Skip Navigation

Threat classifications

Each day,
Cylance
will classify hundreds of threats as either malware or potentially unwanted programs (PUPs). By selecting this option, you are subscribing to be notified when these events occur. For full descriptions of each threat class and subclass, read the Threat Classification FAQ knowledge base article.
Field
Value
Description
Event Name
ResearchSaved
Threat classification additions and changes from the Cylance Threat Research Team.
ThreatUpdated
The threat details have been updated.
Event Type
ThreatClassification
This is a threat classification event.
MD5
[varies]
The MD5 hash for the file.
SHA256
[varies]
The SHA256 hash for the file.
Threat Class
Dual Use
The file can be used for malicious and non-malicious purposes.
File Unavailable
The file is unavailable for analysis.
Example:
The file is too large to upload.
Malware
The file has been identified as malicious.
Possible PUP
The file might be a potentially unwanted program (PUP).
PUP
The file has been identified as a possible potentially unwanted program (PUP).
Trusted
The file has been identified as Safe.
Threat Subclass
Adware
Annoying advertisements or unwanted bundled add-ons
Backdoor
Provides unauthorized access
Bot
Malware that connects to a botnet server
Corrupt
Malformed or unable to run
Crack
Altered to bypass licensing
Downloader
Malware that downloads data
Dropper
Malware that installs other malware
Exploit
Attacks a specific vulnerability
Fake Alert
Malware that appears to be legitimate security software
Fake AV
Malware that appears to be legitimate security software
Game
A game file
Generic
Does not fit into any existing category
Hacking Tool
A hacking tool
Infostealer
Records login credentials and other sensitive information
Keygen
Generates product keys
Monitoring Tool
Track user’s activities
Other
A category used for PUPs that don’t fit anything else
Parasitic
Spread by attacking to other programs
Pass Crack
Used to reveal passwords
Portable Application
Designed to run without needing installation
Ransom
Restricts access
Remnant
Remnants post removal
Remote Access
Access another system remotely
Rootkit
Avoids detection
Scripting Tool
Any script that can run as if it were an executable
Tool
Administrative features used to attack or intrude
Toolbar
Any technology that places additional buttons or input boxes on-screen within a UI
Trojan
Disguises itself as legitimate software
Virus
Inserts or appends itself to other files
Worm
Propagates by copying itself to another device
Example message for threat classifications
BlackBerry Protect Desktop
: Event Type: ThreatClassification, Event Name: ResearchSaved, SHA256: 1218493137321C1D1F897B0C25BEF17CDD0BE9C99B84B4DD8B51EAC8F9794F65, Threat Classification: Malware - Worm
The Threat Classification and Threat Subclass are provided as Threat Classification in the syslog message. In the above example, the Threat Classification contains the Threat Class (Malware) and the Threat Subclass (Worm). If a Threat Subclass is not available, then only the Threat Class will display.