updated Malware Analysis vocabulary definitions #328
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Looks great to me. Thank you. Maybe someone with write access could merge it... |
|
Thanks for your review @adulau ! I believe that this will be merged during the next STIX WG meeting. |
dzbeck
reviewed
Aug 21, 2024
| |[stixliteral]#benign# |The tool reported the malware binary as benign. | ||
| |[stixliteral]#unknown# |The tool was unable to determine whether the malware binary is malicious. | ||
| |[stixliteral]#malicious# |The tool or human analysis determined that the sample is designed to operate, execute or take place in a manner that is not expected by legitimate users, or performs one or more actions generally deemed harmful to a system, or the legitimate users of a system. These can take the form of executables, source code, scripts or any other software or commands. | ||
| |[stixliteral]#suspicious# |The tool or human analysis determined that the sample does not operate as expected or is is usually present in conjunction with a malicious file. But does not itself demonstrate malicious behaviors. Examples may include files not expected to be present or that support applications that have not been installed, files with an incorrect attribute (location, version, size), or which are accessed or loaded with unusual frequency or at unusual times. Other examples include files dropped or created when malware runs. |
There was a problem hiding this comment.
typo - two "is" in first sentence. Also, one sentence needs a subject - suggest, "But the sample does not itself..."
|
Looks great to me too - a nice update! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR incorporates the Malware analysis vocabulary definitions suggested by Sean Carroll. Fixes #294