{ "namespace": "maec-malware-capabilities", "description": "Malware Capabilities based on MAEC 5.0", "version": 2, "predicates": [ { "value": "maec-malware-capability", "expanded": "MAEC Malware capability" } ], "values": [ { "predicate": "maec-malware-capability", "entry": [ { "value": "anti-behavioral-analysis", "expanded": "anti-behavioral-analysis" }, { "value": "anti-code-analysis", "expanded": "anti-code-analysis" }, { "value": "anti-detection", "expanded": "anti-detection" }, { "value": "anti-removal", "expanded": "anti-removal" }, { "value": "availability-violation", "expanded": "availability-violation" }, { "value": "collection", "expanded": "collection" }, { "value": "command-and-control", "expanded": "command-and-control" }, { "value": "data-theft", "expanded": "data-theft" }, { "value": "destruction", "expanded": "destruction" }, { "value": "discovery", "expanded": "discovery" }, { "value": "exfiltration", "expanded": "exfiltration" }, { "value": "fraud", "expanded": "fraud" }, { "value": "infection-propagation", "expanded": "infection-propagation" }, { "value": "integrity-violation", "expanded": "integrity-violation" }, { "value": "machine-access-control", "expanded": "machine-access-control" }, { "value": "persistence", "expanded": "persistence" }, { "value": "privilege-escalation", "expanded": "privilege-escalation" }, { "value": "secondary-operation", "expanded": "secondary-operation" }, { "value": "security-degradation", "expanded": "security-degradation" }, { "value": "access-control-degradation", "expanded": "access-control-degradation" }, { "value": "anti-debugging", "expanded": "anti-debugging" }, { "value": "anti-disassembly", "expanded": "anti-disassembly" }, { "value": "anti-emulation", "expanded": "anti-emulation" }, { "value": "anti-memory-forensics", "expanded": "anti-memory-forensics" }, { "value": "anti-sandbox", "expanded": "anti-sandbox" }, { "value": "anti-virus-evasion", "expanded": "anti-virus-evasion" }, { "value": "anti-vm", "expanded": "anti-vm" }, { "value": "authentication-credentials-theft", "expanded": "authentication-credentials-theft" }, { "value": "clean-traces-of-infection", "expanded": "clean-traces-of-infection" }, { "value": "communicate-with-c2-server", "expanded": "communicate-with-c2-server" }, { "value": "compromise-data-availability", "expanded": "compromise-data-availability" }, { "value": "compromise-system-availability", "expanded": "compromise-system-availability" }, { "value": "consume-system-resources", "expanded": "consume-system-resources" }, { "value": "continuous-execution", "expanded": "continuous-execution" }, { "value": "data-integrity-violation", "expanded": "data-integrity-violation" }, { "value": "data-obfuscation", "expanded": "data-obfuscation" }, { "value": "data-staging", "expanded": "data-staging" }, { "value": "determine-c2-server", "expanded": "determine-c2-server" }, { "value": "email-spam", "expanded": "email-spam" }, { "value": "ensure-compatibility", "expanded": "ensure-compatibility" }, { "value": "environment-awareness", "expanded": "environment-awareness" }, { "value": "file-infection", "expanded": "file-infection" }, { "value": "hide-artifacts", "expanded": "hide-artifacts" }, { "value": "hide-executing-code", "expanded": "hide-executing-code" }, { "value": "hide-non-executing-code", "expanded": "hide-non-executing-code" }, { "value": "host-configuration-probing", "expanded": "host-configuration-probing" }, { "value": "information-gathering-for-improvement", "expanded": "information-gathering-for-improvement" }, { "value": "input-peripheral-capture", "expanded": "input-peripheral-capture" }, { "value": "install-other-components", "expanded": "install-other-components" }, { "value": "local-machine-control", "expanded": "local-machine-control" }, { "value": "network-environment-probing", "expanded": "network-environment-probing" }, { "value": "os-security-feature-degradation", "expanded": "os-security-feature-degradation" }, { "value": "output-peripheral-capture", "expanded": "output-peripheral-capture" }, { "value": "physical-entity-destruction", "expanded": "physical-entity-destruction" }, { "value": "prevent-artifact-access", "expanded": "prevent-artifact-access" }, { "value": "prevent-artifact-deletion", "expanded": "prevent-artifact-deletion" }, { "value": "remote-machine-access", "expanded": "remote-machine-access" }, { "value": "security-software-degradation", "expanded": "security-software-degradation" }, { "value": "security-software-evasion", "expanded": "security-software-evasion" }, { "value": "self-modification", "expanded": "self-modification" }, { "value": "service-provider-security-feature-degradation", "expanded": "service-provider-security-feature-degradation" }, { "value": "stored-information-theft", "expanded": "stored-information-theft" }, { "value": "system-interface-data-capture", "expanded": "system-interface-data-capture" }, { "value": "system-operational-integrity-violation", "expanded": "system-operational-integrity-violation" }, { "value": "system-re-infection", "expanded": "system-re-infection" }, { "value": "system-state-data-capture", "expanded": "system-state-data-capture" }, { "value": "system-update-degradation", "expanded": "system-update-degradation" }, { "value": "user-data-theft", "expanded": "user-data-theft" }, { "value": "virtual-entity-destruction", "expanded": "virtual-entity-destruction" } ] } ] }