Views:

Threat Type

The Threat Type represents the main threat category that describes what the main behavior of the threat is.

  • For malware: Trojan, Worm, Virus, Ransomware, Coinminer and Backdoor are the most common threat types that we use.
  • For grayware: Adware, Spyware, and PUA are the most common threat types.

Platform

Platform refers to the environment in which the threat is designed to execute and covers both software and hardware. This would include Operating Systems: Windows (Win32, Win64), Mac OS, Linux, and Android, as well as programming languages (scripting language) and file formats (Microsoft Word/Excel/PowerPoint).

Family

Threats with similar behavior are grouped together and referred to as a family. Each family is named based on the behavior it manifests.

Variant

To identify different strains of malware under one family, letters are used in a sequential manner and referred to as the Variant.

Other Information (Optional)

Information deemed useful in providing further insight for some complex threats can make use of this optional section of the naming scheme. For example, dldr means downloader. Therefore, the detection name Ransom.Win32.Locky.A.dldr provides information that this threat is a downloader for the Locky Ransomware.

Trend Micro plans to implement this new detection naming scheme in a phased approach. The initial focus will be on customer submitted samples and noteworthy threats, and eventually will encompass all channels including bulk submissions and other sourcing methods.

We believe that aligning more closely with the CARO standards is beneficial for customers, especially those who use a mixed-vendor security environment and require cross-checking of threats.

We apologize in advance for any inconvenience this may cause, and encourage customers to contact their authorized Trend Micro support representative for any questions or concerns with the new naming scheme.

Answers to Frequently Asked Questions

Threat TypeDescription
AdwareAdware
BackdoorThreats may allow unauthorized users to access your computer across the Internet.
BootMBR (Master Boot Record) Malware
BrowserBrowser Exploits
CoinminerCryptocurrency Mining Malware
DDoSDistributed Denial of Service threats
DialerDials a phone number without asking for permission.
ExploitUses a vulnerability or a software defect.
HackToolHacking/hackers tool
JokeJoke programs
PUAPotentially Unwanted Application
RansomRansomware
RootkitRootkit
SpywareMonitors browsing habits or other behavior and sends the information out, often for unsolicited advertising.
TrojanTrojan
TrojanClickerTrojan clickers
TrojanProxyTrojan proxy
TrojanSpyTrojan Spyware (Malicious Spyware)
VirusInfectors, File Infectors
WormIndicates a worm, not a virus. Worms make copies of themselves that they send across a network or using email, or another transport mechanism
PlatformShort Description
A97MAccess 97, 2000, XP, 2003, 2007, and 2010 macros
ABAPAdvanced Business Application Programming scripts
ACMAutoCAD macro malware
AMFor Access 2.0 and Access 95 macro malware
AmiProAmiPro script
AndroidOSAndroid operating system
ASPActive Server Pages scripts
ASXXML metafile of Windows Media .asf files
AutoItAutoIT scripts
BATFor Batch File malware
CorelScriptCorelscript scripts
DOSMS-DOS platform
EPOCFor Psion malicious codes (predecessor of Symbian)
FreeBSDFreeBSD platform
HTMLHTML Application scripts
INFInstall scripts
iOSiPhone operating system
IRCmIRC/pIRC scripts
JavaJava binaries (classes)
JSThreats that are written using the JavaScript programming language.
LinuxVirus or Trojan-horse program compiled for Linux OS in ELF file format
MacOSMacOS X or later
MSIL.Net intermediate language scripts
NetwareNovell Netware files
O97MOffice 97, 2000, XP, 2003, 2007, and 2010 macros - that affect Word, Excel, and Powerpoint
PDFFor Portable Document Format (PDF)
PerlFor PERL Script malware
PHPHypertext Preprocessor scripts
P97MPowerPoint 97, 2000, XP, 2003, 2007, and 2010 macros
PythonPython scripts
QTQuicktime files
SAPSAP platform scripts
SBStarBasic (Staroffice XML) files
SHShell scripts
SolarisSystem V-based Unix platforms
SunOSUnix platforms 4.1.3 or lower
SWFShockwave Flash files
SymbOSSymbian operating system
TSQLMS SQL server files
UnixGeneral Unix platforms
V5MVisio5 macros
VBSVisual Basic scripts
W97MWord 97, 2000, XP, 2003, 2007, and 2010 macros
WASMWeb Assembly
Win16Win16 (3.1) platform
Win32Windows 32-bit platform
Win64Windows 64-bit platform
WinBATWinbatch scripts
WinCEFor Windows CE and WindowsMobile malware
WinHlpWindows Help scripts
WinNTWindows NT
WinREGWindows registry scripts
WMWord 95 macros
WSFWindows Script File
X97MExcel 97, 2000, XP, 2003, 2007, and 2010 macros
XFExcel formulas
XMExcel 95 macros
XMLFor XML-written malware
OldNew
RANSOM_BADRABBIT.SMRansom.Win32.Badrabbit.SM
JS_LOCKY.ARansom.JS.Locky.A
HTML_RANSOMNOTERansom.HTML.Locky.A.note
ADW_OPENCANDY.GBAdware.Win32.OpenCandy.GB
COINMINER_CRYPTONIGHT.SMCoinminer.WASM.Cryptonight.SM
ELF_BASHLITE.KTrojan.Linux.Bashlite.K
HKTL_MIMIKATZ.AHacktool.Win32.Mimikatz.A
JAVA_DLOAD.BAYTrojan.Java.DLOAD.BAY
JOKE_PCHAUNT.AJoke.Win32.PCHaunt.A
OSX_GEONEI.AAdware.MacOS.Geonei.A
PE_PARITE.AVirus.Win32.Parite.A
PUA_ReimageRepair.BPUA.Win32.ReimageRepair.B
TROJ_KOVTER.SMTrojan.Win32.Kovter.SM
TSPY_DRIDEX.YJLTrojanSpy.Win32.Dridex.YJL
VBS_COINMINE.ECoinminer.VBS.Coinmine.E
WORM_DOWNAD.KKWorm.Win32.Downad.KK