misp-taxonomies/stealth-malware/machinetag.json

{
  "namespace": "stealth_malware",
  "description": "Classification based on malware stealth techniques. Described in https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf",
  "version": 1,
  "refs": [
    "https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf"
  ],
  "predicates": [
    {
      "value": "type",
      "expanded": "Stealth technique type"
    }
  ],
  "values": [
    {
      "predicate": "type",
      "entry": [
        {
          "value": "0",
          "expanded": "No OS or system compromise. The malware runs as a normal user process using only official API calls."
        },
        {
          "value": "I",
          "expanded": "The malware modifies constant sections of the kernel and/or processes such as code sections."
        },
        {
          "value": "II",
          "expanded": "The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections."
        },
        {
          "value": "III",
          "expanded": "The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques."
        }
      ]
    }
  ]
}
Add Stealth Malware Taxonomy as defined by Joanna Rutkowska 2016-10-28 11:07:24 +02:00			`{`
			`"namespace": "stealth_malware",`
			`"description": "Classification based on malware stealth techniques. Described in https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf",`
			`"version": 1,`
			`"refs": [`
			`"https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf"`
Typo fixed 2016-10-29 10:45:02 +02:00			`],`
Add Stealth Malware Taxonomy as defined by Joanna Rutkowska 2016-10-28 11:07:24 +02:00			`"predicates": [`
			`{`
			`"value": "type",`
Typo fixed 2016-10-29 10:45:02 +02:00			`"expanded": "Stealth technique type"`
Add Stealth Malware Taxonomy as defined by Joanna Rutkowska 2016-10-28 11:07:24 +02:00			`}`
			`],`
			`"values": [`
			`{`
			`"predicate": "type",`
			`"entry": [`
			`{`
			`"value": "0",`
			`"expanded": "No OS or system compromise. The malware runs as a normal user process using only official API calls."`
			`},`
			`{`
			`"value": "I",`
			`"expanded": "The malware modifies constant sections of the kernel and/or processes such as code sections."`
			`},`
			`{`
			`"value": "II",`
			`"expanded": "The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections."`
			`},`
			`{`
			`"value": "III",`
			`"expanded": "The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques."`
			`}`
			`]`
			`}`
			`]`
			`}`