| •owl:Thing |
| •Attack |
| •Threat |
| •Threat |
| •Attack |
| •ActiveAttack |
| •Deception |
| •Impersonation |
| •Masquerading |
| •Spoofing |
| •Impersonation |
| •Deception |
| •Masquerading |
| •Spoofing |
| •Masquerading |
| •Deception |
| •Impersonation |
| •Spoofing |
| •MaliciousCode |
| •Rootkit |
| •Spoofing |
| •Deception |
| •Impersonation |
| •Masquerading |
| ifSuccessfulLeadsToThreat SOME MaliciousCode |
| MaliciousCode |
| threatens SOME (_Integrity AND _Host) |
| dc:description | A collection of software tools installed by an intruder on a compromised computer. A rootkit will normally contain tools to hide evidence of the intrusion and backdoors to allow access or remote-control in future. Rootkits often include tools to facilitate other types of misuse such as distributed denial of service attacks or distribution of spam. (ODoC) |
Class(Rootkit partial restriction(ifSuccessfulLeadsToThreat someValuesFrom(MaliciousCode))
MaliciousCode
restriction(threatens someValuesFrom(intersectionOf(_Integrity
_Host))))