{ "$id": "../sdos/malware.json", "$schema": "http://json-schema.org/draft-06/schema#", "title": "malware", "description": "Malware is a type of TTP that is also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.", "type": "object", "allOf": [ { "$ref": "../common/core.json" }, { "properties": { "type": { "type": "string", "description": "The type of this object, which MUST be the literal `malware`.", "const": "malware" }, "id": { "title": "id", "pattern": "^malware--" }, "labels": { "type": "array", "description": "The type of malware being described. Open Vocab - malware-label-ov", "items": { "type": "string" }, "minItems": 1 }, "name": { "type": "string", "description": "The name used to identify the Malware." }, "description": { "type": "string", "description": "Provides more context and details about the Malware object." }, "kill_chain_phases": { "type": "array", "description": "The list of kill chain phases for which this Malware instance can be used.", "items": { "$ref": "../common/kill-chain-phase.json" }, "minItems": 1 } } } ], "required": [ "name", "labels" ], "definitions": { "malware-label-ov": { "type": "string", "enum": [ "adware", "backdoor", "bot", "ddos", "dropper", "exploit-kit", "keylogger", "ransomware", "remote-access-trojan", "resource-exploitation", "rogue-security-software", "rootkit", "screen-capture", "spyware", "trojan", "virus", "worm" ] } } }