File size: 4,955 Bytes
c6a80e7 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 | {
"feature_names": [
"timestep",
"api_call_rate",
"registry_write_count",
"network_connection_count",
"process_injection_flag",
"c2_beacon_interval_sec",
"av_signature_hit_flag",
"sandbox_evasion_flag",
"lateral_propagation_count",
"privilege_escalation_flag",
"pe_entropy_mean",
"pe_entropy_std",
"import_hash_cluster",
"section_count",
"packed_section_ratio",
"string_entropy_mean",
"byte_histogram_chi2",
"code_section_rx_ratio",
"resource_section_entropy",
"suspicious_import_count",
"packer_detected_flag",
"api_burst_score",
"is_c2_active",
"is_high_net_volume",
"is_stealth_step",
"is_destructive_step",
"lateral_activity_score",
"malware_family_apt_implant",
"malware_family_botnet_agent",
"malware_family_cryptominer",
"malware_family_dropper",
"malware_family_fileless_malware",
"malware_family_ransomware",
"malware_family_rootkit",
"malware_family_spyware",
"malware_family_trojan",
"malware_family_worm",
"threat_actor_tier_apt",
"threat_actor_tier_commodity",
"threat_actor_tier_crimeware",
"threat_actor_tier_nation_state",
"target_platform_android_13",
"target_platform_embedded_ot_firmware",
"target_platform_linux_rhel_9",
"target_platform_linux_ubuntu_22",
"target_platform_macos_ventura",
"target_platform_windows_10_enterprise",
"target_platform_windows_11_pro",
"target_platform_windows_server_2022",
"obfuscation_technique_anti_analysis_stall",
"obfuscation_technique_code_signing_abuse",
"obfuscation_technique_lotl_binary",
"obfuscation_technique_packing",
"obfuscation_technique_polymorphic_mutation",
"obfuscation_technique_sandbox_evasion",
"obfuscation_technique_string_encryption",
"detection_outcome_behavioural_flag",
"detection_outcome_definitive_detection",
"detection_outcome_heuristic_alert",
"detection_outcome_sandbox_evasion_confirmed",
"detection_outcome_signature_miss",
"ep_stack_av_plus_firewall",
"ep_stack_deception_honeypot",
"ep_stack_edr_endpoint_detect",
"ep_stack_legacy_av_only",
"ep_stack_managed_detection_response",
"ep_stack_ngav_ml_based",
"ep_stack_no_protection",
"ep_stack_xdr_extended_detect"
],
"numeric_features": [
"timestep",
"api_call_rate",
"registry_write_count",
"network_connection_count",
"process_injection_flag",
"c2_beacon_interval_sec",
"av_signature_hit_flag",
"sandbox_evasion_flag",
"lateral_propagation_count",
"privilege_escalation_flag",
"pe_entropy_mean",
"pe_entropy_std",
"import_hash_cluster",
"section_count",
"packed_section_ratio",
"string_entropy_mean",
"byte_histogram_chi2",
"code_section_rx_ratio",
"resource_section_entropy",
"suspicious_import_count",
"packer_detected_flag",
"api_burst_score",
"is_c2_active",
"is_high_net_volume",
"is_stealth_step",
"is_destructive_step",
"lateral_activity_score"
],
"categorical_levels": {
"malware_family": [
"apt_implant",
"botnet_agent",
"cryptominer",
"dropper",
"fileless_malware",
"ransomware",
"rootkit",
"spyware",
"trojan",
"worm"
],
"threat_actor_tier": [
"apt",
"commodity",
"crimeware",
"nation_state"
],
"target_platform": [
"android_13",
"embedded_ot_firmware",
"linux_rhel_9",
"linux_ubuntu_22",
"macos_ventura",
"windows_10_enterprise",
"windows_11_pro",
"windows_server_2022"
],
"obfuscation_technique": [
"anti_analysis_stall",
"code_signing_abuse",
"lotl_binary",
"packing",
"polymorphic_mutation",
"sandbox_evasion",
"string_encryption"
],
"detection_outcome": [
"behavioural_flag",
"definitive_detection",
"heuristic_alert",
"sandbox_evasion_confirmed",
"signature_miss"
],
"ep_stack": [
"av_plus_firewall",
"deception_honeypot",
"edr_endpoint_detect",
"legacy_av_only",
"managed_detection_response",
"ngav_ml_based",
"no_protection",
"xdr_extended_detect"
]
},
"label_to_int": {
"c2_communication": 0,
"data_exfiltration": 1,
"dormancy_dwell": 2,
"initial_drop": 3,
"lateral_movement": 4,
"payload_execution": 5,
"persistence_establishment": 6,
"privilege_escalation": 7,
"sandbox_evasion_stall": 8,
"self_destruct_cleanup": 9
},
"int_to_label": {
"0": "c2_communication",
"1": "data_exfiltration",
"2": "dormancy_dwell",
"3": "initial_drop",
"4": "lateral_movement",
"5": "payload_execution",
"6": "persistence_establishment",
"7": "privilege_escalation",
"8": "sandbox_evasion_stall",
"9": "self_destruct_cleanup"
}
} |