Fill Malware Details
Malware is a type of TTP that represents malicious code. It generally refers to a program that has been inserted into a system, usually covertly.
Basic Details
Field Name | Required | Description |
---|---|---|
Name | Mandatory | Specify the name for the malware to identify the instance or family. |
Description | Optional | Specify the additional information about the malware instance or family. |
Malware Type | Optional | Specify the type of malware, such as adware, backdoor, bot, bootkit, and more. |
Malware Family | Optional | Select the check box if the malware represents a family of malware in the threat landscape. |
Alias | Optional | Specify any alternate names frequently used to identify the malware. |
First Seen* | Mandatory | Specify the time at which the instance was first observed. |
Last Seen* | Mandatory | Specify the time at which the instance was last observed. |
Operating System | Mandatory | Specify the operating system on which the malware instance or family is executable. |
Architecture Execution Environments | Optional | Specify the processor architecture on which the malware instance or family is executable. |
Implementation Languages | Optional | Specify the programming languages used to implement the malware instance or family. |
Capabilities | Optional | Specify the identified capabilities for the malware instance or family. |
*For more details on dates across the platform, see General FAQs.
Common Fields
Field Name | Description |
---|---|
Tags | Specify the tags for the malware. |
TLP | Specify the TLP of the malware such as RED, AMBER, GREEN, WHITE, and NONE. |
Created by Reference | Specify the entity that created the CTIX object. |
Revoked | Select this option to mark the component as revoked or invalid. |
Custom Attributes
Field Name | Description |
---|---|
Add Custom Attributes | Specify the additional information that helps in improving the threat intelligence details. CTIX displays custom attributes created in Administration > Custom Entities Management. You can create multiple custom attributes for malware. |
Kill Chain Phases
Include the kill chain phases for which this object can be used.
Field Name | Description |
Kill Chain Name | Choose the kill chain name to associate with this object. You can choose Lockheed Martin or MITRE kill chains. You can also create and add custom kill chains in Administration > Custom Entities Management and associate them here. |
Kill Chain Phase | Choose the kill chain phase associated with the kill chain. |
External References
Use external references to include any non-STIX information that you may want to associate with this object.
Field Name | Description |
---|---|
Source Name | Enter a source name. |
Description | Enter a description. |
External ID | Enter an external ID. |
URL | Enter the URL of the external reference. |
Hash Type | Select the hash type. |
Hash Value | Enter the hash value. |