-MAEC Delivery Vectors namespace available in JSON format at https://github.com/MISP/misp-taxonomies/blob/master/MAEC Delivery Vectors/machinetag.json[this location]. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. +maec-delivery-vectors namespace available in JSON format at this location. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. |
active Attacker
auto-executing-media
downloader
dropper
email-attachment
exploit-kit-landing-page
fake-website
janitor-attack
malicious-iframes
malvertising
media-baiting
pharming
phishing
trojanized-link
trojanized-software
usb-cable-syncing
watering-hole
-MAEC Malware Bahaviors namespace available in JSON format at https://github.com/MISP/misp-taxonomies/blob/master/MAEC Malware Bahaviors/machinetag.json[this location]. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. +maec-malware-behavior namespace available in JSON format at this location. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. |
access-premium-service
autonomous-remote-infection
block-security-websites
capture-camera-input
capture-file-system-data
capture-gps-data
capture-keyboard-input
capture-microphone-input
capture-mouse-input
capture-printer-output
capture-system-memory
capture-system-network-traffic
capture-system-screenshot
capture-touchscreen-input
check-for-payload
click-fraud
compare-host-fingerprints
compromise-remote-machinen
control-local-machine-via-remote-command
control-malware-via-remote-command
crack-passwords
defeat-call-graph-generation
defeat-emulator
defeat-flow-oriented-disassembler
defeat-linear-disassembler
degrade-security-program
denial-of-service
destroy-hardware
detect-debugging
detect-emulator
detect-installed-analysis-tools
detect-installed-av-tools
detect-sandbox-environment
detect-vm-environment
determine-host-ip-address
disable-access-rights-checking
disable-firewall
disable-kernel-patch-protection
disable-os-security-alerts
disable-privilege-limiting
disable-service-pack-patch-installation
disable-system-file-overwrite-protection
disable-update-services-daemons
disable-user-account-control
drop-retrieve-debug-log-file
elevate-privilege
encrypt-data
encrypt-files
encrypt-self
erase-data
evade-static-heuristic
execute-before-external-to-kernel-hypervisor
execute-non-main-cpu-code
execute-stealthy-code
exfiltrate-data-via-covert channel
exfiltrate-data-via-dumpster-dives
exfiltrate-data-via-fax
exfiltrate-data-via-network
exfiltrate-data-via-physical-media
exfiltrate-data-via-voip-phone
feed-misinformation-during-physical-memory-acquisition
file-system-instantiation
fingerprint-host
generate-c2-domain-names
hide-arbitrary-virtual-memory
hide-data-in-other-formats
hide-file-system-artifacts
hide-kernel-modules
hide-network-traffic
hide-open-network-ports
hide-processes
hide-services
hide-threads
hide-userspace-libraries
identify-file
identify-os
identify-target-machines
impersonate-user
install-backdoor
install-legitimate-software
install-secondary-malware
install-secondary-module
intercept-manipulate-network-traffic
inventory-security-products
inventory-system-applications
inventory-victims
limit-application-type-version
log-activity
inventory-victims
-manipulate-file-system-data
map-local-network
mine-for-cryptocurrency
modify-file
modify-security-software-configuration
move-data-to-staging-server
obfuscate-artifact-properties
overload-sandbox
package-data
persist-after-hardware-changes
persist-after-os-changes
persist-after-system-reboot
prevent-api-unhooking
prevent-concurrent-execution
prevent-debugging
prevent-file-access
prevent-file-deletion
prevent-memory-access
prevent-native-api-hooking
prevent-physical-memory-acquisition
prevent-registry-access
prevent-registry-deletion
prevent-security-software-from-executing
re-instantiate-self
remove-self
remove-sms-warning-messages
remove-system-artifacts
request-email-address-list
request-email-template
search-for-remote-machines
send-beacon
send-email-message
social-engineering-based-remote-infection
steal-browser-cache
steal-browser-cookies
steal-browser-history
steal-contact-list-data
steal-cryptocurrency-data
steal-database-content
steal-dialed-phone-numbers
steal-digital-certificates
steal-documents
steal-email-data
steal-images
steal-password-hashes
steal-pki-key
steal-referrer-urls
steal-serial-numbers
steal-sms-database
steal-web-network-credential
stop-execution-of-security-software
suicide-exit
test-for-firewall
test-for-internet-connectivity
test-for-network-drives
test-for-proxy
test-smtp-connection
update-configuration
validate-data
write-code-into-file
-MAEC Malware Capabilities namespace available in JSON format at https://github.com/MISP/misp-taxonomies/blob/master/MAEC Malware Capabilities/machinetag.json[this location]. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. +maec-malware-capabilities namespace available in JSON format at this location. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. |
anti-behavioral-analysis
anti-code-analysis
anti-detection
anti-removal
availability-violation
collection
command-and-control
data-theft
destruction
discovery
exfiltration
fraud
infection-propagation
integrity-violationk
machine-access-control
persistence
privilege-escalation
secondary-operation
security-degradation
access-control-degradation
security-degradation
-anti-debugging
anti-disassembly
anti-emulation
anti-memory-forensics
anti-sandbox
anti-virus-evasion
anti-vm
authentication-credentials-theft
clean-traces-of-infection
communicate-with-c2-servern
compromise-data-availability
compromise-system-availability
consume-system-resources
continuous-execution
data-integrity-violation
data-obfuscation
data-staging
determine-c2-server
email-spam
ensure-compatibility
environment-awareness
file-infection
hide-artifacts
hide-executing-code
hide-non-executing-code
host-configuration-probing
information-gathering-for-improvement
input-peripheral-capture
install-other-components
local-machine-control
network-environment-probing
os-security-feature-degradation
output-peripheral-capture
physical-entity-destruction
prevent-artifact-access
prevent-artifact-deletion
remote-machine-access
security-software-degradation
security-software-evasion
self-modification
service-provider-security-feature-degradation
stored-information-theft
system-interface-data-capture
system-operational-integrity-violation
system-re-infection
system-state-data-capture
system-update-degradation
user-data-theft
virtual-entity-destruction
-MAEC Obfuscation methods namespace available in JSON format at https://github.com/MISP/misp-taxonomies/blob/master/MAEC Obfuscation methods/machinetag.json[this location]. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. +maec-malware-obfuscation-methods namespace available in JSON format at this location. The JSON format can be freely reused in your application or automatically enabled in MISP taxonomy. |
packing
code-encryption
dead-code-insertion
entry-point-obfuscation
import-address-table-obfuscation
interleaving-code
symbolic-obfuscation
string-obfuscation
subroutine-reordering
code-transposition
instruction-substitution