{ "namespace": "mwdb", "description": "Malware Database (mwdb) Taxonomy - Tags used across the platform", "version": 2, "predicates": [ { "value": "location_type", "expanded": "Location Type", "description": "Type of malicious URL." }, { "value": "family", "expanded": "Malware Family" } ], "values": [ { "predicate": "location_type", "entry": [ { "value": "cnc", "expanded": "CNC", "description": "C&C server, usually administrated by criminals. Malware connects to it (usually with a custom protocol) to get new commands and updates." }, { "value": "download_url", "expanded": "Download URL", "description": "Download url. Used to download more malware samples. Sometimes just a hacked legitimate website." }, { "value": "panel", "expanded": "Panel", "description": "Malware panel. HTTP service used by criminals to manage the botnet." }, { "value": "peer", "expanded": "Peer", "description": "Peer. IP/port of infected machine of a legitimate computer user." }, { "value": "other", "expanded": "Other", "description": "Other kind of URL found in the malware." } ] }, { "predicate": "family", "entry": [ { "value": "agenttesla", "expanded": "agenttesla" }, { "value": "andromeda", "expanded": "andromeda" }, { "value": "anubis", "expanded": "anubis" }, { "value": "avemaria", "expanded": "avemaria" }, { "value": "azorult", "expanded": "azorult" }, { "value": "brushaloader", "expanded": "brushaloader" }, { "value": "bublik", "expanded": "bublik" }, { "value": "bunitu", "expanded": "bunitu" }, { "value": "cerber", "expanded": "cerber" }, { "value": "chthonic", "expanded": "chthonic" }, { "value": "citadel", "expanded": "citadel" }, { "value": "corebot", "expanded": "corebot" }, { "value": "cryptomix", "expanded": "cryptomix" }, { "value": "cryptoshield", "expanded": "cryptoshield" }, { "value": "cryptowall", "expanded": "cryptowall" }, { "value": "danabot", "expanded": "danabot" }, { "value": "danaloader", "expanded": "danaloader" }, { "value": "dridex", "expanded": "dridex" }, { "value": "dridex-worker", "expanded": "dridex-worker" }, { "value": "dyre", "expanded": "dyre" }, { "value": "emotet", "expanded": "emotet" }, { "value": "emotet5_upnp", "expanded": "emotet5_upnp" }, { "value": "emotet_doc", "expanded": "emotet_doc" }, { "value": "emotet_spam", "expanded": "emotet_spam" }, { "value": "emotet_upnp", "expanded": "emotet_upnp" }, { "value": "evil-pony", "expanded": "evil-pony" }, { "value": "flokibot", "expanded": "flokibot" }, { "value": "formbook", "expanded": "formbook" }, { "value": "gandcrab", "expanded": "gandcrab" }, { "value": "get2", "expanded": "get2" }, { "value": "globeimposter", "expanded": "globeimposter" }, { "value": "gluedropper", "expanded": "gluedropper" }, { "value": "gootkit", "expanded": "gootkit" }, { "value": "h1n1", "expanded": "h1n1" }, { "value": "hancitor", "expanded": "hancitor" }, { "value": "hawkeye", "expanded": "hawkeye" }, { "value": "icedid", "expanded": "icedid" }, { "value": "iceid", "expanded": "iceid" }, { "value": "iceix", "expanded": "iceix" }, { "value": "isfb", "expanded": "isfb" }, { "value": "jaff", "expanded": "jaff" }, { "value": "kbot", "expanded": "kbot" }, { "value": "kegotip", "expanded": "kegotip" }, { "value": "kins", "expanded": "kins" }, { "value": "kovter", "expanded": "kovter" }, { "value": "kpot", "expanded": "kpot" }, { "value": "kronos", "expanded": "kronos" }, { "value": "locky", "expanded": "locky" }, { "value": "lokibot", "expanded": "lokibot" }, { "value": "madlocker", "expanded": "madlocker" }, { "value": "madness_pro", "expanded": "madness_pro" }, { "value": "maoloa", "expanded": "maoloa" }, { "value": "mirai", "expanded": "mirai" }, { "value": "mmbb", "expanded": "mmbb" }, { "value": "nanocore", "expanded": "nanocore" }, { "value": "necurs", "expanded": "necurs" }, { "value": "netwire", "expanded": "netwire" }, { "value": "neutrino", "expanded": "neutrino" }, { "value": "njrat", "expanded": "njrat" }, { "value": "nymaim", "expanded": "nymaim" }, { "value": "odinaff", "expanded": "odinaff" }, { "value": "onliner", "expanded": "onliner" }, { "value": "ostap", "expanded": "ostap" }, { "value": "panda", "expanded": "panda" }, { "value": "phorpiex", "expanded": "phorpiex" }, { "value": "pony", "expanded": "pony" }, { "value": "pushdo", "expanded": "pushdo" }, { "value": "qadars", "expanded": "qadars" }, { "value": "qakbot", "expanded": "qakbot" }, { "value": "quantloader", "expanded": "quantloader" }, { "value": "quasarrat", "expanded": "quasarrat" }, { "value": "ramnit", "expanded": "ramnit" }, { "value": "remcos", "expanded": "remcos" }, { "value": "retefe", "expanded": "retefe" }, { "value": "ruckguv", "expanded": "ruckguv" }, { "value": "sage", "expanded": "sage" }, { "value": "sendsafe", "expanded": "sendsafe" }, { "value": "shifu", "expanded": "shifu" }, { "value": "slave", "expanded": "slave" }, { "value": "smokeloader", "expanded": "smokeloader" }, { "value": "systembc", "expanded": "systembc" }, { "value": "teslacrypt", "expanded": "teslacrypt" }, { "value": "test", "expanded": "test" }, { "value": "testmod", "expanded": "testmod" }, { "value": "tinba", "expanded": "tinba" }, { "value": "tinba_dga", "expanded": "tinba_dga" }, { "value": "tinynuke", "expanded": "tinynuke" }, { "value": "tofsee", "expanded": "tofsee" }, { "value": "torment", "expanded": "torment" }, { "value": "torrentlocker", "expanded": "torrentlocker" }, { "value": "trickbot", "expanded": "trickbot" }, { "value": "troldesh", "expanded": "troldesh" }, { "value": "unknown", "expanded": "unknown" }, { "value": "vawtrak", "expanded": "vawtrak" }, { "value": "vjworm", "expanded": "vjworm" }, { "value": "vmzeus", "expanded": "vmzeus" }, { "value": "vmzeus2", "expanded": "vmzeus2" }, { "value": "wannacry", "expanded": "wannacry" }, { "value": "xagent", "expanded": "xagent" }, { "value": "zeus", "expanded": "zeus" }, { "value": "zloader", "expanded": "zloader" } ] } ] }