Malware

malware

The Malware object describes the classification of known malicious software, which is intentionally designed to cause damage to a computer, server, client, or computer network.

Attributes

CaptionNameTypeDescription
Classification IDsclassification_idsInteger[]

The list of normalized identifiers of the malware classifications. Reference: STIX Malware Types

  • 0: Unknown (UNKNOWN)
  • 1: Adware (ADWARE)
  • 10: Ransomware (RANSOMWARE)
  • 11: Remote-Access-Trojan (REMOTE_ACCESS_TROJAN)
  • 13: Resource-Exploitation (RESOURCE_EXPLOITATION)
  • 14: Rogue-Security-Software (ROGUE_SECURITY_SOFTWARE)
  • 15: Rootkit (ROOTKIT)
  • 16: Screen-Capture (SCREEN_CAPTURE)
  • 17: Spyware (SPYWARE)
  • 18: Trojan (TROJAN)
  • 19: Virus (VIRUS)
  • 2: Backdoor (BACKDOOR)
  • 20: Webshell (WEBSHELL)
  • 21: Wiper (WIPER)
  • 22: Worm (WORM)
  • 3: Bot (BOT)
  • 4: Bootkit (BOOTKIT)
  • 5: DDOS (DDOS)
  • 6: Downloader (DOWNLOADER)
  • 7: Dropper (DROPPER)
  • 8: Exploit-Kit (EXPLOIT_KIT)
  • 9: Keylogger (KEYLOGGER)
  • 99: Other (OTHER)
ClassificationsclassificationsString[]

The list of malware classifications, normalized to the captions of the classification_ids values. In the case of 'Other', they are defined by the event source.

CVE ListcvesCVE[]

List of Common Vulnerabilities and Exposures (CVE).

NamenameString

The malware name, as reported by the detection engine.

PathpathString

The filesystem path of the malware that was observed.

ProviderproviderString

The provider of the malware information.

Raw Dataraw_dataJSON

Group:context
The event data as received from the event source.

Record IDrecord_idString

Group:primary
Unique identifier for the object

Unique IDuidString

The malware unique identifier, as reported by the detection engine. For example a virus id or an IPS signature id.

UnmappedunmappedUnmapped[]

Data from the source that was not mapped into the schema.

Relationships

Malware shown in context

Inbound Relationships

These objects and events reference Malware in their attributes:

Outbound Relationships

Malware references the following objects and events in its attributes:

This page describes ocsf-1.4.0