1. Home
  2. Mapping Frameworks
  3. VERIS Home
  4. action.malware Capability Group

VERIS action.malware Capability Group

All Mappings

Loading, please wait
Capability ID
Capability Description
Mapping Type
ATT&CK ID
ATT&CK Name
action.malware.variety.Backdoor or C2 Malware creates a remote control capability, but it's unclear if it's a backdoor for hacking or C2 for malware. Parent of 'C2' and 'Backdoor'. related-to T1001.001 Data Obfuscation: Junk Data
action.malware.variety.C2 Malware creates Command and Control capability for malware. Child of 'Backdoor or C2'. related-to T1001.001 Data Obfuscation: Junk Data
action.malware.variety.Password dumper Password dumper (extract credential hashes) related-to T1003 OS Credential Dumping
action.malware.variety.Password dumper Password dumper (extract credential hashes) related-to T1003.001 OS Credential Dumping: LSASS Memory
action.malware.variety.RAM scraper RAM scraper or memory parser (capture data from volatile memory) related-to T1003.001 OS Credential Dumping: LSASS Memory
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1003.002 OS Credential Dumping: Security Account Manager
action.malware.variety.Password dumper Password dumper (extract credential hashes) related-to T1003.002 OS Credential Dumping: Security Account Manager
action.malware.variety.RAM scraper RAM scraper or memory parser (capture data from volatile memory) related-to T1003.002 OS Credential Dumping: Security Account Manager
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1003.003 OS Credential Dumping: NTDS
action.malware.variety.Password dumper Password dumper (extract credential hashes) related-to T1003.003 OS Credential Dumping: NTDS
Showing 1 to 10 of 422 rows
102550100
rows per page

Capabilities

Loading, please wait
Capability ID
Capability Name
Number of Mappings
action.malware.vector.Email Email. Parent to 'Email attachment', 'Email autoexecute', 'Email link', 'Email unknown' 1
action.malware.variety.Worm Worm (propagate to other systems or devices) 2
action.malware.variety.RAM scraper RAM scraper or memory parser (capture data from volatile memory) 5
action.malware.variety.Ransomware Ransomware (encrypt or seize stored data) 2
action.malware.variety.Downloader Downloader (pull updates or other malware) 5
action.malware.vector.Removable media Removable storage media or devices 2
action.malware.vector.Direct install Directly installed or inserted by threat agent (after system access) 2
action.malware.vector.Software update Included in automated software update 2
action.malware.variety.Cryptocurrency mining Cryptocurrency mining, whether or not click fraud. Child of 'Click fraud and cryptocurrency mining'. 2
action.malware.variety.Exploit misconfig Exploit a misconfiguration (vs vuln or weakness) 3
Showing 1 to 10 of 51 rows
102550100
rows per page