38 lines
1.2 KiB
JSON
38 lines
1.2 KiB
JSON
|
{
|
||
|
|
"namespace": "stealth_malware",
|
||
|
|
"description": "Classification based on malware stealth techniques. Described in https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf",
|
||
|
|
"version": 1,
|
||
|
|
"refs": [
|
||
|
|
"https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf"
|
||
|
|
],
|
||
|
|
"predicates": [
|
||
|
|
{
|
||
|
|
"value": "type",
|
||
|
|
"expanded": "Stealth technique type"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"values": [
|
||
|
|
{
|
||
|
|
"predicate": "type",
|
||
|
|
"entry": [
|
||
|
|
{
|
||
|
|
"value": "0",
|
||
|
|
"expanded": "No OS or system compromise. The malware runs as a normal user process using only official API calls."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"value": "I",
|
||
|
|
"expanded": "The malware modifies constant sections of the kernel and/or processes such as code sections."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"value": "II",
|
||
|
|
"expanded": "The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"value": "III",
|
||
|
|
"expanded": "The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques."
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|