DS0004 Malware Repository
Information obtained (via shared or submitted samples) regarding malicious software (droppers, backdoors, etc.) used by adversaries
| Item | Value |
|---|---|
| ID | DS0004 |
| Platforms | PRE |
| Collection Layers | OSINT |
| Version | 1.1 |
| Created | 20 October 2021 |
| Last Modified | 07 December 2022 |
Data Components
Malware Content
Code, strings, and other signatures that compromise a malicious payload
| Domain | ID | Name |
|---|---|---|
| enterprise | T1587 | Develop Capabilities |
| enterprise | T1587.001 | Malware |
| enterprise | T1588 | Obtain Capabilities |
| enterprise | T1588.001 | Malware |
Malware Metadata
Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information
| Domain | ID | Name |
|---|---|---|
| enterprise | T1587 | Develop Capabilities |
| enterprise | T1587.001 | Malware |
| enterprise | T1587.002 | Code Signing Certificates |
| enterprise | T1588 | Obtain Capabilities |
| enterprise | T1588.001 | Malware |
| enterprise | T1588.002 | Tool |
| enterprise | T1588.003 | Code Signing Certificates |