Threat Indicator Database Threat Types
Threat Intelligence categorizes threats by different characteristics, including the methods used by the threat actor to compromise the target system's security, and the threat's symptoms.
| Type | Description |
|---|---|
Adware |
Presents unwanted advertisements to users |
Anomalous |
Is associated with unusual activity but might not be a threat |
Atm_malware |
Uses automated teller machine (ATM) terminals to obtain bank card information and credentials |
Backdoor |
Provides access to systems or data without normal authentication or encryption |
Banking |
Targets financial institutions and banks |
Botnets |
Uses a network of compromised, Internet-connected computers |
Bruteforce |
Systematically tries many combinations of usernames and passwords |
Clickfraud |
Simulates a user clicking an advertisement to generate revenue for the ad publisher |
Commandcontrol |
Takes control of a computer that issues commands to other infected computers |
Commandinjection |
Exploits a vulnerable application to run malicious commands on the host operating system |
Commodity |
Uses readily available tools with little or no customization to perform security attacks |
Credentialharvesting |
Identifies valid credentials for a system, often to sell or distribute to other actors |
Criminal |
Uses tools that are typically sold and distributed by criminal organizations |
Cryptocurrencytheft |
Infects blockchain or financial software to perform unauthorized transfers of cryptocurrency |
Denialofservice |
Floods a target computer with requests so that it can't fulfill legitimate requests |
DeploymentFramework |
Uses commercial or open source orchestration tools to deploy malware |
Downloader |
Downloads and runs malware by pretending to be legitimate software |
Dropper |
Installs a malicious program by pretending to be legitimate software |
Emailattack |
Floods a target system with email messages, or sends emails containing malicious links or attachments |
Exploit |
Takes advantage of a known hardware, software, network, or other vulnerability |
Extortion |
Attacks or threatens to attack systems if target does not pay by the deadline |
FileInfector |
Injects malicious code into executable files |
Formjacking |
Uses an existing website to extract and copy data that users submit from an HTML form |
Informationstealer |
Attempts to identify and copy sensitive or private information |
Injection |
Exploits a vulnerable application by embedding malicious commands into request data |
Keylogger |
Secretly monitors keystrokes and reports them back for collection |
Loader |
Overrides the operating system's mechanism for loading and running programs and libraries |
Maliciousscript |
Injects code fragments into a trusted website to compromise its security |
Maninthebrowser |
Modifies a web browser to intercept and manipulate messages between the client and the server, typically to perform online transactions without the user's knowledge |
Mineware |
Steals a system's resources (CPUs) to mine cryptocurrency |
Mobilemalware |
Targets mobile devices, such as phones and tablets |
Modular |
Targets a specific type of attack on a host after gathering system information and identifying vulnerabilities |
Opensource |
Uses open source tools, such as penetration testing tools, to perform security attacks |
Pathtraversal |
Exploits a vulnerable file system to access files and directories stored outside the web root folder |
Phishing |
Sends an email that appears to be from a legitimate source but attempts to trick users into either providing sensitive information or running malicious programs |
Pointofsale |
Uses point of sale (POS) and payment terminals to obtain credit card information and credentials |
Proxy |
Uses an intermediary server between a user and the internet to help obfuscate the origin of requests |
Pup |
A potentially unwanted program (PUP) is software that might compromise privacy or weaken security, and is often bundled with other programs |
Ransomware |
Holds systems or data for ransom (typically through encryption) until a fee is paid |
Rat |
A remote access trojan (RAT) program enables a remote actor to run commands on a target host by pretending to be legitimate software |
Repurposedlegitimatesoftware |
Uses commercial or open source security tools that are normally used to detect or prevent threats |
Rootkit |
Hides its files or processes from normal methods of monitoring to conceal its presence and activities |
Solarwinds |
Attempts to exploit vulnerabilities in SolarWinds supply chain software |
Spambot |
Sends large numbers of unsolicited emails, often as a vector for other types of attacks |
Sqlinjectionattack |
Gains unauthorized access to a database by inserting malicious commands into legitimate SQL statements |
Sshattack |
Attempts to modify login credentials for secure shell (SSH) access |
Suspicious |
Is associated with unusual activity |
Targeted |
Targets the resources or data of a specific organization or industry |
Targetedcrimeware |
Steals the identities of users in a specific organization or industry to commit crimes like performing unauthorized financial transactions |
Tor-exit-relay |
Uses The Onion Router (TOR) relays to conceal the source's identity |
Vulnerabilityattack |
Exploits a hardware or software weakness to gain unauthorized access |
Webattack |
Attacks web servers and their configurations |
Webshell |
Enables persistent, unauthorized access to files on a web server though a command line interface |
Xss
|
Cross-site scripting (XSS) circumvents web server or client security by inserting malicious commands into web pages |