MISP
/
misp-taxonomies
mirror of https://github.com/MISP/misp-taxonomies
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-taxonomies/stealth_malware
History
Alexandre Dulaunoy bed7f3004a stealth_malware to match taxonomy namespace 2016-10-29 11:45:37 +02:00
..
README.md stealth_malware to match taxonomy namespace 2016-10-29 11:45:37 +02:00
machinetag.json stealth_malware to match taxonomy namespace 2016-10-29 11:45:37 +02:00

README.md

Stealth Malware Taxonomy

Malware Types

All malware samples should be classified into one of the categories listed in the table below.

Type 0
No OS or system compromise. The malware runs as a normal user process using only official API calls.
Type I
The malware modifies constant sections of the kernel and/or processes such as code sections.
Type II
The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.
Type III
The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.

Machine-parsable Stealth Malware Taxonomy

The repository contains a JSON file including the machine-parsable tags along with their human-readable description. The software can use both representation on the user-interface and store the tag as machine-parsable.

stealth_malware:type="II"

Based on:

https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf