MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-website/taxonomies.html

16850 lines
659 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor 1.5.4">
<title>MISP taxonomies and classification as machine tags</title>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
<style>
/* Asciidoctor default stylesheet | MIT License | http://asciidoctor.org */
/* Remove comment around @import statement below when using as a custom stylesheet */
/*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700";*/
article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}
audio,canvas,video{display:inline-block}
audio:not([controls]){display:none;height:0}
[hidden],template{display:none}
script{display:none!important}
html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}
body{margin:0}
a{background:transparent}
a:focus{outline:thin dotted}
a:active,a:hover{outline:0}
h1{font-size:2em;margin:.67em 0}
abbr[title]{border-bottom:1px dotted}
b,strong{font-weight:bold}
dfn{font-style:italic}
hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}
mark{background:#ff0;color:#000}
code,kbd,pre,samp{font-family:monospace;font-size:1em}
pre{white-space:pre-wrap}
q{quotes:"\201C" "\201D" "\2018" "\2019"}
small{font-size:80%}
sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
sup{top:-.5em}
sub{bottom:-.25em}
img{border:0}
svg:not(:root){overflow:hidden}
figure{margin:0}
fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
legend{border:0;padding:0}
button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
button,input{line-height:normal}
button,select{text-transform:none}
button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}
button[disabled],html input[disabled]{cursor:default}
input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}
input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}
input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}
button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
textarea{overflow:auto;vertical-align:top}
table{border-collapse:collapse;border-spacing:0}
*,*:before,*:after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}
html,body{font-size:100%}
body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto}
a:hover{cursor:pointer}
img,object,embed{max-width:100%;height:auto}
object,embed{height:100%}
img{-ms-interpolation-mode:bicubic}
.left{float:left!important}
.right{float:right!important}
.text-left{text-align:left!important}
.text-right{text-align:right!important}
.text-center{text-align:center!important}
.text-justify{text-align:justify!important}
.hide{display:none}
body{-webkit-font-smoothing:antialiased}
img,object,svg{display:inline-block;vertical-align:middle}
textarea{height:auto;min-height:50px}
select{width:100%}
.center{margin-left:auto;margin-right:auto}
.spread{width:100%}
p.lead,.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{font-size:1.21875em;line-height:1.6}
.subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr}
a{color:#2156a5;text-decoration:underline;line-height:inherit}
a:hover,a:focus{color:#1d4b8f}
a img{border:none}
p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
p aside{font-size:.875em;line-height:1.35;font-style:italic}
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
h1{font-size:2.125em}
h2{font-size:1.6875em}
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
h4,h5{font-size:1.125em}
h6{font-size:1em}
hr{border:solid #ddddd8;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0}
em,i{font-style:italic;line-height:inherit}
strong,b{font-weight:bold;line-height:inherit}
small{font-size:60%;line-height:inherit}
code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
ul,ol,ul.no-bullet,ol.no-bullet{margin-left:1.5em}
ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em}
ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
ul.square{list-style-type:square}
ul.circle{list-style-type:circle}
ul.disc{list-style-type:disc}
ul.no-bullet{list-style:none}
ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
dl dt{margin-bottom:.3125em;font-weight:bold}
dl dd{margin-bottom:1.25em}
abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help}
abbr{text-transform:none}
blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)}
blockquote cite:before{content:"\2014 \0020"}
blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)}
blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
@media only screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
h1{font-size:2.75em}
h2{font-size:2.3125em}
h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
h4{font-size:1.4375em}}
table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede}
table thead,table tfoot{background:#f7f8f7;font-weight:bold}
table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
table tr.even,table tr.alt,table tr:nth-of-type(even){background:#f8f8f7}
table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6}
body{tab-size:4}
h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
.clearfix:before,.clearfix:after,.float-group:before,.float-group:after{content:" ";display:table}
.clearfix:after,.float-group:after{clear:both}
*:not(pre)>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background-color:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed}
pre,pre>code{line-height:1.45;color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;text-rendering:optimizeSpeed}
.keyseq{color:rgba(51,51,51,.8)}
kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background-color:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
.keyseq kbd:first-child{margin-left:0}
.keyseq kbd:last-child{margin-right:0}
.menuseq,.menu{color:rgba(0,0,0,.8)}
b.button:before,b.button:after{position:relative;top:-1px;font-weight:400}
b.button:before{content:"[";padding:0 3px 0 2px}
b.button:after{content:"]";padding:0 2px 0 3px}
p a>code:hover{color:rgba(0,0,0,.9)}
#header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
#header:before,#header:after,#content:before,#content:after,#footnotes:before,#footnotes:after,#footer:before,#footer:after{content:" ";display:table}
#header:after,#content:after,#footnotes:after,#footer:after{clear:both}
#content{margin-top:1.25em}
#content:before{content:none}
#header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
#header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #ddddd8}
#header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #ddddd8;padding-bottom:8px}
#header .details{border-bottom:1px solid #ddddd8;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap}
#header .details span:first-child{margin-left:-.125em}
#header .details span.email a{color:rgba(0,0,0,.85)}
#header .details br{display:none}
#header .details br+span:before{content:"\00a0\2013\00a0"}
#header .details br+span.author:before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
#header .details br+span#revremark:before{content:"\00a0|\00a0"}
#header #revnumber{text-transform:capitalize}
#header #revnumber:after{content:"\00a0"}
#content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #ddddd8;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
#toc{border-bottom:1px solid #efefed;padding-bottom:.5em}
#toc>ul{margin-left:.125em}
#toc ul.sectlevel0>li>a{font-style:italic}
#toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
#toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
#toc li{line-height:1.3334;margin-top:.3334em}
#toc a{text-decoration:none}
#toc a:active{text-decoration:underline}
#toctitle{color:#7a2518;font-size:1.2em}
@media only screen and (min-width:768px){#toctitle{font-size:1.375em}
body.toc2{padding-left:15em;padding-right:0}
#toc.toc2{margin-top:0!important;background-color:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #efefed;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
#toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
#toc.toc2>ul{font-size:.9em;margin-bottom:0}
#toc.toc2 ul ul{margin-left:0;padding-left:1em}
#toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
body.toc2.toc-right{padding-left:0;padding-right:15em}
body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #efefed;left:auto;right:0}}
@media only screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
#toc.toc2{width:20em}
#toc.toc2 #toctitle{font-size:1.375em}
#toc.toc2>ul{font-size:.95em}
#toc.toc2 ul ul{padding-left:1.25em}
body.toc2.toc-right{padding-left:0;padding-right:20em}}
#content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
#content #toc>:first-child{margin-top:0}
#content #toc>:last-child{margin-bottom:0}
#footer{max-width:100%;background-color:rgba(0,0,0,.8);padding:1.25em}
#footer-text{color:rgba(255,255,255,.8);line-height:1.44}
.sect1{padding-bottom:.625em}
@media only screen and (min-width:768px){.sect1{padding-bottom:1.25em}}
.sect1+.sect1{border-top:1px solid #efefed}
#content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
#content h1>a.anchor:before,h2>a.anchor:before,h3>a.anchor:before,#toctitle>a.anchor:before,.sidebarblock>.content>.title>a.anchor:before,h4>a.anchor:before,h5>a.anchor:before,h6>a.anchor:before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
#content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
#content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
#content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
table.tableblock>caption.title{white-space:nowrap;overflow:visible;max-width:0}
.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{color:rgba(0,0,0,.85)}
table.tableblock #preamble>.sectionbody>.paragraph:first-of-type p{font-size:inherit}
.admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
.admonitionblock>table td.icon{text-align:center;width:80px}
.admonitionblock>table td.icon img{max-width:none}
.admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
.admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #ddddd8;color:rgba(0,0,0,.6)}
.admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
.exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px}
.exampleblock>.content>:first-child{margin-top:0}
.exampleblock>.content>:last-child{margin-bottom:0}
.sidebarblock{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
.sidebarblock>:first-child{margin-top:0}
.sidebarblock>:last-child{margin-bottom:0}
.sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
.exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
.literalblock pre,.listingblock pre:not(.highlight),.listingblock pre[class="highlight"],.listingblock pre[class^="highlight "],.listingblock pre.CodeRay,.listingblock pre.prettyprint{background:#f7f7f8}
.sidebarblock .literalblock pre,.sidebarblock .listingblock pre:not(.highlight),.sidebarblock .listingblock pre[class="highlight"],.sidebarblock .listingblock pre[class^="highlight "],.sidebarblock .listingblock pre.CodeRay,.sidebarblock .listingblock pre.prettyprint{background:#f2f1f1}
.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;padding:1em;font-size:.8125em}
.literalblock pre.nowrap,.literalblock pre[class].nowrap,.listingblock pre.nowrap,.listingblock pre[class].nowrap{overflow-x:auto;white-space:pre;word-wrap:normal}
@media only screen and (min-width:768px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:.90625em}}
@media only screen and (min-width:1280px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:1em}}
.literalblock.output pre{color:#f7f7f8;background-color:rgba(0,0,0,.9)}
.listingblock pre.highlightjs{padding:0}
.listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px}
.listingblock pre.prettyprint{border-width:0}
.listingblock>.content{position:relative}
.listingblock code[data-lang]:before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:#999}
.listingblock:hover code[data-lang]:before{display:block}
.listingblock.terminal pre .command:before{content:attr(data-prompt);padding-right:.5em;color:#999}
.listingblock.terminal pre .command:not([data-prompt]):before{content:"$"}
table.pyhltable{border-collapse:separate;border:0;margin-bottom:0;background:none}
table.pyhltable td{vertical-align:top;padding-top:0;padding-bottom:0;line-height:1.45}
table.pyhltable td.code{padding-left:.75em;padding-right:0}
pre.pygments .lineno,table.pyhltable td:not(.code){color:#999;padding-left:0;padding-right:.5em;border-right:1px solid #ddddd8}
pre.pygments .lineno{display:inline-block;margin-right:.25em}
table.pyhltable .linenodiv{background:none!important;padding-right:0!important}
.quoteblock{margin:0 1em 1.25em 1.5em;display:table}
.quoteblock>.title{margin-left:-1.5em;margin-bottom:.75em}
.quoteblock blockquote,.quoteblock blockquote p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
.quoteblock blockquote{margin:0;padding:0;border:0}
.quoteblock blockquote:before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
.quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
.quoteblock .attribution{margin-top:.5em;margin-right:.5ex;text-align:right}
.quoteblock .quoteblock{margin-left:0;margin-right:0;padding:.5em 0;border-left:3px solid rgba(0,0,0,.6)}
.quoteblock .quoteblock blockquote{padding:0 0 0 .75em}
.quoteblock .quoteblock blockquote:before{display:none}
.verseblock{margin:0 1em 1.25em 1em}
.verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
.verseblock pre strong{font-weight:400}
.verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
.quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
.quoteblock .attribution br,.verseblock .attribution br{display:none}
.quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
.quoteblock.abstract{margin:0 0 1.25em 0;display:block}
.quoteblock.abstract blockquote,.quoteblock.abstract blockquote p{text-align:left;word-spacing:0}
.quoteblock.abstract blockquote:before,.quoteblock.abstract blockquote p:first-of-type:before{display:none}
table.tableblock{max-width:100%;border-collapse:separate}
table.tableblock td>.paragraph:last-child p>p:last-child,table.tableblock th>p:last-child,table.tableblock td>p:last-child{margin-bottom:0}
table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
table.grid-all th.tableblock,table.grid-all td.tableblock{border-width:0 1px 1px 0}
table.grid-all tfoot>tr>th.tableblock,table.grid-all tfoot>tr>td.tableblock{border-width:1px 1px 0 0}
table.grid-cols th.tableblock,table.grid-cols td.tableblock{border-width:0 1px 0 0}
table.grid-all *>tr>.tableblock:last-child,table.grid-cols *>tr>.tableblock:last-child{border-right-width:0}
table.grid-rows th.tableblock,table.grid-rows td.tableblock{border-width:0 0 1px 0}
table.grid-all tbody>tr:last-child>th.tableblock,table.grid-all tbody>tr:last-child>td.tableblock,table.grid-all thead:last-child>tr>th.tableblock,table.grid-rows tbody>tr:last-child>th.tableblock,table.grid-rows tbody>tr:last-child>td.tableblock,table.grid-rows thead:last-child>tr>th.tableblock{border-bottom-width:0}
table.grid-rows tfoot>tr>th.tableblock,table.grid-rows tfoot>tr>td.tableblock{border-width:1px 0 0 0}
table.frame-all{border-width:1px}
table.frame-sides{border-width:0 1px}
table.frame-topbot{border-width:1px 0}
th.halign-left,td.halign-left{text-align:left}
th.halign-right,td.halign-right{text-align:right}
th.halign-center,td.halign-center{text-align:center}
th.valign-top,td.valign-top{vertical-align:top}
th.valign-bottom,td.valign-bottom{vertical-align:bottom}
th.valign-middle,td.valign-middle{vertical-align:middle}
table thead th,table tfoot th{font-weight:bold}
tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7}
tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
p.tableblock>code:only-child{background:none;padding:0}
p.tableblock{font-size:1em}
td>div.verse{white-space:pre}
ol{margin-left:1.75em}
ul li ol{margin-left:1.5em}
dl dd{margin-left:1.125em}
dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
ul.unstyled,ol.unnumbered,ul.checklist,ul.none{list-style-type:none}
ul.unstyled,ol.unnumbered,ul.checklist{margin-left:.625em}
ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1em;font-size:.85em}
ul.checklist li>p:first-child>input[type="checkbox"]:first-child{width:1em;position:relative;top:1px}
ul.inline{margin:0 auto .625em auto;margin-left:-1.375em;margin-right:0;padding:0;list-style:none;overflow:hidden}
ul.inline>li{list-style:none;float:left;margin-left:1.375em;display:block}
ul.inline>li>*{display:block}
.unstyled dl dt{font-weight:400;font-style:normal}
ol.arabic{list-style-type:decimal}
ol.decimal{list-style-type:decimal-leading-zero}
ol.loweralpha{list-style-type:lower-alpha}
ol.upperalpha{list-style-type:upper-alpha}
ol.lowerroman{list-style-type:lower-roman}
ol.upperroman{list-style-type:upper-roman}
ol.lowergreek{list-style-type:lower-greek}
.hdlist>table,.colist>table{border:0;background:none}
.hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
td.hdlist1{font-weight:bold;padding-bottom:1.25em}
.literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
.colist>table tr>td:first-of-type{padding:0 .75em;line-height:1}
.colist>table tr>td:last-of-type{padding:.25em 0}
.thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd}
.imageblock.left,.imageblock[style*="float: left"]{margin:.25em .625em 1.25em 0}
.imageblock.right,.imageblock[style*="float: right"]{margin:.25em 0 1.25em .625em}
.imageblock>.title{margin-bottom:0}
.imageblock.thumb,.imageblock.th{border-width:6px}
.imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
.image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
.image.left{margin-right:.625em}
.image.right{margin-left:.625em}
a.image{text-decoration:none;display:inline-block}
a.image object{pointer-events:none}
sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
sup.footnote a,sup.footnoteref a{text-decoration:none}
sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
#footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
#footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em 0;border-width:1px 0 0 0}
#footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;text-indent:-1.05em;margin-bottom:.2em}
#footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none}
#footnotes .footnote:last-of-type{margin-bottom:0}
#content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
.gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
.gist .file-data>table td.line-data{width:99%}
div.unbreakable{page-break-inside:avoid}
.big{font-size:larger}
.small{font-size:smaller}
.underline{text-decoration:underline}
.overline{text-decoration:overline}
.line-through{text-decoration:line-through}
.aqua{color:#00bfbf}
.aqua-background{background-color:#00fafa}
.black{color:#000}
.black-background{background-color:#000}
.blue{color:#0000bf}
.blue-background{background-color:#0000fa}
.fuchsia{color:#bf00bf}
.fuchsia-background{background-color:#fa00fa}
.gray{color:#606060}
.gray-background{background-color:#7d7d7d}
.green{color:#006000}
.green-background{background-color:#007d00}
.lime{color:#00bf00}
.lime-background{background-color:#00fa00}
.maroon{color:#600000}
.maroon-background{background-color:#7d0000}
.navy{color:#000060}
.navy-background{background-color:#00007d}
.olive{color:#606000}
.olive-background{background-color:#7d7d00}
.purple{color:#600060}
.purple-background{background-color:#7d007d}
.red{color:#bf0000}
.red-background{background-color:#fa0000}
.silver{color:#909090}
.silver-background{background-color:#bcbcbc}
.teal{color:#006060}
.teal-background{background-color:#007d7d}
.white{color:#bfbfbf}
.white-background{background-color:#fafafa}
.yellow{color:#bfbf00}
.yellow-background{background-color:#fafa00}
span.icon>.fa{cursor:default}
.admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
.admonitionblock td.icon .icon-note:before{content:"\f05a";color:#19407c}
.admonitionblock td.icon .icon-tip:before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
.admonitionblock td.icon .icon-warning:before{content:"\f071";color:#bf6900}
.admonitionblock td.icon .icon-caution:before{content:"\f06d";color:#bf3400}
.admonitionblock td.icon .icon-important:before{content:"\f06a";color:#bf0000}
.conum[data-value]{display:inline-block;color:#fff!important;background-color:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
.conum[data-value] *{color:#fff!important}
.conum[data-value]+b{display:none}
.conum[data-value]:after{content:attr(data-value)}
pre .conum[data-value]{position:relative;top:-.125em}
b.conum *{color:inherit!important}
.conum:not([data-value]):empty{display:none}
dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
h1,h2,p,td.content,span.alt{letter-spacing:-.01em}
p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
p,blockquote,dt,td.content,span.alt{font-size:1.0625rem}
p{margin-bottom:1.25rem}
.sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
.exampleblock>.content{background-color:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc}
.print-only{display:none!important}
@media print{@page{margin:1.25cm .75cm}
*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important}
a{color:inherit!important;text-decoration:underline!important}
a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
a[href^="http:"]:not(.bare):after,a[href^="https:"]:not(.bare):after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
abbr[title]:after{content:" (" attr(title) ")"}
pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
thead{display:table-header-group}
svg{max-width:100%}
p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
#toc,.sidebarblock,.exampleblock>.content{background:none!important}
#toc{border-bottom:1px solid #ddddd8!important;padding-bottom:0!important}
.sect1{padding-bottom:0!important}
.sect1+.sect1{border:0!important}
#header>h1:first-child{margin-top:1.25rem}
body.book #header{text-align:center}
body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em 0}
body.book #header .details{border:0!important;display:block;padding:0!important}
body.book #header .details span:first-child{margin-left:0!important}
body.book #header .details br{display:block}
body.book #header .details br+span:before{content:none!important}
body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
.listingblock code[data-lang]:before{display:block}
#footer{background:none!important;padding:0 .9375em}
#footer-text{color:rgba(0,0,0,.6)!important;font-size:.9em}
.hide-on-print{display:none!important}
.print-only{display:block!important}
.hide-for-print{display:none!important}
.show-for-print{display:inherit!important}}
</style>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css">
</head>
<body class="article toc2 toc-right">
<div id="header">
<h1>MISP taxonomies and classification as machine tags</h1>
<div id="toc" class="toc2">
<div id="toctitle">Table of Contents</div>
<ul class="sectlevel1">
<li><a href="#_veris">veris</a>
<ul class="sectlevel2">
<li><a href="#_iso_currency_code">iso_currency_code</a></li>
<li><a href="#_confidence">confidence</a></li>
<li><a href="#_targeted">targeted</a></li>
<li><a href="#_discovery_method">discovery_method</a></li>
<li><a href="#_cost_corrective_action">cost_corrective_action</a></li>
<li><a href="#_security_incident">security_incident</a></li>
<li><a href="#_country">country</a></li>
<li><a href="#_impact_overall_rating">impact:overall_rating</a></li>
<li><a href="#_actor_motive">actor:motive</a></li>
<li><a href="#_asset_management">asset:management</a></li>
<li><a href="#_asset_variety">asset:variety</a></li>
<li><a href="#_asset_accessibility">asset:accessibility</a></li>
<li><a href="#_asset_governance">asset:governance</a></li>
<li><a href="#_asset_hosting">asset:hosting</a></li>
<li><a href="#_asset_ownership">asset:ownership</a></li>
<li><a href="#_asset_cloud">asset:cloud</a></li>
<li><a href="#_victim_employee_count">victim:employee_count</a></li>
<li><a href="#_timeline_unit">timeline:unit</a></li>
<li><a href="#_impact_loss_rating">impact:loss:rating</a></li>
<li><a href="#_impact_loss_variety">impact:loss:variety</a></li>
<li><a href="#_attribute_integrity_variety">attribute:integrity:variety</a></li>
<li><a href="#_attribute_availability_variety">attribute:availability:variety</a></li>
<li><a href="#_attribute_confidentiality_data_victim">attribute:confidentiality:data_victim</a></li>
<li><a href="#_attribute_confidentiality_state">attribute:confidentiality:state</a></li>
<li><a href="#_attribute_confidentiality_data_disclosure">attribute:confidentiality:data_disclosure</a></li>
<li><a href="#_actor_internal_job_change">actor:internal:job_change</a></li>
<li><a href="#_actor_internal_variety">actor:internal:variety</a></li>
<li><a href="#_actor_external_variety">actor:external:variety</a></li>
<li><a href="#_action_malware_vector">action:malware:vector</a></li>
<li><a href="#_action_malware_variety">action:malware:variety</a></li>
<li><a href="#_action_social_vector">action:social:vector</a></li>
<li><a href="#_action_social_target">action:social:target</a></li>
<li><a href="#_action_social_variety">action:social:variety</a></li>
<li><a href="#_action_environmental_variety">action:environmental:variety</a></li>
<li><a href="#_action_error_vector">action:error:vector</a></li>
<li><a href="#_action_error_variety">action:error:variety</a></li>
<li><a href="#_action_misuse_vector">action:misuse:vector</a></li>
<li><a href="#_action_misuse_variety">action:misuse:variety</a></li>
<li><a href="#_action_hacking_vector">action:hacking:vector</a></li>
<li><a href="#_action_hacking_variety">action:hacking:variety</a></li>
<li><a href="#_action_physical_vector">action:physical:vector</a></li>
<li><a href="#_action_physical_variety">action:physical:variety</a></li>
<li><a href="#_attribute_confidentiality_data_variety">attribute:confidentiality:data:variety</a></li>
</ul>
</li>
<li><a href="#_ms_caro_malware_full">ms-caro-malware-full</a>
<ul class="sectlevel2">
<li><a href="#_malware_type">malware-type</a></li>
<li><a href="#_malware_platform">malware-platform</a></li>
<li><a href="#_malware_family">malware-family</a></li>
</ul>
</li>
<li><a href="#_malware_classification">malware_classification</a>
<ul class="sectlevel2">
<li><a href="#_malware_category">malware-category</a></li>
<li><a href="#_obfuscation_technique">obfuscation-technique</a></li>
<li><a href="#_payload_classification">payload-classification</a></li>
<li><a href="#_memory_classification">memory-classification</a></li>
</ul>
</li>
<li><a href="#_fr_classif">fr-classif</a>
<ul class="sectlevel2">
<li><a href="#_classifiees_defense">classifiees-defense</a></li>
<li><a href="#_non_classifiees_defense">non-classifiees-defense</a></li>
<li><a href="#_non_classifiees">non-classifiees</a></li>
</ul>
</li>
<li><a href="#_admiralty_scale">admiralty-scale</a>
<ul class="sectlevel2">
<li><a href="#_source_reliability">source-reliability</a></li>
<li><a href="#_information_credibility">information-credibility</a></li>
</ul>
</li>
<li><a href="#_ms_caro_malware">ms-caro-malware</a>
<ul class="sectlevel2">
<li><a href="#_malware_type_2">malware-type</a></li>
<li><a href="#_malware_platform_2">malware-platform</a></li>
</ul>
</li>
<li><a href="#_adversary">adversary</a>
<ul class="sectlevel2">
<li><a href="#_infrastructure_status">infrastructure-status</a></li>
<li><a href="#_infrastructure_type">infrastructure-type</a></li>
<li><a href="#_infrastructure_state">infrastructure-state</a></li>
<li><a href="#_infrastructure_action">infrastructure-action</a></li>
</ul>
</li>
<li><a href="#_dni_ism">dni-ism</a>
<ul class="sectlevel2">
<li><a href="#_classification_all">classification:all</a></li>
<li><a href="#_classification_us">classification:us</a></li>
<li><a href="#_complies_with">complies:with</a></li>
<li><a href="#_dissem">dissem</a></li>
<li><a href="#_nonic">nonic</a></li>
<li><a href="#_nonuscontrols">nonuscontrols</a></li>
<li><a href="#_notice">notice</a></li>
<li><a href="#_scicontrols">scicontrols</a></li>
<li><a href="#_atomicenergymarkings">atomicenergymarkings</a></li>
</ul>
</li>
<li><a href="#_osint">osint</a>
<ul class="sectlevel2">
<li><a href="#_source_type">source-type</a></li>
<li><a href="#_lifetime">lifetime</a></li>
<li><a href="#_certainty">certainty</a></li>
</ul>
</li>
<li><a href="#_domain_abuse">domain-abuse</a>
<ul class="sectlevel2">
<li><a href="#_domain_access_method">domain-access-method</a></li>
<li><a href="#_domain_status">domain-status</a></li>
</ul>
</li>
<li><a href="#_iep">iep</a>
<ul class="sectlevel2">
<li><a href="#_id">id</a></li>
<li><a href="#_version">version</a></li>
<li><a href="#_name">name</a></li>
<li><a href="#_start_date">start-date</a></li>
<li><a href="#_end_date">end-date</a></li>
<li><a href="#_reference">reference</a></li>
<li><a href="#_commercial_use">commercial-use</a></li>
<li><a href="#_external_reference">external-reference</a></li>
<li><a href="#_encrypt_in_transit">encrypt-in-transit</a></li>
<li><a href="#_encrypt_at_rest">encrypt-at-rest</a></li>
<li><a href="#_permitted_actions">permitted-actions</a></li>
<li><a href="#_affected_party_notifications">affected-party-notifications</a></li>
<li><a href="#_traffic_light_protocol">traffic-light-protocol</a></li>
<li><a href="#_provider_attribution">provider-attribution</a></li>
<li><a href="#_obfuscate_affected_parties">obfuscate-affected-parties</a></li>
<li><a href="#_unmodified_resale">unmodified-resale</a></li>
</ul>
</li>
<li><a href="#_stealth_malware">stealth_malware</a>
<ul class="sectlevel2">
<li><a href="#_type">type</a></li>
</ul>
</li>
<li><a href="#_stealth_malware_2">stealth_malware</a>
<ul class="sectlevel2">
<li><a href="#_type_2">type</a></li>
</ul>
</li>
<li><a href="#_open_threat">open_threat</a>
<ul class="sectlevel2">
<li><a href="#_threat_category">threat-category</a></li>
<li><a href="#_threat_name">threat-name</a></li>
</ul>
</li>
<li><a href="#_targeted_threat_index">targeted-threat-index</a>
<ul class="sectlevel2">
<li><a href="#_targeting_sophistication_base_value">targeting-sophistication-base-value</a></li>
<li><a href="#_technical_sophistication_multiplier">technical-sophistication-multiplier</a></li>
</ul>
</li>
<li><a href="#_rt_event_status">rt_event_status</a>
<ul class="sectlevel2">
<li><a href="#_event_status">event-status</a></li>
</ul>
</li>
<li><a href="#_europol_incident">europol-incident</a>
<ul class="sectlevel2">
<li><a href="#_malware">malware</a></li>
<li><a href="#_availability">availability</a></li>
<li><a href="#_information_gathering">information-gathering</a></li>
<li><a href="#_intrusion_attempt">intrusion-attempt</a></li>
<li><a href="#_intrusion">intrusion</a></li>
<li><a href="#_information_security">information-security</a></li>
<li><a href="#_fraud">fraud</a></li>
<li><a href="#_abusive_content">abusive-content</a></li>
<li><a href="#_other">other</a></li>
</ul>
</li>
<li><a href="#_diamond_model">diamond-model</a>
<ul class="sectlevel2">
<li><a href="#_adversary_2">Adversary</a></li>
<li><a href="#_capability">Capability</a></li>
<li><a href="#_infrastructure">Infrastructure</a></li>
<li><a href="#_victim">Victim</a></li>
</ul>
</li>
<li><a href="#_euci">euci</a>
<ul class="sectlevel2">
<li><a href="#_ts_ue_eu_ts">TS-UE/EU-TS</a></li>
<li><a href="#_s_ue_eu_s">S-UE/EU-S</a></li>
<li><a href="#_c_ue_eu_c">C-UE/EU-C</a></li>
<li><a href="#_r_ue_eu_r">R-UE/EU-R</a></li>
</ul>
</li>
<li><a href="#_misp">misp</a>
<ul class="sectlevel2">
<li><a href="#_ui">ui</a></li>
<li><a href="#_api">api</a></li>
<li><a href="#_contributor">contributor</a></li>
<li><a href="#_confidence_level">confidence-level</a></li>
<li><a href="#_threat_level">threat-level</a></li>
<li><a href="#_should_not_sync">should-not-sync</a></li>
</ul>
</li>
<li><a href="#_nato">nato</a>
<ul class="sectlevel2">
<li><a href="#_classification">classification</a></li>
</ul>
</li>
<li><a href="#_eu_marketop_and_publicadmin">eu-marketop-and-publicadmin</a>
<ul class="sectlevel2">
<li><a href="#_critical_infra_operators">critical-infra-operators</a></li>
<li><a href="#_info_services">info-services</a></li>
<li><a href="#_public_admin">public-admin</a></li>
</ul>
</li>
<li><a href="#_de_vs">de-vs</a>
<ul class="sectlevel2">
<li><a href="#_einstufung">Einstufung</a></li>
<li><a href="#_schutzwort">Schutzwort</a></li>
</ul>
</li>
<li><a href="#_dhs_ciip_sectors">dhs-ciip-sectors</a>
<ul class="sectlevel2">
<li><a href="#_dhs_critical_sectors">DHS-critical-sectors</a></li>
<li><a href="#_sector">sector</a></li>
</ul>
</li>
<li><a href="#_information_security_indicators">information-security-indicators</a>
<ul class="sectlevel2">
<li><a href="#_iex">IEX</a></li>
<li><a href="#_imf">IMF</a></li>
<li><a href="#_idb">IDB</a></li>
<li><a href="#_iwh">IWH</a></li>
<li><a href="#_vbh">VBH</a></li>
<li><a href="#_vsw">VSW</a></li>
<li><a href="#_vcf">VCF</a></li>
<li><a href="#_vtc">VTC</a></li>
<li><a href="#_vor">VOR</a></li>
<li><a href="#_imp">IMP</a></li>
</ul>
</li>
<li><a href="#_europol_event">europol-event</a>
<ul class="sectlevel2">
<li><a href="#_infected_by_known_malware">infected-by-known-malware</a></li>
<li><a href="#_dissemination_malware_email">dissemination-malware-email</a></li>
<li><a href="#_hosting_malware_webpage">hosting-malware-webpage</a></li>
<li><a href="#_c_c_server_hosting">c&amp;c-server-hosting</a></li>
<li><a href="#_worm_spreading">worm-spreading</a></li>
<li><a href="#_connection_malware_port">connection-malware-port</a></li>
<li><a href="#_connection_malware_system">connection-malware-system</a></li>
<li><a href="#_flood">flood</a></li>
<li><a href="#_exploit_tool_exhausting_resources">exploit-tool-exhausting-resources</a></li>
<li><a href="#_packet_flood">packet-flood</a></li>
<li><a href="#_exploit_framework_exhausting_resources">exploit-framework-exhausting-resources</a></li>
<li><a href="#_vandalism">vandalism</a></li>
<li><a href="#_disruption_data_transmission">disruption-data-transmission</a></li>
<li><a href="#_system_probe">system-probe</a></li>
<li><a href="#_network_scanning">network-scanning</a></li>
<li><a href="#_dns_zone_transfer">dns-zone-transfer</a></li>
<li><a href="#_wiretapping">wiretapping</a></li>
<li><a href="#_dissemination_phishing_emails">dissemination-phishing-emails</a></li>
<li><a href="#_hosting_phishing_sites">hosting-phishing-sites</a></li>
<li><a href="#_aggregation_information_phishing_schemes">aggregation-information-phishing-schemes</a></li>
<li><a href="#_exploit_attempt">exploit-attempt</a></li>
<li><a href="#_sql_injection_attempt">sql-injection-attempt</a></li>
<li><a href="#_xss_attempt">xss-attempt</a></li>
<li><a href="#_file_inclusion_attempt">file-inclusion-attempt</a></li>
<li><a href="#_brute_force_attempt">brute-force-attempt</a></li>
<li><a href="#_password_cracking_attempt">password-cracking-attempt</a></li>
<li><a href="#_dictionary_attack_attempt">dictionary-attack-attempt</a></li>
<li><a href="#_exploit">exploit</a></li>
<li><a href="#_sql_injection">sql-injection</a></li>
<li><a href="#_xss">xss</a></li>
<li><a href="#_file_inclusion">file-inclusion</a></li>
<li><a href="#_control_system_bypass">control-system-bypass</a></li>
<li><a href="#_theft_access_credentials">theft-access-credentials</a></li>
<li><a href="#_unauthorized_access_system">unauthorized-access-system</a></li>
<li><a href="#_unauthorized_access_information">unauthorized-access-information</a></li>
<li><a href="#_data_exfiltration">data-exfiltration</a></li>
<li><a href="#_modification_information">modification-information</a></li>
<li><a href="#_deletion_information">deletion-information</a></li>
<li><a href="#_illegitimate_use_resources">illegitimate-use-resources</a></li>
<li><a href="#_illegitimate_use_name">illegitimate-use-name</a></li>
<li><a href="#_email_flooding">email-flooding</a></li>
<li><a href="#_spam">spam</a></li>
<li><a href="#_copyrighted_content">copyrighted-content</a></li>
<li><a href="#_content_forbidden_by_law">content-forbidden-by-law</a></li>
<li><a href="#_unspecified">unspecified</a></li>
<li><a href="#_undetermined">undetermined</a></li>
</ul>
</li>
<li><a href="#_kill_chain">kill-chain</a>
<ul class="sectlevel2">
<li><a href="#_reconnaissance">Reconnaissance</a></li>
<li><a href="#_weaponisation">Weaponisation</a></li>
<li><a href="#_delivery">Delivery</a></li>
<li><a href="#_exploitation">Exploitation</a></li>
<li><a href="#_installation">Installation</a></li>
<li><a href="#_command_and_control">Command and Control</a></li>
<li><a href="#_actions_on_objectives">Actions on Objectives</a></li>
</ul>
</li>
<li><a href="#_tlp">tlp</a>
<ul class="sectlevel2">
<li><a href="#_red">red</a></li>
<li><a href="#_amber">amber</a></li>
<li><a href="#_green">green</a></li>
<li><a href="#_white">white</a></li>
<li><a href="#_ex_chr">ex:chr</a></li>
</ul>
</li>
<li><a href="#_csirt_case_classification">csirt_case_classification</a>
<ul class="sectlevel2">
<li><a href="#_incident_category">incident-category</a></li>
<li><a href="#_criticality_classification">criticality-classification</a></li>
<li><a href="#_sensitivity_classification">sensitivity-classification</a></li>
</ul>
</li>
<li><a href="#_ecsirt">ecsirt</a>
<ul class="sectlevel2">
<li><a href="#_abusive_content_2">abusive-content</a></li>
<li><a href="#_malicious_code">malicious-code</a></li>
<li><a href="#_information_gathering_2">information-gathering</a></li>
<li><a href="#_intrusion_attempts">intrusion-attempts</a></li>
<li><a href="#_intrusions">intrusions</a></li>
<li><a href="#_availability_2">availability</a></li>
<li><a href="#_information_security_2">information-security</a></li>
<li><a href="#_information_content_security">information-content-security</a></li>
<li><a href="#_vulnerable">vulnerable</a></li>
<li><a href="#_fraud_2">fraud</a></li>
<li><a href="#_other_2">other</a></li>
<li><a href="#_test">test</a></li>
</ul>
</li>
<li><a href="#_pap">PAP</a>
<ul class="sectlevel2">
<li><a href="#_red_2">RED</a></li>
<li><a href="#_amber_2">AMBER</a></li>
<li><a href="#_green_2">GREEN</a></li>
<li><a href="#_white_2">WHITE</a></li>
</ul>
</li>
<li><a href="#_enisa">enisa</a>
<ul class="sectlevel2">
<li><a href="#_physical_attack">physical-attack</a></li>
<li><a href="#_unintentional_damage">unintentional-damage</a></li>
<li><a href="#_disaster">disaster</a></li>
<li><a href="#_failures_malfunction">failures-malfunction</a></li>
<li><a href="#_outages">outages</a></li>
<li><a href="#_eavesdropping_interception_hijacking">eavesdropping-interception-hijacking</a></li>
<li><a href="#_nefarious_activity_abuse">nefarious-activity-abuse</a></li>
<li><a href="#_legal">legal</a></li>
</ul>
</li>
<li><a href="#_circl">circl</a>
<ul class="sectlevel2">
<li><a href="#_incident_classification">incident-classification</a></li>
<li><a href="#_topic">topic</a></li>
</ul>
</li>
<li><a href="#_estimative_language">estimative-language</a>
<ul class="sectlevel2">
<li><a href="#_likelihood_probability">likelihood-probability</a></li>
</ul>
</li>
</ul>
</div>
</div>
<div id="content">
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>Generated from <a href="https://github.com/MISP/misp-taxonomies" class="bare">https://github.com/MISP/misp-taxonomies</a>.</p>
</div>
<div class="imageblock">
<div class="content">
<img src="https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/logos/misp-logo.png" alt="MISP logo">
</div>
</div>
<div class="paragraph">
<p>Taxonomies that can be used in MISP (2.4) and other information sharing tool and expressed in Machine Tags (Triple Tags). A machine tag is composed of a namespace (MUST), a predicate (MUST) and an (OPTIONAL) value. Machine tags are often called triple tag due to their format.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_veris">veris</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
veris namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/veris/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Vocabulary for Event Recording and Incident Sharing (VERIS)</p>
</div>
<div class="sect2">
<h3 id="_iso_currency_code">iso_currency_code</h3>
<div class="sect3">
<h4 id="_veris_iso_currency_code_dzd">veris:iso_currency_code="DZD"</h4>
<div class="paragraph">
<p>veris:DZD - Algerian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_nad">veris:iso_currency_code="NAD"</h4>
<div class="paragraph">
<p>veris:NAD - Namibia Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ghs">veris:iso_currency_code="GHS"</h4>
<div class="paragraph">
<p>veris:GHS - Ghana Cedi</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_egp">veris:iso_currency_code="EGP"</h4>
<div class="paragraph">
<p>veris:EGP - Egyptian Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bgn">veris:iso_currency_code="BGN"</h4>
<div class="paragraph">
<p>veris:BGN - Bulgarian Lev</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_pab">veris:iso_currency_code="PAB"</h4>
<div class="paragraph">
<p>veris:PAB - Balboa</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bob">veris:iso_currency_code="BOB"</h4>
<div class="paragraph">
<p>veris:BOB - Boliviano</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_dkk">veris:iso_currency_code="DKK"</h4>
<div class="paragraph">
<p>veris:DKK - Danish Krone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bwp">veris:iso_currency_code="BWP"</h4>
<div class="paragraph">
<p>veris:BWP - Pula</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_lbp">veris:iso_currency_code="LBP"</h4>
<div class="paragraph">
<p>veris:LBP - Lebanese Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_tzs">veris:iso_currency_code="TZS"</h4>
<div class="paragraph">
<p>veris:TZS - Tanzanian Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_vnd">veris:iso_currency_code="VND"</h4>
<div class="paragraph">
<p>veris:VND - Dong</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_aoa">veris:iso_currency_code="AOA"</h4>
<div class="paragraph">
<p>veris:AOA - Kwanza</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_khr">veris:iso_currency_code="KHR"</h4>
<div class="paragraph">
<p>veris:KHR - Riel</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_myr">veris:iso_currency_code="MYR"</h4>
<div class="paragraph">
<p>veris:MYR - Malaysian Ringgit</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_kyd">veris:iso_currency_code="KYD"</h4>
<div class="paragraph">
<p>veris:KYD - Cayman Islands Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_lyd">veris:iso_currency_code="LYD"</h4>
<div class="paragraph">
<p>veris:LYD - Libyan Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_uah">veris:iso_currency_code="UAH"</h4>
<div class="paragraph">
<p>veris:UAH - Hryvnia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_jod">veris:iso_currency_code="JOD"</h4>
<div class="paragraph">
<p>veris:JOD - Jordanian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_awg">veris:iso_currency_code="AWG"</h4>
<div class="paragraph">
<p>veris:AWG - Aruban Florin</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_sar">veris:iso_currency_code="SAR"</h4>
<div class="paragraph">
<p>veris:SAR - Saudi Riyal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_eur">veris:iso_currency_code="EUR"</h4>
<div class="paragraph">
<p>veris:EUR - Euro</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_hkd">veris:iso_currency_code="HKD"</h4>
<div class="paragraph">
<p>veris:HKD - Hong Kong Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_chf">veris:iso_currency_code="CHF"</h4>
<div class="paragraph">
<p>veris:CHF - Swiss Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_gip">veris:iso_currency_code="GIP"</h4>
<div class="paragraph">
<p>veris:GIP - Gibraltar Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_byr">veris:iso_currency_code="BYR"</h4>
<div class="paragraph">
<p>veris:BYR - Belarussian Ruble</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_all">veris:iso_currency_code="ALL"</h4>
<div class="paragraph">
<p>veris:ALL - Lek</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mro">veris:iso_currency_code="MRO"</h4>
<div class="paragraph">
<p>veris:MRO - Ouguiya</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_hrk">veris:iso_currency_code="HRK"</h4>
<div class="paragraph">
<p>veris:HRK - Croatian Kuna</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_djf">veris:iso_currency_code="DJF"</h4>
<div class="paragraph">
<p>veris:DJF - Djibouti Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_szl">veris:iso_currency_code="SZL"</h4>
<div class="paragraph">
<p>veris:SZL - Lilangeni</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_thb">veris:iso_currency_code="THB"</h4>
<div class="paragraph">
<p>veris:THB - Baht</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_xaf">veris:iso_currency_code="XAF"</h4>
<div class="paragraph">
<p>veris:XAF - CFA Franc BEAC</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bnd">veris:iso_currency_code="BND"</h4>
<div class="paragraph">
<p>veris:BND - Brunei Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_isk">veris:iso_currency_code="ISK"</h4>
<div class="paragraph">
<p>veris:ISK - Iceland Krona</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_uyu">veris:iso_currency_code="UYU"</h4>
<div class="paragraph">
<p>veris:UYU - Peso Uruguayo</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_nio">veris:iso_currency_code="NIO"</h4>
<div class="paragraph">
<p>veris:NIO - Cordoba Oro</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_lak">veris:iso_currency_code="LAK"</h4>
<div class="paragraph">
<p>veris:LAK - Kip</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_syp">veris:iso_currency_code="SYP"</h4>
<div class="paragraph">
<p>veris:SYP - Syrian Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mad">veris:iso_currency_code="MAD"</h4>
<div class="paragraph">
<p>veris:MAD - Moroccan Dirham</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mzn">veris:iso_currency_code="MZN"</h4>
<div class="paragraph">
<p>veris:MZN - Mozambique Metical</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_php">veris:iso_currency_code="PHP"</h4>
<div class="paragraph">
<p>veris:PHP - Philippine Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_zar">veris:iso_currency_code="ZAR"</h4>
<div class="paragraph">
<p>veris:ZAR - South African Rand</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_npr">veris:iso_currency_code="NPR"</h4>
<div class="paragraph">
<p>veris:NPR - Nepalese Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ngn">veris:iso_currency_code="NGN"</h4>
<div class="paragraph">
<p>veris:NGN - Naira</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_zwd">veris:iso_currency_code="ZWD"</h4>
<div class="paragraph">
<p>veris:ZWD - Zimbabwean Dollar A/06</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_crc">veris:iso_currency_code="CRC"</h4>
<div class="paragraph">
<p>veris:CRC - Costa Rican Colon</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_aed">veris:iso_currency_code="AED"</h4>
<div class="paragraph">
<p>veris:AED - UAE Dirham</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_gbp">veris:iso_currency_code="GBP"</h4>
<div class="paragraph">
<p>veris:GBP - Pound Sterling</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mwk">veris:iso_currency_code="MWK"</h4>
<div class="paragraph">
<p>veris:MWK - Kwacha</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_lkr">veris:iso_currency_code="LKR"</h4>
<div class="paragraph">
<p>veris:LKR - Sri Lanka Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_pkr">veris:iso_currency_code="PKR"</h4>
<div class="paragraph">
<p>veris:PKR - Pakistan Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_huf">veris:iso_currency_code="HUF"</h4>
<div class="paragraph">
<p>veris:HUF - Forint</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bmd">veris:iso_currency_code="BMD"</h4>
<div class="paragraph">
<p>veris:BMD - Bermudian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_lsl">veris:iso_currency_code="LSL"</h4>
<div class="paragraph">
<p>veris:LSL - Loti</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mnt">veris:iso_currency_code="MNT"</h4>
<div class="paragraph">
<p>veris:MNT - Tugrik</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_amd">veris:iso_currency_code="AMD"</h4>
<div class="paragraph">
<p>veris:AMD - Armenian Dram</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ugx">veris:iso_currency_code="UGX"</h4>
<div class="paragraph">
<p>veris:UGX - Uganda Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_qar">veris:iso_currency_code="QAR"</h4>
<div class="paragraph">
<p>veris:QAR - Qatari Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_xdr">veris:iso_currency_code="XDR"</h4>
<div class="paragraph">
<p>veris:XDR - SDR (Special Drawing Right)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_jmd">veris:iso_currency_code="JMD"</h4>
<div class="paragraph">
<p>veris:JMD - Jamaican Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_gel">veris:iso_currency_code="GEL"</h4>
<div class="paragraph">
<p>veris:GEL - Lari</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_shp">veris:iso_currency_code="SHP"</h4>
<div class="paragraph">
<p>veris:SHP - Saint Helena Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_afn">veris:iso_currency_code="AFN"</h4>
<div class="paragraph">
<p>veris:AFN - Afghani</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_sbd">veris:iso_currency_code="SBD"</h4>
<div class="paragraph">
<p>veris:SBD - Solomon Islands Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_kpw">veris:iso_currency_code="KPW"</h4>
<div class="paragraph">
<p>veris:KPW - North Korean Won</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_try">veris:iso_currency_code="TRY"</h4>
<div class="paragraph">
<p>veris:TRY - Turkish Lira</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bdt">veris:iso_currency_code="BDT"</h4>
<div class="paragraph">
<p>veris:BDT - Taka</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_yer">veris:iso_currency_code="YER"</h4>
<div class="paragraph">
<p>veris:YER - Yemeni Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_htg">veris:iso_currency_code="HTG"</h4>
<div class="paragraph">
<p>veris:HTG - Gourde</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_xof">veris:iso_currency_code="XOF"</h4>
<div class="paragraph">
<p>veris:XOF - CFA Franc BCEAO</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mga">veris:iso_currency_code="MGA"</h4>
<div class="paragraph">
<p>veris:MGA - Malagasy Ariary</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ang">veris:iso_currency_code="ANG"</h4>
<div class="paragraph">
<p>veris:ANG - Netherlands Antillean Guilder</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_lrd">veris:iso_currency_code="LRD"</h4>
<div class="paragraph">
<p>veris:LRD - Liberian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_rwf">veris:iso_currency_code="RWF"</h4>
<div class="paragraph">
<p>veris:RWF - Rwanda Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_nok">veris:iso_currency_code="NOK"</h4>
<div class="paragraph">
<p>veris:NOK - Norwegian Krone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mop">veris:iso_currency_code="MOP"</h4>
<div class="paragraph">
<p>veris:MOP - Pataca</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_inr">veris:iso_currency_code="INR"</h4>
<div class="paragraph">
<p>veris:INR - Indian Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mxn">veris:iso_currency_code="MXN"</h4>
<div class="paragraph">
<p>veris:MXN - Mexican Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_czk">veris:iso_currency_code="CZK"</h4>
<div class="paragraph">
<p>veris:CZK - Czech Koruna</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_tjs">veris:iso_currency_code="TJS"</h4>
<div class="paragraph">
<p>veris:TJS - Somoni</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_twd">veris:iso_currency_code="TWD"</h4>
<div class="paragraph">
<p>veris:TWD - New Taiwan Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_btn">veris:iso_currency_code="BTN"</h4>
<div class="paragraph">
<p>veris:BTN - Ngultrum</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_cop">veris:iso_currency_code="COP"</h4>
<div class="paragraph">
<p>veris:COP - Colombian Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_tmt">veris:iso_currency_code="TMT"</h4>
<div class="paragraph">
<p>veris:TMT - Turkmenistan New Manat</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mur">veris:iso_currency_code="MUR"</h4>
<div class="paragraph">
<p>veris:MUR - Mauritius Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_idr">veris:iso_currency_code="IDR"</h4>
<div class="paragraph">
<p>veris:IDR - Rupiah</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_hnl">veris:iso_currency_code="HNL"</h4>
<div class="paragraph">
<p>veris:HNL - Lempira</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_xpf">veris:iso_currency_code="XPF"</h4>
<div class="paragraph">
<p>veris:XPF - CFP Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_fjd">veris:iso_currency_code="FJD"</h4>
<div class="paragraph">
<p>veris:FJD - Fiji Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_etb">veris:iso_currency_code="ETB"</h4>
<div class="paragraph">
<p>veris:ETB - Ethiopian Birr</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_pen">veris:iso_currency_code="PEN"</h4>
<div class="paragraph">
<p>veris:PEN - Nuevo Sol</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bzd">veris:iso_currency_code="BZD"</h4>
<div class="paragraph">
<p>veris:BZD - Belize Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ils">veris:iso_currency_code="ILS"</h4>
<div class="paragraph">
<p>veris:ILS - New Israeli Sheqel</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_dop">veris:iso_currency_code="DOP"</h4>
<div class="paragraph">
<p>veris:DOP - Dominican Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ggp">veris:iso_currency_code="GGP"</h4>
<div class="paragraph">
<p>veris:GGP - Guernsey pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mdl">veris:iso_currency_code="MDL"</h4>
<div class="paragraph">
<p>veris:MDL - Moldovan Leu</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bsd">veris:iso_currency_code="BSD"</h4>
<div class="paragraph">
<p>veris:BSD - Bahamian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_spl">veris:iso_currency_code="SPL"</h4>
<div class="paragraph">
<p>veris:SPL - Seborga Luigino</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_sek">veris:iso_currency_code="SEK"</h4>
<div class="paragraph">
<p>veris:SEK - Swedish Krona</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_zmk">veris:iso_currency_code="ZMK"</h4>
<div class="paragraph">
<p>veris:ZMK - Zambian Kwacha</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_jep">veris:iso_currency_code="JEP"</h4>
<div class="paragraph">
<p>veris:JEP - Jersey pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_aud">veris:iso_currency_code="AUD"</h4>
<div class="paragraph">
<p>veris:AUD - Australian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_srd">veris:iso_currency_code="SRD"</h4>
<div class="paragraph">
<p>veris:SRD - Surinam Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_cup">veris:iso_currency_code="CUP"</h4>
<div class="paragraph">
<p>veris:CUP - Cuban Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bbd">veris:iso_currency_code="BBD"</h4>
<div class="paragraph">
<p>veris:BBD - Barbados Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_kmf">veris:iso_currency_code="KMF"</h4>
<div class="paragraph">
<p>veris:KMF - Comoro Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_krw">veris:iso_currency_code="KRW"</h4>
<div class="paragraph">
<p>veris:KRW - South Korean Won</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_gmd">veris:iso_currency_code="GMD"</h4>
<div class="paragraph">
<p>veris:GMD - Dalasi</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_vef">veris:iso_currency_code="VEF"</h4>
<div class="paragraph">
<p>veris:VEF - Bolivar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_imp">veris:iso_currency_code="IMP"</h4>
<div class="paragraph">
<p>veris:IMP - Isle of Man Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_cuc">veris:iso_currency_code="CUC"</h4>
<div class="paragraph">
<p>veris:CUC - Peso Convertible</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_tvd">veris:iso_currency_code="TVD"</h4>
<div class="paragraph">
<p>veris:TVD - Tuvalu Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_clp">veris:iso_currency_code="CLP"</h4>
<div class="paragraph">
<p>veris:CLP - Chilean Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ltl">veris:iso_currency_code="LTL"</h4>
<div class="paragraph">
<p>veris:LTL - Lithuanian Litas</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_cdf">veris:iso_currency_code="CDF"</h4>
<div class="paragraph">
<p>veris:CDF - Congolese Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_xcd">veris:iso_currency_code="XCD"</h4>
<div class="paragraph">
<p>veris:XCD - East Caribbean Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_kzt">veris:iso_currency_code="KZT"</h4>
<div class="paragraph">
<p>veris:KZT - Tenge</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_rub">veris:iso_currency_code="RUB"</h4>
<div class="paragraph">
<p>veris:RUB - Russian Ruble</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ttd">veris:iso_currency_code="TTD"</h4>
<div class="paragraph">
<p>veris:TTD - Trinidad and Tobago Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_omr">veris:iso_currency_code="OMR"</h4>
<div class="paragraph">
<p>veris:OMR - Rial Omani</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_brl">veris:iso_currency_code="BRL"</h4>
<div class="paragraph">
<p>veris:BRL - Brazilian Real</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mmk">veris:iso_currency_code="MMK"</h4>
<div class="paragraph">
<p>veris:MMK - Kyat</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_pln">veris:iso_currency_code="PLN"</h4>
<div class="paragraph">
<p>veris:PLN - Zloty</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_pyg">veris:iso_currency_code="PYG"</h4>
<div class="paragraph">
<p>veris:PYG - Guarani</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_kes">veris:iso_currency_code="KES"</h4>
<div class="paragraph">
<p>veris:KES - Kenyan Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_svc">veris:iso_currency_code="SVC"</h4>
<div class="paragraph">
<p>veris:SVC - El Salvador Colon</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mkd">veris:iso_currency_code="MKD"</h4>
<div class="paragraph">
<p>veris:MKD - Denar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_azn">veris:iso_currency_code="AZN"</h4>
<div class="paragraph">
<p>veris:AZN - Azerbaijanian Manat</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_top">veris:iso_currency_code="TOP"</h4>
<div class="paragraph">
<p>veris:TOP - Pa&#8217;anga</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_mvr">veris:iso_currency_code="MVR"</h4>
<div class="paragraph">
<p>veris:MVR - Rufiyaa</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_vuv">veris:iso_currency_code="VUV"</h4>
<div class="paragraph">
<p>veris:VUV - Vatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_gnf">veris:iso_currency_code="GNF"</h4>
<div class="paragraph">
<p>veris:GNF - Guinea Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_wst">veris:iso_currency_code="WST"</h4>
<div class="paragraph">
<p>veris:WST - Tala</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_iqd">veris:iso_currency_code="IQD"</h4>
<div class="paragraph">
<p>veris:IQD - Iraqi Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ern">veris:iso_currency_code="ERN"</h4>
<div class="paragraph">
<p>veris:ERN - Nakfa</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bam">veris:iso_currency_code="BAM"</h4>
<div class="paragraph">
<p>veris:BAM - Convertible Mark</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_scr">veris:iso_currency_code="SCR"</h4>
<div class="paragraph">
<p>veris:SCR - Seychelles Rupee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_cad">veris:iso_currency_code="CAD"</h4>
<div class="paragraph">
<p>veris:CAD - Canadian Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_cve">veris:iso_currency_code="CVE"</h4>
<div class="paragraph">
<p>veris:CVE - Cape Verde Escudo</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_kwd">veris:iso_currency_code="KWD"</h4>
<div class="paragraph">
<p>veris:KWD - Kuwaiti Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bif">veris:iso_currency_code="BIF"</h4>
<div class="paragraph">
<p>veris:BIF - Burundi Franc</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_pgk">veris:iso_currency_code="PGK"</h4>
<div class="paragraph">
<p>veris:PGK - Kina</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_sos">veris:iso_currency_code="SOS"</h4>
<div class="paragraph">
<p>veris:SOS - Somali Shilling</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_sgd">veris:iso_currency_code="SGD"</h4>
<div class="paragraph">
<p>veris:SGD - Singapore Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_uzs">veris:iso_currency_code="UZS"</h4>
<div class="paragraph">
<p>veris:UZS - Uzbekistan Sum</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_std">veris:iso_currency_code="STD"</h4>
<div class="paragraph">
<p>veris:STD - Dobra</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_irr">veris:iso_currency_code="IRR"</h4>
<div class="paragraph">
<p>veris:IRR - Iranian Rial</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_cny">veris:iso_currency_code="CNY"</h4>
<div class="paragraph">
<p>veris:CNY - Yuan Renminbi</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_sll">veris:iso_currency_code="SLL"</h4>
<div class="paragraph">
<p>veris:SLL - Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_tnd">veris:iso_currency_code="TND"</h4>
<div class="paragraph">
<p>veris:TND - Tunisian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_gyd">veris:iso_currency_code="GYD"</h4>
<div class="paragraph">
<p>veris:GYD - Guyana Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_nzd">veris:iso_currency_code="NZD"</h4>
<div class="paragraph">
<p>veris:NZD - New Zealand Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_fkp">veris:iso_currency_code="FKP"</h4>
<div class="paragraph">
<p>veris:FKP - Falkland Islands Pound</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_lvl">veris:iso_currency_code="LVL"</h4>
<div class="paragraph">
<p>veris:LVL - Latvian Lats</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_usd">veris:iso_currency_code="USD"</h4>
<div class="paragraph">
<p>veris:USD - US Dollar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_kgs">veris:iso_currency_code="KGS"</h4>
<div class="paragraph">
<p>veris:KGS - Som</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ars">veris:iso_currency_code="ARS"</h4>
<div class="paragraph">
<p>veris:ARS - Argentine Peso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_ron">veris:iso_currency_code="RON"</h4>
<div class="paragraph">
<p>veris:RON - New Romanian Leu</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_gtq">veris:iso_currency_code="GTQ"</h4>
<div class="paragraph">
<p>veris:GTQ - Quetzal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_rsd">veris:iso_currency_code="RSD"</h4>
<div class="paragraph">
<p>veris:RSD - Serbian Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_bhd">veris:iso_currency_code="BHD"</h4>
<div class="paragraph">
<p>veris:BHD - Bahraini Dinar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_jpy">veris:iso_currency_code="JPY"</h4>
<div class="paragraph">
<p>veris:JPY - Yen</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_iso_currency_code_sdg">veris:iso_currency_code="SDG"</h4>
<div class="paragraph">
<p>veris:SDG - Sudanese Pound</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confidence">confidence</h3>
<div class="sect3">
<h4 id="_veris_confidence_high">veris:confidence="High"</h4>
<div class="paragraph">
<p>veris:High confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_confidence_none">veris:confidence="None"</h4>
<div class="paragraph">
<p>veris:No confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_confidence_medium">veris:confidence="Medium"</h4>
<div class="paragraph">
<p>veris:Medium confidence</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_confidence_low">veris:confidence="Low"</h4>
<div class="paragraph">
<p>veris:Low confidence</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_targeted">targeted</h3>
<div class="sect3">
<h4 id="_veris_targeted_targeted">veris:targeted="Targeted"</h4>
<div class="paragraph">
<p>veris:Targeted: victim chosen as target then actor determined what weaknesses could be exploited</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_targeted_na">veris:targeted="NA"</h4>
<div class="paragraph">
<p>veris:Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_targeted_opportunistic">veris:targeted="Opportunistic"</h4>
<div class="paragraph">
<p>veris:Opportunistic: victim attacked because they exhibited a weakness the actor knew how to exploit</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_targeted_unknown">veris:targeted="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_discovery_method">discovery_method</h3>
<div class="sect3">
<h4 id="_veris_discovery_method_int_financial_audit">veris:discovery_method="Int - financial audit"</h4>
<div class="paragraph">
<p>veris:Internal - financial audit and reconciliation process</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_found_documents">veris:discovery_method="Ext - found documents"</h4>
<div class="paragraph">
<p>veris:External - Found documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_unknown">veris:discovery_method="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_audit">veris:discovery_method="Ext - audit"</h4>
<div class="paragraph">
<p>veris:External - security audit or scan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_incident_response">veris:discovery_method="Ext - incident response"</h4>
<div class="paragraph">
<p>veris:External - Notified while investigating another incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_unknown">veris:discovery_method="Ext - unknown"</h4>
<div class="paragraph">
<p>veris:External - unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_other">veris:discovery_method="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_nids">veris:discovery_method="Int - NIDS"</h4>
<div class="paragraph">
<p>veris:Internal - network IDS or IPS alert</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_emergency_response_team">veris:discovery_method="Ext - emergency response team"</h4>
<div class="paragraph">
<p>veris:External - Emergency response team</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_fraud_detection">veris:discovery_method="Ext - fraud detection"</h4>
<div class="paragraph">
<p>veris:External - fraud detection (e.g., CPP)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_incident_response">veris:discovery_method="Int - incident response"</h4>
<div class="paragraph">
<p>veris:Internal - discovered while responding to another (separate) incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_customer">veris:discovery_method="Ext - customer"</h4>
<div class="paragraph">
<p>veris:External - reported by customer or partner affected by the incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_prt_audit">veris:discovery_method="Prt - audit"</h4>
<div class="paragraph">
<p>veris:Partner - Audit performed by a partner organization</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_it_review">veris:discovery_method="Int - IT review"</h4>
<div class="paragraph">
<p>veris:Internal - Informal IT review</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_log_review">veris:discovery_method="Int - log review"</h4>
<div class="paragraph">
<p>veris:Internal - log review process or SIEM</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_unknown">veris:discovery_method="Int - unknown"</h4>
<div class="paragraph">
<p>veris:Internal - unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_suspicious_traffic">veris:discovery_method="Ext - suspicious traffic"</h4>
<div class="paragraph">
<p>veris:External - Report of suspicious traffic</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_hids">veris:discovery_method="Int - HIDS"</h4>
<div class="paragraph">
<p>veris:Internal - host IDS or file integrity monitoring</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_prt_other">veris:discovery_method="Prt - Other"</h4>
<div class="paragraph">
<p>veris:Partner - Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_monitoring_service">veris:discovery_method="Ext - monitoring service"</h4>
<div class="paragraph">
<p>veris:External - managed security event monitoring service</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_prt_antivirus">veris:discovery_method="Prt - antivirus"</h4>
<div class="paragraph">
<p>veris:Partner - Notified by antivirus company but not through AV product</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_prt_unknown">veris:discovery_method="Prt - Unknown"</h4>
<div class="paragraph">
<p>veris:Partner - Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_security_alarm">veris:discovery_method="Int - security alarm"</h4>
<div class="paragraph">
<p>veris:Internal - physical security system alarm</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_law_enforcement">veris:discovery_method="Ext - law enforcement"</h4>
<div class="paragraph">
<p>veris:Internal - notified by law enforcement or government agency</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_antivirus">veris:discovery_method="Int - antivirus"</h4>
<div class="paragraph">
<p>veris:Internal - antivirus alert</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_infrastructure_monitoring">veris:discovery_method="Int - infrastructure monitoring"</h4>
<div class="paragraph">
<p>veris:Internal - Infrastructure monitoring</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_prt_incident_response">veris:discovery_method="Prt - incident response"</h4>
<div class="paragraph">
<p>veris:Partner - notified while investigating another incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_data_loss_prevention">veris:discovery_method="Int - data loss prevention"</h4>
<div class="paragraph">
<p>veris:Internal - Data loss prevention software</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_fraud_detection">veris:discovery_method="Int - fraud detection"</h4>
<div class="paragraph">
<p>veris:Internal - fraud detection mechanism</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_prt_monitoring_service">veris:discovery_method="Prt - monitoring service"</h4>
<div class="paragraph">
<p>veris:Partner - Reported by a monitoring service</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_int_reported_by_employee">veris:discovery_method="Int - reported by employee"</h4>
<div class="paragraph">
<p>veris:Internal - reported by employee who saw something odd</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_discovery_method_ext_actor_disclosure">veris:discovery_method="Ext - actor disclosure"</h4>
<div class="paragraph">
<p>veris:External - disclosed by threat agent (e.g., public brag, private blackmail)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_cost_corrective_action">cost_corrective_action</h3>
<div class="sect3">
<h4 id="_veris_cost_corrective_action_simple_and_cheap">veris:cost_corrective_action="Simple and cheap"</h4>
<div class="paragraph">
<p>veris:Simple and cheap</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_cost_corrective_action_unknown">veris:cost_corrective_action="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_cost_corrective_action_something_in_between">veris:cost_corrective_action="Something in-between"</h4>
<div class="paragraph">
<p>veris:Something in-between</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_cost_corrective_action_difficult_and_expensive">veris:cost_corrective_action="Difficult and expensive"</h4>
<div class="paragraph">
<p>veris:Difficult and expensive</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_security_incident">security_incident</h3>
<div class="sect3">
<h4 id="_veris_security_incident_suspected">veris:security_incident="Suspected"</h4>
<div class="paragraph">
<p>veris:Suspected</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_security_incident_confirmed">veris:security_incident="Confirmed"</h4>
<div class="paragraph">
<p>veris:Yes - Confirmed</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_security_incident_near_miss">veris:security_incident="Near miss"</h4>
<div class="paragraph">
<p>veris:Near miss (actions did not compromise asset)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_security_incident_false_positive">veris:security_incident="False positive"</h4>
<div class="paragraph">
<p>veris:False positive (response triggered, but no incident)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_country">country</h3>
<div class="sect3">
<h4 id="_veris_country_bd">veris:country="BD"</h4>
<div class="paragraph">
<p>veris:Bangladesh</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_be">veris:country="BE"</h4>
<div class="paragraph">
<p>veris:Belgium</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bf">veris:country="BF"</h4>
<div class="paragraph">
<p>veris:Burkina Faso</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bg">veris:country="BG"</h4>
<div class="paragraph">
<p>veris:Bulgaria</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ba">veris:country="BA"</h4>
<div class="paragraph">
<p>veris:Bosnia and Herzegovina</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bb">veris:country="BB"</h4>
<div class="paragraph">
<p>veris:Barbados</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_wf">veris:country="WF"</h4>
<div class="paragraph">
<p>veris:Wallis and Futuna Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bl">veris:country="BL"</h4>
<div class="paragraph">
<p>veris:Saint-Barthelemy</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bm">veris:country="BM"</h4>
<div class="paragraph">
<p>veris:Bermuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bn">veris:country="BN"</h4>
<div class="paragraph">
<p>veris:Brunei Darussalam</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bo">veris:country="BO"</h4>
<div class="paragraph">
<p>veris:Bolivia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bh">veris:country="BH"</h4>
<div class="paragraph">
<p>veris:Bahrain</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bi">veris:country="BI"</h4>
<div class="paragraph">
<p>veris:Burundi</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bj">veris:country="BJ"</h4>
<div class="paragraph">
<p>veris:Benin</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bt">veris:country="BT"</h4>
<div class="paragraph">
<p>veris:Bhutan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_jm">veris:country="JM"</h4>
<div class="paragraph">
<p>veris:Jamaica</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bv">veris:country="BV"</h4>
<div class="paragraph">
<p>veris:Bouvet Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bw">veris:country="BW"</h4>
<div class="paragraph">
<p>veris:Botswana</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ws">veris:country="WS"</h4>
<div class="paragraph">
<p>veris:Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bq">veris:country="BQ"</h4>
<div class="paragraph">
<p>veris:Bonaire, Saint Eustatius and Saba</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_br">veris:country="BR"</h4>
<div class="paragraph">
<p>veris:Brazil</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bs">veris:country="BS"</h4>
<div class="paragraph">
<p>veris:Bahamas</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_je">veris:country="JE"</h4>
<div class="paragraph">
<p>veris:Jersey</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_by">veris:country="BY"</h4>
<div class="paragraph">
<p>veris:Belarus</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_bz">veris:country="BZ"</h4>
<div class="paragraph">
<p>veris:Belize</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ru">veris:country="RU"</h4>
<div class="paragraph">
<p>veris:Russian Federation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_rw">veris:country="RW"</h4>
<div class="paragraph">
<p>veris:Rwanda</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_rs">veris:country="RS"</h4>
<div class="paragraph">
<p>veris:Serbia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tl">veris:country="TL"</h4>
<div class="paragraph">
<p>veris:Timor-Leste</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_re">veris:country="RE"</h4>
<div class="paragraph">
<p>veris:Reunion</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tm">veris:country="TM"</h4>
<div class="paragraph">
<p>veris:Turkmenistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_unknown">veris:country="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tj">veris:country="TJ"</h4>
<div class="paragraph">
<p>veris:Tajikistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ro">veris:country="RO"</h4>
<div class="paragraph">
<p>veris:Romania</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tk">veris:country="TK"</h4>
<div class="paragraph">
<p>veris:Tokelau</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gw">veris:country="GW"</h4>
<div class="paragraph">
<p>veris:Guinea-Bissau</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gu">veris:country="GU"</h4>
<div class="paragraph">
<p>veris:Guam</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gt">veris:country="GT"</h4>
<div class="paragraph">
<p>veris:Guatemala</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gs">veris:country="GS"</h4>
<div class="paragraph">
<p>veris:South Georgia and the South Sandwich Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gr">veris:country="GR"</h4>
<div class="paragraph">
<p>veris:Greece</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gq">veris:country="GQ"</h4>
<div class="paragraph">
<p>veris:Equatorial Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gp">veris:country="GP"</h4>
<div class="paragraph">
<p>veris:Guadeloupe</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_jp">veris:country="JP"</h4>
<div class="paragraph">
<p>veris:Japan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gy">veris:country="GY"</h4>
<div class="paragraph">
<p>veris:Guyana</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gg">veris:country="GG"</h4>
<div class="paragraph">
<p>veris:Guernsey</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gf">veris:country="GF"</h4>
<div class="paragraph">
<p>veris:French Guiana</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ge">veris:country="GE"</h4>
<div class="paragraph">
<p>veris:Georgia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gd">veris:country="GD"</h4>
<div class="paragraph">
<p>veris:Grenada</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gb">veris:country="GB"</h4>
<div class="paragraph">
<p>veris:United Kingdom</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ga">veris:country="GA"</h4>
<div class="paragraph">
<p>veris:Gabon</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sv">veris:country="SV"</h4>
<div class="paragraph">
<p>veris:El Salvador</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gn">veris:country="GN"</h4>
<div class="paragraph">
<p>veris:Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gm">veris:country="GM"</h4>
<div class="paragraph">
<p>veris:Gambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gl">veris:country="GL"</h4>
<div class="paragraph">
<p>veris:Greenland</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gi">veris:country="GI"</h4>
<div class="paragraph">
<p>veris:Gibraltar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_gh">veris:country="GH"</h4>
<div class="paragraph">
<p>veris:Ghana</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_om">veris:country="OM"</h4>
<div class="paragraph">
<p>veris:Oman</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tn">veris:country="TN"</h4>
<div class="paragraph">
<p>veris:Tunisia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_jo">veris:country="JO"</h4>
<div class="paragraph">
<p>veris:Jordan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_hr">veris:country="HR"</h4>
<div class="paragraph">
<p>veris:Croatia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ht">veris:country="HT"</h4>
<div class="paragraph">
<p>veris:Haiti</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_hu">veris:country="HU"</h4>
<div class="paragraph">
<p>veris:Hungary</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_hk">veris:country="HK"</h4>
<div class="paragraph">
<p>veris:Hong Kong</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_hn">veris:country="HN"</h4>
<div class="paragraph">
<p>veris:Honduras</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_hm">veris:country="HM"</h4>
<div class="paragraph">
<p>veris:Heard Island and McDonal Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ve">veris:country="VE"</h4>
<div class="paragraph">
<p>veris:Venezuela (Bolivarian Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pr">veris:country="PR"</h4>
<div class="paragraph">
<p>veris:Puerto Rico</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ps">veris:country="PS"</h4>
<div class="paragraph">
<p>veris:Palestinian Territory, Occupied</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pw">veris:country="PW"</h4>
<div class="paragraph">
<p>veris:Palau</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pt">veris:country="PT"</h4>
<div class="paragraph">
<p>veris:Portugal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sj">veris:country="SJ"</h4>
<div class="paragraph">
<p>veris:Svalbard and Jan Mayen Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_py">veris:country="PY"</h4>
<div class="paragraph">
<p>veris:Paraguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_iq">veris:country="IQ"</h4>
<div class="paragraph">
<p>veris:Iraq</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pa">veris:country="PA"</h4>
<div class="paragraph">
<p>veris:Panama</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pf">veris:country="PF"</h4>
<div class="paragraph">
<p>veris:French Polynesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pg">veris:country="PG"</h4>
<div class="paragraph">
<p>veris:Papua New Guinea</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pe">veris:country="PE"</h4>
<div class="paragraph">
<p>veris:Peru</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pk">veris:country="PK"</h4>
<div class="paragraph">
<p>veris:Pakistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ph">veris:country="PH"</h4>
<div class="paragraph">
<p>veris:Philippines</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pn">veris:country="PN"</h4>
<div class="paragraph">
<p>veris:Pitcairn</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pl">veris:country="PL"</h4>
<div class="paragraph">
<p>veris:Poland</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_pm">veris:country="PM"</h4>
<div class="paragraph">
<p>veris:Saint Pierre and Miquelon</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_zm">veris:country="ZM"</h4>
<div class="paragraph">
<p>veris:Zambia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_eh">veris:country="EH"</h4>
<div class="paragraph">
<p>veris:Western Sahara</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ee">veris:country="EE"</h4>
<div class="paragraph">
<p>veris:Estonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_eg">veris:country="EG"</h4>
<div class="paragraph">
<p>veris:Egypt</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_za">veris:country="ZA"</h4>
<div class="paragraph">
<p>veris:South Africa</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ec">veris:country="EC"</h4>
<div class="paragraph">
<p>veris:Ecuador</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_it">veris:country="IT"</h4>
<div class="paragraph">
<p>veris:Italy</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_vn">veris:country="VN"</h4>
<div class="paragraph">
<p>veris:Viet Nam</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sb">veris:country="SB"</h4>
<div class="paragraph">
<p>veris:Solomon Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_et">veris:country="ET"</h4>
<div class="paragraph">
<p>veris:Ethiopia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_so">veris:country="SO"</h4>
<div class="paragraph">
<p>veris:Somalia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_zw">veris:country="ZW"</h4>
<div class="paragraph">
<p>veris:Zimbabwe</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sa">veris:country="SA"</h4>
<div class="paragraph">
<p>veris:Saudi Arabia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_es">veris:country="ES"</h4>
<div class="paragraph">
<p>veris:Spain</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_er">veris:country="ER"</h4>
<div class="paragraph">
<p>veris:Eritrea</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_me">veris:country="ME"</h4>
<div class="paragraph">
<p>veris:Montenegro</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_md">veris:country="MD"</h4>
<div class="paragraph">
<p>veris:Moldova, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mg">veris:country="MG"</h4>
<div class="paragraph">
<p>veris:Madagascar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mf">veris:country="MF"</h4>
<div class="paragraph">
<p>veris:Saint Martin (French part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ma">veris:country="MA"</h4>
<div class="paragraph">
<p>veris:Morocco</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mc">veris:country="MC"</h4>
<div class="paragraph">
<p>veris:Monaco</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_uz">veris:country="UZ"</h4>
<div class="paragraph">
<p>veris:Uzbekistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mm">veris:country="MM"</h4>
<div class="paragraph">
<p>veris:Myanmar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ml">veris:country="ML"</h4>
<div class="paragraph">
<p>veris:Mali</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mo">veris:country="MO"</h4>
<div class="paragraph">
<p>veris:Macao</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mn">veris:country="MN"</h4>
<div class="paragraph">
<p>veris:Mongolia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mh">veris:country="MH"</h4>
<div class="paragraph">
<p>veris:Marshall Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mk">veris:country="MK"</h4>
<div class="paragraph">
<p>veris:Macedonia, The former Yugoslav Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mu">veris:country="MU"</h4>
<div class="paragraph">
<p>veris:Mauritius</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mt">veris:country="MT"</h4>
<div class="paragraph">
<p>veris:Malta</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mw">veris:country="MW"</h4>
<div class="paragraph">
<p>veris:Malawi</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mv">veris:country="MV"</h4>
<div class="paragraph">
<p>veris:Maldives</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mq">veris:country="MQ"</h4>
<div class="paragraph">
<p>veris:Martinique</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mp">veris:country="MP"</h4>
<div class="paragraph">
<p>veris:Northern Mariana Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ms">veris:country="MS"</h4>
<div class="paragraph">
<p>veris:Montserrat</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mr">veris:country="MR"</h4>
<div class="paragraph">
<p>veris:Mauritania</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_im">veris:country="IM"</h4>
<div class="paragraph">
<p>veris:Isle of Man</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ug">veris:country="UG"</h4>
<div class="paragraph">
<p>veris:Uganda</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tz">veris:country="TZ"</h4>
<div class="paragraph">
<p>veris:Tanzania, United Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_my">veris:country="MY"</h4>
<div class="paragraph">
<p>veris:Malaysia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mx">veris:country="MX"</h4>
<div class="paragraph">
<p>veris:Mexico</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_il">veris:country="IL"</h4>
<div class="paragraph">
<p>veris:Israel</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_fr">veris:country="FR"</h4>
<div class="paragraph">
<p>veris:France</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_io">veris:country="IO"</h4>
<div class="paragraph">
<p>veris:British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sh">veris:country="SH"</h4>
<div class="paragraph">
<p>veris:Saint Helena</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_fi">veris:country="FI"</h4>
<div class="paragraph">
<p>veris:Finland</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_fj">veris:country="FJ"</h4>
<div class="paragraph">
<p>veris:Fiji</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_fk">veris:country="FK"</h4>
<div class="paragraph">
<p>veris:Faeroe Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_fm">veris:country="FM"</h4>
<div class="paragraph">
<p>veris:Micronesia (Federated States of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_fo">veris:country="FO"</h4>
<div class="paragraph">
<p>veris:Falkland Islands (Malvinas)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ni">veris:country="NI"</h4>
<div class="paragraph">
<p>veris:Nicaragua</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_nl">veris:country="NL"</h4>
<div class="paragraph">
<p>veris:Netherlands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_no">veris:country="NO"</h4>
<div class="paragraph">
<p>veris:Norway</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_na">veris:country="NA"</h4>
<div class="paragraph">
<p>veris:Namibia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_vu">veris:country="VU"</h4>
<div class="paragraph">
<p>veris:Vanuatu</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_nc">veris:country="NC"</h4>
<div class="paragraph">
<p>veris:New Caledonia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ne">veris:country="NE"</h4>
<div class="paragraph">
<p>veris:Niger</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_nf">veris:country="NF"</h4>
<div class="paragraph">
<p>veris:Norfolk Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ng">veris:country="NG"</h4>
<div class="paragraph">
<p>veris:Nigeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_nz">veris:country="NZ"</h4>
<div class="paragraph">
<p>veris:New Zealand</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_np">veris:country="NP"</h4>
<div class="paragraph">
<p>veris:Nepal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_nr">veris:country="NR"</h4>
<div class="paragraph">
<p>veris:Nauru</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_nu">veris:country="NU"</h4>
<div class="paragraph">
<p>veris:Niue</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ck">veris:country="CK"</h4>
<div class="paragraph">
<p>veris:Cook Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ci">veris:country="CI"</h4>
<div class="paragraph">
<p>veris:Cote d&#8217;Ivoire</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ch">veris:country="CH"</h4>
<div class="paragraph">
<p>veris:Switzerland</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_co">veris:country="CO"</h4>
<div class="paragraph">
<p>veris:Colombia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cn">veris:country="CN"</h4>
<div class="paragraph">
<p>veris:China</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cm">veris:country="CM"</h4>
<div class="paragraph">
<p>veris:Cameroon</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cl">veris:country="CL"</h4>
<div class="paragraph">
<p>veris:Chile</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cc">veris:country="CC"</h4>
<div class="paragraph">
<p>veris:Cocos (Keeling) Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ca">veris:country="CA"</h4>
<div class="paragraph">
<p>veris:Canada</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cg">veris:country="CG"</h4>
<div class="paragraph">
<p>veris:Congo</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cf">veris:country="CF"</h4>
<div class="paragraph">
<p>veris:Central African Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cd">veris:country="CD"</h4>
<div class="paragraph">
<p>veris:Congo, Democratic Republic of the</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cz">veris:country="CZ"</h4>
<div class="paragraph">
<p>veris:Czech Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cy">veris:country="CY"</h4>
<div class="paragraph">
<p>veris:Cyprus</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cx">veris:country="CX"</h4>
<div class="paragraph">
<p>veris:Christmas Island</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cr">veris:country="CR"</h4>
<div class="paragraph">
<p>veris:Costa Rica</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cw">veris:country="CW"</h4>
<div class="paragraph">
<p>veris:Curacao</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cv">veris:country="CV"</h4>
<div class="paragraph">
<p>veris:Cape Verde</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_cu">veris:country="CU"</h4>
<div class="paragraph">
<p>veris:Cuba</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sz">veris:country="SZ"</h4>
<div class="paragraph">
<p>veris:Swaziland</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sy">veris:country="SY"</h4>
<div class="paragraph">
<p>veris:Syrian Arab Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sx">veris:country="SX"</h4>
<div class="paragraph">
<p>veris:Sint Maarten (Dutch part)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_kg">veris:country="KG"</h4>
<div class="paragraph">
<p>veris:Kyrgyzstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ke">veris:country="KE"</h4>
<div class="paragraph">
<p>veris:Kenya</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ss">veris:country="SS"</h4>
<div class="paragraph">
<p>veris:South Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sr">veris:country="SR"</h4>
<div class="paragraph">
<p>veris:Suriname</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ki">veris:country="KI"</h4>
<div class="paragraph">
<p>veris:Kiribati</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_kh">veris:country="KH"</h4>
<div class="paragraph">
<p>veris:Cambodia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_kn">veris:country="KN"</h4>
<div class="paragraph">
<p>veris:Saint Kitts and Nevis</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_km">veris:country="KM"</h4>
<div class="paragraph">
<p>veris:Comoros</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_st">veris:country="ST"</h4>
<div class="paragraph">
<p>veris:Sao Tome and Principe</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sk">veris:country="SK"</h4>
<div class="paragraph">
<p>veris:Slovakia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_kr">veris:country="KR"</h4>
<div class="paragraph">
<p>veris:Korea, Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_si">veris:country="SI"</h4>
<div class="paragraph">
<p>veris:Slovenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_kp">veris:country="KP"</h4>
<div class="paragraph">
<p>veris:Korea, Democratic People&#8217;s Republic of</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_kw">veris:country="KW"</h4>
<div class="paragraph">
<p>veris:Kuwait</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sn">veris:country="SN"</h4>
<div class="paragraph">
<p>veris:Senegal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sm">veris:country="SM"</h4>
<div class="paragraph">
<p>veris:San Marino</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sl">veris:country="SL"</h4>
<div class="paragraph">
<p>veris:Sierra Leone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sc">veris:country="SC"</h4>
<div class="paragraph">
<p>veris:Seychelles</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_kz">veris:country="KZ"</h4>
<div class="paragraph">
<p>veris:Kazakhstan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ky">veris:country="KY"</h4>
<div class="paragraph">
<p>veris:Cayman Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sg">veris:country="SG"</h4>
<div class="paragraph">
<p>veris:Singapore</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_se">veris:country="SE"</h4>
<div class="paragraph">
<p>veris:Sweden</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_sd">veris:country="SD"</h4>
<div class="paragraph">
<p>veris:Sudan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_do">veris:country="DO"</h4>
<div class="paragraph">
<p>veris:Dominican Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_dm">veris:country="DM"</h4>
<div class="paragraph">
<p>veris:Dominica</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_dj">veris:country="DJ"</h4>
<div class="paragraph">
<p>veris:Djibouti</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_dk">veris:country="DK"</h4>
<div class="paragraph">
<p>veris:Denmark</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_vg">veris:country="VG"</h4>
<div class="paragraph">
<p>veris:British Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_de">veris:country="DE"</h4>
<div class="paragraph">
<p>veris:Germany</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ye">veris:country="YE"</h4>
<div class="paragraph">
<p>veris:Yemen</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_other">veris:country="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_dz">veris:country="DZ"</h4>
<div class="paragraph">
<p>veris:Algeria</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_us">veris:country="US"</h4>
<div class="paragraph">
<p>veris:United States of America</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_uy">veris:country="UY"</h4>
<div class="paragraph">
<p>veris:Uruguay</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_yt">veris:country="YT"</h4>
<div class="paragraph">
<p>veris:Mayotte</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_um">veris:country="UM"</h4>
<div class="paragraph">
<p>veris:United States Minor Outlying Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_lb">veris:country="LB"</h4>
<div class="paragraph">
<p>veris:Lebanon</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_lc">veris:country="LC"</h4>
<div class="paragraph">
<p>veris:Saint Lucia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_la">veris:country="LA"</h4>
<div class="paragraph">
<p>veris:Lao People&#8217;s Democratic Republic</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tv">veris:country="TV"</h4>
<div class="paragraph">
<p>veris:Tuvalu</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tw">veris:country="TW"</h4>
<div class="paragraph">
<p>veris:Taiwan, Province of China</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tt">veris:country="TT"</h4>
<div class="paragraph">
<p>veris:Trinidad and Tobago</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tr">veris:country="TR"</h4>
<div class="paragraph">
<p>veris:Turkey</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_lk">veris:country="LK"</h4>
<div class="paragraph">
<p>veris:Sri Lanka</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_li">veris:country="LI"</h4>
<div class="paragraph">
<p>veris:Liechtenstein</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_lv">veris:country="LV"</h4>
<div class="paragraph">
<p>veris:Latvia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_to">veris:country="TO"</h4>
<div class="paragraph">
<p>veris:Tonga</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_lt">veris:country="LT"</h4>
<div class="paragraph">
<p>veris:Lithuania</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_lu">veris:country="LU"</h4>
<div class="paragraph">
<p>veris:Luxembourg</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_lr">veris:country="LR"</h4>
<div class="paragraph">
<p>veris:Liberia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ls">veris:country="LS"</h4>
<div class="paragraph">
<p>veris:Lesotho</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_th">veris:country="TH"</h4>
<div class="paragraph">
<p>veris:Thailand</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tf">veris:country="TF"</h4>
<div class="paragraph">
<p>veris:French Southern Territories</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tg">veris:country="TG"</h4>
<div class="paragraph">
<p>veris:Togo</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_td">veris:country="TD"</h4>
<div class="paragraph">
<p>veris:Chad</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_tc">veris:country="TC"</h4>
<div class="paragraph">
<p>veris:Turks and Caicos Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ly">veris:country="LY"</h4>
<div class="paragraph">
<p>veris:Libya</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_va">veris:country="VA"</h4>
<div class="paragraph">
<p>veris:Holy See</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_vc">veris:country="VC"</h4>
<div class="paragraph">
<p>veris:Saint Vincent and the Grenadines</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ae">veris:country="AE"</h4>
<div class="paragraph">
<p>veris:United Arab Emirates</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ad">veris:country="AD"</h4>
<div class="paragraph">
<p>veris:Andorra</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ag">veris:country="AG"</h4>
<div class="paragraph">
<p>veris:Antigua and Barbuda</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_af">veris:country="AF"</h4>
<div class="paragraph">
<p>veris:Afghanistan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ai">veris:country="AI"</h4>
<div class="paragraph">
<p>veris:Anguilla</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_vi">veris:country="VI"</h4>
<div class="paragraph">
<p>veris:United States Virgin Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_is">veris:country="IS"</h4>
<div class="paragraph">
<p>veris:Iceland</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ir">veris:country="IR"</h4>
<div class="paragraph">
<p>veris:Iran (Islamic Republic of)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_am">veris:country="AM"</h4>
<div class="paragraph">
<p>veris:Armenia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_al">veris:country="AL"</h4>
<div class="paragraph">
<p>veris:Albania</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ao">veris:country="AO"</h4>
<div class="paragraph">
<p>veris:Angola</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_aq">veris:country="AQ"</h4>
<div class="paragraph">
<p>veris:Antarctica</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_as">veris:country="AS"</h4>
<div class="paragraph">
<p>veris:American Samoa</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ar">veris:country="AR"</h4>
<div class="paragraph">
<p>veris:Argentina</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_au">veris:country="AU"</h4>
<div class="paragraph">
<p>veris:Australia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_at">veris:country="AT"</h4>
<div class="paragraph">
<p>veris:Austria</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_aw">veris:country="AW"</h4>
<div class="paragraph">
<p>veris:Aruba</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_in">veris:country="IN"</h4>
<div class="paragraph">
<p>veris:India</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ax">veris:country="AX"</h4>
<div class="paragraph">
<p>veris:Aland Islands</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_az">veris:country="AZ"</h4>
<div class="paragraph">
<p>veris:Azerbaijan</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ie">veris:country="IE"</h4>
<div class="paragraph">
<p>veris:Ireland</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_id">veris:country="ID"</h4>
<div class="paragraph">
<p>veris:Indonesia</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_ua">veris:country="UA"</h4>
<div class="paragraph">
<p>veris:Ukraine</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_qa">veris:country="QA"</h4>
<div class="paragraph">
<p>veris:Qatar</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_country_mz">veris:country="MZ"</h4>
<div class="paragraph">
<p>veris:Mozambique</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impact_overall_rating">impact:overall_rating</h3>
<div class="sect3">
<h4 id="_veris_impact_overall_rating_insignificant">veris:impact:overall_rating="Insignificant"</h4>
<div class="paragraph">
<p>veris:Insignificant: Impact absorbed by normal activities</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_overall_rating_catastrophic">veris:impact:overall_rating="Catastrophic"</h4>
<div class="paragraph">
<p>veris:Catastrophic: A business-ending event (don&#8217;t choose this if the victim will continue operations)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_overall_rating_distracting">veris:impact:overall_rating="Distracting"</h4>
<div class="paragraph">
<p>veris:Distracting: Limited "hard costs", but impact felt through having to deal with the incident rather than conducting normal duties</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_overall_rating_damaging">veris:impact:overall_rating="Damaging"</h4>
<div class="paragraph">
<p>veris:Damaging: Real and serious effect on the "bottom line" and/or long-term ability to generate revenue</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_overall_rating_unknown">veris:impact:overall_rating="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_overall_rating_painful">veris:impact:overall_rating="Painful"</h4>
<div class="paragraph">
<p>veris:Painful: Limited "hard costs", but impact felt through having to deal with the incident rather than conducting normal duties</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actor_motive">actor:motive</h3>
<div class="sect3">
<h4 id="_veris_actor_motive_grudge">veris:actor:motive="Grudge"</h4>
<div class="paragraph">
<p>veris:Grudge or personal offense</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_financial">veris:actor:motive="Financial"</h4>
<div class="paragraph">
<p>veris:Financial or personal gain</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_na">veris:actor:motive="NA"</h4>
<div class="paragraph">
<p>veris:Not Applicable (unintentional action)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_ideology">veris:actor:motive="Ideology"</h4>
<div class="paragraph">
<p>veris:Ideology or protest</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_convenience">veris:actor:motive="Convenience"</h4>
<div class="paragraph">
<p>veris:Convenience of expediency</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_other">veris:actor:motive="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_unknown">veris:actor:motive="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_fun">veris:actor:motive="Fun"</h4>
<div class="paragraph">
<p>veris:Fun, curiosity, or pride</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_fear">veris:actor:motive="Fear"</h4>
<div class="paragraph">
<p>veris:Fear or duress</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_espionage">veris:actor:motive="Espionage"</h4>
<div class="paragraph">
<p>veris:Espionage or competitive advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_motive_secondary">veris:actor:motive="Secondary"</h4>
<div class="paragraph">
<p>veris:Aid in a different attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_asset_management">asset:management</h3>
<div class="sect3">
<h4 id="_veris_asset_management_na">veris:asset:management="NA"</h4>
<div class="paragraph">
<p>veris:Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_management_internal">veris:asset:management="Internal"</h4>
<div class="paragraph">
<p>veris:Internally managed</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_management_external">veris:asset:management="External"</h4>
<div class="paragraph">
<p>veris:Externally managed</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_management_unknown">veris:asset:management="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_asset_variety">asset:variety</h3>
<div class="sect3">
<h4 id="_veris_asset_variety_m_flash_drive">veris:asset:variety="M - Flash drive"</h4>
<div class="paragraph">
<p>veris:Media - Flash drive or card</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_print">veris:asset:variety="S - Print"</h4>
<div class="paragraph">
<p>veris:Server - Print</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_guard">veris:asset:variety="P - Guard"</h4>
<div class="paragraph">
<p>veris:People - Guard</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_database">veris:asset:variety="S - Database"</h4>
<div class="paragraph">
<p>veris:Server - Database</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_pbx">veris:asset:variety="N - PBX"</h4>
<div class="paragraph">
<p>veris:Network - Private branch exchange (PBX)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_m_other">veris:asset:variety="M - Other"</h4>
<div class="paragraph">
<p>veris:Media - Other/Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_other">veris:asset:variety="S - Other"</h4>
<div class="paragraph">
<p>veris:Server - Other/Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_system_admin">veris:asset:variety="P - System admin"</h4>
<div class="paragraph">
<p>veris:People - Administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_pos_controller">veris:asset:variety="S - POS controller"</h4>
<div class="paragraph">
<p>veris:Server - POS controller</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_t_other">veris:asset:variety="T - Other"</h4>
<div class="paragraph">
<p>veris:Public Terminal - Other/Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_camera">veris:asset:variety="N - Camera"</h4>
<div class="paragraph">
<p>veris:Network - Camera or surveillance system</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_unknown">veris:asset:variety="S - Unknown"</h4>
<div class="paragraph">
<p>veris:Server - Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_dhcp">veris:asset:variety="S - DHCP"</h4>
<div class="paragraph">
<p>veris:Server - DHCP</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_pos_terminal">veris:asset:variety="U - POS terminal"</h4>
<div class="paragraph">
<p>veris:User Device - POS terminal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_lan">veris:asset:variety="N - LAN"</h4>
<div class="paragraph">
<p>veris:Network - Wired LAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_manager">veris:asset:variety="P - Manager"</h4>
<div class="paragraph">
<p>veris:People - Manager</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_m_payment_card">veris:asset:variety="M - Payment card"</h4>
<div class="paragraph">
<p>veris:Media - Payment card (e.g., magstripe, EMV)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_public_wan">veris:asset:variety="N - Public WAN"</h4>
<div class="paragraph">
<p>veris:Network - Public WAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_former_employee">veris:asset:variety="P - Former employee"</h4>
<div class="paragraph">
<p>veris:People - Former employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_authentication">veris:asset:variety="S - Authentication"</h4>
<div class="paragraph">
<p>veris:Server - Authentication</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_mobile_phone">veris:asset:variety="U - Mobile phone"</h4>
<div class="paragraph">
<p>veris:User Device - Mobile phone or smartphone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_router_or_switch">veris:asset:variety="N - Router or switch"</h4>
<div class="paragraph">
<p>veris:Network - Router or switch</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_t_kiosk">veris:asset:variety="T - Kiosk"</h4>
<div class="paragraph">
<p>veris:Public Terminal - Self-service kiosk</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_hsm">veris:asset:variety="N - HSM"</h4>
<div class="paragraph">
<p>veris:Network - Hardware security module (HSM)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_peripheral">veris:asset:variety="U - Peripheral"</h4>
<div class="paragraph">
<p>veris:User Device - Peripheral (e.g., printer, copier, fax)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_code_repository">veris:asset:variety="S - Code repository"</h4>
<div class="paragraph">
<p>veris:Server - Code repository</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_scada">veris:asset:variety="S - SCADA"</h4>
<div class="paragraph">
<p>veris:Server - SCADA system</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_end_user">veris:asset:variety="P - End-user"</h4>
<div class="paragraph">
<p>veris:People - End-user</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_san">veris:asset:variety="N - SAN"</h4>
<div class="paragraph">
<p>veris:Network - Storage area network (SAN)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_t_atm">veris:asset:variety="T - ATM"</h4>
<div class="paragraph">
<p>veris:Public Terminal - Automated Teller Machine (ATM)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_rtu">veris:asset:variety="N - RTU"</h4>
<div class="paragraph">
<p>veris:Network - Remote terminal unit (RTU)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_unknown">veris:asset:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_m_smart_card">veris:asset:variety="M - Smart card"</h4>
<div class="paragraph">
<p>veris:Media - Identity smart card</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_ids">veris:asset:variety="N - IDS"</h4>
<div class="paragraph">
<p>veris:Network - IDS or IPs</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_plc">veris:asset:variety="N - PLC"</h4>
<div class="paragraph">
<p>veris:Network - Programmable logic controller (PLC)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_other">veris:asset:variety="N - Other"</h4>
<div class="paragraph">
<p>veris:Network - Other/Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_cashier">veris:asset:variety="P - Cashier"</h4>
<div class="paragraph">
<p>veris:People - Cashier</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_executive">veris:asset:variety="P - Executive"</h4>
<div class="paragraph">
<p>veris:People - Executive</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_desktop">veris:asset:variety="U - Desktop"</h4>
<div class="paragraph">
<p>veris:User Device - Desktop or workstation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_tablet">veris:asset:variety="U - Tablet"</h4>
<div class="paragraph">
<p>veris:User Device - Tablet</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_firewall">veris:asset:variety="N - Firewall"</h4>
<div class="paragraph">
<p>veris:Network - Firewall</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_customer">veris:asset:variety="P - Customer"</h4>
<div class="paragraph">
<p>veris:People - Customer</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_mainframe">veris:asset:variety="S - Mainframe"</h4>
<div class="paragraph">
<p>veris:Server - Mainframe</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_directory">veris:asset:variety="S - Directory"</h4>
<div class="paragraph">
<p>veris:Server - Directory (LDAP, AD)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_auth_token">veris:asset:variety="U - Auth token"</h4>
<div class="paragraph">
<p>veris:User Device - Authentication token or device</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_media">veris:asset:variety="U - Media"</h4>
<div class="paragraph">
<p>veris:User Device - Media player or recorder</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_t_gas_terminal">veris:asset:variety="T - Gas terminal"</h4>
<div class="paragraph">
<p>veris:Public Terminal - Gas "pay-at-the-pump" terminal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_t_ped_pad">veris:asset:variety="T - PED pad"</h4>
<div class="paragraph">
<p>veris:Public Terminal - Detached PIN pad or card reader</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_m_disk_drive">veris:asset:variety="M - Disk drive"</h4>
<div class="paragraph">
<p>veris:Media - Hard disk drive</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_vm_host">veris:asset:variety="S - VM host"</h4>
<div class="paragraph">
<p>veris:Server - Virtual Host</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_auditor">veris:asset:variety="P - Auditor"</h4>
<div class="paragraph">
<p>veris:People - Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_voip_phone">veris:asset:variety="U - VoIP phone"</h4>
<div class="paragraph">
<p>veris:User Device - VoIP phone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_broadband">veris:asset:variety="N - Broadband"</h4>
<div class="paragraph">
<p>veris:Network - Mobile broadband network</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_other">veris:asset:variety="U - Other"</h4>
<div class="paragraph">
<p>veris:User Device - Other/Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_telephone">veris:asset:variety="U - Telephone"</h4>
<div class="paragraph">
<p>veris:User Device - Telephone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_call_center">veris:asset:variety="P - Call center"</h4>
<div class="paragraph">
<p>veris:People - Call center</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_private_wan">veris:asset:variety="N - Private WAN"</h4>
<div class="paragraph">
<p>veris:Network - Private WAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_dns">veris:asset:variety="S - DNS"</h4>
<div class="paragraph">
<p>veris:Server - DNS</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_helpdesk">veris:asset:variety="P - Helpdesk"</h4>
<div class="paragraph">
<p>veris:People - Helpdesk</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_telephone">veris:asset:variety="N - Telephone"</h4>
<div class="paragraph">
<p>veris:Network - Telephone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_u_laptop">veris:asset:variety="U - Laptop"</h4>
<div class="paragraph">
<p>veris:User Device - Laptop</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_log">veris:asset:variety="S - Log"</h4>
<div class="paragraph">
<p>veris:Server - Log or event management</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_finance">veris:asset:variety="P - Finance"</h4>
<div class="paragraph">
<p>veris:People - Finance</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_human_resources">veris:asset:variety="P - Human resources"</h4>
<div class="paragraph">
<p>veris:People - Human resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_voip_adapter">veris:asset:variety="N - VoIP adapter"</h4>
<div class="paragraph">
<p>veris:Network - VoIP adapter</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_backup">veris:asset:variety="S - Backup"</h4>
<div class="paragraph">
<p>veris:Server - Backup</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_partner">veris:asset:variety="P - Partner"</h4>
<div class="paragraph">
<p>veris:People - Partner</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_maintenance">veris:asset:variety="P - Maintenance"</h4>
<div class="paragraph">
<p>veris:People - Maintenance</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_payment_switch">veris:asset:variety="S - Payment switch"</h4>
<div class="paragraph">
<p>veris:Server - Payment switch or gateway</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_dcs">veris:asset:variety="S - DCS"</h4>
<div class="paragraph">
<p>veris:Server - Distributed control system (DCS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_other">veris:asset:variety="P - Other"</h4>
<div class="paragraph">
<p>veris:People - Other/Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_proxy">veris:asset:variety="S - Proxy"</h4>
<div class="paragraph">
<p>veris:Server - Proxy</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_mail">veris:asset:variety="S - Mail"</h4>
<div class="paragraph">
<p>veris:Server - Mail</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_m_tapes">veris:asset:variety="M - Tapes"</h4>
<div class="paragraph">
<p>veris:Media - Backup tapes</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_remote_access">veris:asset:variety="S - Remote access"</h4>
<div class="paragraph">
<p>veris:Server - Remote access</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_access_reader">veris:asset:variety="N - Access reader"</h4>
<div class="paragraph">
<p>veris:Network - Access control reader (e.g., badge, biometric)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_file">veris:asset:variety="S - File"</h4>
<div class="paragraph">
<p>veris:Server - File</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_s_web_application">veris:asset:variety="S - Web application"</h4>
<div class="paragraph">
<p>veris:Server - Web application</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_m_documents">veris:asset:variety="M - Documents"</h4>
<div class="paragraph">
<p>veris:Media - Documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_n_wlan">veris:asset:variety="N - WLAN"</h4>
<div class="paragraph">
<p>veris:Network - Wireless LAN</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_p_developer">veris:asset:variety="P - Developer"</h4>
<div class="paragraph">
<p>veris:People - Developer</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_variety_m_disk_media">veris:asset:variety="M - Disk media"</h4>
<div class="paragraph">
<p>veris:Media - Disk media (e.g., CDs, DVDs)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_asset_accessibility">asset:accessibility</h3>
<div class="sect3">
<h4 id="_veris_asset_accessibility_na">veris:asset:accessibility="NA"</h4>
<div class="paragraph">
<p>veris:Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_accessibility_internal">veris:asset:accessibility="Internal"</h4>
<div class="paragraph">
<p>veris:Internally accessible</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_accessibility_unknown">veris:asset:accessibility="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_accessibility_external">veris:asset:accessibility="External"</h4>
<div class="paragraph">
<p>veris:Publicly accessible</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_accessibility_isolated">veris:asset:accessibility="Isolated"</h4>
<div class="paragraph">
<p>veris:Internally isolated or restricted environment</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_asset_governance">asset:governance</h3>
<div class="sect3">
<h4 id="_veris_asset_governance_3rd_party_hosted">veris:asset:governance="3rd party hosted"</h4>
<div class="paragraph">
<p>veris:Hosted by 3rd party</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_governance_unknown">veris:asset:governance="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_governance_3rd_party_managed">veris:asset:governance="3rd party managed"</h4>
<div class="paragraph">
<p>veris:Managed by 3rd party</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_governance_3rd_party_owned">veris:asset:governance="3rd party owned"</h4>
<div class="paragraph">
<p>veris:Owned by 3rd party</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_governance_personally_owned">veris:asset:governance="Personally owned"</h4>
<div class="paragraph">
<p>veris:Personally owned asset</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_governance_internally_isolated">veris:asset:governance="Internally isolated"</h4>
<div class="paragraph">
<p>veris:Isolated internal asset</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_asset_hosting">asset:hosting</h3>
<div class="sect3">
<h4 id="_veris_asset_hosting_external_shared">veris:asset:hosting="External shared"</h4>
<div class="paragraph">
<p>veris:Externally hosted in a shared envirnoment</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_hosting_external_dedicated">veris:asset:hosting="External dedicated"</h4>
<div class="paragraph">
<p>veris:Externally hosted in a dedicated envirnoment</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_hosting_na">veris:asset:hosting="NA"</h4>
<div class="paragraph">
<p>veris:Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_hosting_internal">veris:asset:hosting="Internal"</h4>
<div class="paragraph">
<p>veris:Internally hosted</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_hosting_external">veris:asset:hosting="External"</h4>
<div class="paragraph">
<p>veris:Externally hosted (unsure if dedicated or shared)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_hosting_unknown">veris:asset:hosting="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_asset_ownership">asset:ownership</h3>
<div class="sect3">
<h4 id="_veris_asset_ownership_customer">veris:asset:ownership="Customer"</h4>
<div class="paragraph">
<p>veris:Customer owned</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_ownership_unknown">veris:asset:ownership="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_ownership_victim">veris:asset:ownership="Victim"</h4>
<div class="paragraph">
<p>veris:Victim owned</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_ownership_na">veris:asset:ownership="NA"</h4>
<div class="paragraph">
<p>veris:Not applicable</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_ownership_employee">veris:asset:ownership="Employee"</h4>
<div class="paragraph">
<p>veris:Employee owned</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_ownership_partner">veris:asset:ownership="Partner"</h4>
<div class="paragraph">
<p>veris:Partner owned</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_asset_cloud">asset:cloud</h3>
<div class="sect3">
<h4 id="_veris_asset_cloud_hosting_error">veris:asset:cloud="Hosting error"</h4>
<div class="paragraph">
<p>veris:Misconfiguration or error by hosting provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_cloud_user_breakout">veris:asset:cloud="User breakout"</h4>
<div class="paragraph">
<p>veris:Elevation of privilege by another customer in shared environment</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_cloud_unknown">veris:asset:cloud="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_cloud_other">veris:asset:cloud="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_cloud_hosting_governance">veris:asset:cloud="Hosting governance"</h4>
<div class="paragraph">
<p>veris:Lack of security process or procedure by hosting provider</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_cloud_customer_attack">veris:asset:cloud="Customer attack"</h4>
<div class="paragraph">
<p>veris:Penetration of another web site on shared device</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_cloud_hypervisor">veris:asset:cloud="Hypervisor"</h4>
<div class="paragraph">
<p>veris:Hypervisor break-out attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_asset_cloud_partner_application">veris:asset:cloud="Partner application"</h4>
<div class="paragraph">
<p>veris:Application vulnerability in partner-developed application</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_victim_employee_count">victim:employee_count</h3>
<div class="sect3">
<h4 id="_veris_victim_employee_count_1001_to_10000">veris:victim:employee_count="1001 to 10000"</h4>
<div class="paragraph">
<p>veris:1,001 to 10,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_over_100000">veris:victim:employee_count="Over 100000"</h4>
<div class="paragraph">
<p>veris:Over 100,0001 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_large">veris:victim:employee_count="Large"</h4>
<div class="paragraph">
<p>veris:Large organizations (over 1,000 employees)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_unknown">veris:victim:employee_count="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown number of employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_50001_to_100000">veris:victim:employee_count="50001 to 100000"</h4>
<div class="paragraph">
<p>veris:50,001 to 100,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_101_to_1000">veris:victim:employee_count="101 to 1000"</h4>
<div class="paragraph">
<p>veris:101 to 1,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_25001_to_50000">veris:victim:employee_count="25001 to 50000"</h4>
<div class="paragraph">
<p>veris:25,001 to 50,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_10001_to_25000">veris:victim:employee_count="10001 to 25000"</h4>
<div class="paragraph">
<p>veris:10,001 to 25,000 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_small">veris:victim:employee_count="Small"</h4>
<div class="paragraph">
<p>veris:Small organizations (1,000 employees or less)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_1_to_10">veris:victim:employee_count="1 to 10"</h4>
<div class="paragraph">
<p>veris:1 to 10 employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_victim_employee_count_11_to_100">veris:victim:employee_count="11 to 100"</h4>
<div class="paragraph">
<p>veris:11 to 100 employees</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_timeline_unit">timeline:unit</h3>
<div class="sect3">
<h4 id="_veris_timeline_unit_months">veris:timeline:unit="Months"</h4>
<div class="paragraph">
<p>veris:Months</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_seconds">veris:timeline:unit="Seconds"</h4>
<div class="paragraph">
<p>veris:Seconds</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_na">veris:timeline:unit="NA"</h4>
<div class="paragraph">
<p>veris:NA</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_never">veris:timeline:unit="Never"</h4>
<div class="paragraph">
<p>veris:Never</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_days">veris:timeline:unit="Days"</h4>
<div class="paragraph">
<p>veris:Days</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_years">veris:timeline:unit="Years"</h4>
<div class="paragraph">
<p>veris:Years</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_hours">veris:timeline:unit="Hours"</h4>
<div class="paragraph">
<p>veris:Hours</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_unknown">veris:timeline:unit="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_weeks">veris:timeline:unit="Weeks"</h4>
<div class="paragraph">
<p>veris:Weeks</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_timeline_unit_minutes">veris:timeline:unit="Minutes"</h4>
<div class="paragraph">
<p>veris:Minutes</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impact_loss_rating">impact:loss:rating</h3>
<div class="sect3">
<h4 id="_veris_impact_loss_rating_unknown">veris:impact:loss:rating="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_rating_major">veris:impact:loss:rating="Major"</h4>
<div class="paragraph">
<p>veris:Major</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_rating_moderate">veris:impact:loss:rating="Moderate"</h4>
<div class="paragraph">
<p>veris:Moderate</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_rating_none">veris:impact:loss:rating="None"</h4>
<div class="paragraph">
<p>veris:None</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_rating_minor">veris:impact:loss:rating="Minor"</h4>
<div class="paragraph">
<p>veris:Minor</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_impact_loss_variety">impact:loss:variety</h3>
<div class="sect3">
<h4 id="_veris_impact_loss_variety_legal_and_regulatory">veris:impact:loss:variety="Legal and regulatory"</h4>
<div class="paragraph">
<p>veris:Legal and regulatory costs</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_variety_asset_and_fraud">veris:impact:loss:variety="Asset and fraud"</h4>
<div class="paragraph">
<p>veris:Asset and fraud-related losses</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_variety_business_disruption">veris:impact:loss:variety="Business disruption"</h4>
<div class="paragraph">
<p>veris:Business disruption</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_variety_response_and_recovery">veris:impact:loss:variety="Response and recovery"</h4>
<div class="paragraph">
<p>veris:Response and recovery costs</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_variety_competitive_advantage">veris:impact:loss:variety="Competitive advantage"</h4>
<div class="paragraph">
<p>veris:Loss of competitive advantage</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_variety_operating_costs">veris:impact:loss:variety="Operating costs"</h4>
<div class="paragraph">
<p>veris:Increased operating costs</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_impact_loss_variety_brand_damage">veris:impact:loss:variety="Brand damage"</h4>
<div class="paragraph">
<p>veris:Brand and market damage</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attribute_integrity_variety">attribute:integrity:variety</h3>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_misrepresentation">veris:attribute:integrity:variety="Misrepresentation"</h4>
<div class="paragraph">
<p>veris:Misrepresentation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_modify_data">veris:attribute:integrity:variety="Modify data"</h4>
<div class="paragraph">
<p>veris:Modified stored data or content</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_unknown">veris:attribute:integrity:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_created_account">veris:attribute:integrity:variety="Created account"</h4>
<div class="paragraph">
<p>veris:Created new user account</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_defacement">veris:attribute:integrity:variety="Defacement"</h4>
<div class="paragraph">
<p>veris:Deface content</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_log_tampering">veris:attribute:integrity:variety="Log tampering"</h4>
<div class="paragraph">
<p>veris:Log tampering or modification</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_modify_privileges">veris:attribute:integrity:variety="Modify privileges"</h4>
<div class="paragraph">
<p>veris:Modified privileges or permissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_software_installation">veris:attribute:integrity:variety="Software installation"</h4>
<div class="paragraph">
<p>veris:Software installation or code modification</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_other">veris:attribute:integrity:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_fraudulent_transaction">veris:attribute:integrity:variety="Fraudulent transaction"</h4>
<div class="paragraph">
<p>veris:Initiate fraudulent transaction</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_alter_behavior">veris:attribute:integrity:variety="Alter behavior"</h4>
<div class="paragraph">
<p>veris:Influence or alter human behavior</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_hardware_tampering">veris:attribute:integrity:variety="Hardware tampering"</h4>
<div class="paragraph">
<p>veris:Hardware tampering or physical alteration</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_modify_configuration">veris:attribute:integrity:variety="Modify configuration"</h4>
<div class="paragraph">
<p>veris:Modified configuration or services</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_integrity_variety_repurpose">veris:attribute:integrity:variety="Repurpose"</h4>
<div class="paragraph">
<p>veris:Repurposed asset for unauthorized function</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attribute_availability_variety">attribute:availability:variety</h3>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_acceleration">veris:attribute:availability:variety="Acceleration"</h4>
<div class="paragraph">
<p>veris:Acceleration</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_interruption">veris:attribute:availability:variety="Interruption"</h4>
<div class="paragraph">
<p>veris:Interruption</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_loss">veris:attribute:availability:variety="Loss"</h4>
<div class="paragraph">
<p>veris:Loss</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_unknown">veris:attribute:availability:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_degradation">veris:attribute:availability:variety="Degradation"</h4>
<div class="paragraph">
<p>veris:Performance degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_other">veris:attribute:availability:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_obscuration">veris:attribute:availability:variety="Obscuration"</h4>
<div class="paragraph">
<p>veris:Conversion or obscuration</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_availability_variety_destruction">veris:attribute:availability:variety="Destruction"</h4>
<div class="paragraph">
<p>veris:Destruction</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attribute_confidentiality_data_victim">attribute:confidentiality:data_victim</h3>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_victim_customer">veris:attribute:confidentiality:data_victim="Customer"</h4>
<div class="paragraph">
<p>veris:Customer</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_victim_patient">veris:attribute:confidentiality:data_victim="Patient"</h4>
<div class="paragraph">
<p>veris:Patient</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_victim_unknown">veris:attribute:confidentiality:data_victim="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_victim_other">veris:attribute:confidentiality:data_victim="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_victim_student">veris:attribute:confidentiality:data_victim="Student"</h4>
<div class="paragraph">
<p>veris:Student</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_victim_employee">veris:attribute:confidentiality:data_victim="Employee"</h4>
<div class="paragraph">
<p>veris:Employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_victim_partner">veris:attribute:confidentiality:data_victim="Partner"</h4>
<div class="paragraph">
<p>veris:Partner</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attribute_confidentiality_state">attribute:confidentiality:state</h3>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_unknown">veris:attribute:confidentiality:state="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_transmitted_encrypted">veris:attribute:confidentiality:state="Transmitted encrypted"</h4>
<div class="paragraph">
<p>veris:Transmitted encrypted</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_transmitted_unencrypted">veris:attribute:confidentiality:state="Transmitted unencrypted"</h4>
<div class="paragraph">
<p>veris:Transmitted unencrypted</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_stored">veris:attribute:confidentiality:state="Stored"</h4>
<div class="paragraph">
<p>veris:Stored</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_transmitted">veris:attribute:confidentiality:state="Transmitted"</h4>
<div class="paragraph">
<p>veris:Transmitted</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_processed">veris:attribute:confidentiality:state="Processed"</h4>
<div class="paragraph">
<p>veris:Processed</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_stored_encrypted">veris:attribute:confidentiality:state="Stored encrypted"</h4>
<div class="paragraph">
<p>veris:Stored encrypted</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_state_stored_unencrypted">veris:attribute:confidentiality:state="Stored unencrypted"</h4>
<div class="paragraph">
<p>veris:Stored unencrypted</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attribute_confidentiality_data_disclosure">attribute:confidentiality:data_disclosure</h3>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_disclosure_unknown">veris:attribute:confidentiality:data_disclosure="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_disclosure_yes">veris:attribute:confidentiality:data_disclosure="Yes"</h4>
<div class="paragraph">
<p>veris:Yes (confirmed)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_disclosure_potentially">veris:attribute:confidentiality:data_disclosure="Potentially"</h4>
<div class="paragraph">
<p>veris:Potentially (at risk)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_disclosure_no">veris:attribute:confidentiality:data_disclosure="No"</h4>
<div class="paragraph">
<p>veris:No</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actor_internal_job_change">actor:internal:job_change</h3>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_lateral_move">veris:actor:internal:job_change="Lateral move"</h4>
<div class="paragraph">
<p>veris:Lateral move</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_job_eval">veris:actor:internal:job_change="Job eval"</h4>
<div class="paragraph">
<p>veris:Recent poor job evaluation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_unknown">veris:actor:internal:job_change="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_personal_issues">veris:actor:internal:job_change="Personal issues"</h4>
<div class="paragraph">
<p>veris:Personal issues</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_let_go">veris:actor:internal:job_change="Let go"</h4>
<div class="paragraph">
<p>veris:Fired, laid off, or let go</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_reprimanded">veris:actor:internal:job_change="Reprimanded"</h4>
<div class="paragraph">
<p>veris:Recently reprimanded</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_hired">veris:actor:internal:job_change="Hired"</h4>
<div class="paragraph">
<p>veris:Recently hired</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_passed_over">veris:actor:internal:job_change="Passed over"</h4>
<div class="paragraph">
<p>veris:Recently passed over for promotion</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_demoted">veris:actor:internal:job_change="Demoted"</h4>
<div class="paragraph">
<p>veris:Recently demoted or hours reduced</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_promoted">veris:actor:internal:job_change="Promoted"</h4>
<div class="paragraph">
<p>veris:Recently promoted</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_resigned">veris:actor:internal:job_change="Resigned"</h4>
<div class="paragraph">
<p>veris:Recently resigned</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_job_change_other">veris:actor:internal:job_change="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actor_internal_variety">actor:internal:variety</h3>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_end_user">veris:actor:internal:variety="End-user"</h4>
<div class="paragraph">
<p>veris:End-user or regular employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_human_resources">veris:actor:internal:variety="Human resources"</h4>
<div class="paragraph">
<p>veris:Human resources staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_finance">veris:actor:internal:variety="Finance"</h4>
<div class="paragraph">
<p>veris:Finance or accounting staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_unknown">veris:actor:internal:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_helpdesk">veris:actor:internal:variety="Helpdesk"</h4>
<div class="paragraph">
<p>veris:Helpdesk staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_executive">veris:actor:internal:variety="Executive"</h4>
<div class="paragraph">
<p>veris:Executive or upper management</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_cashier">veris:actor:internal:variety="Cashier"</h4>
<div class="paragraph">
<p>veris:Cashier, teller, or waiter</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_manager">veris:actor:internal:variety="Manager"</h4>
<div class="paragraph">
<p>veris:Manager or supervisor</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_guard">veris:actor:internal:variety="Guard"</h4>
<div class="paragraph">
<p>veris:Security guard</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_other">veris:actor:internal:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_auditor">veris:actor:internal:variety="Auditor"</h4>
<div class="paragraph">
<p>veris:Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_maintenance">veris:actor:internal:variety="Maintenance"</h4>
<div class="paragraph">
<p>veris:Maintenance or janitorial staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_call_center">veris:actor:internal:variety="Call center"</h4>
<div class="paragraph">
<p>veris:Call center staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_system_admin">veris:actor:internal:variety="System admin"</h4>
<div class="paragraph">
<p>veris:System or network administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_internal_variety_developer">veris:actor:internal:variety="Developer"</h4>
<div class="paragraph">
<p>veris:Software developer</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actor_external_variety">actor:external:variety</h3>
<div class="sect3">
<h4 id="_veris_actor_external_variety_customer">veris:actor:external:variety="Customer"</h4>
<div class="paragraph">
<p>veris:Customer (B2C)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_organized_crime">veris:actor:external:variety="Organized crime"</h4>
<div class="paragraph">
<p>veris:Organized or professional criminal group</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_acquaintance">veris:actor:external:variety="Acquaintance"</h4>
<div class="paragraph">
<p>veris:Relative or acquaintance of employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_competitor">veris:actor:external:variety="Competitor"</h4>
<div class="paragraph">
<p>veris:Competitor</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_unaffiliated">veris:actor:external:variety="Unaffiliated"</h4>
<div class="paragraph">
<p>veris:Unaffiliated person(s)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_force_majeure">veris:actor:external:variety="Force majeure"</h4>
<div class="paragraph">
<p>veris:Force majeure (nature and chance)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_former_employee">veris:actor:external:variety="Former employee"</h4>
<div class="paragraph">
<p>veris:Former employee (no longer had access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_nation_state">veris:actor:external:variety="Nation-state"</h4>
<div class="paragraph">
<p>veris:Nation-state</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_activist">veris:actor:external:variety="Activist"</h4>
<div class="paragraph">
<p>veris:Activist group</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_terrorist">veris:actor:external:variety="Terrorist"</h4>
<div class="paragraph">
<p>veris:Terrorist group</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_auditor">veris:actor:external:variety="Auditor"</h4>
<div class="paragraph">
<p>veris:Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_unknown">veris:actor:external:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_state_affiliated">veris:actor:external:variety="State-affiliated"</h4>
<div class="paragraph">
<p>veris:State-sponsored or affiliated group</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_actor_external_variety_other">veris:actor:external:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_malware_vector">action:malware:vector</h3>
<div class="sect3">
<h4 id="_veris_action_malware_vector_remote_injection">veris:action:malware:vector="Remote injection"</h4>
<div class="paragraph">
<p>veris:Remotely injected by agent (i.e. via SQLi)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_software_update">veris:action:malware:vector="Software update"</h4>
<div class="paragraph">
<p>veris:Included in automated software update</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_instant_messaging">veris:action:malware:vector="Instant messaging"</h4>
<div class="paragraph">
<p>veris:Instant Messaging</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_email_attachment">veris:action:malware:vector="Email attachment"</h4>
<div class="paragraph">
<p>veris:Email via user-executed attachment</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_direct_install">veris:action:malware:vector="Direct install"</h4>
<div class="paragraph">
<p>veris:Directly installed or inserted by threat agent (after system access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_download_by_malware">veris:action:malware:vector="Download by malware"</h4>
<div class="paragraph">
<p>veris:Downloaded and installed by local malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_removable_media">veris:action:malware:vector="Removable media"</h4>
<div class="paragraph">
<p>veris:Removable storage media or devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_web_drive_by">veris:action:malware:vector="Web drive-by"</h4>
<div class="paragraph">
<p>veris:Web via auto-executed or "drive-by" infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_email_link">veris:action:malware:vector="Email link"</h4>
<div class="paragraph">
<p>veris:Email via embedded link</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_network_propagation">veris:action:malware:vector="Network propagation"</h4>
<div class="paragraph">
<p>veris:Network propagation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_unknown">veris:action:malware:vector="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_email_autoexecute">veris:action:malware:vector="Email autoexecute"</h4>
<div class="paragraph">
<p>veris:Email via automatic execution</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_web_download">veris:action:malware:vector="Web download"</h4>
<div class="paragraph">
<p>veris:Web via user-executed or downloaded content</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_vector_other">veris:action:malware:vector="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_malware_variety">action:malware:variety</h3>
<div class="sect3">
<h4 id="_veris_action_malware_variety_spam">veris:action:malware:variety="Spam"</h4>
<div class="paragraph">
<p>veris:Send spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_unknown">veris:action:malware:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_packet_sniffer">veris:action:malware:variety="Packet sniffer"</h4>
<div class="paragraph">
<p>veris:Packet sniffer (capture data from network)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_backdoor">veris:action:malware:variety="Backdoor"</h4>
<div class="paragraph">
<p>veris:Backdoor (enable remote access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_exploit_vuln">veris:action:malware:variety="Exploit vuln"</h4>
<div class="paragraph">
<p>veris:Exploit vulnerability in code (vs misconfig or weakness)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_other">veris:action:malware:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_password_dumper">veris:action:malware:variety="Password dumper"</h4>
<div class="paragraph">
<p>veris:Password dumper (extract credential hashes)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_scan_network">veris:action:malware:variety="Scan network"</h4>
<div class="paragraph">
<p>veris:Scan or footprint network</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_downloader">veris:action:malware:variety="Downloader"</h4>
<div class="paragraph">
<p>veris:Downloader (pull updates or other malware)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_adminware">veris:action:malware:variety="Adminware"</h4>
<div class="paragraph">
<p>veris:System or network utilities (e.g., PsTools, Netcat)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_click_fraud">veris:action:malware:variety="Click fraud"</h4>
<div class="paragraph">
<p>veris:Click fraud or Bitcoin mining</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_adware">veris:action:malware:variety="Adware"</h4>
<div class="paragraph">
<p>veris:Adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_c2">veris:action:malware:variety="C2"</h4>
<div class="paragraph">
<p>veris:Command and control (C2)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_worm">veris:action:malware:variety="Worm"</h4>
<div class="paragraph">
<p>veris:Worm (propagate to other systems or devices)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_spyware_keylogger">veris:action:malware:variety="Spyware/Keylogger"</h4>
<div class="paragraph">
<p>veris:Spyware, keylogger or form-grabber (capture user input or activity)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_brute_force">veris:action:malware:variety="Brute force"</h4>
<div class="paragraph">
<p>veris:Brute force attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_capture_app_data">veris:action:malware:variety="Capture app data"</h4>
<div class="paragraph">
<p>veris:Capture data from application or system process</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_ram_scraper">veris:action:malware:variety="Ram scraper"</h4>
<div class="paragraph">
<p>veris:Ram scraper or memory parser (capture data from volatile memory)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_disable_controls">veris:action:malware:variety="Disable controls"</h4>
<div class="paragraph">
<p>veris:Disable or interfere with security controls</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_capture_stored_data">veris:action:malware:variety="Capture stored data"</h4>
<div class="paragraph">
<p>veris:Capture data stored on system disk</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_ransomware">veris:action:malware:variety="Ransomware"</h4>
<div class="paragraph">
<p>veris:Ransomware (encrypt or seize stored data)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_export_data">veris:action:malware:variety="Export data"</h4>
<div class="paragraph">
<p>veris:Export data to another site or system</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_client_side_attack">veris:action:malware:variety="Client-side attack"</h4>
<div class="paragraph">
<p>veris:Client-side or browser attack (e.g., redirection, XSS, MitB)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_sql_injection">veris:action:malware:variety="SQL injection"</h4>
<div class="paragraph">
<p>veris:SQL injection attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_rootkit">veris:action:malware:variety="Rootkit"</h4>
<div class="paragraph">
<p>veris:Rootkit (maintain local privileges and stealth)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_destroy_data">veris:action:malware:variety="Destroy data"</h4>
<div class="paragraph">
<p>veris:Destroy or corrupt stored data</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_malware_variety_dos">veris:action:malware:variety="DoS"</h4>
<div class="paragraph">
<p>veris:DoS attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_social_vector">action:social:vector</h3>
<div class="sect3">
<h4 id="_veris_action_social_vector_in_person">veris:action:social:vector="In-person"</h4>
<div class="paragraph">
<p>veris:In-person</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_social_media">veris:action:social:vector="Social media"</h4>
<div class="paragraph">
<p>veris:Social media or networking</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_documents">veris:action:social:vector="Documents"</h4>
<div class="paragraph">
<p>veris:Documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_unknown">veris:action:social:vector="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_sms">veris:action:social:vector="SMS"</h4>
<div class="paragraph">
<p>veris:SMS or texting</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_phone">veris:action:social:vector="Phone"</h4>
<div class="paragraph">
<p>veris:Phone</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_website">veris:action:social:vector="Website"</h4>
<div class="paragraph">
<p>veris:Website</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_other">veris:action:social:vector="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_im">veris:action:social:vector="IM"</h4>
<div class="paragraph">
<p>veris:Instant messaging</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_removable_media">veris:action:social:vector="Removable media"</h4>
<div class="paragraph">
<p>veris:Removable storage media</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_email">veris:action:social:vector="Email"</h4>
<div class="paragraph">
<p>veris:Email</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_vector_software">veris:action:social:vector="Software"</h4>
<div class="paragraph">
<p>veris:Software</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_social_target">action:social:target</h3>
<div class="sect3">
<h4 id="_veris_action_social_target_customer">veris:action:social:target="Customer"</h4>
<div class="paragraph">
<p>veris:Customer (B2C)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_end_user">veris:action:social:target="End-user"</h4>
<div class="paragraph">
<p>veris:End-user or regular employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_human_resources">veris:action:social:target="Human resources"</h4>
<div class="paragraph">
<p>veris:Human resources staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_finance">veris:action:social:target="Finance"</h4>
<div class="paragraph">
<p>veris:Finance or accounting staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_unknown">veris:action:social:target="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_helpdesk">veris:action:social:target="Helpdesk"</h4>
<div class="paragraph">
<p>veris:Helpdesk staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_executive">veris:action:social:target="Executive"</h4>
<div class="paragraph">
<p>veris:Executive or upper management</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_cashier">veris:action:social:target="Cashier"</h4>
<div class="paragraph">
<p>veris:Cashier, teller or waiter</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_manager">veris:action:social:target="Manager"</h4>
<div class="paragraph">
<p>veris:Manager or supervisor</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_former_employee">veris:action:social:target="Former employee"</h4>
<div class="paragraph">
<p>veris:Former employee</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_guard">veris:action:social:target="Guard"</h4>
<div class="paragraph">
<p>veris:Security guard</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_other">veris:action:social:target="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_auditor">veris:action:social:target="Auditor"</h4>
<div class="paragraph">
<p>veris:Auditor</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_maintenance">veris:action:social:target="Maintenance"</h4>
<div class="paragraph">
<p>veris:Maintenance or janitorial staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_call_center">veris:action:social:target="Call center"</h4>
<div class="paragraph">
<p>veris:Call center staff</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_partner">veris:action:social:target="Partner"</h4>
<div class="paragraph">
<p>veris:Partner (B2B)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_system_admin">veris:action:social:target="System admin"</h4>
<div class="paragraph">
<p>veris:System or network administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_target_developer">veris:action:social:target="Developer"</h4>
<div class="paragraph">
<p>veris:Software developer</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_social_variety">action:social:variety</h3>
<div class="sect3">
<h4 id="_veris_action_social_variety_scam">veris:action:social:variety="Scam"</h4>
<div class="paragraph">
<p>veris:Online scam or hoax (e.g., scareware, 419 scam, auction fraud)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_phishing">veris:action:social:variety="Phishing"</h4>
<div class="paragraph">
<p>veris:Phishing (or any type of *ishing)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_elicitation">veris:action:social:variety="Elicitation"</h4>
<div class="paragraph">
<p>veris:Elicitation (subtle extraction of info through conversation)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_unknown">veris:action:social:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_spam">veris:action:social:variety="Spam"</h4>
<div class="paragraph">
<p>veris:Spam (unsolicited or undesired email and advertisements)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_influence">veris:action:social:variety="Influence"</h4>
<div class="paragraph">
<p>veris:Influence tactics (Leveraging authority or obligation, framing, etc)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_propaganda">veris:action:social:variety="Propaganda"</h4>
<div class="paragraph">
<p>veris:Propaganda or disinformation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_forgery">veris:action:social:variety="Forgery"</h4>
<div class="paragraph">
<p>veris:Forgery or counterfeiting (fake hardware, software, documents, etc)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_bribery">veris:action:social:variety="Bribery"</h4>
<div class="paragraph">
<p>veris:Bribery or solicitation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_other">veris:action:social:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_pretexting">veris:action:social:variety="Pretexting"</h4>
<div class="paragraph">
<p>veris:Pretexting (dialogue leveraging invented scenario)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_extortion">veris:action:social:variety="Extortion"</h4>
<div class="paragraph">
<p>veris:Extortion or blackmail</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_social_variety_baiting">veris:action:social:variety="Baiting"</h4>
<div class="paragraph">
<p>veris:Baiting (planting infected media)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_environmental_variety">action:environmental:variety</h3>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_hazmat">veris:action:environmental:variety="Hazmat"</h4>
<div class="paragraph">
<p>veris:Hazardous material</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_temperature">veris:action:environmental:variety="Temperature"</h4>
<div class="paragraph">
<p>veris:Extreme temperature</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_unknown">veris:action:environmental:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_hurricane">veris:action:environmental:variety="Hurricane"</h4>
<div class="paragraph">
<p>veris:Hurricane</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_ice">veris:action:environmental:variety="Ice"</h4>
<div class="paragraph">
<p>veris:Ice and snow</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_meteorite">veris:action:environmental:variety="Meteorite"</h4>
<div class="paragraph">
<p>veris:Meteorite</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_other">veris:action:environmental:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_pathogen">veris:action:environmental:variety="Pathogen"</h4>
<div class="paragraph">
<p>veris:Pathogen</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_landslide">veris:action:environmental:variety="Landslide"</h4>
<div class="paragraph">
<p>veris:Landslide</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_tornado">veris:action:environmental:variety="Tornado"</h4>
<div class="paragraph">
<p>veris:Tornado</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_leak">veris:action:environmental:variety="Leak"</h4>
<div class="paragraph">
<p>veris:Water leak</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_earthquake">veris:action:environmental:variety="Earthquake"</h4>
<div class="paragraph">
<p>veris:Earthquake</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_particulates">veris:action:environmental:variety="Particulates"</h4>
<div class="paragraph">
<p>veris:Particulate matter (e.g., dust, smoke)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_power_failure">veris:action:environmental:variety="Power failure"</h4>
<div class="paragraph">
<p>veris:Power failure or fluctuation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_emi">veris:action:environmental:variety="EMI"</h4>
<div class="paragraph">
<p>veris:Electromagnetic interference (EMI)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_humidity">veris:action:environmental:variety="Humidity"</h4>
<div class="paragraph">
<p>veris:Humidity</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_tsunami">veris:action:environmental:variety="Tsunami"</h4>
<div class="paragraph">
<p>veris:Tsunami</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_esd">veris:action:environmental:variety="ESD"</h4>
<div class="paragraph">
<p>veris:Electrostatic discharge (ESD)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_deterioration">veris:action:environmental:variety="Deterioration"</h4>
<div class="paragraph">
<p>veris:Deterioration and degradation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_volcano">veris:action:environmental:variety="Volcano"</h4>
<div class="paragraph">
<p>veris:Volcanic eruption</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_lightning">veris:action:environmental:variety="Lightning"</h4>
<div class="paragraph">
<p>veris:Lightning</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_wind">veris:action:environmental:variety="Wind"</h4>
<div class="paragraph">
<p>veris:Wind</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_flood">veris:action:environmental:variety="Flood"</h4>
<div class="paragraph">
<p>veris:Flood</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_vermin">veris:action:environmental:variety="Vermin"</h4>
<div class="paragraph">
<p>veris:Vermin</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_environmental_variety_fire">veris:action:environmental:variety="Fire"</h4>
<div class="paragraph">
<p>veris:Fire</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_error_vector">action:error:vector</h3>
<div class="sect3">
<h4 id="_veris_action_error_vector_random_error">veris:action:error:vector="Random error"</h4>
<div class="paragraph">
<p>veris:Random error (no reason, no fault)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_vector_carelessness">veris:action:error:vector="Carelessness"</h4>
<div class="paragraph">
<p>veris:Carelessness</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_vector_other">veris:action:error:vector="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_vector_unknown">veris:action:error:vector="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_vector_inadequate_processes">veris:action:error:vector="Inadequate processes"</h4>
<div class="paragraph">
<p>veris:Inadequate or insufficient processes</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_vector_inadequate_technology">veris:action:error:vector="Inadequate technology"</h4>
<div class="paragraph">
<p>veris:Inadequate or insufficient technology resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_vector_inadequate_personnel">veris:action:error:vector="Inadequate personnel"</h4>
<div class="paragraph">
<p>veris:Inadequate or insufficient personnel</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_error_variety">action:error:variety</h3>
<div class="sect3">
<h4 id="_veris_action_error_variety_disposal_error">veris:action:error:variety="Disposal error"</h4>
<div class="paragraph">
<p>veris:Disposal error</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_omission">veris:action:error:variety="Omission"</h4>
<div class="paragraph">
<p>veris:Omission (something intended, but not done)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_loss">veris:action:error:variety="Loss"</h4>
<div class="paragraph">
<p>veris:Loss or misplacement</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_unknown">veris:action:error:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_maintenance_error">veris:action:error:variety="Maintenance error"</h4>
<div class="paragraph">
<p>veris:Maintenance error</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_misinformation">veris:action:error:variety="Misinformation"</h4>
<div class="paragraph">
<p>veris:Misinformation (unintentionally giving false info)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_physical_accidents">veris:action:error:variety="Physical accidents"</h4>
<div class="paragraph">
<p>veris:Physical accidents (e.g., drops, bumps, spills)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_publishing_error">veris:action:error:variety="Publishing error"</h4>
<div class="paragraph">
<p>veris:Publishing error (private info to public doc or site)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_malfunction">veris:action:error:variety="Malfunction"</h4>
<div class="paragraph">
<p>veris:Technical malfunction or glitch</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_capacity_shortage">veris:action:error:variety="Capacity shortage"</h4>
<div class="paragraph">
<p>veris:Poor capacity planning</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_other">veris:action:error:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_programming_error">veris:action:error:variety="Programming error"</h4>
<div class="paragraph">
<p>veris:Programming error (flaws or bugs in custom code)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_data_entry_error">veris:action:error:variety="Data entry error"</h4>
<div class="paragraph">
<p>veris:Data entry error</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_gaffe">veris:action:error:variety="Gaffe"</h4>
<div class="paragraph">
<p>veris:Gaffe (social or verbal slip)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_misconfiguration">veris:action:error:variety="Misconfiguration"</h4>
<div class="paragraph">
<p>veris:Misconfiguration</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_misdelivery">veris:action:error:variety="Misdelivery"</h4>
<div class="paragraph">
<p>veris:Misdelivery (send wrong info or to wrong recipient)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_error_variety_classification_error">veris:action:error:variety="Classification error"</h4>
<div class="paragraph">
<p>veris:Classification or labeling error</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_misuse_vector">action:misuse:vector</h3>
<div class="sect3">
<h4 id="_veris_action_misuse_vector_physical_access">veris:action:misuse:vector="Physical access"</h4>
<div class="paragraph">
<p>veris:Physical access within corporate facility</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_vector_remote_access">veris:action:misuse:vector="Remote access"</h4>
<div class="paragraph">
<p>veris:Remote access connection to corporate network (i.e. VPN)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_vector_lan_access">veris:action:misuse:vector="LAN access"</h4>
<div class="paragraph">
<p>veris:Local network access within corporate facility</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_vector_unknown">veris:action:misuse:vector="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_vector_non_corporate">veris:action:misuse:vector="Non-corporate"</h4>
<div class="paragraph">
<p>veris:Non-corporate facilities or networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_vector_other">veris:action:misuse:vector="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_misuse_variety">action:misuse:variety</h3>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_unapproved_software">veris:action:misuse:variety="Unapproved software"</h4>
<div class="paragraph">
<p>veris:Use of unapproved software or services</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_illicit_content">veris:action:misuse:variety="Illicit content"</h4>
<div class="paragraph">
<p>veris:Storage or distribution of illicit content</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_unapproved_workaround">veris:action:misuse:variety="Unapproved workaround"</h4>
<div class="paragraph">
<p>veris:Unapproved workaround or shortcut</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_unapproved_hardware">veris:action:misuse:variety="Unapproved hardware"</h4>
<div class="paragraph">
<p>veris:Use of unapproved hardware or devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_unknown">veris:action:misuse:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_email_misuse">veris:action:misuse:variety="Email misuse"</h4>
<div class="paragraph">
<p>veris:Inappropriate use of email or IM</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_possession_abuse">veris:action:misuse:variety="Possession abuse"</h4>
<div class="paragraph">
<p>veris:Abuse of physical access to asset</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_other">veris:action:misuse:variety="Other"</h4>
<div class="paragraph">
<p>veris: Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_net_misuse">veris:action:misuse:variety="Net misuse"</h4>
<div class="paragraph">
<p>veris:Inappropriate use of network or Web access</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_data_mishandling">veris:action:misuse:variety="Data mishandling"</h4>
<div class="paragraph">
<p>veris:Handling of data in an unapproved manner</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_privilege_abuse">veris:action:misuse:variety="Privilege abuse"</h4>
<div class="paragraph">
<p>veris:Abuse of system access privileges</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_misuse_variety_knowledge_abuse">veris:action:misuse:variety="Knowledge abuse"</h4>
<div class="paragraph">
<p>veris:Abuse of private or entrusted knowledge</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_hacking_vector">action:hacking:vector</h3>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_physical_access">veris:action:hacking:vector="Physical access"</h4>
<div class="paragraph">
<p>veris:Physical access or connection (i.e., at keyboard or via cable)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_command_shell">veris:action:hacking:vector="Command shell"</h4>
<div class="paragraph">
<p>veris:Remote shell</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_unknown">veris:action:hacking:vector="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_backdoor_or_c2">veris:action:hacking:vector="Backdoor or C2"</h4>
<div class="paragraph">
<p>veris:Backdoor or command and control channel</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_web_application">veris:action:hacking:vector="Web application"</h4>
<div class="paragraph">
<p>veris:Web application</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_desktop_sharing">veris:action:hacking:vector="Desktop sharing"</h4>
<div class="paragraph">
<p>veris:Graphical desktop sharing (RDP, VNC, PCAnywhere, Citrix)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_3rd_party_desktop">veris:action:hacking:vector="3rd party desktop"</h4>
<div class="paragraph">
<p>veris:3rd party online desktop sharing (LogMeIn, Go2Assist)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_partner">veris:action:hacking:vector="Partner"</h4>
<div class="paragraph">
<p>veris:Partner connection or credential</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_vpn">veris:action:hacking:vector="VPN"</h4>
<div class="paragraph">
<p>veris:VPN</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_vector_other">veris:action:hacking:vector="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_hacking_variety">action:hacking:variety</h3>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_xss">veris:action:hacking:variety="XSS"</h4>
<div class="paragraph">
<p>veris:Cross-site scripting</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_http_response_splitting">veris:action:hacking:variety="HTTP Response Splitting"</h4>
<div class="paragraph">
<p>veris:HTTP Response Splitting</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_unknown">veris:action:hacking:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_buffer_overflow">veris:action:hacking:variety="Buffer overflow"</h4>
<div class="paragraph">
<p>veris:Buffer overflow</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_format_string_attack">veris:action:hacking:variety="Format string attack"</h4>
<div class="paragraph">
<p>veris:Format string attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_ldap_injection">veris:action:hacking:variety="LDAP injection"</h4>
<div class="paragraph">
<p>veris:LDAP injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_ssi_injection">veris:action:hacking:variety="SSI injection"</h4>
<div class="paragraph">
<p>veris:SSI injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_mitm">veris:action:hacking:variety="MitM"</h4>
<div class="paragraph">
<p>veris:Man-in-the-middle attack</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_path_traversal">veris:action:hacking:variety="Path traversal"</h4>
<div class="paragraph">
<p>veris:Path traversal</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_url_redirector_abuse">veris:action:hacking:variety="URL redirector abuse"</h4>
<div class="paragraph">
<p>veris:URL redirector abuse</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_use_of_backdoor_or_c2">veris:action:hacking:variety="Use of backdoor or C2"</h4>
<div class="paragraph">
<p>veris:Use of Backdoor or C2 channel</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_mail_command_injection">veris:action:hacking:variety="Mail command injection"</h4>
<div class="paragraph">
<p>veris:Mail command injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_virtual_machine_escape">veris:action:hacking:variety="Virtual machine escape"</h4>
<div class="paragraph">
<p>veris:Virtual machine escape</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_os_commanding">veris:action:hacking:variety="OS commanding"</h4>
<div class="paragraph">
<p>veris:OS commanding</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_soap_array_abuse">veris:action:hacking:variety="Soap array abuse"</h4>
<div class="paragraph">
<p>veris:Soap array abuse</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_footprinting">veris:action:hacking:variety="Footprinting"</h4>
<div class="paragraph">
<p>veris:Footprinting and fingerprinting</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_cryptanalysis">veris:action:hacking:variety="Cryptanalysis"</h4>
<div class="paragraph">
<p>veris:Cryptanalysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_sqli">veris:action:hacking:variety="SQLi"</h4>
<div class="paragraph">
<p>veris:SQL injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_xml_external_entities">veris:action:hacking:variety="XML external entities"</h4>
<div class="paragraph">
<p>veris:XML external entities</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_abuse_of_functionality">veris:action:hacking:variety="Abuse of functionality"</h4>
<div class="paragraph">
<p>veris:Abuse of functionality</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_xml_injection">veris:action:hacking:variety="XML injection"</h4>
<div class="paragraph">
<p>veris:XML injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_routing_detour">veris:action:hacking:variety="Routing detour"</h4>
<div class="paragraph">
<p>veris:Routing detour</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_http_response_smuggling">veris:action:hacking:variety="HTTP response smuggling"</h4>
<div class="paragraph">
<p>veris:HTTP response smuggling</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_forced_browsing">veris:action:hacking:variety="Forced browsing"</h4>
<div class="paragraph">
<p>veris:Forced browsing or predictable resource location</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_cache_poisoning">veris:action:hacking:variety="Cache poisoning"</h4>
<div class="paragraph">
<p>veris:Cache poisoning</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_null_byte_injection">veris:action:hacking:variety="Null byte injection"</h4>
<div class="paragraph">
<p>veris:Null byte injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_reverse_engineering">veris:action:hacking:variety="Reverse engineering"</h4>
<div class="paragraph">
<p>veris:Reverse engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_brute_force">veris:action:hacking:variety="Brute force"</h4>
<div class="paragraph">
<p>veris:Brute force or password guessing attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_fuzz_testing">veris:action:hacking:variety="Fuzz testing"</h4>
<div class="paragraph">
<p>veris:Fuzz testing</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_offline_cracking">veris:action:hacking:variety="Offline cracking"</h4>
<div class="paragraph">
<p>veris:Offline password or key cracking (e.g., rainbow tables, Hashcat, JtR)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_csrf">veris:action:hacking:variety="CSRF"</h4>
<div class="paragraph">
<p>veris:Cross-site request forgery</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_xml_entity_expansion">veris:action:hacking:variety="XML entity expansion"</h4>
<div class="paragraph">
<p>veris:XML entity expansion</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_rfi">veris:action:hacking:variety="RFI"</h4>
<div class="paragraph">
<p>veris:Remote file inclusion</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_session_fixation">veris:action:hacking:variety="Session fixation"</h4>
<div class="paragraph">
<p>veris:Session fixation</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_integer_overflows">veris:action:hacking:variety="Integer overflows"</h4>
<div class="paragraph">
<p>veris:Integer overflows</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_xquery_injection">veris:action:hacking:variety="XQuery injection"</h4>
<div class="paragraph">
<p>veris:XQuery injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_pass_the_hash">veris:action:hacking:variety="Pass-the-hash"</h4>
<div class="paragraph">
<p>veris:Pass-the-hash</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_xml_attribute_blowup">veris:action:hacking:variety="XML attribute blowup"</h4>
<div class="paragraph">
<p>veris:XML attribute blowup</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_session_prediction">veris:action:hacking:variety="Session prediction"</h4>
<div class="paragraph">
<p>veris:Credential or session prediction</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_use_of_stolen_creds">veris:action:hacking:variety="Use of stolen creds"</h4>
<div class="paragraph">
<p>veris:Use of stolen authentication credentials</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_http_request_smuggling">veris:action:hacking:variety="HTTP request smuggling"</h4>
<div class="paragraph">
<p>veris:HTTP request smuggling</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_xpath_injection">veris:action:hacking:variety="XPath injection"</h4>
<div class="paragraph">
<p>veris:XPath injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_other">veris:action:hacking:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_dos">veris:action:hacking:variety="DoS"</h4>
<div class="paragraph">
<p>veris:Denial of service</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_special_element_injection">veris:action:hacking:variety="Special element injection"</h4>
<div class="paragraph">
<p>veris:Special element injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_http_request_splitting">veris:action:hacking:variety="HTTP request splitting"</h4>
<div class="paragraph">
<p>veris:HTTP request splitting</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_hacking_variety_session_replay">veris:action:hacking:variety="Session replay"</h4>
<div class="paragraph">
<p>veris:Session replay</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_physical_vector">action:physical:vector</h3>
<div class="sect3">
<h4 id="_veris_action_physical_vector_personal_vehicle">veris:action:physical:vector="Personal vehicle"</h4>
<div class="paragraph">
<p>veris:Personal vehicle</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_visitor_privileges">veris:action:physical:vector="Visitor privileges"</h4>
<div class="paragraph">
<p>veris:Given temporary visitor access</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_public_facility">veris:action:physical:vector="Public facility"</h4>
<div class="paragraph">
<p>veris:Public facility or area</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_victim_grounds">veris:action:physical:vector="Victim grounds"</h4>
<div class="paragraph">
<p>veris:Victim outdoor grounds</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_uncontrolled_location">veris:action:physical:vector="Uncontrolled location"</h4>
<div class="paragraph">
<p>veris:The location was uncontrolled (public)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_partner_vehicle">veris:action:physical:vector="Partner vehicle"</h4>
<div class="paragraph">
<p>veris:Partner vehicle (e.g., delivery truck)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_victim_work_area">veris:action:physical:vector="Victim work area"</h4>
<div class="paragraph">
<p>veris:Victim private or work area (e.g., office space)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_victim_secure_area">veris:action:physical:vector="Victim secure area"</h4>
<div class="paragraph">
<p>veris:Victim high security area (e.g., server room, R&amp;D labs)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_partner_facility">veris:action:physical:vector="Partner facility"</h4>
<div class="paragraph">
<p>veris:Partner facility or area</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_personal_residence">veris:action:physical:vector="Personal residence"</h4>
<div class="paragraph">
<p>veris:Personal residence</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_other">veris:action:physical:vector="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_public_vehicle">veris:action:physical:vector="Public vehicle"</h4>
<div class="paragraph">
<p>veris:Public vehicle (e.g., plane, taxi)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_unknown">veris:action:physical:vector="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_victim_public_area">veris:action:physical:vector="Victim public area"</h4>
<div class="paragraph">
<p>veris:Victim public or customer area (e.g., lobby, storefront)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_vector_privileged_access">veris:action:physical:vector="Privileged access"</h4>
<div class="paragraph">
<p>veris:Held privileged access to location</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_action_physical_variety">action:physical:variety</h3>
<div class="sect3">
<h4 id="_veris_action_physical_variety_skimmer">veris:action:physical:variety="Skimmer"</h4>
<div class="paragraph">
<p>veris:Installing card skimming device</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_snooping">veris:action:physical:variety="Snooping"</h4>
<div class="paragraph">
<p>veris:Snooping (sneak about to gain info or access)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_tampering">veris:action:physical:variety="Tampering"</h4>
<div class="paragraph">
<p>veris:Tampering (alter physical form or function)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_unknown">veris:action:physical:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_theft">veris:action:physical:variety="Theft"</h4>
<div class="paragraph">
<p>veris:Theft (taking assets without permission)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_connection">veris:action:physical:variety="Connection"</h4>
<div class="paragraph">
<p>veris:Connection</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_surveillance">veris:action:physical:variety="Surveillance"</h4>
<div class="paragraph">
<p>veris:Surveillance (monitoring and observation)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_assault">veris:action:physical:variety="Assault"</h4>
<div class="paragraph">
<p>veris:Assault (threats or acts of physical violence)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_other">veris:action:physical:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_wiretapping">veris:action:physical:variety="Wiretapping"</h4>
<div class="paragraph">
<p>veris:Wiretapping (Physical tap to comms line)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_bypassed_controls">veris:action:physical:variety="Bypassed controls"</h4>
<div class="paragraph">
<p>veris:Bypassed physical barriers or controls</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_disabled_controls">veris:action:physical:variety="Disabled controls"</h4>
<div class="paragraph">
<p>veris:Disabled physical barriers or controls</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_action_physical_variety_destruction">veris:action:physical:variety="Destruction"</h4>
<div class="paragraph">
<p>veris:Destruction (deliberate damaging or disabling)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_attribute_confidentiality_data_variety">attribute:confidentiality:data:variety</h3>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_source_code">veris:attribute:confidentiality:data:variety="Source code"</h4>
<div class="paragraph">
<p>veris:Source code</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_personal">veris:attribute:confidentiality:data:variety="Personal"</h4>
<div class="paragraph">
<p>veris:Personal or identifying information (e.g., addr, ID#, credit score)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_unknown">veris:attribute:confidentiality:data:variety="Unknown"</h4>
<div class="paragraph">
<p>veris:Unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_medical">veris:attribute:confidentiality:data:variety="Medical"</h4>
<div class="paragraph">
<p>veris:Medical records</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_classified">veris:attribute:confidentiality:data:variety="Classified"</h4>
<div class="paragraph">
<p>veris:Classified information</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_system">veris:attribute:confidentiality:data:variety="System"</h4>
<div class="paragraph">
<p>veris:System information (e.g., config info, open services)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_digital_certificate">veris:attribute:confidentiality:data:variety="Digital certificate"</h4>
<div class="paragraph">
<p>veris:Digital certificate</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_secrets">veris:attribute:confidentiality:data:variety="Secrets"</h4>
<div class="paragraph">
<p>veris:Trade secrets</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_internal">veris:attribute:confidentiality:data:variety="Internal"</h4>
<div class="paragraph">
<p>veris:Sensitive internal data (e.g., plans, reports, emails)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_virtual_currency">veris:attribute:confidentiality:data:variety="Virtual currency"</h4>
<div class="paragraph">
<p>veris:Virtual currency</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_copyrighted">veris:attribute:confidentiality:data:variety="Copyrighted"</h4>
<div class="paragraph">
<p>veris:Copyrighted material</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_credentials">veris:attribute:confidentiality:data:variety="Credentials"</h4>
<div class="paragraph">
<p>veris:Authentication credentials (e.g., pwds, OTPs, biometrics)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_other">veris:attribute:confidentiality:data:variety="Other"</h4>
<div class="paragraph">
<p>veris:Other</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_payment">veris:attribute:confidentiality:data:variety="Payment"</h4>
<div class="paragraph">
<p>veris:Payment card data (e.g., PAN, PIN, CVV2, Expiration)</p>
</div>
</div>
<div class="sect3">
<h4 id="_veris_attribute_confidentiality_data_variety_bank">veris:attribute:confidentiality:data:variety="Bank"</h4>
<div class="paragraph">
<p>veris:Bank account data</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ms_caro_malware_full">ms-caro-malware-full</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ms-caro-malware-full namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/ms-caro-malware-full/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Type and Platform classification based on Microsoft&#8217;s implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on <a href="https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx</a>, and <a href="http://www.caro.org/definitions/index.html" class="bare">http://www.caro.org/definitions/index.html</a>. Malware families are extracted from Microsoft SIRs since 2008 based on <a href="https://www.microsoft.com/security/sir/archive/default.aspx" class="bare">https://www.microsoft.com/security/sir/archive/default.aspx</a> and <a href="https://www.microsoft.com/en-us/security/portal/threat/threats.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/threat/threats.aspx</a>. Note that SIRs do NOT include all Microsoft malware families.</p>
</div>
<div class="sect2">
<h3 id="_malware_type">malware-type</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_adware">ms-caro-malware-full:malware-type="Adware"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Adware - Software that shows you extra promotions that you cannot control as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_backdoor">ms-caro-malware-full:malware-type="Backdoor"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of trojan that gives a malicious hacker access to and control of your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_behavior">ms-caro-malware-full:malware-type="Behavior"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of detection based on file actions that are often associated with malicious activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_broswermodifier">ms-caro-malware-full:malware-type="BroswerModifier"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program than makes changes to your Internet browser without your permission</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_constructor">ms-caro-malware-full:malware-type="Constructor"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that can be used to automatically create malware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_ddos">ms-caro-malware-full:malware-type="DDoS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:When a number of PCs are made to access a website, network or server repeatedly within a given time period. The aim of the attack is to overload the target so that it crashes and can&#8217;t respond</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_dialer">ms-caro-malware-full:malware-type="Dialer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that makes unauthorized telephone calls. These calls may be charged at a premium rate and cost you a lot of money</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_dos">ms-caro-malware-full:malware-type="DoS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:When a target PC or server is deliberately overloaded so that it doesn&#8217;t work for any visitors anymore</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_exploit">ms-caro-malware-full:malware-type="Exploit"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A piece of code that uses software vulnerabilities to access information on your PC or install malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_hacktool">ms-caro-malware-full:malware-type="HackTool"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of tool that can be used to allow and maintain unauthorized access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_joke">ms-caro-malware-full:malware-type="Joke"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that pretends to do something malicious but actually doesn&#8217;t actually do anything harmful. For example, some joke programs pretend to delete files or format disks</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_misleading">ms-caro-malware-full:malware-type="Misleading"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:The program that makes misleading or fraudulent claims about files, registry entries or other items on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_monitoringtool">ms-caro-malware-full:malware-type="MonitoringTool"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A commercial program that monitors what you do on your PC. This can include monitoring what keys you press; your email or instant messages; your voice or video conversations; and your banking details and passwords. It can also take screenshots as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_program">ms-caro-malware-full:malware-type="Program"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Software that you may or may not want installed on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_pua">ms-caro-malware-full:malware-type="PUA"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Potentially Unwanted Applications. Characteristics of unwanted software can include depriving users of adequate choice or control over what the software does to the computer, preventing users from removing the software, or displaying advertisements without clearly identifying their source.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_pws">ms-caro-malware-full:malware-type="PWS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_ransom">ms-caro-malware-full:malware-type="Ransom"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A detection for malicious programs that seize control of the computer on which they are installed. This trojan usually locks the screen and prevents the user from using the computer. It usually displays an alert message.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_remoteaccess">ms-caro-malware-full:malware-type="RemoteAccess"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that gives someone access to your PC from a remote location. This type of program is often installed by the computer owner</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_rogue">ms-caro-malware-full:malware-type="Rogue"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Software that pretends to be an antivirus program but doesn&#8217;t actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don&#8217;t exist. It also tries to convince you to pay for its services</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_settingsmodifier">ms-caro-malware-full:malware-type="SettingsModifier"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that changes your PC settings</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_softwarebundler">ms-caro-malware-full:malware-type="SoftwareBundler"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that installs unwanted software on your PC at the same time as the software you are trying to install, without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_spammer">ms-caro-malware-full:malware-type="Spammer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A trojan that sends large numbers of spam emails. It may also describe the person or business responsible for sending spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_spoofer">ms-caro-malware-full:malware-type="Spoofer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of trojan that makes fake emails that look like they are from a legitimate source</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_spyware">ms-caro-malware-full:malware-type="Spyware"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that collects your personal information, such as your browsing history, and uses it without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_tool">ms-caro-malware-full:malware-type="Tool"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of software that may have a legitimate purpose, but which may also be abused by malware authors</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_trojan">ms-caro-malware-full:malware-type="Trojan"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm , a trojan doesn&#8217;t spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_trojanclicker">ms-caro-malware-full:malware-type="TrojanClicker"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of trojan that can use your PC to click on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_trojandownloader">ms-caro-malware-full:malware-type="TrojanDownloader"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_trojandropper">ms-caro-malware-full:malware-type="TrojanDropper"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_trojannotifier">ms-caro-malware-full:malware-type="TrojanNotifier"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of trojan that sends information about your PC to a malicious hacker. It is similar to a password stealer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_trojanproxy">ms-caro-malware-full:malware-type="TrojanProxy"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of trojan that installs a proxy server on your PC. The server can be configured so that when you use the Internet, any requests you make are sent through a server controlled by a malicious hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_trojanspy">ms-caro-malware-full:malware-type="TrojanSpy"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A program that collects your personal information, such as your browsing history, and uses it without adequate consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_virtool">ms-caro-malware-full:malware-type="VirTool"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_virus">ms-caro-malware-full:malware-type="Virus"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_type_worm">ms-caro-malware-full:malware-type="Worm"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: Email programs, Instant messaging programs, File-sharing programs, Social networking sites, Network shares, Removable drives with Autorun enabled, Software vulnerabilities</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_platform">malware-platform</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_androidos">ms-caro-malware-full:malware-platform="AndroidOS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Android operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_dos">ms-caro-malware-full:malware-platform="DOS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:MS-DOS platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_epoc">ms-caro-malware-full:malware-platform="EPOC"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Psion devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_freebsd">ms-caro-malware-full:malware-platform="FreeBSD"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:FreeBSD platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_iphoneos">ms-caro-malware-full:malware-platform="iPhoneOS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:iPhone operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_linux">ms-caro-malware-full:malware-platform="Linux"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Linux platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_macos">ms-caro-malware-full:malware-platform="MacOS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:MAC 9.x platform or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_macos_x">ms-caro-malware-full:malware-platform="MacOS_X"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:MacOS X or later</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_os2">ms-caro-malware-full:malware-platform="OS2"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:OS2 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_palm">ms-caro-malware-full:malware-platform="Palm"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Palm operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_solaris">ms-caro-malware-full:malware-platform="Solaris"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:System V-based Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_sunos">ms-caro-malware-full:malware-platform="SunOS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Unix platforms 4.1.3 or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_symbos">ms-caro-malware-full:malware-platform="SymbOS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Symbian operatings system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_unix">ms-caro-malware-full:malware-platform="Unix"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:General Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_win16">ms-caro-malware-full:malware-platform="Win16"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Win16 (3.1) platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_win2k">ms-caro-malware-full:malware-platform="Win2K"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows 2000 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_win32">ms-caro-malware-full:malware-platform="Win32"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows 32-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_win64">ms-caro-malware-full:malware-platform="Win64"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows 64-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_win95">ms-caro-malware-full:malware-platform="Win95"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows 95, 98 and ME platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_win98">ms-caro-malware-full:malware-platform="Win98"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows 98 platform only</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_wince">ms-caro-malware-full:malware-platform="WinCE"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows CE platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_winnt">ms-caro-malware-full:malware-platform="WinNT"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:WinNT</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_abap">ms-caro-malware-full:malware-platform="ABAP"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Advanced Business Application Programming scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_alisp">ms-caro-malware-full:malware-platform="ALisp"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:ALisp scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_amipro">ms-caro-malware-full:malware-platform="AmiPro"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:AmiPro script</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_ansi">ms-caro-malware-full:malware-platform="ANSI"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:American National Standards Institute scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_applescript">ms-caro-malware-full:malware-platform="AppleScript"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:compiled Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_asp">ms-caro-malware-full:malware-platform="ASP"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Active Server Pages scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_autoit">ms-caro-malware-full:malware-platform="AutoIt"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:AutoIT scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_bas">ms-caro-malware-full:malware-platform="BAS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_bat">ms-caro-malware-full:malware-platform="BAT"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_corelscript">ms-caro-malware-full:malware-platform="CorelScript"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Corelscript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_hta">ms-caro-malware-full:malware-platform="HTA"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_html">ms-caro-malware-full:malware-platform="HTML"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_inf">ms-caro-malware-full:malware-platform="INF"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Install scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_irc">ms-caro-malware-full:malware-platform="IRC"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:mIRC/pIRC scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_java">ms-caro-malware-full:malware-platform="Java"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Java binaries (classes)</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_js">ms-caro-malware-full:malware-platform="JS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Javascript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_logo">ms-caro-malware-full:malware-platform="LOGO"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:LOGO scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_mpb">ms-caro-malware-full:malware-platform="MPB"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:MapBasic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_msh">ms-caro-malware-full:malware-platform="MSH"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Monad shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_msil">ms-caro-malware-full:malware-platform="MSIL"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:.Net intermediate language scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_perl">ms-caro-malware-full:malware-platform="Perl"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Perl scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_php">ms-caro-malware-full:malware-platform="PHP"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Hypertext Preprocessor scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_python">ms-caro-malware-full:malware-platform="Python"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Python scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_sap">ms-caro-malware-full:malware-platform="SAP"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:SAP platform scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_sh">ms-caro-malware-full:malware-platform="SH"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_vba">ms-caro-malware-full:malware-platform="VBA"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Visual Basic for Applications scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_vbs">ms-caro-malware-full:malware-platform="VBS"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Visual Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_winbat">ms-caro-malware-full:malware-platform="WinBAT"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Winbatch scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_winhlp">ms-caro-malware-full:malware-platform="WinHlp"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows Help scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_winreg">ms-caro-malware-full:malware-platform="WinREG"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Windows registry scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_a97m">ms-caro-malware-full:malware-platform="A97M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Access 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_he">ms-caro-malware-full:malware-platform="HE"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:macro scripting</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_o97m">ms-caro-malware-full:malware-platform="O97M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_pp97m">ms-caro-malware-full:malware-platform="PP97M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_v5m">ms-caro-malware-full:malware-platform="V5M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Visio5 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_w1m">ms-caro-malware-full:malware-platform="W1M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Word1Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_w2m">ms-caro-malware-full:malware-platform="W2M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Word2Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_w97m">ms-caro-malware-full:malware-platform="W97M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Word 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_wm">ms-caro-malware-full:malware-platform="WM"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Word 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_x97m">ms-caro-malware-full:malware-platform="X97M"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Excel 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_xf">ms-caro-malware-full:malware-platform="XF"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Excel formulas</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_xm">ms-caro-malware-full:malware-platform="XM"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Excel 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_asx">ms-caro-malware-full:malware-platform="ASX"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:XML metafile of Windows Media .asf files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_hc">ms-caro-malware-full:malware-platform="HC"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:HyperCard Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_mime">ms-caro-malware-full:malware-platform="MIME"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:MIME packets</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_netware">ms-caro-malware-full:malware-platform="Netware"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Novell Netware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_qt">ms-caro-malware-full:malware-platform="QT"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Quicktime files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_sb">ms-caro-malware-full:malware-platform="SB"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:StarBasic (Staroffice XML) files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_swf">ms-caro-malware-full:malware-platform="SWF"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:Shockwave Flash files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_tsql">ms-caro-malware-full:malware-platform="TSQL"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:MS SQL server files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_platform_xml">ms-caro-malware-full:malware-platform="XML"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:XML files</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_family">malware-family</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zlob">ms-caro-malware-full:malware-family="Zlob"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojans that often pose as downloadable media codecs. When installed, Win32/Zlob displays frequent pop-up advertisements for rogue security software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vundo">ms-caro-malware-full:malware-family="Vundo"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A multiplecomponent family of programs that deliver pop-up advertisements and may download and execute arbitrary files. Vundo is often installed as a browser helper object (BHO) without a users consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_virtumonde">ms-caro-malware-full:malware-family="Virtumonde"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - multi-component malware family that displays pop-up advertisements for rogue security software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bancos">ms-caro-malware-full:malware-family="Bancos"</h4>
<div class="paragraph">
<p>ms-caro-malware-full: 2008 - A data-stealing trojan that captures online banking credentials and relays them to the attacker. Most variants target customers of Brazilian banks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cutwail">ms-caro-malware-full:malware-family="Cutwail"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan that downloads and executes arbitrary files, usually to send spam. Win32/Cutwail has also been observed to transmit Win32/Newacc</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_oderoor">ms-caro-malware-full:malware-family="Oderoor"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a backdoor trojan that allows an attacker access and control of the compromised computer. This trojan may connect with remote web sites and SMTP servers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_newacc">ms-caro-malware-full:malware-family="Newacc"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - An attacker tool that automatically registers new e-mail accounts on Hotmail, AOL, Gmail, Lycos and other account service providers, using a Web service to decode CAPTCHA protection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_captiya">ms-caro-malware-full:malware-family="Captiya"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan that transmits CAPTCHA images to a botnet, in what is believed to be an effort to improve the botnets ability to detect characters and break CAPTCHAs more successfully</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_taterf">ms-caro-malware-full:malware-family="Taterf"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of worms that spread through mapped drives in order to steal login and account details for popular online games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_frethog">ms-caro-malware-full:malware-family="Frethog"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A large family of password-stealing trojans that target confidential data, such as account information, from massively multiplayer online games</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tilcun">ms-caro-malware-full:malware-family="Tilcun"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojans that steals online game passwords and sends this captured data to remote sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ceekat">ms-caro-malware-full:malware-family="Ceekat"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A collection of trojans that steal information such as passwords for online games, usually by reading information directly from running processes in memory. Different variants target different processes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_corripio">ms-caro-malware-full:malware-family="Corripio"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a loosely-related family of trojans that attempt to steal passwords for popular online games. Detections containing the name Win32/Corripio are generic, and hence may be reported for a large number of different malicious password-stealing trojans that are otherwise behaviorally dissimilar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zuten">ms-caro-malware-full:malware-family="Zuten"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of malware that steals information from online games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_lolyda">ms-caro-malware-full:malware-family="Lolyda"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojans that sends account information from popular online games to a remote server. They may also download and execute arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_storark">ms-caro-malware-full:malware-family="Storark"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojans that steals online game passwords and sends this captured data to remote sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_renos">ms-caro-malware-full:malware-family="Renos"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojan downloaders that installs rogue security software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zangosearchassistant">ms-caro-malware-full:malware-family="ZangoSearchAssistant"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Adware that monitors the users Web-browsing activity and displays pop-up advertisements related to the Internet sites the user is viewing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zangoshoppingreports">ms-caro-malware-full:malware-family="ZangoShoppingReports"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Adware that displays targeted advertising to affected users while they browse the Internet, based on search terms entered into search engines.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakexpa">ms-caro-malware-full:malware-family="FakeXPA"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A rogue security software family that claims to scan for malware and then demands that the user pay to remove nonexistent threats. Some variants unlawfully use Microsoft logos and trademarks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakesecsen">ms-caro-malware-full:malware-family="FakeSecSen"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A rogue security software family that claims to scan for malware and then demands that the user pay to remove non-existent threats. It appears to be based on Win32/SpySheriff</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_hotbar">ms-caro-malware-full:malware-family="Hotbar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Adware that displays a dynamic toolbar and targeted pop-up ads based on its monitoring of Web-browsing activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_agent">ms-caro-malware-full:malware-family="Agent"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A generic detection for a number of trojans that may perform different malicious functions. The behaviors exhibited by this family are highly variable</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wimad">ms-caro-malware-full:malware-family="Wimad"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection for malicious Windows Media files that can be used to encourage users to download and execute arbitrary files on an affected machine.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_baidusobar">ms-caro-malware-full:malware-family="BaiduSobar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A Chinese language Web browser toolbar that delivers pop-up and contextual advertisements, blocks certain other advertisements, and changes the Internet Explorer search page</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vb">ms-caro-malware-full:malware-family="VB"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection for various threats written in the Visual Basic programming language.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_antivirus2008">ms-caro-malware-full:malware-family="Antivirus2008"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that displays misleading security alerts in order to convince users to purchase rogue security software. It may be installed by Win32/Renos or manually by a computer user.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_playmp3z">ms-caro-malware-full:malware-family="Playmp3z"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - An adware family that may display advertisements in connection with the use of a 'free music player' from the site 'PlayMP3z.biz.'</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tibs">ms-caro-malware-full:malware-family="Tibs"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a family of Trojans that may download and run other malicious software or may steal user data and send it to the attacker via HTTP POST or email. The Win32/Tibs family frequently downloads Trojans belonging to the Win32/Harnig and Win32/Passalert families, both of which are families of Trojan downloaders which may in turn download and run other malicious software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_seekmosearchassistant">ms-caro-malware-full:malware-family="SeekmoSearchAssistant"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Adware that displays targeted search results and pop-up advertisements based on terms that the user enters for Web searches. The pop-up advertisements may include adult content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rjump">ms-caro-malware-full:malware-family="RJump"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a worm that attempts to spread by copying itself to newly attached media (such as USB memory devices or network drives). It also contains backdoor functionality that allows an attacker unauthorized access to an affected computer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_spywaresecure">ms-caro-malware-full:malware-family="SpywareSecure"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that displays misleading warning messages in order to convince users to purchase a product that removes spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_winfixer">ms-caro-malware-full:malware-family="Winfixer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that locates various registry entries, Windows prefetch content, and other types of data, identifies them as privacy violations, and urges the user to purchase the product to fix them.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_c2lop">ms-caro-malware-full:malware-family="C2Lop"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a trojan that modifies Web browser settings, adds Web browser bookmarks to advertisements, updates itself and delivers pop-up and contextual advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_matcash">ms-caro-malware-full:malware-family="Matcash"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a multicomponent family of trojans that downloads and executes arbitrary files. Some variants of this family may install a toolbar. observed to use the Win32/Slenfbot worm as a means of distribution.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_horst">ms-caro-malware-full:malware-family="Horst"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - CAPTCHA Breaker typically delivered through an executable application that masquerades as an illegal software crack or key generator</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_slenfbot">ms-caro-malware-full:malware-family="Slenfbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of worms that can spread via instant messaging programs, and may spread via removable drives. They also contain backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation but must be ordered to spread by a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rustock">ms-caro-malware-full:malware-family="Rustock"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A multicomponent family of rootkitenabled backdoor trojans, developed to aid in the distribution of spam. Recent variants appear to be associated with the incidence of rogue security programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gimmiv">ms-caro-malware-full:malware-family="Gimmiv"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a family of trojans that are sometimes installed by exploits of a vulnerability documented in Microsoft Security Bulletin MS08-067.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_yektel">ms-caro-malware-full:malware-family="Yektel"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojans that display fake warnings of spyware or malware in an attempt to lure the user into installing or paying money to register rogue security products such as Win32/FakeXPA.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_roron">ms-caro-malware-full:malware-family="Roron"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This virus spreads by attaching its code to other files on your PC or network. Some of the infected programs might no longer run correctly. Attempts to send personal information to a remote address. It may spread via e-mail, network shares, or peer-to-peer file sharing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_swif">ms-caro-malware-full:malware-family="Swif"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan that exploits a vulnerability in Adobe Flash Player to download malicious files. Adobe has published security bulletin APSB08-11 addressing the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mult">ms-caro-malware-full:malware-family="Mult"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A group of threats, written in JavaScript, that attempt to exploit multiple vulnerabilities on affected computers in order to download, execute or otherwise run arbitrary code. The malicious JavaScript may be hosted on compromised or malicious websites, embedded in specially crafted PDF files, or could be called by other malicious scripts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wukill">ms-caro-malware-full:malware-family="Wukill"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a family of mass-mailing e-mail and network worms. The Win32/Wukill worm spreads to root directories on certain local and mapped drives. The worm also spreads by sending a copy of itself as an attachment to e-mail addresses found on the infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_objsnapt">ms-caro-malware-full:malware-family="Objsnapt"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection for a Javascript file that exploits a known vulnerability in the Microsoft Access Snapshot Viewer ActiveX Control.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_redirector">ms-caro-malware-full:malware-family="Redirector"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - The threat is a piece of JavaScript code that is inserted on bad or hacked websites. It can direct your browser to a website you don&#8217;t want to go to. You might see the detection for this threat if you visit a bad or hacked website, or if you open an email message.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_xilos">ms-caro-malware-full:malware-family="Xilos"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a detection for a proof-of-concept JavaScript obfuscation technique, which was originally published in 2002 in the sixth issue of 29A, an early online magazine for virus creators</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_decdec">ms-caro-malware-full:malware-family="Decdec"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection for certain malicious JavaScript code injected in HTML pages. The virus will execute on user computers that visit compromised websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bearshare">ms-caro-malware-full:malware-family="BearShare"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A P2P file-sharing client that uses the decentralized Gnutella network. Free versions of BearShare have come bundled with advertising supported and other potentially unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bitaccelerator">ms-caro-malware-full:malware-family="BitAccelerator"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that redirects Web search results to other Web sites and may display various advertisements to users while browsing Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_blubtool">ms-caro-malware-full:malware-family="Blubtool"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - An Internet browser search toolbar that may be installed by other third-party software, such as a peer-to-peer file sharing application. It may modify Internet explorer search settings and display unwanted advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rserver">ms-caro-malware-full:malware-family="RServer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Commercial remote administration software that can be used to control a computer. These programs are typically installed by the computer owner or administrator and should only be removed if unexpected</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ultravnc">ms-caro-malware-full:malware-family="UltraVNC"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A remote access program that can be used to control a computer. This program is typically installed by the computer owner or administrator, and should only be removed if unexpected.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ghostradmin">ms-caro-malware-full:malware-family="GhostRadmin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A remote administration tool that can be used to control a computer. These programs are typically installed by the computer owner or administrator and should only be removed if unexpected</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tightvnc">ms-caro-malware-full:malware-family="TightVNC"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A remote control program that allows full control of the computer. These programs are typically installed by the computer owner or administrator and should only be removed if unexpected</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_damewareminiremotecontrol">ms-caro-malware-full:malware-family="DameWareMiniRemoteControl"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection for the DameWare Mini Remote Control tools. This program was detected by definitions prior to 1.147.1889.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.147.1889.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_seekmosearchassistant_2">ms-caro-malware-full:malware-family="SeekmoSearchAssistant"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection that is triggered by modified (that is, edited and re-packed) remote control programs based on DameWare Mini Remote Control, a commercial software product</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_nbar">ms-caro-malware-full:malware-family="Nbar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that may display advertisements and redirect user searches to a certain website. It may also download malicious or unwanted content into the system without user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_chir">ms-caro-malware-full:malware-family="Chir"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family with a worm component and a virus component. The worm component spreads by email and by exploiting a vulnerability addressed by Microsoft Security Bulletin MS01-020. The virus component may infect .exe, .scr, and HTML files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sality">ms-caro-malware-full:malware-family="Sality"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of polymorphic file infectors that target executable files with the extensions .scr or .exe. They may execute a damaging payload that deletes files with certain extensions and terminates security-related processes and services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_obfuscator">ms-caro-malware-full:malware-family="Obfuscator"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection for programs that use a combination of obfuscation techniques to hinder analysis or detection by antivirus scanners</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_byteverify">ms-caro-malware-full:malware-family="ByteVerify"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a detection of malicious code that attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM). This flaw enables attackers to execute arbitrary code on a user&#8217;s machine such as writing, downloading and executing additional malware. This vulnerability is addressed by update MS03-011, released in 2003.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_autorun">ms-caro-malware-full:malware-family="Autorun"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of worms that spreads by copying itself to the mapped drives of an infected computer. The mapped drives may include network or removable drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_hamweq">ms-caro-malware-full:malware-family="Hamweq"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A worm that spreads through removable drives, such as USB memory sticks. It may contain an IRC-based backdoor enabling the computer to be controlled remotely by an attacker</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_brontok">ms-caro-malware-full:malware-family="Brontok"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a family of mass-mailing e-mail worms. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_spywareprotect">ms-caro-malware-full:malware-family="SpywareProtect"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A rogue security software family that may falsely claim that the users computer is infected and encourages the user to buy a product for cleaning the alleged malware from the computer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cbeplay">ms-caro-malware-full:malware-family="Cbeplay"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan that may upload computer operating system details to a remote Web site, download additional malware, and terminate debugging utilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_internetantivirus">ms-caro-malware-full:malware-family="InternetAntivirus"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that displays false and misleading malware alerts to convince users to purchase rogue security software. This program also displays a fake Windows Security Center message</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_nuwar">ms-caro-malware-full:malware-family="Nuwar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojan droppers that install a distributed P2P downloader trojan. This downloader trojan in turn downloads an e-mail worm component.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rbot">ms-caro-malware-full:malware-family="Rbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of backdoor trojans that allows attackers to control the computer through an IRC channel</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ircbot">ms-caro-malware-full:malware-family="IRCbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A large family of backdoor trojans that drops malicious software and connects to IRC servers via a backdoor to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_skeemosearchassistant">ms-caro-malware-full:malware-family="SkeemoSearchAssistant"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that displays targeted search results and pop-up advertisements based on terms that the user enters for Web searches. The pop-up advertisements may include adult content</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_realvnc">ms-caro-malware-full:malware-family="RealVNC"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A management tool that allows a computer to be controlled remotely. It can be installed for legitimate purposes, but can also be installed from a remote location by an attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_moneytree">ms-caro-malware-full:malware-family="MoneyTree"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of software that provides the ability to search for adult content on local disk. It may also install other potentially unwanted software, such as programs that display pop-up ads.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tracur">ms-caro-malware-full:malware-family="Tracur"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan that downloads and executes arbitrary files. It is sometimes distributed by ASX/Wimad.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_meredrop">ms-caro-malware-full:malware-family="Meredrop"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This is a generic detection for trojans that install and run malware on your PC. These trojans have been deliberately created in a complex way to hide their purpose and make them difficult to analyze.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_banker">ms-caro-malware-full:malware-family="Banker"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of data-stealing trojans that captures banking credentials such as account numbers and passwords from computer users and relays them to the attacker. Most variants target customers of Brazilian banks; some variants target customers of other banks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ldpinch">ms-caro-malware-full:malware-family="Ldpinch"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a family of password-stealing trojans. This trojan gathers private user data such as passwords from the host computer and sends the data to the attacker at a preset e-mail address. The Win32/Ldpinch trojans use their own Simple Mail Transfer Protocol (SMTP) engine or a web-based proxy for sending the e-mail, thus copies of the sent e-mail will not appear in the affected user&#8217;s e-mail client.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_advantage">ms-caro-malware-full:malware-family="Advantage"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a family of adware that displays pop-up advertisements and contacts a remote server to download updates</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_parite">ms-caro-malware-full:malware-family="Parite"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a family of polymorphic file infectors that targets computers running Microsoft Windows. The virus infects .exe and .scr executable files on the local file system and on writeable network shares. In turn, the infected executable files perform operations that cause other .exe and .scr files to become infected.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_possiblehostsfilehijack">ms-caro-malware-full:malware-family="PossibleHostsFileHijack"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - an indicator that the computers HOSTS file may have been modified by malicious or potentially unwanted software</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_alureon">ms-caro-malware-full:malware-family="Alureon"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A data-stealing trojan that gathers confidential information such as user names, passwords, and credit card data from incoming and outgoing Internet traffic. It may also download malicious data and modify DNS settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_powerregscheduler">ms-caro-malware-full:malware-family="PowerRegScheduler"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.159.567.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.159.567.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_apsb08_11">ms-caro-malware-full:malware-family="APSB08-11"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan that attempts to exploit a vulnerability in Adobe Flash Player. In the wild, this trojan has been used to download and execute arbitrary files, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_conhook">ms-caro-malware-full:malware-family="ConHook"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of Trojans that installs themselves as Browser Helper Objects (BHOs), and connects to the Internet without user consent. They also terminate specific security services, and download additional malware to the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_starware">ms-caro-malware-full:malware-family="Starware"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.159.567.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.159.567.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_winspywareprotect">ms-caro-malware-full:malware-family="WinSpywareProtect"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that may falsely claim that the user&#8217;s system is infected and encourages the user to buy a promoted product for cleaning the alleged malware from the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_messengerskinner">ms-caro-malware-full:malware-family="MessengerSkinner"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program, that may be distributed in the form of a freeware application, that displays advertisements, downloads additional files, and uses stealth to hide its presence</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_skintrim">ms-caro-malware-full:malware-family="Skintrim"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan that downloads and executes arbitrary files. It may be distributed by as a Microsoft Office Outlook addon used to display emoticons or other animated icons within e-mail messages.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_adrotator">ms-caro-malware-full:malware-family="AdRotator"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - delivers advertisements, and as the name suggests, rotates advertisements among sponsors. AdRotator contacts remote Web sites in order to deliver updated content. This application also displays fake error messages that encourage users to download and install additional applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wintrim">ms-caro-malware-full:malware-family="Wintrim"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojans that display pop-up advertisements depending on the users keywords and browsing history. Its variants can monitor the users activities, download applications, and send system information back to a remote server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_busky">ms-caro-malware-full:malware-family="Busky"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of Trojans that monitor and redirect Internet traffic, gather system information and download unwanted software such as Win32/Renos and Win32/SpySheriff. Win32/Busky may be installed by a Web browser exploit or other vulnerability when visiting a malicious Web site.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_whenu">ms-caro-malware-full:malware-family="WhenU"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.173.303.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mobis">ms-caro-malware-full:malware-family="Mobis"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sogou">ms-caro-malware-full:malware-family="Sogou"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Detected by definitions prior to 1.155.995.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.155.995.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sdbot">ms-caro-malware-full:malware-family="Sdbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of backdoor trojans that allows attackers to control infected computers. After a computer is infected, the trojan connects to an internet relay chat (IRC) server and joins a channel to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_delfinject">ms-caro-malware-full:malware-family="DelfInject"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This threat can download and run files on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vapsup">ms-caro-malware-full:malware-family="Vapsup"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_browsingenhancer">ms-caro-malware-full:malware-family="BrowsingEnhancer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.175.1834.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_jeefo">ms-caro-malware-full:malware-family="Jeefo"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - virus infects executable files, such as files with a .exe extension. When an infected file runs, the virus tries to run the original content of the file while it infects other executable files on your PC. This threat might have got on your PC if you inserted a removable disk or accessed a network connection that was infected.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sezon">ms-caro-malware-full:malware-family="Sezon"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - An adware that redirects web browsing to advertising or search sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rupass">ms-caro-malware-full:malware-family="RuPass"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a DLL component which may be utilized by adware or malicious programs in order to monitor an affected user&#8217;s Internet usage and to capture sensitive information. Win32/RuPass has been distributed as a 420,352 byte DLL file, with the file name 'ConnectionServices.dll'.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_onestepsearch">ms-caro-malware-full:malware-family="OneStepSearch"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Modifies the user&#8217;s browser to deliver targeted advertisements when the user enters search keywords. It may also replace or override web browser error pages that would otherwise be displayed when unresolvable web addresses are entered into the browser&#8217;s address bar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gamevance">ms-caro-malware-full:malware-family="GameVance"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Software that displays advertisements and tracks anonymous usage information in exchange for a free online gaming experience at the Web address 'gamevance.com.'</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_e404">ms-caro-malware-full:malware-family="E404"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - is a browser helper object (BHO) that takes advantage of invalid or mistyped URLs entered in the address bar by redirecting the browser to Web sites containing adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mirar">ms-caro-malware-full:malware-family="Mirar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fotomoto">ms-caro-malware-full:malware-family="Fotomoto"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A Trojan that lowers security settings, delivers advertisements, and sends system and network configuration details to a remote Web site.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ardamax">ms-caro-malware-full:malware-family="Ardamax"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - The tool can capture your activity on your PC (such as the keys you press when typing in passwords) and might send this information to a hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_hupigon">ms-caro-malware-full:malware-family="Hupigon"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of trojans that uses a dropper to install one or more backdoor files and sometimes installs a password stealer or other malicious programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cnnic">ms-caro-malware-full:malware-family="CNNIC"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - enables Chinese keyword searching in Internet Explorer and adds support for other applications to use Chinese domain names that registered with CNNIC. Also contains a kernel driver that protects its files and registry settings from being modified or deleted</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_motepro">ms-caro-malware-full:malware-family="MotePro"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - May display advertisement pop-ups, and download programs from predefined Web sites. When installed, Win32/MotePro runs as a Web Browser Helper Object (BHO).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cnsmin">ms-caro-malware-full:malware-family="CnsMin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - Installs a browser helper object (BHO) that redirects Internet Explorer searches to a Chinese search portal. CnsMin may be installed without adequate user consent. It may prevent its files from being removed or restore files that have been previously removed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_baiduiebar">ms-caro-malware-full:malware-family="BaiduIebar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A detection for an address line search tool. This program was detected by definitions prior to 1.153.956.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors. Microsoft has released definition 1.153.956.0 which no longer detects this program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ejik">ms-caro-malware-full:malware-family="Ejik"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.175.1915.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_alibabaietoolbar">ms-caro-malware-full:malware-family="AlibabaIEToolBar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This program was detected by definitions prior to 1.175.1834.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bdplugin">ms-caro-malware-full:malware-family="BDPlugin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - a DLL file which is usually introduced to an affected system as a component of BrowserModifier:Win32/BaiduSobar. It may display unwanted pop-ups and advertisements on the affected system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_adialer">ms-caro-malware-full:malware-family="Adialer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A trojan dialer program that connects to a premium number, or attempts to connect to adult websites via particular phone numbers without your permission, connects to remote hosts without user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_egroupsexdial">ms-caro-malware-full:malware-family="EGroupSexDial"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A dialer program that may attempt to dial a premium number, thus possibly resulting in international phone charges for the user.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zonebac">ms-caro-malware-full:malware-family="Zonebac"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of backdoor Trojans that allows a remote attacker to download and run arbitrary programs, and which may upload computer configuration information and other potentially sensitive data to remote Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_antinny">ms-caro-malware-full:malware-family="Antinny"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of worms that targets certain versions of Microsoft Windows. The worm spreads using a Japanese peer-to-peer file-sharing application named Winny. The worm creates a copy of itself with a deceptive file name in the Winny upload folder so that it can be downloaded by other Winny users.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rewardnetwork">ms-caro-malware-full:malware-family="RewardNetwork"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A program that monitors an affected user&#8217;s Internet usage and reports this usage to a remote server. Win32/RewardNetwork may be visible as an Internet Explorer toolbar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_virut">ms-caro-malware-full:malware-family="Virut"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A family of file infecting viruses that target and infect .exe and .scr files accessed on infected systems. Win32/Virut also opens a backdoor by connecting to an IRC server</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_allaple">ms-caro-malware-full:malware-family="Allaple"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A multi-threaded, polymorphic network worm capable of spreading to other computers connected to a local area network (LAN) and performing denial-of-service (DoS) attacks against targeted remote Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vkit_da">ms-caro-malware-full:malware-family="VKit_DA"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This virus spreads by attaching its code to other files on your PC or network. Some of the infected programs might no longer run correctly.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_small">ms-caro-malware-full:malware-family="Small"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_netsky">ms-caro-malware-full:malware-family="Netsky"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A mass-mailing worm that spreads by e-mailing itself to addresses found on an infected computer. Some variants contain a backdoor component and perform DoS attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_luder">ms-caro-malware-full:malware-family="Luder"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A virus that spreads by infecting executable files, by inserting itself into .RAR archive files, and by sending a copy of itself as an attachment to e-mail addresses found on the infected computer. This virus has a date-activated, file damaging payload, and may connect to a remote server and accept commands from an attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_iframeref">ms-caro-malware-full:malware-family="IframeRef"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A generic detection for specially formed IFrame tags that point to remote websites that contain malicious content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_lovelorn">ms-caro-malware-full:malware-family="Lovelorn"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This threat is classified as a mass-mailing worm. A mass mailing email worm is self-contained malicious code that propagates by sending itself through e-mail. Typically, a mass mailing email worm uses its own SMTP engine to send itself, thus copies of the sent worm will not appear in the infected users outgoing or sent email folders. Technical details are currently not available.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cekar">ms-caro-malware-full:malware-family="Cekar"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This threat downloads and installs other programs, including other malware, onto your PC without your consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dialsnif">ms-caro-malware-full:malware-family="Dialsnif"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_conficker">ms-caro-malware-full:malware-family="Conficker"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2008 - A worm that spreads by exploiting a vulnerability addressed by Security Bulletin MS08-067. Some variants also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_loveletter">ms-caro-malware-full:malware-family="LoveLetter"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of mass-mailing worms that targets computers running certain versions of Windows. It can spread as an e-mail attachment and through an Internet Relay Chat (IRC) channel. The worm can download, overwrite, delete, infect, and run files on the infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vbswgbased">ms-caro-malware-full:malware-family="VBSWGbased"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A generic detection for VBScript code that is known to be automatically generated by a particular malware tool.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_slammer">ms-caro-malware-full:malware-family="Slammer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A memory resident worm that spreads through a vulnerability present in computers running either MSDE 2000 or SQL Server that have not applied Microsoft Security Bulletin MS02-039.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_msblast">ms-caro-malware-full:malware-family="Msblast"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of network worms that exploit a vulnerability addressed by security bulletin MS03-039. The worm may attempt Denial of Service (DoS) attacks on some server sites or create a backdoor on the infected system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sasser">ms-caro-malware-full:malware-family="Sasser"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of network worms that exploit a vulnerability fixed by security bulletin MS04-011. The worm spreads by randomly scanning IP addresses for vulnerable machines and infecting any that are found</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_nimda">ms-caro-malware-full:malware-family="Nimda"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of worms that spread by exploiting a vulnerability addressed by Microsoft Security Bulletin MS01-020. The worm compromises security by sharing the C drive and creating a Guest account with administrator permissions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mydoom">ms-caro-malware-full:malware-family="Mydoom"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of massmailing worms that spread through e-mail. Some variants also spread through P2P networks. It acts as a backdoor trojan and can sometimes be used to launch DoS attacks against specific Web sites</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bagle">ms-caro-malware-full:malware-family="Bagle"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A worm that spreads by e-mailing itself to addresses found on an infected computer. Some variants also spread through peer-to-peer (P2P) networks. Bagle acts as a backdoor trojan and can be used to distribute other malicious software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_winwebsec">ms-caro-malware-full:malware-family="Winwebsec"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of rogue security software programs that have been distributed with several different names. The user interface varies to reflect each variants individual branding</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_koobface">ms-caro-malware-full:malware-family="Koobface"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A multicomponent family of malware used to compromise computers and use them to perform various malicious tasks. It spreads through the internal messaging systems of popular social networking sites</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pdfjsc">ms-caro-malware-full:malware-family="Pdfjsc"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a family of specially crafted PDF files that exploits vulnerabilities in Adobe Acrobat and Adobe Reader. The files contain malicious JavaScript that executes when opened with a vulnerable program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pointfree">ms-caro-malware-full:malware-family="Pointfree"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a browser modifier that redirects users when invalid Web site addresses or search terms are entered in the Windows Internet Explorer address bar</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_chadem">ms-caro-malware-full:malware-family="Chadem"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that steals password details from an infected computer by monitoring network traffic associated with FTP connections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakeia">ms-caro-malware-full:malware-family="FakeIA"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A rogue security software family that impersonates the Windows Security Center. It may display product names or logos in an apparently unlawful attempt to impersonate Microsoft products</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_waledac">ms-caro-malware-full:malware-family="Waledac"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that is used to send spam. It also has the ability to download and execute arbitrary files, harvest e-mail addresses from the local machine, perform denial-of-service attacks, proxy network traffic, and sniff passwords</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_provis">ms-caro-malware-full:malware-family="Provis"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_prolaco">ms-caro-malware-full:malware-family="Prolaco"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of worms that spreads via email, removable drives, Peer-to-Peer (P2P) and network shares. This worm may also drop and execute other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mywife">ms-caro-malware-full:malware-family="Mywife"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A mass-mailing network worm that targets certain versions of Microsoft Windows. The worm spreads through e-mail attachments and writeable network shares. It is designed to corrupt the content of specific files on the third day of every month.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_melissa">ms-caro-malware-full:malware-family="Melissa"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A macro worm that spreads via e-mail and by infecting Word documents and templates. It is designed to work in Word 97 and Word 2000, and it uses Outlook to reach new targets through e-mail</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rochap">ms-caro-malware-full:malware-family="Rochap"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of multicomponent trojans that download and execute additional malicious files. While downloading, some variants display a video from the Web site 'youtube.com' presumably to distract the user</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gamania">ms-caro-malware-full:malware-family="Gamania"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of trojans that steals online game passwords and sends them to remote sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mabezat">ms-caro-malware-full:malware-family="Mabezat"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a polymorphic virus that infects Windows executable files. Apart from spreading through file infection, it also attempts to spread through e-mail attachments, network shares, removable drives and by CD-burning. It also contains a date-based payload that encrypts files with particular extensions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_helpud">ms-caro-malware-full:malware-family="Helpud"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of trojans that steals login information for popular online games. The gathered information is then sent to remote websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_privacycenter">ms-caro-malware-full:malware-family="PrivacyCenter"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a family of programs that claims to scan for malware and displays fake warnings of 'malicious programs and viruses'. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakerean">ms-caro-malware-full:malware-family="FakeRean"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This family of rogue security programs pretend to scan your PC for malware, and often report lots of infections. The program will say you have to pay for it before it can fully clean your PC. However, the program hasn&#8217;t really detected any malware at all and isn&#8217;t really an antivirus or antimalware scanner. It just looks like one so you&#8217;ll send money to the people who made the program. Some of these programs use product names or logos that unlawfully impersonate Microsoft products.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bredolab">ms-caro-malware-full:malware-family="Bredolab"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A downloader that can access and execute arbitrary files from a remote host. Bredolab has been observed to download several other malware families to infected computers</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rugzip">ms-caro-malware-full:malware-family="Rugzip"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that downloads other malware from predefined Web sites. Rugzip may itself be installed by other malware. Once it has performed its malicious routines, it deletes itself to avoid detection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakespypro">ms-caro-malware-full:malware-family="Fakespypro"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A rogue security family that falsely claims that the affected computer is infected with malware and encourages the user to buy a promoted product it claims will clean the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_buzuz">ms-caro-malware-full:malware-family="Buzuz"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that downloads malware known as 'SpywareIsolator' a rogue security software program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_poisonivy">ms-caro-malware-full:malware-family="PoisonIvy"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of backdoor trojans that allow unauthorized access to and control of an affected machine. Poisonivy attempts to hide by injecting itself into other processes</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_agentbypass">ms-caro-malware-full:malware-family="AgentBypass"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A detection for files that attempt to inject possibly malicious code into the explorer.exe process.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_enfal">ms-caro-malware-full:malware-family="Enfal"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_systemhijack">ms-caro-malware-full:malware-family="SystemHijack"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A generic detection that uses advanced heuristics in the Microsoft Antivirus engine to detect malware that displays particular types of malicious behavior.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_procinject">ms-caro-malware-full:malware-family="ProcInject"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_malres">ms-caro-malware-full:malware-family="Malres"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that drops another malware, detected as Virtool:WinNT/Malres.A, into the system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_kirpich">ms-caro-malware-full:malware-family="Kirpich"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a trojan that drops malicious code into the system. It also infects two system files; the infected files are detected as Virus:Win32/Kirpich.A, in the system. This does not constitute virus behavior for the trojan as it does not infect any other files and therefore does not have any conventional replication routines. TrojanDropper:Win32/Kirpich.A also disables Data Execution Protection and steals specific system information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_malagent">ms-caro-malware-full:malware-family="Malagent"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bumat">ms-caro-malware-full:malware-family="Bumat"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bifrose">ms-caro-malware-full:malware-family="Bifrose"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A backdoor trojan that allows a remote attacker to access the compromised computer and injects its processes into the Windows shell and Internet Explorer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ripinip">ms-caro-malware-full:malware-family="Ripinip"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat can give a hacker unauthorized access and control of your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_riler">ms-caro-malware-full:malware-family="Riler"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_farfli">ms-caro-malware-full:malware-family="Farfli"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that drops various files detected as malware into a system. It also has backdoor capabilities that allow it to contact a remote attacker and wait for instructions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pcclient">ms-caro-malware-full:malware-family="PcClient"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A backdoor trojan family with several components including a key logger, backdoor, and a rootkit.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_veden">ms-caro-malware-full:malware-family="Veden"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_banload">ms-caro-malware-full:malware-family="Banload"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of trojans that download other malware. Banload usually downloads Win32/Banker, which steals banking credentials and other sensitive data and sends it back to a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_microjoin">ms-caro-malware-full:malware-family="Microjoin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a tool that is used to deploy malware without being detected. It is used to bundle multiple files, consisting of a clean file and malware files, into a single executable.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_killav">ms-caro-malware-full:malware-family="Killav"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a trojan that terminates a large number of security-related processes, including those for antivirus, monitoring, or debugging tools, and may install certain exploits for the vulnerability addressed by Microsoft Security Bulletin MS08-067</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cinmus">ms-caro-malware-full:malware-family="Cinmus"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_messengerplus">ms-caro-malware-full:malware-family="MessengerPlus"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A non-Microsoft add-on for Microsofts Windows Live Messenger, called Messenger Plus!. It comes with an optional sponsor program installation, detected as Spyware:Win32/C2Lop.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_haxdoor">ms-caro-malware-full:malware-family="Haxdoor"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a backdoor trojan that allows remote control of the machine over the Internet. The trojan is rootkit-enabled, allowing it to hide processes and files related to the threat. Haxdoor lowers security settings on the computer and gathers user and system information to send to a third party</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_nieguide">ms-caro-malware-full:malware-family="Nieguide"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a detection for a DLL file that connects to a Web site and may display advertisements or download other programs</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ithink">ms-caro-malware-full:malware-family="Ithink"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - displays pop-up advertisements; it is usually bundled with other applications</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pointad">ms-caro-malware-full:malware-family="Pointad"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This program was detected by definitions prior to 1.175.2145.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_webdir">ms-caro-malware-full:malware-family="Webdir"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A Web Browser Helper Object (BHO) used to collect user information and display targeted advertisings using Internet Explorer browser. Webdir attempts to modify certain visited urls to include affiliate IDs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_microbillsys">ms-caro-malware-full:malware-family="Microbillsys"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a program that processes payments made to a billing Web site. It is considered potentially unwanted software because it cannot be removed from the Add/Remove Programs list in Control Panel; rather, a user requires an 'uninstall code' before the program can be removed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_kerlofost">ms-caro-malware-full:malware-family="Kerlofost"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a browser helper object (BHO) that may modify browsing behavior; redirect searches; report user statistics, behavior, and searches back to a remote server; and display pop-up advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zwangi">ms-caro-malware-full:malware-family="Zwangi"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A program that runs as a service in the background and modifies Web browser settings to visit a particular Web site</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_doubled">ms-caro-malware-full:malware-family="DoubleD"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - an adware program that displays pop-up advertising, runs at each system start and is installed as an Internet Explorer toolbar.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_shopathome">ms-caro-malware-full:malware-family="ShopAtHome"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A browser redirector that monitors Web-browsing behavior and online purchases. It claims to track points for ShopAtHome rebates when the user buys products directly from affiliated merchant Web sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakevimes">ms-caro-malware-full:malware-family="FakeVimes"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a downloading component of Win32/FakeVimes - a family of programs that claims to scan for malware and displays fake warnings of 'malicious programs and viruses'. They then inform the user that they need to pay money to register the software in order to remove these non-existent threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakecog">ms-caro-malware-full:malware-family="FakeCog"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat claims to scan your PC for malware and then shows you fake warnings. They try to convince you to pay to register the software to remove the non-existent threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakeadpro">ms-caro-malware-full:malware-family="FakeAdPro"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a program that may display false and misleading alerts regarding errors and malware to entice users to purchase it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakesmoke">ms-caro-malware-full:malware-family="FakeSmoke"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a family of trojans consisting of a fake Security Center interface and a fake antivirus program.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakebye">ms-caro-malware-full:malware-family="FakeBye"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A rogue security software family that uses a Korean-language user interface.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_hiloti">ms-caro-malware-full:malware-family="Hiloti"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a generic detection for a trojan that interferes with an affected user&#8217;s browsing habits and downloads and executes arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tikayb">ms-caro-malware-full:malware-family="Tikayb"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that attempts to establish a secure network connection to various Web sites without the users consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ursnif">ms-caro-malware-full:malware-family="Ursnif"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of trojans that steals sensitive information from an affected computer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rimecud">ms-caro-malware-full:malware-family="Rimecud"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A family of worms with multiple components that spreads via fixed and removable drives and via instant messaging. It also contains backdoor functionality that allows unauthorized access to an affected system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_lethic">ms-caro-malware-full:malware-family="Lethic"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A trojan that connects to remote servers, which may lead to unauthorized access to an affected system.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ceeinject">ms-caro-malware-full:malware-family="CeeInject"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat has been 'obfuscated', which means it has tried to hide its purpose so your security software doesn&#8217;t detect it. The malware that lies underneath this obfuscation can have almost any purpose.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cmdow">ms-caro-malware-full:malware-family="Cmdow"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a detection for a command-line tool and violated the guidelines by which Microsoft identified unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_yabector">ms-caro-malware-full:malware-family="Yabector"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This trojan can use your PC to click on online advertisements without your permission or knowledge. This can earn money for a malicious hacker by making a website or application appear more popular than it is.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_renocide">ms-caro-malware-full:malware-family="Renocide"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a family of worms that spread via local, removable, and network drives and also using file sharing applications. They have IRC-based backdoor functionality, which may allow a remote attacker to execute commands on the affected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_liften">ms-caro-malware-full:malware-family="Liften"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a trojan that is used to stop affected users from downloading security updates. It is downloaded by Trojan:Win32/FakeXPA.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_shellcode">ms-caro-malware-full:malware-family="ShellCode"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A generic detection for JavaScript-enabled objects that contain exploit code and may exhibit suspicious behavior. Malicious websites and malformed PDF documents may contain JavaScript that attempts to execute code without the affected user&#8217;s consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_flyagent">ms-caro-malware-full:malware-family="FlyAgent"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A backdoor trojan program that is capable of performing several actions depending on the commands of a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_psyme">ms-caro-malware-full:malware-family="Psyme"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat downloads and installs other programs, including other malware, onto your PC without your consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_orsam">ms-caro-malware-full:malware-family="Orsam"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - A generic detection for a variety of threats. A name used for trojans that have been added to MS signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_agentoff">ms-caro-malware-full:malware-family="AgentOff"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This threat can perform a number of actions of a malicious hacker&#8217;s choice on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_nuj">ms-caro-malware-full:malware-family="Nuj"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a worm that copies itself to fixed, removable or network drives. Some variants of this worm may also terminate antivirus-related processes.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sohanad">ms-caro-malware-full:malware-family="Sohanad"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - Worms automatically spread to other PCs. They can do this in a number of ways, including by copying themselves to removable drives, network folders, or spreading through email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_i2isolutions">ms-caro-malware-full:malware-family="I2ISolutions"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dpoint">ms-caro-malware-full:malware-family="Dpoint"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This program was detected by definitions prior to 1.175.1915.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_silly_p2p">ms-caro-malware-full:malware-family="Silly_P2P"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - Worms automatically spread to other PCs. They can do this in a number of ways, including by copying themselves to removable drives, network folders, or spreading through email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vobfus">ms-caro-malware-full:malware-family="Vobfus"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This family of worms can download other malware onto your PC, including: Win32/Beebone, Win32/Fareit, Win32/Zbot. Vobfus worms can be downloaded by other malware or spread via removable drives, such as USB flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_daurso">ms-caro-malware-full:malware-family="Daurso"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a family of trojans that attempts to steal sensitive information, including passwords and FTP authentication details from affected computers. This family targets particular FTP applications and also attempts to steal data from Protected Storage.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mydealassistant">ms-caro-malware-full:malware-family="MyDealAssistant"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_adsubscribe">ms-caro-malware-full:malware-family="Adsubscribe"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This program was detected by definitions prior to 1.175.1834.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mycentria">ms-caro-malware-full:malware-family="MyCentria"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fierads">ms-caro-malware-full:malware-family="Fierads"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This program was detected by definitions prior to 1.175.2037.0 as it violated the guidelines by which Microsoft identified unwanted software. Based on analysis using current guidelines, the program does not have unwanted behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vbinject">ms-caro-malware-full:malware-family="VBInject"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - This is a generic detection for malicious files that are obfuscated using particular techniques to prevent their detection or analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_perfectkeylogger">ms-caro-malware-full:malware-family="PerfectKeylogger"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2009 - a commercial monitoring program that monitors user activity, such as keystrokes typed. MonitoringTool:Win32/PerfectKeylogger is available for purchase at the company&#8217;s website. It may also have been installed without user consent by a Trojan or other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_agobot">ms-caro-malware-full:malware-family="AgoBot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A backdoor that communicates with a central server using IRC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bubnix">ms-caro-malware-full:malware-family="Bubnix"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A generic detection for a kernel-mode driver installed by other malware that hides its presence on an affected computer by blocking registry and file access to itself. The trojan may report its installation to a remote server and download and distribute spam email messages and could download and execute arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_citeary">ms-caro-malware-full:malware-family="Citeary"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A kernel mode driver installed by Win32/Citeary, a worm that spreads to all available drives including the local drive, installs device drivers and attempts to download other malware from a predefined website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakeinit">ms-caro-malware-full:malware-family="Fakeinit"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A rogue security software family distributed under the names Internet Security 2010, Security Essentials 2010, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_oficla">ms-caro-malware-full:malware-family="Oficla"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A family of trojans that attempt to inject code into running processes in order to download and execute arbitrary files. It may download rogue security programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pasur">ms-caro-malware-full:malware-family="Pasur"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - a name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_prettypark">ms-caro-malware-full:malware-family="PrettyPark"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A worm that spreads via email attachments. It allows backdoor access and control of an infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_prorat">ms-caro-malware-full:malware-family="Prorat"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A trojan that opens random ports that allow remote access from an attacker to the affected computer. This backdoor may download and execute other malware from predefined websites and may terminate several security applications or services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pushbot">ms-caro-malware-full:malware-family="Pushbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A detection for a family of malware that spreads via MSN Messenger, Yahoo! Messenger, and AIM when commanded by a remote attacker. It contains backdoor functionality that allows unauthorized access and control of an affected machine.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_randex">ms-caro-malware-full:malware-family="Randex"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A worm that scans randomly generated IP addresses to attempt to spread to network shares with weak passwords. After the worm infects a computer, it connects to an IRC server to receive commands from the attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sdbot_2">ms-caro-malware-full:malware-family="SDBot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A family of backdoor trojans that allows attackers to control infected computers over an IRC channel.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_trenk">ms-caro-malware-full:malware-family="Trenk"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - a name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tofsee">ms-caro-malware-full:malware-family="Tofsee"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A multi-component family of backdoor trojans that act as a spam and traffic relay.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ursap">ms-caro-malware-full:malware-family="Ursap"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - a name used for backdoor trojan detections that have been added to Microsoft signatures after advanced automated analysis.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zbot">ms-caro-malware-full:malware-family="Zbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL09 - A family of password stealing trojans that also contains backdoor functionality allowing unauthorized access and control of an affected machine.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ciucio">ms-caro-malware-full:malware-family="Ciucio"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A family of trojans that connect to certain websites in order to download arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_clickpotato">ms-caro-malware-full:malware-family="ClickPotato"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A program that displays popup and notification-style advertisements based on the users browsing habits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2010_0806">ms-caro-malware-full:malware-family="CVE-2010-0806"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A detection for malicious JavaScript that attempts to exploit the vulnerability addressed by Microsoft Security Bulletin MS10-018.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_delf">ms-caro-malware-full:malware-family="Delf"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A detection for various threats written in the Delphi programming language. The behaviors displayed by this malware family are highly variable.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakepav">ms-caro-malware-full:malware-family="FakePAV"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A rogue security software family that masquerades as Microsoft Security Essentials.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_keygen">ms-caro-malware-full:malware-family="Keygen"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A generic detection for tools that generate product keys for illegally obtained versions of various software products.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_onescan">ms-caro-malware-full:malware-family="Onescan"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A Korean-language rogue security software family distributed under the names One Scan, Siren114, EnPrivacy, PC Trouble, My Vaccine, and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pornpop">ms-caro-malware-full:malware-family="Pornpop"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A generic detection for specially-crafted JavaScript-enabled objects that attempt to display pop-under advertisements, usually with adult content.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_startpage">ms-caro-malware-full:malware-family="Startpage"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2010 VOL10 - A detection for various threats that change the configured start page of the affected users web browser, and may also perform other malicious actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_begseabug">ms-caro-malware-full:malware-family="Begseabug"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A trojan that downloads and executes arbitrary files on an affected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2010_0840">ms-caro-malware-full:malware-family="CVE-2010-0840"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A detection for a malicious and obfuscated Java class that exploits a vulnerability described in CVE-2010-0840. Oracle Corporation addressed the vulnerability with a security update in March 2010.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cycbot">ms-caro-malware-full:malware-family="Cycbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A backdoor trojan that allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific remote server to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_droiddream">ms-caro-malware-full:malware-family="DroidDream"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A malicious program that affects mobile devices running the Android operating system. It may be bundled with clean applications, and is capable of allowing a remote attacker to gain access to the mobile device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakemacdef">ms-caro-malware-full:malware-family="FakeMacdef"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A rogue security software family that affects Apple Mac OS X. It has been distributed under the names MacDefender, MacSecurity, MacProtector, and possibly others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gamehack">ms-caro-malware-full:malware-family="GameHack"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - Malware that is often bundled with game applications. It commonly displays unwanted pop-up advertisements and may be installed as a web browser helper object.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_loic">ms-caro-malware-full:malware-family="Loic"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - An open-source network attack tool designed to perform denial-ofservice (DoS) attacks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_lotoor">ms-caro-malware-full:malware-family="Lotoor"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A detection for specially crafted Android programs that attempt to exploit vulnerabilities in the Android operating system to gain root privilege.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_nuqel">ms-caro-malware-full:malware-family="Nuqel"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A worm that spreads via mapped drives and certain instant messaging applications. It may modify system settings, connect to certain websites, download arbitrary files, or take other malicious actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_offerbox">ms-caro-malware-full:malware-family="OfferBox"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A program that displays offers based on the user&#8217;s web browsing habits. Some versions may display advertisements in a pop-under window. Win32/OfferBox may be installed without adequate user consent by malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_opencandy">ms-caro-malware-full:malware-family="OpenCandy"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - An adware program that may be bundled with certain thirdparty software installation programs. Some versions may send user-specific information, including a unique machine code, operating system information, locale, and certain other information to a remote server without obtaining adequate user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pameseg">ms-caro-malware-full:malware-family="Pameseg"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A fake program installer that requires the user to send SMS messages to a premium number to successfully install certain programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pramro">ms-caro-malware-full:malware-family="Pramro"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A trojan that creates a proxy on the infected computer for email and HTTP traffic, and is used to send spam email.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ramnit">ms-caro-malware-full:malware-family="Ramnit"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A family of multi-component malware that infects executable files, Microsoft Office files, and HTML files. Win32/Ramnit spreads to removable drives and steals sensitive information such as saved FTP credentials and browser cookies. It may also open a backdoor to await instructions from a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rlsloup">ms-caro-malware-full:malware-family="Rlsloup"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A family of trojans that are used to send spam email. Rlsloup consists of several components, including an installation trojan component and a spamming payload component.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_shopperreports">ms-caro-malware-full:malware-family="ShopperReports"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - Adware that displays targeted advertising to affected users while browsing the Internet, based on search terms entered into search engines.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sinowal">ms-caro-malware-full:malware-family="Sinowal"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A family of password-stealing and backdoor trojans. It may try to install a fraudulent SSL certificate on the computer. Sinowal may also capture user data such as banking credentials from various user accounts and send the data to Web sites specified by the attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_stuxnet">ms-caro-malware-full:malware-family="Stuxnet"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A multi-component family that spreads via removable volumes by exploiting the vulnerability addressed by Microsoft Security Bulletin MS10-046.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_swimnag">ms-caro-malware-full:malware-family="Swimnag"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A worm that spreads via removable drives and drops a randomly-named DLL in the Windows system folder.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tedroo">ms-caro-malware-full:malware-family="Tedroo"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A trojan that sends spam email messages. Some variants may disable certain Windows services or allow backdoor access by a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_yimfoca">ms-caro-malware-full:malware-family="Yimfoca"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL11 - A worm family that spreads via common instant messaging applications and social networking sites. It is capable of connecting to a remote HTTP or IRC server to receive updated configuration data. It also modifies certain system and security settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bamital">ms-caro-malware-full:malware-family="Bamital"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A family of malware that intercepts web browser traffic and prevents access to specific security-related websites by modifying the Hosts file. Bamital variants may also modify specific legitimate Windows files in order to execute their payload.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_blacole">ms-caro-malware-full:malware-family="Blacole"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - An exploit pack, also known as Blackhole, that is installed on a compromised web server by an attacker and includes a number of exploits that target browser software. If a vulnerable computer browses a compromised website containing the exploit pack, various malware may be downloaded and run.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bulilit">ms-caro-malware-full:malware-family="Bulilit"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A trojan that silently downloads and installs other programs without consent. Infection could involve the installation of additional malware or malware components to an affected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dorkbot">ms-caro-malware-full:malware-family="Dorkbot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A worm that spreads via instant messaging and removable drives. It also contains backdoor functionality that allows unauthorized access and control of the affected computer. Win32/Dorkbot may be distributed from compromised or malicious websites using PDF or browser exploits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_eyestye">ms-caro-malware-full:malware-family="EyeStye"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A trojan that attempts to steal sensitive data using a method known as form grabbing, and sends it to a remote attacker. It may also download and execute arbitary files and use a rootkit component to hide its activities.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakesysdef">ms-caro-malware-full:malware-family="FakeSysdef"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A rogue security software family that claims to discover nonexistent hardware defects related to system memory, hard drives, and overall system performance, and charges a fee to fix the supposed problems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_helompy">ms-caro-malware-full:malware-family="Helompy"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A worm that spreads via removable drives and attempts to capture and steal authentication details for a number of different websites or online services, including Facebook and Gmail.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_malf">ms-caro-malware-full:malware-family="Malf"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A generic detection for malware that drops additional malicious files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rugo">ms-caro-malware-full:malware-family="Rugo"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A program that installs silently on the users computer and displays advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sirefef">ms-caro-malware-full:malware-family="Sirefef"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A rogue security software family distributed under the name Antivirus 2010 and others.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sisproc">ms-caro-malware-full:malware-family="Sisproc"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A generic detection for a group of trojans that have been observed to perform a number of various and common malware behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_swisyn">ms-caro-malware-full:malware-family="Swisyn"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2011 VOL12 - A trojan that drops and executes arbitrary files on an infected computer. The dropped files may be potentially unwanted or malicious programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_blacoleref">ms-caro-malware-full:malware-family="BlacoleRef"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - An obfuscated script, often found inserted into compromised websites, that uses a hidden inline frame to redirect the browser to a Blacole exploit server.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2012_0507">ms-caro-malware-full:malware-family="CVE-2012-0507"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A detection for a malicious Java applet that exploits the Java Runtime Environment (JRE) vulnerability described in CVE-2012-0507, addressed by an Oracle security update in February 2012.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_flashback">ms-caro-malware-full:malware-family="Flashback"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A trojan that targets Java JRE vulnerability CVE-2012-0507 on Mac OS X to enroll the infected computer in a botnet.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gendows">ms-caro-malware-full:malware-family="Gendows"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A tool that attempts to activate Windows 7 and Windows Vista operating system installations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gingerbreak">ms-caro-malware-full:malware-family="GingerBreak"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A program that affects mobile devices running the Android operating system. It drops and executes an exploit that, if run successfully, gains administrator privileges on the device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gingermaster">ms-caro-malware-full:malware-family="GingerMaster"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A malicious program that affects mobile devices running the Android operating system. It may be bundled with clean applications, and is capable of allowing a remote attacker to gain access to the mobile device.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mult_2">ms-caro-malware-full:malware-family="Mult"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A generic detection for various exploits written in the JavaScript language.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_patch">ms-caro-malware-full:malware-family="Patch"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A family of tools intended to modify, or 'patch' programs that may be evaluation copies, or unregistered versions with limited features for the purpose of removing the limitations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_phoex">ms-caro-malware-full:malware-family="Phoex"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A malicious script that exploits the Java Runtime Environment (JRE) vulnerability discussed in CVE-2010-4452. If run in a computer running a vulnerable version of Java, it downloads and executes arbitrary files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pluzoks">ms-caro-malware-full:malware-family="Pluzoks"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_popupper">ms-caro-malware-full:malware-family="Popupper"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A detection for a particular JavaScript script that attempts to display pop-under advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wizpop">ms-caro-malware-full:malware-family="Wizpop"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - Adware that may track user search habits and download executable programs without user consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wpakill">ms-caro-malware-full:malware-family="Wpakill"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A family of tools that attempt to disable or bypass WPA (Windows Product Activation), WGA (Windows Genuine Advantage) checks, or WAT (Windows Activation Technologies), by altering Windows operating system files, terminating processes, or stopping services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_yeltminky">ms-caro-malware-full:malware-family="Yeltminky"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2012 VOL13 - A family of worms that spreads by making copies of itself on all available drives and creating an autorun.inf file to execute that copy.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_aimesu">ms-caro-malware-full:malware-family="Aimesu"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A threat that exploits vulnerabilities in unpatched versions of Java, Adobe Reader, or Flash Player. It then installs other malare on the computer, including components of the Blackhole and Cool exploit kits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bdaejec">ms-caro-malware-full:malware-family="Bdaejec"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A trojan that allows unauthorized access and control of an affected computer, and that may download and install other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bursted">ms-caro-malware-full:malware-family="Bursted"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A virus written in the AutoLISP scripting language used by the AutoCAD computer-aided design program. It infects other AutoLISP files with the extension .lsp.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_colkit">ms-caro-malware-full:malware-family="Colkit"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A detection for obfuscated, malicious JavaScript code that redirects to or loads files that may exploit a vulnerable version of Java, Adobe Reader, or Adobe Flash, possibly in an attempt to load malware onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_coolex">ms-caro-malware-full:malware-family="Coolex"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A detection for scripts from an exploit pack known as the Cool Exploit Kit. These scripts are often used in ransomware schemes in which an attacker locks a victims computer or encrypts the users data and demands money to make it available again.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cpllnk">ms-caro-malware-full:malware-family="CplLnk"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A generic detection for specially crafted malicious shortcut files that attempt to exploit the vulnerability addressed by Microsoft Security Bulletin MS10-046, CVE-2010-2568.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2011_1823">ms-caro-malware-full:malware-family="CVE-2011-1823"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A detection for specially crafted Android programs that attempt to exploit a vulnerability in the Android operating system to gain root privilege.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2012_1723">ms-caro-malware-full:malware-family="CVE-2012-1723"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A family of malicious Java applets that attempt to exploit vulnerability CVE-2012-1723 in the Java Runtime Environment (JRE) to download and install files of an attackers choice onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dealply">ms-caro-malware-full:malware-family="DealPly"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - Adware that displays offers related to the users web browsing habits. It may be bundled with certain third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fareit">ms-caro-malware-full:malware-family="Fareit"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A malware family that has multiple components: a password stealing component that steals sensitive information and sends it to an attacker, and a DDoS component that could be used against other computers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fastsaveapp">ms-caro-malware-full:malware-family="FastSaveApp"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - An adware program that displays offers related to the user&#8217;s web browsing habits. It may use the name 'SaveAs' or 'SaveByClick'.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_findlyrics">ms-caro-malware-full:malware-family="FindLyrics"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - An adware program that displays ads related to the user&#8217;s web browsing habits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gamarue">ms-caro-malware-full:malware-family="Gamarue"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A worm that is commonly distributed via exploit kits and social engineering. Variants have been observed stealing information from the local computer and communicating with command-and-control (C&amp;C) servers managed by attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_gisav">ms-caro-malware-full:malware-family="Gisav"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - An adware program that displays offers related to the user&#8217;s web browsing habits. It can be downloaded from the program&#8217;s website, and can be bundled with some third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_infoatoms">ms-caro-malware-full:malware-family="InfoAtoms"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - An adware program that displays advertisements related to the user&#8217;s web browsing habits and inserts advertisements into websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_perl_ircbot_e">ms-caro-malware-full:malware-family="Perl/IRCbot.E"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A backdoor trojan that drops other malicious software and connects to IRC servers to receive commands from attackers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_javrobat">ms-caro-malware-full:malware-family="Javrobat"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - An exploit that tries to check whether certain versions of Adobe Acrobat or Adobe Reader are installed on the computer. If so, it tries to install malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_kraddare">ms-caro-malware-full:malware-family="Kraddare"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - Adware that displays Korean-language advertisements.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pricegong">ms-caro-malware-full:malware-family="PriceGong"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - An adware program that shows certain deals related to the search terms entered on any web page.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_protlerdob">ms-caro-malware-full:malware-family="Protlerdob"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A software installer with a Portuguese language user interface. It presents itself as a free movie download but bundles with it a number of programs that may charge for services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_qhost">ms-caro-malware-full:malware-family="Qhost"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A generic detection for trojans that modify the HOSTS file on the computer to redirect or limit Internet traffic to certain sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_reveton">ms-caro-malware-full:malware-family="Reveton"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A ransomware family that targets users from certain countries or regions. It locks the computer and displays a location-specific webpage that covers the desktop and demands that the user pay a fine for the supposed possession of illicit material.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rongvhin">ms-caro-malware-full:malware-family="Rongvhin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A family of malware that perpetrates click fraud. It might be delivered to the computer via hack tools for the game CrossFire.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_seedabutor">ms-caro-malware-full:malware-family="Seedabutor"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A JavaScript trojan that attempts to redirect the browser to another website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_smser">ms-caro-malware-full:malware-family="SMSer"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A ransomware trojan that locks an affected users computer and requests that the user send a text message to a premium-charge number to unlock it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tobfy">ms-caro-malware-full:malware-family="Tobfy"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A family of ransomware trojans that targets users from certain countries. It locks the computer and displays a localized message demanding the payment of a fine for the supposed possession of illicit material. Some variants may also take webcam screenshots, play audio messages, or affect certain processes or drivers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_truado">ms-caro-malware-full:malware-family="Truado"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A trojan that poses as an update for certain Adobe software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_urausy">ms-caro-malware-full:malware-family="Urausy"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A family of ransomware trojans that locks the computer and displays a localized message, supposedly from police authorities, demanding the payment of a fine for alleged criminal activity.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wecykler">ms-caro-malware-full:malware-family="Wecykler"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A family of worms that spread via removable drives, such as USB drives, that may stop security processes and other processes on the computer, and log keystrokes that are later sent to a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_weelsof">ms-caro-malware-full:malware-family="Weelsof"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A family of ransomware trojans that targets users from certain countries. It locks the computer and displays a localized message demanding the payment of a fine for the alleged possession of illicit material. Some variants may take steps that make it difficult to run or update virus protection.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_yakdowpe">ms-caro-malware-full:malware-family="Yakdowpe"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL15 - A family of trojans that connect to certain websites to silently download and install other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_anogre">ms-caro-malware-full:malware-family="Anogre"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A threat that exploits a vulnerability addressed by Microsoft Security Bulletin MS11-087. This vulnerability can allow a hacker to install programs, view, change, or delete data or create new accounts with full administrative privileges.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_brantall">ms-caro-malware-full:malware-family="Brantall"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A family of trojans that download and install other programs, including Win32/Sefnit and Win32/Rotbrow. Brantall often pretends to be an installer for other, legitimate programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_comame">ms-caro-malware-full:malware-family="Comame"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_crilock">ms-caro-malware-full:malware-family="Crilock"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A ransomware family that encrypts the computer&#8217;s files and displays a webpage that demands a fee to unlock them.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2011_3874">ms-caro-malware-full:malware-family="CVE-2011-3874"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A threat that attempts to exploit a vulnerability in the Android operating system to gain access to and control of the device Java/CVE-2012-1723. A family of malicious Java applets that attempt to exploit vulnerability CVE-2012-1723 in the Java Runtime Environment (JRE) in order to download and install files of an attackers choice onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_deminnix">ms-caro-malware-full:malware-family="Deminnix"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A trojan that uses the computer for Bitcoin mining and changes the home page of the web browser. It can accidentally be downloaded along with other files from torrent sites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_detplock">ms-caro-malware-full:malware-family="Detplock"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A generic detection for a variety of threats.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dircrypt">ms-caro-malware-full:malware-family="Dircrypt"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - Ransomware that encrypts the user&#8217;s files and demands payment to release them. It is distributed through spam email messages and can be downloaded by other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_donxref">ms-caro-malware-full:malware-family="DonxRef"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A generic detection for malicious JavaScript objects that construct shellcode. The scripts may try to exploit vulnerabilities in Java, Adobe Flash Player, and Windows.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_faceliker">ms-caro-malware-full:malware-family="Faceliker"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A malicious script that likes content on Facebook without the user&#8217;s knowledge or consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakealert">ms-caro-malware-full:malware-family="FakeAlert"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A malicious script that falsely claims that the computer is infected with viruses and that additional software is needed to disinfect it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_jenxcus">ms-caro-malware-full:malware-family="Jenxcus"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A worm that gives an attacker control of the computer. It is spread by infected removable drives, like USB flash drives. It can also be downloaded within a torrent file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_loktrom">ms-caro-malware-full:malware-family="Loktrom"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - Ransomware that locks the computer and displays a full-screen message pretending to be from a national police force, demanding payment to unlock the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_miposa">ms-caro-malware-full:malware-family="Miposa"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A trojan that downloads and runs malicious Windows Scripting Host (.wsh) files.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_nitol">ms-caro-malware-full:malware-family="Nitol"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A family of trojans that perform DDoS (distributed denial of service) attacks, allow backdoor access and control, download and run files, and perform a number of other malicious activities on the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_oceanmug">ms-caro-malware-full:malware-family="Oceanmug"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A trojan that silently downloads and installs other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_proslikefan">ms-caro-malware-full:malware-family="Proslikefan"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A worm that spreads through removable drives, network shares, and P2P programs. It can lower the computer&#8217;s security settings and disable antivirus products.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rotbrow">ms-caro-malware-full:malware-family="Rotbrow"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A trojan that installs browser add-ons that claim to offer protection from other add-ons. Rotbrow can change the browser&#8217;s home page, and can install the trojan Win32/Sefnit. It is commonly installed by Win32/Brantall.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sefnit">ms-caro-malware-full:malware-family="Sefnit"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A family of trojans that can allow backdoor access, download files, and use the computer and Internet connection for click fraud. Some variants can monitor web browsers and hijack search results.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_urntone">ms-caro-malware-full:malware-family="Urntone"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A webpage component of the Neutrino exploit kit. It checks the version numbers of popular applications installed on the computer, and attempts to install malware that targets vulnerabilities in the software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wysotot">ms-caro-malware-full:malware-family="Wysotot"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2013 VOL16 - A threat that can change the start page of the user&#8217;s web browser, and may download and install other files to the computer. It is installed by software bundlers that advertise free software or games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_addlyrics">ms-caro-malware-full:malware-family="AddLyrics"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A browser add-on that displays lyrics for songs on YouTube, and displays advertisements in the browser window.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_adpeak">ms-caro-malware-full:malware-family="Adpeak"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - Adware that displays extra ads as the user browses the Internet, without revealing where the ads are coming from. It may be bundled with some third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_axpergle">ms-caro-malware-full:malware-family="Axpergle"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for the Angler exploit kit, which exploits vulnerabilities in recent versions of Internet Explorer, Silverlight, Adobe Flash Player, and Java to install malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bepush">ms-caro-malware-full:malware-family="Bepush"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A family of trojans that download and install add-ons for the Firefox and Chrome browsers that post malicious links to social networking sites, track browser usage, and redirect the browser to specific websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bettersurf">ms-caro-malware-full:malware-family="BetterSurf"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - Adware that displays unwanted ads on search engine results pages and other websites. It may be included with software bundles that offer free applications or games.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bladabindi">ms-caro-malware-full:malware-family="Bladabindi"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A family of backdoors created by a malicious hacker tool called NJ Rat. They can steal sensitive information, download other malware, and allow backdoor access to an infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_caphaw">ms-caro-malware-full:malware-family="Caphaw"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A family of backdoors that spread via Facebook, YouTube, Skype, removable drives, and drive-by download. They can make Facebook posts via the user&#8217;s account, and may steal online banking details.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_clikug">ms-caro-malware-full:malware-family="Clikug"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A threat that uses a computer for click fraud. It has been observed using as much as a gigabyte of bandwidth per hour.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2014_0322">ms-caro-malware-full:malware-family="CVE-2014-0322"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:This threat uses a vulnerability MS14-012, CVE-2014-0322 in Internet Explorer 9 and 10 to download and run files on your PC, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2013_0422">ms-caro-malware-full:malware-family="CVE-2013-0422"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for a malicious Java applet that exploits the Java Runtime Environment (JRE) vulnerability described in CVE-2013-0422, addressed by an Oracle security update in January 2013.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dowque">ms-caro-malware-full:malware-family="Dowque"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A generic detection for malicious files that are capable of installing other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fashack">ms-caro-malware-full:malware-family="Fashack"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for the Safehack exploit kit, also known as Flashpack. It uses vulnerabilities in Adobe Flash Player, Java, and Silverlight to install malware on a computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_feven">ms-caro-malware-full:malware-family="Feven"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A browser add-on for Internet Explorer, Firefox, or Chrome that displays ads on search engine results pages and other websites, and redirects the browser to specific websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fiexp">ms-caro-malware-full:malware-family="Fiexp"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for the Fiesta exploit kit, which attempts to exploit Java, Adobe Flash Player, Adobe Reader, Silverlight, and Internet Explorer to install malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_filcout">ms-caro-malware-full:malware-family="Filcout"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - An application that offers to locate and download programs to run unknown files. It has been observed installing variants in the Win32/Sefnit family.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_genasom">ms-caro-malware-full:malware-family="Genasom"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A ransomware family that locks a computer and demands money to unlock it. It usually targets Russian-language users, and may open pornographic websites.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_kegotip">ms-caro-malware-full:malware-family="Kegotip"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A password-stealing trojan that can steal email addresses, personal information, or user account information for certain programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_krypterade">ms-caro-malware-full:malware-family="Krypterade"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - Ransomware that fraudulently claims a computer has been used for unlawful activity, locks it, and demands that the user pay to unlock it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_lecpetex">ms-caro-malware-full:malware-family="Lecpetex"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A family of trojans that steal sensitive information, such as user names and passwords. It can also use a computer for Litecoin mining, install other malware, and post malicious content via the user&#8217;s Facebook account.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_lollipop">ms-caro-malware-full:malware-family="Lollipop"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - Adware that may be installed by third-party software bundlers. It displays ads based on search engine searches, which can differ by geographic location and may be pornographic.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_meadgive">ms-caro-malware-full:malware-family="Meadgive"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for the Redkit exploit kit, also known as Infinity and Goon. It attempts to exploit vulnerabilities in programs such as Java and Silverlight to install other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_neclu">ms-caro-malware-full:malware-family="Neclu"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for the Nuclear exploit kit, which attempts to exploit vulnerabilities in programs such as Java and Adobe Reader to install other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ogimant">ms-caro-malware-full:malware-family="Ogimant"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A threat that claims to help download items from the Internet, but actually downloads and runs files that are specified by a remote attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_optimizerelite">ms-caro-malware-full:malware-family="OptimizerElite"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A misleading program that uses legitimate files in the Prefetch folder to claim that the computer is damaged, and offers to fix the damage for a price.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pangimop">ms-caro-malware-full:malware-family="Pangimop"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for the Magnitude exploit kit, also known as Popads. It attempts to exploit vulnerabilities in programs such as Java and Adobe Flash Player to install other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_phish">ms-caro-malware-full:malware-family="Phish"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A password-stealing malicious webpage, known as a phishing page, that disguises itself as a page from a legitimate website.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_prast">ms-caro-malware-full:malware-family="Prast"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A generic detection for various password stealing trojans.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_slugin">ms-caro-malware-full:malware-family="Slugin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A file infector that infects .exe and .dll files. It may also perform backdoor actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_spacekito">ms-caro-malware-full:malware-family="Spacekito"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A threat that steals information about the computer and installs browser add-ons that display ads.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tranikpik">ms-caro-malware-full:malware-family="Tranikpik"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:This threat is a backdoor that can give a hacker unauthorized access and control of your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wordinvop">ms-caro-malware-full:malware-family="Wordinvop"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A detection for a specially-crafted Microsoft Word file that attempts to exploit the vulnerability CVE-2006-6456, addressed by Microsoft Security Bulletin MS07-014.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_zegost">ms-caro-malware-full:malware-family="Zegost"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL17 - A backdoor that allows an attacker to remotely access and control a computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_archost">ms-caro-malware-full:malware-family="Archost"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A downloader that installs other programs on the computer without the user&#8217;s consent, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_balamid">ms-caro-malware-full:malware-family="Balamid"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A trojan that can use the computer to click on online advertisements without the user&#8217;s permission or knowledge. This can earn money for a malicious hacker by making a website or application appear more popular than it is.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_beevry">ms-caro-malware-full:malware-family="BeeVry"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A trojan that modifies a number of settings to prevent the computer from accessing security-related websites, and lower the computer&#8217;s security.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bondat">ms-caro-malware-full:malware-family="Bondat"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A family of threats that collects information about the computer, infects removable drives, and tries to stop the user from accessing files. It spreads by infecting removable drives, such as USB thumb drives and flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bregent">ms-caro-malware-full:malware-family="Bregent"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A downloader that injects malicious code into legitimate processes such as explorer.exe and svchost.exe, and downloads other malware onto the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_brolo">ms-caro-malware-full:malware-family="Brolo"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A ransomware family that locks the web browser and displays a message, often pretending to be from a law enforcement agency, demanding money to unlock the browser.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_costmin">ms-caro-malware-full:malware-family="CostMin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - An adware family that installs itself as a browser extension for Internet Explorer, Mozilla Firefox, and Google Chrome, and displays advertisements as the user browses the Internet.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_couponruc">ms-caro-malware-full:malware-family="CouponRuc"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A browser modifier that changes browser settings and may also modify some computer and Internet settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_crastic">ms-caro-malware-full:malware-family="Crastic"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A trojan that sends sensitive information to a remote attacker, such as user names, passwords and information about the computer. It can also delete System Restore points, making it harder to recover the computer to a pre-infected state.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_crowti">ms-caro-malware-full:malware-family="Crowti"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A ransomware family that encrypts files on the computer and demands that the user pay a fee to decrypt them, using Bitcoins.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2013_1488">ms-caro-malware-full:malware-family="CVE-2013-1488"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A detection for threats that use a Java vulnerability to download and run files on your PC, including other malware. Oracle addressed the vulnerability with a security update in April 2013.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_defaulttab">ms-caro-malware-full:malware-family="DefaultTab"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A browser modifier that redirects web browser searches and prevents the user from changing browser settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ippedo">ms-caro-malware-full:malware-family="Ippedo"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A worm that can send sensitive information to a malicious hacker. It spreads through infected removable drives, such as USB flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_kilim">ms-caro-malware-full:malware-family="Kilim"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A trojan that hijacks the user&#8217;s Facebook, Twitter, or YouTube account to promote pages. It may post hyperlinks or like pages on Facebook, post comments on YouTube videos, or follow profiles and send direct messages on Twitter without permission.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mofin">ms-caro-malware-full:malware-family="Mofin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A worm that can steal files from your PC and send them to a malicious hacker. It spreads via infected removable drives, such as USB flash drives.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mptampersrp">ms-caro-malware-full:malware-family="MpTamperSrp"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A generic detection for an attempt to add software restriction policies to restrict Microsoft antimalware products, such as Microsoft Security Essentials and Windows Defender, from functioning properly.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mujormel">ms-caro-malware-full:malware-family="Mujormel"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A password stealer that can steal personal information, such as user names and passwords, and send the stolen information to a malicious hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pennybee">ms-caro-malware-full:malware-family="PennyBee"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - Adware that shows ads as the user browses the web. It can be installed from the program&#8217;s website or bundled with some third-party software installation programs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_phdet">ms-caro-malware-full:malware-family="Phdet"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A family of backdoor trojans that is used to perform distributed denial-of service (DDoS) attacks against specified targets.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_rimod">ms-caro-malware-full:malware-family="Rimod"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A generic detection for files that change various security settings in the computer Win32/Rotbrow. A trojan that installs browser add-ons that claim to offer protection from other add-ons. Rotbrow can change the browser&#8217;s home page, and can install the trojan Win32/Sefnit. It is commonly installed by Win32/Brantall.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sigru">ms-caro-malware-full:malware-family="Sigru"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A virus that can stop some files from working correctly in Windows XP and earlier operating systems. It spreads by infecting the master boot record (MBR) on connected hard disks and floppy disks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_simpleshell">ms-caro-malware-full:malware-family="SimpleShell"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A backdoor that can give a malicious hacker unauthorized access to and control of the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_softpulse">ms-caro-malware-full:malware-family="Softpulse"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A software bundler that no longer meets Microsoft detection criteria for unwanted software following a program update in September of 2014.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_squarenet">ms-caro-malware-full:malware-family="SquareNet"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A software bundler that installs other unwanted software, including adware and click-fraud malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tugspay">ms-caro-malware-full:malware-family="Tugspay"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A downloader that spreads by posing as an installer for legitimate software, such as a Java update, or through other malware. When installed, it downloads unwanted software to the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tupym">ms-caro-malware-full:malware-family="Tupym"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A worm that copies itself to the system folder of the affected computer, and attempts to contact remote hosts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vercuser">ms-caro-malware-full:malware-family="Vercuser"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2014 VOL18 - A worm that typically spreads via drive-by download. It also receives commands from a remote server, and has been observed dropping other malware on the infected computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_adnel">ms-caro-malware-full:malware-family="Adnel"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A family of macro malware that can download other threats to the computer, including TrojanDownloader:Win32/Drixed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_adodb">ms-caro-malware-full:malware-family="Adodb"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A generic detection for script trojans that exploit a vulnerability in Microsoft Data Access Components (MDAC) that allows remote code execution. Microsoft released Security Bulletin MS06-014 in April 2006 to address the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_alterbooksp">ms-caro-malware-full:malware-family="AlterbookSP"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A browser add-on that formerly displayed behaviors of unwanted software. Recent versions of the add-on no longer meet Microsoft detection criteria, and are no longer considered unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_brobandel">ms-caro-malware-full:malware-family="BrobanDel"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A family of trojans that can modify boletos bancários, a common payment method in Brazil. They can be installed on the computer when a user opens a malicious spam email attachment.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_compromisedcert">ms-caro-malware-full:malware-family="CompromisedCert"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A detection for the Superfish VisualDiscovery advertising program that was preinstalled on some Lenovo laptops sold in 2014 and 2015. It installs a compromised trusted root certificate on the computer, which can be used to conduct man-in-the-middle attacks on the computer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_couponruc_2">ms-caro-malware-full:malware-family="CouponRuc"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A browser modifier that changes browser settings and may also modify some computer and Internet settings.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_cve_2014_6332">ms-caro-malware-full:malware-family="CVE-2014-6332"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - This threat uses a Microsoft vulnerability MS14-064 to download and run files on your PC, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dyzap">ms-caro-malware-full:malware-family="Dyzap"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A threat that steals login credentials for a long list of banking websites using man-in-the-browser (MITB) attacks. It is usually installed on the infected computer by TrojanDownloader:Win32/Upatre.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_eorezo">ms-caro-malware-full:malware-family="EoRezo"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - Adware that displays targeted advertising to affected users while browsing the Internet, based on downloaded pre-configured information.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fakecall">ms-caro-malware-full:malware-family="FakeCall"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - This threat is a webpage that claims your PC is infected with malware. It asks you to phone a number to receive technical support to help remove the malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_foosace">ms-caro-malware-full:malware-family="Foosace"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A threat that creates files on the compromised computer and contacts a remote host. Observed in the STRONTIUM APT.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_ieenablercby">ms-caro-malware-full:malware-family="IeEnablerCby"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A browser modifier that installs additional browser addons without the user&#8217;s consent. It bypasses the normal prompts or dialogs that ask for consent to install add-ons.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_installerex">ms-caro-malware-full:malware-family="InstalleRex"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A software bundler that installs unwanted software, including Win32/CouponRuc and Win32/SaverExtension. It alters its own 'Installed On' date in Programs and Features to make it more difficult for a user to locate it and remove it.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_jacktheripper">ms-caro-malware-full:malware-family="JackTheRipper"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A virus that can stop some files from working correctly in Windows XP and earlier operating systems. It spreads by infecting the master boot record (MBR) on connected hard disks and floppy disks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_kenilfe">ms-caro-malware-full:malware-family="Kenilfe"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A worm written in AutoCAD Lisp that only runs if AutoCAD is installed on the computer or network. It renames and deletes certain AutoCAD files, and may download and execute arbitrary files from a remote host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_kipodtoolscby">ms-caro-malware-full:malware-family="KipodToolsCby"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A browser modifier that installs additional browser addons without the user&#8217;s consent. It bypasses the normal prompts or dialogs that ask for consent to install add-ons.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_macoute">ms-caro-malware-full:malware-family="Macoute"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A worm that can spread itself to removable USB drives, and may communicate with a remote host.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_neutrinoek">ms-caro-malware-full:malware-family="NeutrinoEK"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - This threat is a webpage that spreads the exploit kit known as Neutrino.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_peaac">ms-caro-malware-full:malware-family="Peaac"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A generic detection for various threats that display trojan characteristics.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_peals">ms-caro-malware-full:malware-family="Peals"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A generic detection for various threats that display trojan characteristics.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_radonskra">ms-caro-malware-full:malware-family="Radonskra"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A family of threats that perform a variety of malicious acts, including stealing information about the computer, showing extra advertisements as the user browses the web, performing click fraud, and downloading other programs without consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_saverextension">ms-caro-malware-full:malware-family="SaverExtension"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A browser add-on that shows ads in the browser without revealing their source, and prevents itself from being removed normally.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sdbby">ms-caro-malware-full:malware-family="Sdbby"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A threat that exploits a bypass to gain administrative privileges on a machine without going through a User Access Control prompt.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_simda">ms-caro-malware-full:malware-family="Simda"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A threat that can give an attacker backdoor access and control of an infected computer. It can then steal passwords and gather information about the computer to send to the attacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_skeeyah">ms-caro-malware-full:malware-family="Skeeyah"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - A generic detection for various threats that display trojan characteristics.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_wordjmp">ms-caro-malware-full:malware-family="Wordjmp"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL19 - An exploit that targets a vulnerability in Word 2002 and 2003 that could allow an attacker to remotely execute arbitrary code. Microsoft released Security Bulletin MS06-027 in June 2006 to address the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_bayads">ms-caro-malware-full:malware-family="Bayads"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A program that displays ads as the user browses the web. It can be bundled with other software. It may call itself bdraw, delta, dlclient, Pay-ByAds, or pricehorse in Programs and Features.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_candyopen">ms-caro-malware-full:malware-family="CandyOpen"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - This application can also affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs: Adds files that run at startup, Modifies boot configuration data, Modifies file associations, Injects into other processes on your system, Changes browser settings, Adds a local proxy, Modifies your system DNS settings, Stops Windows Update, Disables User Access Control (UAC), These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_colisi">ms-caro-malware-full:malware-family="Colisi"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - Behavioral detection of certain files acting in a malicious way.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_creprote">ms-caro-malware-full:malware-family="Creprote"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - These programs are most commonly software bundlers or installers for software such as toolbars, adware, or system optimizers. The software might modify your homepage, your search provider, or perform other actions that you might not have intended.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_diplugem">ms-caro-malware-full:malware-family="Diplugem"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A browser modifier that installs browser add-ons without obtaining the users consent. The add-ons show extra advertisements as the user browses the web, and can inject additional ads into web search results pages.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dipsind">ms-caro-malware-full:malware-family="Dipsind"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A threat that is often used in targeted attacks. It can give an attacker access to the computer to download and run files, steal domain credentials, and perform other malicious actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_donoff">ms-caro-malware-full:malware-family="Donoff"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A threat that uses an infected Microsoft Office file to download other malware onto the computer. It can arrive as a spam email attachment, usually as a Word file (.doc).</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dorv">ms-caro-malware-full:malware-family="Dorv"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A trojan is a type of malware that cant spread on its own. It relies on you to run them on your PC by mistake, or visit a hacked or malicious webpage. They can steal your personal information, download more malware, or give a malicious hacker access to your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_dowadmin">ms-caro-malware-full:malware-family="Dowadmin"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A software bundler that does not provide the user with the option to decline installation of unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_fourthrem">ms-caro-malware-full:malware-family="Fourthrem"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A program that installs unwanted software without adequate consent on the computer at the same time as the software the user is trying to install.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_hao123">ms-caro-malware-full:malware-family="Hao123"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - This threat is a modified Internet Explorer shortcut that changes your Internet Explorer homepage. It might arrive on your PC through bundlers that offer free software. The threat will run a separate threat-related file that changes the Internet Explorer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mizenota">ms-caro-malware-full:malware-family="Mizenota"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - This program is a software bundler that installs unwanted software on your PC at the same time as the software you are trying to install. It may install one of the following: BrowserModifier:Win32/SupTab, BrowserModifier:Win32/Sasquor, BrowserModifier:Win32/Smudplu, SoftwareBundler:Win32/Pokavampo, BrowserModifier:Win32/Shopperz, Adware:Win32/EoRezo</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_mytonel">ms-caro-malware-full:malware-family="Mytonel"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A program that downloads and installs other programs onto the computer without the user&#8217;s consent, including other malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_outbrowse">ms-caro-malware-full:malware-family="OutBrowse"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A software bundler that installs additional unwanted programs alongside software that the user wishes to install. It can remove or hide the installers close button, leaving no way to decline the additional applications.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_peapoon">ms-caro-malware-full:malware-family="Peapoon"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - An adware program that shows users ads that they cannot control as they browse the web. It may identify itself as Coupon in Programs and Features.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_pokki">ms-caro-malware-full:malware-family="Pokki"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A browser add-on that formerly displayed behaviors of unwanted software. Recent versions of the add-on no longer meet Microsoft detection criteria, and are no longer considered unwanted software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_putalol">ms-caro-malware-full:malware-family="Putalol"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - An adware program that shows users ads that they cannot control as they browse the web. It may identify itself as Lolliscan in Programs and Features.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_spigotsearch">ms-caro-malware-full:malware-family="SpigotSearch"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - This application can affect the quality of your computing experience. For example, some potentially unwanted applications can: Install additional bundled software, Modify your homepage, Modify your search provider. These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_spursint">ms-caro-malware-full:malware-family="Spursint"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - This threat has been detected as one of the executable malware that are distributed through URLs.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sulunch">ms-caro-malware-full:malware-family="Sulunch"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A generic detection for a group of trojans that perform a number of common malware behaviors.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_suptab">ms-caro-malware-full:malware-family="SupTab"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A browser modifier that installs itself and changes the browsers default search provider, without obtaining the users consent for either action.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_sventore">ms-caro-malware-full:malware-family="Sventore"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - This trojan can install other malware or unwanted software onto your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_tillail">ms-caro-malware-full:malware-family="Tillail"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A software bundler that installs unwanted software alongside the software the user is trying to install. It has been observed to install the browser modifier Win32/SupTab.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_vopackage">ms-caro-malware-full:malware-family="VOPackage"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - This application can also affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs: Adds files that run at startup, Installs a driver, Injects into other processes on your system, Injects into browsers, Changes browser settings, Changes browser shortcuts, Installs browser extensions, Adds a local proxy, Tampers with root certificate trust, Modifies the system hosts file, Modifies your system DNS settings, Disables anti-virus products, Tampers with system Group Policy settings, These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_full_malware_family_xiazai">ms-caro-malware-full:malware-family="Xiazai"</h4>
<div class="paragraph">
<p>ms-caro-malware-full:2015 VOL20 - A program that installs unwanted software on the computer at the same time as the software the user is trying to install, without adequate consent.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_malware_classification">malware_classification</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
malware_classification namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/malware_classification/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification based on different categories. Based on <a href="https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848" class="bare">https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848</a></p>
</div>
<div class="sect2">
<h3 id="_malware_category">malware-category</h3>
<div class="sect3">
<h4 id="_malware_classification_malware_category_virus">malware_classification:malware-category="Virus"</h4>
<div class="paragraph">
<p>malware_classification:Virus</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_worm">malware_classification:malware-category="Worm"</h4>
<div class="paragraph">
<p>malware_classification:Worm</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_trojan">malware_classification:malware-category="Trojan"</h4>
<div class="paragraph">
<p>malware_classification:Trojan</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_ransomware">malware_classification:malware-category="Ransomware"</h4>
<div class="paragraph">
<p>malware_classification:Ransomware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_rootkit">malware_classification:malware-category="Rootkit"</h4>
<div class="paragraph">
<p>malware_classification:Rootkit</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_downloader">malware_classification:malware-category="Downloader"</h4>
<div class="paragraph">
<p>malware_classification:Downloader</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_adware">malware_classification:malware-category="Adware"</h4>
<div class="paragraph">
<p>malware_classification:Adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_spyware">malware_classification:malware-category="Spyware"</h4>
<div class="paragraph">
<p>malware_classification:Spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_malware_category_botnet">malware_classification:malware-category="Botnet"</h4>
<div class="paragraph">
<p>malware_classification:Botnet</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_obfuscation_technique">obfuscation-technique</h3>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_no_obfuscation">malware_classification:obfuscation-technique="no-obfuscation"</h4>
<div class="paragraph">
<p>malware_classification:No obfuscation is used</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_encryption">malware_classification:obfuscation-technique="encryption"</h4>
<div class="paragraph">
<p>malware_classification:encryption</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_oligomorphism">malware_classification:obfuscation-technique="oligomorphism"</h4>
<div class="paragraph">
<p>malware_classification:oligomorphism</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_metamorphism">malware_classification:obfuscation-technique="metamorphism"</h4>
<div class="paragraph">
<p>malware_classification:metamorphism</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_stealth">malware_classification:obfuscation-technique="stealth"</h4>
<div class="paragraph">
<p>malware_classification:stealth</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_armouring">malware_classification:obfuscation-technique="armouring"</h4>
<div class="paragraph">
<p>malware_classification:armouring</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_encryption_2">malware_classification:obfuscation-technique="encryption"</h4>
<div class="paragraph">
<p>malware_classification:encryption</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_tunneling">malware_classification:obfuscation-technique="tunneling"</h4>
<div class="paragraph">
<p>malware_classification:tunneling</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_xor">malware_classification:obfuscation-technique="XOR"</h4>
<div class="paragraph">
<p>malware_classification:XOR</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_base64">malware_classification:obfuscation-technique="BASE64"</h4>
<div class="paragraph">
<p>malware_classification:BASE64</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_obfuscation_technique_rot13">malware_classification:obfuscation-technique="ROT13"</h4>
<div class="paragraph">
<p>malware_classification:ROT13</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_payload_classification">payload-classification</h3>
<div class="sect3">
<h4 id="_malware_classification_payload_classification_no_payload">malware_classification:payload-classification="no-payload"</h4>
<div class="paragraph">
<p>malware_classification:No payload</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_payload_classification_non_destructive">malware_classification:payload-classification="non-destructive"</h4>
<div class="paragraph">
<p>malware_classification:Non-Destructive</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_payload_classification_destructive">malware_classification:payload-classification="destructive"</h4>
<div class="paragraph">
<p>malware_classification:Destructive</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_payload_classification_dropper">malware_classification:payload-classification="dropper"</h4>
<div class="paragraph">
<p>malware_classification:Dropper</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_memory_classification">memory-classification</h3>
<div class="sect3">
<h4 id="_malware_classification_memory_classification_resident">malware_classification:memory-classification="resident"</h4>
<div class="paragraph">
<p>malware_classification:In memory</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_memory_classification_temporary_resident">malware_classification:memory-classification="temporary-resident"</h4>
<div class="paragraph">
<p>malware_classification:In memory temporarily</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_memory_classification_swapping_mode">malware_classification:memory-classification="swapping-mode"</h4>
<div class="paragraph">
<p>malware_classification:Only a part loaded in memory temporarily</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_memory_classification_non_resident">malware_classification:memory-classification="non-resident"</h4>
<div class="paragraph">
<p>malware_classification:Not in memory</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_memory_classification_user_process">malware_classification:memory-classification="user-process"</h4>
<div class="paragraph">
<p>malware_classification:As a user level process</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classification_memory_classification_kernel_process">malware_classification:memory-classification="kernel-process"</h4>
<div class="paragraph">
<p>malware_classification:As a process in the kernel</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_fr_classif">fr-classif</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
fr-classif namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/fr-classif/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>French gov information classification system</p>
</div>
<div class="sect2">
<h3 id="_classifiees_defense">classifiees-defense</h3>
<div class="sect3">
<h4 id="_fr_classif_classifiees_defense_tres_secret_defense">fr-classif:classifiees-defense="TRES_SECRET_DEFENSE"</h4>
<div class="paragraph">
<p>fr-classif:TRES SECRET DEFENSE</p>
</div>
</div>
<div class="sect3">
<h4 id="_fr_classif_classifiees_defense_secret_defense">fr-classif:classifiees-defense="SECRET_DEFENSE"</h4>
<div class="paragraph">
<p>fr-classif:SECRET DEFENSE</p>
</div>
</div>
<div class="sect3">
<h4 id="_fr_classif_classifiees_defense_confidentiel_defense">fr-classif:classifiees-defense="CONFIDENTIEL_DEFENSE"</h4>
<div class="paragraph">
<p>fr-classif:CONFIDENTIEL DEFENSE</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_non_classifiees_defense">non-classifiees-defense</h3>
<div class="sect3">
<h4 id="_fr_classif_non_classifiees_defense_secret">fr-classif:non-classifiees-defense="SECRET"</h4>
<div class="paragraph">
<p>fr-classif:SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_fr_classif_non_classifiees_defense_confidentiel">fr-classif:non-classifiees-defense="CONFIDENTIEL"</h4>
<div class="paragraph">
<p>fr-classif:CONFIDENTIEL</p>
</div>
</div>
<div class="sect3">
<h4 id="_fr_classif_non_classifiees_defense_diffusion_restreinte">fr-classif:non-classifiees-defense="DIFFUSION_RESTREINTE"</h4>
<div class="paragraph">
<p>fr-classif:DIFFUSION RESTREINTE</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_non_classifiees">non-classifiees</h3>
<div class="sect3">
<h4 id="_fr_classif_non_classifiees_non_classifiees">fr-classif:non-classifiees="NON-CLASSIFIEES"</h4>
<div class="paragraph">
<p>fr-classif:NON CLASSIFIEES</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_admiralty_scale">admiralty-scale</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
admiralty-scale namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/admiralty-scale/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Admiralty Scale (also called the NATO System) is used to rank the reliability of a source and the credibility of an information.</p>
</div>
<div class="sect2">
<h3 id="_source_reliability">source-reliability</h3>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_a">admiralty-scale:source-reliability="a"</h4>
<div class="paragraph">
<p>admiralty-scale:Completely reliable</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_b">admiralty-scale:source-reliability="b"</h4>
<div class="paragraph">
<p>admiralty-scale:Usually reliable</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_c">admiralty-scale:source-reliability="c"</h4>
<div class="paragraph">
<p>admiralty-scale:Fairly reliable</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_d">admiralty-scale:source-reliability="d"</h4>
<div class="paragraph">
<p>admiralty-scale:Not usually reliable</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_e">admiralty-scale:source-reliability="e"</h4>
<div class="paragraph">
<p>admiralty-scale:Unreliable</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_source_reliability_f">admiralty-scale:source-reliability="f"</h4>
<div class="paragraph">
<p>admiralty-scale:Reliability cannot be judged</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_credibility">information-credibility</h3>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_1">admiralty-scale:information-credibility="1"</h4>
<div class="paragraph">
<p>admiralty-scale:Confirmed by other sources</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_2">admiralty-scale:information-credibility="2"</h4>
<div class="paragraph">
<p>admiralty-scale:Probably true</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_3">admiralty-scale:information-credibility="3"</h4>
<div class="paragraph">
<p>admiralty-scale:Possibly true</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_4">admiralty-scale:information-credibility="4"</h4>
<div class="paragraph">
<p>admiralty-scale:Doubtful</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_5">admiralty-scale:information-credibility="5"</h4>
<div class="paragraph">
<p>admiralty-scale:Improbable</p>
</div>
</div>
<div class="sect3">
<h4 id="_admiralty_scale_information_credibility_6">admiralty-scale:information-credibility="6"</h4>
<div class="paragraph">
<p>admiralty-scale:Truth cannot be judged</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ms_caro_malware">ms-caro-malware</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ms-caro-malware namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/ms-caro-malware/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Malware Type and Platform classification based on Microsoft&#8217;s implementation of the Computer Antivirus Research Organization (CARO) Naming Scheme and Malware Terminology. Based on <a href="https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/mmpc/shared/malwarenaming.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/glossary.aspx</a>, <a href="https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx" class="bare">https://www.microsoft.com/security/portal/mmpc/shared/objectivecriteria.aspx</a>, and <a href="http://www.caro.org/definitions/index.html" class="bare">http://www.caro.org/definitions/index.html</a>. Malware families are extracted from Microsoft SIRs since 2008 based on <a href="https://www.microsoft.com/security/sir/archive/default.aspx" class="bare">https://www.microsoft.com/security/sir/archive/default.aspx</a> and <a href="https://www.microsoft.com/en-us/security/portal/threat/threats.aspx" class="bare">https://www.microsoft.com/en-us/security/portal/threat/threats.aspx</a>. Note that SIRs do NOT include all Microsoft malware families.</p>
</div>
<div class="sect2">
<h3 id="_malware_type_2">malware-type</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_adware">ms-caro-malware:malware-type="Adware"</h4>
<div class="paragraph">
<p>ms-caro-malware:Adware - Software that shows you extra promotions that you cannot control as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_backdoor">ms-caro-malware:malware-type="Backdoor"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of trojan that gives a malicious hacker access to and control of your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_behavior">ms-caro-malware:malware-type="Behavior"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of detection based on file actions that are often associated with malicious activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_broswermodifier">ms-caro-malware:malware-type="BroswerModifier"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program than makes changes to your Internet browser without your permission</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_constructor">ms-caro-malware:malware-type="Constructor"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that can be used to automatically create malware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_ddos">ms-caro-malware:malware-type="DDoS"</h4>
<div class="paragraph">
<p>ms-caro-malware:When a number of PCs are made to access a website, network or server repeatedly within a given time period. The aim of the attack is to overload the target so that it crashes and can&#8217;t respond</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_dialer">ms-caro-malware:malware-type="Dialer"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that makes unauthorized telephone calls. These calls may be charged at a premium rate and cost you a lot of money</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_dos">ms-caro-malware:malware-type="DoS"</h4>
<div class="paragraph">
<p>ms-caro-malware:When a target PC or server is deliberately overloaded so that it doesn&#8217;t work for any visitors anymore</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_exploit">ms-caro-malware:malware-type="Exploit"</h4>
<div class="paragraph">
<p>ms-caro-malware:A piece of code that uses software vulnerabilities to access information on your PC or install malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_hacktool">ms-caro-malware:malware-type="HackTool"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of tool that can be used to allow and maintain unauthorized access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_joke">ms-caro-malware:malware-type="Joke"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that pretends to do something malicious but actually doesn&#8217;t actually do anything harmful. For example, some joke programs pretend to delete files or format disks</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_misleading">ms-caro-malware:malware-type="Misleading"</h4>
<div class="paragraph">
<p>ms-caro-malware:The program that makes misleading or fraudulent claims about files, registry entries or other items on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_monitoringtool">ms-caro-malware:malware-type="MonitoringTool"</h4>
<div class="paragraph">
<p>ms-caro-malware:A commercial program that monitors what you do on your PC. This can include monitoring what keys you press; your email or instant messages; your voice or video conversations; and your banking details and passwords. It can also take screenshots as you use your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_program">ms-caro-malware:malware-type="Program"</h4>
<div class="paragraph">
<p>ms-caro-malware:Software that you may or may not want installed on your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_pua">ms-caro-malware:malware-type="PUA"</h4>
<div class="paragraph">
<p>ms-caro-malware:Potentially Unwanted Applications. Characteristics of unwanted software can include depriving users of adequate choice or control over what the software does to the computer, preventing users from removing the software, or displaying advertisements without clearly identifying their source.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_pws">ms-caro-malware:malware-type="PWS"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of malware that is used steal your personal information, such as user names and passwords. It often works along with a keylogger that collects and sends information about what keys you press and websites you visit to a malicious hacker</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_ransom">ms-caro-malware:malware-type="Ransom"</h4>
<div class="paragraph">
<p>ms-caro-malware:A detection for malicious programs that seize control of the computer on which they are installed. This trojan usually locks the screen and prevents the user from using the computer. It usually displays an alert message.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_remoteaccess">ms-caro-malware:malware-type="RemoteAccess"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that gives someone access to your PC from a remote location. This type of program is often installed by the computer owner</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_rogue">ms-caro-malware:malware-type="Rogue"</h4>
<div class="paragraph">
<p>ms-caro-malware:Software that pretends to be an antivirus program but doesn&#8217;t actually provide any security. This type of software usually gives you a lot of alerts about threats on your PC that don&#8217;t exist. It also tries to convince you to pay for its services</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_settingsmodifier">ms-caro-malware:malware-type="SettingsModifier"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that changes your PC settings</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_softwarebundler">ms-caro-malware:malware-type="SoftwareBundler"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that installs unwanted software on your PC at the same time as the software you are trying to install, without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_spammer">ms-caro-malware:malware-type="Spammer"</h4>
<div class="paragraph">
<p>ms-caro-malware:A trojan that sends large numbers of spam emails. It may also describe the person or business responsible for sending spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_spoofer">ms-caro-malware:malware-type="Spoofer"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of trojan that makes fake emails that look like they are from a legitimate source</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_spyware">ms-caro-malware:malware-type="Spyware"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that collects your personal information, such as your browsing history, and uses it without adequate consent</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_tool">ms-caro-malware:malware-type="Tool"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of software that may have a legitimate purpose, but which may also be abused by malware authors</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_trojan">ms-caro-malware:malware-type="Trojan"</h4>
<div class="paragraph">
<p>ms-caro-malware:A trojan is a program that tries to look innocent, but is actually a malicious application. Unlike a virus or a worm , a trojan doesn&#8217;t spread by itself. Instead they try to look innocent to convince you to download and install them. Once installed, a trojan can steal your personal information, download more malware, or give a malicious hacker access to your PC</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_trojanclicker">ms-caro-malware:malware-type="TrojanClicker"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of trojan that can use your PC to click on websites or applications. They are usually used to make money for a malicious hacker by clicking on online advertisements and making it look like the website gets more traffic than it does. They can also be used to skew online polls, install programs on your PC, or make unwanted software appear more popular than it is</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_trojandownloader">ms-caro-malware:malware-type="TrojanDownloader"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_trojandropper">ms-caro-malware:malware-type="TrojanDropper"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of trojan that installs other malicious files, including malware, onto your PC. It can download the files from a remote PC or install them directly from a copy that is included in its file.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_trojannotifier">ms-caro-malware:malware-type="TrojanNotifier"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of trojan that sends information about your PC to a malicious hacker. It is similar to a password stealer</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_trojanproxy">ms-caro-malware:malware-type="TrojanProxy"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of trojan that installs a proxy server on your PC. The server can be configured so that when you use the Internet, any requests you make are sent through a server controlled by a malicious hacker.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_trojanspy">ms-caro-malware:malware-type="TrojanSpy"</h4>
<div class="paragraph">
<p>ms-caro-malware:A program that collects your personal information, such as your browsing history, and uses it without adequate consent.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_virtool">ms-caro-malware:malware-type="VirTool"</h4>
<div class="paragraph">
<p>ms-caro-malware:A detection that is used mostly for malware components, or tools used for malware-related actions, such as rootkits.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_virus">ms-caro-malware:malware-type="Virus"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of malware. Viruses spread on their own by attaching their code to other programs, or copying themselves across systems and networks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_type_worm">ms-caro-malware:malware-type="Worm"</h4>
<div class="paragraph">
<p>ms-caro-malware:A type of malware that spreads to other PCs. Worms may spread using one or more of the following methods: Email programs, Instant messaging programs, File-sharing programs, Social networking sites, Network shares, Removable drives with Autorun enabled, Software vulnerabilities</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malware_platform_2">malware-platform</h3>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_androidos">ms-caro-malware:malware-platform="AndroidOS"</h4>
<div class="paragraph">
<p>ms-caro-malware:Android operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_dos">ms-caro-malware:malware-platform="DOS"</h4>
<div class="paragraph">
<p>ms-caro-malware:MS-DOS platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_epoc">ms-caro-malware:malware-platform="EPOC"</h4>
<div class="paragraph">
<p>ms-caro-malware:Psion devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_freebsd">ms-caro-malware:malware-platform="FreeBSD"</h4>
<div class="paragraph">
<p>ms-caro-malware:FreeBSD platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_iphoneos">ms-caro-malware:malware-platform="iPhoneOS"</h4>
<div class="paragraph">
<p>ms-caro-malware:iPhone operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_linux">ms-caro-malware:malware-platform="Linux"</h4>
<div class="paragraph">
<p>ms-caro-malware:Linux platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_macos">ms-caro-malware:malware-platform="MacOS"</h4>
<div class="paragraph">
<p>ms-caro-malware:MAC 9.x platform or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_macos_x">ms-caro-malware:malware-platform="MacOS_X"</h4>
<div class="paragraph">
<p>ms-caro-malware:MacOS X or later</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_os2">ms-caro-malware:malware-platform="OS2"</h4>
<div class="paragraph">
<p>ms-caro-malware:OS2 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_palm">ms-caro-malware:malware-platform="Palm"</h4>
<div class="paragraph">
<p>ms-caro-malware:Palm operating system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_solaris">ms-caro-malware:malware-platform="Solaris"</h4>
<div class="paragraph">
<p>ms-caro-malware:System V-based Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_sunos">ms-caro-malware:malware-platform="SunOS"</h4>
<div class="paragraph">
<p>ms-caro-malware:Unix platforms 4.1.3 or earlier</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_symbos">ms-caro-malware:malware-platform="SymbOS"</h4>
<div class="paragraph">
<p>ms-caro-malware:Symbian operatings system</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_unix">ms-caro-malware:malware-platform="Unix"</h4>
<div class="paragraph">
<p>ms-caro-malware:General Unix platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_win16">ms-caro-malware:malware-platform="Win16"</h4>
<div class="paragraph">
<p>ms-caro-malware:Win16 (3.1) platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_win2k">ms-caro-malware:malware-platform="Win2K"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows 2000 platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_win32">ms-caro-malware:malware-platform="Win32"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows 32-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_win64">ms-caro-malware:malware-platform="Win64"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows 64-bit platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_win95">ms-caro-malware:malware-platform="Win95"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows 95, 98 and ME platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_win98">ms-caro-malware:malware-platform="Win98"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows 98 platform only</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_wince">ms-caro-malware:malware-platform="WinCE"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows CE platform</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_winnt">ms-caro-malware:malware-platform="WinNT"</h4>
<div class="paragraph">
<p>ms-caro-malware:WinNT</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_abap">ms-caro-malware:malware-platform="ABAP"</h4>
<div class="paragraph">
<p>ms-caro-malware:Advanced Business Application Programming scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_alisp">ms-caro-malware:malware-platform="ALisp"</h4>
<div class="paragraph">
<p>ms-caro-malware:ALisp scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_amipro">ms-caro-malware:malware-platform="AmiPro"</h4>
<div class="paragraph">
<p>ms-caro-malware:AmiPro script</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_ansi">ms-caro-malware:malware-platform="ANSI"</h4>
<div class="paragraph">
<p>ms-caro-malware:American National Standards Institute scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_applescript">ms-caro-malware:malware-platform="AppleScript"</h4>
<div class="paragraph">
<p>ms-caro-malware:compiled Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_asp">ms-caro-malware:malware-platform="ASP"</h4>
<div class="paragraph">
<p>ms-caro-malware:Active Server Pages scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_autoit">ms-caro-malware:malware-platform="AutoIt"</h4>
<div class="paragraph">
<p>ms-caro-malware:AutoIT scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_bas">ms-caro-malware:malware-platform="BAS"</h4>
<div class="paragraph">
<p>ms-caro-malware:Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_bat">ms-caro-malware:malware-platform="BAT"</h4>
<div class="paragraph">
<p>ms-caro-malware:Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_corelscript">ms-caro-malware:malware-platform="CorelScript"</h4>
<div class="paragraph">
<p>ms-caro-malware:Corelscript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_hta">ms-caro-malware:malware-platform="HTA"</h4>
<div class="paragraph">
<p>ms-caro-malware:HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_html">ms-caro-malware:malware-platform="HTML"</h4>
<div class="paragraph">
<p>ms-caro-malware:HTML Application scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_inf">ms-caro-malware:malware-platform="INF"</h4>
<div class="paragraph">
<p>ms-caro-malware:Install scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_irc">ms-caro-malware:malware-platform="IRC"</h4>
<div class="paragraph">
<p>ms-caro-malware:mIRC/pIRC scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_java">ms-caro-malware:malware-platform="Java"</h4>
<div class="paragraph">
<p>ms-caro-malware:Java binaries (classes)</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_js">ms-caro-malware:malware-platform="JS"</h4>
<div class="paragraph">
<p>ms-caro-malware:Javascript scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_logo">ms-caro-malware:malware-platform="LOGO"</h4>
<div class="paragraph">
<p>ms-caro-malware:LOGO scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_mpb">ms-caro-malware:malware-platform="MPB"</h4>
<div class="paragraph">
<p>ms-caro-malware:MapBasic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_msh">ms-caro-malware:malware-platform="MSH"</h4>
<div class="paragraph">
<p>ms-caro-malware:Monad shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_msil">ms-caro-malware:malware-platform="MSIL"</h4>
<div class="paragraph">
<p>ms-caro-malware:.Net intermediate language scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_perl">ms-caro-malware:malware-platform="Perl"</h4>
<div class="paragraph">
<p>ms-caro-malware:Perl scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_php">ms-caro-malware:malware-platform="PHP"</h4>
<div class="paragraph">
<p>ms-caro-malware:Hypertext Preprocessor scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_python">ms-caro-malware:malware-platform="Python"</h4>
<div class="paragraph">
<p>ms-caro-malware:Python scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_sap">ms-caro-malware:malware-platform="SAP"</h4>
<div class="paragraph">
<p>ms-caro-malware:SAP platform scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_sh">ms-caro-malware:malware-platform="SH"</h4>
<div class="paragraph">
<p>ms-caro-malware:Shell scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_vba">ms-caro-malware:malware-platform="VBA"</h4>
<div class="paragraph">
<p>ms-caro-malware:Visual Basic for Applications scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_vbs">ms-caro-malware:malware-platform="VBS"</h4>
<div class="paragraph">
<p>ms-caro-malware:Visual Basic scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_winbat">ms-caro-malware:malware-platform="WinBAT"</h4>
<div class="paragraph">
<p>ms-caro-malware:Winbatch scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_winhlp">ms-caro-malware:malware-platform="WinHlp"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows Help scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_winreg">ms-caro-malware:malware-platform="WinREG"</h4>
<div class="paragraph">
<p>ms-caro-malware:Windows registry scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_a97m">ms-caro-malware:malware-platform="A97M"</h4>
<div class="paragraph">
<p>ms-caro-malware:Access 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_he">ms-caro-malware:malware-platform="HE"</h4>
<div class="paragraph">
<p>ms-caro-malware:macro scripting</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_o97m">ms-caro-malware:malware-platform="O97M"</h4>
<div class="paragraph">
<p>ms-caro-malware:Office 97, 2000, XP, 2003, 2007, and 2010 macros - those that affect Word, Excel, and Powerpoint</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_pp97m">ms-caro-malware:malware-platform="PP97M"</h4>
<div class="paragraph">
<p>ms-caro-malware:PowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_v5m">ms-caro-malware:malware-platform="V5M"</h4>
<div class="paragraph">
<p>ms-caro-malware:Visio5 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_w1m">ms-caro-malware:malware-platform="W1M"</h4>
<div class="paragraph">
<p>ms-caro-malware:Word1Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_w2m">ms-caro-malware:malware-platform="W2M"</h4>
<div class="paragraph">
<p>ms-caro-malware:Word2Macro</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_w97m">ms-caro-malware:malware-platform="W97M"</h4>
<div class="paragraph">
<p>ms-caro-malware:Word 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_wm">ms-caro-malware:malware-platform="WM"</h4>
<div class="paragraph">
<p>ms-caro-malware:Word 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_x97m">ms-caro-malware:malware-platform="X97M"</h4>
<div class="paragraph">
<p>ms-caro-malware:Excel 97, 2000, XP, 2003, 2007, and 2010 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_xf">ms-caro-malware:malware-platform="XF"</h4>
<div class="paragraph">
<p>ms-caro-malware:Excel formulas</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_xm">ms-caro-malware:malware-platform="XM"</h4>
<div class="paragraph">
<p>ms-caro-malware:Excel 95 macros</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_asx">ms-caro-malware:malware-platform="ASX"</h4>
<div class="paragraph">
<p>ms-caro-malware:XML metafile of Windows Media .asf files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_hc">ms-caro-malware:malware-platform="HC"</h4>
<div class="paragraph">
<p>ms-caro-malware:HyperCard Apple scripts</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_mime">ms-caro-malware:malware-platform="MIME"</h4>
<div class="paragraph">
<p>ms-caro-malware:MIME packets</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_netware">ms-caro-malware:malware-platform="Netware"</h4>
<div class="paragraph">
<p>ms-caro-malware:Novell Netware files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_qt">ms-caro-malware:malware-platform="QT"</h4>
<div class="paragraph">
<p>ms-caro-malware:Quicktime files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_sb">ms-caro-malware:malware-platform="SB"</h4>
<div class="paragraph">
<p>ms-caro-malware:StarBasic (Staroffice XML) files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_swf">ms-caro-malware:malware-platform="SWF"</h4>
<div class="paragraph">
<p>ms-caro-malware:Shockwave Flash files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_tsql">ms-caro-malware:malware-platform="TSQL"</h4>
<div class="paragraph">
<p>ms-caro-malware:MS SQL server files</p>
</div>
</div>
<div class="sect3">
<h4 id="_ms_caro_malware_malware_platform_xml">ms-caro-malware:malware-platform="XML"</h4>
<div class="paragraph">
<p>ms-caro-malware:XML files</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_adversary">adversary</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
adversary namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/adversary/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>An overview and description of the adversary infrastructure</p>
</div>
<div class="sect2">
<h3 id="_infrastructure_status">infrastructure-status</h3>
<div class="sect3">
<h4 id="_adversary_infrastructure_status_unknown">adversary:infrastructure-status="unknown"</h4>
<div class="paragraph">
<p>adversary:Infrastructure ownership and status is unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_status_compromised">adversary:infrastructure-status="compromised"</h4>
<div class="paragraph">
<p>adversary:Infrastructure compromised by or in the benefit of the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_status_own_and_operated">adversary:infrastructure-status="own-and-operated"</h4>
<div class="paragraph">
<p>adversary:Infrastructure own and operated by the adversary</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure_type">infrastructure-type</h3>
<div class="sect3">
<h4 id="_adversary_infrastructure_type_unknown">adversary:infrastructure-type="unknown"</h4>
<div class="paragraph">
<p>adversary:Infrastructure usage by the adversary is unknown</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_type_proxy">adversary:infrastructure-type="proxy"</h4>
<div class="paragraph">
<p>adversary:Infrastructure used as proxy between the target and the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_type_drop_zone">adversary:infrastructure-type="drop-zone"</h4>
<div class="paragraph">
<p>adversary:Infrastructure used by the adversary to store information related to his campaigns</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_type_exploit_distribution_point">adversary:infrastructure-type="exploit-distribution-point"</h4>
<div class="paragraph">
<p>adversary:Infrastructure used to distribute exploit towards target(s)</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_type_vpn">adversary:infrastructure-type="vpn"</h4>
<div class="paragraph">
<p>adversary:Infrastructure used by the adversary as Virtual Private Network to hide activities and reduce the traffic analysis surface</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_type_panel">adversary:infrastructure-type="panel"</h4>
<div class="paragraph">
<p>adversary:Panel used by the adversary to control or maintain his infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_type_tds">adversary:infrastructure-type="tds"</h4>
<div class="paragraph">
<p>adversary:Traffic Distribution Systems including exploit delivery or/and web monetization channels</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure_state">infrastructure-state</h3>
<div class="sect3">
<h4 id="_adversary_infrastructure_state_unknown">adversary:infrastructure-state="unknown"</h4>
<div class="paragraph">
<p>adversary:Infrastructure state is unknown or cannot be evaluated</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_state_active">adversary:infrastructure-state="active"</h4>
<div class="paragraph">
<p>adversary:Infrastructure state is active and actively used by the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_state_down">adversary:infrastructure-state="down"</h4>
<div class="paragraph">
<p>adversary:Infrastructure state is known to be down</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure_action">infrastructure-action</h3>
<div class="sect3">
<h4 id="_adversary_infrastructure_action_passive_only">adversary:infrastructure-action="passive-only"</h4>
<div class="paragraph">
<p>adversary:Only passive requests shall be performed to avoid detection by the adversary</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_action_take_down">adversary:infrastructure-action="take-down"</h4>
<div class="paragraph">
<p>adversary:Take down requests can be performed in order to deactivate the adversary infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_action_monitoring_active">adversary:infrastructure-action="monitoring-active"</h4>
<div class="paragraph">
<p>adversary:Monitoring requests are ongoing on the adversary infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_adversary_infrastructure_action_pending_law_enforcement_request">adversary:infrastructure-action="pending-law-enforcement-request"</h4>
<div class="paragraph">
<p>adversary:Law enforcement requests are ongoing on the adversary infrastructure</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dni_ism">dni-ism</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
dni-ism namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/dni-ism/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A subset of Information Security Marking Metadata ISM as required by Executive Order (EO) 13526. As described by DNI.gov as Data Encoding Specifications for Information Security Marking Metadata in Controlled Vocabulary Enumeration Values for ISM</p>
</div>
<div class="sect2">
<h3 id="_classification_all">classification:all</h3>
<div class="sect3">
<h4 id="_dni_ism_classification_all_r">dni-ism:classification:all="R"</h4>
<div class="paragraph">
<p>dni-ism:RESTRICTED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_classification_all_c">dni-ism:classification:all="C"</h4>
<div class="paragraph">
<p>dni-ism:CONFIDENTIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_classification_all_s">dni-ism:classification:all="S"</h4>
<div class="paragraph">
<p>dni-ism:SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_classification_all_ts">dni-ism:classification:all="TS"</h4>
<div class="paragraph">
<p>dni-ism:TOP SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_classification_all_u">dni-ism:classification:all="U"</h4>
<div class="paragraph">
<p>dni-ism:UNCLASSIFIED</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_classification_us">classification:us</h3>
<div class="sect3">
<h4 id="_dni_ism_classification_us_c">dni-ism:classification:us="C"</h4>
<div class="paragraph">
<p>dni-ism:CONFIDENTIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_classification_us_s">dni-ism:classification:us="S"</h4>
<div class="paragraph">
<p>dni-ism:SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_classification_us_ts">dni-ism:classification:us="TS"</h4>
<div class="paragraph">
<p>dni-ism:TOP SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_classification_us_u">dni-ism:classification:us="U"</h4>
<div class="paragraph">
<p>dni-ism:UNCLASSIFIED</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_complies_with">complies:with</h3>
<div class="sect3">
<h4 id="_dni_ism_complies_with_usgov">dni-ism:complies:with="USGov"</h4>
<div class="paragraph">
<p>dni-ism:Document claims compliance with all rules encoded in ISM for documents produced by the US Federal Government. This is the minimum set of rules for US documents to adhere to, and all US documents should claim compliance with USGov.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_complies_with_usic">dni-ism:complies:with="USIC"</h4>
<div class="paragraph">
<p>dni-ism:Document claims compliance with all rules encoded in ISM for documents produced by the US Intelligence Community. Documents that claim compliance with USIC MUST also claim compliance with USGov.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_complies_with_usdod">dni-ism:complies:with="USDOD"</h4>
<div class="paragraph">
<p>dni-ism:Document claims compliance with all rules encoded in ISM for documents produced by the US Department of Defense. Documents that claim compliance with USDOD MUST also claim compliance with USGov.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_complies_with_otherauthority">dni-ism:complies:with="OtherAuthority"</h4>
<div class="paragraph">
<p>dni-ism:Document claims compliance with an authority other than the USGov, USIC, or USDOD.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dissem">dissem</h3>
<div class="sect3">
<h4 id="_dni_ism_dissem_rs">dni-ism:dissem="RS"</h4>
<div class="paragraph">
<p>dni-ism:RISK SENSITIVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_fouo">dni-ism:dissem="FOUO"</h4>
<div class="paragraph">
<p>dni-ism:FOR OFFICIAL USE ONLY</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_oc">dni-ism:dissem="OC"</h4>
<div class="paragraph">
<p>dni-ism:ORIGINATOR CONTROLLED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_oc_usgov">dni-ism:dissem="OC-USGOV"</h4>
<div class="paragraph">
<p>dni-ism:ORIGINATOR CONTROLLED US GOVERNMENT</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_imc">dni-ism:dissem="IMC"</h4>
<div class="paragraph">
<p>dni-ism:CONTROLLED IMAGERY</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_nf">dni-ism:dissem="NF"</h4>
<div class="paragraph">
<p>dni-ism:NOT RELEASABLE TO FOREIGN NATIONALS</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_pr">dni-ism:dissem="PR"</h4>
<div class="paragraph">
<p>dni-ism:CAUTION-PROPRIETARY INFORMATION INVOLVED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_rel">dni-ism:dissem="REL"</h4>
<div class="paragraph">
<p>dni-ism:AUTHORIZED FOR RELEASE TO</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_relido">dni-ism:dissem="RELIDO"</h4>
<div class="paragraph">
<p>dni-ism:RELEASABLE BY INFORMATION DISCLOSURE OFFICIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_dsen">dni-ism:dissem="DSEN"</h4>
<div class="paragraph">
<p>dni-ism:DEA SENSITIVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_fisa">dni-ism:dissem="FISA"</h4>
<div class="paragraph">
<p>dni-ism:FOREIGN INTELLIGENCE SURVEILLANCE ACT</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_dissem_displayonly">dni-ism:dissem="DISPLAYONLY"</h4>
<div class="paragraph">
<p>dni-ism:AUTHORIZED FOR DISPLAY BUT NOT RELEASE TO</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nonic">nonic</h3>
<div class="sect3">
<h4 id="_dni_ism_nonic_nnpi">dni-ism:nonic="NNPI"</h4>
<div class="paragraph">
<p>dni-ism:NAVAL NUCLEAR PROPULSION INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_ds">dni-ism:nonic="DS"</h4>
<div class="paragraph">
<p>dni-ism:LIMITED DISTRIBUTION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_xd">dni-ism:nonic="XD"</h4>
<div class="paragraph">
<p>dni-ism:EXCLUSIVE DISTRIBUTION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_nd">dni-ism:nonic="ND"</h4>
<div class="paragraph">
<p>dni-ism:NO DISTRIBUTION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_sbu">dni-ism:nonic="SBU"</h4>
<div class="paragraph">
<p>dni-ism:SENSITIVE BUT UNCLASSIFIED</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_sbu_nf">dni-ism:nonic="SBU-NF"</h4>
<div class="paragraph">
<p>dni-ism:SENSITIVE BUT UNCLASSIFIED NOFORN</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_les">dni-ism:nonic="LES"</h4>
<div class="paragraph">
<p>dni-ism:LAW ENFORCEMENT SENSITIVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_les_nf">dni-ism:nonic="LES-NF"</h4>
<div class="paragraph">
<p>dni-ism:LAW ENFORCEMENT SENSITIVE NOFORN</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonic_ssi">dni-ism:nonic="SSI"</h4>
<div class="paragraph">
<p>dni-ism:SENSITIVE SECURITY INFORMATION</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nonuscontrols">nonuscontrols</h3>
<div class="sect3">
<h4 id="_dni_ism_nonuscontrols_atomal">dni-ism:nonuscontrols="ATOMAL"</h4>
<div class="paragraph">
<p>dni-ism:NATO Atomal mark</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonuscontrols_bohemia">dni-ism:nonuscontrols="BOHEMIA"</h4>
<div class="paragraph">
<p>dni-ism:NATO Bohemia mark</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_nonuscontrols_balk">dni-ism:nonuscontrols="BALK"</h4>
<div class="paragraph">
<p>dni-ism:NATO Balk mark</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_notice">notice</h3>
<div class="sect3">
<h4 id="_dni_ism_notice_fisa">dni-ism:notice="FISA"</h4>
<div class="paragraph">
<p>dni-ism:FISA Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_imc">dni-ism:notice="IMC"</h4>
<div class="paragraph">
<p>dni-ism:IMCON Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_cnwdi">dni-ism:notice="CNWDI"</h4>
<div class="paragraph">
<p>dni-ism:Controled Nuclear Weapon Design Information Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_rd">dni-ism:notice="RD"</h4>
<div class="paragraph">
<p>dni-ism:RD Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_frd">dni-ism:notice="FRD"</h4>
<div class="paragraph">
<p>dni-ism:FRD Warning statement</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_ds">dni-ism:notice="DS"</h4>
<div class="paragraph">
<p>dni-ism:LIMDIS caveat</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_les">dni-ism:notice="LES"</h4>
<div class="paragraph">
<p>dni-ism:LES Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_les_nf">dni-ism:notice="LES-NF"</h4>
<div class="paragraph">
<p>dni-ism:LES-NF Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dsen">dni-ism:notice="DSEN"</h4>
<div class="paragraph">
<p>dni-ism:DSEN Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dod_dist_a">dni-ism:notice="DoD-Dist-A"</h4>
<div class="paragraph">
<p>dni-ism:DoD Distribution statement A from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dod_dist_b">dni-ism:notice="DoD-Dist-B"</h4>
<div class="paragraph">
<p>dni-ism:DoD Distribution statement B from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dod_dist_c">dni-ism:notice="DoD-Dist-C"</h4>
<div class="paragraph">
<p>dni-ism:DoD Distribution statement C from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dod_dist_d">dni-ism:notice="DoD-Dist-D"</h4>
<div class="paragraph">
<p>dni-ism:DoD Distribution statement D from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dod_dist_e">dni-ism:notice="DoD-Dist-E"</h4>
<div class="paragraph">
<p>dni-ism:DoD Distribution statement E from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dod_dist_f">dni-ism:notice="DoD-Dist-F"</h4>
<div class="paragraph">
<p>dni-ism:DoD Distribution statement F from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_dod_dist_x">dni-ism:notice="DoD-Dist-X"</h4>
<div class="paragraph">
<p>dni-ism:DoD Distribution statement X from DoD Directive 5230.24</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_us_person">dni-ism:notice="US-Person"</h4>
<div class="paragraph">
<p>dni-ism:US Person info Notice</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_pre13526orcon">dni-ism:notice="pre13526ORCON"</h4>
<div class="paragraph">
<p>dni-ism:Indicates that an instance document must abide by rules pertaining to ORIGINATOR CONTROLLED data issued prior to Executive Order 13526.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_poc">dni-ism:notice="POC"</h4>
<div class="paragraph">
<p>dni-ism:Indicates that the contents of this notice specify the contact information for a required point-of-contact.</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_notice_comsec">dni-ism:notice="COMSEC"</h4>
<div class="paragraph">
<p>dni-ism:COMSEC Notice</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_scicontrols">scicontrols</h3>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_el">dni-ism:scicontrols="EL"</h4>
<div class="paragraph">
<p>dni-ism:ENDSEAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_el_eu">dni-ism:scicontrols="EL-EU"</h4>
<div class="paragraph">
<p>dni-ism:ECRU</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_el_nk">dni-ism:scicontrols="EL-NK"</h4>
<div class="paragraph">
<p>dni-ism:NONBOOK</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_hcs">dni-ism:scicontrols="HCS"</h4>
<div class="paragraph">
<p>dni-ism:HCS</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_hcs_o">dni-ism:scicontrols="HCS-O"</h4>
<div class="paragraph">
<p>dni-ism:HCS-O</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_hcs_p">dni-ism:scicontrols="HCS-P"</h4>
<div class="paragraph">
<p>dni-ism:HCS-P</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_kdk">dni-ism:scicontrols="KDK"</h4>
<div class="paragraph">
<p>dni-ism:KLONDIKE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_kdk_blfh">dni-ism:scicontrols="KDK-BLFH"</h4>
<div class="paragraph">
<p>dni-ism:KDK BLUEFISH</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_kdk_idit">dni-ism:scicontrols="KDK-IDIT"</h4>
<div class="paragraph">
<p>dni-ism:KDK IDITAROD</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_kdk_kand">dni-ism:scicontrols="KDK-KAND"</h4>
<div class="paragraph">
<p>dni-ism:KDK KANDIK</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_rsv">dni-ism:scicontrols="RSV"</h4>
<div class="paragraph">
<p>dni-ism:RESERVE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_si">dni-ism:scicontrols="SI"</h4>
<div class="paragraph">
<p>dni-ism:SPECIAL INTELLIGENCE</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_si_g">dni-ism:scicontrols="SI-G"</h4>
<div class="paragraph">
<p>dni-ism:SI-GAMMA</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_scicontrols_tk">dni-ism:scicontrols="TK"</h4>
<div class="paragraph">
<p>dni-ism:TALENT KEYHOLE</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_atomicenergymarkings">atomicenergymarkings</h3>
<div class="sect3">
<h4 id="_dni_ism_atomicenergymarkings_rd">dni-ism:atomicenergymarkings="RD"</h4>
<div class="paragraph">
<p>dni-ism:RESTRICTED DATA</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_atomicenergymarkings_rd_cnwdi">dni-ism:atomicenergymarkings="RD-CNWDI"</h4>
<div class="paragraph">
<p>dni-ism:RD-CRITICAL NUCLEAR WEAPON DESIGN INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_atomicenergymarkings_frd">dni-ism:atomicenergymarkings="FRD"</h4>
<div class="paragraph">
<p>dni-ism:FORMERLY RESTRICTED DATA</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_atomicenergymarkings_dcni">dni-ism:atomicenergymarkings="DCNI"</h4>
<div class="paragraph">
<p>dni-ism:DoD CONTROLLED NUCLEAR INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_atomicenergymarkings_ucni">dni-ism:atomicenergymarkings="UCNI"</h4>
<div class="paragraph">
<p>dni-ism:DoE CONTROLLED NUCLEAR INFORMATION</p>
</div>
</div>
<div class="sect3">
<h4 id="_dni_ism_atomicenergymarkings_tfni">dni-ism:atomicenergymarkings="TFNI"</h4>
<div class="paragraph">
<p>dni-ism:TRANSCLASSIFIED FOREIGN NUCLEAR INFORMATION</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_osint">osint</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
osint namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/osint/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Open Source Intelligence - Classification (MISP taxonomies)</p>
</div>
<div class="sect2">
<h3 id="_source_type">source-type</h3>
<div class="sect3">
<h4 id="_osint_source_type_blog_post">osint:source-type="blog-post"</h4>
<div class="paragraph">
<p>osint:Blog post</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_source_type_technical_report">osint:source-type="technical-report"</h4>
<div class="paragraph">
<p>osint:Technical or analysis report</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_source_type_news_report">osint:source-type="news-report"</h4>
<div class="paragraph">
<p>osint:News report</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_source_type_pastie_website">osint:source-type="pastie-website"</h4>
<div class="paragraph">
<p>osint:Pastie-like website</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_source_type_electronic_forum">osint:source-type="electronic-forum"</h4>
<div class="paragraph">
<p>osint:Electronic forum</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_source_type_mailing_list">osint:source-type="mailing-list"</h4>
<div class="paragraph">
<p>osint:Mailing-list</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_source_type_block_or_filter_list">osint:source-type="block-or-filter-list"</h4>
<div class="paragraph">
<p>osint:Block or Filter List</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_source_type_expansion">osint:source-type="expansion"</h4>
<div class="paragraph">
<p>osint:Expansion</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_lifetime">lifetime</h3>
<div class="sect3">
<h4 id="_osint_lifetime_perpetual">osint:lifetime="perpetual"</h4>
<div class="paragraph">
<p>osint:Perpetual</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_lifetime_ephemeral">osint:lifetime="ephemeral"</h4>
<div class="paragraph">
<p>osint:Ephemeral</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_certainty">certainty</h3>
<div class="sect3">
<h4 id="_osint_certainty_100">osint:certainty="100"</h4>
<div class="paragraph">
<p>osint:100% Certainty</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_93">osint:certainty="93"</h4>
<div class="paragraph">
<p>osint:93% Almost certain</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_75">osint:certainty="75"</h4>
<div class="paragraph">
<p>osint:75% Probable</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_50">osint:certainty="50"</h4>
<div class="paragraph">
<p>osint:50% Chances about even</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_30">osint:certainty="30"</h4>
<div class="paragraph">
<p>osint:30% Probably not</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_7">osint:certainty="7"</h4>
<div class="paragraph">
<p>osint:7% Almost certainly not</p>
</div>
</div>
<div class="sect3">
<h4 id="_osint_certainty_0">osint:certainty="0"</h4>
<div class="paragraph">
<p>osint:0% Impossibility</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_domain_abuse">domain-abuse</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
domain-abuse namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/domain-abuse/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Domain Name Abuse - taxonomy to tag domain names used for cybercrime. Use europol-incident to tag abuse-activity</p>
</div>
<div class="sect2">
<h3 id="_domain_access_method">domain-access-method</h3>
<div class="sect3">
<h4 id="_domain_abuse_domain_access_method_criminal_registration">domain-abuse:domain-access-method="criminal-registration"</h4>
<div class="paragraph">
<p>domain-abuse:Criminal registration</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_access_method_compromised_webserver">domain-abuse:domain-access-method="compromised-webserver"</h4>
<div class="paragraph">
<p>domain-abuse:Compromised webserver</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_access_method_compromised_dns">domain-abuse:domain-access-method="compromised-dns"</h4>
<div class="paragraph">
<p>domain-abuse:Compromised DNS</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_access_method_sinkhole">domain-abuse:domain-access-method="sinkhole"</h4>
<div class="paragraph">
<p>domain-abuse:Sinkhole</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_domain_status">domain-status</h3>
<div class="sect3">
<h4 id="_domain_abuse_domain_status_active">domain-abuse:domain-status="active"</h4>
<div class="paragraph">
<p>domain-abuse:Registered &amp; active</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_status_inactive">domain-abuse:domain-status="inactive"</h4>
<div class="paragraph">
<p>domain-abuse:Registered &amp; inactive</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_status_suspended">domain-abuse:domain-status="suspended"</h4>
<div class="paragraph">
<p>domain-abuse:Registered &amp; suspended</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_status_not_registered">domain-abuse:domain-status="not-registered"</h4>
<div class="paragraph">
<p>domain-abuse:Not registered</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_status_not_registrable">domain-abuse:domain-status="not-registrable"</h4>
<div class="paragraph">
<p>domain-abuse:Not registrable</p>
</div>
</div>
<div class="sect3">
<h4 id="_domain_abuse_domain_status_grace_period">domain-abuse:domain-status="grace-period"</h4>
<div class="paragraph">
<p>domain-abuse:Grace period</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_iep">iep</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
iep namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/iep/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Forum of Incident Response and Security Teams (FIRST) Information Exchange Policy (IEP) framework</p>
</div>
<div class="sect2">
<h3 id="_id">id</h3>
<div class="sect3">
<h4 id="_iep_id_text">iep:id="$text"</h4>
<div class="paragraph">
<p>iep:An id value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_version">version</h3>
<div class="sect3">
<h4 id="_iep_version_text">iep:version="$text"</h4>
<div class="paragraph">
<p>iep:A version value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_name">name</h3>
<div class="sect3">
<h4 id="_iep_name_text">iep:name="$text"</h4>
<div class="paragraph">
<p>iep:A name value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_start_date">start-date</h3>
<div class="sect3">
<h4 id="_iep_start_date_text">iep:start-date="$text"</h4>
<div class="paragraph">
<p>iep:A start-date value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_end_date">end-date</h3>
<div class="sect3">
<h4 id="_iep_end_date_text">iep:end-date="$text"</h4>
<div class="paragraph">
<p>iep:An end-date value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_reference">reference</h3>
<div class="sect3">
<h4 id="_iep_reference_text">iep:reference="$text"</h4>
<div class="paragraph">
<p>iep:A reference value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_commercial_use">commercial-use</h3>
<div class="sect3">
<h4 id="_iep_commercial_use_may">iep:commercial-use="MAY"</h4>
<div class="paragraph">
<p>iep:Recipients MAY use this information in commercial products or services.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_commercial_use_must_not">iep:commercial-use="MUST NOT"</h4>
<div class="paragraph">
<p>iep:Recipients MUST NOT use this information in commercial products or services.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_external_reference">external-reference</h3>
<div class="sect3">
<h4 id="_iep_external_reference_text">iep:external-reference="$text"</h4>
<div class="paragraph">
<p>iep:An external-reference value is required</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_encrypt_in_transit">encrypt-in-transit</h3>
<div class="sect3">
<h4 id="_iep_encrypt_in_transit_must">iep:encrypt-in-transit="MUST"</h4>
<div class="paragraph">
<p>iep:Recipients MUST encrypt the information received when it is retransmitted or redistributed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_encrypt_in_transit_may">iep:encrypt-in-transit="MAY"</h4>
<div class="paragraph">
<p>iep:Recipients MAY encrypt the information received when it is retransmitted or redistributed.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_encrypt_at_rest">encrypt-at-rest</h3>
<div class="sect3">
<h4 id="_iep_encrypt_at_rest_must">iep:encrypt-at-rest="MUST"</h4>
<div class="paragraph">
<p>iep:Recipients MUST encrypt the information received when it is stored at rest.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_encrypt_at_rest_may">iep:encrypt-at-rest="MAY"</h4>
<div class="paragraph">
<p>iep:Recipients MAY encrypt the information received when it is stored at rest.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_permitted_actions">permitted-actions</h3>
<div class="sect3">
<h4 id="_iep_permitted_actions_none">iep:permitted-actions="NONE"</h4>
<div class="paragraph">
<p>iep:Recipients MUST contact the Providers before acting upon the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_permitted_actions_contact_for_instruction">iep:permitted-actions="CONTACT FOR INSTRUCTION"</h4>
<div class="paragraph">
<p>iep:Recipients MUST contact the Providers before acting upon the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_permitted_actions_internally_visible_actions">iep:permitted-actions="INTERNALLY VISIBLE ACTIONS"</h4>
<div class="paragraph">
<p>iep:Recipients MAY conduct actions on the information received that are only visible on the Recipients internal networks and systems, and MUST NOT conduct actions that are visible outside of the Recipients networks and systems, or visible to third parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_permitted_actions_externally_visible_indirect_actions">iep:permitted-actions="EXTERNALLY VISIBLE INDIRECT ACTIONS"</h4>
<div class="paragraph">
<p>iep:Recipients MAY conduct indirect, or passive, actions on the information received that are externally visible and MUST NOT conduct direct, or active, actions.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_permitted_actions_externally_visible_direct_actions">iep:permitted-actions="EXTERNALLY VISIBLE DIRECT ACTIONS"</h4>
<div class="paragraph">
<p>iep:Recipients MAY conduct direct, or active, actions on the information received that are externally visible.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_affected_party_notifications">affected-party-notifications</h3>
<div class="sect3">
<h4 id="_iep_affected_party_notifications_may">iep:affected-party-notifications="MAY"</h4>
<div class="paragraph">
<p>iep:Recipients MAY notify affected parties of a potential compromise or threat.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_affected_party_notifications_must_not">iep:affected-party-notifications="MUST NOT"</h4>
<div class="paragraph">
<p>iep:Recipients MUST NOT notify affected parties of potential compromise or threat.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_traffic_light_protocol">traffic-light-protocol</h3>
<div class="sect3">
<h4 id="_iep_traffic_light_protocol_red">iep:traffic-light-protocol="RED"</h4>
<div class="paragraph">
<p>iep:Personal for identified recipients only.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_traffic_light_protocol_amber">iep:traffic-light-protocol="AMBER"</h4>
<div class="paragraph">
<p>iep:Limited sharing on the basis of need-to-know.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_traffic_light_protocol_green">iep:traffic-light-protocol="GREEN"</h4>
<div class="paragraph">
<p>iep:Community wide sharing.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_traffic_light_protocol_white">iep:traffic-light-protocol="WHITE"</h4>
<div class="paragraph">
<p>iep:Unlimited sharing.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_provider_attribution">provider-attribution</h3>
<div class="sect3">
<h4 id="_iep_provider_attribution_may">iep:provider-attribution="MAY"</h4>
<div class="paragraph">
<p>iep:Recipients MAY attribute the Provider when redistributing the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_provider_attribution_must">iep:provider-attribution="MUST"</h4>
<div class="paragraph">
<p>iep:Recipients MUST attribute the Provider when redistributing the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_provider_attribution_must_not">iep:provider-attribution="MUST NOT"</h4>
<div class="paragraph">
<p>iep:Recipients MUST NOT attribute the Provider when redistributing the information received.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_obfuscate_affected_parties">obfuscate-affected-parties</h3>
<div class="sect3">
<h4 id="_iep_obfuscate_affected_parties_may">iep:obfuscate-affected-parties="MAY"</h4>
<div class="paragraph">
<p>iep:Recipients MAY obfuscate information about the specific affected parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_obfuscate_affected_parties_must">iep:obfuscate-affected-parties="MUST"</h4>
<div class="paragraph">
<p>iep:Recipients MUST obfuscate information about the specific affected parties.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_obfuscate_affected_parties_must_not">iep:obfuscate-affected-parties="MUST NOT"</h4>
<div class="paragraph">
<p>iep:Recipients MUST NOT obfuscate information about the specific affected parties.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unmodified_resale">unmodified-resale</h3>
<div class="sect3">
<h4 id="_iep_unmodified_resale_may">iep:unmodified-resale="MAY"</h4>
<div class="paragraph">
<p>iep:Recipients MAY resell the information received.</p>
</div>
</div>
<div class="sect3">
<h4 id="_iep_unmodified_resale_must_not">iep:unmodified-resale="MUST NOT"</h4>
<div class="paragraph">
<p>iep:Recipients MUST NOT resell the information received unmodified or in a semantically equivalent format.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_stealth_malware">stealth_malware</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
stealth_malware namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/stealth_malware/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification based on malware stealth techniques. Described in <a href="https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf" class="bare">https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_type">type</h3>
<div class="sect3">
<h4 id="_stealth_malware_type_0">stealth_malware:type="0"</h4>
<div class="paragraph">
<p>stealth_malware:No OS or system compromise. The malware runs as a normal user process using only official API calls.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_i">stealth_malware:type="I"</h4>
<div class="paragraph">
<p>stealth_malware:The malware modifies constant sections of the kernel and/or processes such as code sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_ii">stealth_malware:type="II"</h4>
<div class="paragraph">
<p>stealth_malware:The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_iii">stealth_malware:type="III"</h4>
<div class="paragraph">
<p>stealth_malware:The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_stealth_malware_2">stealth_malware</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
stealth_malware namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/stealth_malware/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Classification based on malware stealth techniques. Described in <a href="https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf" class="bare">https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_type_2">type</h3>
<div class="sect3">
<h4 id="_stealth_malware_type_0_2">stealth_malware:type="0"</h4>
<div class="paragraph">
<p>stealth_malware:No OS or system compromise. The malware runs as a normal user process using only official API calls.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_i_2">stealth_malware:type="I"</h4>
<div class="paragraph">
<p>stealth_malware:The malware modifies constant sections of the kernel and/or processes such as code sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_ii_2">stealth_malware:type="II"</h4>
<div class="paragraph">
<p>stealth_malware:The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.</p>
</div>
</div>
<div class="sect3">
<h4 id="_stealth_malware_type_iii_2">stealth_malware:type="III"</h4>
<div class="paragraph">
<p>stealth_malware:The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_open_threat">open_threat</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
open_threat namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/open_threat/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Open Threat Taxonomy v1.1 base on James Tarala of SANS <a href="http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf" class="bare">http://www.auditscripts.com/resources/open_threat_taxonomy_v1.1a.pdf</a>, <a href="https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Using-Open-Tools-to-Convert-Threat-Intelligence-into-Practical-Defenses-James-Tarala-SANS-Institute.pdf" class="bare">https://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Using-Open-Tools-to-Convert-Threat-Intelligence-into-Practical-Defenses-James-Tarala-SANS-Institute.pdf</a>, <a href="https://www.youtube.com/watch?v=5rdGOOFC_yE" class="bare">https://www.youtube.com/watch?v=5rdGOOFC_yE</a>, and <a href="https://www.rsaconference.com/writable/presentations/file_upload/str-r04_using-an-open-source-threat-model-for-prioritized-defense-final.pdf" class="bare">https://www.rsaconference.com/writable/presentations/file_upload/str-r04_using-an-open-source-threat-model-for-prioritized-defense-final.pdf</a></p>
</div>
<div class="sect2">
<h3 id="_threat_category">threat-category</h3>
<div class="sect3">
<h4 id="_open_threat_threat_category_physical">open_threat:threat-category="Physical"</h4>
<div class="paragraph">
<p>open_threat:Threats to the confidentiality, integrity, or availability of information systems that are physical in nature. These threats generally describe actions that could lead to the theft, harm, or destruction of information systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_category_resource">open_threat:threat-category="Resource"</h4>
<div class="paragraph">
<p>open_threat:Threats to the confidentiality, integrity, or availability of information systems that are the result of a lack of resources required by the information system. These threats often cause failures of information systems through a disruption of resources required for operations.</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_category_personal">open_threat:threat-category="Personal"</h4>
<div class="paragraph">
<p>open_threat:Threats to the confidentiality, integrity, or availability of information systems that are the result of failures or actions performed by an organizations personnel. These threats can be the result of deliberate or accidental actions that cause harm to information systems.</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_category_technical">open_threat:threat-category="Technical"</h4>
<div class="paragraph">
<p>open_threat:Threats to the confidentiality, integrity, or availability of information systems that are technical in nature. These threats are most often considered when identifying threats and constitute the technical actions performed by a threat actor that can cause harm to an information system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_threat_name">threat-name</h3>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_001">open_threat:threat-name="PHY-001"</h4>
<div class="paragraph">
<p>open_threat:Loss of Property - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_002">open_threat:threat-name="PHY-002"</h4>
<div class="paragraph">
<p>open_threat:Theft of Property - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_003">open_threat:threat-name="PHY-003"</h4>
<div class="paragraph">
<p>open_threat:Accidental Destruction of Property - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_004">open_threat:threat-name="PHY-004"</h4>
<div class="paragraph">
<p>open_threat:Natural Destruction of Property - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_005">open_threat:threat-name="PHY-005"</h4>
<div class="paragraph">
<p>open_threat:Intentional Destruction of Property - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_006">open_threat:threat-name="PHY-006"</h4>
<div class="paragraph">
<p>open_threat:Intentional Sabotage of Property - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_007">open_threat:threat-name="PHY-007"</h4>
<div class="paragraph">
<p>open_threat:Intentional Vandalism of Property - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_008">open_threat:threat-name="PHY-008"</h4>
<div class="paragraph">
<p>open_threat:Electrical System Failure - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_009">open_threat:threat-name="PHY-009"</h4>
<div class="paragraph">
<p>open_threat:Heating, Ventilation, Air Conditioning (HVAC) Failure - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_010">open_threat:threat-name="PHY-010"</h4>
<div class="paragraph">
<p>open_threat:Structural Facility Failure - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_011">open_threat:threat-name="PHY-011"</h4>
<div class="paragraph">
<p>open_threat:Water Distribution System Failure - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_012">open_threat:threat-name="PHY-012"</h4>
<div class="paragraph">
<p>open_threat:Sanitation System Failure - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_013">open_threat:threat-name="PHY-013"</h4>
<div class="paragraph">
<p>open_threat:Natural Gas Distribution Failure - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_phy_014">open_threat:threat-name="PHY-014"</h4>
<div class="paragraph">
<p>open_threat:Electronic Media Failure - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_001">open_threat:threat-name="RES-001"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Water Resources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_002">open_threat:threat-name="RES-002"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Fuel Resources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_003">open_threat:threat-name="RES-003"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Materials Resources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_004">open_threat:threat-name="RES-004"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Electrical Resources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_005">open_threat:threat-name="RES-005"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Transportation Services - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_006">open_threat:threat-name="RES-006"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Communications Services - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_007">open_threat:threat-name="RES-007"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Emergency Services - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_008">open_threat:threat-name="RES-008"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Governmental Services - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_009">open_threat:threat-name="RES-009"</h4>
<div class="paragraph">
<p>open_threat:Supplier Viability - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_010">open_threat:threat-name="RES-010"</h4>
<div class="paragraph">
<p>open_threat:Supplier Supply Chain Failure - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_011">open_threat:threat-name="RES-011"</h4>
<div class="paragraph">
<p>open_threat:Logistics Provider Failures - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_012">open_threat:threat-name="RES-012"</h4>
<div class="paragraph">
<p>open_threat:Logistics Route Disruptions - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_res_013">open_threat:threat-name="RES-013"</h4>
<div class="paragraph">
<p>open_threat:Technology Services Manipulation - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_per_001">open_threat:threat-name="PER-001"</h4>
<div class="paragraph">
<p>open_threat:Personnel Labor / Skills Shortage - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_per_002">open_threat:threat-name="PER-002"</h4>
<div class="paragraph">
<p>open_threat:Loss of Personnel Resources - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_per_003">open_threat:threat-name="PER-003"</h4>
<div class="paragraph">
<p>open_threat:Disruption of Personnel Resources - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_per_004">open_threat:threat-name="PER-004"</h4>
<div class="paragraph">
<p>open_threat:Social Engineering of Personnel Resources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_per_005">open_threat:threat-name="PER-005"</h4>
<div class="paragraph">
<p>open_threat:Negligent Personnel Resources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_per_006">open_threat:threat-name="PER-006"</h4>
<div class="paragraph">
<p>open_threat:Personnel Mistakes / Errors - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_per_007">open_threat:threat-name="PER-007"</h4>
<div class="paragraph">
<p>open_threat:Personnel Inaction - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_001">open_threat:threat-name="TEC-001"</h4>
<div class="paragraph">
<p>open_threat:Organizational Fingerprinting via Open Sources - Rating:</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_002">open_threat:threat-name="TEC-002"</h4>
<div class="paragraph">
<p>open_threat:System Fingerprinting via Open Sources - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_003">open_threat:threat-name="TEC-003"</h4>
<div class="paragraph">
<p>open_threat:System Fingerprinting via Scanning - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_004">open_threat:threat-name="TEC-004"</h4>
<div class="paragraph">
<p>open_threat:System Fingerprinting via Sniffing - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_005">open_threat:threat-name="TEC-005"</h4>
<div class="paragraph">
<p>open_threat:Credential Discovery via Open Sources - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_006">open_threat:threat-name="TEC-006"</h4>
<div class="paragraph">
<p>open_threat:Credential Discovery via Scanning - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_007">open_threat:threat-name="TEC-007"</h4>
<div class="paragraph">
<p>open_threat:Credential Discovery via Sniffing - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_008">open_threat:threat-name="TEC-008"</h4>
<div class="paragraph">
<p>open_threat:Credential Discovery via Brute Force - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_009">open_threat:threat-name="TEC-009"</h4>
<div class="paragraph">
<p>open_threat:Credential Discovery via Cracking - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_010">open_threat:threat-name="TEC-010"</h4>
<div class="paragraph">
<p>open_threat:Credential Discovery via Guessing - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_011">open_threat:threat-name="TEC-011"</h4>
<div class="paragraph">
<p>open_threat:Credential Discovery via Pre-Computational Attacks - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_012">open_threat:threat-name="TEC-012"</h4>
<div class="paragraph">
<p>open_threat:Misuse of System Credentials - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_013">open_threat:threat-name="TEC-013"</h4>
<div class="paragraph">
<p>open_threat:Escalation of Privilege - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_014">open_threat:threat-name="TEC-014"</h4>
<div class="paragraph">
<p>open_threat:Abuse of System Privileges - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_015">open_threat:threat-name="TEC-015"</h4>
<div class="paragraph">
<p>open_threat:Memory Manipulation - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_016">open_threat:threat-name="TEC-016"</h4>
<div class="paragraph">
<p>open_threat:Cache Poisoning - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_017">open_threat:threat-name="TEC-017"</h4>
<div class="paragraph">
<p>open_threat:Physical Manipulation of Technical Device - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_018">open_threat:threat-name="TEC-018"</h4>
<div class="paragraph">
<p>open_threat:Manipulation of Trusted System - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_019">open_threat:threat-name="TEC-019"</h4>
<div class="paragraph">
<p>open_threat:Cryptanalysis - Rating: 1.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_020">open_threat:threat-name="TEC-020"</h4>
<div class="paragraph">
<p>open_threat:Data Leakage / Theft - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_021">open_threat:threat-name="TEC-021"</h4>
<div class="paragraph">
<p>open_threat:Denial of Service - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_022">open_threat:threat-name="TEC-022"</h4>
<div class="paragraph">
<p>open_threat:Maintaining System Persistence - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_023">open_threat:threat-name="TEC-023"</h4>
<div class="paragraph">
<p>open_threat:Manipulation of Data in Transit / Use - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_024">open_threat:threat-name="TEC-024"</h4>
<div class="paragraph">
<p>open_threat:Capture of Data in Transit / Use via Sniffing - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_025">open_threat:threat-name="TEC-025"</h4>
<div class="paragraph">
<p>open_threat:Capture of Data in Transit / Use via Debugging - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_026">open_threat:threat-name="TEC-026"</h4>
<div class="paragraph">
<p>open_threat:Capture of Data in Transit / Use via Keystroke Logging - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_027">open_threat:threat-name="TEC-027"</h4>
<div class="paragraph">
<p>open_threat:Replay of Data in Transit / Use - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_028">open_threat:threat-name="TEC-028"</h4>
<div class="paragraph">
<p>open_threat:Misdelivery of Data - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_029">open_threat:threat-name="TEC-029"</h4>
<div class="paragraph">
<p>open_threat:Capture of Stored Data - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_030">open_threat:threat-name="TEC-030"</h4>
<div class="paragraph">
<p>open_threat:Manipulation of Stored Data - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_031">open_threat:threat-name="TEC-031"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Input Manipulation - Rating: 5.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_032">open_threat:threat-name="TEC-032"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Parameter Injection - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_033">open_threat:threat-name="TEC-033"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Code Injection - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_034">open_threat:threat-name="TEC-034"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Command Injection - Rating: 4.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_035">open_threat:threat-name="TEC-035"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Path Traversal - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_036">open_threat:threat-name="TEC-036"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via API Abuse - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_037">open_threat:threat-name="TEC-037"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Fuzzing - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_038">open_threat:threat-name="TEC-038"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Reverse Engineering - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_039">open_threat:threat-name="TEC-039"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Resource Location Guessing - Rating: 2.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_040">open_threat:threat-name="TEC-040"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Source Code Manipulation - Rating: 3.0</p>
</div>
</div>
<div class="sect3">
<h4 id="_open_threat_threat_name_tec_041">open_threat:threat-name="TEC-041"</h4>
<div class="paragraph">
<p>open_threat:Application Exploitation via Authentication Bypass - Rating: 2.0</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_targeted_threat_index">targeted-threat-index</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
targeted-threat-index namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/targeted-threat-index/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victims computer. The TTI metric was first introduced at SecTor 2013 by Seth Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” along with Katie Kleemola and Greg Wiseman.</p>
</div>
<div class="sect2">
<h3 id="_targeting_sophistication_base_value">targeting-sophistication-base-value</h3>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_not_targeted">targeted-threat-index:targeting-sophistication-base-value="not-targeted"</h4>
<div class="paragraph">
<p>targeted-threat-index:Not targeted, e.g. spam or financially motivated malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_but_not_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-but-not-customized"</h4>
<div class="paragraph">
<p>targeted-threat-index:Targeted but not customized. Sent with a message that is obviously false with little to no validation required.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_poorly_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-poorly-customized"</h4>
<div class="paragraph">
<p>targeted-threat-index:Targeted and poorly customized. Content is generally relevant to the target. May look questionable.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-customized"</h4>
<div class="paragraph">
<p>targeted-threat-index:Targeted and customized. May use a real person/organization or content to convince the target the message is legitimate. Content is specifically relevant to the target and looks legitimate.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_well_customized">targeted-threat-index:targeting-sophistication-base-value="targeted-and-well-customized"</h4>
<div class="paragraph">
<p>targeted-threat-index:Targeted and well-customized. Uses a real person/organization and content to convince the target the message is legitimate. Probably directly addressing the recipient. Content is specifically relevant to the target, looks legitimate, and can be externally referenced (e.g. by a website). May be sent from a hacked account.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_targeting_sophistication_base_value_targeted_and_highly_customized_using_sensitive_data">targeted-threat-index:targeting-sophistication-base-value="targeted-and-highly-customized-using-sensitive-data"</h4>
<div class="paragraph">
<p>targeted-threat-index:Targeted and highly customized using sensitive data. Individually targeted and customized, likely using inside/sensitive information that is directly relevant to the target.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_technical_sophistication_multiplier">technical-sophistication-multiplier</h3>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_no_code_protection">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-no code-protection"</h4>
<div class="paragraph">
<p>targeted-threat-index:The sample contains no code protection such as packing, obfuscation (e.g. simple rotation of C2 names or other interesting strings), or anti-reversing tricks.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_a_simple_method_of_protection">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-a-simple-method-of-protection"</h4>
<div class="paragraph">
<p>targeted-threat-index:The sample contains a simple method of protection, such as one of the following: code protection using publicly available tools where the reverse method is available, such as UPX packing; simple anti-reversing techniques such as not using import tables, or a call to IsDebuggerPresent(); self-disabling in the presence of AV software.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_multiple_minor_code_protection_techniques">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-multiple-minor-code-protection-techniques"</h4>
<div class="paragraph">
<p>targeted-threat-index:The sample contains multiple minor code protection techniques (anti-reversing tricks, packing, VM / reversing tools detection) that require some low-level knowledge. This level includes malware where code that contains the core functionality of the program is decrypted only in memory.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_minor_code_protection_techniques_plus_one_advanced">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-minor-code-protection-techniques-plus-one-advanced"</h4>
<div class="paragraph">
<p>targeted-threat-index:The sample contains minor code protection techniques along with at least one advanced protection method such as rootkit functionality or a custom virtualized packer.</p>
</div>
</div>
<div class="sect3">
<h4 id="_targeted_threat_index_technical_sophistication_multiplier_the_sample_contains_multiple_advanced_protection_techniques">targeted-threat-index:technical-sophistication-multiplier="the-sample-contains-multiple-advanced-protection-techniques"</h4>
<div class="paragraph">
<p>targeted-threat-index:The sample contains multiple advanced protection techniques, e.g. rootkit capability, virtualized packer, multiple anti-reversing techniques, and is clearly designed by a professional software engineering team.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_rt_event_status">rt_event_status</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
rt_event_status namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/rt_event_status/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Status of events used in Request Tracker.</p>
</div>
<div class="sect2">
<h3 id="_event_status">event-status</h3>
<div class="sect3">
<h4 id="_rt_event_status_event_status_new">rt_event_status:event-status="new"</h4>
<div class="paragraph">
<p>rt_event_status:New</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_status_event_status_open">rt_event_status:event-status="open"</h4>
<div class="paragraph">
<p>rt_event_status:Open</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_status_event_status_stalled">rt_event_status:event-status="stalled"</h4>
<div class="paragraph">
<p>rt_event_status:Stalled</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_status_event_status_rejected">rt_event_status:event-status="rejected"</h4>
<div class="paragraph">
<p>rt_event_status:rejected</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_status_event_status_resolved">rt_event_status:event-status="resolved"</h4>
<div class="paragraph">
<p>rt_event_status:Resolved</p>
</div>
</div>
<div class="sect3">
<h4 id="_rt_event_status_event_status_deleted">rt_event_status:event-status="deleted"</h4>
<div class="paragraph">
<p>rt_event_status:Deleted</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_europol_incident">europol-incident</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
europol-incident namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/europol-incident/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>This taxonomy was designed to describe the type of incidents by class.</p>
</div>
<div class="sect2">
<h3 id="_malware">malware</h3>
<div class="sect3">
<h4 id="_europol_incident_malware_infection">europol-incident:malware="infection"</h4>
<div class="paragraph">
<p>europol-incident:Infection</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_malware_distribution">europol-incident:malware="distribution"</h4>
<div class="paragraph">
<p>europol-incident:Distribution</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_malware_c_c">europol-incident:malware="c&amp;c"</h4>
<div class="paragraph">
<p>europol-incident:C&amp;C</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_malware_undetermined">europol-incident:malware="undetermined"</h4>
<div class="paragraph">
<p>europol-incident:Undetermined</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability">availability</h3>
<div class="sect3">
<h4 id="_europol_incident_availability_dos_ddos">europol-incident:availability="dos-ddos"</h4>
<div class="paragraph">
<p>europol-incident:DoS/DDoS</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_availability_sabotage">europol-incident:availability="sabotage"</h4>
<div class="paragraph">
<p>europol-incident:Sabotage</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering">information-gathering</h3>
<div class="sect3">
<h4 id="_europol_incident_information_gathering_scanning">europol-incident:information-gathering="scanning"</h4>
<div class="paragraph">
<p>europol-incident:Scanning</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_information_gathering_sniffing">europol-incident:information-gathering="sniffing"</h4>
<div class="paragraph">
<p>europol-incident:Sniffing</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_information_gathering_phishing">europol-incident:information-gathering="phishing"</h4>
<div class="paragraph">
<p>europol-incident:Phishing</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempt">intrusion-attempt</h3>
<div class="sect3">
<h4 id="_europol_incident_intrusion_attempt_exploitation_vulnerability">europol-incident:intrusion-attempt="exploitation-vulnerability"</h4>
<div class="paragraph">
<p>europol-incident:Exploitation of vulnerability</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_intrusion_attempt_login_attempt">europol-incident:intrusion-attempt="login-attempt"</h4>
<div class="paragraph">
<p>europol-incident:Login attempt</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion">intrusion</h3>
<div class="sect3">
<h4 id="_europol_incident_intrusion_exploitation_vulnerability">europol-incident:intrusion="exploitation-vulnerability"</h4>
<div class="paragraph">
<p>europol-incident:Exploitation of vulnerability</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_intrusion_compromising_account">europol-incident:intrusion="compromising-account"</h4>
<div class="paragraph">
<p>europol-incident:Compromising an account</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_security">information-security</h3>
<div class="sect3">
<h4 id="_europol_incident_information_security_unauthorized_access">europol-incident:information-security="unauthorized-access"</h4>
<div class="paragraph">
<p>europol-incident:Unauthorised access</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_information_security_unauthorized_modification">europol-incident:information-security="unauthorized-modification"</h4>
<div class="paragraph">
<p>europol-incident:Unauthorised modification/deletion</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud">fraud</h3>
<div class="sect3">
<h4 id="_europol_incident_fraud_illegitimate_use_resources">europol-incident:fraud="illegitimate-use-resources"</h4>
<div class="paragraph">
<p>europol-incident:Misuse or unauthorised use of resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_fraud_illegitimate_use_name">europol-incident:fraud="illegitimate-use-name"</h4>
<div class="paragraph">
<p>europol-incident:Illegitimate use of the name of a third party</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_abusive_content">abusive-content</h3>
<div class="sect3">
<h4 id="_europol_incident_abusive_content_spam">europol-incident:abusive-content="spam"</h4>
<div class="paragraph">
<p>europol-incident:SPAM</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_abusive_content_copyright">europol-incident:abusive-content="copyright"</h4>
<div class="paragraph">
<p>europol-incident:Copyright</p>
</div>
</div>
<div class="sect3">
<h4 id="_europol_incident_abusive_content_content_forbidden_by_law">europol-incident:abusive-content="content-forbidden-by-law"</h4>
<div class="paragraph">
<p>europol-incident:Dissemination of content forbidden by law.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other">other</h3>
<div class="sect3">
<h4 id="_europol_incident_other_other">europol-incident:other="other"</h4>
<div class="paragraph">
<p>europol-incident:Other</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_diamond_model">diamond-model</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
diamond-model namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/diamond-model/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Diamond Model for Intrusion Analysis, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.</p>
</div>
<div class="sect2">
<h3 id="_adversary_2">Adversary</h3>
<div class="sect3">
<h4 id="_diamond_model_adversary">diamond-model:Adversary</h4>
<div class="paragraph">
<p>diamond-model:An adversary is the actor/organization responsible for utilizing a capability against the victim to achieve their intent.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_capability">Capability</h3>
<div class="sect3">
<h4 id="_diamond_model_capability">diamond-model:Capability</h4>
<div class="paragraph">
<p>diamond-model:The capability describes the tools and/or techniques of the adversary used in the event. It includes all means to affect the victim from the most manual “unsophisticated” methods (e.g., manual password guessing) to the most sophisticated automated techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_infrastructure">Infrastructure</h3>
<div class="sect3">
<h4 id="_diamond_model_infrastructure">diamond-model:Infrastructure</h4>
<div class="paragraph">
<p>diamond-model:The infrastructure feature describes the physical and/or logical communication structures the adversary uses to deliver a capability, maintain control of capabilities (e.g., commandand-control/C2), and effect results from the victim (e.g., exfiltrate data). As with the other features, the infrastructure can be as specific or broad as necessary. Examples include: Internet Protocol (IP) addresses, domain names, e-mail addresses, Morse code flashes from a phones voice-mail light watched from across a street, USB devices found in a parking lot and inserted into a workstation, or the compromising emanations from hardware (e.g., Van Eck Phreaking) being collected by a nearby listening post.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_victim">Victim</h3>
<div class="sect3">
<h4 id="_diamond_model_victim">diamond-model:Victim</h4>
<div class="paragraph">
<p>diamond-model:A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis..</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_euci">euci</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
euci namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/euci/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>EU classified information (EUCI) means any information or material designated by a EU security classification, the unauthorised disclosure of which could cause varying degrees of prejudice to the interests of the European Union or of one or more of the Member States.</p>
</div>
<div class="sect2">
<h3 id="_ts_ue_eu_ts">TS-UE/EU-TS</h3>
<div class="sect3">
<h4 id="_euci_ts_ue_eu_ts">euci:TS-UE/EU-TS</h4>
<div class="paragraph">
<p>euci:TRES SECRET UE/EU TOP SECRET</p>
</div>
<div class="paragraph">
<p>euci:Information and material the unauthorised disclosure of which could cause exceptionally grave prejudice to the essential interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_s_ue_eu_s">S-UE/EU-S</h3>
<div class="sect3">
<h4 id="_euci_s_ue_eu_s">euci:S-UE/EU-S</h4>
<div class="paragraph">
<p>euci:SECRET UE/EU SECRET</p>
</div>
<div class="paragraph">
<p>euci:Information and material the unauthorised disclosure of which could seriously harm the essential interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_c_ue_eu_c">C-UE/EU-C</h3>
<div class="sect3">
<h4 id="_euci_c_ue_eu_c">euci:C-UE/EU-C</h4>
<div class="paragraph">
<p>euci:CONFIDENTIEL UE/EU CONFIDENTIAL</p>
</div>
<div class="paragraph">
<p>euci:Information and material the unauthorised disclosure of which could harm the essential interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_r_ue_eu_r">R-UE/EU-R</h3>
<div class="sect3">
<h4 id="_euci_r_ue_eu_r">euci:R-UE/EU-R</h4>
<div class="paragraph">
<p>euci:RESTREINT UE/EU RESTRICTED</p>
</div>
<div class="paragraph">
<p>euci:Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_misp">misp</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
misp namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>MISP taxonomy to infer with MISP behavior or operation.</p>
</div>
<div class="sect2">
<h3 id="_ui">ui</h3>
<div class="sect3">
<h4 id="_misp_ui_hide">misp:ui="hide"</h4>
<div class="paragraph">
<p>misp:tag to hide from the user-interface.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_api">api</h3>
<div class="sect3">
<h4 id="_misp_api_hide">misp:api="hide"</h4>
<div class="paragraph">
<p>misp:tag to hide from the API.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_contributor">contributor</h3>
<div class="sect3">
<h4 id="_misp_contributor_pgpfingerprint">misp:contributor="pgpfingerprint"</h4>
<div class="paragraph">
<p>misp:OpenPGP Fingerprint</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_confidence_level">confidence-level</h3>
<div class="sect3">
<h4 id="_misp_confidence_level_completely_confident">misp:confidence-level="completely-confident"</h4>
<div class="paragraph">
<p>misp:Completely confident</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_usually_confident">misp:confidence-level="usually-confident"</h4>
<div class="paragraph">
<p>misp:Usually confident</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_fairly_confident">misp:confidence-level="fairly-confident"</h4>
<div class="paragraph">
<p>misp:Fairly confident</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_rarely_confident">misp:confidence-level="rarely-confident"</h4>
<div class="paragraph">
<p>misp:Rarely confident</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_unconfident">misp:confidence-level="unconfident"</h4>
<div class="paragraph">
<p>misp:Unconfident</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_confidence_level_confidence_cannot_be_evalued">misp:confidence-level="confidence-cannot-be-evalued"</h4>
<div class="paragraph">
<p>misp:Confidence cannot be evaluated</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_threat_level">threat-level</h3>
<div class="sect3">
<h4 id="_misp_threat_level_no_risk">misp:threat-level="no-risk"</h4>
<div class="paragraph">
<p>misp:No risk</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_threat_level_low_risk">misp:threat-level="low-risk"</h4>
<div class="paragraph">
<p>misp:Low risk</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_threat_level_medium_risk">misp:threat-level="medium-risk"</h4>
<div class="paragraph">
<p>misp:Medium risk</p>
</div>
</div>
<div class="sect3">
<h4 id="_misp_threat_level_high_risk">misp:threat-level="high-risk"</h4>
<div class="paragraph">
<p>misp:High risk</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_should_not_sync">should-not-sync</h3>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_nato">nato</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
nato namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/nato/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>NATO classification markings.</p>
</div>
<div class="sect2">
<h3 id="_classification">classification</h3>
<div class="sect3">
<h4 id="_nato_classification_cts">nato:classification="CTS"</h4>
<div class="paragraph">
<p>nato:COSMIC TOP SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_cts_b">nato:classification="CTS-B"</h4>
<div class="paragraph">
<p>nato:COSMIC TOP SECRET BOHEMIA</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_ns">nato:classification="NS"</h4>
<div class="paragraph">
<p>nato:NATO SECRET</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_nc">nato:classification="NC"</h4>
<div class="paragraph">
<p>nato:NATO CONFIDENTIAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_nr">nato:classification="NR"</h4>
<div class="paragraph">
<p>nato:NATO RESTRICTED</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_nu">nato:classification="NU"</h4>
<div class="paragraph">
<p>nato:NATO UNCLASSIFIED</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_cts_a">nato:classification="CTS-A"</h4>
<div class="paragraph">
<p>nato:COSMIC TOP SECRET ATOMAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_ns_a">nato:classification="NS-A"</h4>
<div class="paragraph">
<p>nato:SECRET ATOMAL</p>
</div>
</div>
<div class="sect3">
<h4 id="_nato_classification_nc_a">nato:classification="NC-A"</h4>
<div class="paragraph">
<p>nato:CONFIDENTIAL ATOMAL</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_eu_marketop_and_publicadmin">eu-marketop-and-publicadmin</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
eu-marketop-and-publicadmin namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/eu-marketop-and-publicadmin/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Market operators and public administrations that must comply to some notifications requirements under EU NIS directive</p>
</div>
<div class="sect2">
<h3 id="_critical_infra_operators">critical-infra-operators</h3>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_critical_infra_operators_transport">eu-marketop-and-publicadmin:critical-infra-operators="transport"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:Transport</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_critical_infra_operators_energy">eu-marketop-and-publicadmin:critical-infra-operators="energy"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:Energy</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_critical_infra_operators_health">eu-marketop-and-publicadmin:critical-infra-operators="health"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:Health</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_critical_infra_operators_financial">eu-marketop-and-publicadmin:critical-infra-operators="financial"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:Financial market operators</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_critical_infra_operators_banking">eu-marketop-and-publicadmin:critical-infra-operators="banking"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:Banking</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_info_services">info-services</h3>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_info_services_e_commerce">eu-marketop-and-publicadmin:info-services="e-commerce"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:e-commerce platforms</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_info_services_internet_payment">eu-marketop-and-publicadmin:info-services="internet-payment"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:Internet payment</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_info_services_cloud">eu-marketop-and-publicadmin:info-services="cloud"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:cloud computing</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_info_services_search_engines">eu-marketop-and-publicadmin:info-services="search-engines"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:search engines</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_info_services_socnet">eu-marketop-and-publicadmin:info-services="socnet"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:social networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_info_services_app_stores">eu-marketop-and-publicadmin:info-services="app-stores"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:application stores</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_public_admin">public-admin</h3>
<div class="sect3">
<h4 id="_eu_marketop_and_publicadmin_public_admin_public_admin">eu-marketop-and-publicadmin:public-admin="public-admin"</h4>
<div class="paragraph">
<p>eu-marketop-and-publicadmin:Public Administrations</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_de_vs">de-vs</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
de-vs namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/de-vs/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>German (DE) Government classification markings (VS).</p>
</div>
<div class="sect2">
<h3 id="_einstufung">Einstufung</h3>
<div class="sect3">
<h4 id="_de_vs_einstufung_streng_geheim">de-vs:Einstufung="STRENG GEHEIM"</h4>
<div class="paragraph">
<p>de-vs:STRENG GEHEIM</p>
</div>
</div>
<div class="sect3">
<h4 id="_de_vs_einstufung_geheim">de-vs:Einstufung="GEHEIM"</h4>
<div class="paragraph">
<p>de-vs:GEHEIM</p>
</div>
</div>
<div class="sect3">
<h4 id="_de_vs_einstufung_vs_vertraulich">de-vs:Einstufung="VS-VERTRAULICH"</h4>
<div class="paragraph">
<p>de-vs:VS-VERTRAULICH</p>
</div>
</div>
<div class="sect3">
<h4 id="_de_vs_einstufung_vs_nfd">de-vs:Einstufung="VS-NfD"</h4>
<div class="paragraph">
<p>de-vs:VS-NUR FÜR DEN DIENSTGEBRAUCH</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_schutzwort">Schutzwort</h3>
<div class="sect3">
<h4 id="_de_vs_schutzwort_dummy">de-vs:Schutzwort="Dummy"</h4>
<div class="paragraph">
<p>de-vs:Dummy</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dhs_ciip_sectors">dhs-ciip-sectors</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
dhs-ciip-sectors namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/dhs-ciip-sectors/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>DHS critical sectors as in <a href="https://www.dhs.gov/critical-infrastructure-sectors" class="bare">https://www.dhs.gov/critical-infrastructure-sectors</a></p>
</div>
<div class="sect2">
<h3 id="_dhs_critical_sectors">DHS-critical-sectors</h3>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_chemical">dhs-ciip-sectors:DHS-critical-sectors="chemical"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Chemical</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_commercial_facilities">dhs-ciip-sectors:DHS-critical-sectors="commercial-facilities"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Commercial Facilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_communications">dhs-ciip-sectors:DHS-critical-sectors="communications"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Communications</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_critical_manufacturing">dhs-ciip-sectors:DHS-critical-sectors="critical-manufacturing"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Critical Manufacturing</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_dams">dhs-ciip-sectors:DHS-critical-sectors="dams"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Dams</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_dib">dhs-ciip-sectors:DHS-critical-sectors="dib"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Defense Industrial Base</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_emergency_services">dhs-ciip-sectors:DHS-critical-sectors="emergency-services"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Emergency services</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_energy">dhs-ciip-sectors:DHS-critical-sectors="energy"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:energy</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_financial_services">dhs-ciip-sectors:DHS-critical-sectors="financial-services"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Financial Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_food_agriculture">dhs-ciip-sectors:DHS-critical-sectors="food-agriculture"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Food and Agriculture</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_government_facilities">dhs-ciip-sectors:DHS-critical-sectors="government-facilities"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Government Facilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_healthcare_public">dhs-ciip-sectors:DHS-critical-sectors="healthcare-public"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Healthcare and Public Health</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_it">dhs-ciip-sectors:DHS-critical-sectors="it"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Information Technology</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_nuclear">dhs-ciip-sectors:DHS-critical-sectors="nuclear"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Nuclear</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_transport">dhs-ciip-sectors:DHS-critical-sectors="transport"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Transportation Systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_dhs_ciip_sectors_dhs_critical_sectors_water">dhs-ciip-sectors:DHS-critical-sectors="water"</h4>
<div class="paragraph">
<p>dhs-ciip-sectors:Water and water systems</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sector">sector</h3>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_information_security_indicators">information-security-indicators</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
information-security-indicators namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/information-security-indicators/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A full set of operational indicators for organizations to use to benchmark their security posture.</p>
</div>
<div class="sect2">
<h3 id="_iex">IEX</h3>
<div class="sect3">
<h4 id="_information_security_indicators_iex_fgy_1">information-security-indicators:IEX="FGY.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Forged domain or brand names impersonating or imitating legitimate and genuine names</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_fgy_2">information-security-indicators:IEX="FGY.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Wholly or partly forged websites (excluding parking pages) spoiling company&#8217;s image or business</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_spm_1">information-security-indicators:IEX="SPM.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Not requested received bulk messages (spam) targeting organization&#8217;s registered users</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_phi_1">information-security-indicators:IEX="PHI.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Phishing targeting company&#8217;s customers' workstations spoiling company&#8217;s image or business</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_phi_2">information-security-indicators:IEX="PHI.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Spear phishing or whaling carried out using social engineering and targeting organization&#8217;s specific registered users</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_int_1">information-security-indicators:IEX="INT.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Intrusion attempts on externally accessible servers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_int_2">information-security-indicators:IEX="INT.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Intrusion on externally accessible servers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_int_3">information-security-indicators:IEX="INT.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Intrusions on internal servers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_dfc_1">information-security-indicators:IEX="DFC.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Obvious and visible websites defacements</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_mis_1">information-security-indicators:IEX="MIS.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Servers resources misappropriation by external attackers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_dos_1">information-security-indicators:IEX="DOS.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Denial of service attacks on websites</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_mlw_1">information-security-indicators:IEX="MLW.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Attempts to install malware on workstations</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_mlw_2">information-security-indicators:IEX="MLW.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Attempts to install malware on servers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_mlw_3">information-security-indicators:IEX="MLW.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Malware installed on workstations</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_mlw_4">information-security-indicators:IEX="MLW.4"</h4>
<div class="paragraph">
<p>information-security-indicators:Malware installed on internal servers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iex_phy_1">information-security-indicators:IEX="PHY.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Human intrusion into the organization&#8217;s perimeter</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_imf">IMF</h3>
<div class="sect3">
<h4 id="_information_security_indicators_imf_bre_1">information-security-indicators:IMF="BRE.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Workstations accidental breakdowns or malfunctions</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_bre_2">information-security-indicators:IMF="BRE.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Servers accidental breakdowns or malfunctions</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_bre_3">information-security-indicators:IMF="BRE.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Mainframes accidental breakdowns or malfunctions</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_bre_4">information-security-indicators:IMF="BRE.4"</h4>
<div class="paragraph">
<p>information-security-indicators:Networks accidental breakdowns or malfunctions</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_mdl_1">information-security-indicators:IMF="MDL.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Delivery of email to wrong recipient</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_lom_1">information-security-indicators:IMF="LOM.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Loss (or theft) of mobile devices belonging to the organization</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_log_1">information-security-indicators:IMF="LOG.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Downtime or malfunction of the log production function with possible legal impact</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_log_2">information-security-indicators:IMF="LOG.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Absence of possible tracking of the person involved in a security event with possible legal impact</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imf_log_3">information-security-indicators:IMF="LOG.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Downtime or malfunction of the log production function for recordings with evidential value for access to or handling of information that, at this level, is subject to law or regulatory requirements</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_idb">IDB</h3>
<div class="sect3">
<h4 id="_information_security_indicators_idb_uid_1">information-security-indicators:IDB="UID.1"</h4>
<div class="paragraph">
<p>information-security-indicators:User impersonation</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_rgh_1">information-security-indicators:IDB="RGH.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Privilege escalation by exploitation of software or configuration vulnerability on an externally accessible server</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_rgh_2">information-security-indicators:IDB="RGH.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Privilege escalation on a server or central application by social engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_rgh_3">information-security-indicators:IDB="RGH.3"</h4>
<div class="paragraph">
<p>information-security-indicators: Use on a server or central application of administrator rights illicitly granted by an administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_rgh_4">information-security-indicators:IDB="RGH.4"</h4>
<div class="paragraph">
<p>information-security-indicators:Use on a server or central application of time-limited granted rights after the planned period</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_rgh_5">information-security-indicators:IDB="RGH.5"</h4>
<div class="paragraph">
<p>information-security-indicators:Abuse of privileges by an administrator on a server or central application</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_rgh_6">information-security-indicators:IDB="RGH.6"</h4>
<div class="paragraph">
<p>information-security-indicators:Abuse of privileges by an operator or a plain user on a server or central application</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_rgh_7">information-security-indicators:IDB="RGH.7"</h4>
<div class="paragraph">
<p>information-security-indicators:Illicit use on a server or central application of rights not removed after departure or position change within the organization</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_mis_1">information-security-indicators:IDB="MIS.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Server resources misappropriation by an internal source</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_iac_1">information-security-indicators:IDB="IAC.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Access to hacking Website</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_idb_log_1">information-security-indicators:IDB="LOG.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Deactivating of logs recording by an administrator</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_iwh">IWH</h3>
<div class="sect3">
<h4 id="_information_security_indicators_iwh_vnp_1">information-security-indicators:IWH="VNP.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Exploitation of a software vulnerability without available patch</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iwh_vnp_2">information-security-indicators:IWH="VNP.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Exploitation of a non-patched software vulnerability</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iwh_vnp_3">information-security-indicators:IWH="VNP.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Exploitation of a poorly-patched software vulnerability</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iwh_vcn_1">information-security-indicators:IWH="VCN.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Exploitation of a configuration flaw</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iwh_ukn_1">information-security-indicators:IWH="UKN.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Not categorized security incidents</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_iwh_una_1">information-security-indicators:IWH="UNA.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Security incidents on non-inventoried and/or not managed assets</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vbh">VBH</h3>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_prc_1">information-security-indicators:VBH="PRC.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Server accessed by an administrator with unsecure protocols</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_prc_2">information-security-indicators:VBH="PRC.2"</h4>
<div class="paragraph">
<p>information-security-indicators:P2P client in a workstation</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_prc_3">information-security-indicators:VBH="PRC.3"</h4>
<div class="paragraph">
<p>information-security-indicators:VoIP clients in a workstation</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_prc_4">information-security-indicators:VBH="PRC.4"</h4>
<div class="paragraph">
<p>information-security-indicators:Outbound connection dangerously set up</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_prc_5">information-security-indicators:VBH="PRC.5"</h4>
<div class="paragraph">
<p>information-security-indicators:Not compliant laptop computer used to establish a connection</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_prc_6">information-security-indicators:VBH="PRC.6"</h4>
<div class="paragraph">
<p>information-security-indicators:Other unsecure protocols used</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_iac_1">information-security-indicators:VBH="IAC.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Outbound controls bypassed to access Internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_iac_2">information-security-indicators:VBH="IAC.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Anonymization site used to access Internet</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_ftr_1">information-security-indicators:VBH="FTR.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Files recklessly downloaded</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_ftr_2">information-security-indicators:VBH="FTR.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Personal public instant messaging account used for business file exchanges</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_ftr_3">information-security-indicators:VBH="FTR.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Personal public messaging account used for business file exchanges</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_wti_1">information-security-indicators:VBH="WTI.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Workstations accessed in administrator mode</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_wti_2">information-security-indicators:VBH="WTI.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Personal storage devices used</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_wti_3">information-security-indicators:VBH="WTI.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Personal devices used without compartmentalization (BYOD)</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_wti_4">information-security-indicators:VBH="WTI.4"</h4>
<div class="paragraph">
<p>information-security-indicators:Not encrypted sensitive files exported</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_wti_5">information-security-indicators:VBH="WTI.5"</h4>
<div class="paragraph">
<p>information-security-indicators:Personal software used</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_wti_6">information-security-indicators:VBH="WTI.6"</h4>
<div class="paragraph">
<p>information-security-indicators:Mailbox or Internet access with admin mode</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_psw_1">information-security-indicators:VBH="PSW.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Weak passwords used</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_psw_2">information-security-indicators:VBH="PSW.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Passwords not changed</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_psw_3">information-security-indicators:VBH="PSW.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Administrator passwords not changed</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_rgh_1">information-security-indicators:VBH="RGH.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Not compliant user rights granted illicitly by an administrator</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_huw_1">information-security-indicators:VBH="HUW.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Human weakness exploited by a spear phishing message meant to entice or appeal to do something possibly harmful to the organization</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vbh_huw_2">information-security-indicators:VBH="HUW.2"</h4>
<div class="paragraph">
<p>information-security-indicators: Human weakness exploited by exchanges meant to entice or appeal to tell some secrets to be used later</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vsw">VSW</h3>
<div class="sect3">
<h4 id="_information_security_indicators_vsw_wsr_1">information-security-indicators:VSW="WSR.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Web applications software vulnerabilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vsw_osw_1">information-security-indicators:VSW="OSW.1"</h4>
<div class="paragraph">
<p>information-security-indicators:OS software vulnerabilities regarding servers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vsw_wbr_1">information-security-indicators:VSW="WBR.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Web browsers software vulnerabilities</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vcf">VCF</h3>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_dis_1">information-security-indicators:VCF="DIS.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Dangerous or illicit services on externally accessible servers</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_log_1">information-security-indicators:VCF="LOG.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Insufficient size of the space allocated for logs</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_fwr_1">information-security-indicators:VCF="FWR.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Weak firewall filtering rules</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_wti_1">information-security-indicators:VCF="WTI.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Workstation wrongly configured</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_wti_2">information-security-indicators:VCF="WTI.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Autorun feature enabled on workstations</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_uac_1">information-security-indicators:VCF="UAC.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Access rights configuration not compliant with the security policy</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_uac_2">information-security-indicators:VCF="UAC.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Not compliant access rights on logs</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_uac_3">information-security-indicators:VCF="UAC.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Generic and shared administrator accounts</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_uac_4">information-security-indicators:VCF="UAC.4"</h4>
<div class="paragraph">
<p>information-security-indicators:Accounts without owners</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vcf_uac_5">information-security-indicators:VCF="UAC.5"</h4>
<div class="paragraph">
<p>information-security-indicators:Inactive accounts</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vtc">VTC</h3>
<div class="sect3">
<h4 id="_information_security_indicators_vtc_bkp_1">information-security-indicators:VTC="BKP.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Malfunction of server-hosted sensitive data safeguards</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vtc_ids_1">information-security-indicators:VTC="IDS.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Full unavailability of IDS/IPS</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vtc_wfi_1">information-security-indicators:VTC="WFI.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Wi-Fi devices installed on the network without any official authorization</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vtc_rap_1">information-security-indicators:VTC="RAP.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Remote access points used to gain unauthorized access</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vtc_nrg_1">information-security-indicators:VTC="NRG.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Devices or servers connected to the organization&#8217;s network without being registered and managed</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vtc_phy_1">information-security-indicators:VTC="PHY.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Not operational physical access control means</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vor">VOR</h3>
<div class="sect3">
<h4 id="_information_security_indicators_vor_dsc_1">information-security-indicators:VOR="DSC.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Discovery of attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_vnp_1">information-security-indicators:VOR="VNP.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Excessive time of window of risk exposure</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_vnp_2">information-security-indicators:VOR="VNP.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Rate of not patched systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_vnr_1">information-security-indicators:VOR="VNR.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Rate of not reconfigured systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_rct_1">information-security-indicators:VOR="RCT.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Reaction plans launched without experience feedback</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_rct_2">information-security-indicators:VOR="RCT.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Reaction plans unsuccessfully launched</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_prt_1">information-security-indicators:VOR="PRT.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Launch of new IT projects without information classification</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_prt_2">information-security-indicators:VOR="PRT.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Launch of new specific IT projects without risk analysis</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_vor_prt_3">information-security-indicators:VOR="PRT.3"</h4>
<div class="paragraph">
<p>information-security-indicators: Launch of new IT projects of a standard type without identification of vulnerabilities and threats</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_imp">IMP</h3>
<div class="sect3">
<h4 id="_information_security_indicators_imp_cos_1">information-security-indicators:IMP="COS.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Average cost to tackle a critical security incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imp_tim_1">information-security-indicators:IMP="TIM.1"</h4>
<div class="paragraph">
<p>information-security-indicators:Average time of Websites downtime due to whole security incidents</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imp_tim_2">information-security-indicators:IMP="TIM.2"</h4>
<div class="paragraph">
<p>information-security-indicators:Average time of Websites downtime due to successful malicious attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_information_security_indicators_imp_tim_3">information-security-indicators:IMP="TIM.3"</h4>
<div class="paragraph">
<p>information-security-indicators:Average time of Websites downtime due to malfunctions or unintentional security incidents</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_europol_event">europol-event</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
europol-event namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/europol-event/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>This taxonomy was designed to describe the type of events</p>
</div>
<div class="sect2">
<h3 id="_infected_by_known_malware">infected-by-known-malware</h3>
<div class="sect3">
<h4 id="_europol_event_infected_by_known_malware">europol-event:infected-by-known-malware</h4>
<div class="paragraph">
<p>europol-event:System(s) infected by known malware</p>
</div>
<div class="paragraph">
<p>europol-event:The presence of any of the types of malware was detected in a system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dissemination_malware_email">dissemination-malware-email</h3>
<div class="sect3">
<h4 id="_europol_event_dissemination_malware_email">europol-event:dissemination-malware-email</h4>
<div class="paragraph">
<p>europol-event:Dissemination of malware by email</p>
</div>
<div class="paragraph">
<p>europol-event:Malware attached to a message or email message containing link to malicious URL.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_hosting_malware_webpage">hosting-malware-webpage</h3>
<div class="sect3">
<h4 id="_europol_event_hosting_malware_webpage">europol-event:hosting-malware-webpage</h4>
<div class="paragraph">
<p>europol-event:Hosting of malware on web page</p>
</div>
<div class="paragraph">
<p>europol-event: Web page disseminating one or various types of malware.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_c_c_server_hosting">c&amp;c-server-hosting</h3>
<div class="sect3">
<h4 id="_europol_event_c_c_server_hosting">europol-event:c&amp;c-server-hosting</h4>
<div class="paragraph">
<p>europol-event:Hosting of malware on web page</p>
</div>
<div class="paragraph">
<p>europol-event:Web page disseminating one or various types of malware.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_worm_spreading">worm-spreading</h3>
<div class="sect3">
<h4 id="_europol_event_worm_spreading">europol-event:worm-spreading</h4>
<div class="paragraph">
<p>europol-event:Replication and spreading of a worm</p>
</div>
<div class="paragraph">
<p>europol-event:System infected by a worm trying to infect other systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_connection_malware_port">connection-malware-port</h3>
<div class="sect3">
<h4 id="_europol_event_connection_malware_port">europol-event:connection-malware-port</h4>
<div class="paragraph">
<p>europol-event:Connection to (a) suspicious port(s) linked to specific malware</p>
</div>
<div class="paragraph">
<p>europol-event:System attempting to gain access to a port normally linked to a specific type of malware.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_connection_malware_system">connection-malware-system</h3>
<div class="sect3">
<h4 id="_europol_event_connection_malware_system">europol-event:connection-malware-system</h4>
<div class="paragraph">
<p>europol-event:Connection to (a) suspicious system(s) linked to specific malware</p>
</div>
<div class="paragraph">
<p>europol-event:System attempting to gain access to an IP address or URL normally linked to a specific type of malware, e.g. C&amp;C or a distribution page for components linked to a specific botnet.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_flood">flood</h3>
<div class="sect3">
<h4 id="_europol_event_flood">europol-event:flood</h4>
<div class="paragraph">
<p>europol-event:Flood of requests</p>
</div>
<div class="paragraph">
<p>europol-event:Mass mailing of requests (network packets, emails, etc&#8230;&#8203;) from one single source to a specific service, aimed at affecting its normal functioning.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_tool_exhausting_resources">exploit-tool-exhausting-resources</h3>
<div class="sect3">
<h4 id="_europol_event_exploit_tool_exhausting_resources">europol-event:exploit-tool-exhausting-resources</h4>
<div class="paragraph">
<p>europol-event:Exploit or tool aimed at exhausting resources (network, processing capacity, sessions, etc&#8230;&#8203;)</p>
</div>
<div class="paragraph">
<p>europol-event:One single source using specially designed software to affect the normal functioning of a specific service, by exploiting a vulnerability.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_packet_flood">packet-flood</h3>
<div class="sect3">
<h4 id="_europol_event_packet_flood">europol-event:packet-flood</h4>
<div class="paragraph">
<p>europol-event:Packet flooding</p>
</div>
<div class="paragraph">
<p>europol-event:Mass mailing of requests (network packets, emails, etc&#8230;&#8203;) from various sources to a specific service, aimed at affecting its normal functioning.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_framework_exhausting_resources">exploit-framework-exhausting-resources</h3>
<div class="sect3">
<h4 id="_europol_event_exploit_framework_exhausting_resources">europol-event:exploit-framework-exhausting-resources</h4>
<div class="paragraph">
<p>europol-event:Exploit or tool distribution aimed at exhausting resources</p>
</div>
<div class="paragraph">
<p>europol-event:Various sources using specially designed software to affect the normal functioning of a specific service, by exploiting a vulnerability.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vandalism">vandalism</h3>
<div class="sect3">
<h4 id="_europol_event_vandalism">europol-event:vandalism</h4>
<div class="paragraph">
<p>europol-event:Vandalism</p>
</div>
<div class="paragraph">
<p>europol-event:Logical and physical activities which although they are not aimed at causing damage to information or at preventing its transmission among systems have this effect.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disruption_data_transmission">disruption-data-transmission</h3>
<div class="sect3">
<h4 id="_europol_event_disruption_data_transmission">europol-event:disruption-data-transmission</h4>
<div class="paragraph">
<p>europol-event:Intentional disruption of data transmission and processing mechanisms</p>
</div>
<div class="paragraph">
<p>europol-event:Logical and physical activities aimed at causing damage to information or at preventing its transmission among systems.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_system_probe">system-probe</h3>
<div class="sect3">
<h4 id="_europol_event_system_probe">europol-event:system-probe</h4>
<div class="paragraph">
<p>europol-event:System probe</p>
</div>
<div class="paragraph">
<p>europol-event:Single system scan searching for open ports or services using these ports for responding.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_network_scanning">network-scanning</h3>
<div class="sect3">
<h4 id="_europol_event_network_scanning">europol-event:network-scanning</h4>
<div class="paragraph">
<p>europol-event:Network scanning</p>
</div>
<div class="paragraph">
<p>europol-event:Scanning a network aimed at identifying systems which are active in the same network.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dns_zone_transfer">dns-zone-transfer</h3>
<div class="sect3">
<h4 id="_europol_event_dns_zone_transfer">europol-event:dns-zone-transfer</h4>
<div class="paragraph">
<p>europol-event:DNS zone transfer</p>
</div>
<div class="paragraph">
<p>europol-event:Transfer of a specific DNS zone.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_wiretapping">wiretapping</h3>
<div class="sect3">
<h4 id="_europol_event_wiretapping">europol-event:wiretapping</h4>
<div class="paragraph">
<p>europol-event:Wiretapping</p>
</div>
<div class="paragraph">
<p>europol-event:Logical or physical interception of communications.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dissemination_phishing_emails">dissemination-phishing-emails</h3>
<div class="sect3">
<h4 id="_europol_event_dissemination_phishing_emails">europol-event:dissemination-phishing-emails</h4>
<div class="paragraph">
<p>europol-event:Dissemination of phishing emails</p>
</div>
<div class="paragraph">
<p>europol-event:Mass emailing aimed at collecting data for phishing purposes with regard to the victims.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_hosting_phishing_sites">hosting-phishing-sites</h3>
<div class="sect3">
<h4 id="_europol_event_hosting_phishing_sites">europol-event:hosting-phishing-sites</h4>
<div class="paragraph">
<p>europol-event:Hosting phishing sites</p>
</div>
<div class="paragraph">
<p>europol-event:Hosting web sites for phishing purposes.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_aggregation_information_phishing_schemes">aggregation-information-phishing-schemes</h3>
<div class="sect3">
<h4 id="_europol_event_aggregation_information_phishing_schemes">europol-event:aggregation-information-phishing-schemes</h4>
<div class="paragraph">
<p>europol-event:Aggregation of information gathered through phishing schemes</p>
</div>
<div class="paragraph">
<p>europol-event:Collecting data obtained through phishing attacks on web pages, email accounts, etc&#8230;&#8203;</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit_attempt">exploit-attempt</h3>
<div class="sect3">
<h4 id="_europol_event_exploit_attempt">europol-event:exploit-attempt</h4>
<div class="paragraph">
<p>europol-event:Exploit attempt</p>
</div>
<div class="paragraph">
<p>europol-event:Unsuccessful use of a tool exploiting a specific vulnerability of the system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sql_injection_attempt">sql-injection-attempt</h3>
<div class="sect3">
<h4 id="_europol_event_sql_injection_attempt">europol-event:sql-injection-attempt</h4>
<div class="paragraph">
<p>europol-event:SQL injection attempt</p>
</div>
<div class="paragraph">
<p>europol-event:Unsuccessful attempt to manipulate or read the information of a database by using the SQL injection technique.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_xss_attempt">xss-attempt</h3>
<div class="sect3">
<h4 id="_europol_event_xss_attempt">europol-event:xss-attempt</h4>
<div class="paragraph">
<p>europol-event:XSS attempt</p>
</div>
<div class="paragraph">
<p>europol-event:Unsuccessful attempts to perform attacks by using cross-site scripting techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_file_inclusion_attempt">file-inclusion-attempt</h3>
<div class="sect3">
<h4 id="_europol_event_file_inclusion_attempt">europol-event:file-inclusion-attempt</h4>
<div class="paragraph">
<p>europol-event:File inclusion attempt</p>
</div>
<div class="paragraph">
<p>europol-event:Unsuccessful attempt to include files in the system under attack by using file inclusion techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_brute_force_attempt">brute-force-attempt</h3>
<div class="sect3">
<h4 id="_europol_event_brute_force_attempt">europol-event:brute-force-attempt</h4>
<div class="paragraph">
<p>europol-event:Brute force attempt</p>
</div>
<div class="paragraph">
<p>europol-event:Unsuccessful login attempt by using sequential credentials for gaining access to the system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_password_cracking_attempt">password-cracking-attempt</h3>
<div class="sect3">
<h4 id="_europol_event_password_cracking_attempt">europol-event:password-cracking-attempt</h4>
<div class="paragraph">
<p>europol-event:Password cracking attempt</p>
</div>
<div class="paragraph">
<p>europol-event:Attempt to acquire access credentials by breaking the protective cryptographic keys.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_dictionary_attack_attempt">dictionary-attack-attempt</h3>
<div class="sect3">
<h4 id="_europol_event_dictionary_attack_attempt">europol-event:dictionary-attack-attempt</h4>
<div class="paragraph">
<p>europol-event:Dictionary attack attempt</p>
</div>
<div class="paragraph">
<p>europol-event:Unsuccessful login attempt by using system access credentials previously loaded into a dictionary.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploit">exploit</h3>
<div class="sect3">
<h4 id="_europol_event_exploit">europol-event:exploit</h4>
<div class="paragraph">
<p>europol-event:Use of a local or remote exploit</p>
</div>
<div class="paragraph">
<p>europol-event:Successful use of a tool exploiting a specific vulnerability of the system.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sql_injection">sql-injection</h3>
<div class="sect3">
<h4 id="_europol_event_sql_injection">europol-event:sql-injection</h4>
<div class="paragraph">
<p>europol-event:SQL injection</p>
</div>
<div class="paragraph">
<p>europol-event:Manipulation or reading of information contained in a database by using the SQL injection technique.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_xss">xss</h3>
<div class="sect3">
<h4 id="_europol_event_xss">europol-event:xss</h4>
<div class="paragraph">
<p>europol-event:XSS</p>
</div>
<div class="paragraph">
<p>europol-event:Attacks performed with the use of cross-site scripting techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_file_inclusion">file-inclusion</h3>
<div class="sect3">
<h4 id="_europol_event_file_inclusion">europol-event:file-inclusion</h4>
<div class="paragraph">
<p>europol-event:File inclusion</p>
</div>
<div class="paragraph">
<p>europol-event:Inclusion of files into a system under attack with the use of file inclusion techniques.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_control_system_bypass">control-system-bypass</h3>
<div class="sect3">
<h4 id="_europol_event_control_system_bypass">europol-event:control-system-bypass</h4>
<div class="paragraph">
<p>europol-event:Control system bypass</p>
</div>
<div class="paragraph">
<p>europol-event:Unauthorised access to a system or component by bypassing an access control system in place.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_theft_access_credentials">theft-access-credentials</h3>
<div class="sect3">
<h4 id="_europol_event_theft_access_credentials">europol-event:theft-access-credentials</h4>
<div class="paragraph">
<p>europol-event:Theft of access credentials</p>
</div>
<div class="paragraph">
<p>europol-event:Unauthorised access to a system or component by using stolen access credentials.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unauthorized_access_system">unauthorized-access-system</h3>
<div class="sect3">
<h4 id="_europol_event_unauthorized_access_system">europol-event:unauthorized-access-system</h4>
<div class="paragraph">
<p>europol-event:Unauthorised access to a system</p>
</div>
<div class="paragraph">
<p>europol-event:Unauthorised access to a system or component.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unauthorized_access_information">unauthorized-access-information</h3>
<div class="sect3">
<h4 id="_europol_event_unauthorized_access_information">europol-event:unauthorized-access-information</h4>
<div class="paragraph">
<p>europol-event:Unauthorised access to information</p>
</div>
<div class="paragraph">
<p>europol-event:Unauthorised access to a set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_data_exfiltration">data-exfiltration</h3>
<div class="sect3">
<h4 id="_europol_event_data_exfiltration">europol-event:data-exfiltration</h4>
<div class="paragraph">
<p>europol-event:Data exfiltration</p>
</div>
<div class="paragraph">
<p>europol-event:Unauthorised access to and sharing of a specific set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_modification_information">modification-information</h3>
<div class="sect3">
<h4 id="_europol_event_modification_information">europol-event:modification-information</h4>
<div class="paragraph">
<p>europol-event:Modification of information</p>
</div>
<div class="paragraph">
<p>europol-event:Unauthorised changes to a specific set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_deletion_information">deletion-information</h3>
<div class="sect3">
<h4 id="_europol_event_deletion_information">europol-event:deletion-information</h4>
<div class="paragraph">
<p>europol-event:Deletion of information</p>
</div>
<div class="paragraph">
<p>europol-event:Unauthorised deleting of a specific set of information.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_illegitimate_use_resources">illegitimate-use-resources</h3>
<div class="sect3">
<h4 id="_europol_event_illegitimate_use_resources">europol-event:illegitimate-use-resources</h4>
<div class="paragraph">
<p>europol-event:Misuse or unauthorised use of resources</p>
</div>
<div class="paragraph">
<p>europol-event:Use of institutional resources for purposes other than those intended.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_illegitimate_use_name">illegitimate-use-name</h3>
<div class="sect3">
<h4 id="_europol_event_illegitimate_use_name">europol-event:illegitimate-use-name</h4>
<div class="paragraph">
<p>europol-event:Illegitimate use of the name of an institution or third party</p>
</div>
<div class="paragraph">
<p>europol-event:Using the name of an institution without permission to do so.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_email_flooding">email-flooding</h3>
<div class="sect3">
<h4 id="_europol_event_email_flooding">europol-event:email-flooding</h4>
<div class="paragraph">
<p>europol-event:Email flooding</p>
</div>
<div class="paragraph">
<p>europol-event:Sending an unusually large quantity of email messages.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_spam">spam</h3>
<div class="sect3">
<h4 id="_europol_event_spam">europol-event:spam</h4>
<div class="paragraph">
<p>europol-event:Sending an unsolicited message</p>
</div>
<div class="paragraph">
<p>europol-event:Sending an email message that was unsolicited or unwanted by the recipient.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_copyrighted_content">copyrighted-content</h3>
<div class="sect3">
<h4 id="_europol_event_copyrighted_content">europol-event:copyrighted-content</h4>
<div class="paragraph">
<p>europol-event:Distribution or sharing of copyright protected content</p>
</div>
<div class="paragraph">
<p>europol-event:Distribution or sharing of content protected by copyright and related rights.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_content_forbidden_by_law">content-forbidden-by-law</h3>
<div class="sect3">
<h4 id="_europol_event_content_forbidden_by_law">europol-event:content-forbidden-by-law</h4>
<div class="paragraph">
<p>europol-event:Dissemination of content forbidden by law (publicly prosecuted offences)</p>
</div>
<div class="paragraph">
<p>europol-event:Distribution or sharing of illegal content such as child pornography, racism, xenophobia, etc&#8230;&#8203;</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unspecified">unspecified</h3>
<div class="sect3">
<h4 id="_europol_event_unspecified">europol-event:unspecified</h4>
<div class="paragraph">
<p>europol-event:Other unspecified event</p>
</div>
<div class="paragraph">
<p>europol-event:Other unlisted events.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_undetermined">undetermined</h3>
<div class="sect3">
<h4 id="_europol_event_undetermined">europol-event:undetermined</h4>
<div class="paragraph">
<p>europol-event:Undetermined</p>
</div>
<div class="paragraph">
<p>europol-event:Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_kill_chain">kill-chain</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
kill-chain namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/kill-chain/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Cyber Kill Chain, a phase-based model developed by Lockheed Martin, aims to help categorise and identify the stage of an attack.</p>
</div>
<div class="sect2">
<h3 id="_reconnaissance">Reconnaissance</h3>
<div class="sect3">
<h4 id="_kill_chain_reconnaissance">kill-chain:Reconnaissance</h4>
<div class="paragraph">
<p>kill-chain:Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and mailing lists for email addresses, social relationships, or information on specific technologies.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_weaponisation">Weaponisation</h3>
<div class="sect3">
<h4 id="_kill_chain_weaponisation">kill-chain:Weaponisation</h4>
<div class="paragraph">
<p>kill-chain:Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). Increasingly, client application data files such as Adobe Portable Document Format (PDF) or Microsoft Office documents serve as the weaponized deliverable.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_delivery">Delivery</h3>
<div class="sect3">
<h4 id="_kill_chain_delivery">kill-chain:Delivery</h4>
<div class="paragraph">
<p>kill-chain:Transmission of the weapon to the targeted environment. The three most prevalent delivery vectors for weaponized payloads by APT actors, as observed by the Lockheed Martin Computer Incident Response Team (LM-CIRT) for the years 2004-2010, are email attachments, websites, and USB removable media.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_exploitation">Exploitation</h3>
<div class="sect3">
<h4 id="_kill_chain_exploitation">kill-chain:Exploitation</h4>
<div class="paragraph">
<p>kill-chain:After the weapon is delivered to victim host, exploitation triggers intruders' code. Most often, exploitation targets an application or operating system vulnerability, but it could also more simply exploit the users themselves or leverage an operating system feature that auto-executes code.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_installation">Installation</h3>
<div class="sect3">
<h4 id="_kill_chain_installation">kill-chain:Installation</h4>
<div class="paragraph">
<p>kill-chain:Installation of a remote access trojan or backdoor on the victim system allows the adversary to maintain persistence inside the environment.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_command_and_control">Command and Control</h3>
<div class="sect3">
<h4 id="_kill_chain_command_and_control">kill-chain:Command and Control</h4>
<div class="paragraph">
<p>kill-chain:Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel. APT malware especially requires manual interaction rather than conduct activity automatically. Once the C2 channel establishes, intruders have 'hands on the keyboard' access inside the target environment.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_actions_on_objectives">Actions on Objectives</h3>
<div class="sect3">
<h4 id="_kill_chain_actions_on_objectives">kill-chain:Actions on Objectives</h4>
<div class="paragraph">
<p>kill-chain:Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_tlp">tlp</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
tlp namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/tlp/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Traffic Light Protocol - or short: TLP - was designed with the objective to create a favorable classification scheme for sharing sensitive information while keeping the control over its distribution at the same time.</p>
</div>
<div class="sect2">
<h3 id="_red">red</h3>
<div class="sect3">
<h4 id="_tlp_red">tlp:red</h4>
<div class="paragraph">
<p>tlp:(TLP:RED) Information exclusively and directly given to (a group of) individual recipients. Sharing outside is not legitimate.</p>
</div>
<div class="paragraph">
<p>tlp:Not for disclosure, restricted to participants only. Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party&#8217;s privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_amber">amber</h3>
<div class="sect3">
<h4 id="_tlp_amber">tlp:amber</h4>
<div class="paragraph">
<p>tlp:(TLP:AMBER) Information exclusively given to an organization; sharing limited within the organization to be effectively acted upon.</p>
</div>
<div class="paragraph">
<p>tlp:Limited disclosure, restricted to participants organizations. Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_green">green</h3>
<div class="sect3">
<h4 id="_tlp_green">tlp:green</h4>
<div class="paragraph">
<p>tlp:(TLP:GREEN) Information given to a community or a group of organizations at large. The information cannot be publicly released.</p>
</div>
<div class="paragraph">
<p>tlp:Limited disclosure, restricted to the community. Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_white">white</h3>
<div class="sect3">
<h4 id="_tlp_white">tlp:white</h4>
<div class="paragraph">
<p>tlp:(TLP:WHITE) Information can be shared publicly in accordance with the law.</p>
</div>
<div class="paragraph">
<p>tlp:Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_ex_chr">ex:chr</h3>
<div class="sect3">
<h4 id="_tlp_ex_chr">tlp:ex:chr</h4>
<div class="paragraph">
<p>tlp:(TLP:EX:CHR) Information extended with a specific tag called Chatham House Rule (CHR). When this specific CHR tag is mentioned, the attribution (the source of information) must not be disclosed. This additional rule is at the discretion of the initial sender who can decide to apply or not the CHR tag.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_csirt_case_classification">csirt_case_classification</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
csirt_case_classification namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/csirt_case_classification/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>It is critical that the CSIRT provide consistent and timely response to the customer, and that sensitive information is handled appropriately. This document provides the guidelines needed for CSIRT Incident Managers (IM) to classify the case category, criticality level, and sensitivity level for each CSIRT case. This information will be entered into the Incident Tracking System (ITS) when a case is created. Consistent case classification is required for the CSIRT to provide accurate reporting to management on a regular basis. In addition, the classifications will provide CSIRT IMs with proper case handling procedures and will form the basis of SLAs between the CSIRT and other Company departments.</p>
</div>
<div class="sect2">
<h3 id="_incident_category">incident-category</h3>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_dos">csirt_case_classification:incident-category="DOS"</h4>
<div class="paragraph">
<p>csirt_case_classification:Denial of service / Distributed Denial of service</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_forensics">csirt_case_classification:incident-category="forensics"</h4>
<div class="paragraph">
<p>csirt_case_classification:Forensics work</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_compromised_information">csirt_case_classification:incident-category="compromised-information"</h4>
<div class="paragraph">
<p>csirt_case_classification:Attempted or successful destruction, corruption, or disclosure of sensitive corporate information or Intellectual Property</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_compromised_asset">csirt_case_classification:incident-category="compromised-asset"</h4>
<div class="paragraph">
<p>csirt_case_classification:Compromised host (root account, Trojan, rootkit), network device, application, user account.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_unlawful_activity">csirt_case_classification:incident-category="unlawful-activity"</h4>
<div class="paragraph">
<p>csirt_case_classification:Theft / Fraud / Human Safety / Child Porn</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_internal_hacking">csirt_case_classification:incident-category="internal-hacking"</h4>
<div class="paragraph">
<p>csirt_case_classification:Reconnaissance or Suspicious activity originating from inside the Company corporate network, excluding malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_external_hacking">csirt_case_classification:incident-category="external-hacking"</h4>
<div class="paragraph">
<p>csirt_case_classification:Reconnaissance or Suspicious Activity originating from outside the Company corporate network (partner network, Internet), excluding malware.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_malware">csirt_case_classification:incident-category="malware"</h4>
<div class="paragraph">
<p>csirt_case_classification:A virus or worm typically affecting multiple corporate devices. This does not include compromised hosts that are being actively controlled by an attacker via a backdoor or Trojan.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_email">csirt_case_classification:incident-category="email"</h4>
<div class="paragraph">
<p>csirt_case_classification:Spoofed email, SPAM, and other email security-related events.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_consulting">csirt_case_classification:incident-category="consulting"</h4>
<div class="paragraph">
<p>csirt_case_classification:Security consulting unrelated to any confirmed incident</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_incident_category_policy_violation">csirt_case_classification:incident-category="policy-violation"</h4>
<div class="paragraph">
<p>csirt_case_classification:Violation of various policies</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_criticality_classification">criticality-classification</h3>
<div class="sect3">
<h4 id="_csirt_case_classification_criticality_classification_1">csirt_case_classification:criticality-classification="1"</h4>
<div class="paragraph">
<p>csirt_case_classification:Incident affecting critical systems or information with potential to be revenue or customer impacting.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_criticality_classification_2">csirt_case_classification:criticality-classification="2"</h4>
<div class="paragraph">
<p>csirt_case_classification:Incident affecting non-critical systems or information, not revenue or customer impacting. Employee investigations that are time sensitive should typically be classified at this level.</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_criticality_classification_3">csirt_case_classification:criticality-classification="3"</h4>
<div class="paragraph">
<p>csirt_case_classification:Possible incident, non-critical systems. Incident or employee investigations that are not time sensitive. Long-term investigations involving extensive research and/or detailed forensic work.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_sensitivity_classification">sensitivity-classification</h3>
<div class="sect3">
<h4 id="_csirt_case_classification_sensitivity_classification_1">csirt_case_classification:sensitivity-classification="1"</h4>
<div class="paragraph">
<p>csirt_case_classification:Extremely Sensitive</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_sensitivity_classification_2">csirt_case_classification:sensitivity-classification="2"</h4>
<div class="paragraph">
<p>csirt_case_classification:Sensitive</p>
</div>
</div>
<div class="sect3">
<h4 id="_csirt_case_classification_sensitivity_classification_3">csirt_case_classification:sensitivity-classification="3"</h4>
<div class="paragraph">
<p>csirt_case_classification:Not Sensitive</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_ecsirt">ecsirt</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
ecsirt namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/ecsirt/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Incident Classification by the ecsirt.net project WP4 clearinghouse policy and updated by IntelMQ.</p>
</div>
<div class="sect2">
<h3 id="_abusive_content_2">abusive-content</h3>
<div class="sect3">
<h4 id="_ecsirt_abusive_content_spam">ecsirt:abusive-content="spam"</h4>
<div class="paragraph">
<p>ecsirt:spam</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_malicious_code">malicious-code</h3>
<div class="sect3">
<h4 id="_ecsirt_malicious_code_malware">ecsirt:malicious-code="malware"</h4>
<div class="paragraph">
<p>ecsirt:malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_malicious_code_botnet_drone">ecsirt:malicious-code="botnet-drone"</h4>
<div class="paragraph">
<p>ecsirt:botnet drone</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_malicious_code_ransomware">ecsirt:malicious-code="ransomware"</h4>
<div class="paragraph">
<p>ecsirt:ransomware</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_malicious_code_malware_configuration">ecsirt:malicious-code="malware-configuration"</h4>
<div class="paragraph">
<p>ecsirt:malware configuration</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_malicious_code_c_c">ecsirt:malicious-code="c&amp;c"</h4>
<div class="paragraph">
<p>ecsirt:c&amp;c</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_gathering_2">information-gathering</h3>
<div class="sect3">
<h4 id="_ecsirt_information_gathering_scanner">ecsirt:information-gathering="scanner"</h4>
<div class="paragraph">
<p>ecsirt:scanner</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusion_attempts">intrusion-attempts</h3>
<div class="sect3">
<h4 id="_ecsirt_intrusion_attempts_exploit">ecsirt:intrusion-attempts="exploit"</h4>
<div class="paragraph">
<p>ecsirt:exploit</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_intrusion_attempts_brute_force">ecsirt:intrusion-attempts="brute-force"</h4>
<div class="paragraph">
<p>ecsirt:brute-force</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_intrusion_attempts_ids_alert">ecsirt:intrusion-attempts="ids-alert"</h4>
<div class="paragraph">
<p>ecsirt:ids alerts</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_intrusions">intrusions</h3>
<div class="sect3">
<h4 id="_ecsirt_intrusions_defacement">ecsirt:intrusions="defacement"</h4>
<div class="paragraph">
<p>ecsirt:defacement</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_intrusions_compromised">ecsirt:intrusions="compromised"</h4>
<div class="paragraph">
<p>ecsirt:compromised</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_intrusions_backdoor">ecsirt:intrusions="backdoor"</h4>
<div class="paragraph">
<p>ecsirt:backdoor</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_availability_2">availability</h3>
<div class="sect3">
<h4 id="_ecsirt_availability_ddos">ecsirt:availability="ddos"</h4>
<div class="paragraph">
<p>ecsirt:ddos</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information_security_2">information-security</h3>
</div>
<div class="sect2">
<h3 id="_information_content_security">information-content-security</h3>
<div class="sect3">
<h4 id="_ecsirt_information_content_security_dropzone">ecsirt:information-content-security="dropzone"</h4>
<div class="paragraph">
<p>ecsirt:dropzone</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_vulnerable">vulnerable</h3>
<div class="sect3">
<h4 id="_ecsirt_vulnerable_vulnerable_service">ecsirt:vulnerable="vulnerable-service"</h4>
<div class="paragraph">
<p>ecsirt:Vulnerable service</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_fraud_2">fraud</h3>
<div class="sect3">
<h4 id="_ecsirt_fraud_phishing">ecsirt:fraud="phishing"</h4>
<div class="paragraph">
<p>ecsirt:phishing</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_other_2">other</h3>
<div class="sect3">
<h4 id="_ecsirt_other_blacklist">ecsirt:other="blacklist"</h4>
<div class="paragraph">
<p>ecsirt:blacklist</p>
</div>
</div>
<div class="sect3">
<h4 id="_ecsirt_other_unknown">ecsirt:other="unknown"</h4>
<div class="paragraph">
<p>ecsirt:unknown</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_test">test</h3>
<div class="sect3">
<h4 id="_ecsirt_test_test">ecsirt:test="test"</h4>
<div class="paragraph">
<p>ecsirt:Test</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_pap">PAP</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
PAP namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/PAP/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.</p>
</div>
<div class="sect2">
<h3 id="_red_2">RED</h3>
<div class="sect3">
<h4 id="_pap_red">PAP:RED</h4>
<div class="paragraph">
<p>PAP:(PAP:RED) Non-detectable actions only. Recipients may not use PAP:RED information on the network. Only passive actions on logs, that are not detectable from the outside.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_amber_2">AMBER</h3>
<div class="sect3">
<h4 id="_pap_amber">PAP:AMBER</h4>
<div class="paragraph">
<p>PAP:(PAP:AMBER) Passive cross check. Recipients may use PAP:AMBER information for conducting online checks, like using services provided by third parties (e.g. VirusTotal), or set up a monitoring honeypot.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_green_2">GREEN</h3>
<div class="sect3">
<h4 id="_pap_green">PAP:GREEN</h4>
<div class="paragraph">
<p>PAP:(PAP:GREEN) Active actions allowed. Recipients may use PAP:GREEN information to ping the target, block incoming/outgoing traffic from/to the target or specifically configure honeypots to interact with the target.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_white_2">WHITE</h3>
<div class="sect3">
<h4 id="_pap_white">PAP:WHITE</h4>
<div class="paragraph">
<p>PAP:(PAP:WHITE) No restrictions in using this information.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_enisa">enisa</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
enisa namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/enisa/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.</p>
</div>
<div class="sect2">
<h3 id="_physical_attack">physical-attack</h3>
<div class="sect3">
<h4 id="_enisa_physical_attack_fraud">enisa:physical-attack="fraud"</h4>
<div class="paragraph">
<p>enisa:Fraud</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_fraud_by_employees">enisa:physical-attack="fraud-by-employees"</h4>
<div class="paragraph">
<p>enisa:Fraud committed by employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_sabotage">enisa:physical-attack="sabotage"</h4>
<div class="paragraph">
<p>enisa:Sabotage</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_vandalism">enisa:physical-attack="vandalism"</h4>
<div class="paragraph">
<p>enisa:Vandalism</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_theft">enisa:physical-attack="theft"</h4>
<div class="paragraph">
<p>enisa:Theft (of devices, storage media and documents)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_theft_of_mobile_devices">enisa:physical-attack="theft-of-mobile-devices"</h4>
<div class="paragraph">
<p>enisa:Theft of mobile devices (smartphones/ tablets)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_theft_of_fixed_hardware">enisa:physical-attack="theft-of-fixed-hardware"</h4>
<div class="paragraph">
<p>enisa:Theft of fixed hardware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_theft_of_documents">enisa:physical-attack="theft-of-documents"</h4>
<div class="paragraph">
<p>enisa:Theft of documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_theft_of_backups">enisa:physical-attack="theft-of-backups"</h4>
<div class="paragraph">
<p>enisa:Theft of backups</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_information_leak_or_unauthorised_sharing">enisa:physical-attack="information-leak-or-unauthorised-sharing"</h4>
<div class="paragraph">
<p>enisa:Information leak /sharing</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_unauthorised_physical_access_or_unauthorised_entry_to_premises">enisa:physical-attack="unauthorised-physical-access-or-unauthorised-entry-to-premises"</h4>
<div class="paragraph">
<p>enisa:Unauthorized physical access / Unauthorised entry to premises</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_coercion_or_extortion_or_corruption">enisa:physical-attack="coercion-or-extortion-or-corruption"</h4>
<div class="paragraph">
<p>enisa:Coercion, extortion or corruption</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_damage_from_the_wafare">enisa:physical-attack="damage-from-the-wafare"</h4>
<div class="paragraph">
<p>enisa:Damage from the warfare</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_physical_attack_terrorist_attack">enisa:physical-attack="terrorist-attack"</h4>
<div class="paragraph">
<p>enisa:Terrorist attack</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_unintentional_damage">unintentional-damage</h3>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_information_leak_or_sharing_due_to_human_error">enisa:unintentional-damage="information-leak-or-sharing-due-to-human-error"</h4>
<div class="paragraph">
<p>enisa:Information leak /sharing due to human error</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_accidental_leaks_or_sharing_of_data_by_employees">enisa:unintentional-damage="accidental-leaks-or-sharing-of-data-by-employees"</h4>
<div class="paragraph">
<p>enisa:Accidental leaks/sharing of data by employees</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_leaks_of_data_via_mobile_applications">enisa:unintentional-damage="leaks-of-data-via-mobile-applications"</h4>
<div class="paragraph">
<p>enisa:Leaks of data via mobile applications</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_leaks_of_data_via_web_applications">enisa:unintentional-damage="leaks-of-data-via-web-applications"</h4>
<div class="paragraph">
<p>enisa:Leaks of data via Web applications</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_leaks_of_information_transferred_by_network">enisa:unintentional-damage="leaks-of-information-transferred-by-network"</h4>
<div class="paragraph">
<p>enisa:Leaks of information transferred by network</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_erroneous_use_or_administration_of_devices_and_systems">enisa:unintentional-damage="erroneous-use-or-administration-of-devices-and-systems"</h4>
<div class="paragraph">
<p>enisa:Erroneous use or administration of devices and systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_information_due_to_maintenance_errors_or_operators_errors">enisa:unintentional-damage="loss-of-information-due-to-maintenance-errors-or-operators-errors"</h4>
<div class="paragraph">
<p>enisa:Loss of information due to maintenance errors / operators' errors</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_information_due_to_configuration_or_installation_error">enisa:unintentional-damage="loss-of-information-due-to-configuration-or-installation error"</h4>
<div class="paragraph">
<p>enisa:Loss of information due to configuration/ installation error</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_increasing_recovery_time">enisa:unintentional-damage="increasing-recovery-time"</h4>
<div class="paragraph">
<p>enisa:Increasing recovery time</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_lost_of_information_due_to_user_errors">enisa:unintentional-damage="lost-of-information-due-to-user-errors"</h4>
<div class="paragraph">
<p>enisa:Loss of information due to user errors</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_using_information_from_an_unreliable_source">enisa:unintentional-damage="using-information-from-an-unreliable-source"</h4>
<div class="paragraph">
<p>enisa:Using information from an unreliable source</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_unintentional_change_of_data_in_an_information_system">enisa:unintentional-damage="unintentional-change-of-data-in-an-information-system"</h4>
<div class="paragraph">
<p>enisa:Unintentional change of data in an information system</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_inadequate_design_and_planning_or_improper_adaptation">enisa:unintentional-damage="inadequate-design-and-planning-or-improper-adaptation"</h4>
<div class="paragraph">
<p>enisa:Inadequate design and planning or improper adaptation</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_damage_caused_by_a_third_party">enisa:unintentional-damage="damage-caused-by-a-third-party"</h4>
<div class="paragraph">
<p>enisa:Damage caused by a third party</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_security_failure_caused_by_third_party">enisa:unintentional-damage="security-failure-caused-by-third-party"</h4>
<div class="paragraph">
<p>enisa:Security failure caused by third party</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_damages_resulting_from_penetration_testing">enisa:unintentional-damage="damages-resulting-from-penetration-testing"</h4>
<div class="paragraph">
<p>enisa:Damages resulting from penetration testing</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_information_in_the_cloud">enisa:unintentional-damage="loss-of-information-in-the-cloud"</h4>
<div class="paragraph">
<p>enisa:Loss of information in the cloud</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_integrity_of_sensitive_information">enisa:unintentional-damage="loss-of-(integrity-of)-sensitive-information"</h4>
<div class="paragraph">
<p>enisa:Loss of (integrity of) sensitive information</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_integrity_of_certificates">enisa:unintentional-damage="loss-of-integrity-of-certificates"</h4>
<div class="paragraph">
<p>enisa:Loss of integrity of certificates</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_devices_and_storage_media_and_documents">enisa:unintentional-damage="loss-of-devices-and-storage-media-and-documents"</h4>
<div class="paragraph">
<p>enisa:Loss of devices, storage media and documents</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_devices_or_mobile_devices">enisa:unintentional-damage="loss-of-devices-or-mobile-devices"</h4>
<div class="paragraph">
<p>enisa:Loss of devices/ mobile devices</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_storage_media">enisa:unintentional-damage="loss-of-storage-media"</h4>
<div class="paragraph">
<p>enisa:Loss of storage media</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_loss_of_documentation_of_it_infrastructure">enisa:unintentional-damage="loss-of-documentation-of-IT-Infrastructure"</h4>
<div class="paragraph">
<p>enisa:Loss of documentation of IT Infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_destruction_of_records">enisa:unintentional-damage="destruction-of-records"</h4>
<div class="paragraph">
<p>enisa:Destruction of records</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_infection_of_removable_media">enisa:unintentional-damage="infection-of-removable-media"</h4>
<div class="paragraph">
<p>enisa:Infection of removable media</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_unintentional_damage_abuse_of_storage">enisa:unintentional-damage="abuse-of-storage"</h4>
<div class="paragraph">
<p>enisa:Abuse of storage</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_disaster">disaster</h3>
<div class="sect3">
<h4 id="_enisa_disaster_disaster">enisa:disaster="disaster"</h4>
<div class="paragraph">
<p>enisa:Disaster (natural earthquakes, floods, landslides, tsunamis, heavy rains, heavy snowfalls, heavy winds)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_fire">enisa:disaster="fire"</h4>
<div class="paragraph">
<p>enisa:Fire</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_pollution_dust_corrosion">enisa:disaster="pollution-dust-corrosion"</h4>
<div class="paragraph">
<p>enisa:Pollution, dust, corrosion</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_thunderstrike">enisa:disaster="thunderstrike"</h4>
<div class="paragraph">
<p>enisa:Thunderstrike</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_water">enisa:disaster="water"</h4>
<div class="paragraph">
<p>enisa:Water</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_explosion">enisa:disaster="explosion"</h4>
<div class="paragraph">
<p>enisa:Explosion</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_dangerous_radiation_leak">enisa:disaster="dangerous-radiation-leak"</h4>
<div class="paragraph">
<p>enisa:Dangerous radiation leak</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_unfavourable_climatic_conditions">enisa:disaster="unfavourable-climatic-conditions"</h4>
<div class="paragraph">
<p>enisa:Unfavourable climatic conditions</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_loss_of_data_or_accessibility_of_it_infrastructure_as_a_result_of_heightened_humidity">enisa:disaster="loss-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-heightened-humidity"</h4>
<div class="paragraph">
<p>enisa:Loss of data or accessibility of IT infrastructure as a result of heightened humidity</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_lost_of_data_or_accessibility_of_it_infrastructure_as_a_result_of_very_high_temperature">enisa:disaster="lost-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-very-high-temperature"</h4>
<div class="paragraph">
<p>enisa:Lost of data or accessibility of IT infrastructure as a result of very high temperature</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_threats_from_space_or_electromagnetic_storm">enisa:disaster="threats-from-space-or-electromagnetic-storm"</h4>
<div class="paragraph">
<p>enisa:Threats from space / Electromagnetic storm</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_disaster_wildlife">enisa:disaster="wildlife"</h4>
<div class="paragraph">
<p>enisa:Wildlife</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_failures_malfunction">failures-malfunction</h3>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_devices_or_systems">enisa:failures-malfunction="failure-of-devices-or-systems"</h4>
<div class="paragraph">
<p>enisa:Failure of devices or systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_data_media">enisa:failures-malfunction="failure-of-data-media"</h4>
<div class="paragraph">
<p>enisa:Failure of data media</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_hardware_failure">enisa:failures-malfunction="hardware-failure"</h4>
<div class="paragraph">
<p>enisa:Hardware failure</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_applications_and_services">enisa:failures-malfunction="failure-of-applications-and-services"</h4>
<div class="paragraph">
<p>enisa:Failure of applications and services</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_parts_of_devices_connectors_plug_ins">enisa:failures-malfunction="failure-of-parts-of-devices-connectors-plug-ins"</h4>
<div class="paragraph">
<p>enisa:Failure of parts of devices (connectors, plug-ins)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_or_disruption_of_communication_links_communication_networks">enisa:failures-malfunction="failure-or-disruption-of-communication-links-communication networks"</h4>
<div class="paragraph">
<p>enisa:Failure or disruption of communication links (communication networks)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_cable_networks">enisa:failures-malfunction="failure-of-cable-networks"</h4>
<div class="paragraph">
<p>enisa:Failure of cable networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_wireless_networks">enisa:failures-malfunction="failure-of-wireless-networks"</h4>
<div class="paragraph">
<p>enisa:Failure of wireless networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_mobile_networks">enisa:failures-malfunction="failure-of-mobile-networks"</h4>
<div class="paragraph">
<p>enisa:Failure of mobile networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_or_disruption_of_main_supply">enisa:failures-malfunction="failure-or-disruption-of-main-supply"</h4>
<div class="paragraph">
<p>enisa:Failure or disruption of main supply</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_or_disruption_of_power_supply">enisa:failures-malfunction="failure-or-disruption-of-power-supply"</h4>
<div class="paragraph">
<p>enisa:Failure or disruption of power supply</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_of_cooling_infrastructure">enisa:failures-malfunction="failure-of-cooling-infrastructure"</h4>
<div class="paragraph">
<p>enisa:Failure of cooling infrastructure</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_failure_or_disruption_of_service_providers_supply_chain">enisa:failures-malfunction="failure-or-disruption-of-service-providers-supply-chain"</h4>
<div class="paragraph">
<p>enisa:Failure or disruption of service providers (supply chain)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_failures_malfunction_malfunction_of_equipment_devices_or_systems">enisa:failures-malfunction="malfunction-of-equipment-devices-or-systems"</h4>
<div class="paragraph">
<p>enisa:Malfunction of equipment (devices or systems)</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_outages">outages</h3>
<div class="sect3">
<h4 id="_enisa_outages_absence_of_personnel">enisa:outages="absence-of-personnel"</h4>
<div class="paragraph">
<p>enisa:Absence of personnel</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_outages_strike">enisa:outages="strike"</h4>
<div class="paragraph">
<p>enisa:Strike</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_outages_loss_of_support_services">enisa:outages="loss-of-support-services"</h4>
<div class="paragraph">
<p>enisa:Loss of support services</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_outages_internet_outage">enisa:outages="internet-outage"</h4>
<div class="paragraph">
<p>enisa:Internet outage</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_outages_network_outage">enisa:outages="network-outage"</h4>
<div class="paragraph">
<p>enisa:Network outage</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_outages_outage_of_cable_networks">enisa:outages="outage-of-cable-networks"</h4>
<div class="paragraph">
<p>enisa:Outage of cable networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_outages_outage_of_short_range_wireless_networks">enisa:outages="Outage-of-short-range-wireless-networks"</h4>
<div class="paragraph">
<p>enisa:Outage of short-range wireless networks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_outages_outages_of_long_range_wireless_networks">enisa:outages="outages-of-long-range-wireless-networks"</h4>
<div class="paragraph">
<p>enisa:Outages of long-range wireless networks</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_eavesdropping_interception_hijacking">eavesdropping-interception-hijacking</h3>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_war_driving">enisa:eavesdropping-interception-hijacking="war-driving"</h4>
<div class="paragraph">
<p>enisa:War driving</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_intercepting_compromising_emissions">enisa:eavesdropping-interception-hijacking="intercepting-compromising-emissions"</h4>
<div class="paragraph">
<p>enisa:Intercepting compromising emissions</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_interception_of_information">enisa:eavesdropping-interception-hijacking="interception-of-information"</h4>
<div class="paragraph">
<p>enisa:Interception of information</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_corporate_espionage">enisa:eavesdropping-interception-hijacking="corporate-espionage"</h4>
<div class="paragraph">
<p>enisa:Corporate espionage</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_nation_state_espionage">enisa:eavesdropping-interception-hijacking="nation-state-espionage"</h4>
<div class="paragraph">
<p>enisa:Nation state espionage</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_information_leakage_due_to_unsecured_wi_fi_like_rogue_access_points">enisa:eavesdropping-interception-hijacking="information-leakage-due-to-unsecured-wi-fi-like-rogue-access-points"</h4>
<div class="paragraph">
<p>enisa:Information leakage due to unsecured Wi-Fi, rogue access points</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_interfering_radiation">enisa:eavesdropping-interception-hijacking="interfering-radiation"</h4>
<div class="paragraph">
<p>enisa:Interfering radiation</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_replay_of_messages">enisa:eavesdropping-interception-hijacking="replay-of-messages"</h4>
<div class="paragraph">
<p>enisa:Replay of messages</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_network_reconnaissance_network_traffic_manipulation_and_information_gathering">enisa:eavesdropping-interception-hijacking="network-reconnaissance-network-traffic-manipulation-and-information-gathering"</h4>
<div class="paragraph">
<p>enisa:Network Reconnaissance, Network traffic manipulation and Information gathering</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_eavesdropping_interception_hijacking_man_in_the_middle_session_hijacking">enisa:eavesdropping-interception-hijacking="man-in-the-middle-session-hijacking"</h4>
<div class="paragraph">
<p>enisa:Man in the middle/ Session hijacking</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_nefarious_activity_abuse">nefarious-activity-abuse</h3>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_identity_theft_identity_fraud_account">enisa:nefarious-activity-abuse="identity-theft-identity-fraud-account)"</h4>
<div class="paragraph">
<p>enisa:Identity theft (Identity Fraud/ Account)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_credentials_stealing_trojans">enisa:nefarious-activity-abuse="credentials-stealing-trojans"</h4>
<div class="paragraph">
<p>enisa:Credentials-stealing trojans</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_receiving_unsolicited_e_mail">enisa:nefarious-activity-abuse="receiving-unsolicited-e-mail"</h4>
<div class="paragraph">
<p>enisa:Receiving unsolicited E-mail</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_spam">enisa:nefarious-activity-abuse="spam"</h4>
<div class="paragraph">
<p>enisa:SPAM</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_unsolicited_infected_e_mails">enisa:nefarious-activity-abuse="unsolicited-infected-e-mails"</h4>
<div class="paragraph">
<p>enisa:Unsolicited infected e-mails</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_denial_of_service">enisa:nefarious-activity-abuse="denial-of-service"</h4>
<div class="paragraph">
<p>enisa:Denial of service</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_distributed_denial_of_network_service_network_layer_attack">enisa:nefarious-activity-abuse="distributed-denial-of-network-service-network-layer-attack"</h4>
<div class="paragraph">
<p>enisa:Distributed denial of network service (DDoS) (network layer attack i.e. Protocol exploitation / Malformed packets / Flooding / Spoofing)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_distributed_denial_of_network_service_application_layer_attack">enisa:nefarious-activity-abuse="distributed-denial-of-network-service-application-layer-attack"</h4>
<div class="paragraph">
<p>enisa:Distributed denial of application service (DDoS) (application layer attack i.e. Ping of Death / XDoS / WinNuke / HTTP Floods)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_distributed_denial_of_network_service_amplification_reflection_attack">enisa:nefarious-activity-abuse="distributed-denial-of-network-service-amplification-reflection-attack"</h4>
<div class="paragraph">
<p>enisa:Distributed DoS (DDoS) to both network and application services (amplification/reflection methods i.e. NTP/ DNS /&#8230;&#8203;/ BitTorrent)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_malicious_code_software_activity">enisa:nefarious-activity-abuse="malicious-code-software-activity"</h4>
<div class="paragraph">
<p>enisa:Malicious code/ software/ activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_search_engine_poisoning">enisa:nefarious-activity-abuse="search-engine-poisoning"</h4>
<div class="paragraph">
<p>enisa:Search Engine Poisoning</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_exploitation_of_fake_trust_of_social_media">enisa:nefarious-activity-abuse="exploitation-of-fake-trust-of-social-media"</h4>
<div class="paragraph">
<p>enisa:Exploitation of fake trust of social media</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_worms_trojans">enisa:nefarious-activity-abuse="worms-trojans"</h4>
<div class="paragraph">
<p>enisa:Worms/ Trojans</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_rootkits">enisa:nefarious-activity-abuse="rootkits"</h4>
<div class="paragraph">
<p>enisa:Rootkits</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_mobile_malware">enisa:nefarious-activity-abuse="mobile-malware"</h4>
<div class="paragraph">
<p>enisa:Mobile malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_infected_trusted_mobile_apps">enisa:nefarious-activity-abuse="infected-trusted-mobile-apps"</h4>
<div class="paragraph">
<p>enisa:Infected trusted mobile apps</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_elevation_of_privileges">enisa:nefarious-activity-abuse="elevation-of-privileges"</h4>
<div class="paragraph">
<p>enisa:Elevation of privileges</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_web_application_attacks_injection_attacks_code_injection_sql_xss">enisa:nefarious-activity-abuse="web-application-attacks-injection-attacks-code-injection-SQL-XSS"</h4>
<div class="paragraph">
<p>enisa:Web application attacks / injection attacks (Code injection: SQL, XSS)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_spyware_or_deceptive_adware">enisa:nefarious-activity-abuse="spyware-or-deceptive-adware"</h4>
<div class="paragraph">
<p>enisa:Spyware or deceptive adware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_viruses">enisa:nefarious-activity-abuse="viruses"</h4>
<div class="paragraph">
<p>enisa:Viruses</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_rogue_security_software_rogueware_scareware">enisa:nefarious-activity-abuse="rogue-security-software-rogueware-scareware"</h4>
<div class="paragraph">
<p>enisa:Rogue security software/ Rogueware / Scareware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_ransomware">enisa:nefarious-activity-abuse="ransomware"</h4>
<div class="paragraph">
<p>enisa:Ransomware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_exploits_exploit_kits">enisa:nefarious-activity-abuse="exploits-exploit-kits"</h4>
<div class="paragraph">
<p>enisa:Exploits/Exploit Kits</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_social_engineering">enisa:nefarious-activity-abuse="social-engineering"</h4>
<div class="paragraph">
<p>enisa:Social Engineering</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_phishing_attacks">enisa:nefarious-activity-abuse="phishing-attacks"</h4>
<div class="paragraph">
<p>enisa:Phishing attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_spear_phishing_attacks">enisa:nefarious-activity-abuse="spear-phishing-attacks"</h4>
<div class="paragraph">
<p>enisa:Spear phishing attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_abuse_of_information_leakage">enisa:nefarious-activity-abuse="abuse-of-information-leakage"</h4>
<div class="paragraph">
<p>enisa:Abuse of Information Leakage</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_leakage_affecting_mobile_privacy_and_mobile_applications">enisa:nefarious-activity-abuse="leakage-affecting-mobile-privacy-and-mobile-applications"</h4>
<div class="paragraph">
<p>enisa:Leakage affecting mobile privacy and mobile applications</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_leakage_affecting_web_privacy_and_web_applications">enisa:nefarious-activity-abuse="leakage-affecting-web-privacy-and-web-applications"</h4>
<div class="paragraph">
<p>enisa:Leakage affecting web privacy and web applications</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_leakage_affecting_network_traffic">enisa:nefarious-activity-abuse="leakage-affecting-network-traffic"</h4>
<div class="paragraph">
<p>enisa:Leakage affecting network traffic</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_leakage_affecting_cloud_computing">enisa:nefarious-activity-abuse="leakage-affecting-cloud-computing"</h4>
<div class="paragraph">
<p>enisa:Leakage affecting cloud computing</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_generation_and_use_of_rogue_certificates">enisa:nefarious-activity-abuse="generation-and-use-of-rogue-certificates"</h4>
<div class="paragraph">
<p>enisa:Generation and use of rogue certificates</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_loss_of_integrity_of_sensitive_information">enisa:nefarious-activity-abuse="loss-of-integrity-of-sensitive-information"</h4>
<div class="paragraph">
<p>enisa:Loss of (integrity of) sensitive information</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_man_in_the_middle_session_hijacking">enisa:nefarious-activity-abuse="man-in-the-middle-session-hijacking"</h4>
<div class="paragraph">
<p>enisa:Man in the middle / Session hijacking</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_social_engineering_via_signed_malware">enisa:nefarious-activity-abuse="social-engineering-via-signed-malware"</h4>
<div class="paragraph">
<p>enisa:Social Engineering / signed malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_fake_ssl_certificates">enisa:nefarious-activity-abuse="fake-SSL-certificates"</h4>
<div class="paragraph">
<p>enisa:Fake SSL certificates</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_manipulation_of_hardware_and_software">enisa:nefarious-activity-abuse="manipulation-of-hardware-and-software"</h4>
<div class="paragraph">
<p>enisa:Manipulation of hardware and software</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_anonymous_proxies">enisa:nefarious-activity-abuse="anonymous-proxies"</h4>
<div class="paragraph">
<p>enisa:Anonymous proxies</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_abuse_of_computing_power_of_cloud_to_launch_attacks_cybercrime_as_a_service">enisa:nefarious-activity-abuse="abuse-of-computing-power-of-cloud-to-launch-attacks-cybercrime-as-a-service)"</h4>
<div class="paragraph">
<p>enisa:Abuse of computing power of cloud to launch attacks (cybercrime as a service)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_abuse_of_vulnerabilities_0_day_vulnerabilities">enisa:nefarious-activity-abuse="abuse-of-vulnerabilities-0-day-vulnerabilities"</h4>
<div class="paragraph">
<p>enisa:Abuse of vulnerabilities, 0-day vulnerabilities</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_access_of_web_sites_through_chains_of_http_proxies_obfuscation">enisa:nefarious-activity-abuse="access-of-web-sites-through-chains-of-HTTP-Proxies-Obfuscation"</h4>
<div class="paragraph">
<p>enisa:Access of web sites through chains of HTTP Proxies (Obfuscation)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_access_to_device_software">enisa:nefarious-activity-abuse="access-to-device-software"</h4>
<div class="paragraph">
<p>enisa:Access to device software</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_alternation_of_software">enisa:nefarious-activity-abuse="alternation-of-software"</h4>
<div class="paragraph">
<p>enisa:Alternation of software</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_rogue_hardware">enisa:nefarious-activity-abuse="rogue-hardware"</h4>
<div class="paragraph">
<p>enisa:Rogue hardware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_manipulation_of_information">enisa:nefarious-activity-abuse="manipulation-of-information"</h4>
<div class="paragraph">
<p>enisa:Manipulation of information</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_repudiation_of_actions">enisa:nefarious-activity-abuse="repudiation-of-actions"</h4>
<div class="paragraph">
<p>enisa:Repudiation of actions</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_address_space_hijacking_ip_prefixes">enisa:nefarious-activity-abuse="address-space-hijacking-IP-prefixes"</h4>
<div class="paragraph">
<p>enisa:Address space hijacking (IP prefixes)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_routing_table_manipulation">enisa:nefarious-activity-abuse="routing-table-manipulation"</h4>
<div class="paragraph">
<p>enisa:Routing table manipulation</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_dns_poisoning_or_dns_spoofing_or_dns_manipulations">enisa:nefarious-activity-abuse="DNS-poisoning-or-DNS-spoofing-or-DNS-Manipulations"</h4>
<div class="paragraph">
<p>enisa:DNS poisoning / DNS spoofing / DNS Manipulations</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_falsification_of_record">enisa:nefarious-activity-abuse="falsification-of-record"</h4>
<div class="paragraph">
<p>enisa:Falsification of record</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_autonomous_system_hijacking">enisa:nefarious-activity-abuse="autonomous-system-hijacking"</h4>
<div class="paragraph">
<p>enisa:Autonomous System hijacking</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_autonomous_system_manipulation">enisa:nefarious-activity-abuse="autonomous-system-manipulation"</h4>
<div class="paragraph">
<p>enisa:Autonomous System manipulation</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_falsification_of_configurations">enisa:nefarious-activity-abuse="falsification-of-configurations"</h4>
<div class="paragraph">
<p>enisa:Falsification of configurations</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_misuse_of_audit_tools">enisa:nefarious-activity-abuse="misuse-of-audit-tools"</h4>
<div class="paragraph">
<p>enisa:Misuse of audit tools</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_misuse_of_information_or_information_systems_including_mobile_apps">enisa:nefarious-activity-abuse="misuse-of-information-or-information systems-including-mobile-apps"</h4>
<div class="paragraph">
<p>enisa:Misuse of information/ information systems (including mobile apps)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_unauthorized_activities">enisa:nefarious-activity-abuse="unauthorized-activities"</h4>
<div class="paragraph">
<p>enisa:Unauthorized activities</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_unauthorised_use_or_administration_of_devices_and_systems">enisa:nefarious-activity-abuse="Unauthorised-use-or-administration-of-devices-and-systems"</h4>
<div class="paragraph">
<p>enisa:Unauthorised use or administration of devices and systems</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_unauthorised_use_of_software">enisa:nefarious-activity-abuse="unauthorised-use-of-software"</h4>
<div class="paragraph">
<p>enisa:Unauthorised use of software</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_unauthorized_access_to_the_information_systems_or_networks_like_impi_protocol_dns_registrar_hijacking">enisa:nefarious-activity-abuse="unauthorized-access-to-the-information-systems-or-networks-like-IMPI-Protocol-DNS-Registrar-Hijacking)"</h4>
<div class="paragraph">
<p>enisa:Unauthorized access to the information systems-or-networks (IMPI Protocol / DNS Registrar Hijacking)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_network_intrusion">enisa:nefarious-activity-abuse="network-intrusion"</h4>
<div class="paragraph">
<p>enisa:Network Intrusion</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_unauthorized_changes_of_records">enisa:nefarious-activity-abuse="unauthorized-changes-of-records"</h4>
<div class="paragraph">
<p>enisa:Unauthorized changes of records</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_unauthorized_installation_of_software">enisa:nefarious-activity-abuse="unauthorized-installation-of-software"</h4>
<div class="paragraph">
<p>enisa:Unauthorized installation of software</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_web_based_attacks_drive_by_download_or_malicious_urls_or_browser_based_attacks">enisa:nefarious-activity-abuse="Web-based-attacks-drive-by-download-or-malicious-URLs-or-browser-based-attacks"</h4>
<div class="paragraph">
<p>enisa:Web based attacks (Drive-by download / malicious URLs / Browser based attacks)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_compromising_confidential_information_like_data_breaches">enisa:nefarious-activity-abuse="compromising-confidential-information-like-data-breaches"</h4>
<div class="paragraph">
<p>enisa:Compromising confidential information (data breaches)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_hoax">enisa:nefarious-activity-abuse="hoax"</h4>
<div class="paragraph">
<p>enisa:Hoax</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_false_rumour_and_or_fake_warning">enisa:nefarious-activity-abuse="false-rumour-and-or-fake-warning"</h4>
<div class="paragraph">
<p>enisa:False rumour and/or fake warning</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_remote_activity_execution">enisa:nefarious-activity-abuse="remote-activity-execution"</h4>
<div class="paragraph">
<p>enisa:Remote activity (execution)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_remote_command_execution">enisa:nefarious-activity-abuse="remote-command-execution"</h4>
<div class="paragraph">
<p>enisa:Remote Command Execution</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_remote_access_tool">enisa:nefarious-activity-abuse="remote-access-tool"</h4>
<div class="paragraph">
<p>enisa:Remote Access Tool (RAT)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_botnets_remote_activity">enisa:nefarious-activity-abuse="botnets-remote-activity"</h4>
<div class="paragraph">
<p>enisa:Botnets / Remote activity</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_targeted_attacks">enisa:nefarious-activity-abuse="targeted-attacks"</h4>
<div class="paragraph">
<p>enisa:Targeted attacks (APTs etc.)</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_mobile_malware_2">enisa:nefarious-activity-abuse="mobile-malware"</h4>
<div class="paragraph">
<p>enisa:Mobile malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_spear_phishing_attacks_2">enisa:nefarious-activity-abuse="spear-phishing-attacks"</h4>
<div class="paragraph">
<p>enisa:Spear phishing attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_installation_of_sophisticated_and_targeted_malware">enisa:nefarious-activity-abuse="installation-of-sophisticated-and-targeted-malware"</h4>
<div class="paragraph">
<p>enisa:Installation of sophisticated and targeted malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_watering_hole_attacks">enisa:nefarious-activity-abuse="watering-hole-attacks"</h4>
<div class="paragraph">
<p>enisa:Watering Hole attacks</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_failed_business_process">enisa:nefarious-activity-abuse="failed-business-process"</h4>
<div class="paragraph">
<p>enisa:Failed business process</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_brute_force">enisa:nefarious-activity-abuse="brute-force"</h4>
<div class="paragraph">
<p>enisa:Brute force</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_nefarious_activity_abuse_abuse_of_authorizations">enisa:nefarious-activity-abuse="abuse-of-authorizations"</h4>
<div class="paragraph">
<p>enisa:Abuse of authorizations</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_legal">legal</h3>
<div class="sect3">
<h4 id="_enisa_legal_violation_of_rules_and_regulations_breach_of_legislation">enisa:legal="violation-of-rules-and-regulations-breach-of-legislation"</h4>
<div class="paragraph">
<p>enisa:Violation of rules and regulations / Breach of legislation</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_legal_failure_to_meet_contractual_requirements">enisa:legal="failure-to-meet-contractual-requirements"</h4>
<div class="paragraph">
<p>enisa:Failure to meet contractual requirements</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_legal_failure_to_meet_contractual_requirements_by_third_party">enisa:legal="failure-to-meet-contractual-requirements-by-third-party"</h4>
<div class="paragraph">
<p>enisa:Failure to meet contractual requirements by third party</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_legal_unauthorized_use_of_ipr_protected_resources">enisa:legal="unauthorized-use-of-IPR-protected-resources"</h4>
<div class="paragraph">
<p>enisa:Unauthorized use of IPR protected resources</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_legal_illegal_usage_of_file_sharing_services">enisa:legal="illegal-usage-of-file-sharing-services"</h4>
<div class="paragraph">
<p>enisa:Illegal usage of File Sharing services</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_legal_abuse_of_personal_data">enisa:legal="abuse-of-personal-data"</h4>
<div class="paragraph">
<p>enisa:Abuse of personal data</p>
</div>
</div>
<div class="sect3">
<h4 id="_enisa_legal_judiciary_decisions_or_court_order">enisa:legal="judiciary-decisions-or-court-order"</h4>
<div class="paragraph">
<p>enisa:Judiciary decisions/court order</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_circl">circl</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
circl namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/circl/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection</p>
</div>
<div class="sect2">
<h3 id="_incident_classification">incident-classification</h3>
<div class="sect3">
<h4 id="_circl_incident_classification_spam">circl:incident-classification="spam"</h4>
<div class="paragraph">
<p>circl:Spam</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_system_compromise">circl:incident-classification="system-compromise"</h4>
<div class="paragraph">
<p>circl:System compromise</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_scan">circl:incident-classification="scan"</h4>
<div class="paragraph">
<p>circl:Scan</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_denial_of_service">circl:incident-classification="denial-of-service"</h4>
<div class="paragraph">
<p>circl:Denial of Service</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_copyright_issue">circl:incident-classification="copyright-issue"</h4>
<div class="paragraph">
<p>circl:Copyright issue</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_phishing">circl:incident-classification="phishing"</h4>
<div class="paragraph">
<p>circl:Phishing</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_malware">circl:incident-classification="malware"</h4>
<div class="paragraph">
<p>circl:Malware</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_xss">circl:incident-classification="XSS"</h4>
<div class="paragraph">
<p>circl:XSS</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_vulnerability">circl:incident-classification="vulnerability"</h4>
<div class="paragraph">
<p>circl:Vulnerability</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_fastflux">circl:incident-classification="fastflux"</h4>
<div class="paragraph">
<p>circl:Fastflux</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_sql_injection">circl:incident-classification="sql-injection"</h4>
<div class="paragraph">
<p>circl:SQL Injection</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_information_leak">circl:incident-classification="information-leak"</h4>
<div class="paragraph">
<p>circl:Information leak</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_incident_classification_scam">circl:incident-classification="scam"</h4>
<div class="paragraph">
<p>circl:Scam</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_topic">topic</h3>
<div class="sect3">
<h4 id="_circl_topic_finance">circl:topic="finance"</h4>
<div class="paragraph">
<p>circl:Finance</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_topic_ict">circl:topic="ict"</h4>
<div class="paragraph">
<p>circl:ICT</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_topic_individual">circl:topic="individual"</h4>
<div class="paragraph">
<p>circl:Individual</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_topic_industry">circl:topic="industry"</h4>
<div class="paragraph">
<p>circl:Industry</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_topic_medical">circl:topic="medical"</h4>
<div class="paragraph">
<p>circl:Medical</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_topic_services">circl:topic="services"</h4>
<div class="paragraph">
<p>circl:Services</p>
</div>
</div>
<div class="sect3">
<h4 id="_circl_topic_undefined">circl:topic="undefined"</h4>
<div class="paragraph">
<p>circl:Undefined</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_estimative_language">estimative-language</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
estimative-language namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/master/estimative-language/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203)</p>
</div>
<div class="sect2">
<h3 id="_likelihood_probability">likelihood-probability</h3>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_almost_no_chance">estimative-language:likelihood-probability="almost-no-chance"</h4>
<div class="paragraph">
<p>estimative-language:Almost no chance - remote - 01-05%</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_very_unlikely">estimative-language:likelihood-probability="very-unlikely"</h4>
<div class="paragraph">
<p>estimative-language:Very unlikely - highly improbable - 05-20%</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_unlikely">estimative-language:likelihood-probability="unlikely"</h4>
<div class="paragraph">
<p>estimative-language:Unlikely - improbable (improbably) - 20-45%</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_roughly_even_chance">estimative-language:likelihood-probability="roughly-even-chance"</h4>
<div class="paragraph">
<p>estimative-language:Roughly even change - roughly even odds - 45-55%</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_likely">estimative-language:likelihood-probability="likely"</h4>
<div class="paragraph">
<p>estimative-language:Likely - probable (probably) - 55-80%</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_very_likely">estimative-language:likelihood-probability="very-likely"</h4>
<div class="paragraph">
<p>estimative-language:Very likely - highly probable - 80-95%</p>
</div>
</div>
<div class="sect3">
<h4 id="_estimative_language_likelihood_probability_almost_certain">estimative-language:likelihood-probability="almost-certain"</h4>
<div class="paragraph">
<p>estimative-language:Almost certain(ly) - nearly certain - 95-99%</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="footer">
<div id="footer-text">
Last updated 2016-12-18 14:30:20 CET
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink