misp-taxonomies/threatmatch-malware-types/machinetag.json

{
  "namespace": "threatmatch-malware-types",
  "expanded": "Malware Types for Sharing into ThreatMatch and MISP",
  "version": 1,
  "description": "The ThreatMatch Malware types are applicable for any ThreatMatch instances and should be used for all CIISI and TIBER Projects.",
  "refs": [
    "https://www.secalliance.com/platform/",
    "https://www.ecb.europa.eu/press/pr/date/2020/html/ecb.pr200227_1~062992656b.en.html"
  ],
  "predicates": [
    {
      "value": "malware_type",
      "expanded": "Malware type"
    }
  ],
  "values": [
    {
      "predicate": "malware_type",
      "entry": [
        {
          "value": "Adware",
          "expanded": "Adware"
        },
        {
          "value": "Backdoor",
          "expanded": "Backdoor"
        },
        {
          "value": "Banking Trojan",
          "expanded": "Banking Trojan"
        },
        {
          "value": "Botnet",
          "expanded": "Botnet"
        },
        {
          "value": "Destructive",
          "expanded": "Destructive"
        },
        {
          "value": "Downloader",
          "expanded": "Downloader"
        },
        {
          "value": "Exploit Kit",
          "expanded": "Exploit Kit"
        },
        {
          "value": "Fileless Malware",
          "expanded": "Fileless Malware"
        },
        {
          "value": "Keylogger",
          "expanded": "Keylogger"
        },
        {
          "value": "Legitimate Tool",
          "expanded": "Legitimate Tool"
        },
        {
          "value": "Mobile Application",
          "expanded": "Mobile Application"
        },
        {
          "value": "Mobile Malware",
          "expanded": "Mobile Malware"
        },
        {
          "value": "Point-of-Sale (PoS)",
          "expanded": "Point-of-Sale (PoS)"
        },
        {
          "value": "Remote Access Trojan",
          "expanded": "Remote Access Trojan"
        },
        {
          "value": "Rootkit",
          "expanded": "Rootkit"
        },
        {
          "value": "Skimmer",
          "expanded": "Skimmer"
        },
        {
          "value": "Spyware",
          "expanded": "Spyware"
        },
        {
          "value": "Surveillance Tool",
          "expanded": "Surveillance Tool"
        },
        {
          "value": "Trojan",
          "expanded": "Trojan"
        },
        {
          "value": "Virus",
          "expanded": "Virus "
        },
        {
          "value": "Worm",
          "expanded": "Worm"
        },
        {
          "value": "Zero-day",
          "expanded": "Zero-day"
        },
        {
          "value": "Unknown",
          "expanded": "Unknown"
        }
      ]
    }
  ]
}