Page values for "ema:Behaviors"

Jump to navigation Jump to search

"Pages" values


A Behavior corresponds to the specific purpose behind a particular snippet of code, as executed by a malware instance. Examples include keylogging, detecting a virtual machine, and installing a backdoor.

Behaviors are marked as follows:

  • Behaviors defined in ATT&CK, which could be expanded with malware-related content are denoted with an &.
  • Behaviors that might be potential ATT&CK techniques are denoted with a +.
  • Behaviors that are only detected via malware analysis have no markings.