Threat classifications
Each day,
Cylance
will classify hundreds of threats as either malware or potentially unwanted programs (PUPs). By selecting this option, you are subscribing to be notified when these events occur. For full descriptions of each threat class and subclass, read the Threat Classification FAQ knowledge base article.Field | Value | Description |
|---|---|---|
Event Name | ResearchSaved | Threat classification additions and changes from the Cylance Threat Research Team. |
ThreatUpdated | The threat details have been updated. | |
Event Type | ThreatClassification | This is a threat classification event. |
MD5 | [varies] | The MD5 hash for the file. |
SHA256 | [varies] | The SHA256 hash for the file. |
Threat Class | Dual Use | The file can be used for malicious and non-malicious purposes. |
File Unavailable | The file is unavailable for analysis. Example: The file is too large to upload. | |
Malware | The file has been identified as malicious. | |
Possible PUP | The file might be a potentially unwanted program (PUP). | |
PUP | The file has been identified as a possible potentially unwanted program (PUP). | |
Trusted | The file has been identified as Safe. | |
Threat Subclass | Adware | Annoying advertisements or unwanted bundled add-ons |
Backdoor | Provides unauthorized access | |
Bot | Malware that connects to a botnet server | |
Corrupt | Malformed or unable to run | |
Crack | Altered to bypass licensing | |
Downloader | Malware that downloads data | |
Dropper | Malware that installs other malware | |
Exploit | Attacks a specific vulnerability | |
Fake Alert | Malware that appears to be legitimate security software | |
Fake AV | Malware that appears to be legitimate security software | |
Game | A game file | |
Generic | Does not fit into any existing category | |
Hacking Tool | A hacking tool | |
Infostealer | Records login credentials and other sensitive information | |
Keygen | Generates product keys | |
Monitoring Tool | Track user’s activities | |
Other | A category used for PUPs that don’t fit anything else | |
Parasitic | Spread by attacking to other programs | |
Pass Crack | Used to reveal passwords | |
Portable Application | Designed to run without needing installation | |
Ransom | Restricts access | |
Remnant | Remnants post removal | |
Remote Access | Access another system remotely | |
Rootkit | Avoids detection | |
Scripting Tool | Any script that can run as if it were an executable | |
Tool | Administrative features used to attack or intrude | |
Toolbar | Any technology that places additional buttons or input boxes on-screen within a UI | |
Trojan | Disguises itself as legitimate software | |
Virus | Inserts or appends itself to other files | |
Worm | Propagates by copying itself to another device |
Example message for threat classifications
BlackBerry Protect Desktop
: Event Type: ThreatClassification, Event Name: ResearchSaved, SHA256: 1218493137321C1D1F897B0C25BEF17CDD0BE9C99B84B4DD8B51EAC8F9794F65, Threat Classification: Malware - WormThe Threat Classification and Threat Subclass are provided as Threat Classification in the syslog message. In the above example, the Threat Classification contains the Threat Class (Malware) and the Threat Subclass (Worm). If a Threat Subclass is not available, then only the Threat Class will display.