We could introduce the idea of abstract attack steps for the journal paper (even though it is not implemented in MAL. In coreLang we could just save it as comment in the code. This is for al places where distributions needs to be specified and where attack steps needs to be refined.) I am for instance now looking at user.phishing, it is to me a bit specific (but maybe ok to have in coreLang). I think that the a more general attack step could be "deceived" and phishing is one type of deception attack.
We could introduce the idea of abstract attack steps for the journal paper (even though it is not implemented in MAL. In coreLang we could just save it as comment in the code. This is for al places where distributions needs to be specified and where attack steps needs to be refined.) I am for instance now looking at user.phishing, it is to me a bit specific (but maybe ok to have in coreLang). I think that the a more general attack step could be "deceived" and phishing is one type of deception attack.