misp-taxonomies/stealth-malware
Richard van den Berg a2f7a9bc9f Add Stealth Malware Taxonomy as defined by Joanna Rutkowska 2016-10-28 11:07:24 +02:00
..
README.md Add Stealth Malware Taxonomy as defined by Joanna Rutkowska 2016-10-28 11:07:24 +02:00
machinetag.json Add Stealth Malware Taxonomy as defined by Joanna Rutkowska 2016-10-28 11:07:24 +02:00

README.md

Stealth Malware Taxonomy

Malware Types

All malware samples should be classified into one of the categories listed in the table below.

Type 0
No OS or system compromise. The malware runs as a normal user process using only official API calls.
Type I
The malware modifies constant sections of the kernel and/or processes such as code sections.
Type II
The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.
Type III
The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.

Machine-parsable Stealth Malware Taxonomy

The repository contains a JSON file including the machine-parsable tags along with their human-readable description. The software can use both representation on the user-interface and store the tag as machine-parsable.

stealth_malware:type="II"

Based on:

https://vxheaven.org/lib/pdf/Introducing%20Stealth%20Malware%20Taxonomy.pdf