Graph API Version

MalwareFamilyType

A description of the type of logic or automation used to create a MalwareFamily object.

Values

NameDescription

AVSCAN

Antivirus signature detection.

AV_SIGNATURE

A family where all variants have the same anti-virus detection signature.

BARF10

A family where all variants are browser extensions and have the same Browser-Access Relative Filename (BARF) hash.

FSH_SSDEEP

A family where all variants are related by the FSH of Ssdeep

FSH_HTML

A family where all variants are related by the FSH of the HTML

IMP_HASH

A family where all variants are Portable Executables and have the same PE ImportHash.

JS004

A family where all variants are Javascript files and have a similar JS004 value.

JS005

A family where all variants are Javascript files and have a similar JS005 value.

MANUAL

A manually constructed malware family. Defer to the description field on the family for further information.

PE_RSRC_SHA256

A family where all variants are portable executables and have a similar PE Resource SHA256 hash.

PE_VERSION_VALUE

A family where all variants are portable executables and have a similar PE Version Info Value.

PE_SECTION_SHA256

A family where all variants are portable executables and have a similar PE Section SHA256 hash.

PE_TIMESTAMP

A family where all variants are portable executables and have a similar PE Timestamp

PE_EXPORT

A family where all variants are portable executables and have a similar PE Export Name.

PE_CERT_SHA256

A family where all variants are portable executables and have a similar PE Certificate SHA256 hash.

RICH_HEADER_HASH

A family where all of the variants are Portable Executable files compiled by Microsoft Visual C++ and have the same PE Rich Header hash.

SSDEEP_HASH

A family where all of the variants have the same Ssdeep hash.

UNKNOWN

Unknown family type.

YARA

A family where all of the variants match against a defined Yara signature.