Tag Class
Table of Contents
Expand all | Collapse all
Tag Class
A tag can be linked to a particular tag class, which
provides more context for the type of threat information that the
tag identifies. Special icons indicate whether a tag is associated
with a tag class. The icon can be blue, gray, or orange depending on
the Tag
Types. For example, the following tag is a public tag linked
to malicious behavior:
Tag Class | Description |
---|---|
Related malware is grouped into a malware
family. Malware might be considered related based on shared
properties or a common function. Malware within a malware family
exhibit similar malicious behaviors to launch an attack. | |
A campaign is a targeted attack
which might include several incidents or sets of activities. You
can identify a campaign by the malware families that are used to
execute an attack. | |
An actor is an individual or
group that instigates one or more campaigns using malware families. | |
An exploit is an attack, usually
in the form of a script, that takes advantage of a software or network
weakness, bug, or vulnerability to manipulate the behavior of the
system. | |
Malicious behavior is behavior
that is not specific to a malware family or campaign, but indicates
that your system has been compromised. An example of malicious behavior
is the unauthorized deletion of disk volumes. Tag
samples that exhibit malicious behaviors to flag them for you and
other AutoFocus users. You can receive alerts for new unique samples
that match the conditions of malicious behavior tags. |