Alexandre Dulaunoy bed7f3004a | ||
---|---|---|
.. | ||
README.md | ||
machinetag.json |
README.md
Stealth Malware Taxonomy
Malware Types
All malware samples should be classified into one of the categories listed in the table below.
- Type 0
- No OS or system compromise. The malware runs as a normal user process using only official API calls.
- Type I
- The malware modifies constant sections of the kernel and/or processes such as code sections.
- Type II
- The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.
- Type III
- The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.
Machine-parsable Stealth Malware Taxonomy
The repository contains a JSON file including the machine-parsable tags along with their human-readable description. The software can use both representation on the user-interface and store the tag as machine-parsable.
stealth_malware:type="II"
Based on:
https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf