Improve the definitions in Malware Result Vocabulary

[ejratl]

10.13 Malware Result Vocabulary defines malicious, suspicious, benign, unknown but the definitions are not very descriptive. The STIX WG on Oct. 4, 2022 requested that we consider improve these definitions in the next version.

[SCMCarroll]

Proposed draft definitions v0.01 for malware analysis of sample : Benign, Malicious, Suspicious, Unknown

Attribute Name	Definition/Description
Benign	The tool or human analysis determined that the sample has been confirmed to not demonstrate malicious behaviors and is not in and of itself associated with malware or malicious activity.
Malicious	The tool or human analysis determined that the sample is designed to operate, execute or take place in a manner that is not expected by legitimate users, or performs 1 or more actions generally deemed harmful to a system, or the owners/legitimate users of a system. These can take the form of executables, source code, scripts or any other software\commands.
Suspicious	The tool or human analysis determined that the sample does not operate as expected or is is usually present in conjunction with a malicious file. But does not itself demonstrate malicious behaviors. Examples may includes files not expected to be present or that support applications that have not been installed, files with an incorrect attribute (locations, version size) , or is accessed or loaded with unusual frequency or at unusual times. Other examples include are files dropped or created when malware runs.
Unknown	The tool or human analysis was unable to determine whether the malware binary is malicious.

[srrelitz2]

When updated, modification will be applied to the vocab