Guides

Malware

Suggest Edits

The Malware object describes the classification of known malicious software, which is intentionally designed to cause damage to a computer, server, client, or computer network.

Attributes

CaptionNameTypeDescription
Classification IDs classification_ids Integer[] The list of normalized identifiers of the malware classifications. Reference: STIX Malware Types
  • 0: Unknown (UNKNOWN)
  • 1: Adware (ADWARE)
  • 10: Ransomware (RANSOMWARE)
  • 11: Remote-Access-Trojan (REMOTE-ACCESS-TROJAN)
  • 13: Resource-Exploitation (RESOURCE-EXPLOITATION)
  • 14: Rogue-Security-Software (ROGUE-SECURITY-SOFTWARE)
  • 15: Rootkit (ROOTKIT)
  • 16: Screen-Capture (SCREEN-CAPTURE)
  • 17: Spyware (SPYWARE)
  • 18: Trojan (TROJAN)
  • 19: Virus (VIRUS)
  • 2: Backdoor (BACKDOOR)
  • 20: Webshell (WEBSHELL)
  • 21: Wiper (WIPER)
  • 22: Worm (WORM)
  • 3: Bot (BOT)
  • 4: Bootkit (BOOTKIT)
  • 5: DDOS (DDOS)
  • 6: Downloader (DOWNLOADER)
  • 7: Dropper (DROPPER)
  • 8: Exploit-Kit (EXPLOIT-KIT)
  • 9: Keylogger (KEYLOGGER)
  • 99: Other (OTHER)
Classifications classifications String[] The list of malware classifications, normalized to the captions of the classification_ids values. In the case of 'Other', they are defined by the event source.
CVE UIDs cve_uids String[] The common vulnerabilities and exposures (CVE) unique identifiers.

🚧 WARNING: DEPRECATED

CVE UIDs has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
CVE List cves CVE[] List of Common Vulnerabilities and Exposures (CVE).
Name name String The malware name, as reported by the detection engine.
Path path Path Name The filesystem path of the malware that was observed.
Provider provider String The provider of the malware information.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Unique ID uid String The malware unique identifier, as reported by the detection engine. For example a virus id or an IPS signature id.
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Malware shown in context

Inbound Relationships

These objects and events reference Malware in their attributes:

Outbound Relationships

Malware references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 5 months ago