraudulent claims about files, registry entries or other items on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typemonitoringtool">ms-caro-malware-full:malware-type="MonitoringTool"</h4>
<div class="paragraph">
<p>A commercial program that monitors what you do on your PC. This can include monitoring what keys you press; your email or instant messages; your voice or video conversations; and your banking details and passwords. It can also take screenshots as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeprogram">ms-caro-malware-full:malware-type="Program"</h4>
<div class="paragraph">
<p>Software that you may or may not want installed on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typepua">ms-caro-malware-full:malware-type="PUA"</h4>
<div class="paragraph">
<p>Potentially Unwanted Applications. Characteristics of unwanted software can include depriving users of adequate choice or control over what the software does to the computer, preventing users from removing the software, or displaying advertisements without clearly identifying their source.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typepws">ms-caro-malware-full:malware-type="PWS"</h4>
<div class="paragraph">
<p>A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeransom">ms-caro-malware-full:malware-type="Ransom"</h4>
<div class="paragraph">
<p>A detection for malicious programs that seize control of the computer on which they are installed. This trojan usually locks the screen and prevents the user from using the computer. It usually displays an alert message.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeremoteaccess">ms-caro-malware-full:malware-type="RemoteAccess"</h4>
<div class="paragraph">
<p>A program that gives someone access to your PC from a remote location. This type of program is often installed by the computer owner</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typerogue">ms-caro-malware-full:malware-type="Rogue"</h4>
<div class="paragraph">
<p>Software that pretends to be an antivirus program but doesn&#8217;t actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don&#8217;t exist. It also tries to convince you to pay for its services</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typesettingsmodifier">ms-caro-malware-full:malware-type="SettingsModifier"</h4>
<div class="paragraph">
<p>A program that changes your PC settings</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typesoftwarebundler">ms-caro-malware-full:malware-type="SoftwareBundler"</h4>
<div class="paragraph">
<p>A program that installs unwanted software on your PC at the same time as the software you are trying to install, without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typespammer">ms-caro-malware-full:malware-type="Spammer"</h4>
<div class="paragraph">
<p>A trojan that sends large numbers of spam emails. It may also describe the person or business responsible for sending spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typespoofer">ms-caro-malware-full:malware-type="Spoofer"</h4>
<div class="paragraph">
<p>A type of trojan that makes fake emails that look like they are from a legitimate source</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typespyware">ms-caro-malware-full:malware-type="Spyware"</h4>
<div class="paragraph">
<p>A program that collects your personal information, such as your browsing history, and uses it without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetool">ms-caro-malware-full:malware-type="Tool"</h4>
<div class="paragraph">
<p>A type of software that may have a legitimate purpose, but which may also be abused by malware authors</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetrojan">ms-caro-malware-full:malware-type="Trojan"</h4>
<div class="paragraph">
<p>A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm , a trojan doesn&#8217;t spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetrojanclicker">ms-caro-malware-full:malware-type="TrojanClicker"</h4>
<div class="paragraph">
<p>A type of trojan that can use your PC to click on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetrojandownloader">ms-caro-malware-full:malware-type="TrojanDownloader"</h4>
<div class="paragraph">
<p>A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetrojandropper">ms-caro-malware-full:malware-type="TrojanDropper"</h4>
<div class="paragraph">
<p>A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetrojannotifier">ms-caro-malware-full:malware-type="TrojanNotifier"</h4>
<div class="paragraph">
<p>A type of trojan that sends information about your PC to a malicious hacker. It is similar to a password stealer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetrojanproxy">ms-caro-malware-full:malware-type="TrojanProxy"</h4>
<div class="paragraph">
<p>A type of trojan that installs a proxy server on your PC. The server can be configured so that when you use the Internet, any requests you make are sent through a server controlled by a malicious hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typetrojanspy">ms-caro-malware-full:malware-type="TrojanSpy"</h4>
<div class="paragraph">
<p>A program that collects your personal information, such as your browsing history, and uses it without adequate consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typevirtool">ms-caro-malware-full:malware-type="VirTool"</h4>
<div class="paragraph">
<p>A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typevirus">ms-caro-malware-full:malware-type="Virus"</h4>
<div class="paragraph">
<p>A type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_typeworm">ms-caro-malware-full:malware-type="Worm"</h4>
<div class="paragraph">
<p>A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: Email programs, Instant messaging programs, File-sharing programs, Social networking sites, Network shares, Removable drives with Autorun enabled, Software vulnerabilities</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_platform_2">malware-platform</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformandroidos">ms-caro-malware-full:malware-platform="AndroidOS"</h4>
<div class="paragraph">
<p>Android operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformdos">ms-caro-malware-full:malware-platform="DOS"</h4>
<div class="paragraph">
<p>MS-DOS platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformepoc">ms-caro-malware-full:malware-platform="EPOC"</h4>
<div class="paragraph">
<p>Psion devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformfreebsd">ms-caro-malware-full:malware-platform="FreeBSD"</h4>
<div class="paragraph">
<p>FreeBSD platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformiphoneos">ms-caro-malware-full:malware-platform="iPhoneOS"</h4>
<div class="paragraph">
<p>iPhone operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformlinux">ms-caro-malware-full:malware-platform="Linux"</h4>
<div class="paragraph">
<p>Linux platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformmacos">ms-caro-malware-full:malware-platform="MacOS"</h4>
<div class="paragraph">
<p>MAC 9.x platform or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformmacos_x">ms-caro-malware-full:malware-platform="MacOS_X"</h4>
<div class="paragraph">
<p>MacOS X or later</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformos2">ms-caro-malware-full:malware-platform="OS2"</h4>
<div class="paragraph">
<p>OS2 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformpalm">ms-caro-malware-full:malware-platform="Palm"</h4>
<div class="paragraph">
<p>Palm operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformsolaris">ms-caro-malware-full:malware-platform="Solaris"</h4>
<div class="paragraph">
<p>System V-based Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformsunos">ms-caro-malware-full:malware-platform="SunOS"</h4>
<div class="paragraph">
<p>Unix platforms 4.1.3 or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformsymbos">ms-caro-malware-full:malware-platform="SymbOS"</h4>
<div class="paragraph">
<p>Symbian operatings system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformunix">ms-caro-malware-full:malware-platform="Unix"</h4>
<div class="paragraph">
<p>General Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwin16">ms-caro-malware-full:malware-platform="Win16"</h4>
<div class="paragraph">
<p>Win16 (3.1) platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwin2k">ms-caro-malware-full:malware-platform="Win2K"</h4>
<div class="paragraph">
<p>Windows 2000 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwin32">ms-caro-malware-full:malware-platform="Win32"</h4>
<div class="paragraph">
<p>Windows 32-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwin64">ms-caro-malware-full:malware-platform="Win64"</h4>
<div class="paragraph">
<p>Windows 64-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwin95">ms-caro-malware-full:malware-platform="Win95"</h4>
<div class="paragraph">
<p>Windows 95, 98 and ME platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwin98">ms-caro-malware-full:malware-platform="Win98"</h4>
<div class="paragraph">
<p>Windows 98 platform only</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwince">ms-caro-malware-full:malware-platform="WinCE"</h4>
<div class="paragraph">
<p>Windows CE platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwinnt">ms-caro-malware-full:malware-platform="WinNT"</h4>
<div class="paragraph">
<p>WinNT</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformabap">ms-caro-malware-full:malware-platform="ABAP"</h4>
<div class="paragraph">
<p>Advanced Business Application Programming scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformalisp">ms-caro-malware-full:malware-platform="ALisp"</h4>
<div class="paragraph">
<p>ALisp scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformamipro">ms-caro-malware-full:malware-platform="AmiPro"</h4>
<div class="paragraph">
<p>AmiPro script</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformansi">ms-caro-malware-full:malware-platform="ANSI"</h4>
<div class="paragraph">
<p>American National Standards Institute scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformapplescript">ms-caro-malware-full:malware-platform="AppleScript"</h4>
<div class="paragraph">
<p>compiled Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformasp">ms-caro-malware-full:malware-platform="ASP"</h4>
<div class="paragraph">
<p>Active Server Pages scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformautoit">ms-caro-malware-full:malware-platform="AutoIt"</h4>
<div class="paragraph">
<p>AutoIT scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformbas">ms-caro-malware-full:malware-platform="BAS"</h4>
<div class="paragraph">
<p>Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformbat">ms-caro-malware-full:malware-platform="BAT"</h4>
<div class="paragraph">
<p>Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformcorelscript">ms-caro-malware-full:malware-platform="CorelScript"</h4>
<div class="paragraph">
<p>Corelscript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformhta">ms-caro-malware-full:malware-platform="HTA"</h4>
<div class="paragraph">
<p>HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformhtml">ms-caro-malware-full:malware-platform="HTML"</h4>
<div class="paragraph">
<p>HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platforminf">ms-caro-malware-full:malware-platform="INF"</h4>
<div class="paragraph">
<p>Install scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformirc">ms-caro-malware-full:malware-platform="IRC"</h4>
<div class="paragraph">
<p>mIRC/pIRC scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformjava">ms-caro-malware-full:malware-platform="Java"</h4>
<div class="paragraph">
<p>Java binaries (classes)</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformjs">ms-caro-malware-full:malware-platform="JS"</h4>
<div class="paragraph">
<p>Javascript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformlogo">ms-caro-malware-full:malware-platform="LOGO"</h4>
<div class="paragraph">
<p>LOGO scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformmpb">ms-caro-malware-full:malware-platform="MPB"</h4>
<div class="paragraph">
<p>MapBasic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformmsh">ms-caro-malware-full:malware-platform="MSH"</h4>
<div class="paragraph">
<p>Monad shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformmsil">ms-caro-malware-full:malware-platform="MSIL"</h4>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformperl">ms-caro-malware-full:malware-platform="Perl"</h4>
<div class="paragraph">
<div class="title">Net intermediate language scripts</div>
<p>Perl scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformphp">ms-caro-malware-full:malware-platform="PHP"</h4>
<div class="paragraph">
<p>Hypertext Preprocessor scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformpython">ms-caro-malware-full:malware-platform="Python"</h4>
<div class="paragraph">
<p>Python scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformsap">ms-caro-malware-full:malware-platform="SAP"</h4>
<div class="paragraph">
<p>SAP platform scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformsh">ms-caro-malware-full:malware-platform="SH"</h4>
<div class="paragraph">
<p>Shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformvba">ms-caro-malware-full:malware-platform="VBA"</h4>
<div class="paragraph">
<p>Visual Basic for Applications scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformvbs">ms-caro-malware-full:malware-platform="VBS"</h4>
<div class="paragraph">
<p>Visual Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwinbat">ms-caro-malware-full:malware-platform="WinBAT"</h4>
<div class="paragraph">
<p>Winbatch scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwinhlp">ms-caro-malware-full:malware-platform="WinHlp"</h4>
<div class="paragraph">
<p>Windows Help scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwinreg">ms-caro-malware-full:malware-platform="WinREG"</h4>
<div class="paragraph">
<p>Windows registry scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platforma97m">ms-caro-malware-full:malware-platform="A97M"</h4>
<div class="paragraph">
<p>Access 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformhe">ms-caro-malware-full:malware-platform="HE"</h4>
<div class="paragraph">
<p>macro scripting</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformo97m">ms-caro-malware-full:malware-platform="O97M"</h4>
<div class="paragraph">
<p>Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformpp97m">ms-caro-malware-full:malware-platform="PP97M"</h4>
<div class="paragraph">
<p>PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformv5m">ms-caro-malware-full:malware-platform="V5M"</h4>
<div class="paragraph">
<p>Visio5 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformw1m">ms-caro-malware-full:malware-platform="W1M"</h4>
<div class="paragraph">
<p>Word1Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformw2m">ms-caro-malware-full:malware-platform="W2M"</h4>
<div class="paragraph">
<p>Word2Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformw97m">ms-caro-malware-full:malware-platform="W97M"</h4>
<div class="paragraph">
<p>Word 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformwm">ms-caro-malware-full:malware-platform="WM"</h4>
<div class="paragraph">
<p>Word 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformx97m">ms-caro-malware-full:malware-platform="X97M"</h4>
<div class="paragraph">
<p>Excel 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformxf">ms-caro-malware-full:malware-platform="XF"</h4>
<div class="paragraph">
<p>Excel formulas</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformxm">ms-caro-malware-full:malware-platform="XM"</h4>
<div class="paragraph">
<p>Excel 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformasx">ms-caro-malware-full:malware-platform="ASX"</h4>
<div class="paragraph">
<p>XML metafile of Windows Media .asf files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformhc">ms-caro-malware-full:malware-platform="HC"</h4>
<div class="paragraph">
<p>HyperCard Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformmime">ms-caro-malware-full:malware-platform="MIME"</h4>
<div class="paragraph">
<p>MIME packets</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformnetware">ms-caro-malware-full:malware-platform="Netware"</h4>
<div class="paragraph">
<p>Novell Netware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformqt">ms-caro-malware-full:malware-platform="QT"</h4>
<div class="paragraph">
<p>Quicktime files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformsb">ms-caro-malware-full:malware-platform="SB"</h4>
<div class="paragraph">
<p>StarBasic (Staroffice XML) files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformswf">ms-caro-malware-full:malware-platform="SWF"</h4>
<div class="paragraph">
<p>Shockwave Flash files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformtsql">ms-caro-malware-full:malware-platform="TSQL"</h4>
<div class="paragraph">
<p>MS SQL server files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_platformxml">ms-caro-malware-full:malware-platform="XML"</h4>
<div class="paragraph">
<p>XML files</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_family">malware-family</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzlob">ms-caro-malware-full:malware-family="Zlob"</h4>
<div class="paragraph">
<p>2008 - A family of trojans that often pose as downloadable media codecs. When installed, Win32/Zlob displays frequent pop-up advertisements for rogue security software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvundo">ms-caro-malware-full:malware-family="Vundo"</h4>
<div class="paragraph">
<p>2008 - A multiplecomponent family of programs that deliver pop-up advertisements and may download and execute arbitrary files. Vundo is often installed as a browser helper object (BHO) without a users consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvirtumonde">ms-caro-malware-full:malware-family="Virtumonde"</h4>
<div class="paragraph">
<p>2008 - multi-component malware family that displays pop-up advertisements for rogue security software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybancos">ms-caro-malware-full:malware-family="Bancos"</h4>
<div class="literalblock">
<div class="content">
<pre>2008 - A data-stealing trojan that captures online banking credentials and relays them to the attacker. Most variants target customers of Brazilian banks.</pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycutwail">ms-caro-malware-full:malware-family="Cutwail"</h4>
<div class="paragraph">
<p>2008 - A trojan that downloads and executes arbitrary files, usually to send spam. Win32/Cutwail has also been observed to transmit Win32/Newacc</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyoderoor">ms-caro-malware-full:malware-family="Oderoor"</h4>
<div class="paragraph">
<p>2008 - a backdoor trojan that allows an attacker access and control of the compromised computer. This trojan may connect with remote web sites and SMTP servers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynewacc">ms-caro-malware-full:malware-family="Newacc"</h4>
<div class="paragraph">
<p>2008 - An attacker tool that automatically registers new e-mail accounts on Hotmail, AOL, Gmail, Lycos and other account service providers, using a Web service to decode CAPTCHA protection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycaptiya">ms-caro-malware-full:malware-family="Captiya"</h4>
<div class="paragraph">
<p>2008 - A trojan that transmits CAPTCHA images to a botnet, in what is believed to be an effort to improve the botnets ability to detect characters and break CAPTCHAs more successfully</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytaterf">ms-caro-malware-full:malware-family="Taterf"</h4>
<div class="paragraph">
<p>2008 - A family of worms that spread through mapped drives in order to steal login and account details for popular online games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfrethog">ms-caro-malware-full:malware-family="Frethog"</h4>
<div class="paragraph">
<p>2008 - A large family of password-stealing trojans that target confidential data, such as account information, from massively multiplayer online games</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytilcun">ms-caro-malware-full:malware-family="Tilcun"</h4>
<div class="paragraph">
<p>2008 - A family of trojans that steals online game passwords and sends this captured data to remote sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyceekat">ms-caro-malware-full:malware-family="Ceekat"</h4>
<div class="paragraph">
<p>2008 - A collection of trojans that steal information such as passwords for online games, usually by reading information directly from running processes in memory. Different variants target different processes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycorripio">ms-caro-malware-full:malware-family="Corripio"</h4>
<div class="paragraph">
<p>2008 - a loosely-related family of trojans that attempt to steal passwords for popular online games. Detections containing the name Win32/Corripio are generic, and hence may be reported for a large number of different malicious password-stealing trojans that are otherwise behaviorally dissimilar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzuten">ms-caro-malware-full:malware-family="Zuten"</h4>
<div class="paragraph">
<p>2008 - A family of malware that steals information from online games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familylolyda">ms-caro-malware-full:malware-family="Lolyda"</h4>
<div class="paragraph">
<p>2008 - A family of trojans that sends account information from popular online games to a remote server. They may also download and execute arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familystorark">ms-caro-malware-full:malware-family="Storark"</h4>
<div class="paragraph">
<p>2008 - A family of trojans that steals online game passwords and sends this captured data to remote sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrenos">ms-caro-malware-full:malware-family="Renos"</h4>
<div class="paragraph">
<p>2008 - A family of trojan downloaders that installs rogue security software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzangosearchassistant">ms-caro-malware-full:malware-family="ZangoSearchAssistant"</h4>
<div class="paragraph">
<p>2008 - Adware that monitors the users Web-browsing activity and displays pop-up advertisements related to the Internet sites the user is viewing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzangoshoppingreports">ms-caro-malware-full:malware-family="ZangoShoppingReports"</h4>
<div class="paragraph">
<p>2008 - Adware that displays targeted advertising to affected users while they browse the Internet, based on search terms entered into search engines.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakexpa">ms-caro-malware-full:malware-family="FakeXPA"</h4>
<div class="paragraph">
<p>2008 - A rogue security software family that claims to scan for malware and then demands that the user pay to remove nonexistent threats. Some variants unlawfully use Microsoft logos and trademarks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakesecsen">ms-caro-malware-full:malware-family="FakeSecSen"</h4>
<div class="paragraph">
<p>2008 - A rogue security software family that claims to scan for malware and then demands that the user pay to remove non-existent threats. It appears to be based on Win32/SpySheriff</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhotbar">ms-caro-malware-full:malware-family="Hotbar"</h4>
<div class="paragraph">
<p>2008 - Adware that displays a dynamic toolbar and targeted pop-up ads based on its monitoring of Web-browsing activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyagent">ms-caro-malware-full:malware-family="Agent"</h4>
<div class="paragraph">
<p>2008 - A generic detection for a number of trojans that may perform different malicious functions. The behaviors exhibited by this family are highly variable</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywimad">ms-caro-malware-full:malware-family="Wimad"</h4>
<div class="paragraph">
<p>2008 - A detection for malicious Windows Media files that can be used to encourage users to download and execute arbitrary files on an affected machine.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybaidusobar">ms-caro-malware-full:malware-family="BaiduSobar"</h4>
<div class="paragraph">
<p>2008 - A Chinese language Web browser toolbar that delivers pop-up and contextual advertisements, blocks certain other advertisements, and changes the Internet Explorer search page</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvb">ms-caro-malware-full:malware-family="VB"</h4>
<div class="paragraph">
<p>2008 - A detection for various threats written in the Visual Basic programming language.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyantivirus2008">ms-caro-malware-full:malware-family="Antivirus2008"</h4>
<div class="paragraph">
<p>2008 - A program that displays misleading security alerts in order to convince users to purchase rogue security software. It may be installed by Win32/Renos or manually by a computer user.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyplaymp3z">ms-caro-malware-full:malware-family="Playmp3z"</h4>
<div class="paragraph">
<p>2008 - An adware family that may display advertisements in connection with the use of a 'free music player' from the site 'PlayMP3z.biz.'</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytibs">ms-caro-malware-full:malware-family="Tibs"</h4>
<div class="paragraph">
<p>2008 - a family of Trojans that may download and run other malicious software or may steal user data and send it to the attacker via HTTP POST or email. The Win32/Tibs family frequently downloads Trojans belonging to the Win32/Harnig and Win32/Passalert families, both of which are families of Trojan downloaders which may in turn download and run other malicious software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyseekmosearchassistant">ms-caro-malware-full:malware-family="SeekmoSearchAssistant"</h4>
<div class="paragraph">
<p>2008 - Adware that displays targeted search results and pop-up advertisements based on terms that the user enters for Web searches. The pop-up advertisements may include adult content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrjump">ms-caro-malware-full:malware-family="RJump"</h4>
<div class="paragraph">
<p>2008 - a worm that attempts to spread by copying itself to newly attached media (such as USB memory devices or network drives). It also contains backdoor functionality that allows an attacker unauthorized access to an affected computer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyspywaresecure">ms-caro-malware-full:malware-family="SpywareSecure"</h4>
<div class="paragraph">
<p>2008 - A program that displays misleading warning messages in order to convince users to purchase a product that removes spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywinfixer">ms-caro-malware-full:malware-family="Winfixer"</h4>
<div class="paragraph">
<p>2008 - A program that locates various registry entries, Windows prefetch content, and other types of data, identifies them as privacy violations, and urges the user to purchase the product to fix them.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyc2lop">ms-caro-malware-full:malware-family="C2Lop"</h4>
<div class="paragraph">
<p>2008 - a trojan that modifies Web browser settings, adds Web browser bookmarks to advertisements, updates itself and delivers pop-up and contextual advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymatcash">ms-caro-malware-full:malware-family="Matcash"</h4>
<div class="paragraph">
<p>2008 - a multicomponent family of trojans that downloads and executes arbitrary files. Some variants of this family may install a toolbar. observed to use the Win32/Slenfbot worm as a means of distribution.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhorst">ms-caro-malware-full:malware-family="Horst"</h4>
<div class="paragraph">
<p>2008 - CAPTCHA Breaker typically delivered through an executable application that masquerades as an illegal software crack or key generator</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyslenfbot">ms-caro-malware-full:malware-family="Slenfbot"</h4>
<div class="paragraph">
<p>2008 - A family of worms that can spread via instant messaging programs, and may spread via removable drives. They also contain backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation but must be ordered to spread by a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrustock">ms-caro-malware-full:malware-family="Rustock"</h4>
<div class="paragraph">
<p>2008 - A multicomponent family of rootkitenabled backdoor trojans, developed to aid in the distribution of spam. Recent variants appear to be associated with the incidence of rogue security programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygimmiv">ms-caro-malware-full:malware-family="Gimmiv"</h4>
<div class="paragraph">
<p>2008 - a family of trojans that are sometimes installed by exploits of a vulnerability documented in Microsoft Security Bulletin MS08-067.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyyektel">ms-caro-malware-full:malware-family="Yektel"</h4>
<div class="paragraph">
<p>2008 - A family of trojans that display fake warnings of spyware or malware in an attempt to lure the user into installing or paying money to register rogue security products such as Win32/FakeXPA.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyroron">ms-caro-malware-full:malware-family="Roron"</h4>
<div class="paragraph">
<p>2008 - This virus spreads by attaching its code to other files on your PC or network. Some of the infected programs might no longer run correctly. Attempts to send personal information to a remote address. It may spread via e-mail, network shares, or peer-to-peer file sharing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyswif">ms-caro-malware-full:malware-family="Swif"</h4>
<div class="paragraph">
<p>2008 - A trojan that exploits a vulnerability in Adobe Flash Player to download malicious files. Adobe has published security bulletin APSB08-11 addressing the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymult">ms-caro-malware-full:malware-family="Mult"</h4>
<div class="paragraph">
<p>2008 - A group of threats, written in JavaScript, that attempt to exploit multiple vulnerabilities on affected computers in order to download, execute or otherwise run arbitrary code. The malicious JavaScript may be hosted on compromised or malicious websites, embedded in specially crafted PDF files, or could be called by other malicious scripts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywukill">ms-caro-malware-full:malware-family="Wukill"</h4>
<div class="paragraph">
<p>2008 - a family of mass-mailing e-mail and network worms. The Win32/Wukill worm spreads to root directories on certain local and mapped drives. The worm also spreads by sending a copy of itself as an attachment to e-mail addresses found on the infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyobjsnapt">ms-caro-malware-full:malware-family="Objsnapt"</h4>
<div class="paragraph">
<p>2008 - A detection for a Javascript file that exploits a known vulnerability in the Microsoft Access Snapshot Viewer ActiveX Control.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyredirector">ms-caro-malware-full:malware-family="Redirector"</h4>
<div class="paragraph">
<p>2008 - The threat is a piece of JavaScript code that is inserted on bad or hacked websites. It can direct your browser to a website you don&#8217;t want to go to. You might see the detection for this threat if you visit a bad or hacked website, or if you open an email message.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyxilos">ms-caro-malware-full:malware-family="Xilos"</h4>
<div class="paragraph">
<p>2008 - a detection for a proof-of-concept JavaScript obfuscation technique, which was originally published in 2002 in the sixth issue of 29A, an early online magazine for virus creators</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydecdec">ms-caro-malware-full:malware-family="Decdec"</h4>
<div class="paragraph">
<p>2008 - A detection for certain malicious JavaScript code injected in HTML pages. The virus will execute on user computers that visit compromised websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybearshare">ms-caro-malware-full:malware-family="BearShare"</h4>
<div class="paragraph">
<p>2008 - A P2P file-sharing client that uses the decentralized Gnutella network. Free versions of BearShare have come bundled with advertising supported and other potentially unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybitaccelerator">ms-caro-malware-full:malware-family="BitAccelerator"</h4>
<div class="paragraph">
<p>2008 - A program that redirects Web search results to other Web sites and may display various advertisements to users while browsing Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyblubtool">ms-caro-malware-full:malware-family="Blubtool"</h4>
<div class="paragraph">
<p>2008 - An Internet browser search toolbar that may be installed by other third-party software, such as a peer-to-peer file sharing application. It may modify Internet explorer search settings and display unwanted advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrserver">ms-caro-malware-full:malware-family="RServer"</h4>
<div class="paragraph">
<p>2008 - Commercial remote administration software that can be used to control a computer. These programs are typically installed by the computer owner or administrator and should only be removed if unexpected</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyultravnc">ms-caro-malware-full:malware-family="UltraVNC"</h4>
<div class="paragraph">
<p>2008 - A remote access program that can be used to control a computer. This program is typically installed by the computer owner or administrator, and should only be removed if unexpected.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyghostradmin">ms-caro-malware-full:malware-family="GhostRadmin"</h4>
<div class="paragraph">
<p>2008 - A remote administration tool that can be used to control a computer. These programs are typically installed by the computer owner or administrator and should only be removed if unexpected</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytightvnc">ms-caro-malware-full:malware-family="TightVNC"</h4>
<div class="paragraph">
<p>2008 - A remote control program that allows full control of the computer. These programs are typically installed by the computer owner or administrator and should only be removed if unexpected</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydamewareminiremotecontrol">ms-caro-malware-full:malware-family="DameWareMiniRemoteControl"</h4>
<div class="paragraph">
<p>2008 - A detection for the DameWare Mini Remote Control tools. This program was detected by definitions prior to 1.147.1889.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.147.1889.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyseekmosearchassistant_repack">ms-caro-malware-full:malware-family="SeekmoSearchAssistant_Repack"</h4>
<div class="paragraph">
<p>2008 - A detection that is triggered by modified (that is, edited and re-packed) remote control programs based on DameWare Mini Remote Control, a commercial software product</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynbar">ms-caro-malware-full:malware-family="Nbar"</h4>
<div class="paragraph">
<p>2008 - A program that may display advertisements and redirect user searches to a certain website. It may also download malicious or unwanted content into the system without user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familychir">ms-caro-malware-full:malware-family="Chir"</h4>
<div class="paragraph">
<p>2008 - A family with a worm component and a virus component. The worm component spreads by email and by exploiting a vulnerability addressed by Microsoft Security Bulletin MS01-020. The virus component may infect .exe, .scr, and HTML files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysality">ms-caro-malware-full:malware-family="Sality"</h4>
<div class="paragraph">
<p>2008 - A family of polymorphic file infectors that target executable files with the extensions .scr or .exe. They may execute a damaging payload that deletes files with certain extensions and terminates security-related processes and services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyobfuscator">ms-caro-malware-full:malware-family="Obfuscator"</h4>
<div class="paragraph">
<p>2008 - A detection for programs that use a combination of obfuscation techniques to hinder analysis or detection by antivirus scanners</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybyteverify">ms-caro-malware-full:malware-family="ByteVerify"</h4>
<div class="paragraph">
<p>2008 - a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM). This flaw enables attackers to execute arbitrary code on a user&#8217;s machine such as writing, downloading and executing additional malware. This vulnerability is addressed by update MS03-011, released in 2003.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyautorun">ms-caro-malware-full:malware-family="Autorun"</h4>
<div class="paragraph">
<p>2008 - A family of worms that spreads by copying itself to the mapped drives of an infected computer. The mapped drives may include network or removable drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhamweq">ms-caro-malware-full:malware-family="Hamweq"</h4>
<div class="paragraph">
<p>2008 - A worm that spreads through removable drives, such as USB memory sticks. It may contain an IRC-based backdoor enabling the computer to be controlled remotely by an attacker</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybrontok">ms-caro-malware-full:malware-family="Brontok"</h4>
<div class="paragraph">
<p>2008 - a family of mass-mailing e-mail worms. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyspywareprotect">ms-caro-malware-full:malware-family="SpywareProtect"</h4>
<div class="paragraph">
<p>2008 - A rogue security software family that may falsely claim that the users computer is infected and encourages the user to buy a product for cleaning the alleged malware from the computer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycbeplay">ms-caro-malware-full:malware-family="Cbeplay"</h4>
<div class="paragraph">
<p>2008 - A trojan that may upload computer operating system details to a remote Web site, download additional malware, and terminate debugging utilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyinternetantivirus">ms-caro-malware-full:malware-family="InternetAntivirus"</h4>
<div class="paragraph">
<p>2008 - A program that displays false and misleading malware alerts to convince users to purchase rogue security software. This program also displays a fake Windows Security Center message</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynuwar">ms-caro-malware-full:malware-family="Nuwar"</h4>
<div class="paragraph">
<p>2008 - A family of trojan droppers that install a distributed P2P downloader trojan. This downloader trojan in turn downloads an e-mail worm component.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrbot">ms-caro-malware-full:malware-family="Rbot"</h4>
<div class="paragraph">
<p>2008 - A family of backdoor trojans that allows attackers to control the computer through an IRC channel</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyircbot">ms-caro-malware-full:malware-family="IRCbot"</h4>
<div class="paragraph">
<p>2008 - A large family of backdoor trojans that drops malicious software and connects to IRC servers via a backdoor to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyskeemosearchassistant">ms-caro-malware-full:malware-family="SkeemoSearchAssistant"</h4>
<div class="paragraph">
<p>2008 - A program that displays targeted search results and pop-up advertisements based on terms that the user enters for Web searches. The pop-up advertisements may include adult content</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrealvnc">ms-caro-malware-full:malware-family="RealVNC"</h4>
<div class="paragraph">
<p>2008 - A management tool that allows a computer to be controlled remotely. It can be installed for legitimate purposes, but can also be installed from a remote location by an attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymoneytree">ms-caro-malware-full:malware-family="MoneyTree"</h4>
<div class="paragraph">
<p>2008 - A family of software that provides the ability to search for adult content on local disk. It may also install other potentially unwanted software, such as programs that display pop-up ads.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytracur">ms-caro-malware-full:malware-family="Tracur"</h4>
<div class="paragraph">
<p>2008 - A trojan that downloads and executes arbitrary files. It is sometimes distributed by ASX/Wimad.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymeredrop">ms-caro-malware-full:malware-family="Meredrop"</h4>
<div class="paragraph">
<p>2008 - This is a generic detection for trojans that install and run malware on your PC. These trojans have been deliberately created in a complex way to hide their purpose and make them difficult to analyze.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybanker">ms-caro-malware-full:malware-family="Banker"</h4>
<div class="paragraph">
<p>2008 - A family of data-stealing trojans that captures banking credentials such as account numbers and passwords from computer users and relays them to the attacker. Most variants target customers of Brazilian banks; some variants target customers of other banks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyldpinch">ms-caro-malware-full:malware-family="Ldpinch"</h4>
<div class="paragraph">
<p>2008 - a family of password-stealing trojans. This trojan gathers private user data such as passwords from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user&#8217;s e-mail client.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyadvantage">ms-caro-malware-full:malware-family="Advantage"</h4>
<div class="paragraph">
<p>2008 - a family of adware that displays pop-up advertisements and contacts a remote server to download updates</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyparite">ms-caro-malware-full:malware-family="Parite"</h4>
<div class="paragraph">
<p>2008 - a family of polymorphic file infectors that targets computers running Microsoft Windows. The virus infects .exe and .scr executable files on the local file system and on writeable network shares. In turn, the infected executable files perform operations that cause other .exe and .scr files to become infected.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypossiblehostsfilehijack">ms-caro-malware-full:malware-family="PossibleHostsFileHijack"</h4>
<div class="paragraph">
<p>2008 - an indicator that the computers HOSTS file may have been modified by malicious or potentially unwanted software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyalureon">ms-caro-malware-full:malware-family="Alureon"</h4>
<div class="paragraph">
<p>2008 - A data-stealing trojan that gathers confidential information such as user names, passwords, and credit card data from incoming and outgoing Internet traffic. It may also download malicious data and modify DNS settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypowerregscheduler">ms-caro-malware-full:malware-family="PowerRegScheduler"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.159.567.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.159.567.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyapsb08_11">ms-caro-malware-full:malware-family="APSB08-11"</h4>
<div class="paragraph">
<p>2008 - A trojan that attempts to exploit a vulnerability in Adobe Flash Player. In the wild, this trojan has been used to download and execute arbitrary files, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyconhook">ms-caro-malware-full:malware-family="ConHook"</h4>
<div class="paragraph">
<p>2008 - A family of Trojans that installs themselves as Browser Helper Objects (BHOs), and connects to the Internet without user consent. They also terminate specific security services, and download additional malware to the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familystarware">ms-caro-malware-full:malware-family="Starware"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.159.567.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.159.567.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywinspywareprotect">ms-caro-malware-full:malware-family="WinSpywareProtect"</h4>
<div class="paragraph">
<p>2008 - A program that may falsely claim that the user&#8217;s system is infected and encourages the user to buy a promoted product for cleaning the alleged malware from the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymessengerskinner">ms-caro-malware-full:malware-family="MessengerSkinner"</h4>
<div class="paragraph">
<p>2008 - A program, that may be distributed in the form of a freeware application, that displays advertisements, downloads additional files, and uses stealth to hide its presence</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyskintrim">ms-caro-malware-full:malware-family="Skintrim"</h4>
<div class="paragraph">
<p>2008 - A trojan that downloads and executes arbitrary files. It may be distributed by as a Microsoft Office Outlook addon used to display emoticons or other animated icons within e-mail messages.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyadrotator">ms-caro-malware-full:malware-family="AdRotator"</h4>
<div class="paragraph">
<p>2008 - delivers advertisements, and as the name suggests, rotates advertisements among sponsors. AdRotator contacts remote Web sites in order to deliver updated content. This application also displays fake error messages that encourage users to download and install additional applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywintrim">ms-caro-malware-full:malware-family="Wintrim"</h4>
<div class="paragraph">
<p>2008 - A family of trojans that display pop-up advertisements depending on the users keywords and browsing history. Its variants can monitor the users activities, download applications, and send system information back to a remote server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybusky">ms-caro-malware-full:malware-family="Busky"</h4>
<div class="paragraph">
<p>2008 - A family of Trojans that monitor and redirect Internet traffic, gather system information and download unwanted software such as Win32/Renos and Win32/SpySheriff. Win32/Busky may be installed by a Web browser exploit or other vulnerability when visiting a malicious Web site.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywhenu">ms-caro-malware-full:malware-family="WhenU"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.173.303.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymobis">ms-caro-malware-full:malware-family="Mobis"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysogou">ms-caro-malware-full:malware-family="Sogou"</h4>
<div class="paragraph">
<p>2008 - Detected by definitions prior to 1.155.995.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.155.995.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysdbot">ms-caro-malware-full:malware-family="Sdbot"</h4>
<div class="paragraph">
<p>2008 - A family of backdoor trojans that allows attackers to control infected computers. After a computer is infected, the trojan connects to an internet relay chat (IRC) server and joins a channel to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydelfinject">ms-caro-malware-full:malware-family="DelfInject"</h4>
<div class="paragraph">
<p>2008 - This threat can download and run files on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvapsup">ms-caro-malware-full:malware-family="Vapsup"</h4>
<div class="paragraph">
<p>2008 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybrowsingenhancer">ms-caro-malware-full:malware-family="BrowsingEnhancer"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.175.1834.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyjeefo">ms-caro-malware-full:malware-family="Jeefo"</h4>
<div class="paragraph">
<p>2008 - virus infects executable files, such as files with a .exe extension. When an infected file runs, the virus tries to run the original content of the file while it infects other executable files on your PC. This threat might have got on your PC if you inserted a removable disk or accessed a network connection that was infected.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysezon">ms-caro-malware-full:malware-family="Sezon"</h4>
<div class="paragraph">
<p>2008 - An adware that redirects web browsing to advertising or search sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrupass">ms-caro-malware-full:malware-family="RuPass"</h4>
<div class="paragraph">
<p>2008 - a DLL component which may be utilized by adware or malicious programs in order to monitor an affected user&#8217;s Internet usage and to capture sensitive information. Win32/RuPass has been distributed as a 420,352 byte DLL file, with the file name 'ConnectionServices.dll'.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyonestepsearch">ms-caro-malware-full:malware-family="OneStepSearch"</h4>
<div class="paragraph">
<p>2008 - Modifies the user&#8217;s browser to deliver targeted advertisements when the user enters search keywords. It may also replace or override web browser error pages that would otherwise be displayed when unresolvable web addresses are entered into the browser&#8217;s address bar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygamevance">ms-caro-malware-full:malware-family="GameVance"</h4>
<div class="paragraph">
<p>2008 - Software that displays advertisements and tracks anonymous usage information in exchange for a free online gaming experience at the Web address 'gamevance.com.'</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familye404">ms-caro-malware-full:malware-family="E404"</h4>
<div class="paragraph">
<p>2008 - is a browser helper object (BHO) that takes advantage of invalid or mistyped URLs entered in the address bar by redirecting the browser to Web sites containing adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymirar">ms-caro-malware-full:malware-family="Mirar"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfotomoto">ms-caro-malware-full:malware-family="Fotomoto"</h4>
<div class="paragraph">
<p>2008 - A Trojan that lowers security settings, delivers advertisements, and sends system and network configuration details to a remote Web site.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyardamax">ms-caro-malware-full:malware-family="Ardamax"</h4>
<div class="paragraph">
<p>2008 - The tool can capture your activity on your PC (such as the keys you press when typing in passwords) and might send this information to a hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhupigon">ms-caro-malware-full:malware-family="Hupigon"</h4>
<div class="paragraph">
<p>2008 - A family of trojans that uses a dropper to install one or more backdoor files and sometimes installs a password stealer or other malicious programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycnnic">ms-caro-malware-full:malware-family="CNNIC"</h4>
<div class="paragraph">
<p>2008 - enables Chinese keyword searching in Internet Explorer and adds support for other applications to use Chinese domain names that registered with CNNIC. Also contains a kernel driver that protects its files and registry settings from being modified or deleted</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymotepro">ms-caro-malware-full:malware-family="MotePro"</h4>
<div class="paragraph">
<p>2008 - May display advertisement pop-ups, and download programs from predefined Web sites. When installed, Win32/MotePro runs as a Web Browser Helper Object (BHO).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycnsmin">ms-caro-malware-full:malware-family="CnsMin"</h4>
<div class="paragraph">
<p>2008 - Installs a browser helper object (BHO) that redirects Internet Explorer searches to a Chinese search portal. CnsMin may be installed without adequate user consent. It may prevent its files from being removed or restore files that have been previously removed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybaiduiebar">ms-caro-malware-full:malware-family="BaiduIebar"</h4>
<div class="paragraph">
<p>2008 - A detection for an address line search tool. This program was detected by definitions prior to 1.153.956.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.153.956.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyejik">ms-caro-malware-full:malware-family="Ejik"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.175.1915.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyalibabaietoolbar">ms-caro-malware-full:malware-family="AlibabaIEToolBar"</h4>
<div class="paragraph">
<p>2008 - This program was detected by definitions prior to 1.175.1834.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybdplugin">ms-caro-malware-full:malware-family="BDPlugin"</h4>
<div class="paragraph">
<p>2008 - a DLL file which is usually introduced to an affected system as a component of BrowserModifier:Win32/BaiduSobar. It may display unwanted pop-ups and advertisements on the affected system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyadialer">ms-caro-malware-full:malware-family="Adialer"</h4>
<div class="paragraph">
<p>2008 - A trojan dialer program that connects to a premium number, or attempts to connect to adult websites via particular phone numbers without your permission, connects to remote hosts without user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyegroupsexdial">ms-caro-malware-full:malware-family="EGroupSexDial"</h4>
<div class="paragraph">
<p>2008 - A dialer program that may attempt to dial a premium number, thus possibly resulting in international phone charges for the user.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzonebac">ms-caro-malware-full:malware-family="Zonebac"</h4>
<div class="paragraph">
<p>2008 - A family of backdoor Trojans that allows a remote attacker to download and run arbitrary programs, and which may upload computer configuration information and other potentially sensitive data to remote Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyantinny">ms-caro-malware-full:malware-family="Antinny"</h4>
<div class="paragraph">
<p>2008 - A family of worms that targets certain versions of Microsoft Windows. The worm spreads using a Japanese peer-to-peer file-sharing application named Winny. The worm creates a copy of itself with a deceptive file name in the Winny upload folder so that it can be downloaded by other Winny users.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrewardnetwork">ms-caro-malware-full:malware-family="RewardNetwork"</h4>
<div class="paragraph">
<p>2008 - A program that monitors an affected user&#8217;s Internet usage and reports this usage to a remote server. Win32/RewardNetwork may be visible as an Internet Explorer toolbar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvirut">ms-caro-malware-full:malware-family="Virut"</h4>
<div class="paragraph">
<p>2008 - A family of file infecting viruses that target and infect .exe and .scr files accessed on infected systems. Win32/Virut also opens a backdoor by connecting to an IRC server</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyallaple">ms-caro-malware-full:malware-family="Allaple"</h4>
<div class="paragraph">
<p>2008 - A multi-threaded, polymorphic network worm capable of spreading to other computers connected to a local area network (LAN) and performing denial-of-service (DoS) attacks against targeted remote Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvkit_da">ms-caro-malware-full:malware-family="VKit_DA"</h4>
<div class="paragraph">
<p>2008 - This virus spreads by attaching its code to other files on your PC or network. Some of the infected programs might no longer run correctly.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysmall">ms-caro-malware-full:malware-family="Small"</h4>
<div class="paragraph">
<p>2008 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynetsky">ms-caro-malware-full:malware-family="Netsky"</h4>
<div class="paragraph">
<p>2008 - A mass-mailing worm that spreads by e-mailing itself to addresses found on an infected computer. Some variants contain a backdoor component and perform DoS attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyluder">ms-caro-malware-full:malware-family="Luder"</h4>
<div class="paragraph">
<p>2008 - A virus that spreads by infecting executable files, by inserting itself into .RAR archive files, and by sending a copy of itself as an attachment to e-mail addresses found on the infected computer. This virus has a date-activated, file damaging payload, and may connect to a remote server and accept commands from an attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyiframeref">ms-caro-malware-full:malware-family="IframeRef"</h4>
<div class="paragraph">
<p>2008 - A generic detection for specially formed IFrame tags that point to remote websites that contain malicious content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familylovelorn">ms-caro-malware-full:malware-family="Lovelorn"</h4>
<div class="paragraph">
<p>2008 - This threat is classified as a mass-mailing worm. A mass mailing email worm is self-contained malicious code that propagates by sending itself through e-mail. Typically, a mass mailing email worm uses its own SMTP engine to send itself, thus copies of the sent worm will not appear in the infected users outgoing or sent email folders. Technical details are currently not available.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycekar">ms-caro-malware-full:malware-family="Cekar"</h4>
<div class="paragraph">
<p>2008 - This threat downloads and installs other programs, including other malware, onto your PC without your consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydialsnif">ms-caro-malware-full:malware-family="Dialsnif"</h4>
<div class="paragraph">
<p>2008 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyconficker">ms-caro-malware-full:malware-family="Conficker"</h4>
<div class="paragraph">
<p>2008 - A worm that spreads by exploiting a vulnerability addressed by Security Bulletin MS08-067. Some variants also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyloveletter">ms-caro-malware-full:malware-family="LoveLetter"</h4>
<div class="paragraph">
<p>2009 - A family of mass-mailing worms that targets computers running certain versions of Windows. It can spread as an e-mail attachment and through an Internet Relay Chat (IRC) channel. The worm can download, overwrite, delete, infect, and run files on the infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvbswgbased">ms-caro-malware-full:malware-family="VBSWGbased"</h4>
<div class="paragraph">
<p>2009 - A generic detection for VBScript code that is known to be automatically generated by a particular malware tool.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyslammer">ms-caro-malware-full:malware-family="Slammer"</h4>
<div class="paragraph">
<p>2009 - A memory resident worm that spreads through a vulnerability present in computers running either MSDE 2000 or SQL Server that have not applied Microsoft Security Bulletin MS02-039.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymsblast">ms-caro-malware-full:malware-family="Msblast"</h4>
<div class="paragraph">
<p>2009 - A family of network worms that exploit a vulnerability addressed by security bulletin MS03-039. The worm may attempt Denial of Service (DoS) attacks on some server sites or create a backdoor on the infected system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysasser">ms-caro-malware-full:malware-family="Sasser"</h4>
<div class="paragraph">
<p>2009 - A family of network worms that exploit a vulnerability fixed by security bulletin MS04-011. The worm spreads by randomly scanning IP addresses for vulnerable machines and infecting any that are found</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynimda">ms-caro-malware-full:malware-family="Nimda"</h4>
<div class="paragraph">
<p>2009 - A family of worms that spread by exploiting a vulnerability addressed by Microsoft Security Bulletin MS01-020. The worm compromises security by sharing the C drive and creating a Guest account with administrator permissions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymydoom">ms-caro-malware-full:malware-family="Mydoom"</h4>
<div class="paragraph">
<p>2009 - A family of massmailing worms that spread through e-mail. Some variants also spread through P2P networks. It acts as a backdoor trojan and can sometimes be used to launch DoS attacks against specific Web sites</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybagle">ms-caro-malware-full:malware-family="Bagle"</h4>
<div class="paragraph">
<p>2009 - A worm that spreads by e-mailing itself to addresses found on an infected computer. Some variants also spread through peer-to-peer (P2P) networks. Bagle acts as a backdoor trojan and can be used to distribute other malicious software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywinwebsec">ms-caro-malware-full:malware-family="Winwebsec"</h4>
<div class="paragraph">
<p>2009 - A family of rogue security software programs that have been distributed with several different names. The user interface varies to reflect each variants individual branding</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykoobface">ms-caro-malware-full:malware-family="Koobface"</h4>
<div class="paragraph">
<p>2009 - A multicomponent family of malware used to compromise computers and use them to perform various malicious tasks. It spreads through the internal messaging systems of popular social networking sites</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypdfjsc">ms-caro-malware-full:malware-family="Pdfjsc"</h4>
<div class="paragraph">
<p>2009 - a family of specially crafted PDF files that exploits vulnerabilities in Adobe Acrobat and Adobe Reader. The files contain malicious JavaScript that executes when opened with a vulnerable program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypointfree">ms-caro-malware-full:malware-family="Pointfree"</h4>
<div class="paragraph">
<p>2009 - a browser modifier that redirects users when invalid Web site addresses or search terms are entered in the Windows Internet Explorer address bar</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familychadem">ms-caro-malware-full:malware-family="Chadem"</h4>
<div class="paragraph">
<p>2009 - A trojan that steals password details from an infected computer by monitoring network traffic associated with FTP connections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakeia">ms-caro-malware-full:malware-family="FakeIA"</h4>
<div class="paragraph">
<p>2009 - A rogue security software family that impersonates the Windows Security Center. It may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywaledac">ms-caro-malware-full:malware-family="Waledac"</h4>
<div class="paragraph">
<p>2009 - A trojan that is used to send spam. It also has the ability to download and execute arbitrary files, harvest e-mail addresses from the local machine, perform denial-of-service attacks, proxy network traffic, and sniff passwords</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprovis">ms-caro-malware-full:malware-family="Provis"</h4>
<div class="paragraph">
<p>2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprolaco">ms-caro-malware-full:malware-family="Prolaco"</h4>
<div class="paragraph">
<p>2009 - A family of worms that spreads via email, removable drives, Peer-to-Peer (P2P) and network shares. This worm may also drop and execute other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymywife">ms-caro-malware-full:malware-family="Mywife"</h4>
<div class="paragraph">
<p>2009 - A mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is designed to corrupt the content of specific files on the third day of every month.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymelissa">ms-caro-malware-full:malware-family="Melissa"</h4>
<div class="paragraph">
<p>2009 - A macro worm that spreads via e-mail and by infecting Word documents and templates. It is designed to work in Word 97 and Word 2000, and it uses Outlook to reach new targets through e-mail</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrochap">ms-caro-malware-full:malware-family="Rochap"</h4>
<div class="paragraph">
<p>2009 - A family of multicomponent trojans that download and execute additional malicious files. While downloading, some variants display a video from the Web site 'youtube.com' presumably to distract the user</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygamania">ms-caro-malware-full:malware-family="Gamania"</h4>
<div class="paragraph">
<p>2009 - A family of trojans that steals online game passwords and sends them to remote sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymabezat">ms-caro-malware-full:malware-family="Mabezat"</h4>
<div class="paragraph">
<p>2009 - a polymorphic virus that infects Windows executable files. Apart from spreading through file infection, it also attempts to spread through e-mail attachments, network shares, removable drives and by CD-burning. It also contains a date-based payload that encrypts files with particular extensions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhelpud">ms-caro-malware-full:malware-family="Helpud"</h4>
<div class="paragraph">
<p>2009 - A family of trojans that steals login information for popular online games. The gathered information is then sent to remote websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprivacycenter">ms-caro-malware-full:malware-family="PrivacyCenter"</h4>
<div class="paragraph">
<p>2009 - a family of programs that claims to scan for malware and displays fake warnings of 'malicious programs and viruses'. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakerean">ms-caro-malware-full:malware-family="FakeRean"</h4>
<div class="paragraph">
<p>2009 - This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC. However, the program hasn&#8217;t really detected any malware at all and isn&#8217;t really an antivirus or antimalware scanner. It just looks like one so you&#8217;ll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybredolab">ms-caro-malware-full:malware-family="Bredolab"</h4>
<div class="paragraph">
<p>2009 - A downloader that can access and execute arbitrary files from a remote host. Bredolab has been observed to download several other malware families to infected computers</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrugzip">ms-caro-malware-full:malware-family="Rugzip"</h4>
<div class="paragraph">
<p>2009 - A trojan that downloads other malware from predefined Web sites. Rugzip may itself be installed by other malware. Once it has performed its malicious routines, it deletes itself to avoid detection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakespypro">ms-caro-malware-full:malware-family="Fakespypro"</h4>
<div class="paragraph">
<p>2009 - A rogue security family that falsely claims that the affected computer is infected with malware and encourages the user to buy a promoted product it claims will clean the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybuzuz">ms-caro-malware-full:malware-family="Buzuz"</h4>
<div class="paragraph">
<p>2009 - A trojan that downloads malware known as 'SpywareIsolator' a rogue security software program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypoisonivy">ms-caro-malware-full:malware-family="PoisonIvy"</h4>
<div class="paragraph">
<p>2009 - A family of backdoor trojans that allow unauthorized access to and control of an affected machine. Poisonivy attempts to hide by injecting itself into other processes</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyagentbypass">ms-caro-malware-full:malware-family="AgentBypass"</h4>
<div class="paragraph">
<p>2009 - A detection for files that attempt to inject possibly malicious code into the explorer.exe process.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyenfal">ms-caro-malware-full:malware-family="Enfal"</h4>
<div class="paragraph">
<p>2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysystemhijack">ms-caro-malware-full:malware-family="SystemHijack"</h4>
<div class="paragraph">
<p>2009 - A generic detection that uses advanced heuristics in the Microsoft Antivirus engine to detect malware that displays particular types of malicious behavior.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprocinject">ms-caro-malware-full:malware-family="ProcInject"</h4>
<div class="paragraph">
<p>2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymalres">ms-caro-malware-full:malware-family="Malres"</h4>
<div class="paragraph">
<p>2009 - A trojan that drops another malware, detected as Virtool:WinNT/Malres.A, into the system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykirpich">ms-caro-malware-full:malware-family="Kirpich"</h4>
<div class="paragraph">
<p>2009 - a trojan that drops malicious code into the system. It also infects two system files; the infected files are detected as Virus:Win32/Kirpich.A, in the system. This does not constitute virus behavior for the trojan as it does not infect any other files and therefore does not have any conventional replication routines. TrojanDropper:Win32/Kirpich.A also disables Data Execution Protection and steals specific system information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymalagent">ms-caro-malware-full:malware-family="Malagent"</h4>
<div class="paragraph">
<p>2009 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybumat">ms-caro-malware-full:malware-family="Bumat"</h4>
<div class="paragraph">
<p>2009 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybifrose">ms-caro-malware-full:malware-family="Bifrose"</h4>
<div class="paragraph">
<p>2009 - A backdoor trojan that allows a remote attacker to access the compromised computer and injects its processes into the Windows shell and Internet Explorer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyripinip">ms-caro-malware-full:malware-family="Ripinip"</h4>
<div class="paragraph">
<p>2009 - This threat can give a hacker unauthorized access and control of your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyriler">ms-caro-malware-full:malware-family="Riler"</h4>
<div class="paragraph">
<p>2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfarfli">ms-caro-malware-full:malware-family="Farfli"</h4>
<div class="paragraph">
<p>2009 - A trojan that drops various files detected as malware into a system. It also has backdoor capabilities that allow it to contact a remote attacker and wait for instructions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypcclient">ms-caro-malware-full:malware-family="PcClient"</h4>
<div class="paragraph">
<p>2009 - A backdoor trojan family with several components including a key logger, backdoor, and a rootkit.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyveden">ms-caro-malware-full:malware-family="Veden"</h4>
<div class="paragraph">
<p>2009 - A name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybanload">ms-caro-malware-full:malware-family="Banload"</h4>
<div class="paragraph">
<p>2009 - A family of trojans that download other malware. Banload usually downloads Win32/Banker, which steals banking credentials and other sensitive data and sends it back to a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymicrojoin">ms-caro-malware-full:malware-family="Microjoin"</h4>
<div class="paragraph">
<p>2009 - a tool that is used to deploy malware without being detected. It is used to bundle multiple files, consisting of a clean file and malware files, into a single executable.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykillav">ms-caro-malware-full:malware-family="Killav"</h4>
<div class="paragraph">
<p>2009 - a trojan that terminates a large number of security-related processes, including those for antivirus, monitoring, or debugging tools, and may install certain exploits for the vulnerability addressed by Microsoft Security Bulletin MS08-067</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycinmus">ms-caro-malware-full:malware-family="Cinmus"</h4>
<div class="paragraph">
<p>2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymessengerplus">ms-caro-malware-full:malware-family="MessengerPlus"</h4>
<div class="paragraph">
<p>2009 - A non-Microsoft add-on for Microsofts Windows Live Messenger, called Messenger Plus!. It comes with an optional sponsor program installation, detected as Spyware:Win32/C2Lop.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhaxdoor">ms-caro-malware-full:malware-family="Haxdoor"</h4>
<div class="paragraph">
<p>2009 - a backdoor trojan that allows remote control of the machine over the Internet. The trojan is rootkit-enabled, allowing it to hide processes and files related to the threat. Haxdoor lowers security settings on the computer and gathers user and system information to send to a third party</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynieguide">ms-caro-malware-full:malware-family="Nieguide"</h4>
<div class="paragraph">
<p>2009 - a detection for a DLL file that connects to a Web site and may display advertisements or download other programs</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyithink">ms-caro-malware-full:malware-family="Ithink"</h4>
<div class="paragraph">
<p>2009 - displays pop-up advertisements; it is usually bundled with other applications</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypointad">ms-caro-malware-full:malware-family="Pointad"</h4>
<div class="paragraph">
<p>2009 - This program was detected by definitions prior to 1.175.2145.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywebdir">ms-caro-malware-full:malware-family="Webdir"</h4>
<div class="paragraph">
<p>2009 - A Web Browser Helper Object (BHO) used to collect user information and display targeted advertisings using Internet Explorer browser. Webdir attempts to modify certain visited urls to include affiliate IDs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymicrobillsys">ms-caro-malware-full:malware-family="Microbillsys"</h4>
<div class="paragraph">
<p>2009 - a program that processes payments made to a billing Web site. It is considered potentially unwanted software because it cannot be removed from the Add/Remove Programs list in Control Panel; rather, a user requires an 'uninstall code' before the program can be removed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykerlofost">ms-caro-malware-full:malware-family="Kerlofost"</h4>
<div class="paragraph">
<p>2009 - a browser helper object (BHO) that may modify browsing behavior; redirect searches; report user statistics, behavior, and searches back to a remote server; and display pop-up advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzwangi">ms-caro-malware-full:malware-family="Zwangi"</h4>
<div class="paragraph">
<p>2009 - A program that runs as a service in the background and modifies Web browser settings to visit a particular Web site</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydoubled">ms-caro-malware-full:malware-family="DoubleD"</h4>
<div class="paragraph">
<p>2009 - an adware program that displays pop-up advertising, runs at each system start and is installed as an Internet Explorer toolbar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyshopathome">ms-caro-malware-full:malware-family="ShopAtHome"</h4>
<div class="paragraph">
<p>2009 - A browser redirector that monitors Web-browsing behavior and online purchases. It claims to track points for ShopAtHome rebates when the user buys products directly from affiliated merchant Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakevimes">ms-caro-malware-full:malware-family="FakeVimes"</h4>
<div class="paragraph">
<p>2009 - a downloading component of Win32/FakeVimes - a family of programs that claims to scan for malware and displays fake warnings of 'malicious programs and viruses'. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakecog">ms-caro-malware-full:malware-family="FakeCog"</h4>
<div class="paragraph">
<p>2009 - This threat claims to scan your PC for malware and then shows you fake warnings. They try to convince you to pay to register the software to remove the non-existent threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakeadpro">ms-caro-malware-full:malware-family="FakeAdPro"</h4>
<div class="paragraph">
<p>2009 - a program that may display false and misleading alerts regarding errors and malware to entice users to purchase it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakesmoke">ms-caro-malware-full:malware-family="FakeSmoke"</h4>
<div class="paragraph">
<p>2009 - a family of trojans consisting of a fake Security Center interface and a fake antivirus program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakebye">ms-caro-malware-full:malware-family="FakeBye"</h4>
<div class="paragraph">
<p>2009 - A rogue security software family that uses a Korean-language user interface.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhiloti">ms-caro-malware-full:malware-family="Hiloti"</h4>
<div class="paragraph">
<p>2009 - a generic detection for a trojan that interferes with an affected user&#8217;s browsing habits and downloads and executes arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytikayb">ms-caro-malware-full:malware-family="Tikayb"</h4>
<div class="paragraph">
<p>2009 - A trojan that attempts to establish a secure network connection to various Web sites without the users consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyursnif">ms-caro-malware-full:malware-family="Ursnif"</h4>
<div class="paragraph">
<p>2009 - A family of trojans that steals sensitive information from an affected computer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrimecud">ms-caro-malware-full:malware-family="Rimecud"</h4>
<div class="paragraph">
<p>2009 - A family of worms with multiple components that spreads via fixed and removable drives and via instant messaging. It also contains backdoor functionality that allows unauthorized access to an affected system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familylethic">ms-caro-malware-full:malware-family="Lethic"</h4>
<div class="paragraph">
<p>2009 - A trojan that connects to remote servers, which may lead to unauthorized access to an affected system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyceeinject">ms-caro-malware-full:malware-family="CeeInject"</h4>
<div class="paragraph">
<p>2009 - This threat has been 'obfuscated', which means it has tried to hide its purpose so your security software doesn&#8217;t detect it. The malware that lies underneath this obfuscation can have almost any purpose.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycmdow">ms-caro-malware-full:malware-family="Cmdow"</h4>
<div class="paragraph">
<p>2009 - a detection for a command-line tool and violated the guidelines by which Microsoft identified unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyyabector">ms-caro-malware-full:malware-family="Yabector"</h4>
<div class="paragraph">
<p>2009 - This trojan can use your PC to click on online advertisements without your permission or knowledge. This can earn money for a malicious hacker by making a website or application appear more popular than it is.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrenocide">ms-caro-malware-full:malware-family="Renocide"</h4>
<div class="paragraph">
<p>2009 - a family of worms that spread via local, removable, and network drives and also using file sharing applications. They have IRC-based backdoor functionality, which may allow a remote attacker to execute commands on the affected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyliften">ms-caro-malware-full:malware-family="Liften"</h4>
<div class="paragraph">
<p>2009 - a trojan that is used to stop affected users from downloading security updates. It is downloaded by Trojan:Win32/FakeXPA.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyshellcode">ms-caro-malware-full:malware-family="ShellCode"</h4>
<div class="paragraph">
<p>2009 - A generic detection for JavaScript-enabled objects that contain exploit code and may exhibit suspicious behavior. Malicious websites and malformed PDF documents may contain JavaScript that attempts to execute code without the affected user&#8217;s consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyflyagent">ms-caro-malware-full:malware-family="FlyAgent"</h4>
<div class="paragraph">
<p>2009 - A backdoor trojan program that is capable of performing several actions depending on the commands of a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypsyme">ms-caro-malware-full:malware-family="Psyme"</h4>
<div class="paragraph">
<p>2009 - This threat downloads and installs other programs, including other malware, onto your PC without your consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyorsam">ms-caro-malware-full:malware-family="Orsam"</h4>
<div class="paragraph">
<p>2009 - A generic detection for a variety of threats. A name used for trojans that have been added to MS signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyagentoff">ms-caro-malware-full:malware-family="AgentOff"</h4>
<div class="paragraph">
<p>2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynuj">ms-caro-malware-full:malware-family="Nuj"</h4>
<div class="paragraph">
<p>2009 - a worm that copies itself to fixed, removable or network drives. Some variants of this worm may also terminate antivirus-related processes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysohanad">ms-caro-malware-full:malware-family="Sohanad"</h4>
<div class="paragraph">
<p>2009 - Worms automatically spread to other PCs. They can do this in a number of ways, including by copying themselves to removable drives, network folders, or spreading through email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyi2isolutions">ms-caro-malware-full:malware-family="I2ISolutions"</h4>
<div class="paragraph">
<p>2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydpoint">ms-caro-malware-full:malware-family="Dpoint"</h4>
<div class="paragraph">
<p>2009 - This program was detected by definitions prior to 1.175.1915.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysilly_p2p">ms-caro-malware-full:malware-family="Silly_P2P"</h4>
<div class="paragraph">
<p>2009 - Worms automatically spread to other PCs. They can do this in a number of ways, including by copying themselves to removable drives, network folders, or spreading through email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvobfus">ms-caro-malware-full:malware-family="Vobfus"</h4>
<div class="paragraph">
<p>2009 - This family of worms can download other malware onto your PC, including: Win32/Beebone, Win32/Fareit, Win32/Zbot. Vobfus worms can be downloaded by other malware or spread via removable drives, such as USB flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydaurso">ms-caro-malware-full:malware-family="Daurso"</h4>
<div class="paragraph">
<p>2009 - a family of trojans that attempts to steal sensitive information, including passwords and FTP authentication details from affected computers. This family targets particular FTP applications and also attempts to steal data from Protected Storage.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymydealassistant">ms-caro-malware-full:malware-family="MyDealAssistant"</h4>
<div class="paragraph">
<p>2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyadsubscribe">ms-caro-malware-full:malware-family="Adsubscribe"</h4>
<div class="paragraph">
<p>2009 - This program was detected by definitions prior to 1.175.1834.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymycentria">ms-caro-malware-full:malware-family="MyCentria"</h4>
<div class="paragraph">
<p>2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfierads">ms-caro-malware-full:malware-family="Fierads"</h4>
<div class="paragraph">
<p>2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvbinject">ms-caro-malware-full:malware-family="VBInject"</h4>
<div class="paragraph">
<p>2009 - This is a generic detection for malicious files that are obfuscated using particular techniques to prevent their detection or analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyperfectkeylogger">ms-caro-malware-full:malware-family="PerfectKeylogger"</h4>
<div class="paragraph">
<p>2009 - a commercial monitoring program that monitors user activity, such as keystrokes typed. MonitoringTool:Win32/PerfectKeylogger is available for purchase at the company&#8217;s website. It may also have been installed without user consent by a Trojan or other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyagobot">ms-caro-malware-full:malware-family="AgoBot"</h4>
<div class="paragraph">
<p>2010 VOL09 - A backdoor that communicates with a central server using IRC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybubnix">ms-caro-malware-full:malware-family="Bubnix"</h4>
<div class="paragraph">
<p>2010 VOL09 - A generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server and download and distribute spam email messages and could download and execute arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyciteary">ms-caro-malware-full:malware-family="Citeary"</h4>
<div class="paragraph">
<p>2010 VOL09 - A kernel mode driver installed by Win32/Citeary, a worm that spreads to all available drives including the local drive, installs device drivers and attempts to download other malware from a predefined website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakeinit">ms-caro-malware-full:malware-family="Fakeinit"</h4>
<div class="paragraph">
<p>2010 VOL09 - A rogue security software family distributed under the names Internet Security 2010, Security Essentials 2010, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyoficla">ms-caro-malware-full:malware-family="Oficla"</h4>
<div class="paragraph">
<p>2010 VOL09 - A family of trojans that attempt to inject code into running processes in order to download and execute arbitrary files. It may download rogue security programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypasur">ms-caro-malware-full:malware-family="Pasur"</h4>
<div class="paragraph">
<p>2010 VOL09 - a name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprettypark">ms-caro-malware-full:malware-family="PrettyPark"</h4>
<div class="paragraph">
<p>2010 VOL09 - A worm that spreads via email attachments. It allows backdoor access and control of an infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprorat">ms-caro-malware-full:malware-family="Prorat"</h4>
<div class="paragraph">
<p>2010 VOL09 - A trojan that opens random ports that allow remote access from an attacker to the affected computer. This backdoor may download and execute other malware from predefined websites and may terminate several security applications or services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypushbot">ms-caro-malware-full:malware-family="Pushbot"</h4>
<div class="paragraph">
<p>2010 VOL09 - A detection for a family of malware that spreads via MSN Messenger, Yahoo! Messenger, and AIM when commanded by a remote attacker. It contains backdoor functionality that allows unauthorized access and control of an affected machine.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrandex">ms-caro-malware-full:malware-family="Randex"</h4>
<div class="paragraph">
<p>2010 VOL09 - A worm that scans randomly generated IP addresses to attempt to spread to network shares with weak passwords. After the worm infects a computer, it connects to an IRC server to receive commands from the attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysdbot_2">ms-caro-malware-full:malware-family="SDBot"</h4>
<div class="paragraph">
<p>2010 VOL09 - A family of backdoor trojans that allows attackers to control infected computers over an IRC channel.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytrenk">ms-caro-malware-full:malware-family="Trenk"</h4>
<div class="paragraph">
<p>2010 VOL09 - a name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytofsee">ms-caro-malware-full:malware-family="Tofsee"</h4>
<div class="paragraph">
<p>2010 VOL09 - A multi-component family of backdoor trojans that act as a spam and traffic relay.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyursap">ms-caro-malware-full:malware-family="Ursap"</h4>
<div class="paragraph">
<p>2010 VOL09 - a name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzbot">ms-caro-malware-full:malware-family="Zbot"</h4>
<div class="paragraph">
<p>2010 VOL09 - A family of password stealing trojans that also contains backdoor functionality allowing unauthorized access and control of an affected machine.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyciucio">ms-caro-malware-full:malware-family="Ciucio"</h4>
<div class="paragraph">
<p>2010 VOL10 - A family of trojans that connect to certain websites in order to download arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyclickpotato">ms-caro-malware-full:malware-family="ClickPotato"</h4>
<div class="paragraph">
<p>2010 VOL10 - A program that displays popup and notification-style advertisements based on the users browsing habits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2010_0806">ms-caro-malware-full:malware-family="CVE-2010-0806"</h4>
<div class="paragraph">
<p>2010 VOL10 - A detection for malicious JavaScript that attempts to exploit the vulnerability addressed by Microsoft Security Bulletin MS10-018.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydelf">ms-caro-malware-full:malware-family="Delf"</h4>
<div class="paragraph">
<p>2010 VOL10 - A detection for various threats written in the Delphi programming language. The behaviors displayed by this malware family are highly variable.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakepav">ms-caro-malware-full:malware-family="FakePAV"</h4>
<div class="paragraph">
<p>2010 VOL10 - A rogue security software family that masquerades as Microsoft Security Essentials.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykeygen">ms-caro-malware-full:malware-family="Keygen"</h4>
<div class="paragraph">
<p>2010 VOL10 - A generic detection for tools that generate product keys for illegally obtained versions of various software products.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyonescan">ms-caro-malware-full:malware-family="Onescan"</h4>
<div class="paragraph">
<p>2010 VOL10 - A Korean-language rogue security software family distributed under the names One Scan, Siren114, EnPrivacy, PC Trouble, My Vaccine, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypornpop">ms-caro-malware-full:malware-family="Pornpop"</h4>
<div class="paragraph">
<p>2010 VOL10 - A generic detection for specially-crafted JavaScript-enabled objects that attempt to display pop-under advertisements, usually with adult content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familystartpage">ms-caro-malware-full:malware-family="Startpage"</h4>
<div class="paragraph">
<p>2010 VOL10 - A detection for various threats that change the configured start page of the affected users web browser, and may also perform other malicious actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybegseabug">ms-caro-malware-full:malware-family="Begseabug"</h4>
<div class="paragraph">
<p>2011 VOL11 - A trojan that downloads and executes arbitrary files on an affected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2010_0840">ms-caro-malware-full:malware-family="CVE-2010-0840"</h4>
<div class="paragraph">
<p>2011 VOL11 - A detection for a malicious and obfuscated Java class that exploits a vulnerability described in CVE-2010-0840. Oracle Corporation addressed the vulnerability with a security update in March 2010.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycycbot">ms-caro-malware-full:malware-family="Cycbot"</h4>
<div class="paragraph">
<p>2011 VOL11 - A backdoor trojan that allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific remote server to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydroiddream">ms-caro-malware-full:malware-family="DroidDream"</h4>
<div class="paragraph">
<p>2011 VOL11 - A malicious program that affects mobile devices running the Android operating system. It may be bundled with clean applications, and is capable of allowing a remote attacker to gain access to the mobile device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakemacdef">ms-caro-malware-full:malware-family="FakeMacdef"</h4>
<div class="paragraph">
<p>2011 VOL11 - A rogue security software family that affects Apple Mac OS X. It has been distributed under the names MacDefender, MacSecurity, MacProtector, and possibly others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygamehack">ms-caro-malware-full:malware-family="GameHack"</h4>
<div class="paragraph">
<p>2011 VOL11 - Malware that is often bundled with game applications. It commonly displays unwanted pop-up advertisements and may be installed as a web browser helper object.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyloic">ms-caro-malware-full:malware-family="Loic"</h4>
<div class="paragraph">
<p>2011 VOL11 - An open-source network attack tool designed to perform denial-ofservice (DoS) attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familylotoor">ms-caro-malware-full:malware-family="Lotoor"</h4>
<div class="paragraph">
<p>2011 VOL11 - A detection for specially crafted Android programs that attempt to exploit vulnerabilities in the Android operating system to gain root privilege.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynuqel">ms-caro-malware-full:malware-family="Nuqel"</h4>
<div class="paragraph">
<p>2011 VOL11 - A worm that spreads via mapped drives and certain instant messaging applications. It may modify system settings, connect to certain websites, download arbitrary files, or take other malicious actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyofferbox">ms-caro-malware-full:malware-family="OfferBox"</h4>
<div class="paragraph">
<p>2011 VOL11 - A program that displays offers based on the user&#8217;s web browsing habits. Some versions may display advertisements in a pop-under window. Win32/OfferBox may be installed without adequate user consent by malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyopencandy">ms-caro-malware-full:malware-family="OpenCandy"</h4>
<div class="paragraph">
<p>2011 VOL11 - An adware program that may be bundled with certain thirdparty software installation programs. Some versions may send user-specific information, including a unique machine code, operating system information, locale, and certain other information to a remote server without obtaining adequate user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypameseg">ms-caro-malware-full:malware-family="Pameseg"</h4>
<div class="paragraph">
<p>2011 VOL11 - A fake program installer that requires the user to send SMS messages to a premium number to successfully install certain programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypramro">ms-caro-malware-full:malware-family="Pramro"</h4>
<div class="paragraph">
<p>2011 VOL11 - A trojan that creates a proxy on the infected computer for email and HTTP traffic, and is used to send spam email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyramnit">ms-caro-malware-full:malware-family="Ramnit"</h4>
<div class="paragraph">
<p>2011 VOL11 - A family of multi-component malware that infects executable files, Microsoft Office files, and HTML files. Win32/Ramnit spreads to removable drives and steals sensitive information such as saved FTP credentials and browser cookies. It may also open a backdoor to await instructions from a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrlsloup">ms-caro-malware-full:malware-family="Rlsloup"</h4>
<div class="paragraph">
<p>2011 VOL11 - A family of trojans that are used to send spam email. Rlsloup consists of several components, including an installation trojan component and a spamming payload component.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyshopperreports">ms-caro-malware-full:malware-family="ShopperReports"</h4>
<div class="paragraph">
<p>2011 VOL11 - Adware that displays targeted advertising to affected users while browsing the Internet, based on search terms entered into search engines.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysinowal">ms-caro-malware-full:malware-family="Sinowal"</h4>
<div class="paragraph">
<p>2011 VOL11 - A family of password-stealing and backdoor trojans. It may try to install a fraudulent SSL certificate on the computer. Sinowal may also capture user data such as banking credentials from various user accounts and send the data to Web sites specified by the attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familystuxnet">ms-caro-malware-full:malware-family="Stuxnet"</h4>
<div class="paragraph">
<p>2011 VOL11 - A multi-component family that spreads via removable volumes by exploiting the vulnerability addressed by Microsoft Security Bulletin MS10-046.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyswimnag">ms-caro-malware-full:malware-family="Swimnag"</h4>
<div class="paragraph">
<p>2011 VOL11 - A worm that spreads via removable drives and drops a randomly-named DLL in the Windows system folder.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytedroo">ms-caro-malware-full:malware-family="Tedroo"</h4>
<div class="paragraph">
<p>2011 VOL11 - A trojan that sends spam email messages. Some variants may disable certain Windows services or allow backdoor access by a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyyimfoca">ms-caro-malware-full:malware-family="Yimfoca"</h4>
<div class="paragraph">
<p>2011 VOL11 - A worm family that spreads via common instant messaging applications and social networking sites. It is capable of connecting to a remote HTTP or IRC server to receive updated configuration data. It also modifies certain system and security settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybamital">ms-caro-malware-full:malware-family="Bamital"</h4>
<div class="paragraph">
<p>2011 VOL12 - A family of malware that intercepts web browser traffic and prevents access to specific security-related websites by modifying the Hosts file. Bamital variants may also modify specific legitimate Windows files in order to execute their payload.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyblacole">ms-caro-malware-full:malware-family="Blacole"</h4>
<div class="paragraph">
<p>2011 VOL12 - An exploit pack, also known as Blackhole, that is installed on a compromised web server by an attacker and includes a number of exploits that target browser software. If a vulnerable computer browses a compromised website containing the exploit pack, various malware may be downloaded and run.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybulilit">ms-caro-malware-full:malware-family="Bulilit"</h4>
<div class="paragraph">
<p>2011 VOL12 - A trojan that silently downloads and installs other programs without consent. Infection could involve the installation of additional malware or malware components to an affected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydorkbot">ms-caro-malware-full:malware-family="Dorkbot"</h4>
<div class="paragraph">
<p>2011 VOL12 - A worm that spreads via instant messaging and removable drives. It also contains backdoor functionality that allows unauthorized access and control of the affected computer. Win32/Dorkbot may be distributed from compromised or malicious websites using PDF or browser exploits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyeyestye">ms-caro-malware-full:malware-family="EyeStye"</h4>
<div class="paragraph">
<p>2011 VOL12 - A trojan that attempts to steal sensitive data using a method known as form grabbing, and sends it to a remote attacker. It may also download and execute arbitary files and use a rootkit component to hide its activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakesysdef">ms-caro-malware-full:malware-family="FakeSysdef"</h4>
<div class="paragraph">
<p>2011 VOL12 - A rogue security software family that claims to discover nonexistent hardware defects related to system memory, hard drives, and overall system performance, and charges a fee to fix the supposed problems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhelompy">ms-caro-malware-full:malware-family="Helompy"</h4>
<div class="paragraph">
<p>2011 VOL12 - A worm that spreads via removable drives and attempts to capture and steal authentication details for a number of different websites or online services, including Facebook and Gmail.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymalf">ms-caro-malware-full:malware-family="Malf"</h4>
<div class="paragraph">
<p>2011 VOL12 - A generic detection for malware that drops additional malicious files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrugo">ms-caro-malware-full:malware-family="Rugo"</h4>
<div class="paragraph">
<p>2011 VOL12 - A program that installs silently on the users computer and displays advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysirefef">ms-caro-malware-full:malware-family="Sirefef"</h4>
<div class="paragraph">
<p>2011 VOL12 - A rogue security software family distributed under the name Antivirus 2010 and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysisproc">ms-caro-malware-full:malware-family="Sisproc"</h4>
<div class="paragraph">
<p>2011 VOL12 - A generic detection for a group of trojans that have been observed to perform a number of various and common malware behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyswisyn">ms-caro-malware-full:malware-family="Swisyn"</h4>
<div class="paragraph">
<p>2011 VOL12 - A trojan that drops and executes arbitrary files on an infected computer. The dropped files may be potentially unwanted or malicious programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyblacoleref">ms-caro-malware-full:malware-family="BlacoleRef"</h4>
<div class="paragraph">
<p>2012 VOL13 - An obfuscated script, often found inserted into compromised websites, that uses a hidden inline frame to redirect the browser to a Blacole exploit server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2012_0507">ms-caro-malware-full:malware-family="CVE-2012-0507"</h4>
<div class="paragraph">
<p>2012 VOL13 - A detection for a malicious Java applet that exploits the Java Runtime Environment (JRE) vulnerability described in CVE-2012-0507, addressed by an Oracle security update in February 2012.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyflashback">ms-caro-malware-full:malware-family="Flashback"</h4>
<div class="paragraph">
<p>2012 VOL13 - A trojan that targets Java JRE vulnerability CVE-2012-0507 on Mac OS X to enroll the infected computer in a botnet.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygendows">ms-caro-malware-full:malware-family="Gendows"</h4>
<div class="paragraph">
<p>2012 VOL13 - A tool that attempts to activate Windows 7 and Windows Vista operating system installations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygingerbreak">ms-caro-malware-full:malware-family="GingerBreak"</h4>
<div class="paragraph">
<p>2012 VOL13 - A program that affects mobile devices running the Android operating system. It drops and executes an exploit that, if run successfully, gains administrator privileges on the device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygingermaster">ms-caro-malware-full:malware-family="GingerMaster"</h4>
<div class="paragraph">
<p>2012 VOL13 - A malicious program that affects mobile devices running the Android operating system. It may be bundled with clean applications, and is capable of allowing a remote attacker to gain access to the mobile device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymult_js">ms-caro-malware-full:malware-family="Mult_JS"</h4>
<div class="paragraph">
<p>2012 VOL13 - A generic detection for various exploits written in the JavaScript language.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypatch">ms-caro-malware-full:malware-family="Patch"</h4>
<div class="paragraph">
<p>2012 VOL13 - A family of tools intended to modify, or 'patch' programs that may be evaluation copies, or unregistered versions with limited features for the purpose of removing the limitations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyphoex">ms-caro-malware-full:malware-family="Phoex"</h4>
<div class="paragraph">
<p>2012 VOL13 - A malicious script that exploits the Java Runtime Environment (JRE) vulnerability discussed in CVE-2010-4452. If run in a computer running a vulnerable version of Java, it downloads and executes arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypluzoks">ms-caro-malware-full:malware-family="Pluzoks"</h4>
<div class="paragraph">
<p>2012 VOL13 - A trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypopupper">ms-caro-malware-full:malware-family="Popupper"</h4>
<div class="paragraph">
<p>2012 VOL13 - A detection for a particular JavaScript script that attempts to display pop-under advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywizpop">ms-caro-malware-full:malware-family="Wizpop"</h4>
<div class="paragraph">
<p>2012 VOL13 - Adware that may track user search habits and download executable programs without user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywpakill">ms-caro-malware-full:malware-family="Wpakill"</h4>
<div class="paragraph">
<p>2012 VOL13 - A family of tools that attempt to disable or bypass WPA (Windows Product Activation), WGA (Windows Genuine Advantage) checks, or WAT (Windows Activation Technologies), by altering Windows operating system files, terminating processes, or stopping services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyyeltminky">ms-caro-malware-full:malware-family="Yeltminky"</h4>
<div class="paragraph">
<p>2012 VOL13 - A family of worms that spreads by making copies of itself on all available drives and creating an autorun.inf file to execute that copy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyaimesu">ms-caro-malware-full:malware-family="Aimesu"</h4>
<div class="paragraph">
<p>2013 VOL15 - A threat that exploits vulnerabilities in unpatched versions of Java, Adobe Reader, or Flash Player. It then installs other malare on the computer, including components of the Blackhole and Cool exploit kits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybdaejec">ms-caro-malware-full:malware-family="Bdaejec"</h4>
<div class="paragraph">
<p>2013 VOL15 - A trojan that allows unauthorized access and control of an affected computer, and that may download and install other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybursted">ms-caro-malware-full:malware-family="Bursted"</h4>
<div class="paragraph">
<p>2013 VOL15 - A virus written in the AutoLISP scripting language used by the AutoCAD computer-aided design program. It infects other AutoLISP files with the extension .lsp.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycolkit">ms-caro-malware-full:malware-family="Colkit"</h4>
<div class="paragraph">
<p>2013 VOL15 - A detection for obfuscated, malicious JavaScript code that redirects to or loads files that may exploit a vulnerable version of Java, Adobe Reader, or Adobe Flash, possibly in an attempt to load malware onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycoolex">ms-caro-malware-full:malware-family="Coolex"</h4>
<div class="paragraph">
<p>2013 VOL15 - A detection for scripts from an exploit pack known as the Cool Exploit Kit. These scripts are often used in ransomware schemes in which an attacker locks a victims computer or encrypts the users data and demands money to make it available again.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycpllnk">ms-caro-malware-full:malware-family="CplLnk"</h4>
<div class="paragraph">
<p>2013 VOL15 - A generic detection for specially crafted malicious shortcut files that attempt to exploit the vulnerability addressed by Microsoft Security Bulletin MS10-046, CVE-2010-2568.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2011_1823">ms-caro-malware-full:malware-family="CVE-2011-1823"</h4>
<div class="paragraph">
<p>2013 VOL15 - A detection for specially crafted Android programs that attempt to exploit a vulnerability in the Android operating system to gain root privilege.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2012_1723">ms-caro-malware-full:malware-family="CVE-2012-1723"</h4>
<div class="paragraph">
<p>2013 VOL15 - A family of malicious Java applets that attempt to exploit vulnerability CVE-2012-1723 in the Java Runtime Environment (JRE) to download and install files of an attackers choice onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydealply">ms-caro-malware-full:malware-family="DealPly"</h4>
<div class="paragraph">
<p>2013 VOL15 - Adware that displays offers related to the users web browsing habits. It may be bundled with certain third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfareit">ms-caro-malware-full:malware-family="Fareit"</h4>
<div class="paragraph">
<p>2013 VOL15 - A malware family that has multiple components: a password stealing component that steals sensitive information and sends it to an attacker, and a DDoS component that could be used against other computers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfastsaveapp">ms-caro-malware-full:malware-family="FastSaveApp"</h4>
<div class="paragraph">
<p>2013 VOL15 - An adware program that displays offers related to the user&#8217;s web browsing habits. It may use the name 'SaveAs' or 'SaveByClick'.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfindlyrics">ms-caro-malware-full:malware-family="FindLyrics"</h4>
<div class="paragraph">
<p>2013 VOL15 - An adware program that displays ads related to the user&#8217;s web browsing habits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygamarue">ms-caro-malware-full:malware-family="Gamarue"</h4>
<div class="paragraph">
<p>2013 VOL15 - A worm that is commonly distributed via exploit kits and social engineering. Variants have been observed stealing information from the local computer and communicating with command-and-control (C&amp;C) servers managed by attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygisav">ms-caro-malware-full:malware-family="Gisav"</h4>
<div class="paragraph">
<p>2013 VOL15 - An adware program that displays offers related to the user&#8217;s web browsing habits. It can be downloaded from the program&#8217;s website, and can be bundled with some third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyinfoatoms">ms-caro-malware-full:malware-family="InfoAtoms"</h4>
<div class="paragraph">
<p>2013 VOL15 - An adware program that displays advertisements related to the user&#8217;s web browsing habits and inserts advertisements into websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyperlircbot_e">ms-caro-malware-full:malware-family="Perl/IRCbot.E"</h4>
<div class="paragraph">
<p>2013 VOL15 - A backdoor trojan that drops other malicious software and connects to IRC servers to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyjavrobat">ms-caro-malware-full:malware-family="Javrobat"</h4>
<div class="paragraph">
<p>2013 VOL15 - An exploit that tries to check whether certain versions of Adobe Acrobat or Adobe Reader are installed on the computer. If so, it tries to install malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykraddare">ms-caro-malware-full:malware-family="Kraddare"</h4>
<div class="paragraph">
<p>2013 VOL15 - Adware that displays Korean-language advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypricegong">ms-caro-malware-full:malware-family="PriceGong"</h4>
<div class="paragraph">
<p>2013 VOL15 - An adware program that shows certain deals related to the search terms entered on any web page.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprotlerdob">ms-caro-malware-full:malware-family="Protlerdob"</h4>
<div class="paragraph">
<p>2013 VOL15 - A software installer with a Portuguese language user interface. It presents itself as a free movie download but bundles with it a number of programs that may charge for services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyqhost">ms-caro-malware-full:malware-family="Qhost"</h4>
<div class="paragraph">
<p>2013 VOL15 - A generic detection for trojans that modify the HOSTS file on the computer to redirect or limit Internet traffic to certain sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyreveton">ms-caro-malware-full:malware-family="Reveton"</h4>
<div class="paragraph">
<p>2013 VOL15 - A ransomware family that targets users from certain countries or regions. It locks the computer and displays a location-specific webpage that covers the desktop and demands that the user pay a fine for the supposed possession of illicit material.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrongvhin">ms-caro-malware-full:malware-family="Rongvhin"</h4>
<div class="paragraph">
<p>2013 VOL15 - A family of malware that perpetrates click fraud. It might be delivered to the computer via hack tools for the game CrossFire.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyseedabutor">ms-caro-malware-full:malware-family="Seedabutor"</h4>
<div class="paragraph">
<p>2013 VOL15 - A JavaScript trojan that attempts to redirect the browser to another website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysmser">ms-caro-malware-full:malware-family="SMSer"</h4>
<div class="paragraph">
<p>2013 VOL15 - A ransomware trojan that locks an affected users computer and requests that the user send a text message to a premium-charge number to unlock it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytobfy">ms-caro-malware-full:malware-family="Tobfy"</h4>
<div class="paragraph">
<p>2013 VOL15 - A family of ransomware trojans that targets users from certain countries. It locks the computer and displays a localized message demanding the payment of a fine for the supposed possession of illicit material. Some variants may also take webcam screenshots, play audio messages, or affect certain processes or drivers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytruado">ms-caro-malware-full:malware-family="Truado"</h4>
<div class="paragraph">
<p>2013 VOL15 - A trojan that poses as an update for certain Adobe software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyurausy">ms-caro-malware-full:malware-family="Urausy"</h4>
<div class="paragraph">
<p>2013 VOL15 - A family of ransomware trojans that locks the computer and displays a localized message, supposedly from police authorities, demanding the payment of a fine for alleged criminal activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywecykler">ms-caro-malware-full:malware-family="Wecykler"</h4>
<div class="paragraph">
<p>2013 VOL15 - A family of worms that spread via removable drives, such as USB drives, that may stop security processes and other processes on the computer, and log keystrokes that are later sent to a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyweelsof">ms-caro-malware-full:malware-family="Weelsof"</h4>
<div class="paragraph">
<p>2013 VOL15 - A family of ransomware trojans that targets users from certain countries. It locks the computer and displays a localized message demanding the payment of a fine for the alleged possession of illicit material. Some variants may take steps that make it difficult to run or update virus protection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyyakdowpe">ms-caro-malware-full:malware-family="Yakdowpe"</h4>
<div class="paragraph">
<p>2013 VOL15 - A family of trojans that connect to certain websites to silently download and install other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyanogre">ms-caro-malware-full:malware-family="Anogre"</h4>
<div class="paragraph">
<p>2013 VOL16 - A threat that exploits a vulnerability addressed by Microsoft Security Bulletin MS11-087. This vulnerability can allow a hacker to install programs, view, change, or delete data or create new accounts with full administrative privileges.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybrantall">ms-caro-malware-full:malware-family="Brantall"</h4>
<div class="paragraph">
<p>2013 VOL16 - A family of trojans that download and install other programs, including Win32/Sefnit and Win32/Rotbrow. Brantall often pretends to be an installer for other, legitimate programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycomame">ms-caro-malware-full:malware-family="Comame"</h4>
<div class="paragraph">
<p>2013 VOL16 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycrilock">ms-caro-malware-full:malware-family="Crilock"</h4>
<div class="paragraph">
<p>2013 VOL16 - A ransomware family that encrypts the computer&#8217;s files and displays a webpage that demands a fee to unlock them.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2011_3874">ms-caro-malware-full:malware-family="CVE-2011-3874"</h4>
<div class="paragraph">
<p>2013 VOL16 - A threat that attempts to exploit a vulnerability in the Android operating system to gain access to and control of the device Java/CVE-2012-1723. A family of malicious Java applets that attempt to exploit vulnerability CVE-2012-1723 in the Java Runtime Environment (JRE) in order to download and install files of an attackers choice onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydeminnix">ms-caro-malware-full:malware-family="Deminnix"</h4>
<div class="paragraph">
<p>2013 VOL16 - A trojan that uses the computer for Bitcoin mining and changes the home page of the web browser. It can accidentally be downloaded along with other files from torrent sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydetplock">ms-caro-malware-full:malware-family="Detplock"</h4>
<div class="paragraph">
<p>2013 VOL16 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydircrypt">ms-caro-malware-full:malware-family="Dircrypt"</h4>
<div class="paragraph">
<p>2013 VOL16 - Ransomware that encrypts the user&#8217;s files and demands payment to release them. It is distributed through spam email messages and can be downloaded by other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydonxref">ms-caro-malware-full:malware-family="DonxRef"</h4>
<div class="paragraph">
<p>2013 VOL16 - A generic detection for malicious JavaScript objects that construct shellcode. The scripts may try to exploit vulnerabilities in Java, Adobe Flash Player, and Windows.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfaceliker">ms-caro-malware-full:malware-family="Faceliker"</h4>
<div class="paragraph">
<p>2013 VOL16 - A malicious script that likes content on Facebook without the user&#8217;s knowledge or consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakealert">ms-caro-malware-full:malware-family="FakeAlert"</h4>
<div class="paragraph">
<p>2013 VOL16 - A malicious script that falsely claims that the computer is infected with viruses and that additional software is needed to disinfect it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyjenxcus">ms-caro-malware-full:malware-family="Jenxcus"</h4>
<div class="paragraph">
<p>2013 VOL16 - A worm that gives an attacker control of the computer. It is spread by infected removable drives, like USB flash drives. It can also be downloaded within a torrent file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyloktrom">ms-caro-malware-full:malware-family="Loktrom"</h4>
<div class="paragraph">
<p>2013 VOL16 - Ransomware that locks the computer and displays a full-screen message pretending to be from a national police force, demanding payment to unlock the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymiposa">ms-caro-malware-full:malware-family="Miposa"</h4>
<div class="paragraph">
<p>2013 VOL16 - A trojan that downloads and runs malicious Windows Scripting Host (.wsh) files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familynitol">ms-caro-malware-full:malware-family="Nitol"</h4>
<div class="paragraph">
<p>2013 VOL16 - A family of trojans that perform DDoS (distributed denial of service) attacks, allow backdoor access and control, download and run files, and perform a number of other malicious activities on the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyoceanmug">ms-caro-malware-full:malware-family="Oceanmug"</h4>
<div class="paragraph">
<p>2013 VOL16 - A trojan that silently downloads and installs other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyproslikefan">ms-caro-malware-full:malware-family="Proslikefan"</h4>
<div class="paragraph">
<p>2013 VOL16 - A worm that spreads through removable drives, network shares, and P2P programs. It can lower the computer&#8217;s security settings and disable antivirus products.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrotbrow">ms-caro-malware-full:malware-family="Rotbrow"</h4>
<div class="paragraph">
<p>2013 VOL16 - A trojan that installs browser add-ons that claim to offer protection from other add-ons. Rotbrow can change the browser&#8217;s home page, and can install the trojan Win32/Sefnit. It is commonly installed by Win32/Brantall.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysefnit">ms-caro-malware-full:malware-family="Sefnit"</h4>
<div class="paragraph">
<p>2013 VOL16 - A family of trojans that can allow backdoor access, download files, and use the computer and Internet connection for click fraud. Some variants can monitor web browsers and hijack search results.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyurntone">ms-caro-malware-full:malware-family="Urntone"</h4>
<div class="paragraph">
<p>2013 VOL16 - A webpage component of the Neutrino exploit kit. It checks the version numbers of popular applications installed on the computer, and attempts to install malware that targets vulnerabilities in the software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywysotot">ms-caro-malware-full:malware-family="Wysotot"</h4>
<div class="paragraph">
<p>2013 VOL16 - A threat that can change the start page of the user&#8217;s web browser, and may download and install other files to the computer. It is installed by software bundlers that advertise free software or games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyaddlyrics">ms-caro-malware-full:malware-family="AddLyrics"</h4>
<div class="paragraph">
<p>2014 VOL17 - A browser add-on that displays lyrics for songs on YouTube, and displays advertisements in the browser window.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyadpeak">ms-caro-malware-full:malware-family="Adpeak"</h4>
<div class="paragraph">
<p>2014 VOL17 - Adware that displays extra ads as the user browses the Internet, without revealing where the ads are coming from. It may be bundled with some third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyaxpergle">ms-caro-malware-full:malware-family="Axpergle"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for the Angler exploit kit, which exploits vulnerabilities in recent versions of Internet Explorer, Silverlight, Adobe Flash Player, and Java to install malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybepush">ms-caro-malware-full:malware-family="Bepush"</h4>
<div class="paragraph">
<p>2014 VOL17 - A family of trojans that download and install add-ons for the Firefox and Chrome browsers that post malicious links to social networking sites, track browser usage, and redirect the browser to specific websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybettersurf">ms-caro-malware-full:malware-family="BetterSurf"</h4>
<div class="paragraph">
<p>2014 VOL17 - Adware that displays unwanted ads on search engine results pages and other websites. It may be included with software bundles that offer free applications or games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybladabindi">ms-caro-malware-full:malware-family="Bladabindi"</h4>
<div class="paragraph">
<p>2014 VOL17 - A family of backdoors created by a malicious hacker tool called NJ Rat. They can steal sensitive information, download other malware, and allow backdoor access to an infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycaphaw">ms-caro-malware-full:malware-family="Caphaw"</h4>
<div class="paragraph">
<p>2014 VOL17 - A family of backdoors that spread via Facebook, YouTube, Skype, removable drives, and drive-by download. They can make Facebook posts via the user&#8217;s account, and may steal online banking details.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyclikug">ms-caro-malware-full:malware-family="Clikug"</h4>
<div class="paragraph">
<p>2014 VOL17 - A threat that uses a computer for click fraud. It has been observed using as much as a gigabyte of bandwidth per hour.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2014_0322">ms-caro-malware-full:malware-family="CVE-2014-0322"</h4>
<div class="paragraph">
<p>This threat uses a vulnerability MS14-012, CVE-2014-0322 in Internet Explorer 9 and 10 to download and run files on your PC, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2013_0422">ms-caro-malware-full:malware-family="CVE-2013-0422"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for a malicious Java applet that exploits the Java Runtime Environment (JRE) vulnerability described in CVE-2013-0422, addressed by an Oracle security update in January 2013.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydowque">ms-caro-malware-full:malware-family="Dowque"</h4>
<div class="paragraph">
<p>2014 VOL17 - A generic detection for malicious files that are capable of installing other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfashack">ms-caro-malware-full:malware-family="Fashack"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for the Safehack exploit kit, also known as Flashpack. It uses vulnerabilities in Adobe Flash Player, Java, and Silverlight to install malware on a computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfeven">ms-caro-malware-full:malware-family="Feven"</h4>
<div class="paragraph">
<p>2014 VOL17 - A browser add-on for Internet Explorer, Firefox, or Chrome that displays ads on search engine results pages and other websites, and redirects the browser to specific websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfiexp">ms-caro-malware-full:malware-family="Fiexp"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for the Fiesta exploit kit, which attempts to exploit Java, Adobe Flash Player, Adobe Reader, Silverlight, and Internet Explorer to install malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfilcout">ms-caro-malware-full:malware-family="Filcout"</h4>
<div class="paragraph">
<p>2014 VOL17 - An application that offers to locate and download programs to run unknown files. It has been observed installing variants in the Win32/Sefnit family.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familygenasom">ms-caro-malware-full:malware-family="Genasom"</h4>
<div class="paragraph">
<p>2014 VOL17 - A ransomware family that locks a computer and demands money to unlock it. It usually targets Russian-language users, and may open pornographic websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykegotip">ms-caro-malware-full:malware-family="Kegotip"</h4>
<div class="paragraph">
<p>2014 VOL17 - A password-stealing trojan that can steal email addresses, personal information, or user account information for certain programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykrypterade">ms-caro-malware-full:malware-family="Krypterade"</h4>
<div class="paragraph">
<p>2014 VOL17 - Ransomware that fraudulently claims a computer has been used for unlawful activity, locks it, and demands that the user pay to unlock it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familylecpetex">ms-caro-malware-full:malware-family="Lecpetex"</h4>
<div class="paragraph">
<p>2014 VOL17 - A family of trojans that steal sensitive information, such as user names and passwords. It can also use a computer for Litecoin mining, install other malware, and post malicious content via the user&#8217;s Facebook account.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familylollipop">ms-caro-malware-full:malware-family="Lollipop"</h4>
<div class="paragraph">
<p>2014 VOL17 - Adware that may be installed by third-party software bundlers. It displays ads based on search engine searches, which can differ by geographic location and may be pornographic.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymeadgive">ms-caro-malware-full:malware-family="Meadgive"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for the Redkit exploit kit, also known as Infinity and Goon. It attempts to exploit vulnerabilities in programs such as Java and Silverlight to install other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyneclu">ms-caro-malware-full:malware-family="Neclu"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for the Nuclear exploit kit, which attempts to exploit vulnerabilities in programs such as Java and Adobe Reader to install other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyogimant">ms-caro-malware-full:malware-family="Ogimant"</h4>
<div class="paragraph">
<p>2014 VOL17 - A threat that claims to help download items from the Internet, but actually downloads and runs files that are specified by a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyoptimizerelite">ms-caro-malware-full:malware-family="OptimizerElite"</h4>
<div class="paragraph">
<p>2014 VOL17 - A misleading program that uses legitimate files in the Prefetch folder to claim that the computer is damaged, and offers to fix the damage for a price.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypangimop">ms-caro-malware-full:malware-family="Pangimop"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for the Magnitude exploit kit, also known as Popads. It attempts to exploit vulnerabilities in programs such as Java and Adobe Flash Player to install other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyphish">ms-caro-malware-full:malware-family="Phish"</h4>
<div class="paragraph">
<p>2014 VOL17 - A password-stealing malicious webpage, known as a phishing page, that disguises itself as a page from a legitimate website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyprast">ms-caro-malware-full:malware-family="Prast"</h4>
<div class="paragraph">
<p>2014 VOL17 - A generic detection for various password stealing trojans.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyslugin">ms-caro-malware-full:malware-family="Slugin"</h4>
<div class="paragraph">
<p>2014 VOL17 - A file infector that infects .exe and .dll files. It may also perform backdoor actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyspacekito">ms-caro-malware-full:malware-family="Spacekito"</h4>
<div class="paragraph">
<p>2014 VOL17 - A threat that steals information about the computer and installs browser add-ons that display ads.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytranikpik">ms-caro-malware-full:malware-family="Tranikpik"</h4>
<div class="paragraph">
<p>This threat is a backdoor that can give a hacker unauthorized access and control of your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywordinvop">ms-caro-malware-full:malware-family="Wordinvop"</h4>
<div class="paragraph">
<p>2014 VOL17 - A detection for a specially-crafted Microsoft Word file that attempts to exploit the vulnerability CVE-2006-6456, addressed by Microsoft Security Bulletin MS07-014.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyzegost">ms-caro-malware-full:malware-family="Zegost"</h4>
<div class="paragraph">
<p>2014 VOL17 - A backdoor that allows an attacker to remotely access and control a computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyarchost">ms-caro-malware-full:malware-family="Archost"</h4>
<div class="paragraph">
<p>2014 VOL18 - A downloader that installs other programs on the computer without the user&#8217;s consent, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybalamid">ms-caro-malware-full:malware-family="Balamid"</h4>
<div class="paragraph">
<p>2014 VOL18 - A trojan that can use the computer to click on online advertisements without the user&#8217;s permission or knowledge. This can earn money for a malicious hacker by making a website or application appear more popular than it is.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybeevry">ms-caro-malware-full:malware-family="BeeVry"</h4>
<div class="paragraph">
<p>2014 VOL18 - A trojan that modifies a number of settings to prevent the computer from accessing security-related websites, and lower the computer&#8217;s security.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybondat">ms-caro-malware-full:malware-family="Bondat"</h4>
<div class="paragraph">
<p>2014 VOL18 - A family of threats that collects information about the computer, infects removable drives, and tries to stop the user from accessing files. It spreads by infecting removable drives, such as USB thumb drives and flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybregent">ms-caro-malware-full:malware-family="Bregent"</h4>
<div class="paragraph">
<p>2014 VOL18 - A downloader that injects malicious code into legitimate processes such as explorer.exe and svchost.exe, and downloads other malware onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybrolo">ms-caro-malware-full:malware-family="Brolo"</h4>
<div class="paragraph">
<p>2014 VOL18 - A ransomware family that locks the web browser and displays a message, often pretending to be from a law enforcement agency, demanding money to unlock the browser.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycostmin">ms-caro-malware-full:malware-family="CostMin"</h4>
<div class="paragraph">
<p>2014 VOL18 - An adware family that installs itself as a browser extension for Internet Explorer, Mozilla Firefox, and Google Chrome, and displays advertisements as the user browses the Internet.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycouponruc">ms-caro-malware-full:malware-family="CouponRuc"</h4>
<div class="paragraph">
<p>2014 VOL18 - A browser modifier that changes browser settings and may also modify some computer and Internet settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycrastic">ms-caro-malware-full:malware-family="Crastic"</h4>
<div class="paragraph">
<p>2014 VOL18 - A trojan that sends sensitive information to a remote attacker, such as user names, passwords and information about the computer. It can also delete System Restore points, making it harder to recover the computer to a pre-infected state.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycrowti">ms-caro-malware-full:malware-family="Crowti"</h4>
<div class="paragraph">
<p>2014 VOL18 - A ransomware family that encrypts files on the computer and demands that the user pay a fee to decrypt them, using Bitcoins.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2013_1488">ms-caro-malware-full:malware-family="CVE-2013-1488"</h4>
<div class="paragraph">
<p>2014 VOL18 - A detection for threats that use a Java vulnerability to download and run files on your PC, including other malware. Oracle addressed the vulnerability with a security update in April 2013.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydefaulttab">ms-caro-malware-full:malware-family="DefaultTab"</h4>
<div class="paragraph">
<p>2014 VOL18 - A browser modifier that redirects web browser searches and prevents the user from changing browser settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyippedo">ms-caro-malware-full:malware-family="Ippedo"</h4>
<div class="paragraph">
<p>2014 VOL18 - A worm that can send sensitive information to a malicious hacker. It spreads through infected removable drives, such as USB flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykilim">ms-caro-malware-full:malware-family="Kilim"</h4>
<div class="paragraph">
<p>2014 VOL18 - A trojan that hijacks the user&#8217;s Facebook, Twitter, or YouTube account to promote pages. It may post hyperlinks or like pages on Facebook, post comments on YouTube videos, or follow profiles and send direct messages on Twitter without permission.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymofin">ms-caro-malware-full:malware-family="Mofin"</h4>
<div class="paragraph">
<p>2014 VOL18 - A worm that can steal files from your PC and send them to a malicious hacker. It spreads via infected removable drives, such as USB flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymptampersrp">ms-caro-malware-full:malware-family="MpTamperSrp"</h4>
<div class="paragraph">
<p>2014 VOL18 - A generic detection for an attempt to add software restriction policies to restrict Microsoft antimalware products, such as Microsoft Security Essentials and Windows Defender, from functioning properly.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymujormel">ms-caro-malware-full:malware-family="Mujormel"</h4>
<div class="paragraph">
<p>2014 VOL18 - A password stealer that can steal personal information, such as user names and passwords, and send the stolen information to a malicious hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypennybee">ms-caro-malware-full:malware-family="PennyBee"</h4>
<div class="paragraph">
<p>2014 VOL18 - Adware that shows ads as the user browses the web. It can be installed from the program&#8217;s website or bundled with some third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyphdet">ms-caro-malware-full:malware-family="Phdet"</h4>
<div class="paragraph">
<p>2014 VOL18 - A family of backdoor trojans that is used to perform distributed denial-of service (DDoS) attacks against specified targets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyrimod">ms-caro-malware-full:malware-family="Rimod"</h4>
<div class="paragraph">
<p>2014 VOL18 - A generic detection for files that change various security settings in the computer Win32/Rotbrow. A trojan that installs browser add-ons that claim to offer protection from other add-ons. Rotbrow can change the browser&#8217;s home page, and can install the trojan Win32/Sefnit. It is commonly installed by Win32/Brantall.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysigru">ms-caro-malware-full:malware-family="Sigru"</h4>
<div class="paragraph">
<p>2014 VOL18 - A virus that can stop some files from working correctly in Windows XP and earlier operating systems. It spreads by infecting the master boot record (MBR) on connected hard disks and floppy disks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysimpleshell">ms-caro-malware-full:malware-family="SimpleShell"</h4>
<div class="paragraph">
<p>2014 VOL18 - A backdoor that can give a malicious hacker unauthorized access to and control of the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysoftpulse">ms-caro-malware-full:malware-family="Softpulse"</h4>
<div class="paragraph">
<p>2014 VOL18 - A software bundler that no longer meets Microsoft detection criteria for unwanted software following a program update in September of 2014.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysquarenet">ms-caro-malware-full:malware-family="SquareNet"</h4>
<div class="paragraph">
<p>2014 VOL18 - A software bundler that installs other unwanted software, including adware and click-fraud malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytugspay">ms-caro-malware-full:malware-family="Tugspay"</h4>
<div class="paragraph">
<p>2014 VOL18 - A downloader that spreads by posing as an installer for legitimate software, such as a Java update, or through other malware. When installed, it downloads unwanted software to the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytupym">ms-caro-malware-full:malware-family="Tupym"</h4>
<div class="paragraph">
<p>2014 VOL18 - A worm that copies itself to the system folder of the affected computer, and attempts to contact remote hosts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvercuser">ms-caro-malware-full:malware-family="Vercuser"</h4>
<div class="paragraph">
<p>2014 VOL18 - A worm that typically spreads via drive-by download. It also receives commands from a remote server, and has been observed dropping other malware on the infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyadnel">ms-caro-malware-full:malware-family="Adnel"</h4>
<div class="paragraph">
<p>2015 VOL19 - A family of macro malware that can download other threats to the computer, including TrojanDownloader:Win32/Drixed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyadodb">ms-caro-malware-full:malware-family="Adodb"</h4>
<div class="paragraph">
<p>2015 VOL19 - A generic detection for script trojans that exploit a vulnerability in Microsoft Data Access Components (MDAC) that allows remote code execution. Microsoft released Security Bulletin MS06-014 in April 2006 to address the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyalterbooksp">ms-caro-malware-full:malware-family="AlterbookSP"</h4>
<div class="paragraph">
<p>2015 VOL19 - A browser add-on that formerly displayed behaviors of unwanted software. Recent versions of the add-on no longer meet Microsoft detection criteria, and are no longer considered unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybrobandel">ms-caro-malware-full:malware-family="BrobanDel"</h4>
<div class="paragraph">
<p>2015 VOL19 - A family of trojans that can modify boletos bancários, a common payment method in Brazil. They can be installed on the computer when a user opens a malicious spam email attachment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycompromisedcert">ms-caro-malware-full:malware-family="CompromisedCert"</h4>
<div class="paragraph">
<p>2015 VOL19 - A detection for the Superfish VisualDiscovery advertising program that was preinstalled on some Lenovo laptops sold in 2014 and 2015. It installs a compromised trusted root certificate on the computer, which can be used to conduct man-in-the-middle attacks on the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycouponruc_new">ms-caro-malware-full:malware-family="CouponRuc_new"</h4>
<div class="paragraph">
<p>2015 VOL19 - A browser modifier that changes browser settings and may also modify some computer and Internet settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycve_2014_6332">ms-caro-malware-full:malware-family="CVE-2014-6332"</h4>
<div class="paragraph">
<p>2015 VOL19 - This threat uses a Microsoft vulnerability MS14-064 to download and run files on your PC, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydyzap">ms-caro-malware-full:malware-family="Dyzap"</h4>
<div class="paragraph">
<p>2015 VOL19 - A threat that steals login credentials for a long list of banking websites using man-in-the-browser (MITB) attacks. It is usually installed on the infected computer by TrojanDownloader:Win32/Upatre.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyeorezo">ms-caro-malware-full:malware-family="EoRezo"</h4>
<div class="paragraph">
<p>2015 VOL19 - Adware that displays targeted advertising to affected users while browsing the Internet, based on downloaded pre-configured information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfakecall">ms-caro-malware-full:malware-family="FakeCall"</h4>
<div class="paragraph">
<p>2015 VOL19 - This threat is a webpage that claims your PC is infected with malware. It asks you to phone a number to receive technical support to help remove the malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfoosace">ms-caro-malware-full:malware-family="Foosace"</h4>
<div class="paragraph">
<p>2015 VOL19 - A threat that creates files on the compromised computer and contacts a remote host. Observed in the STRONTIUM APT.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyieenablercby">ms-caro-malware-full:malware-family="IeEnablerCby"</h4>
<div class="paragraph">
<p>2015 VOL19 - A browser modifier that installs additional browser addons without the user&#8217;s consent. It bypasses the normal prompts or dialogs that ask for consent to install add-ons.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyinstallerex">ms-caro-malware-full:malware-family="InstalleRex"</h4>
<div class="paragraph">
<p>2015 VOL19 - A software bundler that installs unwanted software, including Win32/CouponRuc and Win32/SaverExtension. It alters its own 'Installed On' date in Programs and Features to make it more difficult for a user to locate it and remove it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyjacktheripper">ms-caro-malware-full:malware-family="JackTheRipper"</h4>
<div class="paragraph">
<p>2015 VOL19 - A virus that can stop some files from working correctly in Windows XP and earlier operating systems. It spreads by infecting the master boot record (MBR) on connected hard disks and floppy disks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykenilfe">ms-caro-malware-full:malware-family="Kenilfe"</h4>
<div class="paragraph">
<p>2015 VOL19 - A worm written in AutoCAD Lisp that only runs if AutoCAD is installed on the computer or network. It renames and deletes certain AutoCAD files, and may download and execute arbitrary files from a remote host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familykipodtoolscby">ms-caro-malware-full:malware-family="KipodToolsCby"</h4>
<div class="paragraph">
<p>2015 VOL19 - A browser modifier that installs additional browser addons without the user&#8217;s consent. It bypasses the normal prompts or dialogs that ask for consent to install add-ons.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymacoute">ms-caro-malware-full:malware-family="Macoute"</h4>
<div class="paragraph">
<p>2015 VOL19 - A worm that can spread itself to removable USB drives, and may communicate with a remote host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyneutrinoek">ms-caro-malware-full:malware-family="NeutrinoEK"</h4>
<div class="paragraph">
<p>2015 VOL19 - This threat is a webpage that spreads the exploit kit known as Neutrino.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypeaac">ms-caro-malware-full:malware-family="Peaac"</h4>
<div class="paragraph">
<p>2015 VOL19 - A generic detection for various threats that display trojan characteristics.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypeals">ms-caro-malware-full:malware-family="Peals"</h4>
<div class="paragraph">
<p>2015 VOL19 - A generic detection for various threats that display trojan characteristics.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyradonskra">ms-caro-malware-full:malware-family="Radonskra"</h4>
<div class="paragraph">
<p>2015 VOL19 - A family of threats that perform a variety of malicious acts, including stealing information about the computer, showing extra advertisements as the user browses the web, performing click fraud, and downloading other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysaverextension">ms-caro-malware-full:malware-family="SaverExtension"</h4>
<div class="paragraph">
<p>2015 VOL19 - A browser add-on that shows ads in the browser without revealing their source, and prevents itself from being removed normally.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysdbby">ms-caro-malware-full:malware-family="Sdbby"</h4>
<div class="paragraph">
<p>2015 VOL19 - A threat that exploits a bypass to gain administrative privileges on a machine without going through a User Access Control prompt.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysimda">ms-caro-malware-full:malware-family="Simda"</h4>
<div class="paragraph">
<p>2015 VOL19 - A threat that can give an attacker backdoor access and control of an infected computer. It can then steal passwords and gather information about the computer to send to the attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyskeeyah">ms-caro-malware-full:malware-family="Skeeyah"</h4>
<div class="paragraph">
<p>2015 VOL19 - A generic detection for various threats that display trojan characteristics.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familywordjmp">ms-caro-malware-full:malware-family="Wordjmp"</h4>
<div class="paragraph">
<p>2015 VOL19 - An exploit that targets a vulnerability in Word 2002 and 2003 that could allow an attacker to remotely execute arbitrary code. Microsoft released Security Bulletin MS06-027 in June 2006 to address the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familybayads">ms-caro-malware-full:malware-family="Bayads"</h4>
<div class="paragraph">
<p>2015 VOL20 - A program that displays ads as the user browses the web. It can be bundled with other software. It may call itself bdraw, delta, dlclient, Pay-ByAds, or pricehorse in Programs and Features.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycandyopen">ms-caro-malware-full:malware-family="CandyOpen"</h4>
<div class="paragraph">
<p>2015 VOL20 - This application can also affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs: Adds files that run at startup, Modifies boot configuration data, Modifies file associations, Injects into other processes on your system, Changes browser settings, Adds a local proxy, Modifies your system DNS settings, Stops Windows Update, Disables User Access Control (UAC), These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycolisi">ms-caro-malware-full:malware-family="Colisi"</h4>
<div class="paragraph">
<p>2015 VOL20 - Behavioral detection of certain files acting in a malicious way.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familycreprote">ms-caro-malware-full:malware-family="Creprote"</h4>
<div class="paragraph">
<p>2015 VOL20 - These programs are most commonly software bundlers or installers for software such as toolbars, adware, or system optimizers. The software might modify your homepage, your search provider, or perform other actions that you might not have intended.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydiplugem">ms-caro-malware-full:malware-family="Diplugem"</h4>
<div class="paragraph">
<p>2015 VOL20 - A browser modifier that installs browser add-ons without obtaining the users consent. The add-ons show extra advertisements as the user browses the web, and can inject additional ads into web search results pages.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydipsind">ms-caro-malware-full:malware-family="Dipsind"</h4>
<div class="paragraph">
<p>2015 VOL20 - A threat that is often used in targeted attacks. It can give an attacker access to the computer to download and run files, steal domain credentials, and perform other malicious actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydonoff">ms-caro-malware-full:malware-family="Donoff"</h4>
<div class="paragraph">
<p>2015 VOL20 - A threat that uses an infected Microsoft Office file to download other malware onto the computer. It can arrive as a spam email attachment, usually as a Word file (.doc).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydorv">ms-caro-malware-full:malware-family="Dorv"</h4>
<div class="paragraph">
<p>2015 VOL20 - A trojan is a type of malware that cant spread on its own. It relies on you to run them on your PC by mistake, or visit a hacked or malicious webpage. They can steal your personal information, download more malware, or give a malicious hacker access to your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familydowadmin">ms-caro-malware-full:malware-family="Dowadmin"</h4>
<div class="paragraph">
<p>2015 VOL20 - A software bundler that does not provide the user with the option to decline installation of unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyfourthrem">ms-caro-malware-full:malware-family="Fourthrem"</h4>
<div class="paragraph">
<p>2015 VOL20 - A program that installs unwanted software without adequate consent on the computer at the same time as the software the user is trying to install.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyhao123">ms-caro-malware-full:malware-family="Hao123"</h4>
<div class="paragraph">
<p>2015 VOL20 - This threat is a modified Internet Explorer shortcut that changes your Internet Explorer homepage. It might arrive on your PC through bundlers that offer free software. The threat will run a separate threat-related file that changes the Internet Explorer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymizenota">ms-caro-malware-full:malware-family="Mizenota"</h4>
<div class="paragraph">
<p>2015 VOL20 - This program is a software bundler that installs unwanted software on your PC at the same time as the software you are trying to install. It may install one of the following: BrowserModifier:Win32/SupTab, BrowserModifier:Win32/Sasquor, BrowserModifier:Win32/Smudplu, SoftwareBundler:Win32/Pokavampo, BrowserModifier:Win32/Shopperz, Adware:Win32/EoRezo</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familymytonel">ms-caro-malware-full:malware-family="Mytonel"</h4>
<div class="paragraph">
<p>2015 VOL20 - A program that downloads and installs other programs onto the computer without the user&#8217;s consent, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyoutbrowse">ms-caro-malware-full:malware-family="OutBrowse"</h4>
<div class="paragraph">
<p>2015 VOL20 - A software bundler that installs additional unwanted programs alongside software that the user wishes to install. It can remove or hide the installers close button, leaving no way to decline the additional applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypeapoon">ms-caro-malware-full:malware-family="Peapoon"</h4>
<div class="paragraph">
<p>2015 VOL20 - An adware program that shows users ads that they cannot control as they browse the web. It may identify itself as Coupon in Programs and Features.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familypokki">ms-caro-malware-full:malware-family="Pokki"</h4>
<div class="paragraph">
<p>2015 VOL20 - A browser add-on that formerly displayed behaviors of unwanted software. Recent versions of the add-on no longer meet Microsoft detection criteria, and are no longer considered unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyputalol">ms-caro-malware-full:malware-family="Putalol"</h4>
<div class="paragraph">
<p>2015 VOL20 - An adware program that shows users ads that they cannot control as they browse the web. It may identify itself as Lolliscan in Programs and Features.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyspigotsearch">ms-caro-malware-full:malware-family="SpigotSearch"</h4>
<div class="paragraph">
<p>2015 VOL20 - This application can affect the quality of your computing experience. For example, some potentially unwanted applications can: Install additional bundled software, Modify your homepage, Modify your search provider. These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyspursint">ms-caro-malware-full:malware-family="Spursint"</h4>
<div class="paragraph">
<p>2015 VOL20 - This threat has been detected as one of the executable malware that are distributed through URLs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysulunch">ms-caro-malware-full:malware-family="Sulunch"</h4>
<div class="paragraph">
<p>2015 VOL20 - A generic detection for a group of trojans that perform a number of common malware behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysuptab">ms-caro-malware-full:malware-family="SupTab"</h4>
<div class="paragraph">
<p>2015 VOL20 - A browser modifier that installs itself and changes the browsers default search provider, without obtaining the users consent for either action.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familysventore">ms-caro-malware-full:malware-family="Sventore"</h4>
<div class="paragraph">
<p>2015 VOL20 - This trojan can install other malware or unwanted software onto your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familytillail">ms-caro-malware-full:malware-family="Tillail"</h4>
<div class="paragraph">
<p>2015 VOL20 - A software bundler that installs unwanted software alongside the software the user is trying to install. It has been observed to install the browser modifier Win32/SupTab.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyvopackage">ms-caro-malware-full:malware-family="VOPackage"</h4>
<div class="paragraph">
<p>2015 VOL20 - This application can also affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs: Adds files that run at startup, Installs a driver, Injects into other processes on your system, Injects into browsers, Changes browser settings, Changes browser shortcuts, Installs browser extensions, Adds a local proxy, Tampers with root certificate trust, Modifies the system hosts file, Modifies your system DNS settings, Disables anti-virus products, Tampers with system Group Policy settings, These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_fullmalware_familyxiazai">ms-caro-malware-full:malware-family="Xiazai"</h4>
<div class="paragraph">
<p>2015 VOL20 - A program that installs unwanted software on the computer at the same time as the software the user is trying to install, without adequate consent.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_mwdb">mwdb</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
mwdb namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/mwdb/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Database (mwdb) Taxonomy - Tags used across the platform</p>
</div>
<div class="sect2">
<h3 id="_location_type">location_type</h3>
<div class="paragraph">
<p>Type of malicious URL.</p>
</div>
<div class="sect3">
<h4 id="_mwdblocation_typecnc">mwdb:location_type="cnc"</h4>
<div class="paragraph">
<p>CNC</p>
</div>
<div class="paragraph">
<p>C&amp;C server, usually administrated by criminals. Malware connects to it (usually with a custom protocol) to get new commands and updates.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdblocation_typedownload_url">mwdb:location_type="download_url"</h4>
<div class="paragraph">
<p>Download URL</p>
</div>
<div class="paragraph">
<p>Download url. Used to download more malware samples. Sometimes just a hacked legitimate website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdblocation_typepanel">mwdb:location_type="panel"</h4>
<div class="paragraph">
<p>Panel</p>
</div>
<div class="paragraph">
<p>Malware panel. HTTP service used by criminals to manage the botnet.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdblocation_typepeer">mwdb:location_type="peer"</h4>
<div class="paragraph">
<p>Peer</p>
</div>
<div class="paragraph">
<p>Peer. IP/port of infected machine of a legitimate computer user.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdblocation_typeother">mwdb:location_type="other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
<div class="paragraph">
<p>Other kind of URL found in the malware.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_family">family</h3>
<div class="sect3">
<h4 id="_mwdbfamilyagenttesla">mwdb:family="agenttesla"</h4>
<div class="paragraph">
<p>agenttesla</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyandromeda">mwdb:family="andromeda"</h4>
<div class="paragraph">
<p>andromeda</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyanubis">mwdb:family="anubis"</h4>
<div class="paragraph">
<p>anubis</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyavemaria">mwdb:family="avemaria"</h4>
<div class="paragraph">
<p>avemaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyazorult">mwdb:family="azorult"</h4>
<div class="paragraph">
<p>azorult</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilybrushaloader">mwdb:family="brushaloader"</h4>
<div class="paragraph">
<p>brushaloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilybublik">mwdb:family="bublik"</h4>
<div class="paragraph">
<p>bublik</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilybunitu">mwdb:family="bunitu"</h4>
<div class="paragraph">
<p>bunitu</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilycerber">mwdb:family="cerber"</h4>
<div class="paragraph">
<p>cerber</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilychthonic">mwdb:family="chthonic"</h4>
<div class="paragraph">
<p>chthonic</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilycitadel">mwdb:family="citadel"</h4>
<div class="paragraph">
<p>citadel</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilycorebot">mwdb:family="corebot"</h4>
<div class="paragraph">
<p>corebot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilycryptomix">mwdb:family="cryptomix"</h4>
<div class="paragraph">
<p>cryptomix</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilycryptoshield">mwdb:family="cryptoshield"</h4>
<div class="paragraph">
<p>cryptoshield</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilycryptowall">mwdb:family="cryptowall"</h4>
<div class="paragraph">
<p>cryptowall</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilydanabot">mwdb:family="danabot"</h4>
<div class="paragraph">
<p>danabot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilydanaloader">mwdb:family="danaloader"</h4>
<div class="paragraph">
<p>danaloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilydridex">mwdb:family="dridex"</h4>
<div class="paragraph">
<p>dridex</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilydridex_worker">mwdb:family="dridex-worker"</h4>
<div class="paragraph">
<p>dridex-worker</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilydyre">mwdb:family="dyre"</h4>
<div class="paragraph">
<p>dyre</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyemotet">mwdb:family="emotet"</h4>
<div class="paragraph">
<p>emotet</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyemotet5_upnp">mwdb:family="emotet5_upnp"</h4>
<div class="paragraph">
<p>emotet5_upnp</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyemotet_doc">mwdb:family="emotet_doc"</h4>
<div class="paragraph">
<p>emotet_doc</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyemotet_spam">mwdb:family="emotet_spam"</h4>
<div class="paragraph">
<p>emotet_spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyemotet_upnp">mwdb:family="emotet_upnp"</h4>
<div class="paragraph">
<p>emotet_upnp</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyevil_pony">mwdb:family="evil-pony"</h4>
<div class="paragraph">
<p>evil-pony</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyflokibot">mwdb:family="flokibot"</h4>
<div class="paragraph">
<p>flokibot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyformbook">mwdb:family="formbook"</h4>
<div class="paragraph">
<p>formbook</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilygandcrab">mwdb:family="gandcrab"</h4>
<div class="paragraph">
<p>gandcrab</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyget2">mwdb:family="get2"</h4>
<div class="paragraph">
<p>get2</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyglobeimposter">mwdb:family="globeimposter"</h4>
<div class="paragraph">
<p>globeimposter</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilygluedropper">mwdb:family="gluedropper"</h4>
<div class="paragraph">
<p>gluedropper</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilygootkit">mwdb:family="gootkit"</h4>
<div class="paragraph">
<p>gootkit</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyh1n1">mwdb:family="h1n1"</h4>
<div class="paragraph">
<p>h1n1</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyhancitor">mwdb:family="hancitor"</h4>
<div class="paragraph">
<p>hancitor</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyhawkeye">mwdb:family="hawkeye"</h4>
<div class="paragraph">
<p>hawkeye</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyicedid">mwdb:family="icedid"</h4>
<div class="paragraph">
<p>icedid</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyiceid">mwdb:family="iceid"</h4>
<div class="paragraph">
<p>iceid</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyiceix">mwdb:family="iceix"</h4>
<div class="paragraph">
<p>iceix</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyisfb">mwdb:family="isfb"</h4>
<div class="paragraph">
<p>isfb</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyjaff">mwdb:family="jaff"</h4>
<div class="paragraph">
<p>jaff</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilykbot">mwdb:family="kbot"</h4>
<div class="paragraph">
<p>kbot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilykegotip">mwdb:family="kegotip"</h4>
<div class="paragraph">
<p>kegotip</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilykins">mwdb:family="kins"</h4>
<div class="paragraph">
<p>kins</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilykovter">mwdb:family="kovter"</h4>
<div class="paragraph">
<p>kovter</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilykpot">mwdb:family="kpot"</h4>
<div class="paragraph">
<p>kpot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilykronos">mwdb:family="kronos"</h4>
<div class="paragraph">
<p>kronos</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilylocky">mwdb:family="locky"</h4>
<div class="paragraph">
<p>locky</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilylokibot">mwdb:family="lokibot"</h4>
<div class="paragraph">
<p>lokibot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilymadlocker">mwdb:family="madlocker"</h4>
<div class="paragraph">
<p>madlocker</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilymadness_pro">mwdb:family="madness_pro"</h4>
<div class="paragraph">
<p>madness_pro</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilymaoloa">mwdb:family="maoloa"</h4>
<div class="paragraph">
<p>maoloa</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilymirai">mwdb:family="mirai"</h4>
<div class="paragraph">
<p>mirai</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilymmbb">mwdb:family="mmbb"</h4>
<div class="paragraph">
<p>mmbb</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilynanocore">mwdb:family="nanocore"</h4>
<div class="paragraph">
<p>nanocore</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilynecurs">mwdb:family="necurs"</h4>
<div class="paragraph">
<p>necurs</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilynetwire">mwdb:family="netwire"</h4>
<div class="paragraph">
<p>netwire</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyneutrino">mwdb:family="neutrino"</h4>
<div class="paragraph">
<p>neutrino</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilynjrat">mwdb:family="njrat"</h4>
<div class="paragraph">
<p>njrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilynymaim">mwdb:family="nymaim"</h4>
<div class="paragraph">
<p>nymaim</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyodinaff">mwdb:family="odinaff"</h4>
<div class="paragraph">
<p>odinaff</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyonliner">mwdb:family="onliner"</h4>
<div class="paragraph">
<p>onliner</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyostap">mwdb:family="ostap"</h4>
<div class="paragraph">
<p>ostap</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilypanda">mwdb:family="panda"</h4>
<div class="paragraph">
<p>panda</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyphorpiex">mwdb:family="phorpiex"</h4>
<div class="paragraph">
<p>phorpiex</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilypony">mwdb:family="pony"</h4>
<div class="paragraph">
<p>pony</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilypushdo">mwdb:family="pushdo"</h4>
<div class="paragraph">
<p>pushdo</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyqadars">mwdb:family="qadars"</h4>
<div class="paragraph">
<p>qadars</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyqakbot">mwdb:family="qakbot"</h4>
<div class="paragraph">
<p>qakbot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyquantloader">mwdb:family="quantloader"</h4>
<div class="paragraph">
<p>quantloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyquasarrat">mwdb:family="quasarrat"</h4>
<div class="paragraph">
<p>quasarrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyramnit">mwdb:family="ramnit"</h4>
<div class="paragraph">
<p>ramnit</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyremcos">mwdb:family="remcos"</h4>
<div class="paragraph">
<p>remcos</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyretefe">mwdb:family="retefe"</h4>
<div class="paragraph">
<p>retefe</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyruckguv">mwdb:family="ruckguv"</h4>
<div class="paragraph">
<p>ruckguv</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilysage">mwdb:family="sage"</h4>
<div class="paragraph">
<p>sage</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilysendsafe">mwdb:family="sendsafe"</h4>
<div class="paragraph">
<p>sendsafe</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyshifu">mwdb:family="shifu"</h4>
<div class="paragraph">
<p>shifu</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyslave">mwdb:family="slave"</h4>
<div class="paragraph">
<p>slave</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilysmokeloader">mwdb:family="smokeloader"</h4>
<div class="paragraph">
<p>smokeloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilysystembc">mwdb:family="systembc"</h4>
<div class="paragraph">
<p>systembc</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyteslacrypt">mwdb:family="teslacrypt"</h4>
<div class="paragraph">
<p>teslacrypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytest">mwdb:family="test"</h4>
<div class="paragraph">
<p>test</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytestmod">mwdb:family="testmod"</h4>
<div class="paragraph">
<p>testmod</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytinba">mwdb:family="tinba"</h4>
<div class="paragraph">
<p>tinba</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytinba_dga">mwdb:family="tinba_dga"</h4>
<div class="paragraph">
<p>tinba_dga</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytinynuke">mwdb:family="tinynuke"</h4>
<div class="paragraph">
<p>tinynuke</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytofsee">mwdb:family="tofsee"</h4>
<div class="paragraph">
<p>tofsee</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytorment">mwdb:family="torment"</h4>
<div class="paragraph">
<p>torment</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytorrentlocker">mwdb:family="torrentlocker"</h4>
<div class="paragraph">
<p>torrentlocker</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytrickbot">mwdb:family="trickbot"</h4>
<div class="paragraph">
<p>trickbot</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilytroldesh">mwdb:family="troldesh"</h4>
<div class="paragraph">
<p>troldesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyunknown">mwdb:family="unknown"</h4>
<div class="paragraph">
<p>unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyvawtrak">mwdb:family="vawtrak"</h4>
<div class="paragraph">
<p>vawtrak</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyvjworm">mwdb:family="vjworm"</h4>
<div class="paragraph">
<p>vjworm</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyvmzeus">mwdb:family="vmzeus"</h4>
<div class="paragraph">
<p>vmzeus</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyvmzeus2">mwdb:family="vmzeus2"</h4>
<div class="paragraph">
<p>vmzeus2</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilywannacry">mwdb:family="wannacry"</h4>
<div class="paragraph">
<p>wannacry</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyxagent">mwdb:family="xagent"</h4>
<div class="paragraph">
<p>xagent</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyzeus">mwdb:family="zeus"</h4>
<div class="paragraph">
<p>zeus</p>
</div>
</div>
<div class="sect3">
<h4 id="_mwdbfamilyzloader">mwdb:family="zloader"</h4>
<div class="paragraph">
<p>zloader</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_nato">nato</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
nato namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/nato/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>NATO classification markings.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_classification">classification</h3>
<div class="sect3">
<h4 id="_natoclassificationcts">nato:classification="CTS"</h4>
<div class="paragraph">
<p>COSMIC TOP SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationcts_b">nato:classification="CTS-B"</h4>
<div class="paragraph">
<p>COSMIC TOP SECRET BOHEMIA</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationns">nato:classification="NS"</h4>
<div class="paragraph">
<p>NATO SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationnc">nato:classification="NC"</h4>
<div class="paragraph">
<p>NATO CONFIDENTIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationnr">nato:classification="NR"</h4>
<div class="paragraph">
<p>NATO RESTRICTED</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationnu">nato:classification="NU"</h4>
<div class="paragraph">
<p>NATO UNCLASSIFIED</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationcts_a">nato:classification="CTS-A"</h4>
<div class="paragraph">
<p>COSMIC TOP SECRET ATOMAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationns_a">nato:classification="NS-A"</h4>
<div class="paragraph">
<p>SECRET ATOMAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_natoclassificationnc_a">nato:classification="NC-A"</h4>
<div class="paragraph">
<p>CONFIDENTIAL ATOMAL</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_nis">nis</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
nis namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/nis/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The taxonomy is meant for large scale cybersecurity incidents, as mentioned in the Commission Recommendation of 13 September 2017, also known as the blueprint. It has two core parts: The nature of the incident, i.e. the underlying cause, that triggered the incident, and the impact of the incident, i.e. the impact on services, in which sector(s) of economy and society.</p>
</div>
<div class="sect2">
<h3 id="_impact_sectors_impacted">impact-sectors-impacted</h3>
<div class="paragraph">
<p>The impact on services, in the real world, indicating the sectors of the society and economy, where there is an impact on the services.</p>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedenergy">nis:impact-sectors-impacted="energy"</h4>
<div class="paragraph">
<p>Energy</p>
</div>
<div class="paragraph">
<p>The impact is in the Energy sector and its subsectors such as electricity, oil, or gas, for example, impacting electricity suppliers, power plants, distribution system operators, transmission system operators, oil transmission, natural gas distribution, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedtransport">nis:impact-sectors-impacted="transport"</h4>
<div class="paragraph">
<p>Transport</p>
</div>
<div class="paragraph">
<p>The impact is in the transport sector and subsectors such as air, rail, water, road, for example, impacting air traffic control systems, railway companies, maritime port authorities, road traffic management systems, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedbanking">nis:impact-sectors-impacted="banking"</h4>
<div class="paragraph">
<p>Banking</p>
</div>
<div class="paragraph">
<p>The impact is in the Banking sector, for example impacting banks, online banking, credit services, payment services, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedfinancial">nis:impact-sectors-impacted="financial"</h4>
<div class="paragraph">
<p>Financial</p>
</div>
<div class="paragraph">
<p>The impact is in the Financial market infrastructure sector, for example, impacting traders, trading platforms, clearing services, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedhealth">nis:impact-sectors-impacted="health"</h4>
<div class="paragraph">
<p>Health</p>
</div>
<div class="paragraph">
<p>The impact is in the Health sector, for example, impacting hospitals, medical devices, medicine supply, pharmacies, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impacteddrinking_water">nis:impact-sectors-impacted="drinking-water"</h4>
<div class="paragraph">
<p>Drinking water</p>
</div>
<div class="paragraph">
<p>The impact is in the Drinking water supply and distribution sector, for example impacting drinking water supply, drinking water distribution systems, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impacteddigital_infrastructure">nis:impact-sectors-impacted="digital-infrastructure"</h4>
<div class="paragraph">
<p>Digital infrastructure</p>
</div>
<div class="paragraph">
<p>The impact is in the Digital infrastructure sector, for example impacting internet exchange points, domain name systems, top level domain registries, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedcommunications">nis:impact-sectors-impacted="communications"</h4>
<div class="paragraph">
<p>Communications</p>
</div>
<div class="paragraph">
<p>The impact is in the Electronic communications sector, for example,impacting mobile network services, fixed telephone lines, satellite communications, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impacteddigital_services">nis:impact-sectors-impacted="digital-services"</h4>
<div class="paragraph">
<p>Digital services</p>
</div>
<div class="paragraph">
<p>The impact is in the digital services sector, for example, impacting cloud services, online market places, online search engines, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedtrust_and_identification_services">nis:impact-sectors-impacted="trust-and-identification-services"</h4>
<div class="paragraph">
<p>Trust and identification services</p>
</div>
<div class="paragraph">
<p>The impact is in the electronic trust and identification services, for example, impacting certificate authorities, electronic identity systems, smartcards, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_sectors_impactedgovernment">nis:impact-sectors-impacted="government"</h4>
<div class="paragraph">
<p>Government</p>
</div>
<div class="paragraph">
<p>The impact is in the government sector, for example, impacting the functioning of public administrations, elections, or emergency services</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impact_severity">impact-severity</h3>
<div class="paragraph">
<p>The severity of the impact, nationally, in the real world, for society and/or the economy, i.e. the level of disruption for the country or a large region of the country, the level of risks for health and/or safety, the level of physical damages and/or financial costs.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_nisimpact_severityred">nis:impact-severity="red"</h4>
<div class="paragraph">
<p>Red</p>
</div>
<div class="paragraph">
<p>Very large impact</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_severityyellow">nis:impact-severity="yellow"</h4>
<div class="paragraph">
<p>Yellow</p>
</div>
<div class="paragraph">
<p>Large impact.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_severitygreen">nis:impact-severity="green"</h4>
<div class="paragraph">
<p>Green</p>
</div>
<div class="paragraph">
<p>Minor impact.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_severitywhite">nis:impact-severity="white"</h4>
<div class="paragraph">
<p>White</p>
</div>
<div class="paragraph">
<p>No impact.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impact_outlook">impact-outlook</h3>
<div class="paragraph">
<p>The outlook for the incident, the prognosis, for the coming hours, considering the impact in the real world, the impact on services, for the society and/or the economy</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_nisimpact_outlookimproving">nis:impact-outlook="improving"</h4>
<div class="paragraph">
<p>Improving</p>
</div>
<div class="paragraph">
<p>Severity of impact is expected to decrease in the next 6 hours.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_outlookstable">nis:impact-outlook="stable"</h4>
<div class="paragraph">
<p>Stable</p>
</div>
<div class="paragraph">
<p>Severity of impact is expected to remain the same in the 6 hours.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisimpact_outlookworsening">nis:impact-outlook="worsening"</h4>
<div class="paragraph">
<p>Worsening</p>
</div>
<div class="paragraph">
<p>Severity of impact is expected to increase in the next 6 hours.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nature_root_cause">nature-root-cause</h3>
<div class="paragraph">
<p>The Root cause category is used to indicate what type event or threat triggered the incident.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_nisnature_root_causesystem_failures">nis:nature-root-cause="system-failures"</h4>
<div class="paragraph">
<p>System failures</p>
</div>
<div class="paragraph">
<p>The incident is due to a failure of a system, i.e. without external causes. For example a hardware failure, software bug, a flaw in a procedure, etc. triggered the incident.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisnature_root_causenatural_phenomena">nis:nature-root-cause="natural-phenomena"</h4>
<div class="paragraph">
<p>Natural phenomena</p>
</div>
<div class="paragraph">
<p>The incident is due to a natural phenomenon. For example a storm, lightning, solar flare, flood, earthquake, wildfire, etc. triggered the incident.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisnature_root_causehuman_errors">nis:nature-root-cause="human-errors"</h4>
<div class="paragraph">
<p>Human errors</p>
</div>
<div class="paragraph">
<p>The incident is due to a human error, i.e. system worked correctly, but was used wrong. For example, a mistake, or carelessness triggered the incident.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisnature_root_causemalicious_actions">nis:nature-root-cause="malicious-actions"</h4>
<div class="paragraph">
<p>Malicious actions</p>
</div>
<div class="paragraph">
<p>The incident is due to a malicious action. For example, a cyber-attack or physical attack, vandalism, sabotage, insider attack, theft, etc., triggered the incident.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisnature_root_causethird_party_failures">nis:nature-root-cause="third-party-failures"</h4>
<div class="paragraph">
<p>Third party failures</p>
</div>
<div class="paragraph">
<p>The incident is due to a disruption of a third party service, like a utility. For example a power cut, or an internet outage, etc. triggered the incident.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nature_severity">nature-severity</h3>
<div class="paragraph">
<p>The severity of the threat is used to indicate, from a technical perspective, the potential impact, the risk associated with the threat. For example, the severity is high if an upcoming storm is exceptionally strong, if an observed DDoS attack is exceptionally powerful, or if a software vulnerability is easily exploited and present in many different systems. For example, in certain situations a critical software vulnerability would require concerted and urgent work by different organizations.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_nisnature_severityhigh">nis:nature-severity="high"</h4>
<div class="paragraph">
<p>High</p>
</div>
<div class="paragraph">
<p>High severity, potential impact is high.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisnature_severitymedium">nis:nature-severity="medium"</h4>
<div class="paragraph">
<p>Medium</p>
</div>
<div class="paragraph">
<p>Medium severity, potential impact is medium.</p>
</div>
</div>
<div class="sect3">
<h4 id="_nisnature_severitylow">nis:nature-severity="low"</h4>
<div class="paragraph">
<p>Low</p>
</div>
<div class="paragraph">
<p>Low severity, potential impact is low.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_test_3">test</h3>
<div class="paragraph">
<p>A test predicate meant to test interoperability between tools. Tags contained within this predicate are to be ignored.</p>
</div>
<div class="sect3">
<h4 id="_nistesttest">nis:test="test"</h4>
<div class="paragraph">
<p>Test</p>
</div>
<div class="paragraph">
<p>Test value meant for testing interoperability. Tags with this value are to be ignored.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_open_threat">open_threat</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
open_threat namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/open_threat/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Open Threat Taxonomy v1.1 base on James Tarala of SANS <a href="http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf" class="bare">http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf</a>, <a href="https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Using-Open-Tools-to-Convert-Threat-Intelligence-into-Practical-Defenses-James-Tarala-SANS-Institute.pdf" class="bare">https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Using-Open-Tools-to-Convert-Threat-Intelligence-into-Practical-Defenses-James-Tarala-SANS-Institute.pdf</a>, <a href="https://www.youtube.com/watch?v=5rdGOOFC_yE" class="bare">https://www.youtube.com/watch?v=5rdGOOFC_yE</a>, and <a href="https://www.rsaconference.com/writable/presentations/file_upload/str-r04_using-an-open-source-threat-model-for-prioritized-defense-final.pdf" class="bare">https://www.rsaconference.com/writable/presentations/file_upload/str-r04_using-an-open-source-threat-model-for-prioritized-defense-final.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_threat_category">threat-category</h3>
<div class="sect3">
<h4 id="_open_threatthreat_categoryphysical">open_threat:threat-category="Physical"</h4>
<div class="paragraph">
<p>Threats to the confidentiality, integrity, or availability of information systems that are physical in nature. These threats generally describe actions that could lead to the theft, harm, or destruction of information systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_categoryresource">open_threat:threat-category="Resource"</h4>
<div class="paragraph">
<p>Threats to the confidentiality, integrity, or availability of information systems that are the result of a lack of resources required by the information system. These threats often cause failures of information systems through a disruption of resources required for operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_categorypersonal">open_threat:threat-category="Personal"</h4>
<div class="paragraph">
<p>Threats to the confidentiality, integrity, or availability of information systems that are the result of failures or actions performed by an organizations personnel. These threats can be the result of deliberate or accidental actions that cause harm to information systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_categorytechnical">open_threat:threat-category="Technical"</h4>
<div class="paragraph">
<p>Threats to the confidentiality, integrity, or availability of information systems that are technical in nature. These threats are most often considered when identifying threats and constitute the technical actions performed by a threat actor that can cause harm to an information system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_threat_name">threat-name</h3>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_001">open_threat:threat-name="PHY-001"</h4>
<div class="paragraph">
<p>Loss of Property - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_002">open_threat:threat-name="PHY-002"</h4>
<div class="paragraph">
<p>Theft of Property - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_003">open_threat:threat-name="PHY-003"</h4>
<div class="paragraph">
<p>Accidental Destruction of Property - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_004">open_threat:threat-name="PHY-004"</h4>
<div class="paragraph">
<p>Natural Destruction of Property - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_005">open_threat:threat-name="PHY-005"</h4>
<div class="paragraph">
<p>Intentional Destruction of Property - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_006">open_threat:threat-name="PHY-006"</h4>
<div class="paragraph">
<p>Intentional Sabotage of Property - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_007">open_threat:threat-name="PHY-007"</h4>
<div class="paragraph">
<p>Intentional Vandalism of Property - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_008">open_threat:threat-name="PHY-008"</h4>
<div class="paragraph">
<p>Electrical System Failure - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_009">open_threat:threat-name="PHY-009"</h4>
<div class="paragraph">
<p>Heating, Ventilation, Air Conditioning (HVAC) Failure - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_010">open_threat:threat-name="PHY-010"</h4>
<div class="paragraph">
<p>Structural Facility Failure - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_011">open_threat:threat-name="PHY-011"</h4>
<div class="paragraph">
<p>Water Distribution System Failure - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_012">open_threat:threat-name="PHY-012"</h4>
<div class="paragraph">
<p>Sanitation System Failure - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_013">open_threat:threat-name="PHY-013"</h4>
<div class="paragraph">
<p>Natural Gas Distribution Failure - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_namephy_014">open_threat:threat-name="PHY-014"</h4>
<div class="paragraph">
<p>Electronic Media Failure - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_001">open_threat:threat-name="RES-001"</h4>
<div class="paragraph">
<p>Disruption of Water Resources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_002">open_threat:threat-name="RES-002"</h4>
<div class="paragraph">
<p>Disruption of Fuel Resources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_003">open_threat:threat-name="RES-003"</h4>
<div class="paragraph">
<p>Disruption of Materials Resources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_004">open_threat:threat-name="RES-004"</h4>
<div class="paragraph">
<p>Disruption of Electrical Resources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_005">open_threat:threat-name="RES-005"</h4>
<div class="paragraph">
<p>Disruption of Transportation Services - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_006">open_threat:threat-name="RES-006"</h4>
<div class="paragraph">
<p>Disruption of Communications Services - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_007">open_threat:threat-name="RES-007"</h4>
<div class="paragraph">
<p>Disruption of Emergency Services - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_008">open_threat:threat-name="RES-008"</h4>
<div class="paragraph">
<p>Disruption of Governmental Services - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_009">open_threat:threat-name="RES-009"</h4>
<div class="paragraph">
<p>Supplier Viability - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_010">open_threat:threat-name="RES-010"</h4>
<div class="paragraph">
<p>Supplier Supply Chain Failure - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_011">open_threat:threat-name="RES-011"</h4>
<div class="paragraph">
<p>Logistics Provider Failures - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_012">open_threat:threat-name="RES-012"</h4>
<div class="paragraph">
<p>Logistics Route Disruptions - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameres_013">open_threat:threat-name="RES-013"</h4>
<div class="paragraph">
<p>Technology Services Manipulation - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameper_001">open_threat:threat-name="PER-001"</h4>
<div class="paragraph">
<p>Personnel Labor / Skills Shortage - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameper_002">open_threat:threat-name="PER-002"</h4>
<div class="paragraph">
<p>Loss of Personnel Resources - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameper_003">open_threat:threat-name="PER-003"</h4>
<div class="paragraph">
<p>Disruption of Personnel Resources - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameper_004">open_threat:threat-name="PER-004"</h4>
<div class="paragraph">
<p>Social Engineering of Personnel Resources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameper_005">open_threat:threat-name="PER-005"</h4>
<div class="paragraph">
<p>Negligent Personnel Resources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameper_006">open_threat:threat-name="PER-006"</h4>
<div class="paragraph">
<p>Personnel Mistakes / Errors - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nameper_007">open_threat:threat-name="PER-007"</h4>
<div class="paragraph">
<p>Personnel Inaction - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_001">open_threat:threat-name="TEC-001"</h4>
<div class="paragraph">
<p>Organizational Fingerprinting via Open Sources - Rating:</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_002">open_threat:threat-name="TEC-002"</h4>
<div class="paragraph">
<p>System Fingerprinting via Open Sources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_003">open_threat:threat-name="TEC-003"</h4>
<div class="paragraph">
<p>System Fingerprinting via Scanning - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_004">open_threat:threat-name="TEC-004"</h4>
<div class="paragraph">
<p>System Fingerprinting via Sniffing - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_005">open_threat:threat-name="TEC-005"</h4>
<div class="paragraph">
<p>Credential Discovery via Open Sources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_006">open_threat:threat-name="TEC-006"</h4>
<div class="paragraph">
<p>Credential Discovery via Scanning - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_007">open_threat:threat-name="TEC-007"</h4>
<div class="paragraph">
<p>Credential Discovery via Sniffing - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_008">open_threat:threat-name="TEC-008"</h4>
<div class="paragraph">
<p>Credential Discovery via Brute Force - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_009">open_threat:threat-name="TEC-009"</h4>
<div class="paragraph">
<p>Credential Discovery via Cracking - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_010">open_threat:threat-name="TEC-010"</h4>
<div class="paragraph">
<p>Credential Discovery via Guessing - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_011">open_threat:threat-name="TEC-011"</h4>
<div class="paragraph">
<p>Credential Discovery via Pre-Computational Attacks - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_012">open_threat:threat-name="TEC-012"</h4>
<div class="paragraph">
<p>Misuse of System Credentials - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_013">open_threat:threat-name="TEC-013"</h4>
<div class="paragraph">
<p>Escalation of Privilege - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_014">open_threat:threat-name="TEC-014"</h4>
<div class="paragraph">
<p>Abuse of System Privileges - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_015">open_threat:threat-name="TEC-015"</h4>
<div class="paragraph">
<p>Memory Manipulation - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_016">open_threat:threat-name="TEC-016"</h4>
<div class="paragraph">
<p>Cache Poisoning - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_017">open_threat:threat-name="TEC-017"</h4>
<div class="paragraph">
<p>Physical Manipulation of Technical Device - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_018">open_threat:threat-name="TEC-018"</h4>
<div class="paragraph">
<p>Manipulation of Trusted System - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_019">open_threat:threat-name="TEC-019"</h4>
<div class="paragraph">
<p>Cryptanalysis - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_020">open_threat:threat-name="TEC-020"</h4>
<div class="paragraph">
<p>Data Leakage / Theft - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_021">open_threat:threat-name="TEC-021"</h4>
<div class="paragraph">
<p>Denial of Service - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_022">open_threat:threat-name="TEC-022"</h4>
<div class="paragraph">
<p>Maintaining System Persistence - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_023">open_threat:threat-name="TEC-023"</h4>
<div class="paragraph">
<p>Manipulation of Data in Transit / Use - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_024">open_threat:threat-name="TEC-024"</h4>
<div class="paragraph">
<p>Capture of Data in Transit / Use via Sniffing - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_025">open_threat:threat-name="TEC-025"</h4>
<div class="paragraph">
<p>Capture of Data in Transit / Use via Debugging - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_026">open_threat:threat-name="TEC-026"</h4>
<div class="paragraph">
<p>Capture of Data in Transit / Use via Keystroke Logging - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_027">open_threat:threat-name="TEC-027"</h4>
<div class="paragraph">
<p>Replay of Data in Transit / Use - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_028">open_threat:threat-name="TEC-028"</h4>
<div class="paragraph">
<p>Misdelivery of Data - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_029">open_threat:threat-name="TEC-029"</h4>
<div class="paragraph">
<p>Capture of Stored Data - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_030">open_threat:threat-name="TEC-030"</h4>
<div class="paragraph">
<p>Manipulation of Stored Data - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_031">open_threat:threat-name="TEC-031"</h4>
<div class="paragraph">
<p>Application Exploitation via Input Manipulation - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_032">open_threat:threat-name="TEC-032"</h4>
<div class="paragraph">
<p>Application Exploitation via Parameter Injection - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_033">open_threat:threat-name="TEC-033"</h4>
<div class="paragraph">
<p>Application Exploitation via Code Injection - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_034">open_threat:threat-name="TEC-034"</h4>
<div class="paragraph">
<p>Application Exploitation via Command Injection - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_035">open_threat:threat-name="TEC-035"</h4>
<div class="paragraph">
<p>Application Exploitation via Path Traversal - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_036">open_threat:threat-name="TEC-036"</h4>
<div class="paragraph">
<p>Application Exploitation via API Abuse - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_037">open_threat:threat-name="TEC-037"</h4>
<div class="paragraph">
<p>Application Exploitation via Fuzzing - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_038">open_threat:threat-name="TEC-038"</h4>
<div class="paragraph">
<p>Application Exploitation via Reverse Engineering - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_039">open_threat:threat-name="TEC-039"</h4>
<div class="paragraph">
<p>Application Exploitation via Resource Location Guessing - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_040">open_threat:threat-name="TEC-040"</h4>
<div class="paragraph">
<p>Application Exploitation via Source Code Manipulation - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threatthreat_nametec_041">open_threat:threat-name="TEC-041"</h4>
<div class="paragraph">
<p>Application Exploitation via Authentication Bypass - Rating: 2.0</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_osint">osint</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
osint namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/osint/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Open Source Intelligence - Classification (MISP taxonomies)</p>
</div>
<div class="sect2">
<h3 id="_source_type">source-type</h3>
<div class="sect3">
<h4 id="_osintsource_typeblog_post">osint:source-type="blog-post"</h4>
<div class="paragraph">
<p>Blog post</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typemicroblog_post">osint:source-type="microblog-post"</h4>
<div class="paragraph">
<p>Microblog post like Twitter</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typetechnical_report">osint:source-type="technical-report"</h4>
<div class="paragraph">
<p>Technical or analysis report</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typepresentation">osint:source-type="presentation"</h4>
<div class="paragraph">
<p>Presentation or slidedeck</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typenews_report">osint:source-type="news-report"</h4>
<div class="paragraph">
<p>News report</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typepastie_website">osint:source-type="pastie-website"</h4>
<div class="paragraph">
<p>Pastie-like website</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeelectronic_forum">osint:source-type="electronic-forum"</h4>
<div class="paragraph">
<p>Electronic forum</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typemailing_list">osint:source-type="mailing-list"</h4>
<div class="paragraph">
<p>Mailing-list</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeblock_or_filter_list">osint:source-type="block-or-filter-list"</h4>
<div class="paragraph">
<p>Block or Filter List</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typesource_code_repository">osint:source-type="source-code-repository"</h4>
<div class="paragraph">
<p>Source code repository</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeaccessible_evidence">osint:source-type="accessible-evidence"</h4>
<div class="paragraph">
<p>Infrastructure allowing the gathering of the evidences such as open directories, public web services or left over on public services</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeexpansion">osint:source-type="expansion"</h4>
<div class="paragraph">
<p>Expansion</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeautomatic_analysis">osint:source-type="automatic-analysis"</h4>
<div class="paragraph">
<p>Automatic analysis including dynamic analysis or sandboxes output</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeautomatic_collection">osint:source-type="automatic-collection"</h4>
<div class="paragraph">
<p>Automatic collection including honeypots, spamtraps or equivalent technologies</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typemanual_analysis">osint:source-type="manual-analysis"</h4>
<div class="paragraph">
<p>Manual analysis or investigation</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typemanual_collection">osint:source-type="manual-collection"</h4>
<div class="paragraph">
<p>Manual collection from crawlers, honeypots, spamtraps, gathering tools or equivalent technologies</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeunknown">osint:source-type="unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintsource_typeother">osint:source-type="other"</h4>
<div class="paragraph">
<p>Other source not specified in this list</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_lifetime">lifetime</h3>
<div class="sect3">
<h4 id="_osintlifetimeperpetual">osint:lifetime="perpetual"</h4>
<div class="paragraph">
<p>Perpetual</p>
</div>
<div class="paragraph">
<p>Information available publicly on long-term</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintlifetimeephemeral">osint:lifetime="ephemeral"</h4>
<div class="paragraph">
<p>Ephemeral</p>
</div>
<div class="paragraph">
<p>Information available publicly on short-term</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_certainty_2">certainty</h3>
<div class="sect3">
<h4 id="_osintcertainty100">osint:certainty="100"</h4>
<div class="paragraph">
<p>Certainty (probability equals 1 - 100%)</p>
</div>
<div class="paragraph">
<p>Certainty</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintcertainty93">osint:certainty="93"</h4>
<div class="paragraph">
<p>Almost certain (probability equals 0.93 - 93%)</p>
</div>
<div class="paragraph">
<p>Almost certain</p>
</div>
<div class="paragraph">
<p>Associated numerical value="93"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintcertainty75">osint:certainty="75"</h4>
<div class="paragraph">
<p>Probable (probability equals 0.75 - 75%)</p>
</div>
<div class="paragraph">
<p>Probable</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintcertainty50">osint:certainty="50"</h4>
<div class="paragraph">
<p>Chances about even (probability equals 0.50 - 50%)</p>
</div>
<div class="paragraph">
<p>Chances about even</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintcertainty30">osint:certainty="30"</h4>
<div class="paragraph">
<p>Probably not (probability equals 0.30 - 30%)</p>
</div>
<div class="paragraph">
<p>Probably not</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintcertainty7">osint:certainty="7"</h4>
<div class="paragraph">
<p>Almost certainly not (probability equals 0.07 - 7%)</p>
</div>
<div class="paragraph">
<p>Almost certainly not</p>
</div>
<div class="paragraph">
<p>Associated numerical value="7"</p>
</div>
</div>
<div class="sect3">
<h4 id="_osintcertainty0">osint:certainty="0"</h4>
<div class="paragraph">
<p>Impossibility (probability equals 0 - 0%)</p>
</div>
<div class="paragraph">
<p>Impossibility</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_pandemic_2">pandemic</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
pandemic namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/pandemic/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Pandemic</p>
</div>
<div class="sect2">
<h3 id="_covid_19">covid-19</h3>
<div class="sect3">
<h4 id="_pandemiccovid_19health">pandemic:covid-19="health"</h4>
<div class="paragraph">
<p>Health</p>
</div>
<div class="paragraph">
<p>Information tagged about COVID-19 and related to health</p>
</div>
</div>
<div class="sect3">
<h4 id="_pandemiccovid_19cyber">pandemic:covid-19="cyber"</h4>
<div class="paragraph">
<p>Cyber</p>
</div>
<div class="paragraph">
<p>Information tagged about COVID-19 and related to cybersecurity</p>
</div>
</div>
<div class="sect3">
<h4 id="_pandemiccovid_19disinformation">pandemic:covid-19="disinformation"</h4>
<div class="paragraph">
<p>Disinformation</p>
</div>
<div class="paragraph">
<p>Information tagged about COVID-19 and related to disinformation</p>
</div>
</div>
<div class="sect3">
<h4 id="_pandemiccovid_19geostrategy">pandemic:covid-19="geostrategy"</h4>
<div class="paragraph">
<p>Geostrategy</p>
</div>
<div class="paragraph">
<p>Information tagged about COVID-19 and related to geostrategy or geopolitics</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_passivetotal">passivetotal</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
passivetotal namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/passivetotal/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Tags from RiskIQ&#8217;s PassiveTotal service</p>
</div>
<div class="sect2">
<h3 id="_sinkholed">sinkholed</h3>
<div class="sect3">
<h4 id="_passivetotalsinkholedyes">passivetotal:sinkholed="yes"</h4>
<div class="paragraph">
<p>Yes</p>
</div>
</div>
<div class="sect3">
<h4 id="_passivetotalsinkholedno">passivetotal:sinkholed="no"</h4>
<div class="paragraph">
<p>No</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ever_compromised">ever-compromised</h3>
<div class="sect3">
<h4 id="_passivetotalever_compromisedyes">passivetotal:ever-compromised="yes"</h4>
<div class="paragraph">
<p>Yes</p>
</div>
</div>
<div class="sect3">
<h4 id="_passivetotalever_compromisedno">passivetotal:ever-compromised="no"</h4>
<div class="paragraph">
<p>No</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dynamic_dns">dynamic-dns</h3>
<div class="sect3">
<h4 id="_passivetotaldynamic_dnsyes">passivetotal:dynamic-dns="yes"</h4>
<div class="paragraph">
<p>Yes</p>
</div>
</div>
<div class="sect3">
<h4 id="_passivetotaldynamic_dnsno">passivetotal:dynamic-dns="no"</h4>
<div class="paragraph">
<p>No</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_class">class</h3>
<div class="sect3">
<h4 id="_passivetotalclassmalicious">passivetotal:class="malicious"</h4>
<div class="paragraph">
<p>Malicious</p>
</div>
</div>
<div class="sect3">
<h4 id="_passivetotalclasssuspicious">passivetotal:class="suspicious"</h4>
<div class="paragraph">
<p>Suspicious</p>
</div>
</div>
<div class="sect3">
<h4 id="_passivetotalclassnon_malicious">passivetotal:class="non-malicious"</h4>
<div class="paragraph">
<p>Non Malicious</p>
</div>
</div>
<div class="sect3">
<h4 id="_passivetotalclassunknown">passivetotal:class="unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_pentest">pentest</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
pentest namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/pentest/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Penetration test (pentest) classification.</p>
</div>
<div class="sect2">
<h3 id="_approach">approach</h3>
<div class="paragraph">
<p>This is group is dealing with differents types of pentest</p>
</div>
<div class="sect3">
<h4 id="_pentestapproachblackbox">pentest:approach="blackbox"</h4>
<div class="paragraph">
<p>Blackbox penetration test requires no prior information about the target network or application and is actually performed keeping it as a real world hacker attack scenario. (<a href="https://www.evolution-sec.com/en/products/blackbox-penetration-testing" class="bare">https://www.evolution-sec.com/en/products/blackbox-penetration-testing</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestapproachgreybox">pentest:approach="greybox"</h4>
<div class="paragraph">
<p>Gray box testing lies between black and white. Testers will have knowledge of some areas but not others. These areas are defined at the start of an engagement.(<a href="https://www.intelisecure.com/security-assessments-pen-testing/approaches/" class="bare">https://www.intelisecure.com/security-assessments-pen-testing/approaches/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestapproachwhitebox">pentest:approach="whitebox"</h4>
<div class="paragraph">
<p>White box, or authenticated tests, target the security of your underlying technology with full knowledge of your IT department. Information typically shared with the tester includes: network diagrams, IP addresses, system configurations and access credentials.(<a href="https://www.intelisecure.com/security-assessments-pen-testing/approaches/" class="bare">https://www.intelisecure.com/security-assessments-pen-testing/approaches/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestapproachvulnerability_scanning">pentest:approach="vulnerability_scanning"</h4>
<div class="paragraph">
<p>Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. (<a href="https://www.techopedia.com/definition/4160/vulnerability-scanning" class="bare">https://www.techopedia.com/definition/4160/vulnerability-scanning</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestapproachredteam">pentest:approach="redteam"</h4>
<div class="paragraph">
<p>A red team is an group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view without any predefined scope. (<a href="https://en.wikipedia.org/wiki/Red_team" class="bare">https://en.wikipedia.org/wiki/Red_team</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_scan">scan</h3>
<div class="paragraph">
<p>Automated tool that perform network checks</p>
</div>
<div class="sect3">
<h4 id="_pentestscanvertical">pentest:scan="vertical"</h4>
<div class="paragraph">
<p>A scan against multiple ports of a single IP.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestscanhorizontal">pentest:scan="horizontal"</h4>
<div class="paragraph">
<p>A scan against a group of IPs for a single port.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestscannetwork_scan">pentest:scan="network_scan"</h4>
<div class="paragraph">
<p>It is the discovery of networks and machines with services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestscanvulnerability">pentest:scan="vulnerability"</h4>
<div class="paragraph">
<p>Vulnerability scanning is a security technique used to identify security weaknesses in a computer system. (<a href="https://www.techopedia.com/definition/4160/vulnerability-scanning" class="bare">https://www.techopedia.com/definition/4160/vulnerability-scanning</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_2">exploit</h3>
<div class="paragraph">
<p>Exploitation of a vulnerability</p>
</div>
<div class="sect3">
<h4 id="_pentestexploittype_confusion">pentest:exploit="type confusion"</h4>
<div class="paragraph">
<p>When a piece of code doesnt verify the type of object that is passed to it, and uses it blindly without type-checking, it leads to type confusion. (<a href="https://cloudblogs.microsoft.com/microsoftsecure/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/" class="bare">https://cloudblogs.microsoft.com/microsoftsecure/2015/06/17/understanding-type-confusion-vulnerabilities-cve-2015-0336/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestexploitformat_strings">pentest:exploit="format_strings"</h4>
<div class="paragraph">
<p>The format string exploit occurs when the submitted data of an input string leads to arbitrary read or write in the memory. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system. (<a href="https://www.owasp.org/index.php/Format_string_attack" class="bare">https://www.owasp.org/index.php/Format_string_attack</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestexploitstack_overflow">pentest:exploit="stack_overflow"</h4>
<div class="paragraph">
<p>In software, a stack overflow is type of buffer overflow that occurs if the call stack pointer exceeds the stack bound. (<a href="https://en.wikipedia.org/wiki/Stack_overflow" class="bare">https://en.wikipedia.org/wiki/Stack_overflow</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestexploitheap_overflow">pentest:exploit="heap_overflow"</h4>
<div class="paragraph">
<p>A heap overflow is a type of buffer overflow that occurs in the heap data area. (<a href="https://en.wikipedia.org/wiki/Heap_overflow" class="bare">https://en.wikipedia.org/wiki/Heap_overflow</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestexploitheap_spraying">pentest:exploit="heap_spraying"</h4>
<div class="paragraph">
<p>Heap spraying is a technique used in exploits to facilitate arbitrary code execution. In general, code that sprays the heap attempts to put a certain sequence of bytes at a predetermined location in the memory of a target process by having it allocate (large) blocks on the process&#8217;s heap and fill the bytes in these blocks with the right values. (<a href="https://en.wikipedia.org/wiki/Heap_spraying" class="bare">https://en.wikipedia.org/wiki/Heap_spraying</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestexploitfuzzing">pentest:exploit="fuzzing"</h4>
<div class="paragraph">
<p>Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. (<a href="https://en.wikipedia.org/wiki/Fuzzing" class="bare">https://en.wikipedia.org/wiki/Fuzzing</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestexploitrop">pentest:exploit="ROP"</h4>
<div class="paragraph">
<p>The Return-Oriented Programming (ROP) is a computer security exploit technique in which the attacker uses control of the call stack to indirectly execute cherry-picked machine instructions or groups of machine instructions immediately prior to the return instruction in subroutines within the existing program code, in a way similar to the execution of a threaded code interpreter. (<a href="https://en.wikipedia.org/wiki/Return-oriented_programming" class="bare">https://en.wikipedia.org/wiki/Return-oriented_programming</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestexploitnull_pointer_dereference">pentest:exploit="null_pointer_dereference"</h4>
<div class="paragraph">
<p>A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. (<a href="https://cwe.mitre.org/data/definitions/476.html" class="bare">https://cwe.mitre.org/data/definitions/476.html</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_post_exploitation">post_exploitation</h3>
<div class="paragraph">
<p>Utilizing post exploitation techniques will ensure that a penetration tester maintains some level of access and can potentially lead to deeper footholds into the targets trusted infrastructure. (<a href="https://www.offensive-security.com/metasploit-unleashed/msf-post-exploitation/" class="bare">https://www.offensive-security.com/metasploit-unleashed/msf-post-exploitation/</a>)</p>
</div>
<div class="sect3">
<h4 id="_pentestpost_exploitationprivilege_escalation">pentest:post_exploitation="privilege_escalation"</h4>
<div class="paragraph">
<p>Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. (<a href="https://en.wikipedia.org/wiki/Privilege_escalation" class="bare">https://en.wikipedia.org/wiki/Privilege_escalation</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestpost_exploitationpivoting">pentest:post_exploitation="pivoting"</h4>
<div class="paragraph">
<p>Pivoting refers to a method used by penetration testers that uses the compromised system to attack other systems on the same network to avoid restrictions such as firewall configurations, which may prohibit direct access to all machines. (<a href="https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting" class="bare">https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestpost_exploitationpassword_cracking">pentest:post_exploitation="password_cracking"</h4>
<div class="paragraph">
<p>Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. (<a href="https://en.wikipedia.org/wiki/Password_cracking" class="bare">https://en.wikipedia.org/wiki/Password_cracking</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestpost_exploitationpersistence">pentest:post_exploitation="persistence"</h4>
<div class="paragraph">
<p>The persistence is when a penetration tester let him a way to keep its exploitation on a machine or a domain even if the system is rebooted.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestpost_exploitationdata_exfiltration">pentest:post_exploitation="data_exfiltration"</h4>
<div class="paragraph">
<p>After an exploitation of a machine, a penetration tester will try to exfiltrate sensitive data.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_web_2">web</h3>
<div class="paragraph">
<p>This is group is dealing with web vulnerabilities</p>
</div>
<div class="sect3">
<h4 id="_pentestwebinjection">pentest:web="injection"</h4>
<div class="paragraph">
<p>Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution. (<a href="https://en.wikipedia.org/wiki/Code_injection" class="bare">https://en.wikipedia.org/wiki/Code_injection</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebsqli">pentest:web="SQLi"</h4>
<div class="paragraph">
<p>An SQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the SQL backend database. The malicious data then produces database query results or actions that should never have been executed.(<a href="https://www.techopedia.com/definition/4126/sql-injection" class="bare">https://www.techopedia.com/definition/4126/sql-injection</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebnosqli">pentest:web="NoSQLi"</h4>
<div class="paragraph">
<p>An NoSQL injection is a computer attack in which malicious code is embedded in a poorly-designed application and then passed to the NoSQL backend database. The malicious data then produces database query results or actions that should never have been executed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebxml_injection">pentest:web="XML injection"</h4>
<div class="paragraph">
<p>XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application. Further, XML injection can cause the insertion of malicious content into the resulting message/document.(<a href="http://projects.webappsec.org/w/page/13247004/XML%20Injection" class="bare">http://projects.webappsec.org/w/page/13247004/XML%20Injection</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebcsrf">pentest:web="CSRF"</h4>
<div class="paragraph">
<p>Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they&#8217;re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.(<a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)" class="bare">https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebssrf">pentest:web="SSRF"</h4>
<div class="paragraph">
<p>Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network. (<a href="https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/" class="bare">https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebxss">pentest:web="XSS"</h4>
<div class="paragraph">
<p>Cross-site scripting (XSS) is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user&#8217;s browser or by an application that has not protected itself against cross-site scripting. (<a href="https://www.webopedia.com/TERM/X/XSS.html" class="bare">https://www.webopedia.com/TERM/X/XSS.html</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebfile_inclusion">pentest:web="file_inclusion"</h4>
<div class="paragraph">
<p>The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation. (<a href="https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion" class="bare">https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebweb_tree_discovery">pentest:web="web_tree_discovery"</h4>
<div class="paragraph">
<p>A web tree discovery is a brute force directories and files names on web/application server</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebbruteforce">pentest:web="bruteforce"</h4>
<div class="paragraph">
<p>A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. (<a href="https://en.wikipedia.org/wiki/Brute-force_attack" class="bare">https://en.wikipedia.org/wiki/Brute-force_attack</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestwebfuzzing">pentest:web="fuzzing"</h4>
<div class="paragraph">
<p>Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. (<a href="https://en.wikipedia.org/wiki/Fuzzing" class="bare">https://en.wikipedia.org/wiki/Fuzzing</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_network">network</h3>
<div class="paragraph">
<p>This is group is dealing with network vulnerabilities</p>
</div>
<div class="sect3">
<h4 id="_pentestnetworksniffing">pentest:network="sniffing"</h4>
<div class="paragraph">
<p>Sniffing involves capturing, decoding, inspecting and interpreting the information inside a network packet on a TCP/IP network. (<a href="http://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html" class="bare">http://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestnetworkspoofing">pentest:network="spoofing"</h4>
<div class="paragraph">
<p>Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. (<a href="https://www.techopedia.com/definition/5398/spoofing" class="bare">https://www.techopedia.com/definition/5398/spoofing</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestnetworkman_in_the_middle">pentest:network="man_in_the_middle"</h4>
<div class="paragraph">
<p>man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. (<a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack" class="bare">https://en.wikipedia.org/wiki/Man-in-the-middle_attack</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestnetworknetwork_discovery">pentest:network="network_discovery"</h4>
<div class="paragraph">
<p>It is the discovery of networks and machines with services.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_social_engineering">social_engineering</h3>
<div class="paragraph">
<p>Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. (<a href="https://krashconsulting.com/index.php/services/sea/" class="bare">https://krashconsulting.com/index.php/services/sea/</a>)</p>
</div>
<div class="sect3">
<h4 id="_pentestsocial_engineeringphishing">pentest:social_engineering="phishing"</h4>
<div class="paragraph">
<p>Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. (<a href="https://en.wikipedia.org/wiki/Phishing" class="bare">https://en.wikipedia.org/wiki/Phishing</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestsocial_engineeringmalware">pentest:social_engineering="malware"</h4>
<div class="paragraph">
<p>Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of harmful or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. (<a href="https://en.wikipedia.org/wiki/Malware" class="bare">https://en.wikipedia.org/wiki/Malware</a>)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerability_2">vulnerability</h3>
<div class="paragraph">
<p>This is group is dealing with the classification of weaknesses and vulnerabilities</p>
</div>
<div class="sect3">
<h4 id="_pentestvulnerabilitycwe">pentest:vulnerability="CWE"</h4>
<div class="paragraph">
<p>Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weakness types. (<a href="https://cwe.mitre.org/about/" class="bare">https://cwe.mitre.org/about/</a>)</p>
</div>
</div>
<div class="sect3">
<h4 id="_pentestvulnerabilitycve">pentest:vulnerability="CVE"</h4>
<div class="paragraph">
<p>Common Vulnerabilities and Exposures (CVE) is a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures. (<a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures" class="bare">https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures</a>)</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_phishing_2">phishing</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
phishing namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/phishing/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status.</p>
</div>
<div class="sect2">
<h3 id="_techniques">techniques</h3>
<div class="paragraph">
<p>Phishing techniques used.</p>
</div>
<div class="sect3">
<h4 id="_phishingtechniquesfake_website">phishing:techniques="fake-website"</h4>
<div class="paragraph">
<p>Social engineering fake website</p>
</div>
<div class="paragraph">
<p>Adversary controls a fake website to phish for credentials or information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingtechniquesemail_spoofing">phishing:techniques="email-spoofing"</h4>
<div class="paragraph">
<p>Social engineering email spoofing</p>
</div>
<div class="paragraph">
<p>Adversary sends email with domains related to target. Adversary controls the domains used.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingtechniquesclone_phishing">phishing:techniques="clone-phishing"</h4>
<div class="paragraph">
<p>Clone phishing</p>
</div>
<div class="paragraph">
<p>Adversary clones an email to target potential victims with duplicated content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingtechniquesvoice_phishing">phishing:techniques="voice-phishing"</h4>
<div class="paragraph">
<p>Voice phishing</p>
</div>
<div class="paragraph">
<p>Adversary uses voice-based techniques to trick a potential victim to give credentials or sensitive information. This is also known as vishing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingtechniquessearch_engines_abuse">phishing:techniques="search-engines-abuse"</h4>
<div class="paragraph">
<p>Social engineering search engines abuse</p>
</div>
<div class="paragraph">
<p>Adversary controls the search engine result to get an advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingtechniquessms_phishing">phishing:techniques="sms-phishing"</h4>
<div class="paragraph">
<p>SMS phishing</p>
</div>
<div class="paragraph">
<p>Adversary sends an SMS to a potential victims to gather sensitive information or use another phishing technique at a later stage.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingtechniquesbusiness_email_compromise">phishing:techniques="business email compromise"</h4>
<div class="paragraph">
<p>Business Email Compromise</p>
</div>
<div class="paragraph">
<p>Adversary sends an email containing a malicious artefact from a legitimate business email address which has connections to you as an individual or your organisation.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_distribution_2">distribution</h3>
<div class="paragraph">
<p>How the phishing is distributed.</p>
</div>
<div class="sect3">
<h4 id="_phishingdistributionspear_phishing">phishing:distribution="spear-phishing"</h4>
<div class="paragraph">
<p>Spear phishing</p>
</div>
<div class="paragraph">
<p>Adversary attempts targeted phishing to a user or a specific group of users based on knowledge known by the adversary.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingdistributionbulk_phishing">phishing:distribution="bulk-phishing"</h4>
<div class="paragraph">
<p>Bulk phishing</p>
</div>
<div class="paragraph">
<p>Adversary attempts to target a large group of potential targets without specific knowledge of the victims.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingdistributionwhaling">phishing:distribution="whaling"</h4>
<div class="paragraph">
<p>Whaling phishing</p>
</div>
<div class="paragraph">
<p>Adversary attempts to target executives and high-level employees (like public spokespersons).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_report_type">report-type</h3>
<div class="paragraph">
<p>How the phishing information was reported.</p>
</div>
<div class="sect3">
<h4 id="_phishingreport_typemanual_reporting">phishing:report-type="manual-reporting"</h4>
<div class="paragraph">
<p>Manual reporting</p>
</div>
<div class="paragraph">
<p>Phishing reported by a human (e.g. tickets, manual reporting).</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingreport_typeautomatic_reporting">phishing:report-type="automatic-reporting"</h4>
<div class="paragraph">
<p>Automatic reporting</p>
</div>
<div class="paragraph">
<p>Phishing collected by automatic reporting (e.g. phishing report tool, API).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_report_origin">report-origin</h3>
<div class="paragraph">
<p>Origin or source of the phishing information such as tools or services.</p>
</div>
<div class="sect3">
<h4 id="_phishingreport_originurl_abuse">phishing:report-origin="url-abuse"</h4>
<div class="paragraph">
<p>url-abuse</p>
</div>
<div class="paragraph">
<p>CIRCL url-abuse service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingreport_originlookyloo">phishing:report-origin="lookyloo"</h4>
<div class="paragraph">
<p>lookyloo</p>
</div>
<div class="paragraph">
<p>CIRCL lookyloo service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingreport_originphishtank">phishing:report-origin="phishtank"</h4>
<div class="paragraph">
<p>Phishtank</p>
</div>
<div class="paragraph">
<p>Phishtank service.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingreport_originspambee">phishing:report-origin="spambee"</h4>
<div class="paragraph">
<p>Spambee</p>
</div>
<div class="paragraph">
<p>C-3 Spambee service.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_2">action</h3>
<div class="paragraph">
<p>Action(s) taken related to the phishing tagged with this taxonomy.</p>
</div>
<div class="sect3">
<h4 id="_phishingactiontake_down">phishing:action="take-down"</h4>
<div class="paragraph">
<p>Take down</p>
</div>
<div class="paragraph">
<p>Take down notification sent to the operator where the phishing infrastructure is hosted.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingactionpending_law_enforcement_request">phishing:action="pending-law-enforcement-request"</h4>
<div class="paragraph">
<p>Pending law enforcement request</p>
</div>
<div class="paragraph">
<p>Law enforcement requests are ongoing on the phishing infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingactionpending_dispute_resolution">phishing:action="pending-dispute-resolution"</h4>
<div class="paragraph">
<p>Pending dispute resolution</p>
</div>
<div class="paragraph">
<p>Dispute resolution sent to competent authorities (e.g. domain authority, trademark dispute).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state">state</h3>
<div class="paragraph">
<p>State of the phishing.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_phishingstateunknown">phishing:state="unknown"</h4>
<div class="paragraph">
<p>Phishing state is unknown or cannot be evaluated</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingstateactive">phishing:state="active"</h4>
<div class="paragraph">
<p>Phishing state is active and actively used by the adversary</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingstatedown">phishing:state="down"</h4>
<div class="paragraph">
<p>Phishing state is known to be down</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_psychological_acceptability">psychological-acceptability</h3>
<div class="paragraph">
<p>Quality of the phishing by its level of acceptance by the target.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_phishingpsychological_acceptabilityunknown">phishing:psychological-acceptability="unknown"</h4>
<div class="paragraph">
<p>Phishing acceptance rate is unknown.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingpsychological_acceptabilitylow">phishing:psychological-acceptability="low"</h4>
<div class="paragraph">
<p>Phishing acceptance rate is low.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingpsychological_acceptabilitymedium">phishing:psychological-acceptability="medium"</h4>
<div class="paragraph">
<p>Phishing acceptance rate is medium.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingpsychological_acceptabilityhigh">phishing:psychological-acceptability="high"</h4>
<div class="paragraph">
<p>Phishing acceptance rate is high.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_principle_of_persuasion">principle-of-persuasion</h3>
<div class="paragraph">
<p>The principle of persuasion used during the attack to higher psychological acceptability.</p>
</div>
<div class="sect3">
<h4 id="_phishingprinciple_of_persuasionauthority">phishing:principle-of-persuasion="authority"</h4>
<div class="paragraph">
<p>Society trains people not to question authority so they are conditioned to respond to it. People usually follow an expert or pretense of authority and do a great deal for someone they think is an authority.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingprinciple_of_persuasionsocial_proof">phishing:principle-of-persuasion="social-proof"</h4>
<div class="paragraph">
<p>People tend to mimic what the majority of people do or seem to be doing. People let their guard and suspicion down when everyone else appears to share the same behaviours and risks. In this way, they will not be held solely responsible for their actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingprinciple_of_persuasionliking_similarity_deception">phishing:principle-of-persuasion="liking-similarity-deception"</h4>
<div class="paragraph">
<p>People prefer to abide to whom (they think) they know or like, or to whom they are similar to or familiar with, as well as attracted to.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingprinciple_of_persuasioncommitment_reciprocation_consistency">phishing:principle-of-persuasion="commitment-reciprocation-consistency"</h4>
<div class="paragraph">
<p>People feel more confident in their decision once they commit (publically) to a specific action and need to follow it through until the end. This is true whether in the workplace, or in a situation when their action is illegal. People have tendency to believe what others say and need, and they want to appear consistent in what they do, for instance, when they owe a favour. There is an automatic response of repaying a favour.</p>
</div>
</div>
<div class="sect3">
<h4 id="_phishingprinciple_of_persuasiondistraction">phishing:principle-of-persuasion="distraction"</h4>
<div class="paragraph">
<p>People focus on one thing and ignore other things that may happen without them noticing; they focus attention on what they can gain, what they need, what they can lose or miss out on, or if that thing will soon be unavailable, has been censored, restricted or will be more expensive later. These distractions can heighten peoples emotional state and make them forget other logical facts to consider when making decisions.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_political_spectrum">political-spectrum</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
political-spectrum namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/political-spectrum/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A political spectrum is a system to characterize and classify different political positions in relation to one another.</p>
</div>
<div class="sect2">
<h3 id="_ideology">ideology</h3>
<div class="paragraph">
<p>Political ideologies are one of the major organizing features of political parties, and parties often officially align themselves with specific ideologies.</p>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologyagrarianism">political-spectrum:ideology="agrarianism"</h4>
<div class="paragraph">
<p>Agrarianism</p>
</div>
<div class="paragraph">
<p>political and social philosophy that has promoted subsistence agriculture, smallholdings, egalitarianism, with agrarian political parties normally supporting the rights and sustainability of small farmers and poor peasants against the wealthy in society.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologyanarchism">political-spectrum:ideology="anarchism"</h4>
<div class="paragraph">
<p>Anarchism</p>
</div>
<div class="paragraph">
<p>Anarchism is a political philosophy and movement that is sceptical of authority and rejects all involuntary, coercive forms of hierarchy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologycentrism">political-spectrum:ideology="centrism"</h4>
<div class="paragraph">
<p>Centrism</p>
</div>
<div class="paragraph">
<p>Centrism is a political outlook or position that involves acceptance and/or support of a balance of social equality and a degree of social hierarchy, while opposing political changes which would result in a significant shift of society strongly to either the left or the right.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologychristian_democracy">political-spectrum:ideology="christian-democracy"</h4>
<div class="paragraph">
<p>Christian Democracy</p>
</div>
<div class="paragraph">
<p>combination of modern democratic ideas and traditional Christian values, incorporating social justice as well as the social teachings espoused by the Catholic, Lutheran, Reformed, Pentecostal and other denominational traditions of Christianity in various parts of the world. After World War II, Catholic and Protestant movements of neo-scholasticism and the Social Gospel, respectively, played a role in shaping Christian democracy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologycommunism">political-spectrum:ideology="communism"</h4>
<div class="paragraph">
<p>Communism</p>
</div>
<div class="paragraph">
<p>Communism is a philosophical, social, political, and economic ideology and movement whose goal is the establishment of a communist society, namely a socioeconomic order structured upon the ideas of common ownership of the means of production and the absence of social classes, money, and the state.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologyconservatism">political-spectrum:ideology="conservatism"</h4>
<div class="paragraph">
<p>Conservatism</p>
</div>
<div class="paragraph">
<p>Conservatism is an aesthetic, cultural, social, and political philosophy, which seeks to promote and to preserve traditional social institutions. The central tenets of conservatism may vary in relation to the traditional values or practices of the culture and civilization in which it appears. In Western culture, conservatives seek to preserve a range of institutions such as organized religion, parliamentary government, and property rights. Adherents of conservatism often oppose modernism and seek a return to traditional values.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologydemocratic_socialism">political-spectrum:ideology="democratic-socialism"</h4>
<div class="paragraph">
<p>Democratic socialism</p>
</div>
<div class="paragraph">
<p>Democratic socialism is a political philosophy that supports political democracy within a socially owned economy, with a particular emphasis on economic democracy, workplace democracy, and workers' self-management within a market socialist economy, or an alternative form of decentralised planned socialist economy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologyfascism">political-spectrum:ideology="fascism"</h4>
<div class="paragraph">
<p>Fascism</p>
</div>
<div class="paragraph">
<p>Fascism is a form of far-right, authoritarian ultranationalism characterized by dictatorial power, forcible suppression of opposition, and strong regimentation of society and of the economy, which came to prominence in early 20th-century Europe.Fascists believe that liberal democracy is obsolete. They regard the complete mobilization of society under a totalitarian one-party state as necessary to prepare a nation for armed conflict and to respond effectively to economic difficulties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologyfeminism">political-spectrum:ideology="feminism"</h4>
<div class="paragraph">
<p>Feminism</p>
</div>
<div class="paragraph">
<p>Feminism is a range of social movements and ideologies that aim to define and establish the political, economic, personal, and social equality of the sexes. Feminism incorporates the position that societies prioritize the male point of view, and that women are treated unjustly within those societies. Efforts to change that include fighting against gender stereotypes and establishing educational, professional, and interpersonal opportunities and outcomes for women that are equal to those for men.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologygreen_politics">political-spectrum:ideology="green-politics"</h4>
<div class="paragraph">
<p>Green politics</p>
</div>
<div class="paragraph">
<p>Green politics, or ecopolitics, is a political ideology that aims to foster an ecologically sustainable society often, but not always, rooted in environmentalism, nonviolence, social justice and grassroots democracy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologyislamism">political-spectrum:ideology="islamism"</h4>
<div class="paragraph">
<p>Islamism</p>
</div>
<div class="paragraph">
<p>Islamism (also often called political Islam or Islamic fundamentalism) is a political ideology which posits that modern states and regions should be reconstituted in constitutional, economic and judicial terms, in accordance with what is conceived as a revival or a return to authentic Islamic practice in its totality.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologyliberalism">political-spectrum:ideology="liberalism"</h4>
<div class="paragraph">
<p>Liberalism</p>
</div>
<div class="paragraph">
<p>Liberalism is a political and moral philosophy based on liberty, consent of the governed and equality before the law. Liberals espouse a wide array of views depending on their understanding of these principles, but they generally support individual rights (including civil rights and human rights), democracy, secularism, freedom of speech, freedom of the press, freedom of religion and a market economy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologylibertarianism">political-spectrum:ideology="libertarianism"</h4>
<div class="paragraph">
<p>Libertarianism</p>
</div>
<div class="paragraph">
<p>Libertarianism is a political philosophy that upholds liberty as a core principle. Libertarians seek to maximize autonomy and political freedom, emphasizing free association, freedom of choice, individualism and voluntary association. Libertarians share a skepticism of authority and state power, but some libertarians diverge on the scope of their opposition to existing economic and political systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologymonarchism">political-spectrum:ideology="monarchism"</h4>
<div class="paragraph">
<p>Monarchism</p>
</div>
<div class="paragraph">
<p>Monarchism is the advocacy of the system of monarchy or monarchical rule.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologypacifism">political-spectrum:ideology="pacifism"</h4>
<div class="paragraph">
<p>Pacifism</p>
</div>
<div class="paragraph">
<p>Pacifism covers a spectrum of views, including the belief that international disputes can and should be peacefully resolved, calls for the abolition of the institutions of the military and war, opposition to any organization of society through governmental force (anarchist or libertarian pacifism), rejection of the use of physical violence to obtain political, economic or social goals, the obliteration of force, and opposition to violence under any circumstance, even defence of self and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologysocial_democracy">political-spectrum:ideology="social-democracy"</h4>
<div class="paragraph">
<p>Social democracy</p>
</div>
<div class="paragraph">
<p>Social democracy is a political, social, and economic philosophy within socialism that supports political and economic democracy. As a policy regime, it is described by academics as advocating economic and social interventions to promote social justice within the framework of a liberal-democratic polity and a capitalist-oriented mixed economy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumideologysocialism">political-spectrum:ideology="socialism"</h4>
<div class="paragraph">
<p>Socialism</p>
</div>
<div class="paragraph">
<p>Socialism is a political, social, and economic philosophy encompassing a range of economic and social systems characterised by social ownership of the means of production. It includes the political theories and movements associated with such systems. Social ownership can be public, collective, cooperative, or of equity. While no single definition encapsulates the many types of socialism, social ownership is the one common element.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_left_right_spectrum">left-right-spectrum</h3>
<div class="paragraph">
<p>The leftright political spectrum is a system of classifying political positions characteristic of left-right politics, ideologies and parties with emphasis placed on issues of social equality and social hierarchy.</p>
</div>
<div class="sect3">
<h4 id="_political_spectrumleft_right_spectrumfar_left">political-spectrum:left-right-spectrum="far-left"</h4>
<div class="paragraph">
<p>Far-left</p>
</div>
<div class="paragraph">
<p>There are different definitions of the far-left. It could represent the left of social democraty, or also limited to the left of communist parties. Sometimes it is also associated with some forms of anarchism and communims, or groupsthat advocate for revolutionary anti-capitalism and anti-globalization.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumleft_right_spectrumcentre_left">political-spectrum:left-right-spectrum="centre-left"</h4>
<div class="paragraph">
<p>Centre-left</p>
</div>
<div class="paragraph">
<p>Also refered as moderate-left politics. Believes in working within the established systems to improve social justice. Promotes a degree of social equality that it believes is achievable through promoting equal opportunity. Emphasizes that the achievement of equality requires personal responsibility in areas in control by the individual person through their abilities and talents as well as social responsibility in areas outside control by the person in their abilities or talents.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumleft_right_spectrumradical_centre">political-spectrum:left-right-spectrum="radical-centre"</h4>
<div class="paragraph">
<p>Radical centre</p>
</div>
<div class="paragraph">
<p>The radical in the term refers to a willingness on the part of most radical centrists to call for fundamental reform of institutions.[ The centrism refers to a belief that genuine solutions require realism and pragmatism, not just idealism and emotion. Radical centrists borrow ideas from the left and the right, often melding them together.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumleft_right_spectrumcentre_right">political-spectrum:left-right-spectrum="centre-right"</h4>
<div class="paragraph">
<p>Centre-right</p>
</div>
<div class="paragraph">
<p>Also referred to as moderate-right politics. Ideologies characterised as centre-right include liberal conservatism and some variants of liberalism and Christian democracy, among others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_political_spectrumleft_right_spectrumfar_right">political-spectrum:left-right-spectrum="far-right"</h4>
<div class="paragraph">
<p>Far-right</p>
</div>
<div class="paragraph">
<p>Referred to as the extreme right or right-wing extremism. Are usually described as anti-communist, authoritarian, ultranationalist, and having nativist ideologies and tendencies. Today far-right politics include neo-fascism, neo-Nazism, the Third Position, the alt-right, racial supremacism, and other ideologies or organizations that feature aspects of ultranationalist, chauvinist, xenophobic, theocratic, racist, homophobic, transphobic, or reactionary views.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_priority_level">priority-level</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
priority-level namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/priority-level/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on <a href="https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System" class="bare">https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System</a>.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_emergency">emergency</h3>
<div class="paragraph">
<p>An Emergency priority incident poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or the lives of U.S. persons.</p>
</div>
<div class="sect3">
<h4 id="_priority_levelemergency">priority-level:emergency</h4>
<div class="paragraph">
<p>Emergency</p>
</div>
<div class="paragraph">
<p>An Emergency priority incident poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or the lives of U.S. persons.</p>
</div>
<div class="paragraph">
<p>100</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_severe">severe</h3>
<div class="paragraph">
<p>A Severe priority incident is likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.</p>
</div>
<div class="sect3">
<h4 id="_priority_levelsevere">priority-level:severe</h4>
<div class="paragraph">
<p>Severe</p>
</div>
<div class="paragraph">
<p>A Severe priority incident is likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.</p>
</div>
<div class="paragraph">
<p>90</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_high">high</h3>
<div class="paragraph">
<p>A High priority incident is likely to result in a demonstrable impact to public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
<div class="sect3">
<h4 id="_priority_levelhigh">priority-level:high</h4>
<div class="paragraph">
<p>High</p>
</div>
<div class="paragraph">
<p>A High priority incident is likely to result in a demonstrable impact to public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
<div class="paragraph">
<p>85</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_medium">medium</h3>
<div class="paragraph">
<p>A Medium priority incident may affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
<div class="sect3">
<h4 id="_priority_levelmedium">priority-level:medium</h4>
<div class="paragraph">
<p>Medium</p>
</div>
<div class="paragraph">
<p>A Medium priority incident may affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
<div class="paragraph">
<p>75</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_low">low</h3>
<div class="paragraph">
<p>A Low priority incident is unlikely to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
<div class="sect3">
<h4 id="_priority_levellow">priority-level:low</h4>
<div class="paragraph">
<p>Low</p>
</div>
<div class="paragraph">
<p>A Low priority incident is unlikely to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
<div class="paragraph">
<p>50</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_baseline_minor">baseline-minor</h3>
<div class="paragraph">
<p>A BaselineMinor priority incident is an incident that is highly unlikely to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. The potential for impact, however, exists and warrants additional scrutiny.</p>
</div>
<div class="sect3">
<h4 id="_priority_levelbaseline_minor">priority-level:baseline-minor</h4>
<div class="paragraph">
<p>Baseline - Minor</p>
</div>
<div class="paragraph">
<p>A BaselineMinor priority incident is an incident that is highly unlikely to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence. The potential for impact, however, exists and warrants additional scrutiny.</p>
</div>
<div class="paragraph">
<p>25</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_baseline_negligible">baseline-negligible</h3>
<div class="paragraph">
<p>A BaselineNegligible priority incident is an incident that is highly unlikely to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
<div class="sect3">
<h4 id="_priority_levelbaseline_negligible">priority-level:baseline-negligible</h4>
<div class="paragraph">
<p>Baseline - Negligible</p>
</div>
<div class="paragraph">
<p>A BaselineNegligible priority incident is an incident that is highly unlikely to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ransomware">ransomware</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ransomware namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/ransomware/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Ransomware is used to define ransomware types and the elements that compose them.</p>
</div>
<div class="sect2">
<h3 id="_type_5">type</h3>
<div class="paragraph">
<p>Type is used to describe the type of a ransomware and how it works.</p>
</div>
<div class="sect3">
<h4 id="_ransomwaretypescareware">ransomware:type="scareware"</h4>
<div class="paragraph">
<p>Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaretypelocker_ransomware">ransomware:type="locker-ransomware"</h4>
<div class="paragraph">
<p>Locker ransomware, also called screen locker, denies access to the browser, computer or device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaretypecrypto_ransomware">ransomware:type="crypto-ransomware"</h4>
<div class="paragraph">
<p>Crypto ransomware, also called data locker or cryptoware, prevents access to files or data. Crypto ransomware doesnt necessarily have to use encryption to stop users from accessing their data, but the vast majority of it does.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_element">element</h3>
<div class="paragraph">
<p>Elements that composed or are linked to a ransomware and its execution.</p>
</div>
<div class="sect3">
<h4 id="_ransomwareelementransomnote">ransomware:element="ransomnote"</h4>
<div class="paragraph">
<p>A ransomnote is the message left by the attacker to threaten their victim and ask for a ransom. It is usually seen as a text or HTML file, or a picture set as background.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareelementransomware_appended_extension">ransomware:element="ransomware-appended-extension"</h4>
<div class="paragraph">
<p>This is the extension added by the ransomware to the files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareelementransomware_encrypted_extensions">ransomware:element="ransomware-encrypted-extensions"</h4>
<div class="paragraph">
<p>This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareelementransomware_excluded_extensions">ransomware:element="ransomware-excluded-extensions"</h4>
<div class="paragraph">
<p>This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareelementdropper">ransomware:element="dropper"</h4>
<div class="paragraph">
<p>A dropper is a means of getting malware into a machine while bypassing the security checks, often by containing the malware inside of itself.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareelementdownloader">ransomware:element="downloader"</h4>
<div class="paragraph">
<p>A downloader is a means of getting malware into a machine while bypassing the security checks, by downloading it instead of containing it.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_complexity_level">complexity-level</h3>
<div class="paragraph">
<p>Level of complexity of the ransomware.</p>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelno_actual_encryption_scareware">ransomware:complexity-level="no-actual-encryption-scareware"</h4>
<div class="paragraph">
<p>No actual encryption (scareware). Infection merely poses as a ransomware by displaying a ransom note or message while not actually encrypting user files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_leveldisplay_ransomnote_before_encrypting">ransomware:complexity-level="display-ransomnote-before-encrypting"</h4>
<div class="paragraph">
<p>Displaying the ransom note before the encryption process commences. As seen in the case of Nemucod, some ransomware will display a ransom note before file encryption. This is a serious operational flaw in the ransomware. The victim or their antivirus solution could effectively take prompt evasive action to prevent ransomware from commencing encryption.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_leveldecryption_essentials_extracted_from_binary">ransomware:complexity-level="decryption-essentials-extracted-from-binary"</h4>
<div class="paragraph">
<p>Decryption essentials can be reverse engineered from ransomware code or the user&#8217;s system. For example, if the ransomware uses a hard-coded key, then it becomes straight-forward for malware analysts to extract the key by reverse engineering the ransomware binary.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelderived_encryption_key_predicted">ransomware:complexity-level="derived-encryption-key-predicted "</h4>
<div class="paragraph">
<p>Another possibility of reverse engineering the key is demonstrated in the case of Linux.Encoder, a type of ransomware where a timestamp on the system was used to create keys for encryption resulting in easy decryption provided that the timestamp is still accessible.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelsame_key_used_for_each_infection">ransomware:complexity-level="same-key used-for-each-infection"</h4>
<div class="paragraph">
<p>Ransomware uses the same key for every victim. If the same key is used to encrypt all victims during a campaign, then one victim can share the secret key with others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelencryption_circumvented">ransomware:complexity-level="encryption-circumvented"</h4>
<div class="paragraph">
<p>Decryption possible without key - files can be decrypted without the need for a key due to poor choice or implementation of the encryption algorithm. Consider the case of desuCrypt that used an RC4 stream cipher for encryption. Using a stream cipher with key reuse is vulnerable to known plaintext attacks and known ciphertext attacks due to key reuse and hence this is a poor implementation of an encryption algorithm.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelfile_restoration_possible_using_shadow_volume_copies">ransomware:complexity-level="file-restoration-possible-using-shadow-volume-copies"</h4>
<div class="paragraph">
<p>Files can be restored using Shadow Volume Copies (“Previous Versions”) on the New Technology File System (NTFS), that were neglected to be deleted by the ransomware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelfile_restoration_possible_using_backups">ransomware:complexity-level="file-restoration-possible-using-backups"</h4>
<div class="paragraph">
<p>Files can be restored using a System State backup, System Image backup or other means of backup mechanisms (such as third-party backup software) that will render the ransomware&#8217;s extortion attempt unsuccessful.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelkey_recovered_from_file_system_or_memory">ransomware:complexity-level="key-recovered-from-file-system-or-memory"</h4>
<div class="paragraph">
<p>Decryption key can be retrieved from the host machines file structure or memory by an average user without the need for an expert. In the case of CryptoDefense, the ransomware did not securely delete keys from the host machine. The user can examine the right file or folder to discover the decryption key.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_leveldue_diligence_prevented_ransomware_from_acquiring_key">ransomware:complexity-level="due-diligence-prevented-ransomware-from-acquiring-key"</h4>
<div class="paragraph">
<p>User can prevent ransomware from acquiring the encryption key. Ransomware belongs in this category if its encryption procedure can be interrupted or blocked by due diligence on part of the user. For example, CryptoLocker discussed above cannot commence operation until it receives a key from the C&amp;C server. A host or border firewall can block a list of known C&amp;C servers hence rendering ransomware ineffective.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelclick_and_run_decryptor_exists">ransomware:complexity-level="click-and-run-decryptor-exists"</h4>
<div class="paragraph">
<p>Easy “Click-and-run” solutions such as a decryptor has been created by the security community such that a user can simply run the program to decrypt all files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelkill_switch_exists_outside_of_attacker_s_control">ransomware:complexity-level="kill-switch-exists-outside-of-attacker-s-control"</h4>
<div class="paragraph">
<p>There exists a kill switch outside of an attackers control that renders the cryptoviral infection ineffective. For example, in the case of WannaCry, a global kill switch existed in the form of a domain name. The ransomware reached out to this domain before commencing encryption and if the domain existed, the ransomware aborted execution. This kill switch was outside the attackers control as anyone could register it and neutralize the ransomware outbreak.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_leveldecryption_key_recovered_from_a_cc_server_or_network_communications">ransomware:complexity-level="decryption-key-recovered-from-a-C&amp;C-server-or-network-communications"</h4>
<div class="paragraph">
<p>Key can be retrieved from a central location such as a C&amp;C server on a compromised host or gleaned with some difficulty from communication between ransomware on the host and the C&amp;C server. For instance, in the case of CryptoLocker, authorities were able to seize a network of compromised hosts used to spread CryptoLocker and gain access to decryption essentials of around 500,000 victims.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelcustom_encryption_algorithm_used">ransomware:complexity-level="custom-encryption-algorithm-used"</h4>
<div class="paragraph">
<p>Ransomware uses custom encryption techniques and violates the fundamental rule of cryptography: “do not roll your own crypto.” It is tempting to design a custom cipher that one cannot break themselves, however it will likely not withstand the scrutiny of professional cryptanalysts. Amateur custom cryptography in the ransomware implies there will likely soon be a solution to decrypt files without paying the ransom. An example of this is an early variant of the GPCode ransomware that emerged in 2005 with weak custom encryption.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_leveldecryption_key_recovered_under_specialized_lab_setting">ransomware:complexity-level="decryption-key-recovered-under-specialized-lab-setting"</h4>
<div class="paragraph">
<p>Key can only be retrieved under rare, specialized laboratory settings. For example, in the case of WannaCry, a vulnerability in a cryptographic API on an unpatched Windows XP system allowed users to acquire from RAM the prime numbers used to compute private keys and hence retrieve the decryption key. However, the victim had to have been running a specific version of Windows XP and be fortunate enough that the related address space in memory has not been reallocated to another process. In another example, it is theoretically possible to reverse WannaCry encryption by exploiting a flaw in the pseudo-random-number-generator (PRNG) in an unpatched Windows XP system that reveals keys generated in the past. Naturally, these specialized conditions are not true for most victims.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelsmall_subset_of_files_left_unencrypted">ransomware:complexity-level="small-subset-of-files-left-unencrypted"</h4>
<div class="paragraph">
<p>A small subset of files left unencrypted by the ransomware for any number of reasons. Certain ransomware are known to only encrypt a file if its size exceeds a predetermined value. In addition, ransomware might decrypt a few files for free to prove decryption is possible. In such cases, a small number of victims may be lucky enough to only need these unencrypted files and can tolerate loss of the rest.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecomplexity_levelencryption_model_is_seemingly_flawless">ransomware:complexity-level="encryption-model-is-seemingly-flawless"</h4>
<div class="paragraph">
<p>Encryption model is resistant to cryptographic attacks and has been implemented seemingly flawlessly such that there are no known vulnerabilities in its execution. Simply put, there is no proven way yet to decrypt the files without paying the ransom.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_purpose_2">purpose</h3>
<div class="paragraph">
<p>Purpose of the ransomware.</p>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_as_ransomware_extortion">ransomware:purpose="deployed-as-ransomware-extortion"</h4>
<div class="paragraph">
<p>This has been the traditional approach - ransomware is installed on the victim&#8217;s machine, and its only purpose is to create income for the cybercriminal(s). In fact, ransomware is simple extortion, but via digital means.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_to_showcase_skills_for_fun_or_for_testing_purposes">ransomware:purpose="deployed-to-showcase-skills-for-fun-or-for-testing-purposes"</h4>
<div class="paragraph">
<p>Some cybercriminals like to show off, and as such create the side-business of ransomware, or, more particularly to showcase their coding skills.
Another example may be to send ransomware 'as a joke' or for fun to your friends, and giving them a bad time.
Some cybercriminals may be testing the waters by deploying ransomware in an organisation, to stress-test the defenses, or to test their own programming skills, or the lack thereof.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_as_smokescreen">ransomware:purpose="deployed-as-smokescreen"</h4>
<div class="paragraph">
<p>A very interesting occurrence indeed: ransomware is installed to hide the real purpose of whatever the cybercriminal or attacker is doing. This may be data exfiltration, lateral movement, or anything else, in theory, everything is a possible scenario&#8230;&#8203; except for the ransomware itself.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_to_cause_frustration">ransomware:purpose="deployed-to-cause-frustration"</h4>
<div class="paragraph">
<p>Another possible angle that goes hand in hand with the classic extortion scheme - deploying ransomware with intent of frustrating the victim. Basically, cyber bullying. While there may be a request for a monetary amount, it is not the purpose.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_out_of_frustration">ransomware:purpose="deployed-out-of-frustration"</h4>
<div class="paragraph">
<p>Sometimes, an attacker may gain initial access to a server or other machine, but consequent attempts to, for example, exfiltrate data or attack other machine, is unsuccessful. This may be due to a number of things, but often due to the access being discovered, and quickly patched. On the other hand, it may have not been discovered yet, but the attacker is sitting with the same problem: the purpose is not fulfilled. Then, out of frustration, or to gain at least something out of the victim, the machine gets trashed with ransomware. Another possibility is a disgruntled employee, leaving ransomware as a 'present' before leaving the company.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_as_a_cover_up">ransomware:purpose="deployed-as-a-cover-up"</h4>
<div class="paragraph">
<p>This may sound ambiguous at first, but imagine a scenario where a company may face sanctions, is already compromised, or has a running investigation. The company or organisation deploying ransomware itself, is a viable way of destroying data forever, and any evidence may be lost.
Another possibility is, in order to cover up a much larger compromise, ransomware is installed, and everything is formatted to hide what actually happened.
Again, there is also the possibility of a disgruntled employee, or even an intruder: which brings us back to 'deployed as a smokescreen'.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_as_a_penetration_test_or_user_awareness_training">ransomware:purpose="deployed-as-a-penetration-test-or-user-awareness-training"</h4>
<div class="paragraph">
<p>Ransomware is very effective in the sense that most people know what its purpose is, and the dangers it may cause. As such, it is an excellent tool that can be used for demonstration purposes, such as a user awareness training. Another possibility is an external pentest, with same purpose.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarepurposedeployed_as_a_means_of_disruption_destruction">ransomware:purpose="deployed-as-a-means-of-disruption-destruction"</h4>
<div class="paragraph">
<p>Last but not least - while ransomware can have several purposes, it can also serve a particularly nasty goal: destroy a company or organisation, or at least take them offline for several days, or even weeks.
Again, there are some possibilities, but this may be a rivalry company in a similar business, again a disgruntled employee, or to disrupt large organisations on a worldwide scale.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_target">target</h3>
<div class="paragraph">
<p>Target of the ransomware.</p>
</div>
<div class="sect3">
<h4 id="_ransomwaretargetpc_workstation">ransomware:target="pc-workstation"</h4>
<div class="paragraph">
<p>Ransomware that targets PCs or workstations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaretargetmobile_device">ransomware:target="mobile-device"</h4>
<div class="paragraph">
<p>Ransomware that targets mobile devices.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaretargetiot_cps_device">ransomware:target="iot-cps-device"</h4>
<div class="paragraph">
<p>Ransomware that targets IoT or CPS devoces.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaretargetend_user">ransomware:target="end-user"</h4>
<div class="paragraph">
<p>Ransomware that targets end users.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaretargetorganisation">ransomware:target="organisation"</h4>
<div class="paragraph">
<p>Ransomware that targets organisation.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infection">infection</h3>
<div class="paragraph">
<p>Infection vector used by the ransomware.</p>
</div>
<div class="sect3">
<h4 id="_ransomwareinfectionphishing_emails">ransomware:infection="phishing-e=mails"</h4>
<div class="paragraph">
<p>Malicious e-mails are the most commonly used infection vectors for ransomware. Attackers send spam e-mails to victims that have attachments containing ransomware. Such spam campaigns can be distributed using botnets. Ransomware may come with an attached malicious file, or the e-mail may contain a malicious link that will trigger the installation of ransomware once visited (drive-by download).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareinfectionsms_instant_message">ransomware:infection="sms-instant-message"</h4>
<div class="paragraph">
<p>SMS Messages or IMs are used frequently for mobile ransomware. In such kind of infections, attackers send SMS messages or IMs to the victims that will cause them to browse a malicious website to download ransomware to their platforms.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareinfectionmalicious_apps">ransomware:infection="malicious-apps"</h4>
<div class="paragraph">
<p>Malicious Applications are used by ransomware attackers who develop and deploy mobile applications that contain ransomware camouflaged as a benign application.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareinfectiondrive_by_download">ransomware:infection="drive-by-download"</h4>
<div class="paragraph">
<p>Drive-by download happens when a user unknowingly visits an infected website or clicks a malicious advertisement (i.e., malvertisement) and then the malware is downloaded and installed without the users knowledge.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwareinfectionvulnerabilities">ransomware:infection="vulnerabilities"</h4>
<div class="paragraph">
<p>Vulnerabilities in the victim platform such as vulnerabilities in operating systems, browsers, or software can be used by ransomware authors as infection vectors. Attackers can use helper applications, exploit kits, to exploit the known or zero-day vulnerabilities in target systems. Attackers can redirect victims to those kits via malvertisement and malicious links.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_communication">communication</h3>
<div class="paragraph">
<p>Communication method used by the ransomware;</p>
</div>
<div class="sect3">
<h4 id="_ransomwarecommunicationhard_coded_ip">ransomware:communication="hard-coded-ip"</h4>
<div class="paragraph">
<p>Ransomware connecting to C&amp;C via hard-coded IP addresses or domains</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwarecommunicationdga_based">ransomware:communication="dga-based"</h4>
<div class="paragraph">
<p>Ransomware connecting to C&amp;C via dynamically fast-fluxed/generated/shifted domain names using Domain Generation Algorithms (DGA)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malicious_action">malicious-action</h3>
<div class="paragraph">
<p>Malicious action performed by the ransomware.</p>
</div>
<div class="sect3">
<h4 id="_ransomwaremalicious_actionsymmetric_key_encryption">ransomware:malicious-action="symmetric-key-encryption"</h4>
<div class="paragraph">
<p>Ransomware that encrypts data using symmetric-key encryption.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaremalicious_actionasymmetric_key_encryption">ransomware:malicious-action="asymmetric-key-encryption"</h4>
<div class="paragraph">
<p>Ransomware that encrypts data using asymmetric-key encryption.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaremalicious_actionhybrid_key_encryption">ransomware:malicious-action="hybrid-key-encryption"</h4>
<div class="paragraph">
<p>Ransomware that encrypts data using hybrid-key encryption.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaremalicious_actionscreen_locking">ransomware:malicious-action="screen-locking"</h4>
<div class="paragraph">
<p>Ransomware that locks the systems graphical user interface and prevent access.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaremalicious_actionbrowser_locking">ransomware:malicious-action="browser-locking"</h4>
<div class="paragraph">
<p>Ransomware that locks slock web browser of the victim.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaremalicious_actionmbr_locking">ransomware:malicious-action="mbr-locking"</h4>
<div class="paragraph">
<p>Ransomware that locks Master Boot Records.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ransomwaremalicious_actiondata_exfiltration">ransomware:malicious-action="data-exfiltration"</h4>
<div class="paragraph">
<p>Ransomware that exfiltrates data.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_retention">retention</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
retention namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/retention/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Add a retenion time to events to automatically remove the IDS-flag on ip-dst or ip-src attributes. We calculate the time elapsed based on the date of the event. Supported time units are: d(ays), w(eeks), m(onths), y(ears). The numerical_value is just for sorting in the web-interface and is not used for calculations.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_expired">expired</h3>
<div class="sect3">
<h4 id="_retentionexpired">retention:expired</h4>
<div class="paragraph">
<p>Set when the retention period has expired</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_1d">1d</h3>
<div class="sect3">
<h4 id="_retention1d">retention:1d</h4>
<div class="paragraph">
<p>1 day</p>
</div>
<div class="paragraph">
<p>1</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_2d">2d</h3>
<div class="sect3">
<h4 id="_retention2d">retention:2d</h4>
<div class="paragraph">
<p>2 days</p>
</div>
<div class="paragraph">
<p>2</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_7d">7d</h3>
<div class="sect3">
<h4 id="_retention7d">retention:7d</h4>
<div class="paragraph">
<p>7 days</p>
</div>
<div class="paragraph">
<p>7</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_2w">2w</h3>
<div class="sect3">
<h4 id="_retention2w">retention:2w</h4>
<div class="paragraph">
<p>2 weeks</p>
</div>
<div class="paragraph">
<p>14</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_1m">1m</h3>
<div class="sect3">
<h4 id="_retention1m">retention:1m</h4>
<div class="paragraph">
<p>1 month</p>
</div>
<div class="paragraph">
<p>30</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_2m">2m</h3>
<div class="sect3">
<h4 id="_retention2m">retention:2m</h4>
<div class="paragraph">
<p>2 months</p>
</div>
<div class="paragraph">
<p>60</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_3m">3m</h3>
<div class="sect3">
<h4 id="_retention3m">retention:3m</h4>
<div class="paragraph">
<p>3 months</p>
</div>
<div class="paragraph">
<p>90</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_6m">6m</h3>
<div class="sect3">
<h4 id="_retention6m">retention:6m</h4>
<div class="paragraph">
<p>6 months</p>
</div>
<div class="paragraph">
<p>180</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_1y">1y</h3>
<div class="sect3">
<h4 id="_retention1y">retention:1y</h4>
<div class="paragraph">
<p>1 year</p>
</div>
<div class="paragraph">
<p>365</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_10y">10y</h3>
<div class="sect3">
<h4 id="_retention10y">retention:10y</h4>
<div class="paragraph">
<p>10 year</p>
</div>
<div class="paragraph">
<p>3650</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_rsit">rsit</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
rsit namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/rsit/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Reference Security Incident Classification Taxonomy</p>
</div>
<div class="sect2">
<h3 id="_abusive_content_5">abusive-content</h3>
<div class="paragraph">
<p>Abusive Content.</p>
</div>
<div class="sect3">
<h4 id="_rsitabusive_contentspam">rsit:abusive-content="spam"</h4>
<div class="paragraph">
<p>Spam</p>
</div>
<div class="paragraph">
<p>Or 'Unsolicited Bulk Email', this means that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having a functionally comparable content. This IOC refers to resources which make up spam infrastructure, for example, harvesters like address verification, URLs in spam emails, etc.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitabusive_contentharmful_speech">rsit:abusive-content="harmful-speech"</h4>
<div class="paragraph">
<p>Harmful Speech</p>
</div>
<div class="paragraph">
<p>Bullying, harassment or discrimination of somebody, e.g., cyber stalking, racism or threats against one or more individuals.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitabusive_contentviolence">rsit:abusive-content="violence"</h4>
<div class="paragraph">
<p>(Child) Sexual Exploitation/Sexual/Violent Content</p>
</div>
<div class="paragraph">
<p>Child Sexual Exploitation (CSE), sexual content, glorification of violence, etc.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malicious_code_3">malicious-code</h3>
<div class="paragraph">
<p>Software that is intentionally included or inserted in a system for a harmful purpose. A user interaction is normally necessary to activate the code.</p>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codeinfected_system">rsit:malicious-code="infected-system"</h4>
<div class="paragraph">
<p>Infected System</p>
</div>
<div class="paragraph">
<p>System infected with malware, e.g., a PC, smartphone or server infected with a rootkit. Most often this refers to a connection to a sinkholed command and control server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codec2_server">rsit:malicious-code="c2-server"</h4>
<div class="paragraph">
<p>C2 Server</p>
</div>
<div class="paragraph">
<p>Command and control server contacted by malware on infected systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codemalware_distribution">rsit:malicious-code="malware-distribution"</h4>
<div class="paragraph">
<p>Malware Distribution</p>
</div>
<div class="paragraph">
<p>URI used for malware distribution, e.g., a download URL included in fake invoice malware spam or exploit kits (on websites).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitmalicious_codemalware_configuration">rsit:malicious-code="malware-configuration"</h4>
<div class="paragraph">
<p>Malware Configuration</p>
</div>
<div class="paragraph">
<p>URI hosting a malware configuration file, e.g., web injects for a banking trojan.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering_6">information-gathering</h3>
<div class="paragraph">
<p>Information Gathering.</p>
</div>
<div class="sect3">
<h4 id="_rsitinformation_gatheringscanner">rsit:information-gathering="scanner"</h4>
<div class="paragraph">
<p>Scanning</p>
</div>
<div class="paragraph">
<p>Attacks that send requests to a system to discover weaknesses. This also includes testing processes to gather information on hosts, services and accounts. This includes fingerd, DNS querying, ICMP, SMTP (EXPN, RCPT, etc) port scanning.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_gatheringsniffing">rsit:information-gathering="sniffing"</h4>
<div class="paragraph">
<p>Sniffing</p>
</div>
<div class="paragraph">
<p>Observing and recording of network traffic (i.e. wiretapping).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_gatheringsocial_engineering">rsit:information-gathering="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
<div class="paragraph">
<p>Gathering information from a human being in a non-technical way (e.g., using lies, tricks, bribes, or threats).</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempts_3">intrusion-attempts</h3>
<div class="paragraph">
<p>Intrusion Attempts.</p>
</div>
<div class="sect3">
<h4 id="_rsitintrusion_attemptsids_alert">rsit:intrusion-attempts="ids-alert"</h4>
<div class="paragraph">
<p>Exploitation of Known Vulnerabilities</p>
</div>
<div class="paragraph">
<p>An attempt to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardised identifier such as CVE name (e.g., using a buffer overflow, backdoor, cross site scripting)</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusion_attemptsbrute_force">rsit:intrusion-attempts="brute-force"</h4>
<div class="paragraph">
<p>Login Attempts</p>
</div>
<div class="paragraph">
<p>Multiple brute-force login attempts (including guessing or cracking of passwords). This IOC refers to a resource, which has been observed to perform brute-force attacks over a given application protocol.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusion_attemptsexploit">rsit:intrusion-attempts="exploit"</h4>
<div class="paragraph">
<p>New Attack Signature</p>
</div>
<div class="paragraph">
<p>An attack using an unknown exploit.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusions_2">intrusions</h3>
<div class="paragraph">
<p>A successful compromise of a system or application (service). This can have been caused remotely by a known or new vulnerability, but also by an unauthorised local access. Also includes being part of a botnet.</p>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsprivileged_account_compromise">rsit:intrusions="privileged-account-compromise"</h4>
<div class="paragraph">
<p>Privileged Account Compromise</p>
</div>
<div class="paragraph">
<p>Compromise of a system where the attacker has gained administrative privileges.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsunprivileged_account_compromise">rsit:intrusions="unprivileged-account-compromise"</h4>
<div class="paragraph">
<p>Unprivileged Account Compromise</p>
</div>
<div class="paragraph">
<p>Compromise of a system using an unprivileged (user/service) account.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsapplication_compromise">rsit:intrusions="application-compromise"</h4>
<div class="paragraph">
<p>Application Compromise</p>
</div>
<div class="paragraph">
<p>Compromise of an application by exploiting (un)known software vulnerabilities, e.g., SQL injection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusionssystem_compromise">rsit:intrusions="system-compromise"</h4>
<div class="paragraph">
<p>System Compromise</p>
</div>
<div class="paragraph">
<p>Compromise of a system, e.g., unauthorised logins or commands. This includes attempts to compromise honeypot systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitintrusionsburglary">rsit:intrusions="burglary"</h4>
<div class="paragraph">
<p>Burglary</p>
</div>
<div class="paragraph">
<p>Physical intrusion, e.g., into a corporate building or data centre.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability_5">availability</h3>
<div class="paragraph">
<p>By this kind of an attack a system is bombarded with so many packets that the operations are delayed or the system crashes. DoS examples are ICMP and SYN floods, Teardrop attacks and mail-bombing. DDoS often is based on DoS attacks originating from botnets, but also other scenarios exist like DNS Amplification attacks. However, the availability also can be affected by local actions (destruction, disruption of power supply, etc.) or by Act of God, spontaneous failures or human error, without malice or gross neglect being involved.</p>
</div>
<div class="sect3">
<h4 id="_rsitavailabilitydos">rsit:availability="dos"</h4>
<div class="paragraph">
<p>Denial of Service</p>
</div>
<div class="paragraph">
<p>Denial of Service attack, e.g., sending specially crafted requests to a web application which causes the application to crash or slow down.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitavailabilityddos">rsit:availability="ddos"</h4>
<div class="paragraph">
<p>Distributed Denial of Service</p>
</div>
<div class="paragraph">
<p>Distributed Denial of Service attack, e.g., SYN flood or UDP-based reflection/amplification attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitavailabilitymisconfiguration">rsit:availability="misconfiguration"</h4>
<div class="paragraph">
<p>Misconfiguration</p>
</div>
<div class="paragraph">
<p>Software misconfiguration resulting in service availability issues, e.g., DNS server with outdated DNSSEC Root Zone KSK.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitavailabilitysabotage">rsit:availability="sabotage"</h4>
<div class="paragraph">
<p>Sabotage</p>
</div>
<div class="paragraph">
<p>Physical sabotage, e.g., cutting wires or malicious arson.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitavailabilityoutage">rsit:availability="outage"</h4>
<div class="paragraph">
<p>Outage</p>
</div>
<div class="paragraph">
<p>An outage caused, for example, by air conditioning failure or natural disaster.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_content_security_3">information-content-security</h3>
<div class="paragraph">
<p>Besides a local abuse of data and systems the information security can be endangered by a successful account or application compromise. Furthermore attacks are possible that intercept and access information during transmission (wiretapping, spoofing or hijacking). Human/configuration/software error can also be the cause.</p>
</div>
<div class="sect3">
<h4 id="_rsitinformation_content_securityunauthorised_information_access">rsit:information-content-security="unauthorised-information-access"</h4>
<div class="paragraph">
<p>Unauthorised Access to Information</p>
</div>
<div class="paragraph">
<p>Unauthorised access to information, e.g., by abusing stolen login credentials for a system or application, intercepting traffic or gaining access to physical documents.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_content_securityunauthorised_information_modification">rsit:information-content-security="unauthorised-information-modification"</h4>
<div class="paragraph">
<p>Unauthorised Modification of Information</p>
</div>
<div class="paragraph">
<p>Unauthorised modification of information, e.g., by an attacker abusing stolen login credentials for a system or application, or ransomware encrypting data. Also includes defacements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_content_securitydata_loss">rsit:information-content-security="data-loss"</h4>
<div class="paragraph">
<p>Data Loss</p>
</div>
<div class="paragraph">
<p>Loss of data caused by, for example, hard disk failure or physical theft.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitinformation_content_securitydata_leak">rsit:information-content-security="data-leak"</h4>
<div class="paragraph">
<p>Leak of Confidential Information</p>
</div>
<div class="paragraph">
<p>Leaked confidential information, e.g., credentials or personal data.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud_5">fraud</h3>
<div class="paragraph">
<p>Fraud.</p>
</div>
<div class="sect3">
<h4 id="_rsitfraudunauthorised_use_of_resources">rsit:fraud="unauthorised-use-of-resources"</h4>
<div class="paragraph">
<p>Unauthorised Use of Resources</p>
</div>
<div class="paragraph">
<p>Using resources for unauthorised purposes including profit-making ventures, e.g., the use of email to participate in illegal profit chain letters or pyramid schemes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitfraudcopyright">rsit:fraud="copyright"</h4>
<div class="paragraph">
<p>Copyright</p>
</div>
<div class="paragraph">
<p>Offering or installing copies of unlicensed commercial software or other copyright protected materials (also known as Warez).</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitfraudmasquerade">rsit:fraud="masquerade"</h4>
<div class="paragraph">
<p>Masquerade</p>
</div>
<div class="paragraph">
<p>Type of attack in which one entity illegitimately impersonates the identity of another in order to benefit from it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitfraudphishing">rsit:fraud="phishing"</h4>
<div class="paragraph">
<p>Phishing</p>
</div>
<div class="paragraph">
<p>Masquerading as another entity in order to persuade the user to reveal private credentials. This IOC most often refers to a URL, which is used to phish user credentials.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerable_3">vulnerable</h3>
<div class="paragraph">
<p>Open resolvers, world-readable printers, vulnerabilities apparent from scans, anti-virus signatures not up-to-date, etc.</p>
</div>
<div class="sect3">
<h4 id="_rsitvulnerableweak_crypto">rsit:vulnerable="weak-crypto"</h4>
<div class="paragraph">
<p>Weak Cryptography</p>
</div>
<div class="paragraph">
<p>Publicly accessible services offering weak cryptography, e.g., web servers susceptible to POODLE/FREAK attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitvulnerableddos_amplifier">rsit:vulnerable="ddos-amplifier"</h4>
<div class="paragraph">
<p>DDoS Amplifier</p>
</div>
<div class="paragraph">
<p>Publicly accessible services that can be abused for conducting DDoS reflection/amplification attacks, e.g., DNS open-resolvers or NTP servers with monlist enabled.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitvulnerablepotentially_unwanted_accessible">rsit:vulnerable="potentially-unwanted-accessible"</h4>
<div class="paragraph">
<p>Potentially Unwanted Accessible Services</p>
</div>
<div class="paragraph">
<p>Potentially unwanted publicly accessible services, e.g., Telnet, RDP or VNC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitvulnerableinformation_disclosure">rsit:vulnerable="information-disclosure"</h4>
<div class="paragraph">
<p>Information disclosure</p>
</div>
<div class="paragraph">
<p>Publicly accessible services potentially disclosing sensitive information, e.g., SNMP or Redis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitvulnerablevulnerable_system">rsit:vulnerable="vulnerable-system"</h4>
<div class="paragraph">
<p>Vulnerable System</p>
</div>
<div class="paragraph">
<p>A system which is vulnerable to certain attacks, e.g., misconfigured client proxy settings (such as WPAD), outdated operating system version, or cross-site scripting vulnerabilities.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_8">other</h3>
<div class="paragraph">
<p>All incidents which don&#8217;t fit in one of the given categories should be put into this class. If the number of incidents in this category increases, it is an indicator that the classification scheme must be revised.</p>
</div>
<div class="sect3">
<h4 id="_rsitotherother">rsit:other="other"</h4>
<div class="paragraph">
<p>Uncategorised</p>
</div>
<div class="paragraph">
<p>All incidents which don&#8217;t fit in one of the given categories should be put into this class or the incident is not categorised.</p>
</div>
</div>
<div class="sect3">
<h4 id="_rsitotherundetermined">rsit:other="undetermined"</h4>
<div class="paragraph">
<p>Undetermined</p>
</div>
<div class="paragraph">
<p>The categorisation of the incident is unknown/undetermined.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_test_4">test</h3>
<div class="paragraph">
<p>Meant for testing.</p>
</div>
<div class="sect3">
<h4 id="_rsittesttest">rsit:test="test"</h4>
<div class="paragraph">
<p>Test</p>
</div>
<div class="paragraph">
<p>Meant for testing.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_rt_event_status">rt_event_status</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
rt_event_status namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/rt_event_status/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Status of events used in Request Tracker.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_event_status">event-status</h3>
<div class="sect3">
<h4 id="_rt_event_statusevent_statusnew">rt_event_status:event-status="new"</h4>
<div class="paragraph">
<p>New</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_statusevent_statusopen">rt_event_status:event-status="open"</h4>
<div class="paragraph">
<p>Open</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_statusevent_statusstalled">rt_event_status:event-status="stalled"</h4>
<div class="paragraph">
<p>Stalled</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_statusevent_statusrejected">rt_event_status:event-status="rejected"</h4>
<div class="paragraph">
<p>rejected</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_statusevent_statusresolved">rt_event_status:event-status="resolved"</h4>
<div class="paragraph">
<p>Resolved</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_statusevent_statusdeleted">rt_event_status:event-status="deleted"</h4>
<div class="paragraph">
<p>Deleted</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_runtime_packer">runtime-packer</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
runtime-packer namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/runtime-packer/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Runtime or software packer used to combine compressed or encrypted data with the decompression or decryption code. This code can add additional obfuscations mechanisms including polymorphic-packer or other obfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.</p>
</div>
<div class="sect2">
<h3 id="_portable_executable">portable-executable</h3>
<div class="sect3">
<h4 id="_runtime_packerportable_executable_netshrink">runtime-packer:portable-executable=".netshrink"</h4>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablealienyze">runtime-packer:portable-executable="alienyze"</h4>
<div class="paragraph">
<div class="title">netshrink</div>
<p>Alienyze</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableapack">runtime-packer:portable-executable="apack"</h4>
<div class="paragraph">
<p>aPack</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableapk_protect">runtime-packer:portable-executable="apk-protect"</h4>
<div class="paragraph">
<p>APK Protect</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablearmadillo">runtime-packer:portable-executable="armadillo"</h4>
<div class="paragraph">
<p>Armadillo</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableaspack">runtime-packer:portable-executable="aspack"</h4>
<div class="paragraph">
<p>ASPack</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableaspr_asprotect">runtime-packer:portable-executable="aspr-asprotect"</h4>
<div class="paragraph">
<p>ASPR (ASProtect)</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableautoit">runtime-packer:portable-executable="autoit"</h4>
<div class="paragraph">
<p>AutoIT</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablebero">runtime-packer:portable-executable="bero"</h4>
<div class="paragraph">
<p>BeRo EXE Packer</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableboxedapp_packer">runtime-packer:portable-executable="boxedapp-packer"</h4>
<div class="paragraph">
<p>BoxedApp Packer</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablecexe">runtime-packer:portable-executable="cexe"</h4>
<div class="paragraph">
<p>CExe</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablecode_virtualizer">runtime-packer:portable-executable="code-virtualizer"</h4>
<div class="paragraph">
<p>Code Virtualizer</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executabledexguard">runtime-packer:portable-executable="dexguard"</h4>
<div class="paragraph">
<p>DexGuard</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executabledexprotector">runtime-packer:portable-executable="dexprotector"</h4>
<div class="paragraph">
<p>DexProtector</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executabledotbundle">runtime-packer:portable-executable="dotbundle"</h4>
<div class="paragraph">
<p>dotBundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableenigma_protector">runtime-packer:portable-executable="enigma-protector"</h4>
<div class="paragraph">
<p>Enigma Protector</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableexe_bundle">runtime-packer:portable-executable="exe-bundle"</h4>
<div class="paragraph">
<p>EXE Bundle</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableexe_stealth">runtime-packer:portable-executable="exe-stealth"</h4>
<div class="paragraph">
<p>EXE Stealth</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableexpressor">runtime-packer:portable-executable="expressor"</h4>
<div class="paragraph">
<p>eXPressor</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablefsg">runtime-packer:portable-executable="fsg"</h4>
<div class="paragraph">
<p>FSG</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablegzexe">runtime-packer:portable-executable="gzexe"</h4>
<div class="paragraph">
<p>GzExe</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablekkrunchy">runtime-packer:portable-executable="kkrunchy"</h4>
<div class="paragraph">
<p>Kkrunchy</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableliapp">runtime-packer:portable-executable="liapp"</h4>
<div class="paragraph">
<p>LIAPP</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablemew">runtime-packer:portable-executable="mew"</h4>
<div class="paragraph">
<p>MEW</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablempress">runtime-packer:portable-executable="mpress"</h4>
<div class="paragraph">
<p>MPRESS</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablenspack">runtime-packer:portable-executable="nspack"</h4>
<div class="paragraph">
<p>NSPack</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableobsidium">runtime-packer:portable-executable="obsidium"</h4>
<div class="paragraph">
<p>Obsidium</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablepecompact">runtime-packer:portable-executable="pecompact"</h4>
<div class="paragraph">
<p>PECompact</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablepelock">runtime-packer:portable-executable="pelock"</h4>
<div class="paragraph">
<p>PELock</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablepeshield">runtime-packer:portable-executable="peshield"</h4>
<div class="paragraph">
<p>PEShield</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablepespin">runtime-packer:portable-executable="pespin"</h4>
<div class="paragraph">
<p>PESpin</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablepetite">runtime-packer:portable-executable="petite"</h4>
<div class="paragraph">
<p>PEtite</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablerlpack_basic">runtime-packer:portable-executable="rlpack-basic"</h4>
<div class="paragraph">
<p>RLPack Basic</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablesmart_packer_pro">runtime-packer:portable-executable="smart-packer-pro"</h4>
<div class="paragraph">
<p>Smart Packer Pro</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablethemida">runtime-packer:portable-executable="themida"</h4>
<div class="paragraph">
<p>Themida</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableupack">runtime-packer:portable-executable="upack"</h4>
<div class="paragraph">
<p>UPack</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableupx">runtime-packer:portable-executable="upx"</h4>
<div class="paragraph">
<p>UPX</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablevmprotect">runtime-packer:portable-executable="vmprotect"</h4>
<div class="paragraph">
<p>VMProtect</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablexcomp_xpack">runtime-packer:portable-executable="xcomp-xpack"</h4>
<div class="paragraph">
<p>XComp/XPack</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableyoda_crypter">runtime-packer:portable-executable="yoda-crypter"</h4>
<div class="paragraph">
<p>Yoda&#8217;s Crypter</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executableyoda_protector">runtime-packer:portable-executable="yoda-protector"</h4>
<div class="paragraph">
<p>Yoda&#8217;s Protector</p>
</div>
</div>
<div class="sect3">
<h4 id="_runtime_packerportable_executablezprotect">runtime-packer:portable-executable="zprotect"</h4>
<div class="paragraph">
<p>ZProtect</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dex">dex</h3>
</div>
<div class="sect2">
<h3 id="_elf">elf</h3>
</div>
<div class="sect2">
<h3 id="_mach_o">mach-o</h3>
</div>
<div class="sect2">
<h3 id="_cli_assembly">cli-assembly</h3>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_scrippsco2_fgc">scrippsco2-fgc</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
scrippsco2-fgc namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/scrippsco2-fgc/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Flags describing the sample</p>
</div>
<div class="sect2">
<h3 id="_3_2">-3</h3>
<div class="paragraph">
<p>Potentially Suspect Data Accepted</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc_3">scrippsco2-fgc:-3</h4>
<div class="paragraph">
<p>accepted-suspect</p>
</div>
<div class="paragraph">
<p>Potentially Suspect Data Accepted</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_2_2">-2</h3>
<div class="paragraph">
<p>Accepted value from continuous analyzer replacing flask data</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc_2">scrippsco2-fgc:-2</h4>
<div class="paragraph">
<p>accepted-continuous-analyzer</p>
</div>
<div class="paragraph">
<p>Accepted value from continuous analyzer replacing flask data</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_1_2">-1</h3>
<div class="paragraph">
<p>Acepted Value retained although individual measurements deviated by more than selected tolerance</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc_1">scrippsco2-fgc:-1</h4>
<div class="paragraph">
<p>accepted-deviated-tolerance</p>
</div>
<div class="paragraph">
<p>Acepted Value retained although individual measurements deviated by more than selected tolerance</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_0_2">0</h3>
<div class="paragraph">
<p>Accepted Value</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc0">scrippsco2-fgc:0</h4>
<div class="paragraph">
<p>accepted</p>
</div>
<div class="paragraph">
<p>Accepted Value</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_1_3">1</h3>
<div class="paragraph">
<p>Rejected during analysis</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc1">scrippsco2-fgc:1</h4>
<div class="paragraph">
<p>rejected-during-analysis</p>
</div>
<div class="paragraph">
<p>Rejected during analysis</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_2_3">2</h3>
<div class="paragraph">
<p>Rejected unacceptably large flask-analyzer differences associated with night sampling (used only at MLO between Dec 1962 and Sep 1968)</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc2">scrippsco2-fgc:2</h4>
<div class="paragraph">
<p>rejected-legacy-difference-night-mlo</p>
</div>
<div class="paragraph">
<p>Rejected unacceptably large flask-analyzer differences associated with night sampling (used only at MLO between Dec 1962 and Sep 1968)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_3_3">3</h3>
<div class="paragraph">
<p>Rejected flask measurement; used continuous data instead</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc3">scrippsco2-fgc:3</h4>
<div class="paragraph">
<p>rejected-continuous-data</p>
</div>
<div class="paragraph">
<p>Rejected flask measurement; used continuous data instead</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_4_2">4</h3>
<div class="paragraph">
<p>Rejected Replicates do not agree to selected tolerance or single flask</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc4">scrippsco2-fgc:4</h4>
<div class="paragraph">
<p>rejected-tolerance-single-flask</p>
</div>
<div class="paragraph">
<p>Rejected Replicates do not agree to selected tolerance or single flask</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_5_2">5</h3>
<div class="paragraph">
<p>Rejected Daily average deviates from fit by more than 3 standard deviations</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc5">scrippsco2-fgc:5</h4>
<div class="paragraph">
<p>rejected-derivation</p>
</div>
<div class="paragraph">
<p>Rejected Daily average deviates from fit by more than 3 standard deviations</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_6_2">6</h3>
<div class="paragraph">
<p>Rejected to improve local distribution of data such as too many data of generally poor quality (used only at two stations: KUM Aug 1979 - Jun 1980 and LJO Apr 1979 - Sep 1985)</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc6">scrippsco2-fgc:6</h4>
<div class="paragraph">
<p>rejected-legacy-poor-quality-kum-ljo</p>
</div>
<div class="paragraph">
<p>Rejected to improve local distribution of data such as too many data of generally poor quality (used only at two stations: KUM Aug 1979 - Jun 1980 and LJO Apr 1979 - Sep 1985)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_7_2">7</h3>
<div class="paragraph">
<p>Rejected Unsteady air at site (La Jolla only)</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc7">scrippsco2-fgc:7</h4>
<div class="paragraph">
<p>rejected-unsteady-ljo</p>
</div>
<div class="paragraph">
<p>Rejected Unsteady air at site (La Jolla only)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_8_2">8</h3>
<div class="paragraph">
<p>Rejected manually (see input/flag_flasks.csv)</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgc8">scrippsco2-fgc:8</h4>
<div class="paragraph">
<p>rejected-manual</p>
</div>
<div class="paragraph">
<p>Rejected manually (see input/flag_flasks.csv)</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_scrippsco2_fgi">scrippsco2-fgi</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
scrippsco2-fgi namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/scrippsco2-fgi/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Flags describing the sample for isotopic data (C14, O18)</p>
</div>
<div class="sect2">
<h3 id="_3_4">-3</h3>
<div class="paragraph">
<p>Suspect but accepted isotopic measurement</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgi_3">scrippsco2-fgi:-3</h4>
<div class="paragraph">
<p>accepted-suspect</p>
</div>
<div class="paragraph">
<p>Suspect but accepted isotopic measurement</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_0_3">0</h3>
<div class="paragraph">
<p>Accepted isotopic measurement</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgi0">scrippsco2-fgi:0</h4>
<div class="paragraph">
<p>accepted</p>
</div>
<div class="paragraph">
<p>Accepted isotopic measurement</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_3_5">3</h3>
<div class="paragraph">
<p>Rejected</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgi3">scrippsco2-fgi:3</h4>
<div class="paragraph">
<p>rejected</p>
</div>
<div class="paragraph">
<p>Rejected</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_5_3">5</h3>
<div class="paragraph">
<p>Outlier from fit</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgi5">scrippsco2-fgi:5</h4>
<div class="paragraph">
<p>outlier</p>
</div>
<div class="paragraph">
<p>Outlier from fit</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_6_3">6</h3>
<div class="paragraph">
<p>Other rejected, older data</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgi6">scrippsco2-fgi:6</h4>
<div class="paragraph">
<p>rejected-old-data</p>
</div>
<div class="paragraph">
<p>Other rejected, older data</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_8_3">8</h3>
<div class="paragraph">
<p>Flask extracted but not analyzed yet</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgi8">scrippsco2-fgi:8</h4>
<div class="paragraph">
<p>extracted-not-analyzed</p>
</div>
<div class="paragraph">
<p>Flask extracted but not analyzed yet</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_9">9</h3>
<div class="paragraph">
<p>Flask not extracted</p>
</div>
<div class="sect3">
<h4 id="_scrippsco2_fgi9">scrippsco2-fgi:9</h4>
<div class="paragraph">
<p>not-extracted</p>
</div>
<div class="paragraph">
<p>Flask not extracted</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_scrippsco2_sampling_stations">scrippsco2-sampling-stations</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
scrippsco2-sampling-stations namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/scrippsco2-sampling-stations/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Sampling stations of the Scripps CO2 Program</p>
</div>
<div class="sect2">
<h3 id="_alt">ALT</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsalt">scrippsco2-sampling-stations:ALT</h4>
<div class="paragraph">
<p>Alert, NWT, Canada</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ptb">PTB</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsptb">scrippsco2-sampling-stations:PTB</h4>
<div class="paragraph">
<p>Point Barrow, Alaska</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_stp">STP</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsstp">scrippsco2-sampling-stations:STP</h4>
<div class="paragraph">
<p>Station P</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ljo">LJO</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsljo">scrippsco2-sampling-stations:LJO</h4>
<div class="paragraph">
<p>La Jolla Pier, California</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_bcs">BCS</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsbcs">scrippsco2-sampling-stations:BCS</h4>
<div class="paragraph">
<p>Baja California Sur, Mexico</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_mlo">MLO</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsmlo">scrippsco2-sampling-stations:MLO</h4>
<div class="paragraph">
<p>Mauna Loa Observatory, Hawaii</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_kum">KUM</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationskum">scrippsco2-sampling-stations:KUM</h4>
<div class="paragraph">
<p>Cape Kumukahi, Hawaii</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_chr">CHR</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationschr">scrippsco2-sampling-stations:CHR</h4>
<div class="paragraph">
<p>Christmas Island, Fanning Island</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sam">SAM</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationssam">scrippsco2-sampling-stations:SAM</h4>
<div class="paragraph">
<p>American Samoa</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ker">KER</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsker">scrippsco2-sampling-stations:KER</h4>
<div class="paragraph">
<p>Kermadec Islands, Raoul Island</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nzd">NZD</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsnzd">scrippsco2-sampling-stations:NZD</h4>
<div class="paragraph">
<p>Baring Head, New Zealand</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_psa">PSA</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationspsa">scrippsco2-sampling-stations:PSA</h4>
<div class="paragraph">
<p>Palmer Station, Antarctica</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_spo">SPO</h3>
<div class="sect3">
<h4 id="_scrippsco2_sampling_stationsspo">scrippsco2-sampling-stations:SPO</h4>
<div class="paragraph">
<p>South Pole</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_smart_airports_threats">smart-airports-threats</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
smart-airports-threats namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/smart-airports-threats/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Threat taxonomy in the scope of securing smart airports by ENISA. <a href="https://www.enisa.europa.eu/publications/securing-smart-airports" class="bare">https://www.enisa.europa.eu/publications/securing-smart-airports</a></p>
</div>
<div class="sect2">
<h3 id="_human_errors">human-errors</h3>
<div class="sect3">
<h4 id="_smart_airports_threatshuman_errorsconfiguration_errors">smart-airports-threats:human-errors="configuration-errors"</h4>
<div class="paragraph">
<p>Configuration errors</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatshuman_errorsoperator_or_user_error">smart-airports-threats:human-errors="operator-or-user-error"</h4>
<div class="paragraph">
<p>Operator/user error</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatshuman_errorsloss_of_hardware">smart-airports-threats:human-errors="loss-of-hardware"</h4>
<div class="paragraph">
<p>Loss of hardware</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatshuman_errorsnon_compliance_with_policies_or_procedure">smart-airports-threats:human-errors="non-compliance-with-policies-or-procedure"</h4>
<div class="paragraph">
<p>Non compliance with policies or procedure</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_system_failures">system-failures</h3>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_devices_or_systems">smart-airports-threats:system-failures="failures-of-devices-or-systems"</h4>
<div class="paragraph">
<p>Failures of devices or systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_communication_links">smart-airports-threats:system-failures="failures-or-disruptions-of-communication-links"</h4>
<div class="paragraph">
<p>Failures or disruptions of communication links (communication networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_parts_of_devices">smart-airports-threats:system-failures="failures-of-parts-of-devices"</h4>
<div class="paragraph">
<p>Failures of parts of devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_main_supply">smart-airports-threats:system-failures="failures-or-disruptions-of-main-supply"</h4>
<div class="paragraph">
<p>Failures or disruptions of main supply</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_or_disruptions_of_the_power_supply">smart-airports-threats:system-failures="failures-or-disruptions-of-the-power-supply"</h4>
<div class="paragraph">
<p>Failures or disruptions of the power supply</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresmalfunctions_of_parts_of_devices">smart-airports-threats:system-failures="malfunctions-of-parts-of-devices"</h4>
<div class="paragraph">
<p>Malfunctions of parts of devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresmalfunctions_of_devices_or_systems">smart-airports-threats:system-failures="malfunctions-of-devices-or-systems"</h4>
<div class="paragraph">
<p>Malfunctions of devices or systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuresfailures_of_hardware">smart-airports-threats:system-failures="failures-of-hardware"</h4>
<div class="paragraph">
<p>Failures of hardware</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatssystem_failuressoftware_bugs">smart-airports-threats:system-failures="software-bugs"</h4>
<div class="paragraph">
<p>Software bugs</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_natural_and_social_phenomena">natural-and-social-phenomena</h3>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenaearthquakes">smart-airports-threats:natural-and-social-phenomena="earthquakes"</h4>
<div class="paragraph">
<p>Earthquakes</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenafires">smart-airports-threats:natural-and-social-phenomena="fires"</h4>
<div class="paragraph">
<p>Fires</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenaextreme_weather">smart-airports-threats:natural-and-social-phenomena="extreme-weather"</h4>
<div class="paragraph">
<p>Extreme weather (e.g. flood, heavy snow, blizzard, high temperatures, fog, sandtorm)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenasolar_flare">smart-airports-threats:natural-and-social-phenomena="solar-flare"</h4>
<div class="paragraph">
<p>Solar flare</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenavolcano_explosion">smart-airports-threats:natural-and-social-phenomena="volcano-explosion"</h4>
<div class="paragraph">
<p>Volcano explosion</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenanuclear_incident">smart-airports-threats:natural-and-social-phenomena="nuclear-incident"</h4>
<div class="paragraph">
<p>Nuclear incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenadangerous_chemical_incidents">smart-airports-threats:natural-and-social-phenomena="dangerous-chemical-incidents"</h4>
<div class="paragraph">
<p>Dangerous chemical incidents</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenapandemic">smart-airports-threats:natural-and-social-phenomena="pandemic"</h4>
<div class="paragraph">
<p>Pandemic (e.g. Ebola)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenasocial_disruptions">smart-airports-threats:natural-and-social-phenomena="social-disruptions"</h4>
<div class="paragraph">
<p>Social disruptions (e.g. industrial actions, civil unrest, strikes, military actions, terrorist attacks, political instability)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenashortage_of_fuel">smart-airports-threats:natural-and-social-phenomena="shortage-of-fuel"</h4>
<div class="paragraph">
<p>Shortage of fuel</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsnatural_and_social_phenomenaspace_debris_and_meteorites">smart-airports-threats:natural-and-social-phenomena="space-debris-and-meteorites"</h4>
<div class="paragraph">
<p>Space debirs and meteorites</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_third_party_failures">third-party-failures</h3>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuresinternet_service_provider">smart-airports-threats:third-party-failures="internet-service-provider"</h4>
<div class="paragraph">
<p>Internet service provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failurescloud_service_provider">smart-airports-threats:third-party-failures="cloud-service-provider"</h4>
<div class="paragraph">
<p>Cloud service provider (SaaS / PaaS / IaaS / SecaaS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuresutilities_power_or_gas_or_water">smart-airports-threats:third-party-failures="utilities-power-or-gas-or-water"</h4>
<div class="paragraph">
<p>Utilities (power / gas /water)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuresremote_maintenance_provider">smart-airports-threats:third-party-failures="remote-maintenance-provider"</h4>
<div class="paragraph">
<p>Remote maintenance provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsthird_party_failuressecurity_testing_companies">smart-airports-threats:third-party-failures="security-testing-companies"</h4>
<div class="paragraph">
<p>Security testing companies (i.e. penetration testing/vulnerability assessment)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malicious_actions">malicious-actions</h3>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsdenial_of_service_attacks_via_amplification_reflection">smart-airports-threats:malicious-actions="denial-of-service-attacks-via-amplification-reflection"</h4>
<div class="paragraph">
<p>Denial of Service attacks via amplifcation/reflection</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsdenial_of_service_attacks_via_flooding">smart-airports-threats:malicious-actions="denial-of-service-attacks-via-flooding"</h4>
<div class="paragraph">
<p>Denial of Service via flooding</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsdenial_of_service_attacks_via_jamming">smart-airports-threats:malicious-actions="denial-of-service-attacks-via-jamming"</h4>
<div class="paragraph">
<p>Denial of Service via jamming</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmalicious_software_on_it_assets_malware">smart-airports-threats:malicious-actions="malicious-software-on-it-assets-malware"</h4>
<div class="paragraph">
<p>Malicious software on IT assets (including passenger and staff devices) which can be Worm, Trojan, Virus, Rootkit, Exploitkit&#8230;&#8203;</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmalicious_software_on_it_assets_remote_arbitrary_code_execution">smart-airports-threats:malicious-actions="malicious-software-on-it-assets-remote-arbitrary-code-execution"</h4>
<div class="paragraph">
<p>Malicious software on IT assets such as remote arbitrary code execution (device under attacker control)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsexploitation_of_software_vulnerabilities_implementation_flaws">smart-airports-threats:malicious-actions="exploitation-of-software-vulnerabilities-implementation-flaws"</h4>
<div class="paragraph">
<p>exploitation of known or unknown software vulnerabilities such as implementation flaws (flaw in code)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsexploitation_of_software_vulnerabilities_design_flaws">smart-airports-threats:malicious-actions="exploitation-of-software-vulnerabilities-design-flaws"</h4>
<div class="paragraph">
<p>exploitation of known or unknown software vulnerabilities such as design flaws in IT assets (flaw in logic)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsexploitation_of_software_vulnerabilities_apt">smart-airports-threats:malicious-actions="exploitation-of-software-vulnerabilities-apt"</h4>
<div class="paragraph">
<p>exploitation of known or unknown software vulnerabilities such as Advanced Persistent Threats (APT)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_unauthorized_use_of_software">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-unauthorized-use-of-software"</h4>
<div class="paragraph">
<p>misuse of authority or authorisation - unauthorized use of software</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_unauthorized_installation_of_software">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-unauthorized-installation-of-software"</h4>
<div class="paragraph">
<p>misuse of authority or authorisation - unauthorized installation of software</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_repudiation_of_actions">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-repudiation-of-actions"</h4>
<div class="paragraph">
<p>misuse of authority or authorisation - repudiation of actions</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_abuse_of_personal_data">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-abuse-of-personal-data"</h4>
<div class="paragraph">
<p>misuse of authority or authorisation - abuse of personal data or identity fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_using_information_from_an_unreliable_source">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-using-information-from-an-unreliable-source"</h4>
<div class="paragraph">
<p>misuse of authority or authorisation - using information from an unreliable source</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_unintentional_change_of_data_in_an_information_system">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-unintentional-change-of-data-in-an-information-system"</h4>
<div class="paragraph">
<p>misuse of authority or authorisation - unintional change of data in an information system</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_inadequate_design_and_planning_or_lack_of_adoption">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-inadequate-design-and-planning-or-lack-of-adoption"</h4>
<div class="paragraph">
<p>misuse of authority or authorisation inadequate design and planning or lack of adoption</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsmisuse_of_authority_or_authorisation_data_leakage_or_sharing">smart-airports-threats:malicious-actions="misuse-of-authority-or-authorisation-data-leakage-or-sharing"</h4>
<div class="paragraph">
<p>misuse of authority data leakage or sharing (exfiltration, discarded, stolen media</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_manipulation_of_routing_information">smart-airports-threats:malicious-actions="network-or-interception-attacks-manipulation-of-routing-information"</h4>
<div class="paragraph">
<p>network or interception attacks - manipulation of routing information (including redirection to malicious sites)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_spoofing">smart-airports-threats:malicious-actions="network-or-interception-attacks-spoofing"</h4>
<div class="paragraph">
<p>network or interception attacks - spoofing</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_unauthorized_access">smart-airports-threats:malicious-actions="network-or-interception-attacks-unauthorized-access"</h4>
<div class="paragraph">
<p>network or interception attacks - unauthorized access to network/services</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_authentication_attacks">smart-airports-threats:malicious-actions="network-or-interception-attacks-authentication-attacks"</h4>
<div class="paragraph">
<p>network or interception attacks - authentication attacks (against insecure protocols or PKI)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_replay_attacks">smart-airports-threats:malicious-actions="network-or-interception-attacks-replay-attacks"</h4>
<div class="paragraph">
<p>network or interception attacks - replay attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_repudiation_of_actions">smart-airports-threats:malicious-actions="network-or-interception-attacks-repudiation-of-actions"</h4>
<div class="paragraph">
<p>network or interception attacks - repudiation of actions</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_wiretaps">smart-airports-threats:malicious-actions="network-or-interception-attacks-wiretaps"</h4>
<div class="paragraph">
<p>network or interception attacks - wiretaps (wired)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_wireless_comms">smart-airports-threats:malicious-actions="network-or-interception-attacks-wireless-comms"</h4>
<div class="paragraph">
<p>network or interception attacks - wireless comms (eavesdropping, interception, jamming, electromagnetic interference)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsnetwork_or_interception_attacks_network_reconnaissance_information_gathering">smart-airports-threats:malicious-actions="network-or-interception-attacks-network-reconnaissance-information-gathering"</h4>
<div class="paragraph">
<p>network or interception attacks - network reconnaissance/information gathering</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionssocial_attacks_phishing_spearphishing">smart-airports-threats:malicious-actions="social-attacks-phishing-spearphishing"</h4>
<div class="paragraph">
<p>social attacks phishing or spearphishing</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionssocial_attacks_pretexting">smart-airports-threats:malicious-actions="social-attacks-pretexting"</h4>
<div class="paragraph">
<p>social attacks pretexting</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionssocial_attacks_untrusted_links">smart-airports-threats:malicious-actions="social-attacks-untrusted-links"</h4>
<div class="paragraph">
<p>social attacks untrusted links (fake websites/CSRF/XSS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionssocial_attacks_baiting">smart-airports-threats:malicious-actions="social-attacks-baiting"</h4>
<div class="paragraph">
<p>social attacks baiting</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionssocial_attacks_reverse_social_engineering">smart-airports-threats:malicious-actions="social-attacks-reverse-social-engineering"</h4>
<div class="paragraph">
<p>social attacks reverse social engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionssocial_attacks_impersonation">smart-airports-threats:malicious-actions="social-attacks-impersonation"</h4>
<div class="paragraph">
<p>social attacks impersonation</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionstampering_with_devices_unauthorised_modification_of_data">smart-airports-threats:malicious-actions="tampering-with-devices-unauthorised-modification-of-data"</h4>
<div class="paragraph">
<p>tampering with devices unauthorised modification of data (including compromising smart sensor data or threat image projection</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionstampering_with_devices_unauthorised_modification_of_hardware_or_software">smart-airports-threats:malicious-actions="tampering-with-devices-unauthorised-modification-of-hardware-or-software"</h4>
<div class="paragraph">
<p>tampering with devices unauthorised modification of hardware or software (including tampering with kiosk devices, inserting keyloggers, or malware)</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsbreach_of_physical_access_controls_bypass_authentication">smart-airports-threats:malicious-actions="breach-of-physical-access-controls-bypass-authentication"</h4>
<div class="paragraph">
<p>breach of physical access controls / administrative controls - bypass authentication</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsbreach_of_physical_access_controls_privilege_escalation">smart-airports-threats:malicious-actions="breach-of-physical-access-controls-privilege-escalation"</h4>
<div class="paragraph">
<p>breach of physical access controls / administrative controls - privilege escalation</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsphysical_attacks_on_airport_assets_vandalism">smart-airports-threats:malicious-actions="physical-attacks-on-airport-assets-vandalism"</h4>
<div class="paragraph">
<p>Physical attacks on airport assets - vandalism</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsphysical_attacks_on_airport_assets_sabotage">smart-airports-threats:malicious-actions="physical-attacks-on-airport-assets-sabotage"</h4>
<div class="paragraph">
<p>Physical attacks on airport assets - sabotage</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsphysical_attacks_on_airport_assets_explosive_or_bomb_threats">smart-airports-threats:malicious-actions="physical-attacks-on-airport-assets-explosive-or-bomb-threats"</h4>
<div class="paragraph">
<p>Physical attacks on airport assets - explosive or bomb threats</p>
</div>
</div>
<div class="sect3">
<h4 id="_smart_airports_threatsmalicious_actionsphysical_attacks_on_airport_assets_malicious_tampering">smart-airports-threats:malicious-actions="physical-attacks-on-airport-assets-malicious-tampering"</h4>
<div class="paragraph">
<p>Physical attacks on airport assets - malicious tampering or control of assets resulting in damage</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_state_responsibility">state-responsibility</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
state-responsibility namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/state-responsibility/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A spectrum of state responsibility to more directly tie the goals of attribution to the needs of policymakers.</p>
</div>
<div class="sect2">
<h3 id="_state_prohibited">state-prohibited.</h3>
<div class="paragraph">
<p>The national government will help stop the third-party attack, which may originate from its territory or merely be transiting through its networks. This responsibility is the most passive on the scale: though the government is cooperating, it still has some small share of responsibility for the insecure systems involved in the attack. In reality, nations cannot ensure the proper behavior of the tens or hundreds of millions of computers in their borders at all times.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_prohibited">state-responsibility:state-prohibited.</h4>
<div class="paragraph">
<p>State-prohibited.</p>
</div>
<div class="paragraph">
<p>The national government will help stop the third-party attack, which may originate from its territory or merely be transiting through its networks. This responsibility is the most passive on the scale: though the government is cooperating, it still has some small share of responsibility for the insecure systems involved in the attack. In reality, nations cannot ensure the proper behavior of the tens or hundreds of millions of computers in their borders at all times.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_prohibited_but_inadequate">state-prohibited-but-inadequate.</h3>
<div class="paragraph">
<p>The national government is cooperative and would stop the third-party attack but is unable to do so. The country might lack the proper laws, procedures, technical tools, or political will to use them. Though the nation could itself be a victim, it bears some passive responsibility for the attack, both for being unable to stop it and for having insecure systems in the first place.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_prohibited_but_inadequate">state-responsibility:state-prohibited-but-inadequate.</h4>
<div class="paragraph">
<p>State-prohibited-but-inadequate</p>
</div>
<div class="paragraph">
<p>The national government is cooperative and would stop the third-party attack but is unable to do so. The country might lack the proper laws, procedures, technical tools, or political will to use them. Though the nation could itself be a victim, it bears some passive responsibility for the attack, both for being unable to stop it and for having insecure systems in the first place.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_ignored">state-ignored</h3>
<div class="paragraph">
<p>The national government knows about the third-party attacks but, as a matter of policy, is unwilling to take any official action. A government may even agree with the goals and results of the attackers and tip them off to avoid being detected.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_ignored">state-responsibility:state-ignored</h4>
<div class="paragraph">
<p>State-ignored</p>
</div>
<div class="paragraph">
<p>The national government knows about the third-party attacks but, as a matter of policy, is unwilling to take any official action. A government may even agree with the goals and results of the attackers and tip them off to avoid being detected.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_encouraged">state-encouraged</h3>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the national government encourages them to continue as a matter of policy. This encouragement could include editorials in state-run press or leadership publicly agreeing with the goals of the attacks; members of government cyber offensive or intelligence organizations may be encouraged to undertake supportive recreational hacking while off duty. The nation is unlikely to be cooperative in any investigation and is likely to tip off the attackers</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_encouraged">state-responsibility:state-encouraged</h4>
<div class="paragraph">
<p>State-encouraged</p>
</div>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the national government encourages them to continue as a matter of policy. This encouragement could include editorials in state-run press or leadership publicly agreeing with the goals of the attacks; members of government cyber offensive or intelligence organizations may be encouraged to undertake supportive recreational hacking while off duty. The nation is unlikely to be cooperative in any investigation and is likely to tip off the attackers</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_shaped">state-shaped</h3>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the state provides some support, such as informal coordination between like-minded individuals in the government and the attacking group. To further their policy while retaining plausible deniability, the government may encourage members of their cyber forces to undertake 'recreational hacking' while off duty.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_shaped">state-responsibility:state-shaped</h4>
<div class="paragraph">
<p>State-shaped</p>
</div>
<div class="paragraph">
<p>Third parties control and conduct the attack, but the state provides some support, such as informal coordination between like-minded individuals in the government and the attacking group. To further their policy while retaining plausible deniability, the government may encourage members of their cyber forces to undertake 'recreational hacking' while off duty.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_coordinated">state-coordinated</h3>
<div class="paragraph">
<p>The national government coordinates the third-party attackers—usually out of public view—by 'suggesting' targets, timing, or other operational details. The government may also provide technical or tactical assistance. Similar to state-shaped attacks, the government may encourage its cyber forces to engage in recreational hacking during off hours</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_coordinated">state-responsibility:state-coordinated</h4>
<div class="paragraph">
<p>State-coordinated</p>
</div>
<div class="paragraph">
<p>The national government coordinates the third-party attackers—usually out of public view—by 'suggesting' targets, timing, or other operational details. The government may also provide technical or tactical assistance. Similar to state-shaped attacks, the government may encourage its cyber forces to engage in recreational hacking during off hours</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_ordered">state-ordered</h3>
<div class="paragraph">
<p>The national government, as a matter of policy, directs third-party proxies to conduct the attack on its behalf. This is as “state-sponsored” as an attack can be, without direct attack from government cyber forces. Any attackers that are under state control could be considered to be de facto agents of the state under international law.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_ordered">state-responsibility:state-ordered</h4>
<div class="paragraph">
<p>State-ordered</p>
</div>
<div class="paragraph">
<p>The national government, as a matter of policy, directs third-party proxies to conduct the attack on its behalf. This is as “state-sponsored” as an attack can be, without direct attack from government cyber forces. Any attackers that are under state control could be considered to be de facto agents of the state under international law.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_rogue_conducted">state-rogue-conducted</h3>
<div class="paragraph">
<p>Elements of cyber forces of the national government conduct the attack. In this case, however, they carry out attacks without the knowledge, or approval, of the national leadership, which may act to stop the attacks should they learn of them. For example, local units or junior officers could be taking the initiative to counterattack out of the senior officers sight. More worrisome, this category could include sophisticated and persistent attacks from large bureaucracies conducting attacks that are at odds with the national leadership. Based on current precedence, a state could likely be held responsible by international courts for such rogue attacks.</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_rogue_conducted">state-responsibility:state-rogue-conducted</h4>
<div class="paragraph">
<p>State-rogue-conducted.</p>
</div>
<div class="paragraph">
<p>Elements of cyber forces of the national government conduct the attack. In this case, however, they carry out attacks without the knowledge, or approval, of the national leadership, which may act to stop the attacks should they learn of them. For example, local units or junior officers could be taking the initiative to counterattack out of the senior officers sight. More worrisome, this category could include sophisticated and persistent attacks from large bureaucracies conducting attacks that are at odds with the national leadership. Based on current precedence, a state could likely be held responsible by international courts for such rogue attacks.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_executed">state-executed</h3>
<div class="paragraph">
<p>The national government, as a matter of policy, directly controls and conducts the attack using its own cyber forces</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_executed">state-responsibility:state-executed</h4>
<div class="paragraph">
<p>State-executed</p>
</div>
<div class="paragraph">
<p>The national government, as a matter of policy, directly controls and conducts the attack using its own cyber forces</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_integrated">state-integrated</h3>
<div class="paragraph">
<p>The national government integrates third-party attackers and government cyber forces, with common command and control. Orders and coordination may be formal or informal, but the government is in control of selecting targets, timing, and tempo. The attackers are de facto agents of the state</p>
</div>
<div class="sect3">
<h4 id="_state_responsibilitystate_integrated">state-responsibility:state-integrated</h4>
<div class="paragraph">
<p>State-integrated</p>
</div>
<div class="paragraph">
<p>The national government integrates third-party attackers and government cyber forces, with common command and control. Orders and coordination may be formal or informal, but the government is in control of selecting targets, timing, and tempo. The attackers are de facto agents of the state</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_stealth_malware">stealth_malware</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
stealth_malware namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/stealth_malware/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification based on malware stealth techniques. Described in <a href="https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf" class="bare">https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_type_6">type</h3>
<div class="sect3">
<h4 id="_stealth_malwaretype0">stealth_malware:type="0"</h4>
<div class="paragraph">
<p>No OS or system compromise. The malware runs as a normal user process using only official API calls.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malwaretypei">stealth_malware:type="I"</h4>
<div class="paragraph">
<p>The malware modifies constant sections of the kernel and/or processes such as code sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malwaretypeii">stealth_malware:type="II"</h4>
<div class="paragraph">
<p>The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malwaretypeiii">stealth_malware:type="III"</h4>
<div class="paragraph">
<p>The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_stix_ttp">stix-ttp</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
stix-ttp namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/stix-ttp/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>TTPs are representations of the behavior or modus operandi of cyber adversaries.</p>
</div>
<div class="sect2">
<h3 id="_victim_targeting">victim-targeting</h3>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingbusiness_professional_sector">stix-ttp:victim-targeting="business-professional-sector"</h4>
<div class="paragraph">
<p>Business &amp; Professional Services Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingretail_sector">stix-ttp:victim-targeting="retail-sector"</h4>
<div class="paragraph">
<p>Retail Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingfinancial_sector">stix-ttp:victim-targeting="financial-sector"</h4>
<div class="paragraph">
<p>Financial Services Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingmedia_entertainment_sector">stix-ttp:victim-targeting="media-entertainment-sector"</h4>
<div class="paragraph">
<p>Media &amp; Entertainment Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingconstruction_engineering_sector">stix-ttp:victim-targeting="construction-engineering-sector"</h4>
<div class="paragraph">
<p>Construction &amp; Engineering Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetinggovernment_international_organizations_sector">stix-ttp:victim-targeting="government-international-organizations-sector"</h4>
<div class="paragraph">
<p>Goverment &amp; International Organizations</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetinglegal_sector">stix-ttp:victim-targeting="legal-sector"</h4>
<div class="paragraph">
<p>Legal Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetinghightech_it_sector">stix-ttp:victim-targeting="hightech-it-sector"</h4>
<div class="paragraph">
<p>High-Tech &amp; IT Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetinghealthcare_sector">stix-ttp:victim-targeting="healthcare-sector"</h4>
<div class="paragraph">
<p>Healthcare Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingtransportation_sector">stix-ttp:victim-targeting="transportation-sector"</h4>
<div class="paragraph">
<p>Transportation Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingaerospace_defence_sector">stix-ttp:victim-targeting="aerospace-defence-sector"</h4>
<div class="paragraph">
<p>Aerospace &amp; Defense Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingenergy_sector">stix-ttp:victim-targeting="energy-sector"</h4>
<div class="paragraph">
<p>Energy Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingfood_sector">stix-ttp:victim-targeting="food-sector"</h4>
<div class="paragraph">
<p>Food Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingnatural_resources_sector">stix-ttp:victim-targeting="natural-resources-sector"</h4>
<div class="paragraph">
<p>Natural Resources Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingother_sector">stix-ttp:victim-targeting="other-sector"</h4>
<div class="paragraph">
<p>Other Sector</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingcorporate_employee_information">stix-ttp:victim-targeting="corporate-employee-information"</h4>
<div class="paragraph">
<p>Corporate Employee Information</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingcustomer_pii">stix-ttp:victim-targeting="customer-pii"</h4>
<div class="paragraph">
<p>Customer PII</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingemail_lists_archives">stix-ttp:victim-targeting="email-lists-archives"</h4>
<div class="paragraph">
<p>Email Lists/Archives</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingfinancial_data">stix-ttp:victim-targeting="financial-data"</h4>
<div class="paragraph">
<p>Financial Data</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingintellectual_property">stix-ttp:victim-targeting="intellectual-property"</h4>
<div class="paragraph">
<p>Intellectual Property</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingmobile_phone_contacts">stix-ttp:victim-targeting="mobile-phone-contacts"</h4>
<div class="paragraph">
<p>Mobile Phone Contacts</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetinguser_credentials">stix-ttp:victim-targeting="user-credentials"</h4>
<div class="paragraph">
<p>User Credentials</p>
</div>
</div>
<div class="sect3">
<h4 id="_stix_ttpvictim_targetingauthentification_cookies">stix-ttp:victim-targeting="authentification-cookies"</h4>
<div class="paragraph">
<p>Authentication Cookies</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_targeted_threat_index">targeted-threat-index</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
targeted-threat-index namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/targeted-threat-index/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.</p>
</div>
<div class="sect2">
<h3 id="_targeting_sophistication_base_value">targeting-sophistication-base-value</h3>
<div class="paragraph">
<p>The base value of the score ranges from 0 to 5, based on the sophistication of the emails social engineering techniques used to get the victim to open the attachment. This score considers the content and presentation of the message as well as the claimed sender identity. This determination also includes the content of any associated files; many times malware is injected into legitimate relevant documents.</p>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextargeting_sophistication_base_valuenot_targeted">targeted-threat-index:targeting-sophistication-base-value="not-targeted"</h4>
<div class="paragraph">
<p>Not targeted, e.g. spam or financially motivated malware.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextargeting_sophistication_base_valuetargeted_but_not_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-but-not-customized"</h4>
<div class="paragraph">
<p>Targeted but not customized. Sent with a message that is obviously false with little to no validation required.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextargeting_sophistication_base_valuetargeted_and_poorly_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-poorly-customized"</h4>
<div class="paragraph">
<p>Targeted and poorly customized. Content is generally relevant to the target. May look questionable.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextargeting_sophistication_base_valuetargeted_and_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-customized"</h4>
<div class="paragraph">
<p>Targeted and customized. May use a real person/organization or content to convince the target the message is legitimate. Content is specifically relevant to the target and looks legitimate.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="65"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextargeting_sophistication_base_valuetargeted_and_well_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-well-customized"</h4>
<div class="paragraph">
<p>Targeted and well-customized. Uses a real person/organization and content to convince the target the message is legitimate. Probably directly addressing the recipient. Content is specifically relevant to the target, looks legitimate, and can be externally referenced (e.g. by a website). May be sent from a hacked account.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="85"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextargeting_sophistication_base_valuetargeted_and_highly_customized_using_sensitive_data">targeted-threat-index:targeting-sophistication-base-value="targeted-and-highly-customized-using-sensitive-data"</h4>
<div class="paragraph">
<p>Targeted and highly customized using sensitive data. Individually targeted and customized, likely using inside/sensitive information that is directly relevant to the target.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_technical_sophistication_multiplier">technical-sophistication-multiplier</h3>
<div class="paragraph">
<p>The technical sophistication score is a multiplier ranging from 1 to 2 based on how advanced the associated malware is, including malicious file attachments as well as links to malware hosted on another system. We use a multiplier because advanced malware requires significantly more effort and time (or money, in the case of commercial solutions) to custom-tune for a particular target.</p>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextechnical_sophistication_multiplierthe_sample_contains_no_code_protection">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-no code-protection"</h4>
<div class="paragraph">
<p>The sample contains no code protection such as packing, obfuscation (e.g. simple rotation of C2 names or other interesting strings), or anti-reversing tricks.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextechnical_sophistication_multiplierthe_sample_contains_a_simple_method_of_protection">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-a-simple-method-of-protection"</h4>
<div class="paragraph">
<p>The sample contains a simple method of protection, such as one of the following: code protection using publicly available tools where the reverse method is available, such as UPX packing; simple anti-reversing techniques such as not using import tables, or a call to IsDebuggerPresent(); self-disabling in the presence of AV software.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="25"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextechnical_sophistication_multiplierthe_sample_contains_multiple_minor_code_protection_techniques">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-multiple-minor-code-protection-techniques"</h4>
<div class="paragraph">
<p>The sample contains multiple minor code protection techniques (anti-reversing tricks, packing, VM / reversing tools detection) that require some low-level knowledge. This level includes malware where code that contains the core functionality of the program is decrypted only in memory.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextechnical_sophistication_multiplierthe_sample_contains_minor_code_protection_techniques_plus_one_advanced">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-minor-code-protection-techniques-plus-one-advanced"</h4>
<div class="paragraph">
<p>The sample contains minor code protection techniques along with at least one advanced protection method such as rootkit functionality or a custom virtualized packer.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_indextechnical_sophistication_multiplierthe_sample_contains_multiple_advanced_protection_techniques">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-multiple-advanced-protection-techniques"</h4>
<div class="paragraph">
<p>The sample contains multiple advanced protection techniques, e.g. rootkit capability, virtualized packer, multiple anti-reversing techniques, and is clearly designed by a professional software engineering team.</p>
</div>
<div class="paragraph">
<p>Associated numerical value="100"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_thales_group">thales_group</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
thales_group namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/thales_group/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Thales Group Taxonomy - was designed with the aim of enabling desired sharing and preventing unwanted sharing between Thales Group security communities.</p>
</div>
<div class="sect2">
<h3 id="_distribution_3">distribution</h3>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_thales_groupdistributionteam_eyes_only">thales_group:distribution="team_eyes_only"</h4>
<div class="paragraph">
<p>Use it when you want to keep the Event on your Organization ONLY. Distribution: Your organisation only</p>
</div>
<div class="paragraph">
<p>This TAG will insure you that this Event will be kept on your side. This Event will NOT be shared to the Thales Group community. Distribution: Your organisation only</p>
</div>
</div>
<div class="sect3">
<h4 id="_thales_groupdistributionlimited_distribution">thales_group:distribution="limited_distribution"</h4>
<div class="paragraph">
<p>Use it when you want to share to the Thales Group Community ONLY. Distribution: All communities</p>
</div>
<div class="paragraph">
<p>This TAG will insure you to share ONLY to the Thales Group Community. Distribution: All communities</p>
</div>
<div class="paragraph">
<p>Associated numerical value="1"</p>
</div>
</div>
<div class="sect3">
<h4 id="_thales_groupdistributionexternal_alliances">thales_group:distribution="external_alliances"</h4>
<div class="paragraph">
<p>Use it when you want to share to the Thales Group External Alliances (MinArm, ACN, InterCERT-FR). Distribution: All communities</p>
</div>
<div class="paragraph">
<p>This TAG will insure you to share to the Thales Group External Alliances. Distribution: All communities</p>
</div>
<div class="paragraph">
<p>Associated numerical value="2"</p>
</div>
</div>
<div class="sect3">
<h4 id="_thales_groupdistributioncustomers">thales_group:distribution="customers"</h4>
<div class="paragraph">
<p>Use it when you want to share to the Thales Group Customers. Distribution: All communities</p>
</div>
<div class="paragraph">
<p>This TAG will insure you to share to the Thales Group Customers. Distribution: All communities</p>
</div>
<div class="paragraph">
<p>Associated numerical value="3"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_to_block">to_block</h3>
<div class="paragraph">
<p>This TAG will insure you that these Event Attributes will be blocked on the Thales DIS Proxy (More to come). Distribution: All communities</p>
</div>
</div>
<div class="sect2">
<h3 id="_minarm">minarm</h3>
<div class="paragraph">
<p>This TAG will insure you to share ONLY to the Thales Group MinArm alliance. Distribution: All communities</p>
</div>
</div>
<div class="sect2">
<h3 id="_acn">acn</h3>
<div class="paragraph">
<p>This TAG will insure you to share ONLY to the Thales Group ACN alliance. Distribution: All communities</p>
</div>
</div>
<div class="sect2">
<h3 id="_sigpart">sigpart</h3>
<div class="paragraph">
<p>This TAG will insure you to share ONLY to the Thales Group Sigpart alliance. Distribution: All communities</p>
</div>
</div>
<div class="sect2">
<h3 id="_ioc_confidence">ioc_confidence</h3>
<div class="paragraph">
<p>Distribution: All communities</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_thales_groupioc_confidencehigh">thales_group:ioc_confidence="high"</h4>
<div class="paragraph">
<p>High</p>
</div>
<div class="paragraph">
<p>Associated numerical value="8"</p>
</div>
</div>
<div class="sect3">
<h4 id="_thales_groupioc_confidencemedium">thales_group:ioc_confidence="medium"</h4>
<div class="paragraph">
<p>Medium</p>
</div>
<div class="paragraph">
<p>Associated numerical value="9"</p>
</div>
</div>
<div class="sect3">
<h4 id="_thales_groupioc_confidencelow">thales_group:ioc_confidence="low"</h4>
<div class="paragraph">
<p>Low</p>
</div>
<div class="paragraph">
<p>Associated numerical value="10"</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_tlpblack">tlp:black</h3>
<div class="paragraph">
<p>Distribution: Restricted Sharing Group</p>
</div>
</div>
<div class="sect2">
<h3 id="_watcher">Watcher</h3>
<div class="paragraph">
<p>Distribution: All communities</p>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_threatmatch">threatmatch</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
threatmatch namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/threatmatch/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The ThreatMatch Sectors, Incident types, Malware types and Alert types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.</p>
</div>
<div class="sect2">
<h3 id="_sector_3">sector</h3>
<div class="sect3">
<h4 id="_threatmatchsectorbanking_capital_markets">threatmatch:sector="Banking &amp; Capital Markets"</h4>
<div class="paragraph">
<p>Banking &amp; capital markets</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorfinancial_services">threatmatch:sector="Financial Services"</h4>
<div class="paragraph">
<p>Financial Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorinsurance">threatmatch:sector="Insurance"</h4>
<div class="paragraph">
<p>Insurance</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorpension">threatmatch:sector="Pension"</h4>
<div class="paragraph">
<p>Pension</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorgovernment_public_service">threatmatch:sector="Government &amp; Public Service"</h4>
<div class="paragraph">
<p>Government &amp; Public Service</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectordiplomatic_services">threatmatch:sector="Diplomatic Services"</h4>
<div class="paragraph">
<p>Diplomatic Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorenergy_utilities_mining">threatmatch:sector="Energy, Utilities &amp; Mining"</h4>
<div class="paragraph">
<p>Energy, Utilities &amp; Mining</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectortelecommunications">threatmatch:sector="Telecommunications"</h4>
<div class="paragraph">
<p>Telecommunications</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectortechnology">threatmatch:sector="Technology"</h4>
<div class="paragraph">
<p>Technology</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectoracademicresearch_institutes">threatmatch:sector="Academic/Research Institutes"</h4>
<div class="paragraph">
<p>Academic/Research Institutes</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectoraerospace_defence_security">threatmatch:sector="Aerospace, Defence &amp; Security"</h4>
<div class="paragraph">
<p>Aerospace, Defence &amp; Security</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectoragriculture">threatmatch:sector="Agriculture"</h4>
<div class="paragraph">
<p>Agriculture</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorasset_wealth_management">threatmatch:sector="Asset &amp; Wealth Management"</h4>
<div class="paragraph">
<p>Asset &amp; Wealth Management</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorautomotive">threatmatch:sector="Automotive"</h4>
<div class="paragraph">
<p>Automotive</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorbusiness_and_professional_services">threatmatch:sector="Business and Professional Services"</h4>
<div class="paragraph">
<p>Business and Professional Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorcapital_projects_infrastructure">threatmatch:sector="Capital Projects &amp; Infrastructure"</h4>
<div class="paragraph">
<p>Capital Projects &amp; Infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorcharitynot_for_profit">threatmatch:sector="Charity/Not-for-Profit"</h4>
<div class="paragraph">
<p>Charity/Not-for-Profit</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorchemicals">threatmatch:sector="Chemicals"</h4>
<div class="paragraph">
<p>Chemicals</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorcommercial_aviation">threatmatch:sector="Commercial Aviation"</h4>
<div class="paragraph">
<p>Commercial Aviation</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorcommodities">threatmatch:sector="Commodities"</h4>
<div class="paragraph">
<p>Commodities</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectoreducation">threatmatch:sector="Education"</h4>
<div class="paragraph">
<p>Education</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorengineering_construction">threatmatch:sector="Engineering &amp; Construction"</h4>
<div class="paragraph">
<p>Engineering &amp; Construction</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorentertainment_media">threatmatch:sector="Entertainment &amp; Media"</h4>
<div class="paragraph">
<p>Entertainment &amp; Media</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorforest_paper_packaging">threatmatch:sector="Forest, Paper &amp; Packaging"</h4>
<div class="paragraph">
<p>Forest, Paper &amp; Packaging</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorhealthcare">threatmatch:sector="Healthcare"</h4>
<div class="paragraph">
<p>Healthcare</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorhospitality_leisure">threatmatch:sector="Hospitality &amp; Leisure"</h4>
<div class="paragraph">
<p>Hospitality &amp; Leisure</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorindustrial_manufacturing">threatmatch:sector="Industrial Manufacturing"</h4>
<div class="paragraph">
<p>Industrial Manufacturing</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorit_industry">threatmatch:sector="IT Industry"</h4>
<div class="paragraph">
<p>IT Industry</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorlegal">threatmatch:sector="Legal"</h4>
<div class="paragraph">
<p>Legal</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectormetals">threatmatch:sector="Metals"</h4>
<div class="paragraph">
<p>Metals</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorpharmaceuticals_life_sciences">threatmatch:sector="Pharmaceuticals &amp; Life Sciences"</h4>
<div class="paragraph">
<p>Pharmaceuticals &amp; Life Sciences</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorprivate_equity">threatmatch:sector="Private Equity"</h4>
<div class="paragraph">
<p>Private Equity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorretail_consumer">threatmatch:sector="Retail &amp; Consumer"</h4>
<div class="paragraph">
<p>Retail &amp; Consumer</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorsemiconductors">threatmatch:sector="Semiconductors"</h4>
<div class="paragraph">
<p>Semiconductors</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectorsovereign_investment_funds">threatmatch:sector="Sovereign Investment Funds"</h4>
<div class="paragraph">
<p>Sovereign Investment Funds</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchsectortransport_logistics">threatmatch:sector="Transport &amp; Logistics"</h4>
<div class="paragraph">
<p>Transport &amp; Logistics</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_incident_type">incident-type</h3>
<div class="sect3">
<h4 id="_threatmatchincident_typeatm_attacks">threatmatch:incident-type="ATM Attacks"</h4>
<div class="paragraph">
<p>ATM Attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeatm_breach">threatmatch:incident-type="ATM Breach"</h4>
<div class="paragraph">
<p>ATM Breach</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeattempted_exploitation">threatmatch:incident-type="Attempted Exploitation"</h4>
<div class="paragraph">
<p>Attempted Exploitation</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typebotnet_activity">threatmatch:incident-type="Botnet Activity"</h4>
<div class="paragraph">
<p>Botnet Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typebusiness_email_compromise">threatmatch:incident-type="Business Email Compromise"</h4>
<div class="paragraph">
<p>Business Email Compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typecrypto_mining">threatmatch:incident-type="Crypto Mining"</h4>
<div class="paragraph">
<p>Crypto Mining</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typedata_breachcompromise">threatmatch:incident-type="Data Breach/Compromise"</h4>
<div class="paragraph">
<p>Data Breach/Compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typedata_dump">threatmatch:incident-type="Data Dump"</h4>
<div class="paragraph">
<p>Data Dump</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typedata_leakage">threatmatch:incident-type="Data Leakage"</h4>
<div class="paragraph">
<p>Data Leakage</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeddos">threatmatch:incident-type="DDoS"</h4>
<div class="paragraph">
<p>DDoS</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typedefacement_activity">threatmatch:incident-type="Defacement Activity"</h4>
<div class="paragraph">
<p>Defacement Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typedenial_of_service_dos">threatmatch:incident-type="Denial of Service (DoS)"</h4>
<div class="paragraph">
<p>Denial of Service (DoS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typedisruption_activity">threatmatch:incident-type="Disruption Activity"</h4>
<div class="paragraph">
<p>Disruption Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeespionage">threatmatch:incident-type="Espionage"</h4>
<div class="paragraph">
<p>Espionage</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeespionage_activity">threatmatch:incident-type="Espionage Activity"</h4>
<div class="paragraph">
<p>Espionage Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeexec_targeting">threatmatch:incident-type="Exec Targeting "</h4>
<div class="paragraph">
<p>Exec Targeting</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeexposure_of_data">threatmatch:incident-type="Exposure of Data"</h4>
<div class="paragraph">
<p>Exposure of Data</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeextortion_activity">threatmatch:incident-type="Extortion Activity"</h4>
<div class="paragraph">
<p>Extortion Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typefraud_activity">threatmatch:incident-type="Fraud Activity"</h4>
<div class="paragraph">
<p>Fraud Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typegeneral_notification">threatmatch:incident-type="General Notification"</h4>
<div class="paragraph">
<p>General Notification</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typehacktivism_activity">threatmatch:incident-type="Hacktivism Activity"</h4>
<div class="paragraph">
<p>Hacktivism Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typemalicious_insider">threatmatch:incident-type="Malicious Insider"</h4>
<div class="paragraph">
<p>Malicious Insider</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typemalware_infection">threatmatch:incident-type="Malware Infection"</h4>
<div class="paragraph">
<p>Malware Infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeman_in_the_middle_attacks">threatmatch:incident-type="Man in the Middle Attacks"</h4>
<div class="paragraph">
<p>Man in the Middle Attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typemfa_attack">threatmatch:incident-type="MFA Attack"</h4>
<div class="paragraph">
<p>MFA Attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typemobile_malware">threatmatch:incident-type="Mobile Malware"</h4>
<div class="paragraph">
<p>Mobile Malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typephishing_activity">threatmatch:incident-type="Phishing Activity"</h4>
<div class="paragraph">
<p>Phishing Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeransomware_activity">threatmatch:incident-type="Ransomware Activity"</h4>
<div class="paragraph">
<p>Ransomware Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typesocial_engineering_activity">threatmatch:incident-type="Social Engineering Activity"</h4>
<div class="paragraph">
<p>Social Engineering Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typesocial_media_compromise">threatmatch:incident-type="Social Media Compromise"</h4>
<div class="paragraph">
<p>Social Media Compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typespear_phishing_activity">threatmatch:incident-type="Spear-phishing Activity"</h4>
<div class="paragraph">
<p>Spear-phishing Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typespyware">threatmatch:incident-type="Spyware"</h4>
<div class="paragraph">
<p>Spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typesql_injection_activity">threatmatch:incident-type="SQL Injection Activity"</h4>
<div class="paragraph">
<p>SQL Injection Activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typesupply_chain_compromise">threatmatch:incident-type="Supply Chain Compromise"</h4>
<div class="paragraph">
<p>Supply Chain Compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typetrojanised_software">threatmatch:incident-type="Trojanised Software"</h4>
<div class="paragraph">
<p>Trojanised Software</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typevishing">threatmatch:incident-type="Vishing"</h4>
<div class="paragraph">
<p>Vishing</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typewebsite_attack_other">threatmatch:incident-type="Website Attack (Other)"</h4>
<div class="paragraph">
<p>Website Attack (Other)</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchincident_typeunknown">threatmatch:incident-type="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_type_3">malware-type</h3>
<div class="sect3">
<h4 id="_threatmatchmalware_typeadware">threatmatch:malware-type="Adware"</h4>
<div class="paragraph">
<p>Adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typebackdoor">threatmatch:malware-type="Backdoor"</h4>
<div class="paragraph">
<p>Backdoor</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typebanking_trojan">threatmatch:malware-type="Banking Trojan"</h4>
<div class="paragraph">
<p>Banking Trojan</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typebotnet">threatmatch:malware-type="Botnet"</h4>
<div class="paragraph">
<p>Botnet</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typedestructive">threatmatch:malware-type="Destructive"</h4>
<div class="paragraph">
<p>Destructive</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typedownloader">threatmatch:malware-type="Downloader"</h4>
<div class="paragraph">
<p>Downloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typeexploit_kit">threatmatch:malware-type="Exploit Kit"</h4>
<div class="paragraph">
<p>Exploit Kit</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typefileless_malware">threatmatch:malware-type="Fileless Malware"</h4>
<div class="paragraph">
<p>Fileless Malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typekeylogger">threatmatch:malware-type="Keylogger"</h4>
<div class="paragraph">
<p>Keylogger</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typelegitimate_tool">threatmatch:malware-type="Legitimate Tool"</h4>
<div class="paragraph">
<p>Legitimate Tool</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typemobile_application">threatmatch:malware-type="Mobile Application"</h4>
<div class="paragraph">
<p>Mobile Application</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typemobile_malware">threatmatch:malware-type="Mobile Malware"</h4>
<div class="paragraph">
<p>Mobile Malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typepoint_of_sale_pos">threatmatch:malware-type="Point-of-Sale (PoS)"</h4>
<div class="paragraph">
<p>Point-of-Sale (PoS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typeremote_access_trojan">threatmatch:malware-type="Remote Access Trojan"</h4>
<div class="paragraph">
<p>Remote Access Trojan</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typerootkit">threatmatch:malware-type="Rootkit"</h4>
<div class="paragraph">
<p>Rootkit</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typeskimmer">threatmatch:malware-type="Skimmer"</h4>
<div class="paragraph">
<p>Skimmer</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typespyware">threatmatch:malware-type="Spyware"</h4>
<div class="paragraph">
<p>Spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typesurveillance_tool">threatmatch:malware-type="Surveillance Tool"</h4>
<div class="paragraph">
<p>Surveillance Tool</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typetrojan">threatmatch:malware-type="Trojan"</h4>
<div class="paragraph">
<p>Trojan</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typevirus">threatmatch:malware-type="Virus"</h4>
<div class="paragraph">
<p>Virus</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typeworm">threatmatch:malware-type="Worm"</h4>
<div class="paragraph">
<p>Worm</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typezero_day">threatmatch:malware-type="Zero-day"</h4>
<div class="paragraph">
<p>Zero-day</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchmalware_typeunknown">threatmatch:malware-type="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_alert_type">alert-type</h3>
<div class="sect3">
<h4 id="_threatmatchalert_typeactor_campaigns">threatmatch:alert-type="Actor Campaigns"</h4>
<div class="paragraph">
<p>Actor Campaigns</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typecredential_breaches">threatmatch:alert-type="Credential Breaches"</h4>
<div class="paragraph">
<p>Credential Breaches</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typeddos">threatmatch:alert-type="DDoS"</h4>
<div class="paragraph">
<p>DDoS</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typeexploit_alert">threatmatch:alert-type="Exploit Alert"</h4>
<div class="paragraph">
<p>Exploit Alert</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typegeneral_notification">threatmatch:alert-type="General Notification"</h4>
<div class="paragraph">
<p>General Notification</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typehigh_impact_vulnerabilities">threatmatch:alert-type="High Impact Vulnerabilities"</h4>
<div class="paragraph">
<p>High Impact Vulnerabilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typeinformation_leakages">threatmatch:alert-type="Information Leakages"</h4>
<div class="paragraph">
<p>Information Leakages</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typemalware_analysis">threatmatch:alert-type="Malware Analysis"</h4>
<div class="paragraph">
<p>Malware Analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typenefarious_domains">threatmatch:alert-type="Nefarious Domains"</h4>
<div class="paragraph">
<p>Nefarious Domains</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typenefarious_forum_mention">threatmatch:alert-type="Nefarious Forum Mention"</h4>
<div class="paragraph">
<p>Nefarious Forum Mention</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typepastebin_dumps">threatmatch:alert-type="Pastebin Dumps"</h4>
<div class="paragraph">
<p>Pastebin Dumps</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typephishing_attempts">threatmatch:alert-type="Phishing Attempts"</h4>
<div class="paragraph">
<p>Phishing Attempts</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typepii_exposure">threatmatch:alert-type="PII Exposure"</h4>
<div class="paragraph">
<p>PII Exposure</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typesensitive_information_disclosures">threatmatch:alert-type="Sensitive Information Disclosures"</h4>
<div class="paragraph">
<p>Sensitive Information Disclosures</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typesocial_media_alerts">threatmatch:alert-type="Social Media Alerts"</h4>
<div class="paragraph">
<p>Social Media Alerts</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typesupply_chain_event">threatmatch:alert-type="Supply Chain Event"</h4>
<div class="paragraph">
<p>Supply Chain Event</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typetechnical_exposure">threatmatch:alert-type="Technical Exposure"</h4>
<div class="paragraph">
<p>Technical Exposure</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typethreat_actor_updates">threatmatch:alert-type="Threat Actor Updates"</h4>
<div class="paragraph">
<p>Threat Actor Updates</p>
</div>
</div>
<div class="sect3">
<h4 id="_threatmatchalert_typetrigger_events">threatmatch:alert-type="Trigger Events"</h4>
<div class="paragraph">
<p>Trigger Events</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_threats_to_dns">threats-to-dns</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
threats-to-dns namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/threats-to-dns/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., &amp; Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys &amp; Tutorials, 11. doi:10.1109/comst.2018.2849614</p>
</div>
<div class="sect2">
<h3 id="_dns_protocol_attacks">dns-protocol-attacks</h3>
<div class="paragraph">
<p>DNS protocol attacks</p>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_protocol_attacksman_in_the_middle_attack">threats-to-dns:dns-protocol-attacks="man-in-the-middle-attack"</h4>
<div class="paragraph">
<p>Man-in-the-middle attack</p>
</div>
<div class="paragraph">
<p>Man-in-the-middle attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_protocol_attacksdns_spoofing">threats-to-dns:dns-protocol-attacks="dns-spoofing"</h4>
<div class="paragraph">
<p>DNS spoofing</p>
</div>
<div class="paragraph">
<p>DNS spoofing</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_protocol_attacksdns_rebinding">threats-to-dns:dns-protocol-attacks="dns-rebinding"</h4>
<div class="paragraph">
<p>DNS rebinding</p>
</div>
<div class="paragraph">
<p>DNS rebinding</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dns_server_attacks">dns-server-attacks</h3>
<div class="paragraph">
<p>DNS server attacks</p>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_server_attacksserver_dos_and_ddos">threats-to-dns:dns-server-attacks="server-dos-and-ddos"</h4>
<div class="paragraph">
<p>Server DoS &amp; DDoS</p>
</div>
<div class="paragraph">
<p>Server DoS &amp; DDoS</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_server_attacksserver_hijacking">threats-to-dns:dns-server-attacks="server-hijacking"</h4>
<div class="paragraph">
<p>Server hijacking</p>
</div>
<div class="paragraph">
<p>Server hijacking</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_server_attackscache_poisoning">threats-to-dns:dns-server-attacks="cache-poisoning"</h4>
<div class="paragraph">
<p>Cache poisoning</p>
</div>
<div class="paragraph">
<p>Cache poisoning</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dns_abuse_or_misuse">dns-abuse-or-misuse</h3>
<div class="paragraph">
<p>DNS abuse/misuse</p>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusedomain_name_registration_abuse_cybersquatting">threats-to-dns:dns-abuse-or-misuse="domain-name-registration-abuse-cybersquatting"</h4>
<div class="paragraph">
<p>Domain name registration abuse such as cybersquatting</p>
</div>
<div class="paragraph">
<p>Domain name registration abuse such as cybersquatting</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusedomain_name_registration_abuse_typosquatting">threats-to-dns:dns-abuse-or-misuse="domain-name-registration-abuse-typosquatting"</h4>
<div class="paragraph">
<p>Domain name registration abuse such as typosquatting</p>
</div>
<div class="paragraph">
<p>Domain name registration abuse such as typosquatting</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusedomain_name_registration_abuse_domain_reputation_and_re_registration">threats-to-dns:dns-abuse-or-misuse="domain-name-registration-abuse-domain-reputation-and-re-registration"</h4>
<div class="paragraph">
<p>Domain name registration abuse as domain reputation and re-registration</p>
</div>
<div class="paragraph">
<p>Domain name registration abuse as domain reputation and re-gistration</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusedns_reflection_dns_amplification">threats-to-dns:dns-abuse-or-misuse="dns-reflection-dns-amplification"</h4>
<div class="paragraph">
<p>DNS reflection - DNS amplification</p>
</div>
<div class="paragraph">
<p>DNS reflection - DNS amplification</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusemalicious_or_compromised_domains_ips_malicious_botnets_c2">threats-to-dns:dns-abuse-or-misuse="malicious-or-compromised-domains-ips-malicious-botnets-c2"</h4>
<div class="paragraph">
<p>Malicious or compromised domains/IPs - Malicious botnets (C&amp;C servers)</p>
</div>
<div class="paragraph">
<p>Malicious or compromised domains/IPs - Malicious botnets (C&amp;C servers)</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusemalicious_or_compromised_domains_ips_fast_flux_domains">threats-to-dns:dns-abuse-or-misuse="malicious-or-compromised-domains-ips-fast-flux-domains"</h4>
<div class="paragraph">
<p>Malicious or compromised domains/IPs - Malicious fast-flux domain &amp; networks</p>
</div>
<div class="paragraph">
<p>Malicious or compromised domains/IPs - Malicious fast-flux domain &amp; networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusemalicious_or_compromised_domains_ips_malicious_dgas">threats-to-dns:dns-abuse-or-misuse="malicious-or-compromised-domains-ips-malicious-dgas"</h4>
<div class="paragraph">
<p>Malicious or compromised domains/IPs - Malicious DGAs</p>
</div>
<div class="paragraph">
<p>Malicious or compromised domains/IPs - Malicious DGAs</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusecovert_channels_malicious_dns_tunneling">threats-to-dns:dns-abuse-or-misuse="covert-channels-malicious-dns-tunneling"</h4>
<div class="paragraph">
<p>Covert channels - Malicious DNS tunneling</p>
</div>
<div class="paragraph">
<p>Covert channels - Malicious DNS tunneling</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusecovert_channels_malicious_payload_distribution">threats-to-dns:dns-abuse-or-misuse="covert-channels-malicious-payload-distribution"</h4>
<div class="paragraph">
<p>Covert channels - Malicious DNS tunneling</p>
</div>
<div class="paragraph">
<p>Covert channels - Malicious DNS tunneling</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusebenign_services_applications_malicious_dns_resolvers">threats-to-dns:dns-abuse-or-misuse="benign-services-applications-malicious-dns-resolvers"</h4>
<div class="paragraph">
<p>Benign services and applications - Malicious DNS resolvers</p>
</div>
<div class="paragraph">
<p>Benign services and applications - Malicious DNS resolvers</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusebenign_services_applications_malicious_scanners">threats-to-dns:dns-abuse-or-misuse="benign-services-applications-malicious-scanners"</h4>
<div class="paragraph">
<p>Benign services and applications - Malicious scanners</p>
</div>
<div class="paragraph">
<p>Benign services and applications - Malicious scanners</p>
</div>
</div>
<div class="sect3">
<h4 id="_threats_to_dnsdns_abuse_or_misusebenign_services_applications_url_shorteners">threats-to-dns:dns-abuse-or-misuse="benign-services-applications-url-shorteners"</h4>
<div class="paragraph">
<p>Benign services and applications - URL shorteners</p>
</div>
<div class="paragraph">
<p>Benign services and applications - URL shorteners</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_tlp_2">tlp</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
tlp namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/tlp/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_red_2">red</h3>
<div class="paragraph">
<p>Not for disclosure, restricted to participants only. Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party&#8217;s privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.</p>
</div>
<div class="sect3">
<h4 id="_tlpred">tlp:red</h4>
<div class="paragraph">
<p>(TLP:RED) Information exclusively and directly given to (a group of) individual recipients. Sharing outside is not legitimate.</p>
</div>
<div class="paragraph">
<p>Not for disclosure, restricted to participants only. Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party&#8217;s privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_amber_2">amber</h3>
<div class="paragraph">
<p>Limited disclosure, restricted to participants organizations. Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.</p>
</div>
<div class="sect3">
<h4 id="_tlpamber">tlp:amber</h4>
<div class="paragraph">
<p>(TLP:AMBER) Information exclusively given to an organization; sharing limited within the organization to be effectively acted upon.</p>
</div>
<div class="paragraph">
<p>Limited disclosure, restricted to participants organizations. Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_green_2">green</h3>
<div class="paragraph">
<p>Limited disclosure, restricted to the community. Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community.</p>
</div>
<div class="sect3">
<h4 id="_tlpgreen">tlp:green</h4>
<div class="paragraph">
<p>(TLP:GREEN) Information given to a community or a group of organizations at large. The information cannot be publicly released.</p>
</div>
<div class="paragraph">
<p>Limited disclosure, restricted to the community. Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_white_2">white</h3>
<div class="paragraph">
<p>Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.</p>
</div>
<div class="sect3">
<h4 id="_tlpwhite">tlp:white</h4>
<div class="paragraph">
<p>(TLP:WHITE) Information can be shared publicly in accordance with the law.</p>
</div>
<div class="paragraph">
<p>Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exchr">ex:chr</h3>
<div class="sect3">
<h4 id="_tlpexchr">tlp:ex:chr</h4>
<div class="paragraph">
<p>(TLP:EX:CHR) Information extended with a specific tag called Chatham House Rule (CHR). When this specific CHR tag is mentioned, the attribution (the source of information) must not be disclosed. This additional rule is at the discretion of the initial sender who can decide to apply or not the CHR tag.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_tor">tor</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
tor namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/tor/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy to describe Tor network infrastructure</p>
</div>
<div class="sect2">
<h3 id="_tor_relay_type">tor-relay-type</h3>
<div class="sect3">
<h4 id="_tortor_relay_typeentry_guard_relay">tor:tor-relay-type="entry-guard-relay"</h4>
<div class="paragraph">
<p>Entry node to the Tor network</p>
</div>
</div>
<div class="sect3">
<h4 id="_tortor_relay_typemiddle_relay">tor:tor-relay-type="middle-relay"</h4>
<div class="paragraph">
<p>Tor node relaying traffic between an entry-guard-relay to an exit-relay</p>
</div>
</div>
<div class="sect3">
<h4 id="_tortor_relay_typeexit_relay">tor:tor-relay-type="exit-relay"</h4>
<div class="paragraph">
<p>Tor node relaying traffic outside of the Tor network to the original destination</p>
</div>
</div>
<div class="sect3">
<h4 id="_tortor_relay_typebridge_relay">tor:tor-relay-type="bridge-relay"</h4>
<div class="paragraph">
<p>Entry node to the Tor network - partially unpublished</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_trust">trust</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
trust namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/trust/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Indicator of Trust provides insight about data on what can be trusted and known as a good actor. Similar to a whitelist but on steroids, reusing features one would use with Indicators of Compromise, but to filter out what is known to be good.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_trust_2">trust</h3>
<div class="sect3">
<h4 id="_trusttrustunknown">trust:trust="unknown"</h4>
<div class="paragraph">
<p>Unknown Confidence State</p>
</div>
</div>
<div class="sect3">
<h4 id="_trusttrustnone">trust:trust="none"</h4>
<div class="paragraph">
<p>Cannot Trust, no confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_trusttrustpartial">trust:trust="partial"</h4>
<div class="paragraph">
<p>Low confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_trusttrustrelationship">trust:trust="relationship"</h4>
<div class="paragraph">
<p>Inherited Full Trust by a third party that we trust</p>
</div>
</div>
<div class="sect3">
<h4 id="_trusttrustfull">trust:trust="full"</h4>
<div class="paragraph">
<p>We fully trust it</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_frequency">frequency</h3>
<div class="sect3">
<h4 id="_trustfrequencyhourly">trust:frequency="hourly"</h4>
<div class="paragraph">
<p>This attribute is likely to happen at an hourly interval</p>
</div>
</div>
<div class="sect3">
<h4 id="_trustfrequencydaily">trust:frequency="daily"</h4>
<div class="paragraph">
<p>This attribute is likely to happen at a daily interval</p>
</div>
</div>
<div class="sect3">
<h4 id="_trustfrequencyweekly">trust:frequency="weekly"</h4>
<div class="paragraph">
<p>This attribute is likely to happen at a weekly interval</p>
</div>
</div>
<div class="sect3">
<h4 id="_trustfrequencymonthly">trust:frequency="monthly"</h4>
<div class="paragraph">
<p>This attribute is likely to happen at a monthly interval</p>
</div>
</div>
<div class="sect3">
<h4 id="_trustfrequencyyearly">trust:frequency="yearly"</h4>
<div class="paragraph">
<p>Thie attribute is likely to happen at a yearly interval</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_valid">valid</h3>
<div class="sect3">
<h4 id="_trustvalidtrue">trust:valid="true"</h4>
<div class="paragraph">
<p>This Trust is valid</p>
</div>
</div>
<div class="sect3">
<h4 id="_trustvalidfalse">trust:valid="false"</h4>
<div class="paragraph">
<p>This trust is invalid. Such as a MD5 Hash etc.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_type_7">type</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
type namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/type/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence.</p>
</div>
<div class="sect2">
<h3 id="_osint_2">OSINT</h3>
<div class="paragraph">
<p>gathered from open sources</p>
</div>
<div class="sect3">
<h4 id="_typeosint">type:OSINT</h4>
<div class="paragraph">
<p>Open Source Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from open sources</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sigint">SIGINT</h3>
<div class="paragraph">
<p>gathered from interception of signals</p>
</div>
<div class="sect3">
<h4 id="_typesigint">type:SIGINT</h4>
<div class="paragraph">
<p>Signal Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from interception of signals</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_techint">TECHINT</h3>
<div class="paragraph">
<p>gathered from analysis of weapons and equipment used by the armed forces of foreign nations, or environmental conditions</p>
</div>
<div class="sect3">
<h4 id="_typetechint">type:TECHINT</h4>
<div class="paragraph">
<p>Technical Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from analysis of weapons and equipment used by the armed forces of foreign nations, or environmental conditions</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cybint">CYBINT</h3>
<div class="paragraph">
<p>gathered from active or passive exploitation (CNE) in the cyberspace</p>
</div>
<div class="sect3">
<h4 id="_typecybint">type:CYBINT</h4>
<div class="paragraph">
<p>Cyberspace Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from active or passive exploitation (CNE) in the cyberspace</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dnint">DNINT</h3>
<div class="paragraph">
<p>gathered from active or passive expoilation (CNE) in the digital network.</p>
</div>
<div class="sect3">
<h4 id="_typednint">type:DNINT</h4>
<div class="paragraph">
<p>Digital Network Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from active or passive expoilation (CNE) in the digital network.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_humint">HUMINT</h3>
<div class="paragraph">
<p>gathered from a person in the location in question</p>
</div>
<div class="sect3">
<h4 id="_typehumint">type:HUMINT</h4>
<div class="paragraph">
<p>Human Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from a person in the location in question</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_medint">MEDINT</h3>
<div class="paragraph">
<p>gathered from analysis of medical records and/or actual physiological examinations to determine health and/or particular ailments/allergetic conditions for consideration</p>
</div>
<div class="sect3">
<h4 id="_typemedint">type:MEDINT</h4>
<div class="paragraph">
<p>Medical Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from analysis of medical records and/or actual physiological examinations to determine health and/or particular ailments/allergetic conditions for consideration</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_geoint">GEOINT</h3>
<div class="paragraph">
<p>gathered from satellite, aerial photography, mapping/terrain data</p>
</div>
<div class="sect3">
<h4 id="_typegeoint">type:GEOINT</h4>
<div class="paragraph">
<p>Geospatial Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from satellite, aerial photography, mapping/terrain data</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_imint">IMINT</h3>
<div class="paragraph">
<p>gathered from satellite and aerial photography</p>
</div>
<div class="sect3">
<h4 id="_typeimint">type:IMINT</h4>
<div class="paragraph">
<p>Imagery Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from satellite and aerial photography</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_masint">MASINT</h3>
<div class="paragraph">
<p>gathered from electro-optical, nuclear survey, geophysical measurements, radar, materials analysis</p>
</div>
<div class="sect3">
<h4 id="_typemasint">type:MASINT</h4>
<div class="paragraph">
<p>Measurement and signature intelligence</p>
</div>
<div class="paragraph">
<p>gathered from electro-optical, nuclear survey, geophysical measurements, radar, materials analysis</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_finint">FININT</h3>
<div class="paragraph">
<p>gathered from analysis of monetary or financial transactions</p>
</div>
<div class="sect3">
<h4 id="_typefinint">type:FININT</h4>
<div class="paragraph">
<p>Financial Intelligence</p>
</div>
<div class="paragraph">
<p>gathered from analysis of monetary or financial transactions</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_unified_kill_chain">unified-kill-chain</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
unified-kill-chain namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/unified-kill-chain/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Unified Kill Chain is a refinement to the Kill Chain.</p>
</div>
<div class="sect2">
<h3 id="_initial_foothold">Initial Foothold</h3>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholdreconnaissance">unified-kill-chain:Initial Foothold="reconnaissance"</h4>
<div class="paragraph">
<p>Reconnaissance</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholdweaponization">unified-kill-chain:Initial Foothold="weaponization"</h4>
<div class="paragraph">
<p>Weaponization</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholddelivery">unified-kill-chain:Initial Foothold="delivery"</h4>
<div class="paragraph">
<p>Delivery</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholdsocial_engineering">unified-kill-chain:Initial Foothold="social-engineering"</h4>
<div class="paragraph">
<p>Social Engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholdexploitation">unified-kill-chain:Initial Foothold="exploitation"</h4>
<div class="paragraph">
<p>Exploitation</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholdpersistence">unified-kill-chain:Initial Foothold="persistence"</h4>
<div class="paragraph">
<p>Persistence</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholddefense_evasion">unified-kill-chain:Initial Foothold="defense-evasion"</h4>
<div class="paragraph">
<p>Defense Evasion</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chaininitial_footholdcommand_control">unified-kill-chain:Initial Foothold="command-control"</h4>
<div class="paragraph">
<p>Command &amp; Control</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_network_propagation">Network Propagation</h3>
<div class="sect3">
<h4 id="_unified_kill_chainnetwork_propagationpivoting">unified-kill-chain:Network Propagation="pivoting"</h4>
<div class="paragraph">
<p>Pivoting</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainnetwork_propagationdiscovery">unified-kill-chain:Network Propagation="discovery"</h4>
<div class="paragraph">
<p>Discovery</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainnetwork_propagationprivilege_escalation">unified-kill-chain:Network Propagation="privilege-escalation"</h4>
<div class="paragraph">
<p>Privilege Escalation</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainnetwork_propagationexecution">unified-kill-chain:Network Propagation="execution"</h4>
<div class="paragraph">
<p>Execution</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainnetwork_propagationcredential_access">unified-kill-chain:Network Propagation="credential-access"</h4>
<div class="paragraph">
<p>Credential Access</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainnetwork_propagationlateral_movement">unified-kill-chain:Network Propagation="lateral-movement"</h4>
<div class="paragraph">
<p>Lateral Movement</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_on_objectives">Action on Objectives</h3>
<div class="sect3">
<h4 id="_unified_kill_chainaction_on_objectivesaccess">unified-kill-chain:Action on Objectives="access"</h4>
<div class="paragraph">
<p>Access</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainaction_on_objectivescollection">unified-kill-chain:Action on Objectives="collection"</h4>
<div class="paragraph">
<p>Collection</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainaction_on_objectivesexfiltration">unified-kill-chain:Action on Objectives="exfiltration"</h4>
<div class="paragraph">
<p>Exfiltration</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainaction_on_objectivesimpact">unified-kill-chain:Action on Objectives="impact"</h4>
<div class="paragraph">
<p>Impact</p>
</div>
</div>
<div class="sect3">
<h4 id="_unified_kill_chainaction_on_objectivesobjectives">unified-kill-chain:Action on Objectives="objectives"</h4>
<div class="paragraph">
<p>Objectives</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_use_case_applicability">use-case-applicability</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
use-case-applicability namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/use-case-applicability/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Use Case Applicability categories reflect standard resolution categories, to clearly display alerting rule configuration problems.</p>
</div>
<div class="sect2">
<h3 id="_announced_administrativeuser_action">announced-administrative/user-action</h3>
<div class="paragraph">
<p>The process to communicate administrative activities or special user actions was in place and working correctly. Internal sensors are working and detecting privileged or irregular administrative behaviour.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilityannounced_administrativeuser_action">use-case-applicability:announced-administrative/user-action</h4>
<div class="paragraph">
<p>Announced administrative/user action</p>
</div>
<div class="paragraph">
<p>The process to communicate administrative activities or special user actions was in place and working correctly. Internal sensors are working and detecting privileged or irregular administrative behaviour.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unannounced_administrativeuser_action">unannounced-administrative/user-action</h3>
<div class="paragraph">
<p>Internal sensors have detected privileged or user activity, which was not previously communicated. This category also includes improper usage.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilityunannounced_administrativeuser_action">use-case-applicability:unannounced-administrative/user-action</h4>
<div class="paragraph">
<p>Unannounced administrative/user action</p>
</div>
<div class="paragraph">
<p>Internal sensors have detected privileged or user activity, which was not previously communicated. This category also includes improper usage.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_log_management_rule_configuration_error">log-management-rule-configuration-error</h3>
<div class="paragraph">
<p>This category reflects false alerts that were raised due to configuration errors in the central log management system, often a SIEM, rule.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilitylog_management_rule_configuration_error">use-case-applicability:log-management-rule-configuration-error</h4>
<div class="paragraph">
<p>Log management rule configuration error</p>
</div>
<div class="paragraph">
<p>This category reflects false alerts that were raised due to configuration errors in the central log management system, often a SIEM, rule.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_detection_devicerule_configuration_error">detection-device/rule-configuration-error</h3>
<div class="paragraph">
<p>This category reflects rules on detection devices, which are usually passive or active components of network security.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilitydetection_devicerule_configuration_error">use-case-applicability:detection-device/rule-configuration-error</h4>
<div class="paragraph">
<p>Detection device/rule configuration error</p>
</div>
<div class="paragraph">
<p>This category reflects rules on detection devices, which are usually passive or active components of network security.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_bad_iocrule_pattern_value">bad-IOC/rule-pattern-value</h3>
<div class="paragraph">
<p>Products often require external indicator information or security feeds to be applied on active or passive infrastructure components to create alerts.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilitybad_iocrule_pattern_value">use-case-applicability:bad-IOC/rule-pattern-value</h4>
<div class="paragraph">
<p>Bad IOC/rule pattern value</p>
</div>
<div class="paragraph">
<p>Products often require external indicator information or security feeds to be applied on active or passive infrastructure components to create alerts.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_test_alert">test-alert</h3>
<div class="paragraph">
<p>This alert reflects alerts created for testing purposes.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilitytest_alert">use-case-applicability:test-alert</h4>
<div class="paragraph">
<p>Test alert</p>
</div>
<div class="paragraph">
<p>This alert reflects alerts created for testing purposes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confirmed_attack_with_ir_actions">confirmed-attack-with-IR-actions</h3>
<div class="paragraph">
<p>This alert represents the classic true positives, where all security controls in place were circumvented, a security control was lacking or a misconfiguration of a security element occurred.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilityconfirmed_attack_with_ir_actions">use-case-applicability:confirmed-attack-with-IR-actions</h4>
<div class="paragraph">
<p>Confirmed Attack with IR actions</p>
</div>
<div class="paragraph">
<p>This alert represents the classic true positives, where all security controls in place were circumvented, a security control was lacking or a misconfiguration of a security element occurred.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confirmed_attack_attempt_without_ir_actions">confirmed-attack-attempt-without-IR-actions</h3>
<div class="paragraph">
<p>This category reflects an attempt by a threat actor, which in the end could be prevented by in place security measures but passed security controls associated with the delivery phase of the Cyber Kill Chain.</p>
</div>
<div class="sect3">
<h4 id="_use_case_applicabilityconfirmed_attack_attempt_without_ir_actions">use-case-applicability:confirmed-attack-attempt-without-IR-actions</h4>
<div class="paragraph">
<p>Confirmed Attack attempt without IR actions</p>
</div>
<div class="paragraph">
<p>This category reflects an attempt by a threat actor, which in the end could be prevented by in place security measures but passed security controls associated with the delivery phase of the Cyber Kill Chain.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_veris">veris</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
veris namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/veris/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Vocabulary for Event Recording and Incident Sharing (VERIS)</p>
</div>
<div class="sect2">
<h3 id="_confidence">confidence</h3>
<div class="sect3">
<h4 id="_verisconfidencehigh">veris:confidence="High"</h4>
<div class="paragraph">
<p>High confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisconfidencelow">veris:confidence="Low"</h4>
<div class="paragraph">
<p>Low confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisconfidencemedium">veris:confidence="Medium"</h4>
<div class="paragraph">
<p>Medium confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisconfidencenone">veris:confidence="None"</h4>
<div class="paragraph">
<p>No confidence</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cost_corrective_action">cost_corrective_action</h3>
<div class="sect3">
<h4 id="_veriscost_corrective_actiondifficult_and_expensive">veris:cost_corrective_action="Difficult and expensive"</h4>
<div class="paragraph">
<p>Difficult and expensive</p>
</div>
</div>
<div class="sect3">
<h4 id="_veriscost_corrective_actionsimple_and_cheap">veris:cost_corrective_action="Simple and cheap"</h4>
<div class="paragraph">
<p>Simple and cheap</p>
</div>
</div>
<div class="sect3">
<h4 id="_veriscost_corrective_actionsomething_in_between">veris:cost_corrective_action="Something in-between"</h4>
<div class="paragraph">
<p>Something in-between</p>
</div>
</div>
<div class="sect3">
<h4 id="_veriscost_corrective_actionunknown">veris:cost_corrective_action="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_discovery_method">discovery_method</h3>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_actor_disclosure">veris:discovery_method="Ext - actor disclosure"</h4>
<div class="paragraph">
<p>External - disclosed by threat agent (e.g., public brag, private blackmail)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_audit">veris:discovery_method="Ext - audit"</h4>
<div class="paragraph">
<p>External - security audit or scan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_customer">veris:discovery_method="Ext - customer"</h4>
<div class="paragraph">
<p>External - reported by customer or partner affected by the incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_emergency_response_team">veris:discovery_method="Ext - emergency response team"</h4>
<div class="paragraph">
<p>External - Emergency response team</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_found_documents">veris:discovery_method="Ext - found documents"</h4>
<div class="paragraph">
<p>External - Found documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_fraud_detection">veris:discovery_method="Ext - fraud detection"</h4>
<div class="paragraph">
<p>External - fraud detection (e.g., CPP)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_incident_response">veris:discovery_method="Ext - incident response"</h4>
<div class="paragraph">
<p>External - Notified while investigating another incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_law_enforcement">veris:discovery_method="Ext - law enforcement"</h4>
<div class="paragraph">
<p>Internal - notified by law enforcement or government agency</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_monitoring_service">veris:discovery_method="Ext - monitoring service"</h4>
<div class="paragraph">
<p>External - managed security event monitoring service</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_other">veris:discovery_method="Ext - other"</h4>
<div class="paragraph">
<p>Discovery method was external and known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_suspicious_traffic">veris:discovery_method="Ext - suspicious traffic"</h4>
<div class="paragraph">
<p>External - Report of suspicious traffic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_unknown">veris:discovery_method="Ext - unknown"</h4>
<div class="paragraph">
<p>External - unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodext_unrelated_3rd_party">veris:discovery_method="Ext - unrelated 3rd party"</h4>
<div class="paragraph">
<p>Discovered by person unaffiliated with victim or threat actor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_hids">veris:discovery_method="Int - HIDS"</h4>
<div class="paragraph">
<p>Internal - host IDS or file integrity monitoring</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_it_review">veris:discovery_method="Int - IT review"</h4>
<div class="paragraph">
<p>Any routine maintenance, testing or review of it assets. (Includes inspect of assets, vulnerability scans, etc.)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_nids">veris:discovery_method="Int - NIDS"</h4>
<div class="paragraph">
<p>Internal - All network-based security tool detection (including IPS, IDS, firewalls and other network-based security tools)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_antivirus">veris:discovery_method="Int - antivirus"</h4>
<div class="paragraph">
<p>Internal - antivirus alert</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_break_in_discovered">veris:discovery_method="Int - break in discovered"</h4>
<div class="paragraph">
<p>Internal - employee discovered evidence of a break in</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_data_loss_prevention">veris:discovery_method="Int - data loss prevention"</h4>
<div class="paragraph">
<p>Internal - Data loss prevention software</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_financial_audit">veris:discovery_method="Int - financial audit"</h4>
<div class="paragraph">
<p>Internal - financial audit and reconciliation process</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_fraud_detection">veris:discovery_method="Int - fraud detection"</h4>
<div class="paragraph">
<p>Internal - fraud detection mechanism</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_incident_response">veris:discovery_method="Int - incident response"</h4>
<div class="paragraph">
<p>Internal - discovered while responding to another (separate) incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_infrastructure_monitoring">veris:discovery_method="Int - infrastructure monitoring"</h4>
<div class="paragraph">
<p>Internal - Health and welfare monitoring of assets such as utilization, uptime, and SNMP alerts</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_log_review">veris:discovery_method="Int - log review"</h4>
<div class="paragraph">
<p>Internal - log review process or SIEM</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_other">veris:discovery_method="Int - other"</h4>
<div class="paragraph">
<p>Discovery method was internal and known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_reported_by_employee">veris:discovery_method="Int - reported by employee"</h4>
<div class="paragraph">
<p>Internal - reported by employee who saw something odd</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_security_alarm">veris:discovery_method="Int - security alarm"</h4>
<div class="paragraph">
<p>Internal - physical security system alarm</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodint_unknown">veris:discovery_method="Int - unknown"</h4>
<div class="paragraph">
<p>Internal - unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodother">veris:discovery_method="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodprt_antivirus">veris:discovery_method="Prt - antivirus"</h4>
<div class="paragraph">
<p>Partner - Notified by antivirus company but not through AV product</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodprt_audit">veris:discovery_method="Prt - audit"</h4>
<div class="paragraph">
<p>Partner - Audit performed by a partner organization</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodprt_incident_response">veris:discovery_method="Prt - incident response"</h4>
<div class="paragraph">
<p>Partner - notified while investigating another incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodprt_monitoring_service">veris:discovery_method="Prt - monitoring service"</h4>
<div class="paragraph">
<p>Partner - Reported by a monitoring service</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodprt_other">veris:discovery_method="Prt - other"</h4>
<div class="paragraph">
<p>Discovery method was partner and known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodprt_unknown">veris:discovery_method="Prt - unknown"</h4>
<div class="paragraph">
<p>Partner - Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisdiscovery_methodunknown">veris:discovery_method="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_security_incident">security_incident</h3>
<div class="sect3">
<h4 id="_verissecurity_incidentconfirmed">veris:security_incident="Confirmed"</h4>
<div class="paragraph">
<p>Yes - Confirmed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verissecurity_incidentfalse_positive">veris:security_incident="False positive"</h4>
<div class="paragraph">
<p>False positive (response triggered, but no incident)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verissecurity_incidentnear_miss">veris:security_incident="Near miss"</h4>
<div class="paragraph">
<p>Near miss (actions did not compromise asset)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verissecurity_incidentsuspected">veris:security_incident="Suspected"</h4>
<div class="paragraph">
<p>Suspected</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_targeted">targeted</h3>
<div class="sect3">
<h4 id="_veristargetedna">veris:targeted="NA"</h4>
<div class="paragraph">
<p>Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristargetedopportunistic">veris:targeted="Opportunistic"</h4>
<div class="paragraph">
<p>Opportunistic: victim attacked because they exhibited a weakness the actor knew how to exploit</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristargetedtargeted">veris:targeted="Targeted"</h4>
<div class="paragraph">
<p>Targeted: victim chosen as target then actor determined what weaknesses could be exploited</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristargetedunknown">veris:targeted="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assetaccessibility">asset:accessibility</h3>
<div class="sect3">
<h4 id="_verisassetaccessibilityexternal">veris:asset:accessibility="External"</h4>
<div class="paragraph">
<p>Publicly accessible</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetaccessibilityinternal">veris:asset:accessibility="Internal"</h4>
<div class="paragraph">
<p>Internally accessible</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetaccessibilityisolated">veris:asset:accessibility="Isolated"</h4>
<div class="paragraph">
<p>Internally isolated or restricted environment</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetaccessibilityna">veris:asset:accessibility="NA"</h4>
<div class="paragraph">
<p>Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetaccessibilityother">veris:asset:accessibility="Other"</h4>
<div class="paragraph">
<p>Accessibility known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetaccessibilityunknown">veris:asset:accessibility="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assetcloud">asset:cloud</h3>
<div class="sect3">
<h4 id="_verisassetcloudcustomer_attack">veris:asset:cloud="Customer attack"</h4>
<div class="paragraph">
<p>Penetration of another web site on shared device</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudhosting_error">veris:asset:cloud="Hosting error"</h4>
<div class="paragraph">
<p>Misconfiguration or error by hosting provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudhosting_governance">veris:asset:cloud="Hosting governance"</h4>
<div class="paragraph">
<p>Lack of security process or procedure by hosting provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudhypervisor">veris:asset:cloud="Hypervisor"</h4>
<div class="paragraph">
<p>Hypervisor break-out attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudna">veris:asset:cloud="NA"</h4>
<div class="paragraph">
<p>It is known no cloud assets were involved</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudno">veris:asset:cloud="No"</h4>
<div class="paragraph">
<p>It is known that a cloud asset was involved and it being a cloud asset did not affect the outcome</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudother">veris:asset:cloud="Other"</h4>
<div class="paragraph">
<p>Cloud hosting known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudpartner_application">veris:asset:cloud="Partner application"</h4>
<div class="paragraph">
<p>Application vulnerability in partner-developed application</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcloudunknown">veris:asset:cloud="Unknown"</h4>
<div class="paragraph">
<p>The involvement of cloud assets was not measured</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetclouduser_breakout">veris:asset:cloud="User breakout"</h4>
<div class="paragraph">
<p>Elevation of privilege by another customer in shared environment</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assetcountry">asset:country</h3>
<div class="sect3">
<h4 id="_verisassetcountryad">veris:asset:country="AD"</h4>
<div class="paragraph">
<p>Andorra</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryae">veris:asset:country="AE"</h4>
<div class="paragraph">
<p>United Arab Emirates</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryaf">veris:asset:country="AF"</h4>
<div class="paragraph">
<p>Afghanistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryag">veris:asset:country="AG"</h4>
<div class="paragraph">
<p>Antigua and Barbuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryai">veris:asset:country="AI"</h4>
<div class="paragraph">
<p>Anguilla</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryal">veris:asset:country="AL"</h4>
<div class="paragraph">
<p>Albania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryam">veris:asset:country="AM"</h4>
<div class="paragraph">
<p>Armenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryao">veris:asset:country="AO"</h4>
<div class="paragraph">
<p>Angola</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryaq">veris:asset:country="AQ"</h4>
<div class="paragraph">
<p>Antarctica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryar">veris:asset:country="AR"</h4>
<div class="paragraph">
<p>Argentina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryas">veris:asset:country="AS"</h4>
<div class="paragraph">
<p>American Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryat">veris:asset:country="AT"</h4>
<div class="paragraph">
<p>Austria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryau">veris:asset:country="AU"</h4>
<div class="paragraph">
<p>Australia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryaw">veris:asset:country="AW"</h4>
<div class="paragraph">
<p>Aruba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryax">veris:asset:country="AX"</h4>
<div class="paragraph">
<p>Aland Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryaz">veris:asset:country="AZ"</h4>
<div class="paragraph">
<p>Azerbaijan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryba">veris:asset:country="BA"</h4>
<div class="paragraph">
<p>Bosnia and Herzegovina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybb">veris:asset:country="BB"</h4>
<div class="paragraph">
<p>Barbados</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybd">veris:asset:country="BD"</h4>
<div class="paragraph">
<p>Bangladesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybe">veris:asset:country="BE"</h4>
<div class="paragraph">
<p>Belgium</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybf">veris:asset:country="BF"</h4>
<div class="paragraph">
<p>Burkina Faso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybg">veris:asset:country="BG"</h4>
<div class="paragraph">
<p>Bulgaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybh">veris:asset:country="BH"</h4>
<div class="paragraph">
<p>Bahrain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybi">veris:asset:country="BI"</h4>
<div class="paragraph">
<p>Burundi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybj">veris:asset:country="BJ"</h4>
<div class="paragraph">
<p>Benin</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybl">veris:asset:country="BL"</h4>
<div class="paragraph">
<p>Saint-Barthelemy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybm">veris:asset:country="BM"</h4>
<div class="paragraph">
<p>Bermuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybn">veris:asset:country="BN"</h4>
<div class="paragraph">
<p>Brunei Darussalam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybo">veris:asset:country="BO"</h4>
<div class="paragraph">
<p>Bolivia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybq">veris:asset:country="BQ"</h4>
<div class="paragraph">
<p>Bonaire, Saint Eustatius and Saba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybr">veris:asset:country="BR"</h4>
<div class="paragraph">
<p>Brazil</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybs">veris:asset:country="BS"</h4>
<div class="paragraph">
<p>Bahamas</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybt">veris:asset:country="BT"</h4>
<div class="paragraph">
<p>Bhutan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybv">veris:asset:country="BV"</h4>
<div class="paragraph">
<p>Bouvet Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybw">veris:asset:country="BW"</h4>
<div class="paragraph">
<p>Botswana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryby">veris:asset:country="BY"</h4>
<div class="paragraph">
<p>Belarus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrybz">veris:asset:country="BZ"</h4>
<div class="paragraph">
<p>Belize</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryca">veris:asset:country="CA"</h4>
<div class="paragraph">
<p>Canada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycc">veris:asset:country="CC"</h4>
<div class="paragraph">
<p>Cocos (Keeling) Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycd">veris:asset:country="CD"</h4>
<div class="paragraph">
<p>Congo, Democratic Republic of the</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycf">veris:asset:country="CF"</h4>
<div class="paragraph">
<p>Central African Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycg">veris:asset:country="CG"</h4>
<div class="paragraph">
<p>Congo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrych">veris:asset:country="CH"</h4>
<div class="paragraph">
<p>Switzerland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryci">veris:asset:country="CI"</h4>
<div class="paragraph">
<p>Cote d&#8217;Ivoire</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryck">veris:asset:country="CK"</h4>
<div class="paragraph">
<p>Cook Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycl">veris:asset:country="CL"</h4>
<div class="paragraph">
<p>Chile</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycm">veris:asset:country="CM"</h4>
<div class="paragraph">
<p>Cameroon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycn">veris:asset:country="CN"</h4>
<div class="paragraph">
<p>China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryco">veris:asset:country="CO"</h4>
<div class="paragraph">
<p>Colombia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycr">veris:asset:country="CR"</h4>
<div class="paragraph">
<p>Costa Rica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycu">veris:asset:country="CU"</h4>
<div class="paragraph">
<p>Cuba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycv">veris:asset:country="CV"</h4>
<div class="paragraph">
<p>Cape Verde</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycw">veris:asset:country="CW"</h4>
<div class="paragraph">
<p>Curacao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycx">veris:asset:country="CX"</h4>
<div class="paragraph">
<p>Christmas Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycy">veris:asset:country="CY"</h4>
<div class="paragraph">
<p>Cyprus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrycz">veris:asset:country="CZ"</h4>
<div class="paragraph">
<p>Czech Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryde">veris:asset:country="DE"</h4>
<div class="paragraph">
<p>Germany</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrydj">veris:asset:country="DJ"</h4>
<div class="paragraph">
<p>Djibouti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrydk">veris:asset:country="DK"</h4>
<div class="paragraph">
<p>Denmark</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrydm">veris:asset:country="DM"</h4>
<div class="paragraph">
<p>Dominica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrydo">veris:asset:country="DO"</h4>
<div class="paragraph">
<p>Dominican Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrydz">veris:asset:country="DZ"</h4>
<div class="paragraph">
<p>Algeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryec">veris:asset:country="EC"</h4>
<div class="paragraph">
<p>Ecuador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryee">veris:asset:country="EE"</h4>
<div class="paragraph">
<p>Estonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryeg">veris:asset:country="EG"</h4>
<div class="paragraph">
<p>Egypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryeh">veris:asset:country="EH"</h4>
<div class="paragraph">
<p>Western Sahara</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryer">veris:asset:country="ER"</h4>
<div class="paragraph">
<p>Eritrea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryes">veris:asset:country="ES"</h4>
<div class="paragraph">
<p>Spain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryet">veris:asset:country="ET"</h4>
<div class="paragraph">
<p>Ethiopia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryfi">veris:asset:country="FI"</h4>
<div class="paragraph">
<p>Finland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryfj">veris:asset:country="FJ"</h4>
<div class="paragraph">
<p>Fiji</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryfk">veris:asset:country="FK"</h4>
<div class="paragraph">
<p>Faeroe Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryfm">veris:asset:country="FM"</h4>
<div class="paragraph">
<p>Micronesia (Federated States of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryfo">veris:asset:country="FO"</h4>
<div class="paragraph">
<p>Falkland Islands (Malvinas)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryfr">veris:asset:country="FR"</h4>
<div class="paragraph">
<p>France</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryga">veris:asset:country="GA"</h4>
<div class="paragraph">
<p>Gabon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygb">veris:asset:country="GB"</h4>
<div class="paragraph">
<p>United Kingdom</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygd">veris:asset:country="GD"</h4>
<div class="paragraph">
<p>Grenada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryge">veris:asset:country="GE"</h4>
<div class="paragraph">
<p>Georgia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygf">veris:asset:country="GF"</h4>
<div class="paragraph">
<p>French Guiana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygg">veris:asset:country="GG"</h4>
<div class="paragraph">
<p>Guernsey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygh">veris:asset:country="GH"</h4>
<div class="paragraph">
<p>Ghana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygi">veris:asset:country="GI"</h4>
<div class="paragraph">
<p>Gibraltar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygl">veris:asset:country="GL"</h4>
<div class="paragraph">
<p>Greenland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygm">veris:asset:country="GM"</h4>
<div class="paragraph">
<p>Gambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygn">veris:asset:country="GN"</h4>
<div class="paragraph">
<p>Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygp">veris:asset:country="GP"</h4>
<div class="paragraph">
<p>Guadeloupe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygq">veris:asset:country="GQ"</h4>
<div class="paragraph">
<p>Equatorial Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygr">veris:asset:country="GR"</h4>
<div class="paragraph">
<p>Greece</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygs">veris:asset:country="GS"</h4>
<div class="paragraph">
<p>South Georgia and the South Sandwich Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygt">veris:asset:country="GT"</h4>
<div class="paragraph">
<p>Guatemala</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygu">veris:asset:country="GU"</h4>
<div class="paragraph">
<p>Guam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygw">veris:asset:country="GW"</h4>
<div class="paragraph">
<p>Guinea-Bissau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrygy">veris:asset:country="GY"</h4>
<div class="paragraph">
<p>Guyana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryhk">veris:asset:country="HK"</h4>
<div class="paragraph">
<p>Hong Kong</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryhm">veris:asset:country="HM"</h4>
<div class="paragraph">
<p>Heard Island and McDonal Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryhn">veris:asset:country="HN"</h4>
<div class="paragraph">
<p>Honduras</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryhr">veris:asset:country="HR"</h4>
<div class="paragraph">
<p>Croatia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryht">veris:asset:country="HT"</h4>
<div class="paragraph">
<p>Haiti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryhu">veris:asset:country="HU"</h4>
<div class="paragraph">
<p>Hungary</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryid">veris:asset:country="ID"</h4>
<div class="paragraph">
<p>Indonesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryie">veris:asset:country="IE"</h4>
<div class="paragraph">
<p>Ireland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryil">veris:asset:country="IL"</h4>
<div class="paragraph">
<p>Israel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryim">veris:asset:country="IM"</h4>
<div class="paragraph">
<p>Isle of Man</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryin">veris:asset:country="IN"</h4>
<div class="paragraph">
<p>India</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryio">veris:asset:country="IO"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryiq">veris:asset:country="IQ"</h4>
<div class="paragraph">
<p>Iraq</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryir">veris:asset:country="IR"</h4>
<div class="paragraph">
<p>Iran (Islamic Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryis">veris:asset:country="IS"</h4>
<div class="paragraph">
<p>Iceland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryit">veris:asset:country="IT"</h4>
<div class="paragraph">
<p>Italy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryje">veris:asset:country="JE"</h4>
<div class="paragraph">
<p>Jersey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryjm">veris:asset:country="JM"</h4>
<div class="paragraph">
<p>Jamaica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryjo">veris:asset:country="JO"</h4>
<div class="paragraph">
<p>Jordan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryjp">veris:asset:country="JP"</h4>
<div class="paragraph">
<p>Japan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryke">veris:asset:country="KE"</h4>
<div class="paragraph">
<p>Kenya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykg">veris:asset:country="KG"</h4>
<div class="paragraph">
<p>Kyrgyzstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykh">veris:asset:country="KH"</h4>
<div class="paragraph">
<p>Cambodia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryki">veris:asset:country="KI"</h4>
<div class="paragraph">
<p>Kiribati</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykm">veris:asset:country="KM"</h4>
<div class="paragraph">
<p>Comoros</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykn">veris:asset:country="KN"</h4>
<div class="paragraph">
<p>Saint Kitts and Nevis</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykp">veris:asset:country="KP"</h4>
<div class="paragraph">
<p>Korea, Democratic People&#8217;s Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykr">veris:asset:country="KR"</h4>
<div class="paragraph">
<p>Korea, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykw">veris:asset:country="KW"</h4>
<div class="paragraph">
<p>Kuwait</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryky">veris:asset:country="KY"</h4>
<div class="paragraph">
<p>Cayman Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrykz">veris:asset:country="KZ"</h4>
<div class="paragraph">
<p>Kazakhstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryla">veris:asset:country="LA"</h4>
<div class="paragraph">
<p>Lao People&#8217;s Democratic Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrylb">veris:asset:country="LB"</h4>
<div class="paragraph">
<p>Lebanon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrylc">veris:asset:country="LC"</h4>
<div class="paragraph">
<p>Saint Lucia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryli">veris:asset:country="LI"</h4>
<div class="paragraph">
<p>Liechtenstein</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrylk">veris:asset:country="LK"</h4>
<div class="paragraph">
<p>Sri Lanka</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrylr">veris:asset:country="LR"</h4>
<div class="paragraph">
<p>Liberia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryls">veris:asset:country="LS"</h4>
<div class="paragraph">
<p>Lesotho</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrylt">veris:asset:country="LT"</h4>
<div class="paragraph">
<p>Lithuania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrylu">veris:asset:country="LU"</h4>
<div class="paragraph">
<p>Luxembourg</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrylv">veris:asset:country="LV"</h4>
<div class="paragraph">
<p>Latvia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryly">veris:asset:country="LY"</h4>
<div class="paragraph">
<p>Libya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryma">veris:asset:country="MA"</h4>
<div class="paragraph">
<p>Morocco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymc">veris:asset:country="MC"</h4>
<div class="paragraph">
<p>Monaco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymd">veris:asset:country="MD"</h4>
<div class="paragraph">
<p>Moldova, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryme">veris:asset:country="ME"</h4>
<div class="paragraph">
<p>Montenegro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymf">veris:asset:country="MF"</h4>
<div class="paragraph">
<p>Saint Martin (French part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymg">veris:asset:country="MG"</h4>
<div class="paragraph">
<p>Madagascar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymh">veris:asset:country="MH"</h4>
<div class="paragraph">
<p>Marshall Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymk">veris:asset:country="MK"</h4>
<div class="paragraph">
<p>Macedonia, The former Yugoslav Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryml">veris:asset:country="ML"</h4>
<div class="paragraph">
<p>Mali</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymm">veris:asset:country="MM"</h4>
<div class="paragraph">
<p>Myanmar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymn">veris:asset:country="MN"</h4>
<div class="paragraph">
<p>Mongolia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymo">veris:asset:country="MO"</h4>
<div class="paragraph">
<p>Macao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymp">veris:asset:country="MP"</h4>
<div class="paragraph">
<p>Northern Mariana Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymq">veris:asset:country="MQ"</h4>
<div class="paragraph">
<p>Martinique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymr">veris:asset:country="MR"</h4>
<div class="paragraph">
<p>Mauritania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryms">veris:asset:country="MS"</h4>
<div class="paragraph">
<p>Montserrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymt">veris:asset:country="MT"</h4>
<div class="paragraph">
<p>Malta</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymu">veris:asset:country="MU"</h4>
<div class="paragraph">
<p>Mauritius</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymv">veris:asset:country="MV"</h4>
<div class="paragraph">
<p>Maldives</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymw">veris:asset:country="MW"</h4>
<div class="paragraph">
<p>Malawi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymx">veris:asset:country="MX"</h4>
<div class="paragraph">
<p>Mexico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymy">veris:asset:country="MY"</h4>
<div class="paragraph">
<p>Malaysia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrymz">veris:asset:country="MZ"</h4>
<div class="paragraph">
<p>Mozambique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryna">veris:asset:country="NA"</h4>
<div class="paragraph">
<p>Namibia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrync">veris:asset:country="NC"</h4>
<div class="paragraph">
<p>New Caledonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryne">veris:asset:country="NE"</h4>
<div class="paragraph">
<p>Niger</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrynf">veris:asset:country="NF"</h4>
<div class="paragraph">
<p>Norfolk Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryng">veris:asset:country="NG"</h4>
<div class="paragraph">
<p>Nigeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryni">veris:asset:country="NI"</h4>
<div class="paragraph">
<p>Nicaragua</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrynl">veris:asset:country="NL"</h4>
<div class="paragraph">
<p>Netherlands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryno">veris:asset:country="NO"</h4>
<div class="paragraph">
<p>Norway</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrynp">veris:asset:country="NP"</h4>
<div class="paragraph">
<p>Nepal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrynr">veris:asset:country="NR"</h4>
<div class="paragraph">
<p>Nauru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrynu">veris:asset:country="NU"</h4>
<div class="paragraph">
<p>Niue</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrynz">veris:asset:country="NZ"</h4>
<div class="paragraph">
<p>New Zealand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryom">veris:asset:country="OM"</h4>
<div class="paragraph">
<p>Oman</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryother">veris:asset:country="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypa">veris:asset:country="PA"</h4>
<div class="paragraph">
<p>Panama</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrype">veris:asset:country="PE"</h4>
<div class="paragraph">
<p>Peru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypf">veris:asset:country="PF"</h4>
<div class="paragraph">
<p>French Polynesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypg">veris:asset:country="PG"</h4>
<div class="paragraph">
<p>Papua New Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryph">veris:asset:country="PH"</h4>
<div class="paragraph">
<p>Philippines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypk">veris:asset:country="PK"</h4>
<div class="paragraph">
<p>Pakistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypl">veris:asset:country="PL"</h4>
<div class="paragraph">
<p>Poland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypm">veris:asset:country="PM"</h4>
<div class="paragraph">
<p>Saint Pierre and Miquelon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypn">veris:asset:country="PN"</h4>
<div class="paragraph">
<p>Pitcairn</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypr">veris:asset:country="PR"</h4>
<div class="paragraph">
<p>Puerto Rico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryps">veris:asset:country="PS"</h4>
<div class="paragraph">
<p>Palestinian Territory, Occupied</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypt">veris:asset:country="PT"</h4>
<div class="paragraph">
<p>Portugal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypw">veris:asset:country="PW"</h4>
<div class="paragraph">
<p>Palau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrypy">veris:asset:country="PY"</h4>
<div class="paragraph">
<p>Paraguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryqa">veris:asset:country="QA"</h4>
<div class="paragraph">
<p>Qatar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryre">veris:asset:country="RE"</h4>
<div class="paragraph">
<p>Reunion</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryro">veris:asset:country="RO"</h4>
<div class="paragraph">
<p>Romania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryrs">veris:asset:country="RS"</h4>
<div class="paragraph">
<p>Serbia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryru">veris:asset:country="RU"</h4>
<div class="paragraph">
<p>Russian Federation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryrw">veris:asset:country="RW"</h4>
<div class="paragraph">
<p>Rwanda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysa">veris:asset:country="SA"</h4>
<div class="paragraph">
<p>Saudi Arabia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysb">veris:asset:country="SB"</h4>
<div class="paragraph">
<p>Solomon Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysc">veris:asset:country="SC"</h4>
<div class="paragraph">
<p>Seychelles</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysd">veris:asset:country="SD"</h4>
<div class="paragraph">
<p>Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryse">veris:asset:country="SE"</h4>
<div class="paragraph">
<p>Sweden</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysg">veris:asset:country="SG"</h4>
<div class="paragraph">
<p>Singapore</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysh">veris:asset:country="SH"</h4>
<div class="paragraph">
<p>Saint Helena</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysi">veris:asset:country="SI"</h4>
<div class="paragraph">
<p>Slovenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysj">veris:asset:country="SJ"</h4>
<div class="paragraph">
<p>Svalbard and Jan Mayen Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysk">veris:asset:country="SK"</h4>
<div class="paragraph">
<p>Slovakia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysl">veris:asset:country="SL"</h4>
<div class="paragraph">
<p>Sierra Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysm">veris:asset:country="SM"</h4>
<div class="paragraph">
<p>San Marino</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysn">veris:asset:country="SN"</h4>
<div class="paragraph">
<p>Senegal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryso">veris:asset:country="SO"</h4>
<div class="paragraph">
<p>Somalia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysr">veris:asset:country="SR"</h4>
<div class="paragraph">
<p>Suriname</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryss">veris:asset:country="SS"</h4>
<div class="paragraph">
<p>South Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryst">veris:asset:country="ST"</h4>
<div class="paragraph">
<p>Sao Tome and Principe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysv">veris:asset:country="SV"</h4>
<div class="paragraph">
<p>El Salvador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysx">veris:asset:country="SX"</h4>
<div class="paragraph">
<p>Sint Maarten (Dutch part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysy">veris:asset:country="SY"</h4>
<div class="paragraph">
<p>Syrian Arab Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrysz">veris:asset:country="SZ"</h4>
<div class="paragraph">
<p>Swaziland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytc">veris:asset:country="TC"</h4>
<div class="paragraph">
<p>Turks and Caicos Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytd">veris:asset:country="TD"</h4>
<div class="paragraph">
<p>Chad</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytf">veris:asset:country="TF"</h4>
<div class="paragraph">
<p>French Southern Territories</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytg">veris:asset:country="TG"</h4>
<div class="paragraph">
<p>Togo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryth">veris:asset:country="TH"</h4>
<div class="paragraph">
<p>Thailand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytj">veris:asset:country="TJ"</h4>
<div class="paragraph">
<p>Tajikistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytk">veris:asset:country="TK"</h4>
<div class="paragraph">
<p>Tokelau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytl">veris:asset:country="TL"</h4>
<div class="paragraph">
<p>Timor-Leste</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytm">veris:asset:country="TM"</h4>
<div class="paragraph">
<p>Turkmenistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytn">veris:asset:country="TN"</h4>
<div class="paragraph">
<p>Tunisia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryto">veris:asset:country="TO"</h4>
<div class="paragraph">
<p>Tonga</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytr">veris:asset:country="TR"</h4>
<div class="paragraph">
<p>Turkey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytt">veris:asset:country="TT"</h4>
<div class="paragraph">
<p>Trinidad and Tobago</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytv">veris:asset:country="TV"</h4>
<div class="paragraph">
<p>Tuvalu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytw">veris:asset:country="TW"</h4>
<div class="paragraph">
<p>Taiwan, Province of China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrytz">veris:asset:country="TZ"</h4>
<div class="paragraph">
<p>Tanzania, United Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryua">veris:asset:country="UA"</h4>
<div class="paragraph">
<p>Ukraine</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryug">veris:asset:country="UG"</h4>
<div class="paragraph">
<p>Uganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryum">veris:asset:country="UM"</h4>
<div class="paragraph">
<p>United States Minor Outlying Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryus">veris:asset:country="US"</h4>
<div class="paragraph">
<p>United States of America</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryuy">veris:asset:country="UY"</h4>
<div class="paragraph">
<p>Uruguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryuz">veris:asset:country="UZ"</h4>
<div class="paragraph">
<p>Uzbekistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryunknown">veris:asset:country="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryva">veris:asset:country="VA"</h4>
<div class="paragraph">
<p>Holy See</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryvc">veris:asset:country="VC"</h4>
<div class="paragraph">
<p>Saint Vincent and the Grenadines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryve">veris:asset:country="VE"</h4>
<div class="paragraph">
<p>Venezuela (Bolivarian Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryvg">veris:asset:country="VG"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryvi">veris:asset:country="VI"</h4>
<div class="paragraph">
<p>United States Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryvn">veris:asset:country="VN"</h4>
<div class="paragraph">
<p>Viet Nam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryvu">veris:asset:country="VU"</h4>
<div class="paragraph">
<p>Vanuatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountrywf">veris:asset:country="WF"</h4>
<div class="paragraph">
<p>Wallis and Futuna Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryws">veris:asset:country="WS"</h4>
<div class="paragraph">
<p>Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryye">veris:asset:country="YE"</h4>
<div class="paragraph">
<p>Yemen</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryyt">veris:asset:country="YT"</h4>
<div class="paragraph">
<p>Mayotte</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryza">veris:asset:country="ZA"</h4>
<div class="paragraph">
<p>South Africa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryzm">veris:asset:country="ZM"</h4>
<div class="paragraph">
<p>Zambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetcountryzw">veris:asset:country="ZW"</h4>
<div class="paragraph">
<p>Zimbabwe</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assetgovernance">asset:governance</h3>
<div class="sect3">
<h4 id="_verisassetgovernance3rd_party_hosted">veris:asset:governance="3rd party hosted"</h4>
<div class="paragraph">
<p>Hosted by 3rd party</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetgovernance3rd_party_managed">veris:asset:governance="3rd party managed"</h4>
<div class="paragraph">
<p>Managed by 3rd party</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetgovernance3rd_party_owned">veris:asset:governance="3rd party owned"</h4>
<div class="paragraph">
<p>Owned by 3rd party</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetgovernanceinternally_isolated">veris:asset:governance="Internally isolated"</h4>
<div class="paragraph">
<p>Isolated internal asset</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetgovernanceother">veris:asset:governance="Other"</h4>
<div class="paragraph">
<p>Governance known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetgovernancepersonally_owned">veris:asset:governance="Personally owned"</h4>
<div class="paragraph">
<p>Personally owned asset</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetgovernanceunknown">veris:asset:governance="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetgovernancevictim_governed">veris:asset:governance="Victim governed"</h4>
<div class="paragraph">
<p>The victim owns and controls the asset</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assethosting">asset:hosting</h3>
<div class="sect3">
<h4 id="_verisassethostingexternal">veris:asset:hosting="External"</h4>
<div class="paragraph">
<p>Externally hosted (unsure if dedicated or shared)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassethostingexternal_dedicated">veris:asset:hosting="External dedicated"</h4>
<div class="paragraph">
<p>Externally hosted in a dedicated environment</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassethostingexternal_shared">veris:asset:hosting="External shared"</h4>
<div class="paragraph">
<p>Externally hosted in a shared environment</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassethostinginternal">veris:asset:hosting="Internal"</h4>
<div class="paragraph">
<p>Internally hosted</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassethostingna">veris:asset:hosting="NA"</h4>
<div class="paragraph">
<p>Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassethostingother">veris:asset:hosting="Other"</h4>
<div class="paragraph">
<p>Hosting known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassethostingunknown">veris:asset:hosting="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assetmanagement">asset:management</h3>
<div class="sect3">
<h4 id="_verisassetmanagementexternal">veris:asset:management="External"</h4>
<div class="paragraph">
<p>Externally managed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetmanagementinternal">veris:asset:management="Internal"</h4>
<div class="paragraph">
<p>Internally managed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetmanagementna">veris:asset:management="NA"</h4>
<div class="paragraph">
<p>Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetmanagementother">veris:asset:management="Other"</h4>
<div class="paragraph">
<p>Ownership known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetmanagementunknown">veris:asset:management="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assetownership">asset:ownership</h3>
<div class="sect3">
<h4 id="_verisassetownershipcustomer">veris:asset:ownership="Customer"</h4>
<div class="paragraph">
<p>Customer owned</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetownershipemployee">veris:asset:ownership="Employee"</h4>
<div class="paragraph">
<p>Employee owned</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetownershipna">veris:asset:ownership="NA"</h4>
<div class="paragraph">
<p>Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetownershipother">veris:asset:ownership="Other"</h4>
<div class="paragraph">
<p>Owner known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetownershippartner">veris:asset:ownership="Partner"</h4>
<div class="paragraph">
<p>Partner owned</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetownershipunknown">veris:asset:ownership="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetownershipvictim">veris:asset:ownership="Victim"</h4>
<div class="paragraph">
<p>Victim owned</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impactiso_currency_code">impact:iso_currency_code</h3>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeaed">veris:impact:iso_currency_code="AED"</h4>
<div class="paragraph">
<p>AED - UAE Dirham</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeafn">veris:impact:iso_currency_code="AFN"</h4>
<div class="paragraph">
<p>AFN - Afghani</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeall">veris:impact:iso_currency_code="ALL"</h4>
<div class="paragraph">
<p>ALL - Lek</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeamd">veris:impact:iso_currency_code="AMD"</h4>
<div class="paragraph">
<p>AMD - Armenian Dram</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeang">veris:impact:iso_currency_code="ANG"</h4>
<div class="paragraph">
<p>ANG - Netherlands Antillean Guilder</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeaoa">veris:impact:iso_currency_code="AOA"</h4>
<div class="paragraph">
<p>AOA - Kwanza</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codears">veris:impact:iso_currency_code="ARS"</h4>
<div class="paragraph">
<p>ARS - Argentine Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeaud">veris:impact:iso_currency_code="AUD"</h4>
<div class="paragraph">
<p>AUD - Australian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeawg">veris:impact:iso_currency_code="AWG"</h4>
<div class="paragraph">
<p>AWG - Aruban Florin</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeazn">veris:impact:iso_currency_code="AZN"</h4>
<div class="paragraph">
<p>AZN - Azerbaijanian Manat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebam">veris:impact:iso_currency_code="BAM"</h4>
<div class="paragraph">
<p>BAM - Convertible Mark</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebbd">veris:impact:iso_currency_code="BBD"</h4>
<div class="paragraph">
<p>BBD - Barbados Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebdt">veris:impact:iso_currency_code="BDT"</h4>
<div class="paragraph">
<p>BDT - Taka</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebgn">veris:impact:iso_currency_code="BGN"</h4>
<div class="paragraph">
<p>BGN - Bulgarian Lev</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebhd">veris:impact:iso_currency_code="BHD"</h4>
<div class="paragraph">
<p>BHD - Bahraini Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebif">veris:impact:iso_currency_code="BIF"</h4>
<div class="paragraph">
<p>BIF - Burundi Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebmd">veris:impact:iso_currency_code="BMD"</h4>
<div class="paragraph">
<p>BMD - Bermudian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebnd">veris:impact:iso_currency_code="BND"</h4>
<div class="paragraph">
<p>BND - Brunei Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebob">veris:impact:iso_currency_code="BOB"</h4>
<div class="paragraph">
<p>BOB - Boliviano</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebrl">veris:impact:iso_currency_code="BRL"</h4>
<div class="paragraph">
<p>BRL - Brazilian Real</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebsd">veris:impact:iso_currency_code="BSD"</h4>
<div class="paragraph">
<p>BSD - Bahamian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebtn">veris:impact:iso_currency_code="BTN"</h4>
<div class="paragraph">
<p>BTN - Ngultrum</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebwp">veris:impact:iso_currency_code="BWP"</h4>
<div class="paragraph">
<p>BWP - Pula</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebyr">veris:impact:iso_currency_code="BYR"</h4>
<div class="paragraph">
<p>BYR - Belarussian Ruble</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codebzd">veris:impact:iso_currency_code="BZD"</h4>
<div class="paragraph">
<p>BZD - Belize Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecad">veris:impact:iso_currency_code="CAD"</h4>
<div class="paragraph">
<p>CAD - Canadian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecdf">veris:impact:iso_currency_code="CDF"</h4>
<div class="paragraph">
<p>CDF - Congolese Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codechf">veris:impact:iso_currency_code="CHF"</h4>
<div class="paragraph">
<p>CHF - Swiss Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeclp">veris:impact:iso_currency_code="CLP"</h4>
<div class="paragraph">
<p>CLP - Chilean Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecny">veris:impact:iso_currency_code="CNY"</h4>
<div class="paragraph">
<p>CNY - Yuan Renminbi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecop">veris:impact:iso_currency_code="COP"</h4>
<div class="paragraph">
<p>COP - Colombian Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecrc">veris:impact:iso_currency_code="CRC"</h4>
<div class="paragraph">
<p>CRC - Costa Rican Colon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecuc">veris:impact:iso_currency_code="CUC"</h4>
<div class="paragraph">
<p>CUC - Peso Convertible</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecup">veris:impact:iso_currency_code="CUP"</h4>
<div class="paragraph">
<p>CUP - Cuban Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codecve">veris:impact:iso_currency_code="CVE"</h4>
<div class="paragraph">
<p>CVE - Cape Verde Escudo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeczk">veris:impact:iso_currency_code="CZK"</h4>
<div class="paragraph">
<p>CZK - Czech Koruna</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codedjf">veris:impact:iso_currency_code="DJF"</h4>
<div class="paragraph">
<p>DJF - Djibouti Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codedkk">veris:impact:iso_currency_code="DKK"</h4>
<div class="paragraph">
<p>DKK - Danish Krone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codedop">veris:impact:iso_currency_code="DOP"</h4>
<div class="paragraph">
<p>DOP - Dominican Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codedzd">veris:impact:iso_currency_code="DZD"</h4>
<div class="paragraph">
<p>DZD - Algerian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeegp">veris:impact:iso_currency_code="EGP"</h4>
<div class="paragraph">
<p>EGP - Egyptian Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeern">veris:impact:iso_currency_code="ERN"</h4>
<div class="paragraph">
<p>ERN - Nakfa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeetb">veris:impact:iso_currency_code="ETB"</h4>
<div class="paragraph">
<p>ETB - Ethiopian Birr</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeeur">veris:impact:iso_currency_code="EUR"</h4>
<div class="paragraph">
<p>EUR - Euro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codefjd">veris:impact:iso_currency_code="FJD"</h4>
<div class="paragraph">
<p>FJD - Fiji Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codefkp">veris:impact:iso_currency_code="FKP"</h4>
<div class="paragraph">
<p>FKP - Falkland Islands Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codegbp">veris:impact:iso_currency_code="GBP"</h4>
<div class="paragraph">
<p>GBP - Pound Sterling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codegel">veris:impact:iso_currency_code="GEL"</h4>
<div class="paragraph">
<p>GEL - Lari</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeggp">veris:impact:iso_currency_code="GGP"</h4>
<div class="paragraph">
<p>GGP - Guernsey pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeghs">veris:impact:iso_currency_code="GHS"</h4>
<div class="paragraph">
<p>GHS - Ghana Cedi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codegip">veris:impact:iso_currency_code="GIP"</h4>
<div class="paragraph">
<p>GIP - Gibraltar Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codegmd">veris:impact:iso_currency_code="GMD"</h4>
<div class="paragraph">
<p>GMD - Dalasi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codegnf">veris:impact:iso_currency_code="GNF"</h4>
<div class="paragraph">
<p>GNF - Guinea Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codegtq">veris:impact:iso_currency_code="GTQ"</h4>
<div class="paragraph">
<p>GTQ - Quetzal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codegyd">veris:impact:iso_currency_code="GYD"</h4>
<div class="paragraph">
<p>GYD - Guyana Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codehkd">veris:impact:iso_currency_code="HKD"</h4>
<div class="paragraph">
<p>HKD - Hong Kong Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codehnl">veris:impact:iso_currency_code="HNL"</h4>
<div class="paragraph">
<p>HNL - Lempira</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codehrk">veris:impact:iso_currency_code="HRK"</h4>
<div class="paragraph">
<p>HRK - Croatian Kuna</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codehtg">veris:impact:iso_currency_code="HTG"</h4>
<div class="paragraph">
<p>HTG - Gourde</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codehuf">veris:impact:iso_currency_code="HUF"</h4>
<div class="paragraph">
<p>HUF - Forint</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeidr">veris:impact:iso_currency_code="IDR"</h4>
<div class="paragraph">
<p>IDR - Rupiah</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeils">veris:impact:iso_currency_code="ILS"</h4>
<div class="paragraph">
<p>ILS - New Israeli Sheqel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeimp">veris:impact:iso_currency_code="IMP"</h4>
<div class="paragraph">
<p>IMP - Isle of Man Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeinr">veris:impact:iso_currency_code="INR"</h4>
<div class="paragraph">
<p>INR - Indian Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeiqd">veris:impact:iso_currency_code="IQD"</h4>
<div class="paragraph">
<p>IQD - Iraqi Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeirr">veris:impact:iso_currency_code="IRR"</h4>
<div class="paragraph">
<p>IRR - Iranian Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeisk">veris:impact:iso_currency_code="ISK"</h4>
<div class="paragraph">
<p>ISK - Iceland Krona</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codejep">veris:impact:iso_currency_code="JEP"</h4>
<div class="paragraph">
<p>JEP - Jersey pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codejmd">veris:impact:iso_currency_code="JMD"</h4>
<div class="paragraph">
<p>JMD - Jamaican Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codejod">veris:impact:iso_currency_code="JOD"</h4>
<div class="paragraph">
<p>JOD - Jordanian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codejpy">veris:impact:iso_currency_code="JPY"</h4>
<div class="paragraph">
<p>JPY - Yen</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekes">veris:impact:iso_currency_code="KES"</h4>
<div class="paragraph">
<p>KES - Kenyan Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekgs">veris:impact:iso_currency_code="KGS"</h4>
<div class="paragraph">
<p>KGS - Som</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekhr">veris:impact:iso_currency_code="KHR"</h4>
<div class="paragraph">
<p>KHR - Riel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekmf">veris:impact:iso_currency_code="KMF"</h4>
<div class="paragraph">
<p>KMF - Comoro Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekpw">veris:impact:iso_currency_code="KPW"</h4>
<div class="paragraph">
<p>KPW - North Korean Won</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekrw">veris:impact:iso_currency_code="KRW"</h4>
<div class="paragraph">
<p>KRW - South Korean Won</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekwd">veris:impact:iso_currency_code="KWD"</h4>
<div class="paragraph">
<p>KWD - Kuwaiti Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekyd">veris:impact:iso_currency_code="KYD"</h4>
<div class="paragraph">
<p>KYD - Cayman Islands Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codekzt">veris:impact:iso_currency_code="KZT"</h4>
<div class="paragraph">
<p>KZT - Tenge</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codelak">veris:impact:iso_currency_code="LAK"</h4>
<div class="paragraph">
<p>LAK - Kip</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codelbp">veris:impact:iso_currency_code="LBP"</h4>
<div class="paragraph">
<p>LBP - Lebanese Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codelkr">veris:impact:iso_currency_code="LKR"</h4>
<div class="paragraph">
<p>LKR - Sri Lanka Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codelrd">veris:impact:iso_currency_code="LRD"</h4>
<div class="paragraph">
<p>LRD - Liberian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codelsl">veris:impact:iso_currency_code="LSL"</h4>
<div class="paragraph">
<p>LSL - Loti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeltl">veris:impact:iso_currency_code="LTL"</h4>
<div class="paragraph">
<p>LTL - Lithuanian Litas</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codelvl">veris:impact:iso_currency_code="LVL"</h4>
<div class="paragraph">
<p>LVL - Latvian Lats</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codelyd">veris:impact:iso_currency_code="LYD"</h4>
<div class="paragraph">
<p>LYD - Libyan Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemad">veris:impact:iso_currency_code="MAD"</h4>
<div class="paragraph">
<p>MAD - Moroccan Dirham</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemdl">veris:impact:iso_currency_code="MDL"</h4>
<div class="paragraph">
<p>MDL - Moldovan Leu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemga">veris:impact:iso_currency_code="MGA"</h4>
<div class="paragraph">
<p>MGA - Malagasy Ariary</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemkd">veris:impact:iso_currency_code="MKD"</h4>
<div class="paragraph">
<p>MKD - Denar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemmk">veris:impact:iso_currency_code="MMK"</h4>
<div class="paragraph">
<p>MMK - Kyat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemnt">veris:impact:iso_currency_code="MNT"</h4>
<div class="paragraph">
<p>MNT - Tugrik</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemop">veris:impact:iso_currency_code="MOP"</h4>
<div class="paragraph">
<p>MOP - Pataca</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemro">veris:impact:iso_currency_code="MRO"</h4>
<div class="paragraph">
<p>MRO - Ouguiya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemur">veris:impact:iso_currency_code="MUR"</h4>
<div class="paragraph">
<p>MUR - Mauritius Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemvr">veris:impact:iso_currency_code="MVR"</h4>
<div class="paragraph">
<p>MVR - Rufiyaa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemwk">veris:impact:iso_currency_code="MWK"</h4>
<div class="paragraph">
<p>MWK - Kwacha</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemxn">veris:impact:iso_currency_code="MXN"</h4>
<div class="paragraph">
<p>MXN - Mexican Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemyr">veris:impact:iso_currency_code="MYR"</h4>
<div class="paragraph">
<p>MYR - Malaysian Ringgit</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codemzn">veris:impact:iso_currency_code="MZN"</h4>
<div class="paragraph">
<p>MZN - Mozambique Metical</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codenad">veris:impact:iso_currency_code="NAD"</h4>
<div class="paragraph">
<p>NAD - Namibia Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codengn">veris:impact:iso_currency_code="NGN"</h4>
<div class="paragraph">
<p>NGN - Naira</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codenio">veris:impact:iso_currency_code="NIO"</h4>
<div class="paragraph">
<p>NIO - Cordoba Oro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codenok">veris:impact:iso_currency_code="NOK"</h4>
<div class="paragraph">
<p>NOK - Norwegian Krone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codenpr">veris:impact:iso_currency_code="NPR"</h4>
<div class="paragraph">
<p>NPR - Nepalese Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codenzd">veris:impact:iso_currency_code="NZD"</h4>
<div class="paragraph">
<p>NZD - New Zealand Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeomr">veris:impact:iso_currency_code="OMR"</h4>
<div class="paragraph">
<p>OMR - Rial Omani</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codepab">veris:impact:iso_currency_code="PAB"</h4>
<div class="paragraph">
<p>PAB - Balboa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codepen">veris:impact:iso_currency_code="PEN"</h4>
<div class="paragraph">
<p>PEN - Nuevo Sol</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codepgk">veris:impact:iso_currency_code="PGK"</h4>
<div class="paragraph">
<p>PGK - Kina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codephp">veris:impact:iso_currency_code="PHP"</h4>
<div class="paragraph">
<p>PHP - Philippine Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codepkr">veris:impact:iso_currency_code="PKR"</h4>
<div class="paragraph">
<p>PKR - Pakistan Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codepln">veris:impact:iso_currency_code="PLN"</h4>
<div class="paragraph">
<p>PLN - Zloty</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codepyg">veris:impact:iso_currency_code="PYG"</h4>
<div class="paragraph">
<p>PYG - Guarani</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeqar">veris:impact:iso_currency_code="QAR"</h4>
<div class="paragraph">
<p>QAR - Qatari Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_coderon">veris:impact:iso_currency_code="RON"</h4>
<div class="paragraph">
<p>RON - New Romanian Leu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codersd">veris:impact:iso_currency_code="RSD"</h4>
<div class="paragraph">
<p>RSD - Serbian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_coderub">veris:impact:iso_currency_code="RUB"</h4>
<div class="paragraph">
<p>RUB - Russian Ruble</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_coderwf">veris:impact:iso_currency_code="RWF"</h4>
<div class="paragraph">
<p>RWF - Rwanda Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesar">veris:impact:iso_currency_code="SAR"</h4>
<div class="paragraph">
<p>SAR - Saudi Riyal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesbd">veris:impact:iso_currency_code="SBD"</h4>
<div class="paragraph">
<p>SBD - Solomon Islands Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codescr">veris:impact:iso_currency_code="SCR"</h4>
<div class="paragraph">
<p>SCR - Seychelles Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesdg">veris:impact:iso_currency_code="SDG"</h4>
<div class="paragraph">
<p>SDG - Sudanese Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesek">veris:impact:iso_currency_code="SEK"</h4>
<div class="paragraph">
<p>SEK - Swedish Krona</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesgd">veris:impact:iso_currency_code="SGD"</h4>
<div class="paragraph">
<p>SGD - Singapore Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeshp">veris:impact:iso_currency_code="SHP"</h4>
<div class="paragraph">
<p>SHP - Saint Helena Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesll">veris:impact:iso_currency_code="SLL"</h4>
<div class="paragraph">
<p>SLL - Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesos">veris:impact:iso_currency_code="SOS"</h4>
<div class="paragraph">
<p>SOS - Somali Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codespl">veris:impact:iso_currency_code="SPL"</h4>
<div class="paragraph">
<p>SPL - Seborga Luigino</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesrd">veris:impact:iso_currency_code="SRD"</h4>
<div class="paragraph">
<p>SRD - Surinam Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codestd">veris:impact:iso_currency_code="STD"</h4>
<div class="paragraph">
<p>STD - Dobra</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesvc">veris:impact:iso_currency_code="SVC"</h4>
<div class="paragraph">
<p>SVC - El Salvador Colon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codesyp">veris:impact:iso_currency_code="SYP"</h4>
<div class="paragraph">
<p>SYP - Syrian Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeszl">veris:impact:iso_currency_code="SZL"</h4>
<div class="paragraph">
<p>SZL - Lilangeni</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codethb">veris:impact:iso_currency_code="THB"</h4>
<div class="paragraph">
<p>THB - Baht</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetjs">veris:impact:iso_currency_code="TJS"</h4>
<div class="paragraph">
<p>TJS - Somoni</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetmt">veris:impact:iso_currency_code="TMT"</h4>
<div class="paragraph">
<p>TMT - Turkmenistan New Manat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetnd">veris:impact:iso_currency_code="TND"</h4>
<div class="paragraph">
<p>TND - Tunisian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetop">veris:impact:iso_currency_code="TOP"</h4>
<div class="paragraph">
<p>TOP - Pa&#8217;anga</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetry">veris:impact:iso_currency_code="TRY"</h4>
<div class="paragraph">
<p>TRY - Turkish Lira</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codettd">veris:impact:iso_currency_code="TTD"</h4>
<div class="paragraph">
<p>TTD - Trinidad and Tobago Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetvd">veris:impact:iso_currency_code="TVD"</h4>
<div class="paragraph">
<p>TVD - Tuvalu Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetwd">veris:impact:iso_currency_code="TWD"</h4>
<div class="paragraph">
<p>TWD - New Taiwan Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codetzs">veris:impact:iso_currency_code="TZS"</h4>
<div class="paragraph">
<p>TZS - Tanzanian Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeuah">veris:impact:iso_currency_code="UAH"</h4>
<div class="paragraph">
<p>UAH - Hryvnia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeugx">veris:impact:iso_currency_code="UGX"</h4>
<div class="paragraph">
<p>UGX - Uganda Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeusd">veris:impact:iso_currency_code="USD"</h4>
<div class="paragraph">
<p>USD - US Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeuyu">veris:impact:iso_currency_code="UYU"</h4>
<div class="paragraph">
<p>UYU - Peso Uruguayo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeuzs">veris:impact:iso_currency_code="UZS"</h4>
<div class="paragraph">
<p>UZS - Uzbekistan Sum</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codevef">veris:impact:iso_currency_code="VEF"</h4>
<div class="paragraph">
<p>VEF - Bolivar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codevnd">veris:impact:iso_currency_code="VND"</h4>
<div class="paragraph">
<p>VND - Dong</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codevuv">veris:impact:iso_currency_code="VUV"</h4>
<div class="paragraph">
<p>VUV - Vatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codewst">veris:impact:iso_currency_code="WST"</h4>
<div class="paragraph">
<p>WST - Tala</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codexaf">veris:impact:iso_currency_code="XAF"</h4>
<div class="paragraph">
<p>XAF - CFA Franc BEAC</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codexcd">veris:impact:iso_currency_code="XCD"</h4>
<div class="paragraph">
<p>XCD - East Caribbean Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codexdr">veris:impact:iso_currency_code="XDR"</h4>
<div class="paragraph">
<p>XDR - SDR (Special Drawing Right)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codexof">veris:impact:iso_currency_code="XOF"</h4>
<div class="paragraph">
<p>XOF - CFA Franc BCEAO</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codexpf">veris:impact:iso_currency_code="XPF"</h4>
<div class="paragraph">
<p>XPF - CFP Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codeyer">veris:impact:iso_currency_code="YER"</h4>
<div class="paragraph">
<p>YER - Yemeni Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codezar">veris:impact:iso_currency_code="ZAR"</h4>
<div class="paragraph">
<p>ZAR - South African Rand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codezmk">veris:impact:iso_currency_code="ZMK"</h4>
<div class="paragraph">
<p>ZMK - Zambian Kwacha</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactiso_currency_codezwd">veris:impact:iso_currency_code="ZWD"</h4>
<div class="paragraph">
<p>ZWD - Zimbabwean Dollar A/06</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impactoverall_rating">impact:overall_rating</h3>
<div class="sect3">
<h4 id="_verisimpactoverall_ratingcatastrophic">veris:impact:overall_rating="Catastrophic"</h4>
<div class="paragraph">
<p>Catastrophic: A business-ending event (don&#8217;t choose this if the victim will continue operations)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactoverall_ratingdamaging">veris:impact:overall_rating="Damaging"</h4>
<div class="paragraph">
<p>Damaging: Real and serious effect on the "bottom line" and/or long-term ability to generate revenue</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactoverall_ratingdistracting">veris:impact:overall_rating="Distracting"</h4>
<div class="paragraph">
<p>Distracting: Limited "hard costs", but impact felt through having to deal with the incident rather than conducting normal duties</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactoverall_ratinginsignificant">veris:impact:overall_rating="Insignificant"</h4>
<div class="paragraph">
<p>Insignificant: Impact absorbed by normal activities</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactoverall_ratingpainful">veris:impact:overall_rating="Painful"</h4>
<div class="paragraph">
<p>Painful: Moderate "hard costs", and impact felt through having to deal with the incident rather than conducting normal duties has quantifiable indirect costs</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactoverall_ratingunknown">veris:impact:overall_rating="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_victimcountry">victim:country</h3>
<div class="sect3">
<h4 id="_verisvictimcountryad">veris:victim:country="AD"</h4>
<div class="paragraph">
<p>Andorra</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryae">veris:victim:country="AE"</h4>
<div class="paragraph">
<p>United Arab Emirates</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryaf">veris:victim:country="AF"</h4>
<div class="paragraph">
<p>Afghanistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryag">veris:victim:country="AG"</h4>
<div class="paragraph">
<p>Antigua and Barbuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryai">veris:victim:country="AI"</h4>
<div class="paragraph">
<p>Anguilla</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryal">veris:victim:country="AL"</h4>
<div class="paragraph">
<p>Albania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryam">veris:victim:country="AM"</h4>
<div class="paragraph">
<p>Armenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryao">veris:victim:country="AO"</h4>
<div class="paragraph">
<p>Angola</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryaq">veris:victim:country="AQ"</h4>
<div class="paragraph">
<p>Antarctica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryar">veris:victim:country="AR"</h4>
<div class="paragraph">
<p>Argentina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryas">veris:victim:country="AS"</h4>
<div class="paragraph">
<p>American Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryat">veris:victim:country="AT"</h4>
<div class="paragraph">
<p>Austria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryau">veris:victim:country="AU"</h4>
<div class="paragraph">
<p>Australia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryaw">veris:victim:country="AW"</h4>
<div class="paragraph">
<p>Aruba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryax">veris:victim:country="AX"</h4>
<div class="paragraph">
<p>Aland Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryaz">veris:victim:country="AZ"</h4>
<div class="paragraph">
<p>Azerbaijan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryba">veris:victim:country="BA"</h4>
<div class="paragraph">
<p>Bosnia and Herzegovina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybb">veris:victim:country="BB"</h4>
<div class="paragraph">
<p>Barbados</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybd">veris:victim:country="BD"</h4>
<div class="paragraph">
<p>Bangladesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybe">veris:victim:country="BE"</h4>
<div class="paragraph">
<p>Belgium</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybf">veris:victim:country="BF"</h4>
<div class="paragraph">
<p>Burkina Faso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybg">veris:victim:country="BG"</h4>
<div class="paragraph">
<p>Bulgaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybh">veris:victim:country="BH"</h4>
<div class="paragraph">
<p>Bahrain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybi">veris:victim:country="BI"</h4>
<div class="paragraph">
<p>Burundi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybj">veris:victim:country="BJ"</h4>
<div class="paragraph">
<p>Benin</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybl">veris:victim:country="BL"</h4>
<div class="paragraph">
<p>Saint-Barthelemy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybm">veris:victim:country="BM"</h4>
<div class="paragraph">
<p>Bermuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybn">veris:victim:country="BN"</h4>
<div class="paragraph">
<p>Brunei Darussalam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybo">veris:victim:country="BO"</h4>
<div class="paragraph">
<p>Bolivia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybq">veris:victim:country="BQ"</h4>
<div class="paragraph">
<p>Bonaire, Saint Eustatius and Saba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybr">veris:victim:country="BR"</h4>
<div class="paragraph">
<p>Brazil</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybs">veris:victim:country="BS"</h4>
<div class="paragraph">
<p>Bahamas</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybt">veris:victim:country="BT"</h4>
<div class="paragraph">
<p>Bhutan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybv">veris:victim:country="BV"</h4>
<div class="paragraph">
<p>Bouvet Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybw">veris:victim:country="BW"</h4>
<div class="paragraph">
<p>Botswana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryby">veris:victim:country="BY"</h4>
<div class="paragraph">
<p>Belarus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrybz">veris:victim:country="BZ"</h4>
<div class="paragraph">
<p>Belize</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryca">veris:victim:country="CA"</h4>
<div class="paragraph">
<p>Canada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycc">veris:victim:country="CC"</h4>
<div class="paragraph">
<p>Cocos (Keeling) Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycd">veris:victim:country="CD"</h4>
<div class="paragraph">
<p>Congo, Democratic Republic of the</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycf">veris:victim:country="CF"</h4>
<div class="paragraph">
<p>Central African Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycg">veris:victim:country="CG"</h4>
<div class="paragraph">
<p>Congo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrych">veris:victim:country="CH"</h4>
<div class="paragraph">
<p>Switzerland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryci">veris:victim:country="CI"</h4>
<div class="paragraph">
<p>Cote d&#8217;Ivoire</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryck">veris:victim:country="CK"</h4>
<div class="paragraph">
<p>Cook Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycl">veris:victim:country="CL"</h4>
<div class="paragraph">
<p>Chile</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycm">veris:victim:country="CM"</h4>
<div class="paragraph">
<p>Cameroon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycn">veris:victim:country="CN"</h4>
<div class="paragraph">
<p>China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryco">veris:victim:country="CO"</h4>
<div class="paragraph">
<p>Colombia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycr">veris:victim:country="CR"</h4>
<div class="paragraph">
<p>Costa Rica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycu">veris:victim:country="CU"</h4>
<div class="paragraph">
<p>Cuba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycv">veris:victim:country="CV"</h4>
<div class="paragraph">
<p>Cape Verde</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycw">veris:victim:country="CW"</h4>
<div class="paragraph">
<p>Curacao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycx">veris:victim:country="CX"</h4>
<div class="paragraph">
<p>Christmas Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycy">veris:victim:country="CY"</h4>
<div class="paragraph">
<p>Cyprus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrycz">veris:victim:country="CZ"</h4>
<div class="paragraph">
<p>Czech Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryde">veris:victim:country="DE"</h4>
<div class="paragraph">
<p>Germany</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrydj">veris:victim:country="DJ"</h4>
<div class="paragraph">
<p>Djibouti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrydk">veris:victim:country="DK"</h4>
<div class="paragraph">
<p>Denmark</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrydm">veris:victim:country="DM"</h4>
<div class="paragraph">
<p>Dominica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrydo">veris:victim:country="DO"</h4>
<div class="paragraph">
<p>Dominican Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrydz">veris:victim:country="DZ"</h4>
<div class="paragraph">
<p>Algeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryec">veris:victim:country="EC"</h4>
<div class="paragraph">
<p>Ecuador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryee">veris:victim:country="EE"</h4>
<div class="paragraph">
<p>Estonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryeg">veris:victim:country="EG"</h4>
<div class="paragraph">
<p>Egypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryeh">veris:victim:country="EH"</h4>
<div class="paragraph">
<p>Western Sahara</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryer">veris:victim:country="ER"</h4>
<div class="paragraph">
<p>Eritrea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryes">veris:victim:country="ES"</h4>
<div class="paragraph">
<p>Spain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryet">veris:victim:country="ET"</h4>
<div class="paragraph">
<p>Ethiopia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryfi">veris:victim:country="FI"</h4>
<div class="paragraph">
<p>Finland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryfj">veris:victim:country="FJ"</h4>
<div class="paragraph">
<p>Fiji</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryfk">veris:victim:country="FK"</h4>
<div class="paragraph">
<p>Faeroe Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryfm">veris:victim:country="FM"</h4>
<div class="paragraph">
<p>Micronesia (Federated States of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryfo">veris:victim:country="FO"</h4>
<div class="paragraph">
<p>Falkland Islands (Malvinas)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryfr">veris:victim:country="FR"</h4>
<div class="paragraph">
<p>France</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryga">veris:victim:country="GA"</h4>
<div class="paragraph">
<p>Gabon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygb">veris:victim:country="GB"</h4>
<div class="paragraph">
<p>United Kingdom</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygd">veris:victim:country="GD"</h4>
<div class="paragraph">
<p>Grenada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryge">veris:victim:country="GE"</h4>
<div class="paragraph">
<p>Georgia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygf">veris:victim:country="GF"</h4>
<div class="paragraph">
<p>French Guiana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygg">veris:victim:country="GG"</h4>
<div class="paragraph">
<p>Guernsey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygh">veris:victim:country="GH"</h4>
<div class="paragraph">
<p>Ghana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygi">veris:victim:country="GI"</h4>
<div class="paragraph">
<p>Gibraltar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygl">veris:victim:country="GL"</h4>
<div class="paragraph">
<p>Greenland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygm">veris:victim:country="GM"</h4>
<div class="paragraph">
<p>Gambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygn">veris:victim:country="GN"</h4>
<div class="paragraph">
<p>Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygp">veris:victim:country="GP"</h4>
<div class="paragraph">
<p>Guadeloupe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygq">veris:victim:country="GQ"</h4>
<div class="paragraph">
<p>Equatorial Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygr">veris:victim:country="GR"</h4>
<div class="paragraph">
<p>Greece</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygs">veris:victim:country="GS"</h4>
<div class="paragraph">
<p>South Georgia and the South Sandwich Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygt">veris:victim:country="GT"</h4>
<div class="paragraph">
<p>Guatemala</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygu">veris:victim:country="GU"</h4>
<div class="paragraph">
<p>Guam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygw">veris:victim:country="GW"</h4>
<div class="paragraph">
<p>Guinea-Bissau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrygy">veris:victim:country="GY"</h4>
<div class="paragraph">
<p>Guyana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryhk">veris:victim:country="HK"</h4>
<div class="paragraph">
<p>Hong Kong</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryhm">veris:victim:country="HM"</h4>
<div class="paragraph">
<p>Heard Island and McDonal Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryhn">veris:victim:country="HN"</h4>
<div class="paragraph">
<p>Honduras</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryhr">veris:victim:country="HR"</h4>
<div class="paragraph">
<p>Croatia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryht">veris:victim:country="HT"</h4>
<div class="paragraph">
<p>Haiti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryhu">veris:victim:country="HU"</h4>
<div class="paragraph">
<p>Hungary</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryid">veris:victim:country="ID"</h4>
<div class="paragraph">
<p>Indonesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryie">veris:victim:country="IE"</h4>
<div class="paragraph">
<p>Ireland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryil">veris:victim:country="IL"</h4>
<div class="paragraph">
<p>Israel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryim">veris:victim:country="IM"</h4>
<div class="paragraph">
<p>Isle of Man</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryin">veris:victim:country="IN"</h4>
<div class="paragraph">
<p>India</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryio">veris:victim:country="IO"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryiq">veris:victim:country="IQ"</h4>
<div class="paragraph">
<p>Iraq</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryir">veris:victim:country="IR"</h4>
<div class="paragraph">
<p>Iran (Islamic Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryis">veris:victim:country="IS"</h4>
<div class="paragraph">
<p>Iceland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryit">veris:victim:country="IT"</h4>
<div class="paragraph">
<p>Italy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryje">veris:victim:country="JE"</h4>
<div class="paragraph">
<p>Jersey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryjm">veris:victim:country="JM"</h4>
<div class="paragraph">
<p>Jamaica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryjo">veris:victim:country="JO"</h4>
<div class="paragraph">
<p>Jordan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryjp">veris:victim:country="JP"</h4>
<div class="paragraph">
<p>Japan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryke">veris:victim:country="KE"</h4>
<div class="paragraph">
<p>Kenya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykg">veris:victim:country="KG"</h4>
<div class="paragraph">
<p>Kyrgyzstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykh">veris:victim:country="KH"</h4>
<div class="paragraph">
<p>Cambodia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryki">veris:victim:country="KI"</h4>
<div class="paragraph">
<p>Kiribati</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykm">veris:victim:country="KM"</h4>
<div class="paragraph">
<p>Comoros</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykn">veris:victim:country="KN"</h4>
<div class="paragraph">
<p>Saint Kitts and Nevis</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykp">veris:victim:country="KP"</h4>
<div class="paragraph">
<p>Korea, Democratic People&#8217;s Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykr">veris:victim:country="KR"</h4>
<div class="paragraph">
<p>Korea, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykw">veris:victim:country="KW"</h4>
<div class="paragraph">
<p>Kuwait</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryky">veris:victim:country="KY"</h4>
<div class="paragraph">
<p>Cayman Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrykz">veris:victim:country="KZ"</h4>
<div class="paragraph">
<p>Kazakhstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryla">veris:victim:country="LA"</h4>
<div class="paragraph">
<p>Lao People&#8217;s Democratic Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrylb">veris:victim:country="LB"</h4>
<div class="paragraph">
<p>Lebanon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrylc">veris:victim:country="LC"</h4>
<div class="paragraph">
<p>Saint Lucia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryli">veris:victim:country="LI"</h4>
<div class="paragraph">
<p>Liechtenstein</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrylk">veris:victim:country="LK"</h4>
<div class="paragraph">
<p>Sri Lanka</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrylr">veris:victim:country="LR"</h4>
<div class="paragraph">
<p>Liberia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryls">veris:victim:country="LS"</h4>
<div class="paragraph">
<p>Lesotho</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrylt">veris:victim:country="LT"</h4>
<div class="paragraph">
<p>Lithuania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrylu">veris:victim:country="LU"</h4>
<div class="paragraph">
<p>Luxembourg</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrylv">veris:victim:country="LV"</h4>
<div class="paragraph">
<p>Latvia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryly">veris:victim:country="LY"</h4>
<div class="paragraph">
<p>Libya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryma">veris:victim:country="MA"</h4>
<div class="paragraph">
<p>Morocco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymc">veris:victim:country="MC"</h4>
<div class="paragraph">
<p>Monaco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymd">veris:victim:country="MD"</h4>
<div class="paragraph">
<p>Moldova, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryme">veris:victim:country="ME"</h4>
<div class="paragraph">
<p>Montenegro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymf">veris:victim:country="MF"</h4>
<div class="paragraph">
<p>Saint Martin (French part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymg">veris:victim:country="MG"</h4>
<div class="paragraph">
<p>Madagascar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymh">veris:victim:country="MH"</h4>
<div class="paragraph">
<p>Marshall Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymk">veris:victim:country="MK"</h4>
<div class="paragraph">
<p>Macedonia, The former Yugoslav Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryml">veris:victim:country="ML"</h4>
<div class="paragraph">
<p>Mali</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymm">veris:victim:country="MM"</h4>
<div class="paragraph">
<p>Myanmar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymn">veris:victim:country="MN"</h4>
<div class="paragraph">
<p>Mongolia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymo">veris:victim:country="MO"</h4>
<div class="paragraph">
<p>Macao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymp">veris:victim:country="MP"</h4>
<div class="paragraph">
<p>Northern Mariana Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymq">veris:victim:country="MQ"</h4>
<div class="paragraph">
<p>Martinique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymr">veris:victim:country="MR"</h4>
<div class="paragraph">
<p>Mauritania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryms">veris:victim:country="MS"</h4>
<div class="paragraph">
<p>Montserrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymt">veris:victim:country="MT"</h4>
<div class="paragraph">
<p>Malta</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymu">veris:victim:country="MU"</h4>
<div class="paragraph">
<p>Mauritius</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymv">veris:victim:country="MV"</h4>
<div class="paragraph">
<p>Maldives</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymw">veris:victim:country="MW"</h4>
<div class="paragraph">
<p>Malawi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymx">veris:victim:country="MX"</h4>
<div class="paragraph">
<p>Mexico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymy">veris:victim:country="MY"</h4>
<div class="paragraph">
<p>Malaysia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrymz">veris:victim:country="MZ"</h4>
<div class="paragraph">
<p>Mozambique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryna">veris:victim:country="NA"</h4>
<div class="paragraph">
<p>Namibia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrync">veris:victim:country="NC"</h4>
<div class="paragraph">
<p>New Caledonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryne">veris:victim:country="NE"</h4>
<div class="paragraph">
<p>Niger</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrynf">veris:victim:country="NF"</h4>
<div class="paragraph">
<p>Norfolk Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryng">veris:victim:country="NG"</h4>
<div class="paragraph">
<p>Nigeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryni">veris:victim:country="NI"</h4>
<div class="paragraph">
<p>Nicaragua</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrynl">veris:victim:country="NL"</h4>
<div class="paragraph">
<p>Netherlands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryno">veris:victim:country="NO"</h4>
<div class="paragraph">
<p>Norway</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrynp">veris:victim:country="NP"</h4>
<div class="paragraph">
<p>Nepal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrynr">veris:victim:country="NR"</h4>
<div class="paragraph">
<p>Nauru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrynu">veris:victim:country="NU"</h4>
<div class="paragraph">
<p>Niue</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrynz">veris:victim:country="NZ"</h4>
<div class="paragraph">
<p>New Zealand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryom">veris:victim:country="OM"</h4>
<div class="paragraph">
<p>Oman</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryother">veris:victim:country="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypa">veris:victim:country="PA"</h4>
<div class="paragraph">
<p>Panama</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrype">veris:victim:country="PE"</h4>
<div class="paragraph">
<p>Peru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypf">veris:victim:country="PF"</h4>
<div class="paragraph">
<p>French Polynesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypg">veris:victim:country="PG"</h4>
<div class="paragraph">
<p>Papua New Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryph">veris:victim:country="PH"</h4>
<div class="paragraph">
<p>Philippines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypk">veris:victim:country="PK"</h4>
<div class="paragraph">
<p>Pakistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypl">veris:victim:country="PL"</h4>
<div class="paragraph">
<p>Poland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypm">veris:victim:country="PM"</h4>
<div class="paragraph">
<p>Saint Pierre and Miquelon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypn">veris:victim:country="PN"</h4>
<div class="paragraph">
<p>Pitcairn</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypr">veris:victim:country="PR"</h4>
<div class="paragraph">
<p>Puerto Rico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryps">veris:victim:country="PS"</h4>
<div class="paragraph">
<p>Palestinian Territory, Occupied</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypt">veris:victim:country="PT"</h4>
<div class="paragraph">
<p>Portugal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypw">veris:victim:country="PW"</h4>
<div class="paragraph">
<p>Palau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrypy">veris:victim:country="PY"</h4>
<div class="paragraph">
<p>Paraguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryqa">veris:victim:country="QA"</h4>
<div class="paragraph">
<p>Qatar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryre">veris:victim:country="RE"</h4>
<div class="paragraph">
<p>Reunion</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryro">veris:victim:country="RO"</h4>
<div class="paragraph">
<p>Romania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryrs">veris:victim:country="RS"</h4>
<div class="paragraph">
<p>Serbia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryru">veris:victim:country="RU"</h4>
<div class="paragraph">
<p>Russian Federation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryrw">veris:victim:country="RW"</h4>
<div class="paragraph">
<p>Rwanda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysa">veris:victim:country="SA"</h4>
<div class="paragraph">
<p>Saudi Arabia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysb">veris:victim:country="SB"</h4>
<div class="paragraph">
<p>Solomon Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysc">veris:victim:country="SC"</h4>
<div class="paragraph">
<p>Seychelles</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysd">veris:victim:country="SD"</h4>
<div class="paragraph">
<p>Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryse">veris:victim:country="SE"</h4>
<div class="paragraph">
<p>Sweden</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysg">veris:victim:country="SG"</h4>
<div class="paragraph">
<p>Singapore</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysh">veris:victim:country="SH"</h4>
<div class="paragraph">
<p>Saint Helena</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysi">veris:victim:country="SI"</h4>
<div class="paragraph">
<p>Slovenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysj">veris:victim:country="SJ"</h4>
<div class="paragraph">
<p>Svalbard and Jan Mayen Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysk">veris:victim:country="SK"</h4>
<div class="paragraph">
<p>Slovakia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysl">veris:victim:country="SL"</h4>
<div class="paragraph">
<p>Sierra Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysm">veris:victim:country="SM"</h4>
<div class="paragraph">
<p>San Marino</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysn">veris:victim:country="SN"</h4>
<div class="paragraph">
<p>Senegal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryso">veris:victim:country="SO"</h4>
<div class="paragraph">
<p>Somalia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysr">veris:victim:country="SR"</h4>
<div class="paragraph">
<p>Suriname</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryss">veris:victim:country="SS"</h4>
<div class="paragraph">
<p>South Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryst">veris:victim:country="ST"</h4>
<div class="paragraph">
<p>Sao Tome and Principe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysv">veris:victim:country="SV"</h4>
<div class="paragraph">
<p>El Salvador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysx">veris:victim:country="SX"</h4>
<div class="paragraph">
<p>Sint Maarten (Dutch part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysy">veris:victim:country="SY"</h4>
<div class="paragraph">
<p>Syrian Arab Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrysz">veris:victim:country="SZ"</h4>
<div class="paragraph">
<p>Swaziland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytc">veris:victim:country="TC"</h4>
<div class="paragraph">
<p>Turks and Caicos Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytd">veris:victim:country="TD"</h4>
<div class="paragraph">
<p>Chad</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytf">veris:victim:country="TF"</h4>
<div class="paragraph">
<p>French Southern Territories</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytg">veris:victim:country="TG"</h4>
<div class="paragraph">
<p>Togo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryth">veris:victim:country="TH"</h4>
<div class="paragraph">
<p>Thailand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytj">veris:victim:country="TJ"</h4>
<div class="paragraph">
<p>Tajikistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytk">veris:victim:country="TK"</h4>
<div class="paragraph">
<p>Tokelau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytl">veris:victim:country="TL"</h4>
<div class="paragraph">
<p>Timor-Leste</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytm">veris:victim:country="TM"</h4>
<div class="paragraph">
<p>Turkmenistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytn">veris:victim:country="TN"</h4>
<div class="paragraph">
<p>Tunisia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryto">veris:victim:country="TO"</h4>
<div class="paragraph">
<p>Tonga</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytr">veris:victim:country="TR"</h4>
<div class="paragraph">
<p>Turkey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytt">veris:victim:country="TT"</h4>
<div class="paragraph">
<p>Trinidad and Tobago</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytv">veris:victim:country="TV"</h4>
<div class="paragraph">
<p>Tuvalu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytw">veris:victim:country="TW"</h4>
<div class="paragraph">
<p>Taiwan, Province of China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrytz">veris:victim:country="TZ"</h4>
<div class="paragraph">
<p>Tanzania, United Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryua">veris:victim:country="UA"</h4>
<div class="paragraph">
<p>Ukraine</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryug">veris:victim:country="UG"</h4>
<div class="paragraph">
<p>Uganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryum">veris:victim:country="UM"</h4>
<div class="paragraph">
<p>United States Minor Outlying Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryus">veris:victim:country="US"</h4>
<div class="paragraph">
<p>United States of America</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryuy">veris:victim:country="UY"</h4>
<div class="paragraph">
<p>Uruguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryuz">veris:victim:country="UZ"</h4>
<div class="paragraph">
<p>Uzbekistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryunknown">veris:victim:country="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryva">veris:victim:country="VA"</h4>
<div class="paragraph">
<p>Holy See</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryvc">veris:victim:country="VC"</h4>
<div class="paragraph">
<p>Saint Vincent and the Grenadines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryve">veris:victim:country="VE"</h4>
<div class="paragraph">
<p>Venezuela (Bolivarian Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryvg">veris:victim:country="VG"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryvi">veris:victim:country="VI"</h4>
<div class="paragraph">
<p>United States Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryvn">veris:victim:country="VN"</h4>
<div class="paragraph">
<p>Viet Nam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryvu">veris:victim:country="VU"</h4>
<div class="paragraph">
<p>Vanuatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountrywf">veris:victim:country="WF"</h4>
<div class="paragraph">
<p>Wallis and Futuna Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryws">veris:victim:country="WS"</h4>
<div class="paragraph">
<p>Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryye">veris:victim:country="YE"</h4>
<div class="paragraph">
<p>Yemen</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryyt">veris:victim:country="YT"</h4>
<div class="paragraph">
<p>Mayotte</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryza">veris:victim:country="ZA"</h4>
<div class="paragraph">
<p>South Africa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryzm">veris:victim:country="ZM"</h4>
<div class="paragraph">
<p>Zambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimcountryzw">veris:victim:country="ZW"</h4>
<div class="paragraph">
<p>Zimbabwe</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_victimemployee_count">victim:employee_count</h3>
<div class="sect3">
<h4 id="_verisvictimemployee_count1_to_10">veris:victim:employee_count="1 to 10"</h4>
<div class="paragraph">
<p>1 to 10 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_count10001_to_25000">veris:victim:employee_count="10001 to 25000"</h4>
<div class="paragraph">
<p>10,001 to 25,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_count1001_to_10000">veris:victim:employee_count="1001 to 10000"</h4>
<div class="paragraph">
<p>1,001 to 10,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_count101_to_1000">veris:victim:employee_count="101 to 1000"</h4>
<div class="paragraph">
<p>101 to 1,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_count11_to_100">veris:victim:employee_count="11 to 100"</h4>
<div class="paragraph">
<p>11 to 100 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_count25001_to_50000">veris:victim:employee_count="25001 to 50000"</h4>
<div class="paragraph">
<p>25,001 to 50,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_count50001_to_100000">veris:victim:employee_count="50001 to 100000"</h4>
<div class="paragraph">
<p>50,001 to 100,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_countlarge">veris:victim:employee_count="Large"</h4>
<div class="paragraph">
<p>Large organizations (over 1,000 employees)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_countover_100000">veris:victim:employee_count="Over 100000"</h4>
<div class="paragraph">
<p>Over 100,0001 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_countsmall">veris:victim:employee_count="Small"</h4>
<div class="paragraph">
<p>Small organizations (1,000 employees or less)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimemployee_countunknown">veris:victim:employee_count="Unknown"</h4>
<div class="paragraph">
<p>Unknown number of employees</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionenvironmentalvariety">action:environmental:variety</h3>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietydeterioration">veris:action:environmental:variety="Deterioration"</h4>
<div class="paragraph">
<p>Deterioration and degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyemi">veris:action:environmental:variety="EMI"</h4>
<div class="paragraph">
<p>Electromagnetic interference (EMI)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyesd">veris:action:environmental:variety="ESD"</h4>
<div class="paragraph">
<p>Electrostatic discharge (ESD)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyearthquake">veris:action:environmental:variety="Earthquake"</h4>
<div class="paragraph">
<p>Earthquake</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyfire">veris:action:environmental:variety="Fire"</h4>
<div class="paragraph">
<p>Fire</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyflood">veris:action:environmental:variety="Flood"</h4>
<div class="paragraph">
<p>Flood</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyhazmat">veris:action:environmental:variety="Hazmat"</h4>
<div class="paragraph">
<p>Hazardous material</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyhumidity">veris:action:environmental:variety="Humidity"</h4>
<div class="paragraph">
<p>Humidity</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyhurricane">veris:action:environmental:variety="Hurricane"</h4>
<div class="paragraph">
<p>Hurricane</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyice">veris:action:environmental:variety="Ice"</h4>
<div class="paragraph">
<p>Ice and snow</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietylandslide">veris:action:environmental:variety="Landslide"</h4>
<div class="paragraph">
<p>Landslide</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyleak">veris:action:environmental:variety="Leak"</h4>
<div class="paragraph">
<p>Water leak</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietylightning">veris:action:environmental:variety="Lightning"</h4>
<div class="paragraph">
<p>Lightning</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietymeteorite">veris:action:environmental:variety="Meteorite"</h4>
<div class="paragraph">
<p>Meteorite</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyother">veris:action:environmental:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyparticulates">veris:action:environmental:variety="Particulates"</h4>
<div class="paragraph">
<p>Particulate matter (e.g., dust, smoke)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietypathogen">veris:action:environmental:variety="Pathogen"</h4>
<div class="paragraph">
<p>Pathogen</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietypower_failure">veris:action:environmental:variety="Power failure"</h4>
<div class="paragraph">
<p>Power failure or fluctuation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietytemperature">veris:action:environmental:variety="Temperature"</h4>
<div class="paragraph">
<p>Extreme temperature</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietytornado">veris:action:environmental:variety="Tornado"</h4>
<div class="paragraph">
<p>Tornado</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietytsunami">veris:action:environmental:variety="Tsunami"</h4>
<div class="paragraph">
<p>Tsunami</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyunknown">veris:action:environmental:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyvermin">veris:action:environmental:variety="Vermin"</h4>
<div class="paragraph">
<p>Vermin</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietyvolcano">veris:action:environmental:variety="Volcano"</h4>
<div class="paragraph">
<p>Volcanic eruption</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionenvironmentalvarietywind">veris:action:environmental:variety="Wind"</h4>
<div class="paragraph">
<p>Wind</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionerrorvariety">action:error:variety</h3>
<div class="sect3">
<h4 id="_verisactionerrorvarietycapacity_shortage">veris:action:error:variety="Capacity shortage"</h4>
<div class="paragraph">
<p>Poor capacity planning</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietyclassification_error">veris:action:error:variety="Classification error"</h4>
<div class="paragraph">
<p>Classification or labeling error</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietydata_entry_error">veris:action:error:variety="Data entry error"</h4>
<div class="paragraph">
<p>Data entry error</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietydisposal_error">veris:action:error:variety="Disposal error"</h4>
<div class="paragraph">
<p>Disposal error</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietygaffe">veris:action:error:variety="Gaffe"</h4>
<div class="paragraph">
<p>Gaffe (social or verbal slip)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietyloss">veris:action:error:variety="Loss"</h4>
<div class="paragraph">
<p>Loss or misplacement</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietymaintenance_error">veris:action:error:variety="Maintenance error"</h4>
<div class="paragraph">
<p>Maintenance error</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietymalfunction">veris:action:error:variety="Malfunction"</h4>
<div class="paragraph">
<p>Technical malfunction or glitch</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietymisconfiguration">veris:action:error:variety="Misconfiguration"</h4>
<div class="paragraph">
<p>Misconfiguration</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietymisdelivery">veris:action:error:variety="Misdelivery"</h4>
<div class="paragraph">
<p>Misdelivery (send wrong info or to wrong recipient)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietymisinformation">veris:action:error:variety="Misinformation"</h4>
<div class="paragraph">
<p>Misinformation (unintentionally giving false info)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietyomission">veris:action:error:variety="Omission"</h4>
<div class="paragraph">
<p>Omission (something intended, but not done)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietyother">veris:action:error:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietyphysical_accidents">veris:action:error:variety="Physical accidents"</h4>
<div class="paragraph">
<p>Physical accidents (e.g., drops, bumps, spills)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietyprogramming_error">veris:action:error:variety="Programming error"</h4>
<div class="paragraph">
<p>Programming error (flaws or bugs in custom code)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietypublishing_error">veris:action:error:variety="Publishing error"</h4>
<div class="paragraph">
<p>Publishing error (private info to public doc or site)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvarietyunknown">veris:action:error:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionerrorvector">action:error:vector</h3>
<div class="sect3">
<h4 id="_verisactionerrorvectorcarelessness">veris:action:error:vector="Carelessness"</h4>
<div class="paragraph">
<p>Carelessness</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvectorinadequate_personnel">veris:action:error:vector="Inadequate personnel"</h4>
<div class="paragraph">
<p>Inadequate or insufficient personnel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvectorinadequate_processes">veris:action:error:vector="Inadequate processes"</h4>
<div class="paragraph">
<p>Inadequate or insufficient processes</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvectorinadequate_technology">veris:action:error:vector="Inadequate technology"</h4>
<div class="paragraph">
<p>Inadequate or insufficient technology resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvectorother">veris:action:error:vector="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvectorrandom_error">veris:action:error:vector="Random error"</h4>
<div class="paragraph">
<p>Random error (no reason, no fault)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionerrorvectorunknown">veris:action:error:vector="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionhackingresult">action:hacking:result</h3>
<div class="sect3">
<h4 id="_verisactionhackingresultelevate">veris:action:hacking:result="Elevate"</h4>
<div class="paragraph">
<p>The hacking action resulted in additional permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingresultexfiltrate">veris:action:hacking:result="Exfiltrate"</h4>
<div class="paragraph">
<p>The hacking action exfiltrated data from the victim</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingresultinfiltrate">veris:action:hacking:result="Infiltrate"</h4>
<div class="paragraph">
<p>The hacking action infiltrated the victim</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionhackingvariety">action:hacking:variety</h3>
<div class="sect3">
<h4 id="_verisactionhackingvarietyabuse_of_functionality">veris:action:hacking:variety="Abuse of functionality"</h4>
<div class="paragraph">
<p>Abuse of functionality</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietybrute_force">veris:action:hacking:variety="Brute force"</h4>
<div class="paragraph">
<p>Brute force or password guessing attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietybuffer_overflow">veris:action:hacking:variety="Buffer overflow"</h4>
<div class="paragraph">
<p>Buffer overflow</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietycsrf">veris:action:hacking:variety="CSRF"</h4>
<div class="paragraph">
<p>Cross-site request forgery</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietycache_poisoning">veris:action:hacking:variety="Cache poisoning"</h4>
<div class="paragraph">
<p>Cache poisoning</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietycryptanalysis">veris:action:hacking:variety="Cryptanalysis"</h4>
<div class="paragraph">
<p>Cryptanalysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietydos">veris:action:hacking:variety="DoS"</h4>
<div class="paragraph">
<p>Denial of service</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyfootprinting">veris:action:hacking:variety="Footprinting"</h4>
<div class="paragraph">
<p>Footprinting and fingerprinting</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyforced_browsing">veris:action:hacking:variety="Forced browsing"</h4>
<div class="paragraph">
<p>Forced browsing or predictable resource location</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyformat_string_attack">veris:action:hacking:variety="Format string attack"</h4>
<div class="paragraph">
<p>Format string attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyfuzz_testing">veris:action:hacking:variety="Fuzz testing"</h4>
<div class="paragraph">
<p>Fuzz testing</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyhttp_response_splitting">veris:action:hacking:variety="HTTP Response Splitting"</h4>
<div class="paragraph">
<p>HTTP Response Splitting</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyhttp_request_smuggling">veris:action:hacking:variety="HTTP request smuggling"</h4>
<div class="paragraph">
<p>HTTP request smuggling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyhttp_request_splitting">veris:action:hacking:variety="HTTP request splitting"</h4>
<div class="paragraph">
<p>HTTP request splitting</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyhttp_response_smuggling">veris:action:hacking:variety="HTTP response smuggling"</h4>
<div class="paragraph">
<p>HTTP response smuggling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyinteger_overflows">veris:action:hacking:variety="Integer overflows"</h4>
<div class="paragraph">
<p>Integer overflows</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyldap_injection">veris:action:hacking:variety="LDAP injection"</h4>
<div class="paragraph">
<p>LDAP injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietymail_command_injection">veris:action:hacking:variety="Mail command injection"</h4>
<div class="paragraph">
<p>Mail command injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietymitm">veris:action:hacking:variety="MitM"</h4>
<div class="paragraph">
<p>Man-in-the-middle attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietynull_byte_injection">veris:action:hacking:variety="Null byte injection"</h4>
<div class="paragraph">
<p>Null byte injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyos_commanding">veris:action:hacking:variety="OS commanding"</h4>
<div class="paragraph">
<p>OS commanding</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyoffline_cracking">veris:action:hacking:variety="Offline cracking"</h4>
<div class="paragraph">
<p>Offline password or key cracking (e.g., rainbow tables, Hashcat, JtR)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyother">veris:action:hacking:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietypass_the_hash">veris:action:hacking:variety="Pass-the-hash"</h4>
<div class="paragraph">
<p>Pass-the-hash</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietypath_traversal">veris:action:hacking:variety="Path traversal"</h4>
<div class="paragraph">
<p>Path traversal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyrfi">veris:action:hacking:variety="RFI"</h4>
<div class="paragraph">
<p>Remote file inclusion</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyreverse_engineering">veris:action:hacking:variety="Reverse engineering"</h4>
<div class="paragraph">
<p>Reverse engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyrouting_detour">veris:action:hacking:variety="Routing detour"</h4>
<div class="paragraph">
<p>Routing detour</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietysqli">veris:action:hacking:variety="SQLi"</h4>
<div class="paragraph">
<p>SQL injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyssi_injection">veris:action:hacking:variety="SSI injection"</h4>
<div class="paragraph">
<p>SSI injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietysession_fixation">veris:action:hacking:variety="Session fixation"</h4>
<div class="paragraph">
<p>Session fixation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietysession_prediction">veris:action:hacking:variety="Session prediction"</h4>
<div class="paragraph">
<p>Credential or session prediction</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietysession_replay">veris:action:hacking:variety="Session replay"</h4>
<div class="paragraph">
<p>Session replay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietysoap_array_abuse">veris:action:hacking:variety="Soap array abuse"</h4>
<div class="paragraph">
<p>Soap array abuse</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyspecial_element_injection">veris:action:hacking:variety="Special element injection"</h4>
<div class="paragraph">
<p>Special element injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyurl_redirector_abuse">veris:action:hacking:variety="URL redirector abuse"</h4>
<div class="paragraph">
<p>URL redirector abuse</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyunknown">veris:action:hacking:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyuse_of_backdoor_or_c2">veris:action:hacking:variety="Use of backdoor or C2"</h4>
<div class="paragraph">
<p>Use of Backdoor or C2 channel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyuse_of_stolen_creds">veris:action:hacking:variety="Use of stolen creds"</h4>
<div class="paragraph">
<p>Use of stolen authentication credentials</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyvirtual_machine_escape">veris:action:hacking:variety="Virtual machine escape"</h4>
<div class="paragraph">
<p>Virtual machine escape</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyxml_attribute_blowup">veris:action:hacking:variety="XML attribute blowup"</h4>
<div class="paragraph">
<p>XML attribute blowup</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyxml_entity_expansion">veris:action:hacking:variety="XML entity expansion"</h4>
<div class="paragraph">
<p>XML entity expansion</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyxml_external_entities">veris:action:hacking:variety="XML external entities"</h4>
<div class="paragraph">
<p>XML external entities</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyxml_injection">veris:action:hacking:variety="XML injection"</h4>
<div class="paragraph">
<p>XML injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyxpath_injection">veris:action:hacking:variety="XPath injection"</h4>
<div class="paragraph">
<p>XPath injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyxquery_injection">veris:action:hacking:variety="XQuery injection"</h4>
<div class="paragraph">
<p>XQuery injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvarietyxss">veris:action:hacking:variety="XSS"</h4>
<div class="paragraph">
<p>Cross-site scripting</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionhackingvector">action:hacking:vector</h3>
<div class="sect3">
<h4 id="_verisactionhackingvector3rd_party_desktop">veris:action:hacking:vector="3rd party desktop"</h4>
<div class="paragraph">
<p>3rd party online desktop sharing (LogMeIn, Go2Assist)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorbackdoor_or_c2">veris:action:hacking:vector="Backdoor or C2"</h4>
<div class="paragraph">
<p>Backdoor or command and control channel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorcommand_shell">veris:action:hacking:vector="Command shell"</h4>
<div class="paragraph">
<p>Remote shell</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectordesktop_sharing">veris:action:hacking:vector="Desktop sharing"</h4>
<div class="paragraph">
<p>Graphical desktop sharing (RDP, VNC, PCAnywhere, Citrix)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectordesktop_sharing_software">veris:action:hacking:vector="Desktop sharing software"</h4>
<div class="paragraph">
<p>Superset of 'Desktop sharing' and '3rd party desktop'. Please use in place of the other two</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorother">veris:action:hacking:vector="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorpartner">veris:action:hacking:vector="Partner"</h4>
<div class="paragraph">
<p>Partner connection or credential</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorphysical_access">veris:action:hacking:vector="Physical access"</h4>
<div class="paragraph">
<p>Physical access or connection (i.e., at keyboard or via cable)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorunknown">veris:action:hacking:vector="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorvpn">veris:action:hacking:vector="VPN"</h4>
<div class="paragraph">
<p>VPN</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionhackingvectorweb_application">veris:action:hacking:vector="Web application"</h4>
<div class="paragraph">
<p>Web application</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionmalwareresult">action:malware:result</h3>
<div class="sect3">
<h4 id="_verisactionmalwareresultelevate">veris:action:malware:result="Elevate"</h4>
<div class="paragraph">
<p>The malware action resulted in additional permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwareresultexfiltrate">veris:action:malware:result="Exfiltrate"</h4>
<div class="paragraph">
<p>The malware action exfiltrated data from the victim</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwareresultinfiltrate">veris:action:malware:result="Infiltrate"</h4>
<div class="paragraph">
<p>The malware action infiltrated the victim</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionmalwarevariety">action:malware:variety</h3>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyadminware">veris:action:malware:variety="Adminware"</h4>
<div class="paragraph">
<p>System or network utilities (e.g., PsTools, Netcat)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyadware">veris:action:malware:variety="Adware"</h4>
<div class="paragraph">
<p>Adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietybackdoor">veris:action:malware:variety="Backdoor"</h4>
<div class="paragraph">
<p>Backdoor (enable remote access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietybrute_force">veris:action:malware:variety="Brute force"</h4>
<div class="paragraph">
<p>Brute force attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyc2">veris:action:malware:variety="C2"</h4>
<div class="paragraph">
<p>Command and control (C2)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietycapture_app_data">veris:action:malware:variety="Capture app data"</h4>
<div class="paragraph">
<p>Capture data from application or system process</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietycapture_stored_data">veris:action:malware:variety="Capture stored data"</h4>
<div class="paragraph">
<p>Capture data stored on system disk</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyclick_fraud">veris:action:malware:variety="Click fraud"</h4>
<div class="paragraph">
<p>Click fraud or Bitcoin mining</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyclient_side_attack">veris:action:malware:variety="Client-side attack"</h4>
<div class="paragraph">
<p>Client-side or browser attack (e.g., redirection, XSS, MitB)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietydestroy_data">veris:action:malware:variety="Destroy data"</h4>
<div class="paragraph">
<p>Destroy or corrupt stored data</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietydisable_controls">veris:action:malware:variety="Disable controls"</h4>
<div class="paragraph">
<p>Disable or interfere with security controls</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietydos">veris:action:malware:variety="DoS"</h4>
<div class="paragraph">
<p>DoS attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietydownloader">veris:action:malware:variety="Downloader"</h4>
<div class="paragraph">
<p>Downloader (pull updates or other malware)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyexploit_vuln">veris:action:malware:variety="Exploit vuln"</h4>
<div class="paragraph">
<p>Exploit vulnerability in code (vs misconfig or weakness)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyexport_data">veris:action:malware:variety="Export data"</h4>
<div class="paragraph">
<p>Export data to another site or system</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietymodify_data">veris:action:malware:variety="Modify data"</h4>
<div class="paragraph">
<p>Malware which compromises a legitimate file rather than creating new filess</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyother">veris:action:malware:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietypacket_sniffer">veris:action:malware:variety="Packet sniffer"</h4>
<div class="paragraph">
<p>Packet sniffer (capture data from network)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietypassword_dumper">veris:action:malware:variety="Password dumper"</h4>
<div class="paragraph">
<p>Password dumper (extract credential hashes)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyram_scraper">veris:action:malware:variety="Ram scraper"</h4>
<div class="paragraph">
<p>Ram scraper or memory parser (capture data from volatile memory)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyransomware">veris:action:malware:variety="Ransomware"</h4>
<div class="paragraph">
<p>Ransomware (encrypt or seize stored data)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyrootkit">veris:action:malware:variety="Rootkit"</h4>
<div class="paragraph">
<p>Rootkit (maintain local privileges and stealth)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietysql_injection">veris:action:malware:variety="SQL injection"</h4>
<div class="paragraph">
<p>SQL injection attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyscan_network">veris:action:malware:variety="Scan network"</h4>
<div class="paragraph">
<p>Scan or footprint network</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyspam">veris:action:malware:variety="Spam"</h4>
<div class="paragraph">
<p>Send spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyspywarekeylogger">veris:action:malware:variety="Spyware/Keylogger"</h4>
<div class="paragraph">
<p>Spyware, keylogger or form-grabber (capture user input or activity)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyunknown">veris:action:malware:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevarietyworm">veris:action:malware:variety="Worm"</h4>
<div class="paragraph">
<p>Worm (propagate to other systems or devices)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionmalwarevector">action:malware:vector</h3>
<div class="sect3">
<h4 id="_verisactionmalwarevectordirect_install">veris:action:malware:vector="Direct install"</h4>
<div class="paragraph">
<p>Directly installed or inserted by threat agent (after system access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectordownload_by_malware">veris:action:malware:vector="Download by malware"</h4>
<div class="paragraph">
<p>Downloaded and installed by local malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectoremail_attachment">veris:action:malware:vector="Email attachment"</h4>
<div class="paragraph">
<p>Email via user-executed attachment</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectoremail_autoexecute">veris:action:malware:vector="Email autoexecute"</h4>
<div class="paragraph">
<p>Email via automatic execution</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectoremail_link">veris:action:malware:vector="Email link"</h4>
<div class="paragraph">
<p>Email via embedded link</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectoremail_unknown">veris:action:malware:vector="Email unknown"</h4>
<div class="paragraph">
<p>Email but sub-variety (attachment, autoexecute, link, etc) not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorinstant_messaging">veris:action:malware:vector="Instant messaging"</h4>
<div class="paragraph">
<p>Instant Messaging</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectornetwork_propagation">veris:action:malware:vector="Network propagation"</h4>
<div class="paragraph">
<p>Network propagation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorother">veris:action:malware:vector="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorremote_injection">veris:action:malware:vector="Remote injection"</h4>
<div class="paragraph">
<p>Remotely injected by agent (i.e. via SQLi)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorremovable_media">veris:action:malware:vector="Removable media"</h4>
<div class="paragraph">
<p>Removable storage media or devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorsoftware_update">veris:action:malware:vector="Software update"</h4>
<div class="paragraph">
<p>Included in automated software update</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorunknown">veris:action:malware:vector="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorweb_download">veris:action:malware:vector="Web download"</h4>
<div class="paragraph">
<p>Web via user-executed or downloaded content</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmalwarevectorweb_drive_by">veris:action:malware:vector="Web drive-by"</h4>
<div class="paragraph">
<p>Web via auto-executed or "drive-by" infection</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionmisuseresult">action:misuse:result</h3>
<div class="sect3">
<h4 id="_verisactionmisuseresultelevate">veris:action:misuse:result="Elevate"</h4>
<div class="paragraph">
<p>The misuse action resulted in additional permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisuseresultexfiltrate">veris:action:misuse:result="Exfiltrate"</h4>
<div class="paragraph">
<p>The misuse action exfiltrated data from the victim</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisuseresultinfiltrate">veris:action:misuse:result="Infiltrate"</h4>
<div class="paragraph">
<p>The misuse action infiltrated the victim</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionmisusevariety">action:misuse:variety</h3>
<div class="sect3">
<h4 id="_verisactionmisusevarietydata_mishandling">veris:action:misuse:variety="Data mishandling"</h4>
<div class="paragraph">
<p>Handling of data in an unapproved manner</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyemail_misuse">veris:action:misuse:variety="Email misuse"</h4>
<div class="paragraph">
<p>Inappropriate use of email or IM</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyillicit_content">veris:action:misuse:variety="Illicit content"</h4>
<div class="paragraph">
<p>Storage or distribution of illicit content</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyknowledge_abuse">veris:action:misuse:variety="Knowledge abuse"</h4>
<div class="paragraph">
<p>Abuse of private or entrusted knowledge</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietynet_misuse">veris:action:misuse:variety="Net misuse"</h4>
<div class="paragraph">
<p>Inappropriate use of network or Web access</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyother">veris:action:misuse:variety="Other"</h4>
<div class="literalblock">
<div class="content">
<pre>Other</pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietypossession_abuse">veris:action:misuse:variety="Possession abuse"</h4>
<div class="paragraph">
<p>Abuse of physical access to asset</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyprivilege_abuse">veris:action:misuse:variety="Privilege abuse"</h4>
<div class="paragraph">
<p>Abuse of system access privileges</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyunapproved_hardware">veris:action:misuse:variety="Unapproved hardware"</h4>
<div class="paragraph">
<p>Use of unapproved hardware or devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyunapproved_software">veris:action:misuse:variety="Unapproved software"</h4>
<div class="paragraph">
<p>Use of unapproved software or services</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyunapproved_workaround">veris:action:misuse:variety="Unapproved workaround"</h4>
<div class="paragraph">
<p>Unapproved workaround or shortcut</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevarietyunknown">veris:action:misuse:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionmisusevector">action:misuse:vector</h3>
<div class="sect3">
<h4 id="_verisactionmisusevectorlan_access">veris:action:misuse:vector="LAN access"</h4>
<div class="paragraph">
<p>Local network access within corporate facility</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevectornon_corporate">veris:action:misuse:vector="Non-corporate"</h4>
<div class="paragraph">
<p>Non-corporate facilities or networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevectorother">veris:action:misuse:vector="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevectorphysical_access">veris:action:misuse:vector="Physical access"</h4>
<div class="paragraph">
<p>Physical access within corporate facility</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevectorremote_access">veris:action:misuse:vector="Remote access"</h4>
<div class="paragraph">
<p>Remote access connection to corporate network (i.e. VPN)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionmisusevectorunknown">veris:action:misuse:vector="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionphysicalresult">action:physical:result</h3>
<div class="sect3">
<h4 id="_verisactionphysicalresultelevate">veris:action:physical:result="Elevate"</h4>
<div class="paragraph">
<p>The physical action resulted in additional permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalresultexfiltrate">veris:action:physical:result="Exfiltrate"</h4>
<div class="paragraph">
<p>The physical action exfiltrated data from the victim</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalresultinfiltrate">veris:action:physical:result="Infiltrate"</h4>
<div class="paragraph">
<p>The physical action infiltrated the victim</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionphysicalvariety">action:physical:variety</h3>
<div class="sect3">
<h4 id="_verisactionphysicalvarietyassault">veris:action:physical:variety="Assault"</h4>
<div class="paragraph">
<p>Assault (threats or acts of physical violence)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietybypassed_controls">veris:action:physical:variety="Bypassed controls"</h4>
<div class="paragraph">
<p>Bypassed physical barriers or controls</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietyconnection">veris:action:physical:variety="Connection"</h4>
<div class="paragraph">
<p>Connection</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietydestruction">veris:action:physical:variety="Destruction"</h4>
<div class="paragraph">
<p>Destruction (deliberate damaging or disabling)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietydisabled_controls">veris:action:physical:variety="Disabled controls"</h4>
<div class="paragraph">
<p>Disabled physical barriers or controls</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietyother">veris:action:physical:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietyskimmer">veris:action:physical:variety="Skimmer"</h4>
<div class="paragraph">
<p>Installing card skimming device</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietysnooping">veris:action:physical:variety="Snooping"</h4>
<div class="paragraph">
<p>Snooping (sneak about to gain info or access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietysurveillance">veris:action:physical:variety="Surveillance"</h4>
<div class="paragraph">
<p>Surveillance (monitoring and observation)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietytampering">veris:action:physical:variety="Tampering"</h4>
<div class="paragraph">
<p>Tampering (alter physical form or function)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietytheft">veris:action:physical:variety="Theft"</h4>
<div class="paragraph">
<p>Theft (taking assets without permission)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietyunknown">veris:action:physical:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvarietywiretapping">veris:action:physical:variety="Wiretapping"</h4>
<div class="paragraph">
<p>Wiretapping (Physical tap to comms line)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionphysicalvector">action:physical:vector</h3>
<div class="sect3">
<h4 id="_verisactionphysicalvectorother">veris:action:physical:vector="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorpartner_facility">veris:action:physical:vector="Partner facility"</h4>
<div class="paragraph">
<p>Partner facility or area</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorpartner_vehicle">veris:action:physical:vector="Partner vehicle"</h4>
<div class="paragraph">
<p>Partner vehicle (e.g., delivery truck)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorpersonal_residence">veris:action:physical:vector="Personal residence"</h4>
<div class="paragraph">
<p>Personal residence</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorpersonal_vehicle">veris:action:physical:vector="Personal vehicle"</h4>
<div class="paragraph">
<p>Personal vehicle</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorprivileged_access">veris:action:physical:vector="Privileged access"</h4>
<div class="paragraph">
<p>Held privileged access to location</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorpublic_facility">veris:action:physical:vector="Public facility"</h4>
<div class="paragraph">
<p>Public facility or area</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorpublic_vehicle">veris:action:physical:vector="Public vehicle"</h4>
<div class="paragraph">
<p>Public vehicle (e.g., plane, taxi)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectoruncontrolled_location">veris:action:physical:vector="Uncontrolled location"</h4>
<div class="paragraph">
<p>The location was uncontrolled (public)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorunknown">veris:action:physical:vector="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorvictim_grounds">veris:action:physical:vector="Victim grounds"</h4>
<div class="paragraph">
<p>Victim outdoor grounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorvictim_public_area">veris:action:physical:vector="Victim public area"</h4>
<div class="paragraph">
<p>Victim public or customer area (e.g., lobby, storefront)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorvictim_secure_area">veris:action:physical:vector="Victim secure area"</h4>
<div class="paragraph">
<p>Victim high security area (e.g., server room, R&amp;D labs)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorvictim_work_area">veris:action:physical:vector="Victim work area"</h4>
<div class="paragraph">
<p>Victim private or work area (e.g., office space)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionphysicalvectorvisitor_privileges">veris:action:physical:vector="Visitor privileges"</h4>
<div class="paragraph">
<p>Given temporary visitor access</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionsocialresult">action:social:result</h3>
<div class="sect3">
<h4 id="_verisactionsocialresultelevate">veris:action:social:result="Elevate"</h4>
<div class="paragraph">
<p>The social action resulted in additional permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialresultexfiltrate">veris:action:social:result="Exfiltrate"</h4>
<div class="paragraph">
<p>The social action exfiltrated data from the victim</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialresultinfiltrate">veris:action:social:result="Infiltrate"</h4>
<div class="paragraph">
<p>The social action infiltrated the victim</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionsocialtarget">action:social:target</h3>
<div class="sect3">
<h4 id="_verisactionsocialtargetauditor">veris:action:social:target="Auditor"</h4>
<div class="paragraph">
<p>Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetcall_center">veris:action:social:target="Call center"</h4>
<div class="paragraph">
<p>Call center staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetcashier">veris:action:social:target="Cashier"</h4>
<div class="paragraph">
<p>Cashier, teller or waiter</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetcustomer">veris:action:social:target="Customer"</h4>
<div class="paragraph">
<p>Customer (B2C)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetdeveloper">veris:action:social:target="Developer"</h4>
<div class="paragraph">
<p>Software developer</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetend_user">veris:action:social:target="End-user"</h4>
<div class="paragraph">
<p>End-user or regular employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetexecutive">veris:action:social:target="Executive"</h4>
<div class="paragraph">
<p>Executive or upper management</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetfinance">veris:action:social:target="Finance"</h4>
<div class="paragraph">
<p>Finance or accounting staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetformer_employee">veris:action:social:target="Former employee"</h4>
<div class="paragraph">
<p>Former employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetguard">veris:action:social:target="Guard"</h4>
<div class="paragraph">
<p>Security guard</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargethelpdesk">veris:action:social:target="Helpdesk"</h4>
<div class="paragraph">
<p>Helpdesk staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargethuman_resources">veris:action:social:target="Human resources"</h4>
<div class="paragraph">
<p>Human resources staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetmaintenance">veris:action:social:target="Maintenance"</h4>
<div class="paragraph">
<p>Maintenance or janitorial staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetmanager">veris:action:social:target="Manager"</h4>
<div class="paragraph">
<p>Manager or supervisor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetother">veris:action:social:target="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetpartner">veris:action:social:target="Partner"</h4>
<div class="paragraph">
<p>Partner (B2B)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetsystem_admin">veris:action:social:target="System admin"</h4>
<div class="paragraph">
<p>System or network administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialtargetunknown">veris:action:social:target="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionsocialvariety">action:social:variety</h3>
<div class="sect3">
<h4 id="_verisactionsocialvarietybaiting">veris:action:social:variety="Baiting"</h4>
<div class="paragraph">
<p>Baiting (planting infected media)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietybribery">veris:action:social:variety="Bribery"</h4>
<div class="paragraph">
<p>Bribery or solicitation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyelicitation">veris:action:social:variety="Elicitation"</h4>
<div class="paragraph">
<p>Elicitation (subtle extraction of info through conversation)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyextortion">veris:action:social:variety="Extortion"</h4>
<div class="paragraph">
<p>Extortion or blackmail</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyforgery">veris:action:social:variety="Forgery"</h4>
<div class="paragraph">
<p>Forgery or counterfeiting (fake hardware, software, documents, etc)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyinfluence">veris:action:social:variety="Influence"</h4>
<div class="paragraph">
<p>Influence tactics (Leveraging authority or obligation, framing, etc)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyother">veris:action:social:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyphishing">veris:action:social:variety="Phishing"</h4>
<div class="paragraph">
<p>Phishing (or any type of *ishing)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietypretexting">veris:action:social:variety="Pretexting"</h4>
<div class="paragraph">
<p>Pretexting (dialogue leveraging invented scenario)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietypropaganda">veris:action:social:variety="Propaganda"</h4>
<div class="paragraph">
<p>Propaganda or disinformation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyscam">veris:action:social:variety="Scam"</h4>
<div class="paragraph">
<p>Online scam or hoax (e.g., scareware, 419 scam, auction fraud)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyspam">veris:action:social:variety="Spam"</h4>
<div class="paragraph">
<p>Spam (unsolicited or undesired email and advertisements)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvarietyunknown">veris:action:social:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionsocialvector">action:social:vector</h3>
<div class="sect3">
<h4 id="_verisactionsocialvectordocuments">veris:action:social:vector="Documents"</h4>
<div class="paragraph">
<p>Documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectoremail">veris:action:social:vector="Email"</h4>
<div class="paragraph">
<p>Email</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorim">veris:action:social:vector="IM"</h4>
<div class="paragraph">
<p>Instant messaging</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorin_person">veris:action:social:vector="In-person"</h4>
<div class="paragraph">
<p>In-person</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorother">veris:action:social:vector="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorphone">veris:action:social:vector="Phone"</h4>
<div class="paragraph">
<p>Phone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorremovable_media">veris:action:social:vector="Removable media"</h4>
<div class="paragraph">
<p>Removable storage media</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorsms">veris:action:social:vector="SMS"</h4>
<div class="paragraph">
<p>SMS or texting</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorsocial_media">veris:action:social:vector="Social media"</h4>
<div class="paragraph">
<p>Social media or networking</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorsoftware">veris:action:social:vector="Software"</h4>
<div class="paragraph">
<p>Software</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorunknown">veris:action:social:vector="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionsocialvectorwebsite">veris:action:social:vector="Website"</h4>
<div class="paragraph">
<p>Website</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actionunknownresult">action:unknown:result</h3>
<div class="sect3">
<h4 id="_verisactionunknownresultelevate">veris:action:unknown:result="Elevate"</h4>
<div class="paragraph">
<p>The hacking action resulted in additional permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionunknownresultexfiltrate">veris:action:unknown:result="Exfiltrate"</h4>
<div class="paragraph">
<p>The hacking action exfiltrated data from the victim</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactionunknownresultinfiltrate">veris:action:unknown:result="Infiltrate"</h4>
<div class="paragraph">
<p>The hacking action infiltrated the victim</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorexternalcountry">actor:external:country</h3>
<div class="sect3">
<h4 id="_verisactorexternalcountryad">veris:actor:external:country="AD"</h4>
<div class="paragraph">
<p>Andorra</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryae">veris:actor:external:country="AE"</h4>
<div class="paragraph">
<p>United Arab Emirates</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryaf">veris:actor:external:country="AF"</h4>
<div class="paragraph">
<p>Afghanistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryag">veris:actor:external:country="AG"</h4>
<div class="paragraph">
<p>Antigua and Barbuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryai">veris:actor:external:country="AI"</h4>
<div class="paragraph">
<p>Anguilla</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryal">veris:actor:external:country="AL"</h4>
<div class="paragraph">
<p>Albania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryam">veris:actor:external:country="AM"</h4>
<div class="paragraph">
<p>Armenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryao">veris:actor:external:country="AO"</h4>
<div class="paragraph">
<p>Angola</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryaq">veris:actor:external:country="AQ"</h4>
<div class="paragraph">
<p>Antarctica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryar">veris:actor:external:country="AR"</h4>
<div class="paragraph">
<p>Argentina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryas">veris:actor:external:country="AS"</h4>
<div class="paragraph">
<p>American Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryat">veris:actor:external:country="AT"</h4>
<div class="paragraph">
<p>Austria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryau">veris:actor:external:country="AU"</h4>
<div class="paragraph">
<p>Australia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryaw">veris:actor:external:country="AW"</h4>
<div class="paragraph">
<p>Aruba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryax">veris:actor:external:country="AX"</h4>
<div class="paragraph">
<p>Aland Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryaz">veris:actor:external:country="AZ"</h4>
<div class="paragraph">
<p>Azerbaijan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryba">veris:actor:external:country="BA"</h4>
<div class="paragraph">
<p>Bosnia and Herzegovina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybb">veris:actor:external:country="BB"</h4>
<div class="paragraph">
<p>Barbados</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybd">veris:actor:external:country="BD"</h4>
<div class="paragraph">
<p>Bangladesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybe">veris:actor:external:country="BE"</h4>
<div class="paragraph">
<p>Belgium</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybf">veris:actor:external:country="BF"</h4>
<div class="paragraph">
<p>Burkina Faso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybg">veris:actor:external:country="BG"</h4>
<div class="paragraph">
<p>Bulgaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybh">veris:actor:external:country="BH"</h4>
<div class="paragraph">
<p>Bahrain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybi">veris:actor:external:country="BI"</h4>
<div class="paragraph">
<p>Burundi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybj">veris:actor:external:country="BJ"</h4>
<div class="paragraph">
<p>Benin</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybl">veris:actor:external:country="BL"</h4>
<div class="paragraph">
<p>Saint-Barthelemy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybm">veris:actor:external:country="BM"</h4>
<div class="paragraph">
<p>Bermuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybn">veris:actor:external:country="BN"</h4>
<div class="paragraph">
<p>Brunei Darussalam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybo">veris:actor:external:country="BO"</h4>
<div class="paragraph">
<p>Bolivia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybq">veris:actor:external:country="BQ"</h4>
<div class="paragraph">
<p>Bonaire, Saint Eustatius and Saba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybr">veris:actor:external:country="BR"</h4>
<div class="paragraph">
<p>Brazil</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybs">veris:actor:external:country="BS"</h4>
<div class="paragraph">
<p>Bahamas</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybt">veris:actor:external:country="BT"</h4>
<div class="paragraph">
<p>Bhutan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybv">veris:actor:external:country="BV"</h4>
<div class="paragraph">
<p>Bouvet Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybw">veris:actor:external:country="BW"</h4>
<div class="paragraph">
<p>Botswana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryby">veris:actor:external:country="BY"</h4>
<div class="paragraph">
<p>Belarus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrybz">veris:actor:external:country="BZ"</h4>
<div class="paragraph">
<p>Belize</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryca">veris:actor:external:country="CA"</h4>
<div class="paragraph">
<p>Canada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycc">veris:actor:external:country="CC"</h4>
<div class="paragraph">
<p>Cocos (Keeling) Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycd">veris:actor:external:country="CD"</h4>
<div class="paragraph">
<p>Congo, Democratic Republic of the</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycf">veris:actor:external:country="CF"</h4>
<div class="paragraph">
<p>Central African Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycg">veris:actor:external:country="CG"</h4>
<div class="paragraph">
<p>Congo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrych">veris:actor:external:country="CH"</h4>
<div class="paragraph">
<p>Switzerland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryci">veris:actor:external:country="CI"</h4>
<div class="paragraph">
<p>Cote d&#8217;Ivoire</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryck">veris:actor:external:country="CK"</h4>
<div class="paragraph">
<p>Cook Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycl">veris:actor:external:country="CL"</h4>
<div class="paragraph">
<p>Chile</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycm">veris:actor:external:country="CM"</h4>
<div class="paragraph">
<p>Cameroon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycn">veris:actor:external:country="CN"</h4>
<div class="paragraph">
<p>China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryco">veris:actor:external:country="CO"</h4>
<div class="paragraph">
<p>Colombia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycr">veris:actor:external:country="CR"</h4>
<div class="paragraph">
<p>Costa Rica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycu">veris:actor:external:country="CU"</h4>
<div class="paragraph">
<p>Cuba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycv">veris:actor:external:country="CV"</h4>
<div class="paragraph">
<p>Cape Verde</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycw">veris:actor:external:country="CW"</h4>
<div class="paragraph">
<p>Curacao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycx">veris:actor:external:country="CX"</h4>
<div class="paragraph">
<p>Christmas Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycy">veris:actor:external:country="CY"</h4>
<div class="paragraph">
<p>Cyprus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrycz">veris:actor:external:country="CZ"</h4>
<div class="paragraph">
<p>Czech Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryde">veris:actor:external:country="DE"</h4>
<div class="paragraph">
<p>Germany</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrydj">veris:actor:external:country="DJ"</h4>
<div class="paragraph">
<p>Djibouti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrydk">veris:actor:external:country="DK"</h4>
<div class="paragraph">
<p>Denmark</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrydm">veris:actor:external:country="DM"</h4>
<div class="paragraph">
<p>Dominica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrydo">veris:actor:external:country="DO"</h4>
<div class="paragraph">
<p>Dominican Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrydz">veris:actor:external:country="DZ"</h4>
<div class="paragraph">
<p>Algeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryec">veris:actor:external:country="EC"</h4>
<div class="paragraph">
<p>Ecuador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryee">veris:actor:external:country="EE"</h4>
<div class="paragraph">
<p>Estonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryeg">veris:actor:external:country="EG"</h4>
<div class="paragraph">
<p>Egypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryeh">veris:actor:external:country="EH"</h4>
<div class="paragraph">
<p>Western Sahara</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryer">veris:actor:external:country="ER"</h4>
<div class="paragraph">
<p>Eritrea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryes">veris:actor:external:country="ES"</h4>
<div class="paragraph">
<p>Spain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryet">veris:actor:external:country="ET"</h4>
<div class="paragraph">
<p>Ethiopia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryfi">veris:actor:external:country="FI"</h4>
<div class="paragraph">
<p>Finland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryfj">veris:actor:external:country="FJ"</h4>
<div class="paragraph">
<p>Fiji</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryfk">veris:actor:external:country="FK"</h4>
<div class="paragraph">
<p>Faeroe Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryfm">veris:actor:external:country="FM"</h4>
<div class="paragraph">
<p>Micronesia (Federated States of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryfo">veris:actor:external:country="FO"</h4>
<div class="paragraph">
<p>Falkland Islands (Malvinas)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryfr">veris:actor:external:country="FR"</h4>
<div class="paragraph">
<p>France</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryga">veris:actor:external:country="GA"</h4>
<div class="paragraph">
<p>Gabon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygb">veris:actor:external:country="GB"</h4>
<div class="paragraph">
<p>United Kingdom</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygd">veris:actor:external:country="GD"</h4>
<div class="paragraph">
<p>Grenada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryge">veris:actor:external:country="GE"</h4>
<div class="paragraph">
<p>Georgia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygf">veris:actor:external:country="GF"</h4>
<div class="paragraph">
<p>French Guiana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygg">veris:actor:external:country="GG"</h4>
<div class="paragraph">
<p>Guernsey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygh">veris:actor:external:country="GH"</h4>
<div class="paragraph">
<p>Ghana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygi">veris:actor:external:country="GI"</h4>
<div class="paragraph">
<p>Gibraltar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygl">veris:actor:external:country="GL"</h4>
<div class="paragraph">
<p>Greenland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygm">veris:actor:external:country="GM"</h4>
<div class="paragraph">
<p>Gambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygn">veris:actor:external:country="GN"</h4>
<div class="paragraph">
<p>Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygp">veris:actor:external:country="GP"</h4>
<div class="paragraph">
<p>Guadeloupe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygq">veris:actor:external:country="GQ"</h4>
<div class="paragraph">
<p>Equatorial Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygr">veris:actor:external:country="GR"</h4>
<div class="paragraph">
<p>Greece</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygs">veris:actor:external:country="GS"</h4>
<div class="paragraph">
<p>South Georgia and the South Sandwich Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygt">veris:actor:external:country="GT"</h4>
<div class="paragraph">
<p>Guatemala</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygu">veris:actor:external:country="GU"</h4>
<div class="paragraph">
<p>Guam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygw">veris:actor:external:country="GW"</h4>
<div class="paragraph">
<p>Guinea-Bissau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrygy">veris:actor:external:country="GY"</h4>
<div class="paragraph">
<p>Guyana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryhk">veris:actor:external:country="HK"</h4>
<div class="paragraph">
<p>Hong Kong</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryhm">veris:actor:external:country="HM"</h4>
<div class="paragraph">
<p>Heard Island and McDonal Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryhn">veris:actor:external:country="HN"</h4>
<div class="paragraph">
<p>Honduras</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryhr">veris:actor:external:country="HR"</h4>
<div class="paragraph">
<p>Croatia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryht">veris:actor:external:country="HT"</h4>
<div class="paragraph">
<p>Haiti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryhu">veris:actor:external:country="HU"</h4>
<div class="paragraph">
<p>Hungary</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryid">veris:actor:external:country="ID"</h4>
<div class="paragraph">
<p>Indonesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryie">veris:actor:external:country="IE"</h4>
<div class="paragraph">
<p>Ireland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryil">veris:actor:external:country="IL"</h4>
<div class="paragraph">
<p>Israel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryim">veris:actor:external:country="IM"</h4>
<div class="paragraph">
<p>Isle of Man</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryin">veris:actor:external:country="IN"</h4>
<div class="paragraph">
<p>India</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryio">veris:actor:external:country="IO"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryiq">veris:actor:external:country="IQ"</h4>
<div class="paragraph">
<p>Iraq</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryir">veris:actor:external:country="IR"</h4>
<div class="paragraph">
<p>Iran (Islamic Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryis">veris:actor:external:country="IS"</h4>
<div class="paragraph">
<p>Iceland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryit">veris:actor:external:country="IT"</h4>
<div class="paragraph">
<p>Italy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryje">veris:actor:external:country="JE"</h4>
<div class="paragraph">
<p>Jersey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryjm">veris:actor:external:country="JM"</h4>
<div class="paragraph">
<p>Jamaica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryjo">veris:actor:external:country="JO"</h4>
<div class="paragraph">
<p>Jordan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryjp">veris:actor:external:country="JP"</h4>
<div class="paragraph">
<p>Japan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryke">veris:actor:external:country="KE"</h4>
<div class="paragraph">
<p>Kenya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykg">veris:actor:external:country="KG"</h4>
<div class="paragraph">
<p>Kyrgyzstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykh">veris:actor:external:country="KH"</h4>
<div class="paragraph">
<p>Cambodia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryki">veris:actor:external:country="KI"</h4>
<div class="paragraph">
<p>Kiribati</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykm">veris:actor:external:country="KM"</h4>
<div class="paragraph">
<p>Comoros</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykn">veris:actor:external:country="KN"</h4>
<div class="paragraph">
<p>Saint Kitts and Nevis</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykp">veris:actor:external:country="KP"</h4>
<div class="paragraph">
<p>Korea, Democratic People&#8217;s Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykr">veris:actor:external:country="KR"</h4>
<div class="paragraph">
<p>Korea, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykw">veris:actor:external:country="KW"</h4>
<div class="paragraph">
<p>Kuwait</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryky">veris:actor:external:country="KY"</h4>
<div class="paragraph">
<p>Cayman Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrykz">veris:actor:external:country="KZ"</h4>
<div class="paragraph">
<p>Kazakhstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryla">veris:actor:external:country="LA"</h4>
<div class="paragraph">
<p>Lao People&#8217;s Democratic Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrylb">veris:actor:external:country="LB"</h4>
<div class="paragraph">
<p>Lebanon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrylc">veris:actor:external:country="LC"</h4>
<div class="paragraph">
<p>Saint Lucia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryli">veris:actor:external:country="LI"</h4>
<div class="paragraph">
<p>Liechtenstein</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrylk">veris:actor:external:country="LK"</h4>
<div class="paragraph">
<p>Sri Lanka</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrylr">veris:actor:external:country="LR"</h4>
<div class="paragraph">
<p>Liberia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryls">veris:actor:external:country="LS"</h4>
<div class="paragraph">
<p>Lesotho</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrylt">veris:actor:external:country="LT"</h4>
<div class="paragraph">
<p>Lithuania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrylu">veris:actor:external:country="LU"</h4>
<div class="paragraph">
<p>Luxembourg</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrylv">veris:actor:external:country="LV"</h4>
<div class="paragraph">
<p>Latvia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryly">veris:actor:external:country="LY"</h4>
<div class="paragraph">
<p>Libya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryma">veris:actor:external:country="MA"</h4>
<div class="paragraph">
<p>Morocco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymc">veris:actor:external:country="MC"</h4>
<div class="paragraph">
<p>Monaco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymd">veris:actor:external:country="MD"</h4>
<div class="paragraph">
<p>Moldova, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryme">veris:actor:external:country="ME"</h4>
<div class="paragraph">
<p>Montenegro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymf">veris:actor:external:country="MF"</h4>
<div class="paragraph">
<p>Saint Martin (French part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymg">veris:actor:external:country="MG"</h4>
<div class="paragraph">
<p>Madagascar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymh">veris:actor:external:country="MH"</h4>
<div class="paragraph">
<p>Marshall Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymk">veris:actor:external:country="MK"</h4>
<div class="paragraph">
<p>Macedonia, The former Yugoslav Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryml">veris:actor:external:country="ML"</h4>
<div class="paragraph">
<p>Mali</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymm">veris:actor:external:country="MM"</h4>
<div class="paragraph">
<p>Myanmar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymn">veris:actor:external:country="MN"</h4>
<div class="paragraph">
<p>Mongolia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymo">veris:actor:external:country="MO"</h4>
<div class="paragraph">
<p>Macao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymp">veris:actor:external:country="MP"</h4>
<div class="paragraph">
<p>Northern Mariana Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymq">veris:actor:external:country="MQ"</h4>
<div class="paragraph">
<p>Martinique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymr">veris:actor:external:country="MR"</h4>
<div class="paragraph">
<p>Mauritania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryms">veris:actor:external:country="MS"</h4>
<div class="paragraph">
<p>Montserrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymt">veris:actor:external:country="MT"</h4>
<div class="paragraph">
<p>Malta</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymu">veris:actor:external:country="MU"</h4>
<div class="paragraph">
<p>Mauritius</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymv">veris:actor:external:country="MV"</h4>
<div class="paragraph">
<p>Maldives</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymw">veris:actor:external:country="MW"</h4>
<div class="paragraph">
<p>Malawi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymx">veris:actor:external:country="MX"</h4>
<div class="paragraph">
<p>Mexico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymy">veris:actor:external:country="MY"</h4>
<div class="paragraph">
<p>Malaysia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrymz">veris:actor:external:country="MZ"</h4>
<div class="paragraph">
<p>Mozambique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryna">veris:actor:external:country="NA"</h4>
<div class="paragraph">
<p>Namibia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrync">veris:actor:external:country="NC"</h4>
<div class="paragraph">
<p>New Caledonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryne">veris:actor:external:country="NE"</h4>
<div class="paragraph">
<p>Niger</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrynf">veris:actor:external:country="NF"</h4>
<div class="paragraph">
<p>Norfolk Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryng">veris:actor:external:country="NG"</h4>
<div class="paragraph">
<p>Nigeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryni">veris:actor:external:country="NI"</h4>
<div class="paragraph">
<p>Nicaragua</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrynl">veris:actor:external:country="NL"</h4>
<div class="paragraph">
<p>Netherlands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryno">veris:actor:external:country="NO"</h4>
<div class="paragraph">
<p>Norway</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrynp">veris:actor:external:country="NP"</h4>
<div class="paragraph">
<p>Nepal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrynr">veris:actor:external:country="NR"</h4>
<div class="paragraph">
<p>Nauru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrynu">veris:actor:external:country="NU"</h4>
<div class="paragraph">
<p>Niue</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrynz">veris:actor:external:country="NZ"</h4>
<div class="paragraph">
<p>New Zealand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryom">veris:actor:external:country="OM"</h4>
<div class="paragraph">
<p>Oman</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryother">veris:actor:external:country="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypa">veris:actor:external:country="PA"</h4>
<div class="paragraph">
<p>Panama</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrype">veris:actor:external:country="PE"</h4>
<div class="paragraph">
<p>Peru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypf">veris:actor:external:country="PF"</h4>
<div class="paragraph">
<p>French Polynesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypg">veris:actor:external:country="PG"</h4>
<div class="paragraph">
<p>Papua New Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryph">veris:actor:external:country="PH"</h4>
<div class="paragraph">
<p>Philippines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypk">veris:actor:external:country="PK"</h4>
<div class="paragraph">
<p>Pakistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypl">veris:actor:external:country="PL"</h4>
<div class="paragraph">
<p>Poland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypm">veris:actor:external:country="PM"</h4>
<div class="paragraph">
<p>Saint Pierre and Miquelon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypn">veris:actor:external:country="PN"</h4>
<div class="paragraph">
<p>Pitcairn</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypr">veris:actor:external:country="PR"</h4>
<div class="paragraph">
<p>Puerto Rico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryps">veris:actor:external:country="PS"</h4>
<div class="paragraph">
<p>Palestinian Territory, Occupied</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypt">veris:actor:external:country="PT"</h4>
<div class="paragraph">
<p>Portugal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypw">veris:actor:external:country="PW"</h4>
<div class="paragraph">
<p>Palau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrypy">veris:actor:external:country="PY"</h4>
<div class="paragraph">
<p>Paraguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryqa">veris:actor:external:country="QA"</h4>
<div class="paragraph">
<p>Qatar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryre">veris:actor:external:country="RE"</h4>
<div class="paragraph">
<p>Reunion</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryro">veris:actor:external:country="RO"</h4>
<div class="paragraph">
<p>Romania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryrs">veris:actor:external:country="RS"</h4>
<div class="paragraph">
<p>Serbia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryru">veris:actor:external:country="RU"</h4>
<div class="paragraph">
<p>Russian Federation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryrw">veris:actor:external:country="RW"</h4>
<div class="paragraph">
<p>Rwanda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysa">veris:actor:external:country="SA"</h4>
<div class="paragraph">
<p>Saudi Arabia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysb">veris:actor:external:country="SB"</h4>
<div class="paragraph">
<p>Solomon Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysc">veris:actor:external:country="SC"</h4>
<div class="paragraph">
<p>Seychelles</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysd">veris:actor:external:country="SD"</h4>
<div class="paragraph">
<p>Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryse">veris:actor:external:country="SE"</h4>
<div class="paragraph">
<p>Sweden</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysg">veris:actor:external:country="SG"</h4>
<div class="paragraph">
<p>Singapore</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysh">veris:actor:external:country="SH"</h4>
<div class="paragraph">
<p>Saint Helena</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysi">veris:actor:external:country="SI"</h4>
<div class="paragraph">
<p>Slovenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysj">veris:actor:external:country="SJ"</h4>
<div class="paragraph">
<p>Svalbard and Jan Mayen Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysk">veris:actor:external:country="SK"</h4>
<div class="paragraph">
<p>Slovakia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysl">veris:actor:external:country="SL"</h4>
<div class="paragraph">
<p>Sierra Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysm">veris:actor:external:country="SM"</h4>
<div class="paragraph">
<p>San Marino</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysn">veris:actor:external:country="SN"</h4>
<div class="paragraph">
<p>Senegal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryso">veris:actor:external:country="SO"</h4>
<div class="paragraph">
<p>Somalia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysr">veris:actor:external:country="SR"</h4>
<div class="paragraph">
<p>Suriname</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryss">veris:actor:external:country="SS"</h4>
<div class="paragraph">
<p>South Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryst">veris:actor:external:country="ST"</h4>
<div class="paragraph">
<p>Sao Tome and Principe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysv">veris:actor:external:country="SV"</h4>
<div class="paragraph">
<p>El Salvador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysx">veris:actor:external:country="SX"</h4>
<div class="paragraph">
<p>Sint Maarten (Dutch part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysy">veris:actor:external:country="SY"</h4>
<div class="paragraph">
<p>Syrian Arab Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrysz">veris:actor:external:country="SZ"</h4>
<div class="paragraph">
<p>Swaziland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytc">veris:actor:external:country="TC"</h4>
<div class="paragraph">
<p>Turks and Caicos Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytd">veris:actor:external:country="TD"</h4>
<div class="paragraph">
<p>Chad</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytf">veris:actor:external:country="TF"</h4>
<div class="paragraph">
<p>French Southern Territories</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytg">veris:actor:external:country="TG"</h4>
<div class="paragraph">
<p>Togo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryth">veris:actor:external:country="TH"</h4>
<div class="paragraph">
<p>Thailand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytj">veris:actor:external:country="TJ"</h4>
<div class="paragraph">
<p>Tajikistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytk">veris:actor:external:country="TK"</h4>
<div class="paragraph">
<p>Tokelau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytl">veris:actor:external:country="TL"</h4>
<div class="paragraph">
<p>Timor-Leste</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytm">veris:actor:external:country="TM"</h4>
<div class="paragraph">
<p>Turkmenistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytn">veris:actor:external:country="TN"</h4>
<div class="paragraph">
<p>Tunisia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryto">veris:actor:external:country="TO"</h4>
<div class="paragraph">
<p>Tonga</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytr">veris:actor:external:country="TR"</h4>
<div class="paragraph">
<p>Turkey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytt">veris:actor:external:country="TT"</h4>
<div class="paragraph">
<p>Trinidad and Tobago</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytv">veris:actor:external:country="TV"</h4>
<div class="paragraph">
<p>Tuvalu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytw">veris:actor:external:country="TW"</h4>
<div class="paragraph">
<p>Taiwan, Province of China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrytz">veris:actor:external:country="TZ"</h4>
<div class="paragraph">
<p>Tanzania, United Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryua">veris:actor:external:country="UA"</h4>
<div class="paragraph">
<p>Ukraine</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryug">veris:actor:external:country="UG"</h4>
<div class="paragraph">
<p>Uganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryum">veris:actor:external:country="UM"</h4>
<div class="paragraph">
<p>United States Minor Outlying Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryus">veris:actor:external:country="US"</h4>
<div class="paragraph">
<p>United States of America</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryuy">veris:actor:external:country="UY"</h4>
<div class="paragraph">
<p>Uruguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryuz">veris:actor:external:country="UZ"</h4>
<div class="paragraph">
<p>Uzbekistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryunknown">veris:actor:external:country="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryva">veris:actor:external:country="VA"</h4>
<div class="paragraph">
<p>Holy See</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryvc">veris:actor:external:country="VC"</h4>
<div class="paragraph">
<p>Saint Vincent and the Grenadines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryve">veris:actor:external:country="VE"</h4>
<div class="paragraph">
<p>Venezuela (Bolivarian Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryvg">veris:actor:external:country="VG"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryvi">veris:actor:external:country="VI"</h4>
<div class="paragraph">
<p>United States Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryvn">veris:actor:external:country="VN"</h4>
<div class="paragraph">
<p>Viet Nam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryvu">veris:actor:external:country="VU"</h4>
<div class="paragraph">
<p>Vanuatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountrywf">veris:actor:external:country="WF"</h4>
<div class="paragraph">
<p>Wallis and Futuna Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryws">veris:actor:external:country="WS"</h4>
<div class="paragraph">
<p>Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryye">veris:actor:external:country="YE"</h4>
<div class="paragraph">
<p>Yemen</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryyt">veris:actor:external:country="YT"</h4>
<div class="paragraph">
<p>Mayotte</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryza">veris:actor:external:country="ZA"</h4>
<div class="paragraph">
<p>South Africa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryzm">veris:actor:external:country="ZM"</h4>
<div class="paragraph">
<p>Zambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalcountryzw">veris:actor:external:country="ZW"</h4>
<div class="paragraph">
<p>Zimbabwe</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorexternalmotive">actor:external:motive</h3>
<div class="sect3">
<h4 id="_verisactorexternalmotiveconvenience">veris:actor:external:motive="Convenience"</h4>
<div class="paragraph">
<p>Convenience of expediency</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotiveespionage">veris:actor:external:motive="Espionage"</h4>
<div class="paragraph">
<p>Espionage or competitive advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotivefear">veris:actor:external:motive="Fear"</h4>
<div class="paragraph">
<p>Fear or duress</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotivefinancial">veris:actor:external:motive="Financial"</h4>
<div class="paragraph">
<p>Financial or personal gain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotivefun">veris:actor:external:motive="Fun"</h4>
<div class="paragraph">
<p>Fun, curiosity, or pride</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotivegrudge">veris:actor:external:motive="Grudge"</h4>
<div class="paragraph">
<p>Grudge or personal offense</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotiveideology">veris:actor:external:motive="Ideology"</h4>
<div class="paragraph">
<p>Ideology or protest</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotivena">veris:actor:external:motive="NA"</h4>
<div class="paragraph">
<p>Not Applicable (unintentional action)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotiveother">veris:actor:external:motive="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotivesecondary">veris:actor:external:motive="Secondary"</h4>
<div class="paragraph">
<p>Aid in a different attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalmotiveunknown">veris:actor:external:motive="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorexternalvariety">actor:external:variety</h3>
<div class="sect3">
<h4 id="_verisactorexternalvarietyacquaintance">veris:actor:external:variety="Acquaintance"</h4>
<div class="paragraph">
<p>Relative or acquaintance of employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyactivist">veris:actor:external:variety="Activist"</h4>
<div class="paragraph">
<p>Activist group</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyauditor">veris:actor:external:variety="Auditor"</h4>
<div class="paragraph">
<p>Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietycompetitor">veris:actor:external:variety="Competitor"</h4>
<div class="paragraph">
<p>Competitor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietycustomer">veris:actor:external:variety="Customer"</h4>
<div class="paragraph">
<p>Customer (B2C)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyforce_majeure">veris:actor:external:variety="Force majeure"</h4>
<div class="paragraph">
<p>Force majeure (nature and chance)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyformer_employee">veris:actor:external:variety="Former employee"</h4>
<div class="paragraph">
<p>Former employee (no longer had access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietynation_state">veris:actor:external:variety="Nation-state"</h4>
<div class="paragraph">
<p>Nation-state</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyorganized_crime">veris:actor:external:variety="Organized crime"</h4>
<div class="paragraph">
<p>Organized or professional criminal group</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyother">veris:actor:external:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietystate_affiliated">veris:actor:external:variety="State-affiliated"</h4>
<div class="paragraph">
<p>State-sponsored or affiliated group</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyterrorist">veris:actor:external:variety="Terrorist"</h4>
<div class="paragraph">
<p>Terrorist group</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyunaffiliated">veris:actor:external:variety="Unaffiliated"</h4>
<div class="paragraph">
<p>Unaffiliated person(s)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorexternalvarietyunknown">veris:actor:external:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorinternaljob_change">actor:internal:job_change</h3>
<div class="sect3">
<h4 id="_verisactorinternaljob_changedemoted">veris:actor:internal:job_change="Demoted"</h4>
<div class="paragraph">
<p>Recently demoted or hours reduced</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changehired">veris:actor:internal:job_change="Hired"</h4>
<div class="paragraph">
<p>Recently hired</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changejob_eval">veris:actor:internal:job_change="Job eval"</h4>
<div class="paragraph">
<p>Recent poor job evaluation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changelateral_move">veris:actor:internal:job_change="Lateral move"</h4>
<div class="paragraph">
<p>Lateral move</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changelet_go">veris:actor:internal:job_change="Let go"</h4>
<div class="paragraph">
<p>Fired, laid off, or let go</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changeother">veris:actor:internal:job_change="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changepassed_over">veris:actor:internal:job_change="Passed over"</h4>
<div class="paragraph">
<p>Recently passed over for promotion</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changepersonal_issues">veris:actor:internal:job_change="Personal issues"</h4>
<div class="paragraph">
<p>Personal issues</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changepromoted">veris:actor:internal:job_change="Promoted"</h4>
<div class="paragraph">
<p>Recently promoted</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changereprimanded">veris:actor:internal:job_change="Reprimanded"</h4>
<div class="paragraph">
<p>Recently reprimanded</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changeresigned">veris:actor:internal:job_change="Resigned"</h4>
<div class="paragraph">
<p>Preparing to resign or recently resigned</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternaljob_changeunknown">veris:actor:internal:job_change="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorinternalmotive">actor:internal:motive</h3>
<div class="sect3">
<h4 id="_verisactorinternalmotiveconvenience">veris:actor:internal:motive="Convenience"</h4>
<div class="paragraph">
<p>Convenience of expediency</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotiveespionage">veris:actor:internal:motive="Espionage"</h4>
<div class="paragraph">
<p>Espionage or competitive advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotivefear">veris:actor:internal:motive="Fear"</h4>
<div class="paragraph">
<p>Fear or duress</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotivefinancial">veris:actor:internal:motive="Financial"</h4>
<div class="paragraph">
<p>Financial or personal gain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotivefun">veris:actor:internal:motive="Fun"</h4>
<div class="paragraph">
<p>Fun, curiosity, or pride</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotivegrudge">veris:actor:internal:motive="Grudge"</h4>
<div class="paragraph">
<p>Grudge or personal offense</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotiveideology">veris:actor:internal:motive="Ideology"</h4>
<div class="paragraph">
<p>Ideology or protest</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotivena">veris:actor:internal:motive="NA"</h4>
<div class="paragraph">
<p>Not Applicable (unintentional action)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotiveother">veris:actor:internal:motive="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotivesecondary">veris:actor:internal:motive="Secondary"</h4>
<div class="paragraph">
<p>Aid in a different attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalmotiveunknown">veris:actor:internal:motive="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorinternalvariety">actor:internal:variety</h3>
<div class="sect3">
<h4 id="_verisactorinternalvarietyauditor">veris:actor:internal:variety="Auditor"</h4>
<div class="paragraph">
<p>Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietycall_center">veris:actor:internal:variety="Call center"</h4>
<div class="paragraph">
<p>Call center staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietycashier">veris:actor:internal:variety="Cashier"</h4>
<div class="paragraph">
<p>Cashier, teller, or waiter</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietydeveloper">veris:actor:internal:variety="Developer"</h4>
<div class="paragraph">
<p>Software developer</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietydoctor_or_nurse">veris:actor:internal:variety="Doctor or nurse"</h4>
<div class="paragraph">
<p>A doctor or a nurse</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyend_user">veris:actor:internal:variety="End-user"</h4>
<div class="paragraph">
<p>End-user or regular employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyexecutive">veris:actor:internal:variety="Executive"</h4>
<div class="paragraph">
<p>Executive or upper management</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyfinance">veris:actor:internal:variety="Finance"</h4>
<div class="paragraph">
<p>Finance or accounting staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyguard">veris:actor:internal:variety="Guard"</h4>
<div class="paragraph">
<p>Security guard</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyhelpdesk">veris:actor:internal:variety="Helpdesk"</h4>
<div class="paragraph">
<p>Helpdesk staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyhuman_resources">veris:actor:internal:variety="Human resources"</h4>
<div class="paragraph">
<p>Human resources staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietymaintenance">veris:actor:internal:variety="Maintenance"</h4>
<div class="paragraph">
<p>Maintenance or janitorial staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietymanager">veris:actor:internal:variety="Manager"</h4>
<div class="paragraph">
<p>Manager or supervisor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyother">veris:actor:internal:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietysystem_admin">veris:actor:internal:variety="System admin"</h4>
<div class="paragraph">
<p>System or network administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorinternalvarietyunknown">veris:actor:internal:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorpartnercountry">actor:partner:country</h3>
<div class="sect3">
<h4 id="_verisactorpartnercountryad">veris:actor:partner:country="AD"</h4>
<div class="paragraph">
<p>Andorra</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryae">veris:actor:partner:country="AE"</h4>
<div class="paragraph">
<p>United Arab Emirates</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryaf">veris:actor:partner:country="AF"</h4>
<div class="paragraph">
<p>Afghanistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryag">veris:actor:partner:country="AG"</h4>
<div class="paragraph">
<p>Antigua and Barbuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryai">veris:actor:partner:country="AI"</h4>
<div class="paragraph">
<p>Anguilla</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryal">veris:actor:partner:country="AL"</h4>
<div class="paragraph">
<p>Albania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryam">veris:actor:partner:country="AM"</h4>
<div class="paragraph">
<p>Armenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryao">veris:actor:partner:country="AO"</h4>
<div class="paragraph">
<p>Angola</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryaq">veris:actor:partner:country="AQ"</h4>
<div class="paragraph">
<p>Antarctica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryar">veris:actor:partner:country="AR"</h4>
<div class="paragraph">
<p>Argentina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryas">veris:actor:partner:country="AS"</h4>
<div class="paragraph">
<p>American Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryat">veris:actor:partner:country="AT"</h4>
<div class="paragraph">
<p>Austria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryau">veris:actor:partner:country="AU"</h4>
<div class="paragraph">
<p>Australia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryaw">veris:actor:partner:country="AW"</h4>
<div class="paragraph">
<p>Aruba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryax">veris:actor:partner:country="AX"</h4>
<div class="paragraph">
<p>Aland Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryaz">veris:actor:partner:country="AZ"</h4>
<div class="paragraph">
<p>Azerbaijan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryba">veris:actor:partner:country="BA"</h4>
<div class="paragraph">
<p>Bosnia and Herzegovina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybb">veris:actor:partner:country="BB"</h4>
<div class="paragraph">
<p>Barbados</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybd">veris:actor:partner:country="BD"</h4>
<div class="paragraph">
<p>Bangladesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybe">veris:actor:partner:country="BE"</h4>
<div class="paragraph">
<p>Belgium</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybf">veris:actor:partner:country="BF"</h4>
<div class="paragraph">
<p>Burkina Faso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybg">veris:actor:partner:country="BG"</h4>
<div class="paragraph">
<p>Bulgaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybh">veris:actor:partner:country="BH"</h4>
<div class="paragraph">
<p>Bahrain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybi">veris:actor:partner:country="BI"</h4>
<div class="paragraph">
<p>Burundi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybj">veris:actor:partner:country="BJ"</h4>
<div class="paragraph">
<p>Benin</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybl">veris:actor:partner:country="BL"</h4>
<div class="paragraph">
<p>Saint-Barthelemy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybm">veris:actor:partner:country="BM"</h4>
<div class="paragraph">
<p>Bermuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybn">veris:actor:partner:country="BN"</h4>
<div class="paragraph">
<p>Brunei Darussalam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybo">veris:actor:partner:country="BO"</h4>
<div class="paragraph">
<p>Bolivia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybq">veris:actor:partner:country="BQ"</h4>
<div class="paragraph">
<p>Bonaire, Saint Eustatius and Saba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybr">veris:actor:partner:country="BR"</h4>
<div class="paragraph">
<p>Brazil</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybs">veris:actor:partner:country="BS"</h4>
<div class="paragraph">
<p>Bahamas</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybt">veris:actor:partner:country="BT"</h4>
<div class="paragraph">
<p>Bhutan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybv">veris:actor:partner:country="BV"</h4>
<div class="paragraph">
<p>Bouvet Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybw">veris:actor:partner:country="BW"</h4>
<div class="paragraph">
<p>Botswana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryby">veris:actor:partner:country="BY"</h4>
<div class="paragraph">
<p>Belarus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrybz">veris:actor:partner:country="BZ"</h4>
<div class="paragraph">
<p>Belize</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryca">veris:actor:partner:country="CA"</h4>
<div class="paragraph">
<p>Canada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycc">veris:actor:partner:country="CC"</h4>
<div class="paragraph">
<p>Cocos (Keeling) Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycd">veris:actor:partner:country="CD"</h4>
<div class="paragraph">
<p>Congo, Democratic Republic of the</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycf">veris:actor:partner:country="CF"</h4>
<div class="paragraph">
<p>Central African Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycg">veris:actor:partner:country="CG"</h4>
<div class="paragraph">
<p>Congo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrych">veris:actor:partner:country="CH"</h4>
<div class="paragraph">
<p>Switzerland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryci">veris:actor:partner:country="CI"</h4>
<div class="paragraph">
<p>Cote d&#8217;Ivoire</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryck">veris:actor:partner:country="CK"</h4>
<div class="paragraph">
<p>Cook Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycl">veris:actor:partner:country="CL"</h4>
<div class="paragraph">
<p>Chile</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycm">veris:actor:partner:country="CM"</h4>
<div class="paragraph">
<p>Cameroon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycn">veris:actor:partner:country="CN"</h4>
<div class="paragraph">
<p>China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryco">veris:actor:partner:country="CO"</h4>
<div class="paragraph">
<p>Colombia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycr">veris:actor:partner:country="CR"</h4>
<div class="paragraph">
<p>Costa Rica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycu">veris:actor:partner:country="CU"</h4>
<div class="paragraph">
<p>Cuba</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycv">veris:actor:partner:country="CV"</h4>
<div class="paragraph">
<p>Cape Verde</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycw">veris:actor:partner:country="CW"</h4>
<div class="paragraph">
<p>Curacao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycx">veris:actor:partner:country="CX"</h4>
<div class="paragraph">
<p>Christmas Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycy">veris:actor:partner:country="CY"</h4>
<div class="paragraph">
<p>Cyprus</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrycz">veris:actor:partner:country="CZ"</h4>
<div class="paragraph">
<p>Czech Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryde">veris:actor:partner:country="DE"</h4>
<div class="paragraph">
<p>Germany</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrydj">veris:actor:partner:country="DJ"</h4>
<div class="paragraph">
<p>Djibouti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrydk">veris:actor:partner:country="DK"</h4>
<div class="paragraph">
<p>Denmark</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrydm">veris:actor:partner:country="DM"</h4>
<div class="paragraph">
<p>Dominica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrydo">veris:actor:partner:country="DO"</h4>
<div class="paragraph">
<p>Dominican Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrydz">veris:actor:partner:country="DZ"</h4>
<div class="paragraph">
<p>Algeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryec">veris:actor:partner:country="EC"</h4>
<div class="paragraph">
<p>Ecuador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryee">veris:actor:partner:country="EE"</h4>
<div class="paragraph">
<p>Estonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryeg">veris:actor:partner:country="EG"</h4>
<div class="paragraph">
<p>Egypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryeh">veris:actor:partner:country="EH"</h4>
<div class="paragraph">
<p>Western Sahara</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryer">veris:actor:partner:country="ER"</h4>
<div class="paragraph">
<p>Eritrea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryes">veris:actor:partner:country="ES"</h4>
<div class="paragraph">
<p>Spain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryet">veris:actor:partner:country="ET"</h4>
<div class="paragraph">
<p>Ethiopia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryfi">veris:actor:partner:country="FI"</h4>
<div class="paragraph">
<p>Finland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryfj">veris:actor:partner:country="FJ"</h4>
<div class="paragraph">
<p>Fiji</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryfk">veris:actor:partner:country="FK"</h4>
<div class="paragraph">
<p>Faeroe Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryfm">veris:actor:partner:country="FM"</h4>
<div class="paragraph">
<p>Micronesia (Federated States of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryfo">veris:actor:partner:country="FO"</h4>
<div class="paragraph">
<p>Falkland Islands (Malvinas)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryfr">veris:actor:partner:country="FR"</h4>
<div class="paragraph">
<p>France</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryga">veris:actor:partner:country="GA"</h4>
<div class="paragraph">
<p>Gabon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygb">veris:actor:partner:country="GB"</h4>
<div class="paragraph">
<p>United Kingdom</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygd">veris:actor:partner:country="GD"</h4>
<div class="paragraph">
<p>Grenada</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryge">veris:actor:partner:country="GE"</h4>
<div class="paragraph">
<p>Georgia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygf">veris:actor:partner:country="GF"</h4>
<div class="paragraph">
<p>French Guiana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygg">veris:actor:partner:country="GG"</h4>
<div class="paragraph">
<p>Guernsey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygh">veris:actor:partner:country="GH"</h4>
<div class="paragraph">
<p>Ghana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygi">veris:actor:partner:country="GI"</h4>
<div class="paragraph">
<p>Gibraltar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygl">veris:actor:partner:country="GL"</h4>
<div class="paragraph">
<p>Greenland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygm">veris:actor:partner:country="GM"</h4>
<div class="paragraph">
<p>Gambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygn">veris:actor:partner:country="GN"</h4>
<div class="paragraph">
<p>Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygp">veris:actor:partner:country="GP"</h4>
<div class="paragraph">
<p>Guadeloupe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygq">veris:actor:partner:country="GQ"</h4>
<div class="paragraph">
<p>Equatorial Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygr">veris:actor:partner:country="GR"</h4>
<div class="paragraph">
<p>Greece</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygs">veris:actor:partner:country="GS"</h4>
<div class="paragraph">
<p>South Georgia and the South Sandwich Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygt">veris:actor:partner:country="GT"</h4>
<div class="paragraph">
<p>Guatemala</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygu">veris:actor:partner:country="GU"</h4>
<div class="paragraph">
<p>Guam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygw">veris:actor:partner:country="GW"</h4>
<div class="paragraph">
<p>Guinea-Bissau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrygy">veris:actor:partner:country="GY"</h4>
<div class="paragraph">
<p>Guyana</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryhk">veris:actor:partner:country="HK"</h4>
<div class="paragraph">
<p>Hong Kong</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryhm">veris:actor:partner:country="HM"</h4>
<div class="paragraph">
<p>Heard Island and McDonal Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryhn">veris:actor:partner:country="HN"</h4>
<div class="paragraph">
<p>Honduras</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryhr">veris:actor:partner:country="HR"</h4>
<div class="paragraph">
<p>Croatia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryht">veris:actor:partner:country="HT"</h4>
<div class="paragraph">
<p>Haiti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryhu">veris:actor:partner:country="HU"</h4>
<div class="paragraph">
<p>Hungary</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryid">veris:actor:partner:country="ID"</h4>
<div class="paragraph">
<p>Indonesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryie">veris:actor:partner:country="IE"</h4>
<div class="paragraph">
<p>Ireland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryil">veris:actor:partner:country="IL"</h4>
<div class="paragraph">
<p>Israel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryim">veris:actor:partner:country="IM"</h4>
<div class="paragraph">
<p>Isle of Man</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryin">veris:actor:partner:country="IN"</h4>
<div class="paragraph">
<p>India</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryio">veris:actor:partner:country="IO"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryiq">veris:actor:partner:country="IQ"</h4>
<div class="paragraph">
<p>Iraq</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryir">veris:actor:partner:country="IR"</h4>
<div class="paragraph">
<p>Iran (Islamic Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryis">veris:actor:partner:country="IS"</h4>
<div class="paragraph">
<p>Iceland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryit">veris:actor:partner:country="IT"</h4>
<div class="paragraph">
<p>Italy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryje">veris:actor:partner:country="JE"</h4>
<div class="paragraph">
<p>Jersey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryjm">veris:actor:partner:country="JM"</h4>
<div class="paragraph">
<p>Jamaica</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryjo">veris:actor:partner:country="JO"</h4>
<div class="paragraph">
<p>Jordan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryjp">veris:actor:partner:country="JP"</h4>
<div class="paragraph">
<p>Japan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryke">veris:actor:partner:country="KE"</h4>
<div class="paragraph">
<p>Kenya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykg">veris:actor:partner:country="KG"</h4>
<div class="paragraph">
<p>Kyrgyzstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykh">veris:actor:partner:country="KH"</h4>
<div class="paragraph">
<p>Cambodia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryki">veris:actor:partner:country="KI"</h4>
<div class="paragraph">
<p>Kiribati</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykm">veris:actor:partner:country="KM"</h4>
<div class="paragraph">
<p>Comoros</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykn">veris:actor:partner:country="KN"</h4>
<div class="paragraph">
<p>Saint Kitts and Nevis</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykp">veris:actor:partner:country="KP"</h4>
<div class="paragraph">
<p>Korea, Democratic People&#8217;s Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykr">veris:actor:partner:country="KR"</h4>
<div class="paragraph">
<p>Korea, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykw">veris:actor:partner:country="KW"</h4>
<div class="paragraph">
<p>Kuwait</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryky">veris:actor:partner:country="KY"</h4>
<div class="paragraph">
<p>Cayman Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrykz">veris:actor:partner:country="KZ"</h4>
<div class="paragraph">
<p>Kazakhstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryla">veris:actor:partner:country="LA"</h4>
<div class="paragraph">
<p>Lao People&#8217;s Democratic Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrylb">veris:actor:partner:country="LB"</h4>
<div class="paragraph">
<p>Lebanon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrylc">veris:actor:partner:country="LC"</h4>
<div class="paragraph">
<p>Saint Lucia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryli">veris:actor:partner:country="LI"</h4>
<div class="paragraph">
<p>Liechtenstein</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrylk">veris:actor:partner:country="LK"</h4>
<div class="paragraph">
<p>Sri Lanka</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrylr">veris:actor:partner:country="LR"</h4>
<div class="paragraph">
<p>Liberia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryls">veris:actor:partner:country="LS"</h4>
<div class="paragraph">
<p>Lesotho</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrylt">veris:actor:partner:country="LT"</h4>
<div class="paragraph">
<p>Lithuania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrylu">veris:actor:partner:country="LU"</h4>
<div class="paragraph">
<p>Luxembourg</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrylv">veris:actor:partner:country="LV"</h4>
<div class="paragraph">
<p>Latvia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryly">veris:actor:partner:country="LY"</h4>
<div class="paragraph">
<p>Libya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryma">veris:actor:partner:country="MA"</h4>
<div class="paragraph">
<p>Morocco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymc">veris:actor:partner:country="MC"</h4>
<div class="paragraph">
<p>Monaco</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymd">veris:actor:partner:country="MD"</h4>
<div class="paragraph">
<p>Moldova, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryme">veris:actor:partner:country="ME"</h4>
<div class="paragraph">
<p>Montenegro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymf">veris:actor:partner:country="MF"</h4>
<div class="paragraph">
<p>Saint Martin (French part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymg">veris:actor:partner:country="MG"</h4>
<div class="paragraph">
<p>Madagascar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymh">veris:actor:partner:country="MH"</h4>
<div class="paragraph">
<p>Marshall Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymk">veris:actor:partner:country="MK"</h4>
<div class="paragraph">
<p>Macedonia, The former Yugoslav Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryml">veris:actor:partner:country="ML"</h4>
<div class="paragraph">
<p>Mali</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymm">veris:actor:partner:country="MM"</h4>
<div class="paragraph">
<p>Myanmar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymn">veris:actor:partner:country="MN"</h4>
<div class="paragraph">
<p>Mongolia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymo">veris:actor:partner:country="MO"</h4>
<div class="paragraph">
<p>Macao</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymp">veris:actor:partner:country="MP"</h4>
<div class="paragraph">
<p>Northern Mariana Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymq">veris:actor:partner:country="MQ"</h4>
<div class="paragraph">
<p>Martinique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymr">veris:actor:partner:country="MR"</h4>
<div class="paragraph">
<p>Mauritania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryms">veris:actor:partner:country="MS"</h4>
<div class="paragraph">
<p>Montserrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymt">veris:actor:partner:country="MT"</h4>
<div class="paragraph">
<p>Malta</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymu">veris:actor:partner:country="MU"</h4>
<div class="paragraph">
<p>Mauritius</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymv">veris:actor:partner:country="MV"</h4>
<div class="paragraph">
<p>Maldives</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymw">veris:actor:partner:country="MW"</h4>
<div class="paragraph">
<p>Malawi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymx">veris:actor:partner:country="MX"</h4>
<div class="paragraph">
<p>Mexico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymy">veris:actor:partner:country="MY"</h4>
<div class="paragraph">
<p>Malaysia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrymz">veris:actor:partner:country="MZ"</h4>
<div class="paragraph">
<p>Mozambique</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryna">veris:actor:partner:country="NA"</h4>
<div class="paragraph">
<p>Namibia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrync">veris:actor:partner:country="NC"</h4>
<div class="paragraph">
<p>New Caledonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryne">veris:actor:partner:country="NE"</h4>
<div class="paragraph">
<p>Niger</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrynf">veris:actor:partner:country="NF"</h4>
<div class="paragraph">
<p>Norfolk Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryng">veris:actor:partner:country="NG"</h4>
<div class="paragraph">
<p>Nigeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryni">veris:actor:partner:country="NI"</h4>
<div class="paragraph">
<p>Nicaragua</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrynl">veris:actor:partner:country="NL"</h4>
<div class="paragraph">
<p>Netherlands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryno">veris:actor:partner:country="NO"</h4>
<div class="paragraph">
<p>Norway</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrynp">veris:actor:partner:country="NP"</h4>
<div class="paragraph">
<p>Nepal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrynr">veris:actor:partner:country="NR"</h4>
<div class="paragraph">
<p>Nauru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrynu">veris:actor:partner:country="NU"</h4>
<div class="paragraph">
<p>Niue</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrynz">veris:actor:partner:country="NZ"</h4>
<div class="paragraph">
<p>New Zealand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryom">veris:actor:partner:country="OM"</h4>
<div class="paragraph">
<p>Oman</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryother">veris:actor:partner:country="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypa">veris:actor:partner:country="PA"</h4>
<div class="paragraph">
<p>Panama</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrype">veris:actor:partner:country="PE"</h4>
<div class="paragraph">
<p>Peru</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypf">veris:actor:partner:country="PF"</h4>
<div class="paragraph">
<p>French Polynesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypg">veris:actor:partner:country="PG"</h4>
<div class="paragraph">
<p>Papua New Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryph">veris:actor:partner:country="PH"</h4>
<div class="paragraph">
<p>Philippines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypk">veris:actor:partner:country="PK"</h4>
<div class="paragraph">
<p>Pakistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypl">veris:actor:partner:country="PL"</h4>
<div class="paragraph">
<p>Poland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypm">veris:actor:partner:country="PM"</h4>
<div class="paragraph">
<p>Saint Pierre and Miquelon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypn">veris:actor:partner:country="PN"</h4>
<div class="paragraph">
<p>Pitcairn</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypr">veris:actor:partner:country="PR"</h4>
<div class="paragraph">
<p>Puerto Rico</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryps">veris:actor:partner:country="PS"</h4>
<div class="paragraph">
<p>Palestinian Territory, Occupied</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypt">veris:actor:partner:country="PT"</h4>
<div class="paragraph">
<p>Portugal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypw">veris:actor:partner:country="PW"</h4>
<div class="paragraph">
<p>Palau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrypy">veris:actor:partner:country="PY"</h4>
<div class="paragraph">
<p>Paraguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryqa">veris:actor:partner:country="QA"</h4>
<div class="paragraph">
<p>Qatar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryre">veris:actor:partner:country="RE"</h4>
<div class="paragraph">
<p>Reunion</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryro">veris:actor:partner:country="RO"</h4>
<div class="paragraph">
<p>Romania</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryrs">veris:actor:partner:country="RS"</h4>
<div class="paragraph">
<p>Serbia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryru">veris:actor:partner:country="RU"</h4>
<div class="paragraph">
<p>Russian Federation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryrw">veris:actor:partner:country="RW"</h4>
<div class="paragraph">
<p>Rwanda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysa">veris:actor:partner:country="SA"</h4>
<div class="paragraph">
<p>Saudi Arabia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysb">veris:actor:partner:country="SB"</h4>
<div class="paragraph">
<p>Solomon Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysc">veris:actor:partner:country="SC"</h4>
<div class="paragraph">
<p>Seychelles</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysd">veris:actor:partner:country="SD"</h4>
<div class="paragraph">
<p>Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryse">veris:actor:partner:country="SE"</h4>
<div class="paragraph">
<p>Sweden</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysg">veris:actor:partner:country="SG"</h4>
<div class="paragraph">
<p>Singapore</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysh">veris:actor:partner:country="SH"</h4>
<div class="paragraph">
<p>Saint Helena</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysi">veris:actor:partner:country="SI"</h4>
<div class="paragraph">
<p>Slovenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysj">veris:actor:partner:country="SJ"</h4>
<div class="paragraph">
<p>Svalbard and Jan Mayen Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysk">veris:actor:partner:country="SK"</h4>
<div class="paragraph">
<p>Slovakia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysl">veris:actor:partner:country="SL"</h4>
<div class="paragraph">
<p>Sierra Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysm">veris:actor:partner:country="SM"</h4>
<div class="paragraph">
<p>San Marino</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysn">veris:actor:partner:country="SN"</h4>
<div class="paragraph">
<p>Senegal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryso">veris:actor:partner:country="SO"</h4>
<div class="paragraph">
<p>Somalia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysr">veris:actor:partner:country="SR"</h4>
<div class="paragraph">
<p>Suriname</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryss">veris:actor:partner:country="SS"</h4>
<div class="paragraph">
<p>South Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryst">veris:actor:partner:country="ST"</h4>
<div class="paragraph">
<p>Sao Tome and Principe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysv">veris:actor:partner:country="SV"</h4>
<div class="paragraph">
<p>El Salvador</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysx">veris:actor:partner:country="SX"</h4>
<div class="paragraph">
<p>Sint Maarten (Dutch part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysy">veris:actor:partner:country="SY"</h4>
<div class="paragraph">
<p>Syrian Arab Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrysz">veris:actor:partner:country="SZ"</h4>
<div class="paragraph">
<p>Swaziland</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytc">veris:actor:partner:country="TC"</h4>
<div class="paragraph">
<p>Turks and Caicos Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytd">veris:actor:partner:country="TD"</h4>
<div class="paragraph">
<p>Chad</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytf">veris:actor:partner:country="TF"</h4>
<div class="paragraph">
<p>French Southern Territories</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytg">veris:actor:partner:country="TG"</h4>
<div class="paragraph">
<p>Togo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryth">veris:actor:partner:country="TH"</h4>
<div class="paragraph">
<p>Thailand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytj">veris:actor:partner:country="TJ"</h4>
<div class="paragraph">
<p>Tajikistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytk">veris:actor:partner:country="TK"</h4>
<div class="paragraph">
<p>Tokelau</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytl">veris:actor:partner:country="TL"</h4>
<div class="paragraph">
<p>Timor-Leste</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytm">veris:actor:partner:country="TM"</h4>
<div class="paragraph">
<p>Turkmenistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytn">veris:actor:partner:country="TN"</h4>
<div class="paragraph">
<p>Tunisia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryto">veris:actor:partner:country="TO"</h4>
<div class="paragraph">
<p>Tonga</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytr">veris:actor:partner:country="TR"</h4>
<div class="paragraph">
<p>Turkey</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytt">veris:actor:partner:country="TT"</h4>
<div class="paragraph">
<p>Trinidad and Tobago</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytv">veris:actor:partner:country="TV"</h4>
<div class="paragraph">
<p>Tuvalu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytw">veris:actor:partner:country="TW"</h4>
<div class="paragraph">
<p>Taiwan, Province of China</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrytz">veris:actor:partner:country="TZ"</h4>
<div class="paragraph">
<p>Tanzania, United Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryua">veris:actor:partner:country="UA"</h4>
<div class="paragraph">
<p>Ukraine</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryug">veris:actor:partner:country="UG"</h4>
<div class="paragraph">
<p>Uganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryum">veris:actor:partner:country="UM"</h4>
<div class="paragraph">
<p>United States Minor Outlying Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryus">veris:actor:partner:country="US"</h4>
<div class="paragraph">
<p>United States of America</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryuy">veris:actor:partner:country="UY"</h4>
<div class="paragraph">
<p>Uruguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryuz">veris:actor:partner:country="UZ"</h4>
<div class="paragraph">
<p>Uzbekistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryunknown">veris:actor:partner:country="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryva">veris:actor:partner:country="VA"</h4>
<div class="paragraph">
<p>Holy See</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryvc">veris:actor:partner:country="VC"</h4>
<div class="paragraph">
<p>Saint Vincent and the Grenadines</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryve">veris:actor:partner:country="VE"</h4>
<div class="paragraph">
<p>Venezuela (Bolivarian Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryvg">veris:actor:partner:country="VG"</h4>
<div class="paragraph">
<p>British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryvi">veris:actor:partner:country="VI"</h4>
<div class="paragraph">
<p>United States Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryvn">veris:actor:partner:country="VN"</h4>
<div class="paragraph">
<p>Viet Nam</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryvu">veris:actor:partner:country="VU"</h4>
<div class="paragraph">
<p>Vanuatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountrywf">veris:actor:partner:country="WF"</h4>
<div class="paragraph">
<p>Wallis and Futuna Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryws">veris:actor:partner:country="WS"</h4>
<div class="paragraph">
<p>Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryye">veris:actor:partner:country="YE"</h4>
<div class="paragraph">
<p>Yemen</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryyt">veris:actor:partner:country="YT"</h4>
<div class="paragraph">
<p>Mayotte</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryza">veris:actor:partner:country="ZA"</h4>
<div class="paragraph">
<p>South Africa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryzm">veris:actor:partner:country="ZM"</h4>
<div class="paragraph">
<p>Zambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnercountryzw">veris:actor:partner:country="ZW"</h4>
<div class="paragraph">
<p>Zimbabwe</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actorpartnermotive">actor:partner:motive</h3>
<div class="sect3">
<h4 id="_verisactorpartnermotiveconvenience">veris:actor:partner:motive="Convenience"</h4>
<div class="paragraph">
<p>Convenience of expediency</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotiveespionage">veris:actor:partner:motive="Espionage"</h4>
<div class="paragraph">
<p>Espionage or competitive advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotivefear">veris:actor:partner:motive="Fear"</h4>
<div class="paragraph">
<p>Fear or duress</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotivefinancial">veris:actor:partner:motive="Financial"</h4>
<div class="paragraph">
<p>Financial or personal gain</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotivefun">veris:actor:partner:motive="Fun"</h4>
<div class="paragraph">
<p>Fun, curiosity, or pride</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotivegrudge">veris:actor:partner:motive="Grudge"</h4>
<div class="paragraph">
<p>Grudge or personal offense</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotiveideology">veris:actor:partner:motive="Ideology"</h4>
<div class="paragraph">
<p>Ideology or protest</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotivena">veris:actor:partner:motive="NA"</h4>
<div class="paragraph">
<p>Not Applicable (unintentional action)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotiveother">veris:actor:partner:motive="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotivesecondary">veris:actor:partner:motive="Secondary"</h4>
<div class="paragraph">
<p>Aid in a different attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisactorpartnermotiveunknown">veris:actor:partner:motive="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_assetassetsvariety">asset:assets:variety</h3>
<div class="sect3">
<h4 id="_verisassetassetsvarietye_other">veris:asset:assets:variety="E - Other"</h4>
<div class="paragraph">
<p>Embedded - Variety known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietye_telematics">veris:asset:assets:variety="E - Telematics"</h4>
<div class="paragraph">
<p>Embedded - A dedicated device that affects the real world</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietye_telemetry">veris:asset:assets:variety="E - Telemetry"</h4>
<div class="paragraph">
<p>Embedded - A dedicated device that collects data about the physical world</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietye_unknown">veris:asset:assets:variety="E - Unknown"</h4>
<div class="paragraph">
<p>Embedded - Variety not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_disk_drive">veris:asset:assets:variety="M - Disk drive"</h4>
<div class="paragraph">
<p>Media - Hard disk drive</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_disk_media">veris:asset:assets:variety="M - Disk media"</h4>
<div class="paragraph">
<p>Media - Disk media (e.g., CDs, DVDs)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_documents">veris:asset:assets:variety="M - Documents"</h4>
<div class="paragraph">
<p>Media - Documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_fax">veris:asset:assets:variety="M - Fax"</h4>
<div class="paragraph">
<p>Media - The output of a fax machine</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_flash_drive">veris:asset:assets:variety="M - Flash drive"</h4>
<div class="paragraph">
<p>Media - Flash drive or card</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_other">veris:asset:assets:variety="M - Other"</h4>
<div class="paragraph">
<p>Media - Variety known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_payment_card">veris:asset:assets:variety="M - Payment card"</h4>
<div class="paragraph">
<p>Media - Payment card (e.g., magstripe, EMV)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_smart_card">veris:asset:assets:variety="M - Smart card"</h4>
<div class="paragraph">
<p>Media - Identity smart card</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_tapes">veris:asset:assets:variety="M - Tapes"</h4>
<div class="paragraph">
<p>Media - Backup tapes</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietym_unknown">veris:asset:assets:variety="M - Unknown"</h4>
<div class="paragraph">
<p>Media - Variety not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_access_reader">veris:asset:assets:variety="N - Access reader"</h4>
<div class="paragraph">
<p>Network - Access control reader (e.g., badge, biometric)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_broadband">veris:asset:assets:variety="N - Broadband"</h4>
<div class="paragraph">
<p>Network - Mobile broadband network</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_camera">veris:asset:assets:variety="N - Camera"</h4>
<div class="paragraph">
<p>Network - Camera or surveillance system</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_firewall">veris:asset:assets:variety="N - Firewall"</h4>
<div class="paragraph">
<p>Network - Firewall</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_hsm">veris:asset:assets:variety="N - HSM"</h4>
<div class="paragraph">
<p>Network - Hardware security module (HSM)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_ids">veris:asset:assets:variety="N - IDS"</h4>
<div class="paragraph">
<p>Network - IDS or IPs</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_lan">veris:asset:assets:variety="N - LAN"</h4>
<div class="paragraph">
<p>Network - Wired LAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_nas">veris:asset:assets:variety="N - NAS"</h4>
<div class="paragraph">
<p>Network - Network area storage (NAS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_other">veris:asset:assets:variety="N - Other"</h4>
<div class="paragraph">
<p>Network - Variety known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_pbx">veris:asset:assets:variety="N - PBX"</h4>
<div class="paragraph">
<p>Network - Private branch exchange (PBX)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_plc">veris:asset:assets:variety="N - PLC"</h4>
<div class="paragraph">
<p>Network - Programmable logic controller (PLC)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_private_wan">veris:asset:assets:variety="N - Private WAN"</h4>
<div class="paragraph">
<p>Network - Private WAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_public_wan">veris:asset:assets:variety="N - Public WAN"</h4>
<div class="paragraph">
<p>Network - Public WAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_rtu">veris:asset:assets:variety="N - RTU"</h4>
<div class="paragraph">
<p>Network - Remote terminal unit (RTU)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_router_or_switch">veris:asset:assets:variety="N - Router or switch"</h4>
<div class="paragraph">
<p>Network - Router or switch</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_san">veris:asset:assets:variety="N - SAN"</h4>
<div class="paragraph">
<p>Network - Storage area network (SAN)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_telephone">veris:asset:assets:variety="N - Telephone"</h4>
<div class="paragraph">
<p>Network - Telephone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_unknown">veris:asset:assets:variety="N - Unknown"</h4>
<div class="paragraph">
<p>Network - Variety not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_voip_adapter">veris:asset:assets:variety="N - VoIP adapter"</h4>
<div class="paragraph">
<p>Network - VoIP adapter</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyn_wlan">veris:asset:assets:variety="N - WLAN"</h4>
<div class="paragraph">
<p>Network - Wireless LAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyother">veris:asset:assets:variety="Other"</h4>
<div class="paragraph">
<p>Asset type known but not User Device, Server, Public Terminal, Server, People, Network, or Media</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_auditor">veris:asset:assets:variety="P - Auditor"</h4>
<div class="paragraph">
<p>People - Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_call_center">veris:asset:assets:variety="P - Call center"</h4>
<div class="paragraph">
<p>People - Call center</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_cashier">veris:asset:assets:variety="P - Cashier"</h4>
<div class="paragraph">
<p>People - Cashier</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_customer">veris:asset:assets:variety="P - Customer"</h4>
<div class="paragraph">
<p>People - Customer</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_developer">veris:asset:assets:variety="P - Developer"</h4>
<div class="paragraph">
<p>People - Developer</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_end_user">veris:asset:assets:variety="P - End-user"</h4>
<div class="paragraph">
<p>People - End-user</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_executive">veris:asset:assets:variety="P - Executive"</h4>
<div class="paragraph">
<p>People - Executive</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_finance">veris:asset:assets:variety="P - Finance"</h4>
<div class="paragraph">
<p>People - Finance</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_former_employee">veris:asset:assets:variety="P - Former employee"</h4>
<div class="paragraph">
<p>People - Former employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_guard">veris:asset:assets:variety="P - Guard"</h4>
<div class="paragraph">
<p>People - Guard</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_helpdesk">veris:asset:assets:variety="P - Helpdesk"</h4>
<div class="paragraph">
<p>People - Helpdesk</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_human_resources">veris:asset:assets:variety="P - Human resources"</h4>
<div class="paragraph">
<p>People - Human resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_maintenance">veris:asset:assets:variety="P - Maintenance"</h4>
<div class="paragraph">
<p>People - Maintenance</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_manager">veris:asset:assets:variety="P - Manager"</h4>
<div class="paragraph">
<p>People - Manager</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_other">veris:asset:assets:variety="P - Other"</h4>
<div class="paragraph">
<p>People - Variety known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_partner">veris:asset:assets:variety="P - Partner"</h4>
<div class="paragraph">
<p>People - Partner</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_system_admin">veris:asset:assets:variety="P - System admin"</h4>
<div class="paragraph">
<p>People - Administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyp_unknown">veris:asset:assets:variety="P - Unknown"</h4>
<div class="paragraph">
<p>People - Variety not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_authentication">veris:asset:assets:variety="S - Authentication"</h4>
<div class="paragraph">
<p>Server - Authentication</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_backup">veris:asset:assets:variety="S - Backup"</h4>
<div class="paragraph">
<p>Server - Backup</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_code_repository">veris:asset:assets:variety="S - Code repository"</h4>
<div class="paragraph">
<p>Server - Code repository</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_configuration_or_patch_management">veris:asset:assets:variety="S - Configuration or patch management"</h4>
<div class="paragraph">
<p>Servers maintaining or deploying configurations or patches to other assets</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_dcs">veris:asset:assets:variety="S - DCS"</h4>
<div class="paragraph">
<p>Server - Distributed control system (DCS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_dhcp">veris:asset:assets:variety="S - DHCP"</h4>
<div class="paragraph">
<p>Server - DHCP</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_dns">veris:asset:assets:variety="S - DNS"</h4>
<div class="paragraph">
<p>Server - DNS</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_database">veris:asset:assets:variety="S - Database"</h4>
<div class="paragraph">
<p>Server - Database</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_directory">veris:asset:assets:variety="S - Directory"</h4>
<div class="paragraph">
<p>Server - Directory (LDAP, AD)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_file">veris:asset:assets:variety="S - File"</h4>
<div class="paragraph">
<p>Server - File</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_ics">veris:asset:assets:variety="S - ICS"</h4>
<div class="paragraph">
<p>Server - Industrial Control System (ICS). Includes Supervisory Control And Data Acquisition (SCADA) systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_log">veris:asset:assets:variety="S - Log"</h4>
<div class="paragraph">
<p>Server - Log or event management</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_mail">veris:asset:assets:variety="S - Mail"</h4>
<div class="paragraph">
<p>Server - Mail</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_mainframe">veris:asset:assets:variety="S - Mainframe"</h4>
<div class="paragraph">
<p>Server - Mainframe</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_other">veris:asset:assets:variety="S - Other"</h4>
<div class="paragraph">
<p>Server - Variety known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_pos_controller">veris:asset:assets:variety="S - POS controller"</h4>
<div class="paragraph">
<p>Server - POS controller</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_payment_switch">veris:asset:assets:variety="S - Payment switch"</h4>
<div class="paragraph">
<p>Server - Payment switch or gateway</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_print">veris:asset:assets:variety="S - Print"</h4>
<div class="paragraph">
<p>Server - Print</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_proxy">veris:asset:assets:variety="S - Proxy"</h4>
<div class="paragraph">
<p>Server - Proxy</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_remote_access">veris:asset:assets:variety="S - Remote access"</h4>
<div class="paragraph">
<p>Server - Remote access</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_unknown">veris:asset:assets:variety="S - Unknown"</h4>
<div class="paragraph">
<p>Server - Variety not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_vm_host">veris:asset:assets:variety="S - VM host"</h4>
<div class="paragraph">
<p>Server - Virtual Host</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietys_web_application">veris:asset:assets:variety="S - Web application"</h4>
<div class="paragraph">
<p>Server - Web application</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyt_atm">veris:asset:assets:variety="T - ATM"</h4>
<div class="paragraph">
<p>Public Terminal - Automated Teller Machine (ATM)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyt_gas_terminal">veris:asset:assets:variety="T - Gas terminal"</h4>
<div class="paragraph">
<p>Public Terminal - Gas "pay-at-the-pump" terminal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyt_kiosk">veris:asset:assets:variety="T - Kiosk"</h4>
<div class="paragraph">
<p>Public Terminal - Self-service kiosk</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyt_other">veris:asset:assets:variety="T - Other"</h4>
<div class="paragraph">
<p>Public Terminal - Variety known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyt_ped_pad">veris:asset:assets:variety="T - PED pad"</h4>
<div class="paragraph">
<p>Public Terminal - Detached PIN pad or card reader</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyt_unknown">veris:asset:assets:variety="T - Unknown"</h4>
<div class="paragraph">
<p>Public Terminal - Variety not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_auth_token">veris:asset:assets:variety="U - Auth token"</h4>
<div class="paragraph">
<p>User Device - Authentication token or device</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_desktop">veris:asset:assets:variety="U - Desktop"</h4>
<div class="paragraph">
<p>User Device - Desktop or workstation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_laptop">veris:asset:assets:variety="U - Laptop"</h4>
<div class="paragraph">
<p>User Device - Laptop</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_media">veris:asset:assets:variety="U - Media"</h4>
<div class="paragraph">
<p>User Device - Media player or recorder</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_mobile_phone">veris:asset:assets:variety="U - Mobile phone"</h4>
<div class="paragraph">
<p>User Device - Mobile phone or smartphone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_other">veris:asset:assets:variety="U - Other"</h4>
<div class="paragraph">
<p>User Device - Variety known but not listed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_pos_terminal">veris:asset:assets:variety="U - POS terminal"</h4>
<div class="paragraph">
<p>User Device - POS terminal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_peripheral">veris:asset:assets:variety="U - Peripheral"</h4>
<div class="paragraph">
<p>User Device - Peripheral (e.g., printer, copier, fax)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_tablet">veris:asset:assets:variety="U - Tablet"</h4>
<div class="paragraph">
<p>User Device - Tablet</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_telephone">veris:asset:assets:variety="U - Telephone"</h4>
<div class="paragraph">
<p>User Device - Telephone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_unknown">veris:asset:assets:variety="U - Unknown"</h4>
<div class="paragraph">
<p>User Device - Variety not known</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyu_voip_phone">veris:asset:assets:variety="U - VoIP phone"</h4>
<div class="paragraph">
<p>User Device - VoIP phone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisassetassetsvarietyunknown">veris:asset:assets:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown type of asset</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attributeavailabilityvariety">attribute:availability:variety</h3>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietyacceleration">veris:attribute:availability:variety="Acceleration"</h4>
<div class="paragraph">
<p>Acceleration</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietydegradation">veris:attribute:availability:variety="Degradation"</h4>
<div class="paragraph">
<p>Performance degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietydestruction">veris:attribute:availability:variety="Destruction"</h4>
<div class="paragraph">
<p>Destruction</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietyinterruption">veris:attribute:availability:variety="Interruption"</h4>
<div class="paragraph">
<p>Interruption</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietyloss">veris:attribute:availability:variety="Loss"</h4>
<div class="paragraph">
<p>Loss</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietyobscuration">veris:attribute:availability:variety="Obscuration"</h4>
<div class="paragraph">
<p>Conversion or obscuration</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietyother">veris:attribute:availability:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilityvarietyunknown">veris:attribute:availability:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attributeconfidentialitydata_disclosure">attribute:confidentiality:data_disclosure</h3>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_disclosureno">veris:attribute:confidentiality:data_disclosure="No"</h4>
<div class="paragraph">
<p>No</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_disclosurepotentially">veris:attribute:confidentiality:data_disclosure="Potentially"</h4>
<div class="paragraph">
<p>Potentially (at risk)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_disclosureunknown">veris:attribute:confidentiality:data_disclosure="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_disclosureyes">veris:attribute:confidentiality:data_disclosure="Yes"</h4>
<div class="paragraph">
<p>Yes (confirmed)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attributeconfidentialitydata_victim">attribute:confidentiality:data_victim</h3>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_victimcustomer">veris:attribute:confidentiality:data_victim="Customer"</h4>
<div class="paragraph">
<p>Customer</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_victimemployee">veris:attribute:confidentiality:data_victim="Employee"</h4>
<div class="paragraph">
<p>Employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_victimother">veris:attribute:confidentiality:data_victim="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_victimpartner">veris:attribute:confidentiality:data_victim="Partner"</h4>
<div class="paragraph">
<p>Partner</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_victimpatient">veris:attribute:confidentiality:data_victim="Patient"</h4>
<div class="paragraph">
<p>Patient</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_victimstudent">veris:attribute:confidentiality:data_victim="Student"</h4>
<div class="paragraph">
<p>Student</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydata_victimunknown">veris:attribute:confidentiality:data_victim="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attributeconfidentialitystate">attribute:confidentiality:state</h3>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystateother">veris:attribute:confidentiality:state="Other"</h4>
<div class="paragraph">
<p>Data state known but not listed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystateprinted">veris:attribute:confidentiality:state="Printed"</h4>
<div class="paragraph">
<p>Data printed in human-readable format</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystateprocessed">veris:attribute:confidentiality:state="Processed"</h4>
<div class="paragraph">
<p>Processed</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystatestored">veris:attribute:confidentiality:state="Stored"</h4>
<div class="paragraph">
<p>Stored</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystatestored_encrypted">veris:attribute:confidentiality:state="Stored encrypted"</h4>
<div class="paragraph">
<p>Stored encrypted</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystatestored_unencrypted">veris:attribute:confidentiality:state="Stored unencrypted"</h4>
<div class="paragraph">
<p>Stored unencrypted</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystatetransmitted">veris:attribute:confidentiality:state="Transmitted"</h4>
<div class="paragraph">
<p>Transmitted</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystatetransmitted_encrypted">veris:attribute:confidentiality:state="Transmitted encrypted"</h4>
<div class="paragraph">
<p>Transmitted encrypted</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystatetransmitted_unencrypted">veris:attribute:confidentiality:state="Transmitted unencrypted"</h4>
<div class="paragraph">
<p>Transmitted unencrypted</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitystateunknown">veris:attribute:confidentiality:state="Unknown"</h4>
<div class="paragraph">
<p>Data stat not known</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attributeintegrityvariety">attribute:integrity:variety</h3>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietyalter_behavior">veris:attribute:integrity:variety="Alter behavior"</h4>
<div class="paragraph">
<p>Influence or alter human behavior</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietycreated_account">veris:attribute:integrity:variety="Created account"</h4>
<div class="paragraph">
<p>Created new user account</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietydefacement">veris:attribute:integrity:variety="Defacement"</h4>
<div class="paragraph">
<p>Deface content</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietyfraudulent_transaction">veris:attribute:integrity:variety="Fraudulent transaction"</h4>
<div class="paragraph">
<p>Initiate fraudulent transaction</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietyhardware_tampering">veris:attribute:integrity:variety="Hardware tampering"</h4>
<div class="paragraph">
<p>Hardware tampering or physical alteration</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietylog_tampering">veris:attribute:integrity:variety="Log tampering"</h4>
<div class="paragraph">
<p>Log tampering or modification</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietymisrepresentation">veris:attribute:integrity:variety="Misrepresentation"</h4>
<div class="paragraph">
<p>Misrepresentation</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietymodify_configuration">veris:attribute:integrity:variety="Modify configuration"</h4>
<div class="paragraph">
<p>Modified configuration or services</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietymodify_data">veris:attribute:integrity:variety="Modify data"</h4>
<div class="paragraph">
<p>Modified stored data or content</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietymodify_privileges">veris:attribute:integrity:variety="Modify privileges"</h4>
<div class="paragraph">
<p>Modified privileges or permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietyother">veris:attribute:integrity:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietyrepurpose">veris:attribute:integrity:variety="Repurpose"</h4>
<div class="paragraph">
<p>Repurposed asset for unauthorized function</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietysoftware_installation">veris:attribute:integrity:variety="Software installation"</h4>
<div class="paragraph">
<p>Software installation or code modification</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeintegrityvarietyunknown">veris:attribute:integrity:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impactlossrating">impact:loss:rating</h3>
<div class="sect3">
<h4 id="_verisimpactlossratingmajor">veris:impact:loss:rating="Major"</h4>
<div class="paragraph">
<p>Major</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossratingminor">veris:impact:loss:rating="Minor"</h4>
<div class="paragraph">
<p>Minor</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossratingmoderate">veris:impact:loss:rating="Moderate"</h4>
<div class="paragraph">
<p>Moderate</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossratingnone">veris:impact:loss:rating="None"</h4>
<div class="paragraph">
<p>None</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossratingunknown">veris:impact:loss:rating="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impactlossvariety">impact:loss:variety</h3>
<div class="sect3">
<h4 id="_verisimpactlossvarietyasset_and_fraud">veris:impact:loss:variety="Asset and fraud"</h4>
<div class="paragraph">
<p>Asset and fraud-related losses</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossvarietybrand_damage">veris:impact:loss:variety="Brand damage"</h4>
<div class="paragraph">
<p>Brand and market damage</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossvarietybusiness_disruption">veris:impact:loss:variety="Business disruption"</h4>
<div class="paragraph">
<p>Business disruption</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossvarietycompetitive_advantage">veris:impact:loss:variety="Competitive advantage"</h4>
<div class="paragraph">
<p>Loss of competitive advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossvarietylegal_and_regulatory">veris:impact:loss:variety="Legal and regulatory"</h4>
<div class="paragraph">
<p>Legal and regulatory costs</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossvarietyoperating_costs">veris:impact:loss:variety="Operating costs"</h4>
<div class="paragraph">
<p>Increased operating costs</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossvarietyother">veris:impact:loss:variety="Other"</h4>
<div class="paragraph">
<p>Impact variety known but not listed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisimpactlossvarietyresponse_and_recovery">veris:impact:loss:variety="Response and recovery"</h4>
<div class="paragraph">
<p>Response and recovery costs</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_timelinecompromiseunit">timeline:compromise:unit</h3>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitdays">veris:timeline:compromise:unit="Days"</h4>
<div class="paragraph">
<p>Days</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunithours">veris:timeline:compromise:unit="Hours"</h4>
<div class="paragraph">
<p>Hours</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitminutes">veris:timeline:compromise:unit="Minutes"</h4>
<div class="paragraph">
<p>Minutes</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitmonths">veris:timeline:compromise:unit="Months"</h4>
<div class="paragraph">
<p>Months</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitna">veris:timeline:compromise:unit="NA"</h4>
<div class="paragraph">
<p>Compromise does not apply in the context of the security event.</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitnever">veris:timeline:compromise:unit="Never"</h4>
<div class="paragraph">
<p>Never</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitseconds">veris:timeline:compromise:unit="Seconds"</h4>
<div class="paragraph">
<p>Seconds</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitunknown">veris:timeline:compromise:unit="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunitweeks">veris:timeline:compromise:unit="Weeks"</h4>
<div class="paragraph">
<p>Weeks</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecompromiseunityears">veris:timeline:compromise:unit="Years"</h4>
<div class="paragraph">
<p>Years</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_timelinecontainmentunit">timeline:containment:unit</h3>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitdays">veris:timeline:containment:unit="Days"</h4>
<div class="paragraph">
<p>Days</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunithours">veris:timeline:containment:unit="Hours"</h4>
<div class="paragraph">
<p>Hours</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitminutes">veris:timeline:containment:unit="Minutes"</h4>
<div class="paragraph">
<p>Minutes</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitmonths">veris:timeline:containment:unit="Months"</h4>
<div class="paragraph">
<p>Months</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitna">veris:timeline:containment:unit="NA"</h4>
<div class="paragraph">
<p>Containment does not apply in the context of the security event.</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitnever">veris:timeline:containment:unit="Never"</h4>
<div class="paragraph">
<p>Never</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitseconds">veris:timeline:containment:unit="Seconds"</h4>
<div class="paragraph">
<p>Seconds</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitunknown">veris:timeline:containment:unit="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunitweeks">veris:timeline:containment:unit="Weeks"</h4>
<div class="paragraph">
<p>Weeks</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinecontainmentunityears">veris:timeline:containment:unit="Years"</h4>
<div class="paragraph">
<p>Years</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_timelinediscoveryunit">timeline:discovery:unit</h3>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitdays">veris:timeline:discovery:unit="Days"</h4>
<div class="paragraph">
<p>Days</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunithours">veris:timeline:discovery:unit="Hours"</h4>
<div class="paragraph">
<p>Hours</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitminutes">veris:timeline:discovery:unit="Minutes"</h4>
<div class="paragraph">
<p>Minutes</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitmonths">veris:timeline:discovery:unit="Months"</h4>
<div class="paragraph">
<p>Months</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitna">veris:timeline:discovery:unit="NA"</h4>
<div class="paragraph">
<p>Discovery does not apply in the context of the security event.</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitnever">veris:timeline:discovery:unit="Never"</h4>
<div class="paragraph">
<p>Never</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitseconds">veris:timeline:discovery:unit="Seconds"</h4>
<div class="paragraph">
<p>Seconds</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitunknown">veris:timeline:discovery:unit="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunitweeks">veris:timeline:discovery:unit="Weeks"</h4>
<div class="paragraph">
<p>Weeks</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelinediscoveryunityears">veris:timeline:discovery:unit="Years"</h4>
<div class="paragraph">
<p>Years</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_timelineexfiltrationunit">timeline:exfiltration:unit</h3>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitdays">veris:timeline:exfiltration:unit="Days"</h4>
<div class="paragraph">
<p>Days</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunithours">veris:timeline:exfiltration:unit="Hours"</h4>
<div class="paragraph">
<p>Hours</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitminutes">veris:timeline:exfiltration:unit="Minutes"</h4>
<div class="paragraph">
<p>Minutes</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitmonths">veris:timeline:exfiltration:unit="Months"</h4>
<div class="paragraph">
<p>Months</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitna">veris:timeline:exfiltration:unit="NA"</h4>
<div class="paragraph">
<p>Exfiltration does not apply in the context of the security event.</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitnever">veris:timeline:exfiltration:unit="Never"</h4>
<div class="paragraph">
<p>Never</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitseconds">veris:timeline:exfiltration:unit="Seconds"</h4>
<div class="paragraph">
<p>Seconds</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitunknown">veris:timeline:exfiltration:unit="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunitweeks">veris:timeline:exfiltration:unit="Weeks"</h4>
<div class="paragraph">
<p>Weeks</p>
</div>
</div>
<div class="sect3">
<h4 id="_veristimelineexfiltrationunityears">veris:timeline:exfiltration:unit="Years"</h4>
<div class="paragraph">
<p>Years</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_victimrevenueiso_currency_code">victim:revenue:iso_currency_code</h3>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeaed">veris:victim:revenue:iso_currency_code="AED"</h4>
<div class="paragraph">
<p>AED - UAE Dirham</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeafn">veris:victim:revenue:iso_currency_code="AFN"</h4>
<div class="paragraph">
<p>AFN - Afghani</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeall">veris:victim:revenue:iso_currency_code="ALL"</h4>
<div class="paragraph">
<p>ALL - Lek</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeamd">veris:victim:revenue:iso_currency_code="AMD"</h4>
<div class="paragraph">
<p>AMD - Armenian Dram</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeang">veris:victim:revenue:iso_currency_code="ANG"</h4>
<div class="paragraph">
<p>ANG - Netherlands Antillean Guilder</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeaoa">veris:victim:revenue:iso_currency_code="AOA"</h4>
<div class="paragraph">
<p>AOA - Kwanza</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codears">veris:victim:revenue:iso_currency_code="ARS"</h4>
<div class="paragraph">
<p>ARS - Argentine Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeaud">veris:victim:revenue:iso_currency_code="AUD"</h4>
<div class="paragraph">
<p>AUD - Australian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeawg">veris:victim:revenue:iso_currency_code="AWG"</h4>
<div class="paragraph">
<p>AWG - Aruban Florin</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeazn">veris:victim:revenue:iso_currency_code="AZN"</h4>
<div class="paragraph">
<p>AZN - Azerbaijanian Manat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebam">veris:victim:revenue:iso_currency_code="BAM"</h4>
<div class="paragraph">
<p>BAM - Convertible Mark</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebbd">veris:victim:revenue:iso_currency_code="BBD"</h4>
<div class="paragraph">
<p>BBD - Barbados Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebdt">veris:victim:revenue:iso_currency_code="BDT"</h4>
<div class="paragraph">
<p>BDT - Taka</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebgn">veris:victim:revenue:iso_currency_code="BGN"</h4>
<div class="paragraph">
<p>BGN - Bulgarian Lev</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebhd">veris:victim:revenue:iso_currency_code="BHD"</h4>
<div class="paragraph">
<p>BHD - Bahraini Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebif">veris:victim:revenue:iso_currency_code="BIF"</h4>
<div class="paragraph">
<p>BIF - Burundi Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebmd">veris:victim:revenue:iso_currency_code="BMD"</h4>
<div class="paragraph">
<p>BMD - Bermudian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebnd">veris:victim:revenue:iso_currency_code="BND"</h4>
<div class="paragraph">
<p>BND - Brunei Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebob">veris:victim:revenue:iso_currency_code="BOB"</h4>
<div class="paragraph">
<p>BOB - Boliviano</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebrl">veris:victim:revenue:iso_currency_code="BRL"</h4>
<div class="paragraph">
<p>BRL - Brazilian Real</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebsd">veris:victim:revenue:iso_currency_code="BSD"</h4>
<div class="paragraph">
<p>BSD - Bahamian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebtn">veris:victim:revenue:iso_currency_code="BTN"</h4>
<div class="paragraph">
<p>BTN - Ngultrum</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebwp">veris:victim:revenue:iso_currency_code="BWP"</h4>
<div class="paragraph">
<p>BWP - Pula</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebyr">veris:victim:revenue:iso_currency_code="BYR"</h4>
<div class="paragraph">
<p>BYR - Belarussian Ruble</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codebzd">veris:victim:revenue:iso_currency_code="BZD"</h4>
<div class="paragraph">
<p>BZD - Belize Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecad">veris:victim:revenue:iso_currency_code="CAD"</h4>
<div class="paragraph">
<p>CAD - Canadian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecdf">veris:victim:revenue:iso_currency_code="CDF"</h4>
<div class="paragraph">
<p>CDF - Congolese Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codechf">veris:victim:revenue:iso_currency_code="CHF"</h4>
<div class="paragraph">
<p>CHF - Swiss Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeclp">veris:victim:revenue:iso_currency_code="CLP"</h4>
<div class="paragraph">
<p>CLP - Chilean Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecny">veris:victim:revenue:iso_currency_code="CNY"</h4>
<div class="paragraph">
<p>CNY - Yuan Renminbi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecop">veris:victim:revenue:iso_currency_code="COP"</h4>
<div class="paragraph">
<p>COP - Colombian Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecrc">veris:victim:revenue:iso_currency_code="CRC"</h4>
<div class="paragraph">
<p>CRC - Costa Rican Colon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecuc">veris:victim:revenue:iso_currency_code="CUC"</h4>
<div class="paragraph">
<p>CUC - Peso Convertible</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecup">veris:victim:revenue:iso_currency_code="CUP"</h4>
<div class="paragraph">
<p>CUP - Cuban Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codecve">veris:victim:revenue:iso_currency_code="CVE"</h4>
<div class="paragraph">
<p>CVE - Cape Verde Escudo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeczk">veris:victim:revenue:iso_currency_code="CZK"</h4>
<div class="paragraph">
<p>CZK - Czech Koruna</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codedjf">veris:victim:revenue:iso_currency_code="DJF"</h4>
<div class="paragraph">
<p>DJF - Djibouti Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codedkk">veris:victim:revenue:iso_currency_code="DKK"</h4>
<div class="paragraph">
<p>DKK - Danish Krone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codedop">veris:victim:revenue:iso_currency_code="DOP"</h4>
<div class="paragraph">
<p>DOP - Dominican Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codedzd">veris:victim:revenue:iso_currency_code="DZD"</h4>
<div class="paragraph">
<p>DZD - Algerian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeegp">veris:victim:revenue:iso_currency_code="EGP"</h4>
<div class="paragraph">
<p>EGP - Egyptian Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeern">veris:victim:revenue:iso_currency_code="ERN"</h4>
<div class="paragraph">
<p>ERN - Nakfa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeetb">veris:victim:revenue:iso_currency_code="ETB"</h4>
<div class="paragraph">
<p>ETB - Ethiopian Birr</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeeur">veris:victim:revenue:iso_currency_code="EUR"</h4>
<div class="paragraph">
<p>EUR - Euro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codefjd">veris:victim:revenue:iso_currency_code="FJD"</h4>
<div class="paragraph">
<p>FJD - Fiji Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codefkp">veris:victim:revenue:iso_currency_code="FKP"</h4>
<div class="paragraph">
<p>FKP - Falkland Islands Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codegbp">veris:victim:revenue:iso_currency_code="GBP"</h4>
<div class="paragraph">
<p>GBP - Pound Sterling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codegel">veris:victim:revenue:iso_currency_code="GEL"</h4>
<div class="paragraph">
<p>GEL - Lari</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeggp">veris:victim:revenue:iso_currency_code="GGP"</h4>
<div class="paragraph">
<p>GGP - Guernsey pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeghs">veris:victim:revenue:iso_currency_code="GHS"</h4>
<div class="paragraph">
<p>GHS - Ghana Cedi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codegip">veris:victim:revenue:iso_currency_code="GIP"</h4>
<div class="paragraph">
<p>GIP - Gibraltar Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codegmd">veris:victim:revenue:iso_currency_code="GMD"</h4>
<div class="paragraph">
<p>GMD - Dalasi</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codegnf">veris:victim:revenue:iso_currency_code="GNF"</h4>
<div class="paragraph">
<p>GNF - Guinea Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codegtq">veris:victim:revenue:iso_currency_code="GTQ"</h4>
<div class="paragraph">
<p>GTQ - Quetzal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codegyd">veris:victim:revenue:iso_currency_code="GYD"</h4>
<div class="paragraph">
<p>GYD - Guyana Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codehkd">veris:victim:revenue:iso_currency_code="HKD"</h4>
<div class="paragraph">
<p>HKD - Hong Kong Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codehnl">veris:victim:revenue:iso_currency_code="HNL"</h4>
<div class="paragraph">
<p>HNL - Lempira</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codehrk">veris:victim:revenue:iso_currency_code="HRK"</h4>
<div class="paragraph">
<p>HRK - Croatian Kuna</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codehtg">veris:victim:revenue:iso_currency_code="HTG"</h4>
<div class="paragraph">
<p>HTG - Gourde</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codehuf">veris:victim:revenue:iso_currency_code="HUF"</h4>
<div class="paragraph">
<p>HUF - Forint</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeidr">veris:victim:revenue:iso_currency_code="IDR"</h4>
<div class="paragraph">
<p>IDR - Rupiah</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeils">veris:victim:revenue:iso_currency_code="ILS"</h4>
<div class="paragraph">
<p>ILS - New Israeli Sheqel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeimp">veris:victim:revenue:iso_currency_code="IMP"</h4>
<div class="paragraph">
<p>IMP - Isle of Man Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeinr">veris:victim:revenue:iso_currency_code="INR"</h4>
<div class="paragraph">
<p>INR - Indian Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeiqd">veris:victim:revenue:iso_currency_code="IQD"</h4>
<div class="paragraph">
<p>IQD - Iraqi Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeirr">veris:victim:revenue:iso_currency_code="IRR"</h4>
<div class="paragraph">
<p>IRR - Iranian Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeisk">veris:victim:revenue:iso_currency_code="ISK"</h4>
<div class="paragraph">
<p>ISK - Iceland Krona</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codejep">veris:victim:revenue:iso_currency_code="JEP"</h4>
<div class="paragraph">
<p>JEP - Jersey pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codejmd">veris:victim:revenue:iso_currency_code="JMD"</h4>
<div class="paragraph">
<p>JMD - Jamaican Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codejod">veris:victim:revenue:iso_currency_code="JOD"</h4>
<div class="paragraph">
<p>JOD - Jordanian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codejpy">veris:victim:revenue:iso_currency_code="JPY"</h4>
<div class="paragraph">
<p>JPY - Yen</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekes">veris:victim:revenue:iso_currency_code="KES"</h4>
<div class="paragraph">
<p>KES - Kenyan Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekgs">veris:victim:revenue:iso_currency_code="KGS"</h4>
<div class="paragraph">
<p>KGS - Som</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekhr">veris:victim:revenue:iso_currency_code="KHR"</h4>
<div class="paragraph">
<p>KHR - Riel</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekmf">veris:victim:revenue:iso_currency_code="KMF"</h4>
<div class="paragraph">
<p>KMF - Comoro Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekpw">veris:victim:revenue:iso_currency_code="KPW"</h4>
<div class="paragraph">
<p>KPW - North Korean Won</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekrw">veris:victim:revenue:iso_currency_code="KRW"</h4>
<div class="paragraph">
<p>KRW - South Korean Won</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekwd">veris:victim:revenue:iso_currency_code="KWD"</h4>
<div class="paragraph">
<p>KWD - Kuwaiti Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekyd">veris:victim:revenue:iso_currency_code="KYD"</h4>
<div class="paragraph">
<p>KYD - Cayman Islands Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codekzt">veris:victim:revenue:iso_currency_code="KZT"</h4>
<div class="paragraph">
<p>KZT - Tenge</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codelak">veris:victim:revenue:iso_currency_code="LAK"</h4>
<div class="paragraph">
<p>LAK - Kip</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codelbp">veris:victim:revenue:iso_currency_code="LBP"</h4>
<div class="paragraph">
<p>LBP - Lebanese Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codelkr">veris:victim:revenue:iso_currency_code="LKR"</h4>
<div class="paragraph">
<p>LKR - Sri Lanka Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codelrd">veris:victim:revenue:iso_currency_code="LRD"</h4>
<div class="paragraph">
<p>LRD - Liberian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codelsl">veris:victim:revenue:iso_currency_code="LSL"</h4>
<div class="paragraph">
<p>LSL - Loti</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeltl">veris:victim:revenue:iso_currency_code="LTL"</h4>
<div class="paragraph">
<p>LTL - Lithuanian Litas</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codelvl">veris:victim:revenue:iso_currency_code="LVL"</h4>
<div class="paragraph">
<p>LVL - Latvian Lats</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codelyd">veris:victim:revenue:iso_currency_code="LYD"</h4>
<div class="paragraph">
<p>LYD - Libyan Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemad">veris:victim:revenue:iso_currency_code="MAD"</h4>
<div class="paragraph">
<p>MAD - Moroccan Dirham</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemdl">veris:victim:revenue:iso_currency_code="MDL"</h4>
<div class="paragraph">
<p>MDL - Moldovan Leu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemga">veris:victim:revenue:iso_currency_code="MGA"</h4>
<div class="paragraph">
<p>MGA - Malagasy Ariary</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemkd">veris:victim:revenue:iso_currency_code="MKD"</h4>
<div class="paragraph">
<p>MKD - Denar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemmk">veris:victim:revenue:iso_currency_code="MMK"</h4>
<div class="paragraph">
<p>MMK - Kyat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemnt">veris:victim:revenue:iso_currency_code="MNT"</h4>
<div class="paragraph">
<p>MNT - Tugrik</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemop">veris:victim:revenue:iso_currency_code="MOP"</h4>
<div class="paragraph">
<p>MOP - Pataca</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemro">veris:victim:revenue:iso_currency_code="MRO"</h4>
<div class="paragraph">
<p>MRO - Ouguiya</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemur">veris:victim:revenue:iso_currency_code="MUR"</h4>
<div class="paragraph">
<p>MUR - Mauritius Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemvr">veris:victim:revenue:iso_currency_code="MVR"</h4>
<div class="paragraph">
<p>MVR - Rufiyaa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemwk">veris:victim:revenue:iso_currency_code="MWK"</h4>
<div class="paragraph">
<p>MWK - Kwacha</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemxn">veris:victim:revenue:iso_currency_code="MXN"</h4>
<div class="paragraph">
<p>MXN - Mexican Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemyr">veris:victim:revenue:iso_currency_code="MYR"</h4>
<div class="paragraph">
<p>MYR - Malaysian Ringgit</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codemzn">veris:victim:revenue:iso_currency_code="MZN"</h4>
<div class="paragraph">
<p>MZN - Mozambique Metical</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codenad">veris:victim:revenue:iso_currency_code="NAD"</h4>
<div class="paragraph">
<p>NAD - Namibia Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codengn">veris:victim:revenue:iso_currency_code="NGN"</h4>
<div class="paragraph">
<p>NGN - Naira</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codenio">veris:victim:revenue:iso_currency_code="NIO"</h4>
<div class="paragraph">
<p>NIO - Cordoba Oro</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codenok">veris:victim:revenue:iso_currency_code="NOK"</h4>
<div class="paragraph">
<p>NOK - Norwegian Krone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codenpr">veris:victim:revenue:iso_currency_code="NPR"</h4>
<div class="paragraph">
<p>NPR - Nepalese Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codenzd">veris:victim:revenue:iso_currency_code="NZD"</h4>
<div class="paragraph">
<p>NZD - New Zealand Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeomr">veris:victim:revenue:iso_currency_code="OMR"</h4>
<div class="paragraph">
<p>OMR - Rial Omani</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codepab">veris:victim:revenue:iso_currency_code="PAB"</h4>
<div class="paragraph">
<p>PAB - Balboa</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codepen">veris:victim:revenue:iso_currency_code="PEN"</h4>
<div class="paragraph">
<p>PEN - Nuevo Sol</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codepgk">veris:victim:revenue:iso_currency_code="PGK"</h4>
<div class="paragraph">
<p>PGK - Kina</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codephp">veris:victim:revenue:iso_currency_code="PHP"</h4>
<div class="paragraph">
<p>PHP - Philippine Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codepkr">veris:victim:revenue:iso_currency_code="PKR"</h4>
<div class="paragraph">
<p>PKR - Pakistan Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codepln">veris:victim:revenue:iso_currency_code="PLN"</h4>
<div class="paragraph">
<p>PLN - Zloty</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codepyg">veris:victim:revenue:iso_currency_code="PYG"</h4>
<div class="paragraph">
<p>PYG - Guarani</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeqar">veris:victim:revenue:iso_currency_code="QAR"</h4>
<div class="paragraph">
<p>QAR - Qatari Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_coderon">veris:victim:revenue:iso_currency_code="RON"</h4>
<div class="paragraph">
<p>RON - New Romanian Leu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codersd">veris:victim:revenue:iso_currency_code="RSD"</h4>
<div class="paragraph">
<p>RSD - Serbian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_coderub">veris:victim:revenue:iso_currency_code="RUB"</h4>
<div class="paragraph">
<p>RUB - Russian Ruble</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_coderwf">veris:victim:revenue:iso_currency_code="RWF"</h4>
<div class="paragraph">
<p>RWF - Rwanda Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesar">veris:victim:revenue:iso_currency_code="SAR"</h4>
<div class="paragraph">
<p>SAR - Saudi Riyal</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesbd">veris:victim:revenue:iso_currency_code="SBD"</h4>
<div class="paragraph">
<p>SBD - Solomon Islands Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codescr">veris:victim:revenue:iso_currency_code="SCR"</h4>
<div class="paragraph">
<p>SCR - Seychelles Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesdg">veris:victim:revenue:iso_currency_code="SDG"</h4>
<div class="paragraph">
<p>SDG - Sudanese Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesek">veris:victim:revenue:iso_currency_code="SEK"</h4>
<div class="paragraph">
<p>SEK - Swedish Krona</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesgd">veris:victim:revenue:iso_currency_code="SGD"</h4>
<div class="paragraph">
<p>SGD - Singapore Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeshp">veris:victim:revenue:iso_currency_code="SHP"</h4>
<div class="paragraph">
<p>SHP - Saint Helena Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesll">veris:victim:revenue:iso_currency_code="SLL"</h4>
<div class="paragraph">
<p>SLL - Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesos">veris:victim:revenue:iso_currency_code="SOS"</h4>
<div class="paragraph">
<p>SOS - Somali Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codespl">veris:victim:revenue:iso_currency_code="SPL"</h4>
<div class="paragraph">
<p>SPL - Seborga Luigino</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesrd">veris:victim:revenue:iso_currency_code="SRD"</h4>
<div class="paragraph">
<p>SRD - Surinam Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codestd">veris:victim:revenue:iso_currency_code="STD"</h4>
<div class="paragraph">
<p>STD - Dobra</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesvc">veris:victim:revenue:iso_currency_code="SVC"</h4>
<div class="paragraph">
<p>SVC - El Salvador Colon</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codesyp">veris:victim:revenue:iso_currency_code="SYP"</h4>
<div class="paragraph">
<p>SYP - Syrian Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeszl">veris:victim:revenue:iso_currency_code="SZL"</h4>
<div class="paragraph">
<p>SZL - Lilangeni</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codethb">veris:victim:revenue:iso_currency_code="THB"</h4>
<div class="paragraph">
<p>THB - Baht</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetjs">veris:victim:revenue:iso_currency_code="TJS"</h4>
<div class="paragraph">
<p>TJS - Somoni</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetmt">veris:victim:revenue:iso_currency_code="TMT"</h4>
<div class="paragraph">
<p>TMT - Turkmenistan New Manat</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetnd">veris:victim:revenue:iso_currency_code="TND"</h4>
<div class="paragraph">
<p>TND - Tunisian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetop">veris:victim:revenue:iso_currency_code="TOP"</h4>
<div class="paragraph">
<p>TOP - Pa&#8217;anga</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetry">veris:victim:revenue:iso_currency_code="TRY"</h4>
<div class="paragraph">
<p>TRY - Turkish Lira</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codettd">veris:victim:revenue:iso_currency_code="TTD"</h4>
<div class="paragraph">
<p>TTD - Trinidad and Tobago Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetvd">veris:victim:revenue:iso_currency_code="TVD"</h4>
<div class="paragraph">
<p>TVD - Tuvalu Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetwd">veris:victim:revenue:iso_currency_code="TWD"</h4>
<div class="paragraph">
<p>TWD - New Taiwan Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codetzs">veris:victim:revenue:iso_currency_code="TZS"</h4>
<div class="paragraph">
<p>TZS - Tanzanian Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeuah">veris:victim:revenue:iso_currency_code="UAH"</h4>
<div class="paragraph">
<p>UAH - Hryvnia</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeugx">veris:victim:revenue:iso_currency_code="UGX"</h4>
<div class="paragraph">
<p>UGX - Uganda Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeusd">veris:victim:revenue:iso_currency_code="USD"</h4>
<div class="paragraph">
<p>USD - US Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeuyu">veris:victim:revenue:iso_currency_code="UYU"</h4>
<div class="paragraph">
<p>UYU - Peso Uruguayo</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeuzs">veris:victim:revenue:iso_currency_code="UZS"</h4>
<div class="paragraph">
<p>UZS - Uzbekistan Sum</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codevef">veris:victim:revenue:iso_currency_code="VEF"</h4>
<div class="paragraph">
<p>VEF - Bolivar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codevnd">veris:victim:revenue:iso_currency_code="VND"</h4>
<div class="paragraph">
<p>VND - Dong</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codevuv">veris:victim:revenue:iso_currency_code="VUV"</h4>
<div class="paragraph">
<p>VUV - Vatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codewst">veris:victim:revenue:iso_currency_code="WST"</h4>
<div class="paragraph">
<p>WST - Tala</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codexaf">veris:victim:revenue:iso_currency_code="XAF"</h4>
<div class="paragraph">
<p>XAF - CFA Franc BEAC</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codexcd">veris:victim:revenue:iso_currency_code="XCD"</h4>
<div class="paragraph">
<p>XCD - East Caribbean Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codexdr">veris:victim:revenue:iso_currency_code="XDR"</h4>
<div class="paragraph">
<p>XDR - SDR (Special Drawing Right)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codexof">veris:victim:revenue:iso_currency_code="XOF"</h4>
<div class="paragraph">
<p>XOF - CFA Franc BCEAO</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codexpf">veris:victim:revenue:iso_currency_code="XPF"</h4>
<div class="paragraph">
<p>XPF - CFP Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codeyer">veris:victim:revenue:iso_currency_code="YER"</h4>
<div class="paragraph">
<p>YER - Yemeni Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codezar">veris:victim:revenue:iso_currency_code="ZAR"</h4>
<div class="paragraph">
<p>ZAR - South African Rand</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codezmk">veris:victim:revenue:iso_currency_code="ZMK"</h4>
<div class="paragraph">
<p>ZMK - Zambian Kwacha</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisvictimrevenueiso_currency_codezwd">veris:victim:revenue:iso_currency_code="ZWD"</h4>
<div class="paragraph">
<p>ZWD - Zimbabwean Dollar A/06</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attributeavailabilitydurationunit">attribute:availability:duration:unit</h3>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitdays">veris:attribute:availability:duration:unit="Days"</h4>
<div class="paragraph">
<p>Days</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunithours">veris:attribute:availability:duration:unit="Hours"</h4>
<div class="paragraph">
<p>Hours</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitminutes">veris:attribute:availability:duration:unit="Minutes"</h4>
<div class="paragraph">
<p>Minutes</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitmonths">veris:attribute:availability:duration:unit="Months"</h4>
<div class="paragraph">
<p>Months</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitna">veris:attribute:availability:duration:unit="NA"</h4>
<div class="paragraph">
<p>NA</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitnever">veris:attribute:availability:duration:unit="Never"</h4>
<div class="paragraph">
<p>Never</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitseconds">veris:attribute:availability:duration:unit="Seconds"</h4>
<div class="paragraph">
<p>Seconds</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitunknown">veris:attribute:availability:duration:unit="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunitweeks">veris:attribute:availability:duration:unit="Weeks"</h4>
<div class="paragraph">
<p>Weeks</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeavailabilitydurationunityears">veris:attribute:availability:duration:unit="Years"</h4>
<div class="paragraph">
<p>Years</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attributeconfidentialitydatavariety">attribute:confidentiality:data:variety</h3>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietybank">veris:attribute:confidentiality:data:variety="Bank"</h4>
<div class="paragraph">
<p>Bank account data</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietyclassified">veris:attribute:confidentiality:data:variety="Classified"</h4>
<div class="paragraph">
<p>Classified information</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietycopyrighted">veris:attribute:confidentiality:data:variety="Copyrighted"</h4>
<div class="paragraph">
<p>Copyrighted material</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietycredentials">veris:attribute:confidentiality:data:variety="Credentials"</h4>
<div class="paragraph">
<p>Authentication credentials (e.g., pwds, OTPs, biometrics)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietydigital_certificate">veris:attribute:confidentiality:data:variety="Digital certificate"</h4>
<div class="paragraph">
<p>Digital certificate</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietyinternal">veris:attribute:confidentiality:data:variety="Internal"</h4>
<div class="paragraph">
<p>Sensitive internal data (e.g., plans, reports, emails)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietymedical">veris:attribute:confidentiality:data:variety="Medical"</h4>
<div class="paragraph">
<p>Medical records</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietyother">veris:attribute:confidentiality:data:variety="Other"</h4>
<div class="paragraph">
<p>Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietypayment">veris:attribute:confidentiality:data:variety="Payment"</h4>
<div class="paragraph">
<p>Payment card data (e.g., PAN, PIN, CVV2, Expiration)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietypersonal">veris:attribute:confidentiality:data:variety="Personal"</h4>
<div class="paragraph">
<p>Personal or identifying information (e.g., addr, ID#, credit score)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietysecrets">veris:attribute:confidentiality:data:variety="Secrets"</h4>
<div class="paragraph">
<p>Trade secrets</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietysource_code">veris:attribute:confidentiality:data:variety="Source code"</h4>
<div class="paragraph">
<p>Source code</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietysystem">veris:attribute:confidentiality:data:variety="System"</h4>
<div class="paragraph">
<p>System information (e.g., config info, open services)</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietyunknown">veris:attribute:confidentiality:data:variety="Unknown"</h4>
<div class="paragraph">
<p>Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_verisattributeconfidentialitydatavarietyvirtual_currency">veris:attribute:confidentiality:data:variety="Virtual currency"</h4>
<div class="paragraph">
<p>Virtual currency</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_vmray">vmray</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
vmray namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/vmray/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>VMRay taxonomies to map VMRay Thread Identifier scores and artifacts.</p>
</div>
<div class="sect2">
<h3 id="_verdict">verdict</h3>
<div class="sect3">
<h4 id="_vmrayverdictmalicious">vmray:verdict="malicious"</h4>
<div class="paragraph">
<p>Malicious</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayverdictsuspicious">vmray:verdict="suspicious"</h4>
<div class="paragraph">
<p>Suspicious</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayverdictclean">vmray:verdict="clean"</h4>
<div class="paragraph">
<p>Clean</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayverdictna">vmray:verdict="n/a"</h4>
<div class="paragraph">
<p>N/A</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vti_analysis_score">vti_analysis_score</h3>
<div class="sect3">
<h4 id="_vmrayvti_analysis_score_15">vmray:vti_analysis_score="-1/5"</h4>
<div class="paragraph">
<p>-1/5</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayvti_analysis_score15">vmray:vti_analysis_score="1/5"</h4>
<div class="paragraph">
<p>1/5</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayvti_analysis_score25">vmray:vti_analysis_score="2/5"</h4>
<div class="paragraph">
<p>2/5</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayvti_analysis_score35">vmray:vti_analysis_score="3/5"</h4>
<div class="paragraph">
<p>3/5</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayvti_analysis_score45">vmray:vti_analysis_score="4/5"</h4>
<div class="paragraph">
<p>4/5</p>
</div>
</div>
<div class="sect3">
<h4 id="_vmrayvti_analysis_score55">vmray:vti_analysis_score="5/5"</h4>
<div class="paragraph">
<p>5/5</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_artifact">artifact</h3>
<div class="sect3">
<h4 id="_vmrayartifactioc">vmray:artifact="ioc"</h4>
<div class="paragraph">
<p>is IOC</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_vocabulaire_des_probabilites_estimatives">vocabulaire-des-probabilites-estimatives</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
vocabulaire-des-probabilites-estimatives namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/vocabulaire-des-probabilites-estimatives/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Ce vocabulaire attribue des valeurs en pourcentage à certains énoncés de probabilité</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect2">
<h3 id="_degré_de_probabilité">degré-de-probabilité</h3>
<div class="paragraph">
<p>Le tableau suivant attribue des valeurs en pourcentage à certains énoncés de probabilité. Les pourcentages sont tirés de louvrage de Sherman Kent intitulé « Words of Estimative Probability » publié par le Centre for the Study of Intelligence de la CIA en 1964. 0% exprime une impossibilité et 100% exprime une certitude.</p>
</div>
<div class="sect3">
<h4 id="_vocabulaire_des_probabilites_estimativesdegré_de_probabilitépresque_aucune_chance">vocabulaire-des-probabilites-estimatives:degré-de-probabilité="presque-aucune-chance"</h4>
<div class="paragraph">
<p>Presque aucune chance - Quasi impossible Presque impossible Minces chances Très douteux Très peu probable Très improbable Improbable Peu de chances - 7 % (marge derreur denviron 5 %)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="7"</p>
</div>
</div>
<div class="sect3">
<h4 id="_vocabulaire_des_probabilites_estimativesdegré_de_probabilitéprobablement_pas">vocabulaire-des-probabilites-estimatives:degré-de-probabilité="probablement-pas"</h4>
<div class="paragraph">
<p>Probablement pas - Invraisemblable Peu probable - 30 % (marge derreur denviron 10 %)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="30"</p>
</div>
</div>
<div class="sect3">
<h4 id="_vocabulaire_des_probabilites_estimativesdegré_de_probabilitéchances_à_peu_près_egales">vocabulaire-des-probabilites-estimatives:degré-de-probabilité="chances-à-peu-près-egales"</h4>
<div class="paragraph">
<p>Chances à peu près égales - une chance sur deux - 50% (marge derreur denviron 10 %)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="50"</p>
</div>
</div>
<div class="sect3">
<h4 id="_vocabulaire_des_probabilites_estimativesdegré_de_probabilitéprobable">vocabulaire-des-probabilites-estimatives:degré-de-probabilité="probable"</h4>
<div class="paragraph">
<p>Probable - Vraisemblable Probable - 75 % (marge derreur denviron 12 %)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="75"</p>
</div>
</div>
<div class="sect3">
<h4 id="_vocabulaire_des_probabilites_estimativesdegré_de_probabilitéquasi_certaine">vocabulaire-des-probabilites-estimatives:degré-de-probabilité="quasi-certaine"</h4>
<div class="paragraph">
<p>Quasi certaine - Certain Presque certain Très probable - 93% (marge derreur denviron 6 %)</p>
</div>
<div class="paragraph">
<p>Associated numerical value="93"</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_workflow">workflow</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
workflow namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/workflow/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.</p>
</div>
<div class="sect2">
<h3 id="_todo">todo</h3>
<div class="paragraph">
<p>Todo are the actions to be performed by one or more analyst(s) to apply cognitive methods, evaluation(s), weightening information, to validate hypothesis or complete additional tasks to improve the overall information or data being tagged with a todo.</p>
</div>
<div class="sect3">
<h4 id="_workflowtodoexpansion">workflow:todo="expansion"</h4>
<div class="paragraph">
<p>Expansion need to be applied to expand the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview">workflow:todo="review"</h4>
<div class="paragraph">
<p>Additional review is required to reach a certain level of validation of the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_for_privacy">workflow:todo="review-for-privacy"</h4>
<div class="paragraph">
<p>Additional review is required to ensure privacy of the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_before_publication">workflow:todo="review-before-publication"</h4>
<div class="paragraph">
<p>Review is required before publishing the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodorelease_requested">workflow:todo="release-requested"</h4>
<div class="paragraph">
<p>Release of the information tagged is requested (often after the review process</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_for_false_positive">workflow:todo="review-for-false-positive"</h4>
<div class="paragraph">
<p>Review the the information tagged to limit the number of false-positives and potentially remove any IDS/automation flag to avoid automation of the false-positives</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_the_source_credibility">workflow:todo="review-the-source-credibility"</h4>
<div class="paragraph">
<p>Review the source credibility and add the corresponding marking like admiralty-scale on the origin</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoadd_missing_misp_galaxy_cluster_values">workflow:todo="add-missing-misp-galaxy-cluster-values"</h4>
<div class="paragraph">
<p>Add potential MISP galaxy cluster values missing about the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodocreate_missing_misp_galaxy_cluster">workflow:todo="create-missing-misp-galaxy-cluster"</h4>
<div class="paragraph">
<p>Create missing MISP galaxy cluster about the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodocreate_missing_misp_galaxy_cluster_relationship">workflow:todo="create-missing-misp-galaxy-cluster-relationship"</h4>
<div class="paragraph">
<p>create missing MISP galaxy cluster relationships (e.g. relationships between MISP clusters)</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodocreate_missing_misp_galaxy">workflow:todo="create-missing-misp-galaxy"</h4>
<div class="paragraph">
<p>Create missing MISP galaxy at large about the information tagged (e.g. a new category of malware or activity)</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodocreate_missing_relationship">workflow:todo="create-missing-relationship"</h4>
<div class="paragraph">
<p>Create missing relationship about the information tagged (e.g. create new relationship between MISP objects)</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoadd_context">workflow:todo="add-context"</h4>
<div class="paragraph">
<p>Add contextual information about the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoadd_tagging">workflow:todo="add-tagging"</h4>
<div class="paragraph">
<p>Add adequate tagging and classification about the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodocheck_passive_dns_for_shared_hosting">workflow:todo="check-passive-dns-for-shared-hosting"</h4>
<div class="paragraph">
<p>Check Passive DNS (or similar techniques) to review if the information tagged is used within shared hosting</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_classification">workflow:todo="review-classification"</h4>
<div class="paragraph">
<p>Review the classification of the information tagged to ensure adequate marking of the information before publication</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_the_grammar">workflow:todo="review-the-grammar"</h4>
<div class="paragraph">
<p>Review the grammar of the information tagged to improve the overall quality</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtododo_not_delete">workflow:todo="do-not-delete"</h4>
<div class="paragraph">
<p>Element that should not be deleted (without asking)</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoadd_mitre_attack_cluster">workflow:todo="add-mitre-attack-cluster"</h4>
<div class="paragraph">
<p>Describe cyber adversary behavior using MITRE ATT&amp;CK</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoadditional_task">workflow:todo="additional-task"</h4>
<div class="paragraph">
<p>Used to point an additional task that can not be describe by the rest of the taxonomy and need to be done</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodocreate_event">workflow:todo="create-event"</h4>
<div class="paragraph">
<p>A new MISP event need to be created from the tag reference</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodopreserve_evidence">workflow:todo="preserve-evidence"</h4>
<div class="paragraph">
<p>Preseve evidence mentioned in the information tagged</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_state_2">state</h3>
<div class="paragraph">
<p>State are the different states of the information or data being tagged.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_workflowstateincomplete">workflow:state="incomplete"</h4>
<div class="paragraph">
<p>Incomplete means that the information tagged is incomplete and has potential to be completed by other analysts, technical processes or the current analysts performing the analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowstatecomplete">workflow:state="complete"</h4>
<div class="paragraph">
<p>Complete means that the information tagged reach a state of completeness with the current capabilities of the analyst.</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowstatedraft">workflow:state="draft"</h4>
<div class="paragraph">
<p>Draft means the information tagged can be released as a preliminary version or outline.</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowstateongoing">workflow:state="ongoing"</h4>
<div class="paragraph">
<p>Analyst is currently working on this analysis. To remove when there is no more work to be done by the analyst.</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowstaterejected">workflow:state="rejected"</h4>
<div class="paragraph">
<p>Analyst rejected the process. The object will not reach state of completeness.</p>
</div>
</div>
</div>
</div>
</div>
<h1 id="_mapping_of_taxonomies" class="sect0">Mapping of taxonomies</h1>
<div class="paragraph">
<p>Analysts relying on taxonomies don&#8217;t always know the appropriate namespace to use but know which value to use for classification. The MISP mapping taxonomy allows to map a single classification into a series of machine-tag synonyms.</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 1. Mapping table - <strong>Adware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Adware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Adware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Adware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Adware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 2. Mapping table - <strong>Brute Force</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Brute Force</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusion-attempts="brute-force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Brute force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:brute-force-attempt</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="brute-force"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 3. Mapping table - <strong>DDoS</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">DDoS</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:availability="dos"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:availability="ddos"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:vulnerable="ddos-amplifier"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:availability="ddos"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:availability="dos-ddos"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="DDoS"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="denial-of-service"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="denial-of-service"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 4. Mapping table - <strong>Downloader</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Downloader</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Downloader"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Downloader"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 5. Mapping table - <strong>Remote Access Tool</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Remote Access Tool</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="remote-access-tool"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="RemoteAccess"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 6. Mapping table - <strong>SQLi</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">SQLi</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="sql-injection"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="SQL injection"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:hacking:variety="SQLi"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="web-application-attacks-injection-attacks-code-injection-SQL-XSS"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:sql-injection</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 7. Mapping table - <strong>Spyware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Spyware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Spyware/Keylogger"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Spyware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Spyware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="spyware-or-deceptive-adware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 8. Mapping table - <strong>Trojan</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Trojan</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Trojan"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Trojan"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="trojan"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 9. Mapping table - <strong>Virus</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Virus</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Virus"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Virus"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="virus"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 10. Mapping table - <strong>Worm</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Worm</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Worm"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Worm"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Worm"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="worm"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 11. Mapping table - <strong>backdoor</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">backdoor</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusions="backdoor"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Backdoor"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Backdoor"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 12. Mapping table - <strong>brute force</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">brute force</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:intrusion-attempts="brute-force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusion-attempts="brute-force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Brute force"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:brute-force-attempt</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="brute-force"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 13. Mapping table - <strong>c&amp;c</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">c&amp;c</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:malicious-code="c2-server"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="c&amp;c"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:malware="c&amp;c"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:c&amp;c-server-hosting</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="C2"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 14. Mapping table - <strong>content</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">content</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:abusive-content="harmful-speech"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:abusive-content="violence"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:fraud="copyright"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:fraud="masquerade"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 15. Mapping table - <strong>exploit</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">exploit</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:intrusion-attempts="exploit"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Exploit vuln"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:intrusion-attempts="exploit"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:exploit</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:intrusion="exploitation-vulnerability"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Exploit"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 16. Mapping table - <strong>malware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:malicious-code="malware-distribution"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:malicious-code="malware-configuration"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="malware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="malware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 17. Mapping table - <strong>other</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">other</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:other="other"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 18. Mapping table - <strong>phishing</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">phishing</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:fraud="phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:fraud="phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:social:variety="Phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:information-gathering="phishing"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="phishing-attacks"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 19. Mapping table - <strong>ransomware</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ransomware</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:malicious-code="ransomware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="ransomware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Ransomware"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ms-caro-malware:malware-type="Ransom"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Ransomware"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 20. Mapping table - <strong>rootkit</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rootkit</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Rootkit"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="rootkits"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">malware_classification:malware-category="Rootkit"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 21. Mapping table - <strong>scan</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">scan</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:information-gathering="scanner"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="scan"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:information-gathering="scanner"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:information-gathering="scanning"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 22. Mapping table - <strong>scan network</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">scan network</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Scan network"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:network-scanning</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 23. Mapping table - <strong>spam</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">spam</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:abusive-content="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ecsirt:abusive-content="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">enisa:nefarious-activity-abuse="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:spam</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-incident:abusive-content="spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:malware:variety="Spam"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">veris:action:social:variety="Spam"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 24. Mapping table - <strong>test</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">test</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">rsit:test="test"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 25. Mapping table - <strong>tlp-amber</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-amber</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:amber</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="AMBER"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 26. Mapping table - <strong>tlp-green</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-green</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:green</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="GREEN"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 27. Mapping table - <strong>tlp-red</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-red</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:red</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="RED"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 28. Mapping table - <strong>tlp-white</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp-white</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">tlp:white</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">iep:traffic-light-protocol="WHITE"</p></td>
</tr>
</tbody>
</table>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 29. Mapping table - <strong>xss</strong></caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">xss</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">circl:incident-classification="XSS"</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">europol-event:xss</p></td>
</tr>
</tbody>
</table>
</div>
<div id="footer">
<div id="footer-text">
<<<<<<< HEAD
Last updated 2022-01-29 12:11:29 +0100
=======
Last updated 2022-01-22 18:22:56 +0100
>>>>>>> 8602637883151a6aa0bac81666a4fd64eaf0df99
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink