Skip to main content

Cyware Threat Intelligence eXchange

Fill Malware Details

Malware is a type of TTP that represents malicious code. It generally refers to a program that has been inserted into a system, usually covertly.

Basic Details

Field Name

Required

Description

Name

Mandatory

Specify the name for the malware to identify the instance or family.

Description

Optional

Specify the additional information about the malware instance or family.

Malware Type

Optional

Specify the type of malware, such as adware, backdoor, bot, bootkit, and more.

Malware Family

Optional

Select the check box if the malware represents a family of malware in the threat landscape.

Alias

Optional

Specify any alternate names frequently used to identify the malware.

First Seen*

Mandatory

Specify the time at which the instance was first observed.

Last Seen*

Mandatory

Specify the time at which the instance was last observed.

Operating System

Mandatory

Specify the operating system on which the malware instance or family is executable.

Architecture Execution Environments

Optional

Specify the processor architecture on which the malware instance or family is executable.

Implementation Languages

Optional

Specify the programming languages used to implement the malware instance or family.

Capabilities

Optional

Specify the identified capabilities for the malware instance or family.

*For more details on dates across the platform, see General FAQs.

Common Fields

Field Name

Description

Tags

Specify the tags for the malware.

TLP

Specify the TLP of the malware such as RED, AMBER, GREEN, WHITE, and NONE.

Created by Reference

Specify the entity that created the CTIX object.

Revoked

Select this option to mark the component as revoked or invalid.

Custom Attributes

Field Name

Description

Add Custom Attributes

Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for malware.

Kill Chain Phases

Include the kill chain phases for which this object can be used.

Field Name

Description

Kill Chain Name

Choose the kill chain name to associate with this object. You can choose Lockheed Martin or MITRE kill chains. You can also create and add custom kill chains in Administration > Custom Entities Management and associate them here.

Kill Chain Phase

Choose the kill chain phase associated with the kill chain.

External References

Use external references to include any non-STIX information that you may want to associate with this object.

Field Name

Description

Source Name

Enter a source name.

Description

Enter a description.

External ID

Enter an external ID.

URL

Enter the URL of the external reference.

Hash Type

Select the hash type.

Hash Value

Enter the hash value.