Permalink
Fetching contributors…
Cannot retrieve contributors at this time
2173 lines (2172 sloc) 75.9 KB
{
"security_incident": {
"Confirmed": "Yes - Confirmed",
"Suspected": "Suspected",
"Near miss": "Near miss (actions did not compromise asset)",
"False positive": "False positive (response triggered, but no incident)"
},
"confidence": {
"High": "High confidence",
"Medium": "Medium confidence",
"Low": "Low confidence",
"None": "No confidence"
},
"timeline": {
"compromise": {
"unit": {
"Seconds": "Seconds",
"Minutes": "Minutes",
"Hours": "Hours",
"Days": "Days",
"Weeks": "Weeks",
"Months": "Months",
"Years": "Years",
"Never": "Never",
"NA": "Compromise does not apply in the context of the security event.",
"Unknown": "Unknown"
}
},
"exfiltration": {
"unit": {
"Seconds": "Seconds",
"Minutes": "Minutes",
"Hours": "Hours",
"Days": "Days",
"Weeks": "Weeks",
"Months": "Months",
"Years": "Years",
"Never": "Never",
"NA": "Exfiltration does not apply in the context of the security event.",
"Unknown": "Unknown"
}
},
"discovery": {
"unit": {
"Seconds": "Seconds",
"Minutes": "Minutes",
"Hours": "Hours",
"Days": "Days",
"Weeks": "Weeks",
"Months": "Months",
"Years": "Years",
"Never": "Never",
"NA": "Discovery does not apply in the context of the security event.",
"Unknown": "Unknown"
}
},
"containment": {
"unit": {
"Seconds": "Seconds",
"Minutes": "Minutes",
"Hours": "Hours",
"Days": "Days",
"Weeks": "Weeks",
"Months": "Months",
"Years": "Years",
"Never": "Never",
"NA": "Containment does not apply in the context of the security event.",
"Unknown": "Unknown"
}
}
},
"victim": {
"employee_count": {
"Small": "Small organizations (1,000 employees or less)",
"1 to 10": "1 to 10 employees",
"11 to 100": "11 to 100 employees",
"101 to 1000": "101 to 1,000 employees",
"Large": "Large organizations (over 1,000 employees)",
"1001 to 10000": "1,001 to 10,000 employees",
"10001 to 25000": "10,001 to 25,000 employees",
"25001 to 50000": "25,001 to 50,000 employees",
"50001 to 100000": "50,001 to 100,000 employees",
"Over 100000": "Over 100,0001 employees",
"Unknown": "Unknown number of employees"
},
"country": {
"Unknown": "Unknown",
"AD": "Andorra",
"AE": "United Arab Emirates",
"AF": "Afghanistan",
"AG": "Antigua and Barbuda",
"AI": "Anguilla",
"AL": "Albania",
"AM": "Armenia",
"AO": "Angola",
"AQ": "Antarctica",
"AR": "Argentina",
"AS": "American Samoa",
"AT": "Austria",
"AU": "Australia",
"AW": "Aruba",
"AX": "Aland Islands",
"AZ": "Azerbaijan",
"BA": "Bosnia and Herzegovina",
"BB": "Barbados",
"BD": "Bangladesh",
"BE": "Belgium",
"BF": "Burkina Faso",
"BG": "Bulgaria",
"BH": "Bahrain",
"BI": "Burundi",
"BJ": "Benin",
"BL": "Saint-Barthelemy",
"BM": "Bermuda",
"BN": "Brunei Darussalam",
"BO": "Bolivia",
"BQ": "Bonaire, Saint Eustatius and Saba",
"BR": "Brazil",
"BS": "Bahamas",
"BT": "Bhutan",
"BV": "Bouvet Island",
"BW": "Botswana",
"BY": "Belarus",
"BZ": "Belize",
"CA": "Canada",
"CC": "Cocos (Keeling) Islands",
"CD": "Congo, Democratic Republic of the",
"CF": "Central African Republic",
"CG": "Congo",
"CH": "Switzerland",
"CI": "Cote d'Ivoire",
"CK": "Cook Islands",
"CL": "Chile",
"CM": "Cameroon",
"CN": "China",
"CO": "Colombia",
"CR": "Costa Rica",
"CU": "Cuba",
"CV": "Cape Verde",
"CW": "Curacao",
"CX": "Christmas Island",
"CY": "Cyprus",
"CZ": "Czech Republic",
"DE": "Germany",
"DJ": "Djibouti",
"DK": "Denmark",
"DM": "Dominica",
"DO": "Dominican Republic",
"DZ": "Algeria",
"EC": "Ecuador",
"EE": "Estonia",
"EG": "Egypt",
"EH": "Western Sahara",
"ER": "Eritrea",
"ES": "Spain",
"ET": "Ethiopia",
"FI": "Finland",
"FJ": "Fiji",
"FK": "Faeroe Islands",
"FM": "Micronesia (Federated States of)",
"FO": "Falkland Islands (Malvinas)",
"FR": "France",
"GA": "Gabon",
"GB": "United Kingdom",
"GD": "Grenada",
"GE": "Georgia",
"GF": "French Guiana",
"GG": "Guernsey",
"GH": "Ghana",
"GI": "Gibraltar",
"GL": "Greenland",
"GM": "Gambia",
"GN": "Guinea",
"GP": "Guadeloupe",
"GQ": "Equatorial Guinea",
"GR": "Greece",
"GS": "South Georgia and the South Sandwich Islands",
"GT": "Guatemala",
"GU": "Guam",
"GW": "Guinea-Bissau",
"GY": "Guyana",
"HK": "Hong Kong",
"HM": "Heard Island and McDonal Islands",
"HN": "Honduras",
"HR": "Croatia",
"HT": "Haiti",
"HU": "Hungary",
"ID": "Indonesia",
"IE": "Ireland",
"IL": "Israel",
"IM": "Isle of Man",
"IN": "India",
"IO": "British Virgin Islands",
"IQ": "Iraq",
"IR": "Iran (Islamic Republic of)",
"IS": "Iceland",
"IT": "Italy",
"JE": "Jersey",
"JM": "Jamaica",
"JO": "Jordan",
"JP": "Japan",
"KE": "Kenya",
"KG": "Kyrgyzstan",
"KH": "Cambodia",
"KI": "Kiribati",
"KM": "Comoros",
"KN": "Saint Kitts and Nevis",
"KP": "Korea, Democratic People's Republic of",
"KR": "Korea, Republic of",
"KW": "Kuwait",
"KY": "Cayman Islands",
"KZ": "Kazakhstan",
"LA": "Lao People's Democratic Republic",
"LB": "Lebanon",
"LC": "Saint Lucia",
"LI": "Liechtenstein",
"LK": "Sri Lanka",
"LR": "Liberia",
"LS": "Lesotho",
"LT": "Lithuania",
"LU": "Luxembourg",
"LV": "Latvia",
"LY": "Libya",
"MA": "Morocco",
"MC": "Monaco",
"MD": "Moldova, Republic of",
"ME": "Montenegro",
"MF": "Saint Martin (French part)",
"MG": "Madagascar",
"MH": "Marshall Islands",
"MK": "Macedonia, The former Yugoslav Republic of",
"ML": "Mali",
"MM": "Myanmar",
"MN": "Mongolia",
"MO": "Macao",
"MP": "Northern Mariana Islands",
"MQ": "Martinique",
"MR": "Mauritania",
"MS": "Montserrat",
"MT": "Malta",
"MU": "Mauritius",
"MV": "Maldives",
"MW": "Malawi",
"MX": "Mexico",
"MY": "Malaysia",
"MZ": "Mozambique",
"NA": "Namibia",
"NC": "New Caledonia",
"NE": "Niger",
"NF": "Norfolk Island",
"NG": "Nigeria",
"NI": "Nicaragua",
"NL": "Netherlands",
"NO": "Norway",
"NP": "Nepal",
"NR": "Nauru",
"NU": "Niue",
"NZ": "New Zealand",
"OM": "Oman",
"PA": "Panama",
"PE": "Peru",
"PF": "French Polynesia",
"PG": "Papua New Guinea",
"PH": "Philippines",
"PK": "Pakistan",
"PL": "Poland",
"PM": "Saint Pierre and Miquelon",
"PN": "Pitcairn",
"PR": "Puerto Rico",
"PS": "Palestinian Territory, Occupied",
"PT": "Portugal",
"PW": "Palau",
"PY": "Paraguay",
"QA": "Qatar",
"RE": "Reunion",
"RO": "Romania",
"RS": "Serbia",
"RU": "Russian Federation",
"RW": "Rwanda",
"SA": "Saudi Arabia",
"SB": "Solomon Islands",
"SC": "Seychelles",
"SD": "Sudan",
"SE": "Sweden",
"SG": "Singapore",
"SH": "Saint Helena",
"SI": "Slovenia",
"SJ": "Svalbard and Jan Mayen Islands",
"SK": "Slovakia",
"SL": "Sierra Leone",
"SM": "San Marino",
"SN": "Senegal",
"SO": "Somalia",
"SR": "Suriname",
"SS": "South Sudan",
"ST": "Sao Tome and Principe",
"SV": "El Salvador",
"SX": "Sint Maarten (Dutch part)",
"SY": "Syrian Arab Republic",
"SZ": "Swaziland",
"TC": "Turks and Caicos Islands",
"TD": "Chad",
"TF": "French Southern Territories",
"TG": "Togo",
"TH": "Thailand",
"TJ": "Tajikistan",
"TK": "Tokelau",
"TL": "Timor-Leste",
"TM": "Turkmenistan",
"TN": "Tunisia",
"TO": "Tonga",
"TR": "Turkey",
"TT": "Trinidad and Tobago",
"TV": "Tuvalu",
"TW": "Taiwan, Province of China",
"TZ": "Tanzania, United Republic of",
"UA": "Ukraine",
"UG": "Uganda",
"UM": "United States Minor Outlying Islands",
"US": "United States of America",
"UY": "Uruguay",
"UZ": "Uzbekistan",
"VA": "Holy See",
"VC": "Saint Vincent and the Grenadines",
"VE": "Venezuela (Bolivarian Republic of)",
"VG": "British Virgin Islands",
"VI": "United States Virgin Islands",
"VN": "Viet Nam",
"VU": "Vanuatu",
"WF": "Wallis and Futuna Islands",
"WS": "Samoa",
"YE": "Yemen",
"YT": "Mayotte",
"ZA": "South Africa",
"ZM": "Zambia",
"ZW": "Zimbabwe",
"Other": "Other"
},
"revenue": {
"iso_currency_code": {
"AED": "AED - UAE Dirham",
"AFN": "AFN - Afghani",
"ALL": "ALL - Lek",
"AMD": "AMD - Armenian Dram",
"ANG": "ANG - Netherlands Antillean Guilder",
"AOA": "AOA - Kwanza",
"ARS": "ARS - Argentine Peso",
"AUD": "AUD - Australian Dollar",
"AWG": "AWG - Aruban Florin",
"AZN": "AZN - Azerbaijanian Manat",
"BAM": "BAM - Convertible Mark",
"BBD": "BBD - Barbados Dollar",
"BDT": "BDT - Taka",
"BGN": "BGN - Bulgarian Lev",
"BHD": "BHD - Bahraini Dinar",
"BIF": "BIF - Burundi Franc",
"BMD": "BMD - Bermudian Dollar",
"BND": "BND - Brunei Dollar",
"BOB": "BOB - Boliviano",
"BRL": "BRL - Brazilian Real",
"BSD": "BSD - Bahamian Dollar",
"BTN": "BTN - Ngultrum",
"BWP": "BWP - Pula",
"BYR": "BYR - Belarussian Ruble",
"BZD": "BZD - Belize Dollar",
"CAD": "CAD - Canadian Dollar",
"CDF": "CDF - Congolese Franc",
"CHF": "CHF - Swiss Franc",
"CLP": "CLP - Chilean Peso",
"CNY": "CNY - Yuan Renminbi",
"COP": "COP - Colombian Peso",
"CRC": "CRC - Costa Rican Colon",
"CUC": "CUC - Peso Convertible",
"CUP": "CUP - Cuban Peso",
"CVE": "CVE - Cape Verde Escudo",
"CZK": "CZK - Czech Koruna",
"DJF": "DJF - Djibouti Franc",
"DKK": "DKK - Danish Krone",
"DOP": "DOP - Dominican Peso",
"DZD": "DZD - Algerian Dinar",
"EGP": "EGP - Egyptian Pound",
"ERN": "ERN - Nakfa",
"ETB": "ETB - Ethiopian Birr",
"EUR": "EUR - Euro",
"FJD": "FJD - Fiji Dollar",
"FKP": "FKP - Falkland Islands Pound",
"GBP": "GBP - Pound Sterling",
"GEL": "GEL - Lari",
"GGP": "GGP - Guernsey pound",
"GHS": "GHS - Ghana Cedi",
"GIP": "GIP - Gibraltar Pound",
"GMD": "GMD - Dalasi",
"GNF": "GNF - Guinea Franc",
"GTQ": "GTQ - Quetzal",
"GYD": "GYD - Guyana Dollar",
"HKD": "HKD - Hong Kong Dollar",
"HNL": "HNL - Lempira",
"HRK": "HRK - Croatian Kuna",
"HTG": "HTG - Gourde",
"HUF": "HUF - Forint",
"IDR": "IDR - Rupiah",
"ILS": "ILS - New Israeli Sheqel",
"IMP": "IMP - Isle of Man Pound",
"INR": "INR - Indian Rupee",
"IQD": "IQD - Iraqi Dinar",
"IRR": "IRR - Iranian Rial",
"ISK": "ISK - Iceland Krona",
"JEP": "JEP - Jersey pound",
"JMD": "JMD - Jamaican Dollar",
"JOD": "JOD - Jordanian Dinar",
"JPY": "JPY - Yen",
"KES": "KES - Kenyan Shilling",
"KGS": "KGS - Som",
"KHR": "KHR - Riel",
"KMF": "KMF - Comoro Franc",
"KPW": "KPW - North Korean Won",
"KRW": "KRW - South Korean Won",
"KWD": "KWD - Kuwaiti Dinar",
"KYD": "KYD - Cayman Islands Dollar",
"KZT": "KZT - Tenge",
"LAK": "LAK - Kip",
"LBP": "LBP - Lebanese Pound",
"LKR": "LKR - Sri Lanka Rupee",
"LRD": "LRD - Liberian Dollar",
"LSL": "LSL - Loti",
"LTL": "LTL - Lithuanian Litas",
"LVL": "LVL - Latvian Lats",
"LYD": "LYD - Libyan Dinar",
"MAD": "MAD - Moroccan Dirham",
"MDL": "MDL - Moldovan Leu",
"MGA": "MGA - Malagasy Ariary",
"MKD": "MKD - Denar",
"MMK": "MMK - Kyat",
"MNT": "MNT - Tugrik",
"MOP": "MOP - Pataca",
"MRO": "MRO - Ouguiya",
"MUR": "MUR - Mauritius Rupee",
"MVR": "MVR - Rufiyaa",
"MWK": "MWK - Kwacha",
"MXN": "MXN - Mexican Peso",
"MYR": "MYR - Malaysian Ringgit",
"MZN": "MZN - Mozambique Metical",
"NAD": "NAD - Namibia Dollar",
"NGN": "NGN - Naira",
"NIO": "NIO - Cordoba Oro",
"NOK": "NOK - Norwegian Krone",
"NPR": "NPR - Nepalese Rupee",
"NZD": "NZD - New Zealand Dollar",
"OMR": "OMR - Rial Omani",
"PAB": "PAB - Balboa",
"PEN": "PEN - Nuevo Sol",
"PGK": "PGK - Kina",
"PHP": "PHP - Philippine Peso",
"PKR": "PKR - Pakistan Rupee",
"PLN": "PLN - Zloty",
"PYG": "PYG - Guarani",
"QAR": "QAR - Qatari Rial",
"RON": "RON - New Romanian Leu",
"RSD": "RSD - Serbian Dinar",
"RUB": "RUB - Russian Ruble",
"RWF": "RWF - Rwanda Franc",
"SAR": "SAR - Saudi Riyal",
"SBD": "SBD - Solomon Islands Dollar",
"SCR": "SCR - Seychelles Rupee",
"SDG": "SDG - Sudanese Pound",
"SEK": "SEK - Swedish Krona",
"SGD": "SGD - Singapore Dollar",
"SHP": "SHP - Saint Helena Pound",
"SLL": "SLL - Leone",
"SOS": "SOS - Somali Shilling",
"SPL": "SPL - Seborga Luigino",
"SRD": "SRD - Surinam Dollar",
"STD": "STD - Dobra",
"SVC": "SVC - El Salvador Colon",
"SYP": "SYP - Syrian Pound",
"SZL": "SZL - Lilangeni",
"THB": "THB - Baht",
"TJS": "TJS - Somoni",
"TMT": "TMT - Turkmenistan New Manat",
"TND": "TND - Tunisian Dinar",
"TOP": "TOP - Pa'anga",
"TRY": "TRY - Turkish Lira",
"TTD": "TTD - Trinidad and Tobago Dollar",
"TVD": "TVD - Tuvalu Dollar",
"TWD": "TWD - New Taiwan Dollar",
"TZS": "TZS - Tanzanian Shilling",
"UAH": "UAH - Hryvnia",
"UGX": "UGX - Uganda Shilling",
"USD": "USD - US Dollar",
"UYU": "UYU - Peso Uruguayo",
"UZS": "UZS - Uzbekistan Sum",
"VEF": "VEF - Bolivar ",
"VND": "VND - Dong",
"VUV": "VUV - Vatu",
"WST": "WST - Tala",
"XAF": "XAF - CFA Franc BEAC",
"XCD": "XCD - East Caribbean Dollar",
"XDR": "XDR - SDR (Special Drawing Right)",
"XOF": "XOF - CFA Franc BCEAO",
"XPF": "XPF - CFP Franc",
"YER": "YER - Yemeni Rial",
"ZAR": "ZAR - South African Rand",
"ZMK": "ZMK - Zambian Kwacha",
"ZWD": "ZWD - Zimbabwean Dollar A/06"
}
}
},
"action": {
"hacking": {
"variety": {
"Abuse of functionality": "Abuse of functionality",
"Brute force": "Brute force or password guessing attacks",
"Buffer overflow": "Buffer overflow",
"Cache poisoning": "Cache poisoning",
"Cryptanalysis": "Cryptanalysis",
"CSRF": "Cross-site request forgery",
"DoS": "Denial of service",
"Footprinting": "Footprinting and fingerprinting",
"Forced browsing": "Forced browsing or predictable resource location",
"Format string attack": "Format string attack",
"Fuzz testing": "Fuzz testing",
"HTTP request smuggling": "HTTP request smuggling",
"HTTP request splitting": "HTTP request splitting",
"HTTP response smuggling": "HTTP response smuggling",
"HTTP Response Splitting": "HTTP Response Splitting",
"Integer overflows": "Integer overflows",
"LDAP injection": "LDAP injection",
"Mail command injection": "Mail command injection",
"MitM": "Man-in-the-middle attack",
"Null byte injection": "Null byte injection",
"Offline cracking": "Offline password or key cracking (e.g., rainbow tables, Hashcat, JtR)",
"OS commanding": "OS commanding",
"Pass-the-hash": "Pass-the-hash",
"Path traversal": "Path traversal",
"Reverse engineering": "Reverse engineering",
"RFI": "Remote file inclusion",
"Routing detour": "Routing detour",
"Session fixation": "Session fixation",
"Session prediction": "Credential or session prediction",
"Session replay": "Session replay",
"Soap array abuse": "Soap array abuse",
"Special element injection": "Special element injection",
"SQLi": "SQL injection",
"SSI injection": "SSI injection",
"URL redirector abuse": "URL redirector abuse",
"Use of backdoor or C2": "Use of Backdoor or C2 channel",
"Use of stolen creds": "Use of stolen authentication credentials",
"Virtual machine escape": "Virtual machine escape",
"XML attribute blowup": "XML attribute blowup",
"XML entity expansion": "XML entity expansion",
"XML external entities": "XML external entities",
"XML injection": "XML injection",
"XPath injection": "XPath injection",
"XQuery injection": "XQuery injection",
"XSS": "Cross-site scripting",
"Other": "Other",
"Unknown": "Unknown"
},
"vector": {
"3rd party desktop": "3rd party online desktop sharing (LogMeIn, Go2Assist)",
"Backdoor or C2": "Backdoor or command and control channel",
"Command shell": "Remote shell",
"Desktop sharing": "Graphical desktop sharing (RDP, VNC, PCAnywhere, Citrix)",
"Desktop sharing software": "Superset of 'Desktop sharing' and '3rd party desktop'. Please use in place of the other two",
"Other": "Other",
"Partner": "Partner connection or credential",
"Physical access": "Physical access or connection (i.e., at keyboard or via cable) ",
"VPN": "VPN",
"Web application": "Web application",
"Unknown": "Unknown"
},
"result": {
"Infiltrate": "The hacking action infiltrated the victim",
"Exfiltrate": "The hacking action exfiltrated data from the victim",
"Elevate": "The hacking action resulted in additional permissions"
}
},
"malware": {
"variety": {
"Adminware": "System or network utilities (e.g., PsTools, Netcat)",
"Adware": "Adware",
"Backdoor": "Backdoor (enable remote access)",
"Brute force": "Brute force attack",
"C2": "Command and control (C2)",
"Capture app data": "Capture data from application or system process",
"Capture stored data": "Capture data stored on system disk",
"Click fraud": "Click fraud or Bitcoin mining",
"Client-side attack": "Client-side or browser attack (e.g., redirection, XSS, MitB)",
"Destroy data": "Destroy or corrupt stored data",
"Modify data": "Malware which compromises a legitimate file rather than creating new filess",
"Disable controls": "Disable or interfere with security controls",
"DoS": "DoS attack",
"Downloader": "Downloader (pull updates or other malware) ",
"Exploit vuln": "Exploit vulnerability in code (vs misconfig or weakness)",
"Export data": "Export data to another site or system",
"Packet sniffer": "Packet sniffer (capture data from network)",
"Password dumper": "Password dumper (extract credential hashes)",
"Ram scraper": "Ram scraper or memory parser (capture data from volatile memory)",
"Ransomware": "Ransomware (encrypt or seize stored data)",
"Rootkit": "Rootkit (maintain local privileges and stealth)",
"Scan network": "Scan or footprint network",
"Spam": "Send spam",
"Spyware/Keylogger": "Spyware, keylogger or form-grabber (capture user input or activity)",
"SQL injection": "SQL injection attack",
"Worm": "Worm (propagate to other systems or devices)",
"Other": "Other",
"Unknown": "Unknown"
},
"vector": {
"Direct install": "Directly installed or inserted by threat agent (after system access)",
"Download by malware": "Downloaded and installed by local malware",
"Email attachment": "Email via user-executed attachment",
"Email autoexecute": "Email via automatic execution",
"Email link": "Email via embedded link",
"Email unknown": "Email but sub-variety (attachment, autoexecute, link, etc) not known",
"Instant messaging": "Instant Messaging",
"Network propagation": "Network propagation",
"Remote injection": "Remotely injected by agent (i.e. via SQLi)",
"Removable media": "Removable storage media or devices",
"Software update": "Included in automated software update",
"Web download": "Web via user-executed or downloaded content",
"Web drive-by": "Web via auto-executed or \"drive-by\" infection",
"Other": "Other",
"Unknown": "Unknown"
},
"result": {
"Infiltrate": "The malware action infiltrated the victim",
"Exfiltrate": "The malware action exfiltrated data from the victim",
"Elevate": "The malware action resulted in additional permissions"
}
},
"social": {
"variety": {
"Baiting": "Baiting (planting infected media)",
"Bribery": "Bribery or solicitation",
"Elicitation": "Elicitation (subtle extraction of info through conversation)",
"Extortion": "Extortion or blackmail",
"Forgery": "Forgery or counterfeiting (fake hardware, software, documents, etc)",
"Influence": "Influence tactics (Leveraging authority or obligation, framing, etc)",
"Phishing": "Phishing (or any type of *ishing)",
"Pretexting": "Pretexting (dialogue leveraging invented scenario)",
"Propaganda": "Propaganda or disinformation",
"Scam": "Online scam or hoax (e.g., scareware, 419 scam, auction fraud)",
"Spam": "Spam (unsolicited or undesired email and advertisements)",
"Other": "Other",
"Unknown": "Unknown"
},
"vector": {
"Documents": "Documents",
"Email": "Email",
"IM": "Instant messaging",
"In-person": "In-person",
"Phone": "Phone",
"Removable media": "Removable storage media",
"SMS": "SMS or texting",
"Social media": "Social media or networking",
"Software": "Software",
"Website": "Website",
"Other": "Other",
"Unknown": "Unknown"
},
"target": {
"Auditor": "Auditor",
"Call center": "Call center staff",
"Cashier": "Cashier, teller or waiter",
"Customer": "Customer (B2C)",
"Developer": "Software developer",
"End-user": "End-user or regular employee",
"Executive": "Executive or upper management",
"Finance": "Finance or accounting staff",
"Former employee": "Former employee",
"Guard": "Security guard",
"Helpdesk": "Helpdesk staff",
"Human resources": "Human resources staff",
"Maintenance": "Maintenance or janitorial staff",
"Manager": "Manager or supervisor",
"Partner": "Partner (B2B)",
"System admin": "System or network administrator",
"Other": "Other",
"Unknown": "Unknown"
},
"result": {
"Infiltrate": "The social action infiltrated the victim",
"Exfiltrate": "The social action exfiltrated data from the victim",
"Elevate": "The social action resulted in additional permissions"
}
},
"error": {
"variety": {
"Capacity shortage": "Poor capacity planning",
"Classification error": "Classification or labeling error",
"Data entry error": "Data entry error",
"Disposal error": "Disposal error",
"Gaffe": "Gaffe (social or verbal slip)",
"Loss": "Loss or misplacement",
"Maintenance error": "Maintenance error",
"Malfunction": "Technical malfunction or glitch",
"Misconfiguration": "Misconfiguration",
"Misdelivery": "Misdelivery (send wrong info or to wrong recipient)",
"Misinformation": "Misinformation (unintentionally giving false info)",
"Omission": "Omission (something intended, but not done)",
"Physical accidents": "Physical accidents (e.g., drops, bumps, spills)",
"Programming error": "Programming error (flaws or bugs in custom code)",
"Publishing error": "Publishing error (private info to public doc or site)",
"Other": "Other",
"Unknown": "Unknown"
},
"vector": {
"Carelessness": "Carelessness",
"Inadequate personnel": "Inadequate or insufficient personnel",
"Inadequate processes": "Inadequate or insufficient processes",
"Inadequate technology": "Inadequate or insufficient technology resources",
"Other": "Other",
"Random error": "Random error (no reason, no fault)",
"Unknown": "Unknown"
}
},
"misuse": {
"variety": {
"Data mishandling": "Handling of data in an unapproved manner",
"Email misuse": "Inappropriate use of email or IM",
"Illicit content": "Storage or distribution of illicit content",
"Knowledge abuse": "Abuse of private or entrusted knowledge",
"Net misuse": "Inappropriate use of network or Web access",
"Possession abuse": "Abuse of physical access to asset",
"Privilege abuse": "Abuse of system access privileges",
"Unapproved hardware": "Use of unapproved hardware or devices",
"Unapproved software": "Use of unapproved software or services",
"Unapproved workaround": "Unapproved workaround or shortcut",
"Other": " Other",
"Unknown": "Unknown"
},
"vector": {
"LAN access": "Local network access within corporate facility",
"Non-corporate": "Non-corporate facilities or networks",
"Physical access": "Physical access within corporate facility",
"Remote access": "Remote access connection to corporate network (i.e. VPN)",
"Other": "Other",
"Unknown": "Unknown"
},
"result": {
"Infiltrate": "The misuse action infiltrated the victim",
"Exfiltrate": "The misuse action exfiltrated data from the victim",
"Elevate": "The misuse action resulted in additional permissions"
}
},
"physical": {
"variety": {
"Assault": "Assault (threats or acts of physical violence)",
"Bypassed controls": "Bypassed physical barriers or controls",
"Connection": "Connection",
"Destruction": "Destruction (deliberate damaging or disabling)",
"Disabled controls": "Disabled physical barriers or controls",
"Skimmer": "Installing card skimming device",
"Snooping": "Snooping (sneak about to gain info or access)",
"Surveillance": "Surveillance (monitoring and observation)",
"Tampering": "Tampering (alter physical form or function)",
"Theft": "Theft (taking assets without permission)",
"Wiretapping": "Wiretapping (Physical tap to comms line)",
"Other": "Other",
"Unknown": "Unknown"
},
"vector": {
"Partner facility": "Partner facility or area",
"Partner vehicle": "Partner vehicle (e.g., delivery truck)",
"Personal residence": "Personal residence",
"Personal vehicle": "Personal vehicle",
"Privileged access": "Held privileged access to location",
"Public facility": "Public facility or area",
"Public vehicle": "Public vehicle (e.g., plane, taxi)",
"Uncontrolled location": "The location was uncontrolled (public)",
"Victim grounds": "Victim outdoor grounds",
"Victim public area": "Victim public or customer area (e.g., lobby, storefront)",
"Victim secure area": "Victim high security area (e.g., server room, R&D labs)",
"Victim work area": "Victim private or work area (e.g., office space)",
"Visitor privileges": "Given temporary visitor access",
"Unknown": "Unknown",
"Other": "Other"
},
"result": {
"Infiltrate": "The physical action infiltrated the victim",
"Exfiltrate": "The physical action exfiltrated data from the victim",
"Elevate": "The physical action resulted in additional permissions"
}
},
"environmental": {
"variety": {
"Deterioration": "Deterioration and degradation",
"Earthquake": "Earthquake",
"EMI": "Electromagnetic interference (EMI)",
"ESD": "Electrostatic discharge (ESD)",
"Fire": "Fire",
"Flood": "Flood",
"Hazmat": "Hazardous material",
"Humidity": "Humidity",
"Hurricane": "Hurricane",
"Ice": "Ice and snow",
"Landslide": "Landslide",
"Leak": "Water leak",
"Lightning": "Lightning",
"Meteorite": "Meteorite",
"Particulates": "Particulate matter (e.g., dust, smoke)",
"Pathogen": "Pathogen",
"Power failure": "Power failure or fluctuation",
"Temperature": "Extreme temperature",
"Tornado": "Tornado",
"Tsunami": "Tsunami",
"Vermin": "Vermin",
"Volcano": "Volcanic eruption",
"Wind": "Wind",
"Other": "Other",
"Unknown": "Unknown"
}
},
"unknown": {
"result": {
"Infiltrate": "The hacking action infiltrated the victim",
"Exfiltrate": "The hacking action exfiltrated data from the victim",
"Elevate": "The hacking action resulted in additional permissions"
}
}
},
"actor": {
"external": {
"variety": {
"Acquaintance": "Relative or acquaintance of employee",
"Activist": "Activist group",
"Auditor": "Auditor",
"Competitor": "Competitor",
"Customer": "Customer (B2C)",
"Force majeure": "Force majeure (nature and chance)",
"Former employee": "Former employee (no longer had access)",
"Nation-state": "Nation-state",
"Organized crime": "Organized or professional criminal group",
"State-affiliated": "State-sponsored or affiliated group",
"Terrorist": "Terrorist group",
"Unaffiliated": "Unaffiliated person(s)",
"Other": "Other",
"Unknown": "Unknown"
},
"motive": {
"Convenience": "Convenience of expediency",
"Espionage": "Espionage or competitive advantage",
"Fear": "Fear or duress",
"Financial": "Financial or personal gain",
"Fun": "Fun, curiosity, or pride",
"Grudge": "Grudge or personal offense",
"Ideology": "Ideology or protest",
"NA": "Not Applicable (unintentional action)",
"Secondary": "Aid in a different attack",
"Other": "Other",
"Unknown": "Unknown"
},
"country": {
"Unknown": "Unknown",
"AD": "Andorra",
"AE": "United Arab Emirates",
"AF": "Afghanistan",
"AG": "Antigua and Barbuda",
"AI": "Anguilla",
"AL": "Albania",
"AM": "Armenia",
"AO": "Angola",
"AQ": "Antarctica",
"AR": "Argentina",
"AS": "American Samoa",
"AT": "Austria",
"AU": "Australia",
"AW": "Aruba",
"AX": "Aland Islands",
"AZ": "Azerbaijan",
"BA": "Bosnia and Herzegovina",
"BB": "Barbados",
"BD": "Bangladesh",
"BE": "Belgium",
"BF": "Burkina Faso",
"BG": "Bulgaria",
"BH": "Bahrain",
"BI": "Burundi",
"BJ": "Benin",
"BL": "Saint-Barthelemy",
"BM": "Bermuda",
"BN": "Brunei Darussalam",
"BO": "Bolivia",
"BQ": "Bonaire, Saint Eustatius and Saba",
"BR": "Brazil",
"BS": "Bahamas",
"BT": "Bhutan",
"BV": "Bouvet Island",
"BW": "Botswana",
"BY": "Belarus",
"BZ": "Belize",
"CA": "Canada",
"CC": "Cocos (Keeling) Islands",
"CD": "Congo, Democratic Republic of the",
"CF": "Central African Republic",
"CG": "Congo",
"CH": "Switzerland",
"CI": "Cote d'Ivoire",
"CK": "Cook Islands",
"CL": "Chile",
"CM": "Cameroon",
"CN": "China",
"CO": "Colombia",
"CR": "Costa Rica",
"CU": "Cuba",
"CV": "Cape Verde",
"CW": "Curacao",
"CX": "Christmas Island",
"CY": "Cyprus",
"CZ": "Czech Republic",
"DE": "Germany",
"DJ": "Djibouti",
"DK": "Denmark",
"DM": "Dominica",
"DO": "Dominican Republic",
"DZ": "Algeria",
"EC": "Ecuador",
"EE": "Estonia",
"EG": "Egypt",
"EH": "Western Sahara",
"ER": "Eritrea",
"ES": "Spain",
"ET": "Ethiopia",
"FI": "Finland",
"FJ": "Fiji",
"FK": "Faeroe Islands",
"FM": "Micronesia (Federated States of)",
"FO": "Falkland Islands (Malvinas)",
"FR": "France",
"GA": "Gabon",
"GB": "United Kingdom",
"GD": "Grenada",
"GE": "Georgia",
"GF": "French Guiana",
"GG": "Guernsey",
"GH": "Ghana",
"GI": "Gibraltar",
"GL": "Greenland",
"GM": "Gambia",
"GN": "Guinea",
"GP": "Guadeloupe",
"GQ": "Equatorial Guinea",
"GR": "Greece",
"GS": "South Georgia and the South Sandwich Islands",
"GT": "Guatemala",
"GU": "Guam",
"GW": "Guinea-Bissau",
"GY": "Guyana",
"HK": "Hong Kong",
"HM": "Heard Island and McDonal Islands",
"HN": "Honduras",
"HR": "Croatia",
"HT": "Haiti",
"HU": "Hungary",
"ID": "Indonesia",
"IE": "Ireland",
"IL": "Israel",
"IM": "Isle of Man",
"IN": "India",
"IO": "British Virgin Islands",
"IQ": "Iraq",
"IR": "Iran (Islamic Republic of)",
"IS": "Iceland",
"IT": "Italy",
"JE": "Jersey",
"JM": "Jamaica",
"JO": "Jordan",
"JP": "Japan",
"KE": "Kenya",
"KG": "Kyrgyzstan",
"KH": "Cambodia",
"KI": "Kiribati",
"KM": "Comoros",
"KN": "Saint Kitts and Nevis",
"KP": "Korea, Democratic People's Republic of",
"KR": "Korea, Republic of",
"KW": "Kuwait",
"KY": "Cayman Islands",
"KZ": "Kazakhstan",
"LA": "Lao People's Democratic Republic",
"LB": "Lebanon",
"LC": "Saint Lucia",
"LI": "Liechtenstein",
"LK": "Sri Lanka",
"LR": "Liberia",
"LS": "Lesotho",
"LT": "Lithuania",
"LU": "Luxembourg",
"LV": "Latvia",
"LY": "Libya",
"MA": "Morocco",
"MC": "Monaco",
"MD": "Moldova, Republic of",
"ME": "Montenegro",
"MF": "Saint Martin (French part)",
"MG": "Madagascar",
"MH": "Marshall Islands",
"MK": "Macedonia, The former Yugoslav Republic of",
"ML": "Mali",
"MM": "Myanmar",
"MN": "Mongolia",
"MO": "Macao",
"MP": "Northern Mariana Islands",
"MQ": "Martinique",
"MR": "Mauritania",
"MS": "Montserrat",
"MT": "Malta",
"MU": "Mauritius",
"MV": "Maldives",
"MW": "Malawi",
"MX": "Mexico",
"MY": "Malaysia",
"MZ": "Mozambique",
"NA": "Namibia",
"NC": "New Caledonia",
"NE": "Niger",
"NF": "Norfolk Island",
"NG": "Nigeria",
"NI": "Nicaragua",
"NL": "Netherlands",
"NO": "Norway",
"NP": "Nepal",
"NR": "Nauru",
"NU": "Niue",
"NZ": "New Zealand",
"OM": "Oman",
"PA": "Panama",
"PE": "Peru",
"PF": "French Polynesia",
"PG": "Papua New Guinea",
"PH": "Philippines",
"PK": "Pakistan",
"PL": "Poland",
"PM": "Saint Pierre and Miquelon",
"PN": "Pitcairn",
"PR": "Puerto Rico",
"PS": "Palestinian Territory, Occupied",
"PT": "Portugal",
"PW": "Palau",
"PY": "Paraguay",
"QA": "Qatar",
"RE": "Reunion",
"RO": "Romania",
"RS": "Serbia",
"RU": "Russian Federation",
"RW": "Rwanda",
"SA": "Saudi Arabia",
"SB": "Solomon Islands",
"SC": "Seychelles",
"SD": "Sudan",
"SE": "Sweden",
"SG": "Singapore",
"SH": "Saint Helena",
"SI": "Slovenia",
"SJ": "Svalbard and Jan Mayen Islands",
"SK": "Slovakia",
"SL": "Sierra Leone",
"SM": "San Marino",
"SN": "Senegal",
"SO": "Somalia",
"SR": "Suriname",
"SS": "South Sudan",
"ST": "Sao Tome and Principe",
"SV": "El Salvador",
"SX": "Sint Maarten (Dutch part)",
"SY": "Syrian Arab Republic",
"SZ": "Swaziland",
"TC": "Turks and Caicos Islands",
"TD": "Chad",
"TF": "French Southern Territories",
"TG": "Togo",
"TH": "Thailand",
"TJ": "Tajikistan",
"TK": "Tokelau",
"TL": "Timor-Leste",
"TM": "Turkmenistan",
"TN": "Tunisia",
"TO": "Tonga",
"TR": "Turkey",
"TT": "Trinidad and Tobago",
"TV": "Tuvalu",
"TW": "Taiwan, Province of China",
"TZ": "Tanzania, United Republic of",
"UA": "Ukraine",
"UG": "Uganda",
"UM": "United States Minor Outlying Islands",
"US": "United States of America",
"UY": "Uruguay",
"UZ": "Uzbekistan",
"VA": "Holy See",
"VC": "Saint Vincent and the Grenadines",
"VE": "Venezuela (Bolivarian Republic of)",
"VG": "British Virgin Islands",
"VI": "United States Virgin Islands",
"VN": "Viet Nam",
"VU": "Vanuatu",
"WF": "Wallis and Futuna Islands",
"WS": "Samoa",
"YE": "Yemen",
"YT": "Mayotte",
"ZA": "South Africa",
"ZM": "Zambia",
"ZW": "Zimbabwe",
"Other": "Other"
}
},
"internal": {
"variety": {
"Auditor": "Auditor",
"Call center": "Call center staff",
"Cashier": "Cashier, teller, or waiter",
"Developer": "Software developer",
"End-user": "End-user or regular employee",
"Executive": "Executive or upper management",
"Finance": "Finance or accounting staff",
"Guard": "Security guard",
"Helpdesk": "Helpdesk staff",
"Human resources": "Human resources staff",
"Maintenance": "Maintenance or janitorial staff",
"Manager": "Manager or supervisor",
"System admin": "System or network administrator",
"Doctor or nurse": "A doctor or a nurse",
"Other": "Other",
"Unknown": "Unknown"
},
"motive": {
"Convenience": "Convenience of expediency",
"Espionage": "Espionage or competitive advantage",
"Fear": "Fear or duress",
"Financial": "Financial or personal gain",
"Fun": "Fun, curiosity, or pride",
"Grudge": "Grudge or personal offense",
"Ideology": "Ideology or protest",
"Secondary": "Aid in a different attack",
"NA": "Not Applicable (unintentional action)",
"Other": "Other",
"Unknown": "Unknown"
},
"job_change": {
"Demoted": "Recently demoted or hours reduced",
"Hired": "Recently hired",
"Job eval": "Recent poor job evaluation",
"Lateral move": "Lateral move",
"Let go": "Fired, laid off, or let go",
"Passed over": "Recently passed over for promotion",
"Personal issues": "Personal issues",
"Promoted": "Recently promoted",
"Reprimanded": "Recently reprimanded",
"Resigned": "Preparing to resign or recently resigned",
"Other": "Other",
"Unknown": "Unknown"
}
},
"partner": {
"motive": {
"Convenience": "Convenience of expediency",
"Espionage": "Espionage or competitive advantage",
"Fear": "Fear or duress",
"Financial": "Financial or personal gain",
"Fun": "Fun, curiosity, or pride",
"Grudge": "Grudge or personal offense",
"Ideology": "Ideology or protest",
"Secondary": "Aid in a different attack",
"NA": "Not Applicable (unintentional action)",
"Other": "Other",
"Unknown": "Unknown"
},
"country": {
"Unknown": "Unknown",
"AD": "Andorra",
"AE": "United Arab Emirates",
"AF": "Afghanistan",
"AG": "Antigua and Barbuda",
"AI": "Anguilla",
"AL": "Albania",
"AM": "Armenia",
"AO": "Angola",
"AQ": "Antarctica",
"AR": "Argentina",
"AS": "American Samoa",
"AT": "Austria",
"AU": "Australia",
"AW": "Aruba",
"AX": "Aland Islands",
"AZ": "Azerbaijan",
"BA": "Bosnia and Herzegovina",
"BB": "Barbados",
"BD": "Bangladesh",
"BE": "Belgium",
"BF": "Burkina Faso",
"BG": "Bulgaria",
"BH": "Bahrain",
"BI": "Burundi",
"BJ": "Benin",
"BL": "Saint-Barthelemy",
"BM": "Bermuda",
"BN": "Brunei Darussalam",
"BO": "Bolivia",
"BQ": "Bonaire, Saint Eustatius and Saba",
"BR": "Brazil",
"BS": "Bahamas",
"BT": "Bhutan",
"BV": "Bouvet Island",
"BW": "Botswana",
"BY": "Belarus",
"BZ": "Belize",
"CA": "Canada",
"CC": "Cocos (Keeling) Islands",
"CD": "Congo, Democratic Republic of the",
"CF": "Central African Republic",
"CG": "Congo",
"CH": "Switzerland",
"CI": "Cote d'Ivoire",
"CK": "Cook Islands",
"CL": "Chile",
"CM": "Cameroon",
"CN": "China",
"CO": "Colombia",
"CR": "Costa Rica",
"CU": "Cuba",
"CV": "Cape Verde",
"CW": "Curacao",
"CX": "Christmas Island",
"CY": "Cyprus",
"CZ": "Czech Republic",
"DE": "Germany",
"DJ": "Djibouti",
"DK": "Denmark",
"DM": "Dominica",
"DO": "Dominican Republic",
"DZ": "Algeria",
"EC": "Ecuador",
"EE": "Estonia",
"EG": "Egypt",
"EH": "Western Sahara",
"ER": "Eritrea",
"ES": "Spain",
"ET": "Ethiopia",
"FI": "Finland",
"FJ": "Fiji",
"FK": "Faeroe Islands",
"FM": "Micronesia (Federated States of)",
"FO": "Falkland Islands (Malvinas)",
"FR": "France",
"GA": "Gabon",
"GB": "United Kingdom",
"GD": "Grenada",
"GE": "Georgia",
"GF": "French Guiana",
"GG": "Guernsey",
"GH": "Ghana",
"GI": "Gibraltar",
"GL": "Greenland",
"GM": "Gambia",
"GN": "Guinea",
"GP": "Guadeloupe",
"GQ": "Equatorial Guinea",
"GR": "Greece",
"GS": "South Georgia and the South Sandwich Islands",
"GT": "Guatemala",
"GU": "Guam",
"GW": "Guinea-Bissau",
"GY": "Guyana",
"HK": "Hong Kong",
"HM": "Heard Island and McDonal Islands",
"HN": "Honduras",
"HR": "Croatia",
"HT": "Haiti",
"HU": "Hungary",
"ID": "Indonesia",
"IE": "Ireland",
"IL": "Israel",
"IM": "Isle of Man",
"IN": "India",
"IO": "British Virgin Islands",
"IQ": "Iraq",
"IR": "Iran (Islamic Republic of)",
"IS": "Iceland",
"IT": "Italy",
"JE": "Jersey",
"JM": "Jamaica",
"JO": "Jordan",
"JP": "Japan",
"KE": "Kenya",
"KG": "Kyrgyzstan",
"KH": "Cambodia",
"KI": "Kiribati",
"KM": "Comoros",
"KN": "Saint Kitts and Nevis",
"KP": "Korea, Democratic People's Republic of",
"KR": "Korea, Republic of",
"KW": "Kuwait",
"KY": "Cayman Islands",
"KZ": "Kazakhstan",
"LA": "Lao People's Democratic Republic",
"LB": "Lebanon",
"LC": "Saint Lucia",
"LI": "Liechtenstein",
"LK": "Sri Lanka",
"LR": "Liberia",
"LS": "Lesotho",
"LT": "Lithuania",
"LU": "Luxembourg",
"LV": "Latvia",
"LY": "Libya",
"MA": "Morocco",
"MC": "Monaco",
"MD": "Moldova, Republic of",
"ME": "Montenegro",
"MF": "Saint Martin (French part)",
"MG": "Madagascar",
"MH": "Marshall Islands",
"MK": "Macedonia, The former Yugoslav Republic of",
"ML": "Mali",
"MM": "Myanmar",
"MN": "Mongolia",
"MO": "Macao",
"MP": "Northern Mariana Islands",
"MQ": "Martinique",
"MR": "Mauritania",
"MS": "Montserrat",
"MT": "Malta",
"MU": "Mauritius",
"MV": "Maldives",
"MW": "Malawi",
"MX": "Mexico",
"MY": "Malaysia",
"MZ": "Mozambique",
"NA": "Namibia",
"NC": "New Caledonia",
"NE": "Niger",
"NF": "Norfolk Island",
"NG": "Nigeria",
"NI": "Nicaragua",
"NL": "Netherlands",
"NO": "Norway",
"NP": "Nepal",
"NR": "Nauru",
"NU": "Niue",
"NZ": "New Zealand",
"OM": "Oman",
"PA": "Panama",
"PE": "Peru",
"PF": "French Polynesia",
"PG": "Papua New Guinea",
"PH": "Philippines",
"PK": "Pakistan",
"PL": "Poland",
"PM": "Saint Pierre and Miquelon",
"PN": "Pitcairn",
"PR": "Puerto Rico",
"PS": "Palestinian Territory, Occupied",
"PT": "Portugal",
"PW": "Palau",
"PY": "Paraguay",
"QA": "Qatar",
"RE": "Reunion",
"RO": "Romania",
"RS": "Serbia",
"RU": "Russian Federation",
"RW": "Rwanda",
"SA": "Saudi Arabia",
"SB": "Solomon Islands",
"SC": "Seychelles",
"SD": "Sudan",
"SE": "Sweden",
"SG": "Singapore",
"SH": "Saint Helena",
"SI": "Slovenia",
"SJ": "Svalbard and Jan Mayen Islands",
"SK": "Slovakia",
"SL": "Sierra Leone",
"SM": "San Marino",
"SN": "Senegal",
"SO": "Somalia",
"SR": "Suriname",
"SS": "South Sudan",
"ST": "Sao Tome and Principe",
"SV": "El Salvador",
"SX": "Sint Maarten (Dutch part)",
"SY": "Syrian Arab Republic",
"SZ": "Swaziland",
"TC": "Turks and Caicos Islands",
"TD": "Chad",
"TF": "French Southern Territories",
"TG": "Togo",
"TH": "Thailand",
"TJ": "Tajikistan",
"TK": "Tokelau",
"TL": "Timor-Leste",
"TM": "Turkmenistan",
"TN": "Tunisia",
"TO": "Tonga",
"TR": "Turkey",
"TT": "Trinidad and Tobago",
"TV": "Tuvalu",
"TW": "Taiwan, Province of China",
"TZ": "Tanzania, United Republic of",
"UA": "Ukraine",
"UG": "Uganda",
"UM": "United States Minor Outlying Islands",
"US": "United States of America",
"UY": "Uruguay",
"UZ": "Uzbekistan",
"VA": "Holy See",
"VC": "Saint Vincent and the Grenadines",
"VE": "Venezuela (Bolivarian Republic of)",
"VG": "British Virgin Islands",
"VI": "United States Virgin Islands",
"VN": "Viet Nam",
"VU": "Vanuatu",
"WF": "Wallis and Futuna Islands",
"WS": "Samoa",
"YE": "Yemen",
"YT": "Mayotte",
"ZA": "South Africa",
"ZM": "Zambia",
"ZW": "Zimbabwe",
"Other": "Other"
}
}
},
"asset": {
"assets": {
"variety": {
"M - Disk drive": "Media - Hard disk drive",
"M - Disk media": "Media - Disk media (e.g., CDs, DVDs)",
"M - Documents": "Media - Documents",
"M - Flash drive": "Media - Flash drive or card",
"M - Payment card": "Media - Payment card (e.g., magstripe, EMV)",
"M - Smart card": "Media - Identity smart card",
"M - Tapes": "Media - Backup tapes",
"M - Other": "Media - Variety known but not listed",
"M - Unknown": "Media - Variety not known",
"M - Fax": "Media - The output of a fax machine",
"N - Access reader": "Network - Access control reader (e.g., badge, biometric)",
"N - Broadband": "Network - Mobile broadband network",
"N - Camera": "Network - Camera or surveillance system",
"N - Firewall": "Network - Firewall",
"N - HSM": "Network - Hardware security module (HSM)",
"N - IDS": "Network - IDS or IPs",
"N - LAN": "Network - Wired LAN",
"N - NAS": "Network - Network area storage (NAS)",
"N - PBX": "Network - Private branch exchange (PBX)",
"N - PLC": "Network - Programmable logic controller (PLC)",
"N - Private WAN": "Network - Private WAN",
"N - Public WAN": "Network - Public WAN",
"N - Router or switch": "Network - Router or switch",
"N - RTU": "Network - Remote terminal unit (RTU)",
"N - SAN": "Network - Storage area network (SAN)",
"N - Telephone": "Network - Telephone",
"N - VoIP adapter": "Network - VoIP adapter",
"N - WLAN": "Network - Wireless LAN",
"N - Other": "Network - Variety known but not listed",
"N - Unknown": "Network - Variety not known",
"P - Auditor": "People - Auditor",
"P - Call center": "People - Call center",
"P - Cashier": "People - Cashier",
"P - Customer": "People - Customer",
"P - Developer": "People - Developer",
"P - End-user": "People - End-user",
"P - Executive": "People - Executive",
"P - Finance": "People - Finance",
"P - Former employee": "People - Former employee",
"P - Guard": "People - Guard",
"P - Helpdesk": "People - Helpdesk",
"P - Human resources": "People - Human resources",
"P - Maintenance": "People - Maintenance",
"P - Manager": "People - Manager",
"P - Partner": "People - Partner",
"P - System admin": "People - Administrator",
"P - Other": "People - Variety known but not listed",
"P - Unknown": "People - Variety not known",
"S - Authentication": "Server - Authentication",
"S - Backup": "Server - Backup",
"S - Configuration or patch management": "Servers maintaining or deploying configurations or patches to other assets",
"S - Code repository": "Server - Code repository",
"S - Database": "Server - Database",
"S - DCS": "Server - Distributed control system (DCS)",
"S - DHCP": "Server - DHCP",
"S - Directory": "Server - Directory (LDAP, AD)",
"S - DNS": "Server - DNS",
"S - File": "Server - File",
"S - ICS": "Server - Industrial Control System (ICS). Includes Supervisory Control And Data Acquisition (SCADA) systems.",
"S - Log": "Server - Log or event management",
"S - Mail": "Server - Mail",
"S - Mainframe": "Server - Mainframe",
"S - Payment switch": "Server - Payment switch or gateway",
"S - POS controller": "Server - POS controller",
"S - Print": "Server - Print",
"S - Proxy": "Server - Proxy",
"S - Remote access": "Server - Remote access",
"S - VM host": "Server - Virtual Host",
"S - Web application": "Server - Web application",
"S - Other": "Server - Variety known but not listed",
"S - Unknown": "Server - Variety not known",
"T - ATM": "Public Terminal - Automated Teller Machine (ATM)",
"T - Gas terminal": "Public Terminal - Gas \"pay-at-the-pump\" terminal",
"T - Kiosk": "Public Terminal - Self-service kiosk",
"T - PED pad": "Public Terminal - Detached PIN pad or card reader",
"T - Other": "Public Terminal - Variety known but not listed",
"T - Unknown": "Public Terminal - Variety not known",
"U - Auth token": "User Device - Authentication token or device",
"U - Desktop": "User Device - Desktop or workstation",
"U - Laptop": "User Device - Laptop",
"U - Media": "User Device - Media player or recorder",
"U - Mobile phone": "User Device - Mobile phone or smartphone",
"U - Peripheral": "User Device - Peripheral (e.g., printer, copier, fax)",
"U - POS terminal": "User Device - POS terminal",
"U - Tablet": "User Device - Tablet",
"U - Telephone": "User Device - Telephone",
"U - VoIP phone": "User Device - VoIP phone",
"U - Other": "User Device - Variety known but not listed",
"U - Unknown": "User Device - Variety not known",
"E - Telemetry": "Embedded - A dedicated device that collects data about the physical world",
"E - Telematics": "Embedded - A dedicated device that affects the real world",
"E - Other": "Embedded - Variety known but not listed",
"E - Unknown": "Embedded - Variety not known",
"Unknown": "Unknown type of asset",
"Other": "Asset type known but not User Device, Server, Public Terminal, Server, People, Network, or Media"
}
},
"ownership": {
"Customer": "Customer owned",
"Employee": "Employee owned",
"NA": "Not applicable",
"Partner": "Partner owned",
"Unknown": "Unknown",
"Victim": "Victim owned",
"Other": "Owner known but not listed"
},
"accessibility": {
"External": "Publicly accessible",
"Internal": "Internally accessible",
"Isolated": "Internally isolated or restricted environment",
"NA": "Not applicable",
"Other": "Accessibility known but not listed",
"Unknown": "Unknown"
},
"cloud": {
"Customer attack": "Penetration of another web site on shared device",
"Hosting error": "Misconfiguration or error by hosting provider",
"Hosting governance": "Lack of security process or procedure by hosting provider",
"Hypervisor": "Hypervisor break-out attack",
"Partner application": "Application vulnerability in partner-developed application",
"User breakout": "Elevation of privilege by another customer in shared environment",
"NA": "It is known no cloud assets were involved",
"No": "It is known that a cloud asset was involved and it being a cloud asset did not affect the outcome",
"Other": "Cloud hosting known but not listed",
"Unknown": "The involvement of cloud assets was not measured"
},
"governance" : {
"Personally owned": "Personally owned asset",
"3rd party owned": "Owned by 3rd party",
"3rd party managed": "Managed by 3rd party",
"3rd party hosted": "Hosted by 3rd party",
"Internally isolated": "Isolated internal asset",
"Victim governed": "The victim owns and controls the asset",
"Unknown": "Unknown",
"Other": "Governance known but not listed"
},
"hosting": {
"External": "Externally hosted (unsure if dedicated or shared)",
"External dedicated": "Externally hosted in a dedicated environment",
"External shared": "Externally hosted in a shared environment",
"Internal": "Internally hosted",
"NA": "Not applicable",
"Other": "Hosting known but not listed",
"Unknown": "Unknown"
},
"management": {
"External": "Externally managed",
"Internal": "Internally managed",
"NA": "Not applicable",
"Unknown": "Unknown",
"Other": "Ownership known but not listed"
},
"country": {
"Unknown": "Unknown",
"AD": "Andorra",
"AE": "United Arab Emirates",
"AF": "Afghanistan",
"AG": "Antigua and Barbuda",
"AI": "Anguilla",
"AL": "Albania",
"AM": "Armenia",
"AO": "Angola",
"AQ": "Antarctica",
"AR": "Argentina",
"AS": "American Samoa",
"AT": "Austria",
"AU": "Australia",
"AW": "Aruba",
"AX": "Aland Islands",
"AZ": "Azerbaijan",
"BA": "Bosnia and Herzegovina",
"BB": "Barbados",
"BD": "Bangladesh",
"BE": "Belgium",
"BF": "Burkina Faso",
"BG": "Bulgaria",
"BH": "Bahrain",
"BI": "Burundi",
"BJ": "Benin",
"BL": "Saint-Barthelemy",
"BM": "Bermuda",
"BN": "Brunei Darussalam",
"BO": "Bolivia",
"BQ": "Bonaire, Saint Eustatius and Saba",
"BR": "Brazil",
"BS": "Bahamas",
"BT": "Bhutan",
"BV": "Bouvet Island",
"BW": "Botswana",
"BY": "Belarus",
"BZ": "Belize",
"CA": "Canada",
"CC": "Cocos (Keeling) Islands",
"CD": "Congo, Democratic Republic of the",
"CF": "Central African Republic",
"CG": "Congo",
"CH": "Switzerland",
"CI": "Cote d'Ivoire",
"CK": "Cook Islands",
"CL": "Chile",
"CM": "Cameroon",
"CN": "China",
"CO": "Colombia",
"CR": "Costa Rica",
"CU": "Cuba",
"CV": "Cape Verde",
"CW": "Curacao",
"CX": "Christmas Island",
"CY": "Cyprus",
"CZ": "Czech Republic",
"DE": "Germany",
"DJ": "Djibouti",
"DK": "Denmark",
"DM": "Dominica",
"DO": "Dominican Republic",
"DZ": "Algeria",
"EC": "Ecuador",
"EE": "Estonia",
"EG": "Egypt",
"EH": "Western Sahara",
"ER": "Eritrea",
"ES": "Spain",
"ET": "Ethiopia",
"FI": "Finland",
"FJ": "Fiji",
"FK": "Faeroe Islands",
"FM": "Micronesia (Federated States of)",
"FO": "Falkland Islands (Malvinas)",
"FR": "France",
"GA": "Gabon",
"GB": "United Kingdom",
"GD": "Grenada",
"GE": "Georgia",
"GF": "French Guiana",
"GG": "Guernsey",
"GH": "Ghana",
"GI": "Gibraltar",
"GL": "Greenland",
"GM": "Gambia",
"GN": "Guinea",
"GP": "Guadeloupe",
"GQ": "Equatorial Guinea",
"GR": "Greece",
"GS": "South Georgia and the South Sandwich Islands",
"GT": "Guatemala",
"GU": "Guam",
"GW": "Guinea-Bissau",
"GY": "Guyana",
"HK": "Hong Kong",
"HM": "Heard Island and McDonal Islands",
"HN": "Honduras",
"HR": "Croatia",
"HT": "Haiti",
"HU": "Hungary",
"ID": "Indonesia",
"IE": "Ireland",
"IL": "Israel",
"IM": "Isle of Man",
"IN": "India",
"IO": "British Virgin Islands",
"IQ": "Iraq",
"IR": "Iran (Islamic Republic of)",
"IS": "Iceland",
"IT": "Italy",
"JE": "Jersey",
"JM": "Jamaica",
"JO": "Jordan",
"JP": "Japan",
"KE": "Kenya",
"KG": "Kyrgyzstan",
"KH": "Cambodia",
"KI": "Kiribati",
"KM": "Comoros",
"KN": "Saint Kitts and Nevis",
"KP": "Korea, Democratic People's Republic of",
"KR": "Korea, Republic of",
"KW": "Kuwait",
"KY": "Cayman Islands",
"KZ": "Kazakhstan",
"LA": "Lao People's Democratic Republic",
"LB": "Lebanon",
"LC": "Saint Lucia",
"LI": "Liechtenstein",
"LK": "Sri Lanka",
"LR": "Liberia",
"LS": "Lesotho",
"LT": "Lithuania",
"LU": "Luxembourg",
"LV": "Latvia",
"LY": "Libya",
"MA": "Morocco",
"MC": "Monaco",
"MD": "Moldova, Republic of",
"ME": "Montenegro",
"MF": "Saint Martin (French part)",
"MG": "Madagascar",
"MH": "Marshall Islands",
"MK": "Macedonia, The former Yugoslav Republic of",
"ML": "Mali",
"MM": "Myanmar",
"MN": "Mongolia",
"MO": "Macao",
"MP": "Northern Mariana Islands",
"MQ": "Martinique",
"MR": "Mauritania",
"MS": "Montserrat",
"MT": "Malta",
"MU": "Mauritius",
"MV": "Maldives",
"MW": "Malawi",
"MX": "Mexico",
"MY": "Malaysia",
"MZ": "Mozambique",
"NA": "Namibia",
"NC": "New Caledonia",
"NE": "Niger",
"NF": "Norfolk Island",
"NG": "Nigeria",
"NI": "Nicaragua",
"NL": "Netherlands",
"NO": "Norway",
"NP": "Nepal",
"NR": "Nauru",
"NU": "Niue",
"NZ": "New Zealand",
"OM": "Oman",
"PA": "Panama",
"PE": "Peru",
"PF": "French Polynesia",
"PG": "Papua New Guinea",
"PH": "Philippines",
"PK": "Pakistan",
"PL": "Poland",
"PM": "Saint Pierre and Miquelon",
"PN": "Pitcairn",
"PR": "Puerto Rico",
"PS": "Palestinian Territory, Occupied",
"PT": "Portugal",
"PW": "Palau",
"PY": "Paraguay",
"QA": "Qatar",
"RE": "Reunion",
"RO": "Romania",
"RS": "Serbia",
"RU": "Russian Federation",
"RW": "Rwanda",
"SA": "Saudi Arabia",
"SB": "Solomon Islands",
"SC": "Seychelles",
"SD": "Sudan",
"SE": "Sweden",
"SG": "Singapore",
"SH": "Saint Helena",
"SI": "Slovenia",
"SJ": "Svalbard and Jan Mayen Islands",
"SK": "Slovakia",
"SL": "Sierra Leone",
"SM": "San Marino",
"SN": "Senegal",
"SO": "Somalia",
"SR": "Suriname",
"SS": "South Sudan",
"ST": "Sao Tome and Principe",
"SV": "El Salvador",
"SX": "Sint Maarten (Dutch part)",
"SY": "Syrian Arab Republic",
"SZ": "Swaziland",
"TC": "Turks and Caicos Islands",
"TD": "Chad",
"TF": "French Southern Territories",
"TG": "Togo",
"TH": "Thailand",
"TJ": "Tajikistan",
"TK": "Tokelau",
"TL": "Timor-Leste",
"TM": "Turkmenistan",
"TN": "Tunisia",
"TO": "Tonga",
"TR": "Turkey",
"TT": "Trinidad and Tobago",
"TV": "Tuvalu",
"TW": "Taiwan, Province of China",
"TZ": "Tanzania, United Republic of",
"UA": "Ukraine",
"UG": "Uganda",
"UM": "United States Minor Outlying Islands",
"US": "United States of America",
"UY": "Uruguay",
"UZ": "Uzbekistan",
"VA": "Holy See",
"VC": "Saint Vincent and the Grenadines",
"VE": "Venezuela (Bolivarian Republic of)",
"VG": "British Virgin Islands",
"VI": "United States Virgin Islands",
"VN": "Viet Nam",
"VU": "Vanuatu",
"WF": "Wallis and Futuna Islands",
"WS": "Samoa",
"YE": "Yemen",
"YT": "Mayotte",
"ZA": "South Africa",
"ZM": "Zambia",
"ZW": "Zimbabwe",
"Other": "Other"
}
},
"attribute": {
"confidentiality": {
"data_disclosure": {
"No": "No",
"Potentially": "Potentially (at risk)",
"Yes": "Yes (confirmed)",
"Unknown": "Unknown"
},
"data": {
"variety": {
"Bank": "Bank account data",
"Classified": "Classified information",
"Copyrighted": "Copyrighted material",
"Credentials": "Authentication credentials (e.g., pwds, OTPs, biometrics)",
"Digital certificate": "Digital certificate",
"Internal": "Sensitive internal data (e.g., plans, reports, emails)",
"Medical": "Medical records",
"Payment": "Payment card data (e.g., PAN, PIN, CVV2, Expiration)",
"Personal": "Personal or identifying information (e.g., addr, ID#, credit score)",
"Secrets": "Trade secrets",
"Source code": "Source code",
"System": "System information (e.g., config info, open services)",
"Virtual currency": "Virtual currency",
"Other": "Other",
"Unknown": "Unknown"
}
},
"data_victim": {
"Customer": "Customer",
"Employee": "Employee",
"Partner": "Partner",
"Patient": "Patient",
"Student": "Student",
"Other": "Other",
"Unknown": "Unknown"
},
"state": {
"Processed": "Processed",
"Stored": "Stored",
"Stored encrypted": "Stored encrypted",
"Stored unencrypted": "Stored unencrypted",
"Transmitted": "Transmitted",
"Transmitted encrypted": "Transmitted encrypted",
"Transmitted unencrypted": "Transmitted unencrypted",
"Other": "Data state known but not listed.",
"Unknown": "Data stat not known",
"Printed": "Data printed in human-readable format"
}
},
"integrity": {
"variety": {
"Alter behavior": "Influence or alter human behavior",
"Created account": "Created new user account",
"Defacement": "Deface content",
"Fraudulent transaction": "Initiate fraudulent transaction",
"Hardware tampering": "Hardware tampering or physical alteration",
"Log tampering": "Log tampering or modification",
"Misrepresentation": "Misrepresentation",
"Modify configuration": "Modified configuration or services",
"Modify data": "Modified stored data or content",
"Modify privileges": "Modified privileges or permissions",
"Repurpose": "Repurposed asset for unauthorized function",
"Software installation": "Software installation or code modification",
"Other": "Other",
"Unknown": "Unknown"
}
},
"availability": {
"variety": {
"Acceleration": "Acceleration",
"Degradation": "Performance degradation",
"Destruction": "Destruction",
"Interruption": "Interruption",
"Loss": "Loss",
"Obscuration": "Conversion or obscuration",
"Other": "Other",
"Unknown": "Unknown"
},
"duration": {
"unit": {
"Seconds": "Seconds",
"Minutes": "Minutes",
"Hours": "Hours",
"Days": "Days",
"Weeks": "Weeks",
"Months": "Months",
"Years": "Years",
"Never": "Never",
"NA": "NA",
"Unknown": "Unknown"
}
}
}
},
"targeted": {
"Opportunistic": "Opportunistic: victim attacked because they exhibited a weakness the actor knew how to exploit",
"Targeted": "Targeted: victim chosen as target then actor determined what weaknesses could be exploited",
"NA": "Not applicable",
"Unknown": "Unknown"
},
"discovery_method": {
"Ext - actor disclosure": "External - disclosed by threat agent (e.g., public brag, private blackmail)",
"Ext - audit": "External - security audit or scan",
"Ext - customer": "External - reported by customer or partner affected by the incident",
"Ext - emergency response team": "External - Emergency response team",
"Ext - found documents": "External - Found documents",
"Ext - fraud detection": "External - fraud detection (e.g., CPP)",
"Ext - incident response": "External - Notified while investigating another incident",
"Ext - law enforcement": "Internal - notified by law enforcement or government agency",
"Ext - monitoring service": "External - managed security event monitoring service",
"Ext - suspicious traffic": "External - Report of suspicious traffic",
"Ext - other": "Discovery method was external and known but not listed",
"Ext - unknown": "External - unknown",
"Ext - unrelated 3rd party": "Discovered by person unaffiliated with victim or threat actor",
"Int - antivirus": "Internal - antivirus alert",
"Int - data loss prevention": "Internal - Data loss prevention software",
"Int - financial audit": "Internal - financial audit and reconciliation process",
"Int - fraud detection": "Internal - fraud detection mechanism",
"Int - HIDS": "Internal - host IDS or file integrity monitoring",
"Int - incident response": "Internal - discovered while responding to another (separate) incident",
"Int - IT review": "Any routine maintenance, testing or review of it assets. (Includes inspect of assets, vulnerability scans, etc.)",
"Int - infrastructure monitoring": "Internal - Health and welfare monitoring of assets such as utilization, uptime, and SNMP alerts",
"Int - log review": "Internal - log review process or SIEM",
"Int - NIDS": "Internal - All network-based security tool detection (including IPS, IDS, firewalls and other network-based security tools)",
"Int - reported by employee": "Internal - reported by employee who saw something odd",
"Int - security alarm": "Internal - physical security system alarm",
"Int - break in discovered": "Internal - employee discovered evidence of a break in",
"Int - other": "Discovery method was internal and known but not listed",
"Int - unknown": "Internal - unknown",
"Prt - antivirus": "Partner - Notified by antivirus company but not through AV product",
"Prt - audit": "Partner - Audit performed by a partner organization",
"Prt - incident response": "Partner - notified while investigating another incident",
"Prt - monitoring service": "Partner - Reported by a monitoring service",
"Prt - other": "Discovery method was partner and known but not listed",
"Prt - unknown": "Partner - Unknown",
"Other": "Other",
"Unknown": "Unknown"
},
"impact": {
"loss": {
"variety": {
"Asset and fraud": "Asset and fraud-related losses",
"Brand damage": "Brand and market damage",
"Business disruption": "Business disruption",
"Competitive advantage": "Loss of competitive advantage",
"Legal and regulatory": "Legal and regulatory costs",
"Operating costs": "Increased operating costs",
"Response and recovery": "Response and recovery costs",
"Other": "Impact variety known but not listed."
},
"rating": {
"Major": "Major",
"Moderate": "Moderate",
"Minor": "Minor",
"None": "None",
"Unknown": "Unknown"
}
},
"overall_rating": {
"Catastrophic": "Catastrophic: A business-ending event (don't choose this if the victim will continue operations)",
"Damaging": "Damaging: Real and serious effect on the \"bottom line\" and/or long-term ability to generate revenue",
"Painful": "Painful: Moderate \"hard costs\", and impact felt through having to deal with the incident rather than conducting normal duties has quantifiable indirect costs",
"Distracting": "Distracting: Limited \"hard costs\", but impact felt through having to deal with the incident rather than conducting normal duties",
"Insignificant": "Insignificant: Impact absorbed by normal activities",
"Unknown": "Unknown"
},
"iso_currency_code": {
"AED": "AED - UAE Dirham",
"AFN": "AFN - Afghani",
"ALL": "ALL - Lek",
"AMD": "AMD - Armenian Dram",
"ANG": "ANG - Netherlands Antillean Guilder",
"AOA": "AOA - Kwanza",
"ARS": "ARS - Argentine Peso",
"AUD": "AUD - Australian Dollar",
"AWG": "AWG - Aruban Florin",
"AZN": "AZN - Azerbaijanian Manat",
"BAM": "BAM - Convertible Mark",
"BBD": "BBD - Barbados Dollar",
"BDT": "BDT - Taka",
"BGN": "BGN - Bulgarian Lev",
"BHD": "BHD - Bahraini Dinar",
"BIF": "BIF - Burundi Franc",
"BMD": "BMD - Bermudian Dollar",
"BND": "BND - Brunei Dollar",
"BOB": "BOB - Boliviano",
"BRL": "BRL - Brazilian Real",
"BSD": "BSD - Bahamian Dollar",
"BTN": "BTN - Ngultrum",
"BWP": "BWP - Pula",
"BYR": "BYR - Belarussian Ruble",
"BZD": "BZD - Belize Dollar",
"CAD": "CAD - Canadian Dollar",
"CDF": "CDF - Congolese Franc",
"CHF": "CHF - Swiss Franc",
"CLP": "CLP - Chilean Peso",
"CNY": "CNY - Yuan Renminbi",
"COP": "COP - Colombian Peso",
"CRC": "CRC - Costa Rican Colon",
"CUC": "CUC - Peso Convertible",
"CUP": "CUP - Cuban Peso",
"CVE": "CVE - Cape Verde Escudo",
"CZK": "CZK - Czech Koruna",
"DJF": "DJF - Djibouti Franc",
"DKK": "DKK - Danish Krone",
"DOP": "DOP - Dominican Peso",
"DZD": "DZD - Algerian Dinar",
"EGP": "EGP - Egyptian Pound",
"ERN": "ERN - Nakfa",
"ETB": "ETB - Ethiopian Birr",
"EUR": "EUR - Euro",
"FJD": "FJD - Fiji Dollar",
"FKP": "FKP - Falkland Islands Pound",
"GBP": "GBP - Pound Sterling",
"GEL": "GEL - Lari",
"GGP": "GGP - Guernsey pound",
"GHS": "GHS - Ghana Cedi",
"GIP": "GIP - Gibraltar Pound",
"GMD": "GMD - Dalasi",
"GNF": "GNF - Guinea Franc",
"GTQ": "GTQ - Quetzal",
"GYD": "GYD - Guyana Dollar",
"HKD": "HKD - Hong Kong Dollar",
"HNL": "HNL - Lempira",
"HRK": "HRK - Croatian Kuna",
"HTG": "HTG - Gourde",
"HUF": "HUF - Forint",
"IDR": "IDR - Rupiah",
"ILS": "ILS - New Israeli Sheqel",
"IMP": "IMP - Isle of Man Pound",
"INR": "INR - Indian Rupee",
"IQD": "IQD - Iraqi Dinar",
"IRR": "IRR - Iranian Rial",
"ISK": "ISK - Iceland Krona",
"JEP": "JEP - Jersey pound",
"JMD": "JMD - Jamaican Dollar",
"JOD": "JOD - Jordanian Dinar",
"JPY": "JPY - Yen",
"KES": "KES - Kenyan Shilling",
"KGS": "KGS - Som",
"KHR": "KHR - Riel",
"KMF": "KMF - Comoro Franc",
"KPW": "KPW - North Korean Won",
"KRW": "KRW - South Korean Won",
"KWD": "KWD - Kuwaiti Dinar",
"KYD": "KYD - Cayman Islands Dollar",
"KZT": "KZT - Tenge",
"LAK": "LAK - Kip",
"LBP": "LBP - Lebanese Pound",
"LKR": "LKR - Sri Lanka Rupee",
"LRD": "LRD - Liberian Dollar",
"LSL": "LSL - Loti",
"LTL": "LTL - Lithuanian Litas",
"LVL": "LVL - Latvian Lats",
"LYD": "LYD - Libyan Dinar",
"MAD": "MAD - Moroccan Dirham",
"MDL": "MDL - Moldovan Leu",
"MGA": "MGA - Malagasy Ariary",
"MKD": "MKD - Denar",
"MMK": "MMK - Kyat",
"MNT": "MNT - Tugrik",
"MOP": "MOP - Pataca",
"MRO": "MRO - Ouguiya",
"MUR": "MUR - Mauritius Rupee",
"MVR": "MVR - Rufiyaa",
"MWK": "MWK - Kwacha",
"MXN": "MXN - Mexican Peso",
"MYR": "MYR - Malaysian Ringgit",
"MZN": "MZN - Mozambique Metical",
"NAD": "NAD - Namibia Dollar",
"NGN": "NGN - Naira",
"NIO": "NIO - Cordoba Oro",
"NOK": "NOK - Norwegian Krone",
"NPR": "NPR - Nepalese Rupee",
"NZD": "NZD - New Zealand Dollar",
"OMR": "OMR - Rial Omani",
"PAB": "PAB - Balboa",
"PEN": "PEN - Nuevo Sol",
"PGK": "PGK - Kina",
"PHP": "PHP - Philippine Peso",
"PKR": "PKR - Pakistan Rupee",
"PLN": "PLN - Zloty",
"PYG": "PYG - Guarani",
"QAR": "QAR - Qatari Rial",
"RON": "RON - New Romanian Leu",
"RSD": "RSD - Serbian Dinar",
"RUB": "RUB - Russian Ruble",
"RWF": "RWF - Rwanda Franc",
"SAR": "SAR - Saudi Riyal",
"SBD": "SBD - Solomon Islands Dollar",
"SCR": "SCR - Seychelles Rupee",
"SDG": "SDG - Sudanese Pound",
"SEK": "SEK - Swedish Krona",
"SGD": "SGD - Singapore Dollar",
"SHP": "SHP - Saint Helena Pound",
"SLL": "SLL - Leone",
"SOS": "SOS - Somali Shilling",
"SPL": "SPL - Seborga Luigino",
"SRD": "SRD - Surinam Dollar",
"STD": "STD - Dobra",
"SVC": "SVC - El Salvador Colon",
"SYP": "SYP - Syrian Pound",
"SZL": "SZL - Lilangeni",
"THB": "THB - Baht",
"TJS": "TJS - Somoni",
"TMT": "TMT - Turkmenistan New Manat",
"TND": "TND - Tunisian Dinar",
"TOP": "TOP - Pa'anga",
"TRY": "TRY - Turkish Lira",
"TTD": "TTD - Trinidad and Tobago Dollar",
"TVD": "TVD - Tuvalu Dollar",
"TWD": "TWD - New Taiwan Dollar",
"TZS": "TZS - Tanzanian Shilling",
"UAH": "UAH - Hryvnia",
"UGX": "UGX - Uganda Shilling",
"USD": "USD - US Dollar",
"UYU": "UYU - Peso Uruguayo",
"UZS": "UZS - Uzbekistan Sum",
"VEF": "VEF - Bolivar ",
"VND": "VND - Dong",
"VUV": "VUV - Vatu",
"WST": "WST - Tala",
"XAF": "XAF - CFA Franc BEAC",
"XCD": "XCD - East Caribbean Dollar",
"XDR": "XDR - SDR (Special Drawing Right)",
"XOF": "XOF - CFA Franc BCEAO",
"XPF": "XPF - CFP Franc",
"YER": "YER - Yemeni Rial",
"ZAR": "ZAR - South African Rand",
"ZMK": "ZMK - Zambian Kwacha",
"ZWD": "ZWD - Zimbabwean Dollar A/06"
}
},
"cost_corrective_action": {
"Difficult and expensive": "Difficult and expensive",
"Something in-between": "Something in-between",
"Simple and cheap": "Simple and cheap",
"Unknown": "Unknown"
}
}