Skip to main content

Cyware Fusion and Threat Response

Add Malware

You can add a malware from anywhere in the CFTR UI. To add a malware:

  1. On the top banner area of the CFTR UI, click the +New button and select Malware. New Malware tab appears.

  2. In the Name field, enter the name of the malware. The malware name and ID can be viewed in the Malware listing page (for example, #MLW123).

  3. Under the Summary section, enter the details of the malware. The fields with an asterisk (*) are mandatory fields.

    Field Name

    Description

     

     

    Description

    Enter a description that best describes the key details of the malware.

    Malware Type*

    Select the malware types. This helps in grouping the malware according to the type. Some of the malware types are:

    • Botnet

    • Destructive

    • Exploit Kit

    • Ransomware

    • Root Kit

    • Trojan

    • Worm

    Tactic-Technique-SubTechnique

    Click the +Add button to add the Tactic-Technique-SubTechnique that are being used by the malware. A Tactic and its appropriate Technique ans Sub-technique is automatically mapped using the MITRE ATT&CK Navigator tool and shown in the field drop-down values.

     

     

    File Type

    Select the file types of the malware from the drop-down list. Some of the suggested file types are:

    • .exe

    • .dll

    • .zip

    • .docx

    Aliases

    Enter the aliases for the malware.

    First Seen

    Enter the date on which the malware was first observed.

    Last Modified Date

    Enter the last modified date for the malware.

    File Size

    Enter the file size of the malware.

    Platforms Impacted

    Select the platforms that are impacted by the malware. This also helps in grouping the malware according to the platforms. Some of the predefined platforms are:

    • Linux

    • Win32

    • Android

    • Mac OS

    • iOS

    Zero Day

    Specify if the malware is exploiting a Zero-day vulnerability or not. You can select either Yes or No.

    Associated Bitcoin Addresses

    Enter the Bitcoin address associated with the malware. Bitcoin addresses are associated with Ransomware malware.

  4. On the right pane, from the Labels drop-down list, select the labels.

  5. Click Submit.

The fields under the Summary tab may differ based on the fields configured by your CFTR admin under Form Management for malware on the Admin Panel.