Stealth Malware Taxonomy
All malware samples should be classified into one of the categories listed in the table below.
- Type 0
- No OS or system compromise. The malware runs as a normal user process using only official API calls.
- Type I
- The malware modifies constant sections of the kernel and/or processes such as code sections.
- Type II
- The malware does not modify constant sections but only the dynamic sections of the kernel and/or processes such as data sections.
- Type III
- The malware does not modify any sections of the kernel and/or processes but influences the system without modifying the OS. For example using hardware virtualization techniques.
Machine-parsable Stealth Malware Taxonomy
The repository contains a JSON file including the machine-parsable tags along with their human-readable description. The software can use both representation on the user-interface and store the tag as machine-parsable.