Skip to content

DS0004 Malware Repository

Information obtained (via shared or submitted samples) regarding malicious software (droppers, backdoors, etc.) used by adversaries

Item Value
ID DS0004
Platforms PRE
Collection Layers OSINT
Version 1.0
Created 20 October 2021
Last Modified 20 October 2021

Data Components

Malware Content

Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)

Domain ID Name
enterprise T1587 Develop Capabilities
enterprise T1587.001 Malware
enterprise T1588 Obtain Capabilities
enterprise T1588.001 Malware

Malware Metadata

Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)

Domain ID Name
enterprise T1587 Develop Capabilities
enterprise T1587.001 Malware
enterprise T1587.002 Code Signing Certificates
enterprise T1588 Obtain Capabilities
enterprise T1588.001 Malware
enterprise T1588.002 Tool
enterprise T1588.003 Code Signing Certificates

References

Back to top