misp-taxonomies/malware_classification/README.md

86 lines
1.4 KiB
Markdown
Raw Normal View History

2016-02-04 16:48:59 +01:00
# Malware Classification
## Malware Categories
All malware samples should be classified into one of the categories listed in the table below.
2016-02-04 16:48:59 +01:00
<dl>
<dt>Virus</dt>
<dd><dd>
<dt>Worm</dt>
<dd><dd>
<dt>Trojan</dt>
<dd><dd>
<dt>Ransomware</dt>
<dd><dd>
<dt>Rootkit</dt>
<dd><dd>
<dt>Downloader</dt>
<dd><dd>
<dt>Adware</dt>
<dd><dd>
<dt>Spyware</dt>
<dd><dd>
<dt>Botnet</dt>
<dd><dd>
2016-02-04 16:48:59 +01:00
</dl>
## Obfuscation Classification
All malware samples should be classified into one of the categories listed in the table below.
2016-02-04 16:48:59 +01:00
<dl>
<dt>no-obfuscation</dt>
<dd>No obfuscation is used<dd>
<dt>encryption</dt>
<dd>encryption<dd>
<dt>oligomorphism</dt>
<dd>oligomorphism<dd>
<dt>metamorphism</dt>
<dd>metamorphism<dd>
<dt>stealth</dt>
<dd>stealth<dd>
<dt>armouring</dt>
<dd>armouring<dd>
<dt>encryption</dt>
<dd>encryption<dd>
<dt>tunneling</dt>
<dd>tunneling<dd>
<dt>XOR</dt>
<dd>XOR<dd>
<dt>BASE64</dt>
<dd>BASE64<dd>
<dt>ROT13</dt>
<dd>ROT13<dd>
</dl>
## Payload Classification
## Memory Classification
# Machine-parsable Malware Classification
The repository contains a [JSON file including the machine-parsable tags](machinetag.json)
along with their human-readable description. The software can use both
representation on the user-interface and store the tag as machine-parsable.
~~~~
malware_classification:malware-category="virus"
~~~~
Based on:
https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848