Define a Malware
Define a malware that represents malicious code.
Before you begin
Role required: sn_ti.admin
Procedure
- Navigate to .
- Click New.
-
Complete the fields in the form as appropriate.
Field Description Name Enter a name to identify the malware instance or family, as specified by the producer of the SDO. For a malware family, the name must be defined. First Seen The time that this malware instance or family was first seen performing malicious activities. Last Seen The time that this malware instance or family was last seen performing malicious activities. Source Specifies the threat source from which this record is created. Description A description that provides more details and context about the malware instance or family, potentially including its purpose and its key characteristics. Aliases Alternative names to identify this malware instance or family. Source ID Unique identifier for this object in the threat source. Is Family Specifies if the object represents a malware family or a malware instance. Created Time in Source Specifies the time the object is created in the source. Modified Time in Source Specifies the time the object is modified in the source. - Click Submit.
What to do next
| Related Links and Related Lists | Description |
|---|---|
| Show Relationships | Opens the STIX Visualizer where you can view the relationship of the STIX
object. Show Relationships appears only when the object has an associated object. |
| External References | Lists external references which refer to non-STIX information. This property is used to provide one or more external object identifiers. |
| Associated Types | Lists indicator types associated with this object. |
| Associated Capabilities | Lists the capabilities identified and associated with this object. |
| Associated Kill Chain Phases | Lists kill chain phases associated with this object. |
| Associated Observables | Lists observables associated with this object. |
| Associated Malware | Lists the associated malware identified with this object. |
| Associated Operating Systems | The operating systems that the object is executable on. This applies to virtualized operating systems as well as those running on bare metal. |
| Attack Patterns | Lists the attack patterns that help categorize attacks that are associated with this object. |
| Campaigns | Lists campaigns associated with this object. |
| Course of Actions | Lists the associated course of actions with this object that are technical or automated responses (applying patches, reconfiguring firewalls) to prevent an attack. |
| Identities | List of identities associated with this object. |
| Indicators | Lists related Indicators of Compromise (IoC) that have been identified by the threat source associated with this object. |
| Infrastructure | Lists systems, software services, and any associated physical or virtual resources that are associated with this object. |
| Intrusion Set | Lists a set of adversarial behaviors and resources with common properties associated with this object. |
| Locations | Lists locations that provide geographic context to this object. |
| Malware Analysis | Lists malware analysis records associated with this object. |
| Reported Observables | Lists observables reported as part of this object. |
| Threat Actors | Lists individuals, groups, or organizations who act with malicious intent associated with this object. |
| Tools | Lists legitimate software that is used by threat actors to perform attacks associated with this object. |
| Vulnerabilities | Lists a weakness or defect in a software or hardware that attackers exploit which is associated with this object. |