Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

New Threat Detection Naming Scheme in Trend Micro

    • Updated:
    • 27 Apr 2018
    • Product/Version:
    • Cloud App Security 2.0
    • Control Manager 7.0
    • Deep Discovery Analyzer 6.0
    • Deep Discovery Director 2.0
    • Deep Discovery Email Inspector 3.0
    • Deep Discovery Inspector 5.All
    • Deep Security 11.0
    • Email Encryption Gateway 5.5
    • Email Security Platform for Service Providers 1.0
    • Encryption for Email 5.9
    • Endpoint Application Control 2.0
    • Endpoint Encryption 6.0
    • Hosted Email Security 3.0
    • Instant Messaging Security 1.5 MS LCS
    • Instant Messaging Security 1.5 MS OCS
    • InterScan Messaging Security Suite 9.1 Linux
    • InterScan Messaging Security Virtual Appliance 9.1
    • InterScan VirusWall 7.0
    • InterScan Web Security as a Service 3.0
    • InterScan Web Security Virtual Appliance 6.5
    • Mobile Security for Enterprise 9.8
    • Network VirusWall Enforcer 1500i 3.5
    • Network VirusWall Enforcer 3500i 3.1
    • Network VirusWall Enforcer 3600i 3.1
    • OfficeScan XG.All
    • PortalProtect 2.5
    • Remote Manager 5.6.2
    • SafeSync for Enterprise 3.1
    • ScanMail for IBM Domino 5.0 AIX
    • ScanMail for IBM Domino 5.6 Linux
    • ScanMail for IBM Domino 5.6 Windows
    • ServerProtect for EMC Celerra 5.8
    • ServerProtect for Linux 3.0
    • ServerProtect for Microsoft Windows/Novell Netware 5.8
    • ServerProtect for Network Appliance Filer 5.8
    • ServerProtect for Storage 6.0
    • Smart Protection Server 3.3
    • Threat Mitigator 2.6
    • Trend Micro Endpoint Sensor 1.6
    • Trend Micro Portable Security 2.0
    • Trend Micro Security for Mac 3.0
    • Vulnerability Protection 2.0
    • Worry-Free Business Security Services 6.3
    • Worry-Free Business Security Standard/Advanced 10.0
    • Platform:
    • Amazon AMI 32-bit
    • Amazon AMI 64-bit
    • Android 2.0, 2.1 Eclair
    • Android 2.1+
    • Android 2.2 Froyo
    • Android 2.3 Gingerbread
    • Android 3.x Honeycomb
    • Android 4.0 Ice Cream Sandwich
    • Android 4.1 Jellybean
    • Android 4.2 Jellybean
    • Android 4.3 Jellybean
    • Android 4.4 KitKat
    • Android 5.0 Lollipop
    • Android 5.1 Lollipop
    • Android 6.0 Marshmallow
    • Android 7.0 Nougat
    • Android 8.0 Oreo
    • Android All
    • Android すべて
    • Appliance All
    • Appliance DELL R210II
    • Appliance DELL R410
    • Appliance DELL R710
    • Appliance DELL R720
    • Appliance すべて
    • AS400 すべて
    • Bare Metal N/A
    • Blackberry 5.x
    • Blackberry すべて
    • CentOS 5.4 32-bit
    • CentOS 5.4 64-bit
    • CentOS 5.5 32-bit
    • CentOS 5.5 64-bit
    • CentOS 5.6 32-bit
    • CentOS 5.6 64-bit
    • CentOS 5.7 32-bit
    • CentOS 5.7 64-bit
    • CentOS 5.8 32-bit
    • CentOS 5.8 64-bit
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • CentOS 6.1 32-bit
    • CentOS 6.1 64-bit
    • CentOS 6.2 32-bit
    • CentOS 6.2 64-bit
    • CentOS 7.0 64-bit
    • CentOS 7.2 64-bit
    • CentOS 7.3 64-bit
    • Citrix XenServer 5.5
    • Citrix XenServer 6.0
    • EMC すべて
    • HPUX 11.x
    • IBM AIX
    • IBM IBM - OS/390
    • IBM IBM - OS/400/i5OS
    • IBM IBM zLinux
    • IBM AIX 5.2
    • IBM AIX 5.3
    • IBM AIX 6.1
    • IBM AIX 7.1
    • IBM AIX 7.2
    • IBM OS/400/i5OS V5R4
    • IBM OS/400/i5OS V6R1
    • IBM OS/400/i5OS V7R1
    • IBM zLinux RHEL 5 64-bit
    • IBM zLinux SLES 10
    • IBM zLinux SLES 11
    • iOS 10.0
    • iOS 11.0
    • iOS 3.0+
    • iOS 4.0+
    • iOS 5.0+
    • iOS 6.0+
    • iOS 7.0+
    • iOS 7.1+
    • iOS 8.0+
    • iOS 8.1
    • iOS 8.2
    • iOS 8.3
    • iOS 8.4
    • iOS 9.0
    • iOS 9.1
    • iOS 9.2
    • iOS 9.3
    • iOS All
    • iOS すべて
    • Linux All
    • Linux すべて
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 3 64-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 5.1 32-bit
    • Linux - Red Hat RHEL 5.1 64-bit
    • Linux - Red Hat RHEL 5.2 32-bit
    • Linux - Red Hat RHEL 5.2 64-bit
    • Linux - Red Hat RHEL 5.6 32-bit
    • Linux - Red Hat RHEL 5.6 64-bit
    • Linux - Red Hat RHEL 5.7 32-bit
    • Linux - Red Hat RHEL 5.7 64-bit
    • Linux - Red Hat RHEL 5.8 32-bit
    • Linux - Red Hat RHEL 5.8 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - Red Hat RHEL 6.1 32-bit
    • Linux - Red Hat RHEL 6.1 64-bit
    • Linux - Red Hat RHEL 6.2 32-bit
    • Linux - Red Hat RHEL 6.2 64-bit
    • Linux - Red Hat RHEL 7 64-bit
    • Linux - Red Hat RHEL 8 32-bit
    • Linux - Red Hat RHEL 8 64-bit
    • Linux - Red Hat RHEL 9 32-bit
    • Linux - Red Hat RHEL 9 64-bit
    • Linux - SuSE 10
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Linux - SuSE 9.0
    • Linux - Turbolinux Server 10
    • Linux - Turbolinux Server 8
    • Lync Server 2010
    • Lync Server 2013
    • Macintosh El Capitan
    • Macintosh iOS 3.x
    • Macintosh iOS 4.x
    • Macintosh iOS 5.x
    • Macintosh Leopard
    • Macintosh Lion
    • Macintosh Mavericks
    • Macintosh Mountain Lion
    • Macintosh Snow Leopard
    • Macintosh Tiger
    • Macintosh Yosemite
    • macOS High Sierra
    • MacOS Sierra
    • macOS すべて
    • N/A N/A
    • NetApp すべて
    • Netware version 5.1
    • Netware version 6.0
    • Netware version 6.5
    • Oracle Linux 5 32-bit
    • Oracle Linux 5 64-bit
    • Oracle Linux 6 32-bit
    • Oracle Linux 6 64-bit
    • Oracle Solaris 11 SPARC
    • Oracle Solaris 11 x86
    • SaaS すべて
    • Solaris すべて
    • Sony PS3
    • Sony PS4
    • Sony PSP
    • Symbian ^3
    • Symbian S60
    • Symbian S60 3rd Edition
    • Symbian S60 5th Edition
    • Ubuntu 10.04 32-bit
    • Ubuntu 10.04 64-bit
    • Ubuntu 10.1 32-bit
    • Ubuntu 10.1 64-bit
    • Ubuntu 11.04 32-bit
    • Ubuntu 11.04 64-bit
    • Ubuntu 12.04 32-bit
    • Ubuntu 12.04 64-bit
    • Ubuntu 9.1 32-bit
    • Ubuntu 9.1 64-bit
    • UNIX すべて
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 8 (SunOS 5.8)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Virtual Appliance 4.1
    • Virtual Appliance 5.1
    • Virtual Appliance すべて
    • VMware ESX - 5.0
    • VMware ESX 3.0
    • VMware ESX 3.5
    • VMware ESX 4.0
    • VMware ESX 4.1
    • VMware ESX 5.0
    • VMware ESXi 3.5
    • VMware ESXi 4.0
    • VMware ESXi 4.1
    • VMware ESXi 5.0
    • VMware ESXi 5.1
    • VMware ESXi 5.5
    • VMware ESXi 6.0
    • VMware ESXi Hypervisor 5.5
    • VMware Server 2.0
    • VMware vCenter 5.0
    • VMware vCenter 5.5
    • VMware vSphere 4.x
    • VMware vSphere 5.0
    • VMware vSphere 5.1
    • VMware vSphere 5.5
    • VMware vSphere 6.0
    • Windows 10
    • Windows 10 32-bit
    • Windows 10 64-bit
    • Windows 2000 Advanced Server
    • Windows 2000 Datacenter Server
    • Windows 2000 Professional
    • Windows 2000 Server
    • Windows 2000 Small Business Server
    • Windows 2003
    • Windows 2003 32-Bit
    • Windows 2003 64-Bit
    • Windows 2003 Compute Cluster Server
    • Windows 2003 Datacenter
    • Windows 2003 Datacenter 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Home Server
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2003 Web Server 64-bit
    • Windows 2003 Web Server Edition
    • Windows 2008
    • Windows 2008 32-Bit
    • Windows 2008 64-Bit
    • Windows 2008 Datacenter
    • Windows 2008 Datacenter 64-bit
    • Windows 2008 Datacenter R2
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Enterprise R2
    • Windows 2008 Essential Business Server
    • Windows 2008 R2
    • Windows 2008 Server Core
    • Windows 2008 Server Foundation
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Datacenter
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Server R2 with Hyper-V(TM)
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
    • Windows 2008 Standard R2
    • Windows 2008 Storage Server
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 2011 Small Business Server Essentials
    • Windows 2011 Small Business Server Premium Add-on
    • Windows 2011 Small Business Server Standard
    • Windows 2012
    • Windows 2012 Datacenter
    • Windows 2012 Datacenter R2
    • Windows 2012 Enterprise
    • Windows 2012 Enterprise R2
    • Windows 2012 Server Essential R2
    • Windows 2012 Server Essentials
    • Windows 2012 Server Foundation R2
    • Windows 2012 Server R2
    • Windows 2012 Standard
    • Windows 2012 Standard R2
    • Windows 2012 Web Server Edition
    • Windows 2016
    • Windows 2016 Datacenter
    • Windows 2016 Server Core
    • Windows 2016 Server Datacenter
    • Windows 2016 Server Standard
    • Windows 2016 Standard
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 7 Home Premium 32-bit
    • Windows 7 Home Premium 64-bit
    • Windows 7 SP1 32-bit
    • Windows 7 SP1 64bit
    • Windows 7 SP1 64-bit
    • Windows 7 Starter 32-bit
    • Windows 7 Starter 64-bit
    • Windows 7 Ultimate 32-bit
    • Windows 7 Ultimate 64-bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows 8 RT
    • Windows 8.1 32-Bit
    • Windows 8.1 64-Bit
    • Windows 9
    • Windows All
    • Windows Embedded POSReady 7 (32-bit/64-bit)
    • Windows Mobile 5 Pocket PC
    • Windows Mobile 5 Pocket PC Phone Edition
    • Windows Mobile 5 Smartphone
    • Windows Mobile 6 Classic
    • Windows Mobile 6 Professional
    • Windows Mobile 6 Standard
    • Windows Mobile 6.1 Professional
    • Windows Mobile 6.1 Standard
    • Windows Mobile 6.5 Professional
    • Windows Mobile 6.5 Standard
    • Windows Server 2012
    • Windows Server 2012 32-Bit
    • Windows Server 2012 64-Bit
    • Windows Storage Server 2003
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows Vista SP1 32-bit / 64-bit
    • Windows Vista SP2 32-bit
    • Windows Vista SP2 32-bit / 64-bit
    • Windows Vista SP2 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
    • Windows XP SP2 32-bit
    • Windows XP SP3 32-bit
    • Windows XP Tablet PC
    • Windows すべて
    • Windows Mobile すべて
    • Windows Phone 8.0
    • Windows Phone 8.1
Summary

Starting July 2018, Trend Micro will apply a new Threat Detection Naming Scheme in order to align more closely with the rest of the industries in regards to the naming convention for threats and other malicious files.

Moving forward, Trend Micro will start to name malware and other threat detection patterns in alignment with the Computer Antivirus Research Organization (CARO) Malware Naming Scheme, follows the format as described below:

<Threat Type>.<Platform>.<Malware Family>.<Variant>.<Other info*>
*Optional

Below is a more detailed breakdown of the new format:

Ransom.Win32.Locky.A.dldr

Details
Public

Threat Type

The Threat Type represents the main threat category that describes what the main behavior of the threat is.

  • For malware: Trojan, Worm, Virus, Ransomware, Coinminer and Backdoor are the most common threat types that we use.
  • For grayware: Adware, Spyware, and PUA are the most common threat types.

Platform

Platform refers to the environment in which the threat is designed to execute and covers both software and hardware. This would include Operating Systems: Windows (Win32, Win64), Mac OS, Linux, and Android, as well as programming languages (scripting language) and file formats (Microsoft Word/Excel/PowerPoint).

Family

Threats with similar behavior are grouped together and referred to as a family. Each family is named based on the behavior it manifests.

Variant

To identify different strains of malware under one family, letters are used in a sequential manner and referred to as the Variant.

Other Information (Optional)

Information deemed useful in providing further insight for some complex threats can make use of this optional section of the naming scheme. For example, dldr means downloader. Therefore, the detection name Ransom.Win32.Locky.A.dldr provides information that this threat is a downloader for the Locky Ransomware.

Trend Micro plans to implement this new detection naming scheme in a phased approach. The initial focus will be on customer submitted samples and noteworthy threats, and eventually will encompass all channels including bulk submissions and other sourcing methods.

We believe that aligning more closely with the CARO standards is beneficial for customers, especially those who use a mixed-vendor security environment and require cross-checking of threats.

We apologize in advance for any inconvenience this may cause, and encourage customers to contact their authorized Trend Micro support representative for any questions or concerns with the new naming scheme.

Answers to Frequently Asked Questions

Threat TypeDescription
AdwareAdware
BackdoorThreats may allow unauthorized users to access your computer across the Internet.
BootMBR (Master Boot Record) Malware
BrowserBrowser Exploits
CoinminerCryptocurrency Mining Malware
DDoSDistributed Denial of Service threats
DialerDials a phone number without asking for permission.
ExploitUses a vulnerability or a software defect.
HackToolHacking/hackers tool
JokeJoke programs
PUAPotentially Unwanted Application
RansomRansomware
RootkitRootkit
SpywareMonitors browsing habits or other behavior and sends the information out, often for unsolicited advertising.
TrojanTrojan
TrojanClickerTrojan clickers
TrojanProxyTrojan proxy
TrojanSpyTrojan Spyware (Malicious Spyware)
VirusInfectors, File Infectors
WormIndicates a worm, not a virus. Worms make copies of themselves that they send across a network or using email, or another transport mechanism
PlatformShort Description
A97MAccess 97, 2000, XP, 2003, 2007, and 2010 macros
ABAPAdvanced Business Application Programming scripts
ACMAutoCAD macro malware
AMFor Access 2.0 and Access 95 macro malware
AmiProAmiPro script
AndroidOSAndroid operating system
ASPActive Server Pages scripts
ASXXML metafile of Windows Media .asf files
AutoItAutoIT scripts
BATFor Batch File malware
CorelScriptCorelscript scripts
DOSMS-DOS platform
EPOCFor Psion malicious codes (predecessor of Symbian)
FreeBSDFreeBSD platform
HTMLHTML Application scripts
INFInstall scripts
iOSiPhone operating system
IRCmIRC/pIRC scripts
JavaJava binaries (classes)
JSThreats that are written using the JavaScript programming language.
LinuxVirus or Trojan-horse program compiled for Linux OS in ELF file format
MacOSMacOS X or later
MSIL.Net intermediate language scripts
NetwareNovell Netware files
O97MOffice 97, 2000, XP, 2003, 2007, and 2010 macros - that affect Word, Excel, and Powerpoint
PDFFor Portable Document Format (PDF)
PerlFor PERL Script malware
PHPHypertext Preprocessor scripts
P97MPowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros
PythonPython scripts
QTQuicktime files
SAPSAP platform scripts
SBStarBasic (Staroffice XML) files
SHShell scripts
SolarisSystem V-based Unix platforms
SunOSUnix platforms 4.1.3 or lower
SWFShockwave Flash files
SymbOSSymbian operating system
TSQLMS SQL server files
UnixGeneral Unix platforms
V5MVisio5 macros
VBSVisual Basic scripts
W97MWord 97, 2000, XP, 2003, 2007, and 2010 macros
WASMWeb Assembly
Win16Win16 (3.1) platform
Win32Windows 32-bit platform
Win64Windows 64-bit platform
WinBATWinbatch scripts
WinCEFor Windows CE and WindowsMobile malware
WinHlpWindows Help scripts
WinNTWindows NT
WinREGWindows registry scripts
WMWord 95 macros
WSFWindows Script File
X97MExcel 97, 2000, XP, 2003, 2007, and 2010 macros
XFExcel formulas
XMExcel 95 macros
XMLFor XML-written malware
OldNew
RANSOM_BADRABBIT.SMRansom.Win32.Badrabbit.SM
JS_LOCKY.ARansom.JS.Locky.A
HTML_RANSOMNOTERansom.HTML.Locky.A.note
ADW_OPENCANDY.GBAdware.Win32.OpenCandy.GB
COINMINER_CRYPTONIGHT.SMCoinminer.WASM.Cryptonight.SM
ELF_BASHLITE.KTrojan.Linux.Bashlite.K
HKTL_MIMIKATZ.AHacktool.Win32.Mimikatz.A
JAVA_DLOAD.BAYTrojan.Java.DLOAD.BAY
JOKE_PCHAUNT.AJoke.Win32.PCHaunt.A
OSX_GEONEI.AAdware.MacOS.Geonei.A
PE_PARITE.AVirus.Win32.Parite.A
PUA_ReimageRepair.BPUA.Win32.ReimageRepair.B
TROJ_KOVTER.SMTrojan.Win32.Kovter.SM
TSPY_DRIDEX.YJLTrojanSpy.Win32.Dridex.YJL
VBS_COINMINE.ECoinminer.VBS.Coinmine.E
WORM_DOWNAD.KKWorm.Win32.Downad.KK
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1119738
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.