|
|
|
|
|
|
Threat Indicator
|
Classification
|
||
|---|---|---|---|
|
Ransomware
|
Malware that limits user access to a system either by locking the
user out of the system or encrypts the user's files unless a ransom is paid.
|
||
|
Coin Miners
|
Malware used by attackers for cryptocurrency mining.
|
||
|
C&C Callbacks
|
Communication with Command and Control (C&C) servers, which are used to
remotely send commands to, download malicious content to, or exfiltrate data from
infected clients.
|
||
|
Suspicious Malware
|
Malicious software used by attackers to disrupt, control, steal,
cause data loss, spy upon, or gain unauthorized access to computer systems.
Detections are included in this category if they are not included in the
Suspicious Documents or Suspicious Scripts indicator categories.
|
||
|
Suspicious URLs
|
A domain or URL that links to an unknown malicious website.
|
||
|
Suspicious Documents
|
High risk detections for Office and PDF documents.
|
||
|
Suspicious Scripts
|
High risk detections for script files that exhibits malicious
characteristics.
Script files include HTML, HTML application, JavaScript, Java jar/class, VB,
Windows shell/script, BAT, and SVG files.
|
