Aurora Protect Desktop threat classifications
The Aurora Protect cloud services classify threats as either malware or potentially unwanted programs (PUPs). By selecting this option, you are subscribing to be notified when these events occur.
| Field | Value | Description |
|---|---|---|
|
Event Type |
ThreatClassification |
This is a threat classification event. |
|
Event Name |
ThreatUpdated |
The threat details have been updated. |
|
MD5 |
[varies] |
This is the MD5 hash for the file. |
|
SHA256 |
[varies] |
This is the SHA256 hash for the file. |
|
Threat Classification |
[Threat class] - [Threat subclass] - [Threat family name] |
The threat classification indicates the threat class, threat subclass, and threat family name. The possible class and subclass values are detailed below. The value of family name varies depending on the nature of the threat. |
|
[Threat class] values |
||
|
Dual Use |
The file can be used for malicious and non-malicious purposes. |
|
|
File Unavailable |
The file is unavailable for analysis. For example, the file is too large to upload. |
|
|
Malware |
The file has been identified as malicious. |
|
|
Possible PUP |
The file might be a potentially unwanted program (PUP). |
|
|
PUP |
The file has been identified as a possible potentially unwanted program (PUP). |
|
|
Trusted |
The file has been identified as safe. |
|
|
[Threat subclass] values |
||
|
Adware |
The file has advertisements or unwanted bundled add-ons. |
|
|
Backdoor |
The file provides unauthorized access. |
|
|
Bot |
The file contains malware that connects to a botnet server. |
|
|
Corrupt |
The file is malformed or unable to run. |
|
|
Crack |
The file is altered to bypass licensing. |
|
|
Downloader |
The file contains malware that downloads data. |
|
|
Dropper |
The file contains malware that installs other malware. |
|
|
Exploit |
The file attacks a specific vulnerability. |
|
|
Fake Alert |
The file contains malware that appears to be legitimate security software. |
|
|
Fake AV |
The file contains malware that appears to be legitimate security software. |
|
|
Game |
This is a game file. |
|
|
Generic |
This file does not fit into any existing category. |
|
|
Hacking Tool |
This file is a hacking tool. |
|
|
Infostealer |
This file records login credentials and other sensitive information. |
|
|
Keygen |
This file generates product keys. |
|
|
Monitoring Tool |
This file tracks a user’s activities. |
|
|
Other |
This is a category used for PUPs that don’t fit anything else. |
|
|
Parasitic |
This threat is spread by attacking other programs. |
|
|
Pass Crack |
This file is used to reveal passwords. |
|
|
Portable Application |
This file is designed to run without needing installation. |
|
|
Ransom |
This file restricts access. |
|
|
Remnant |
These are remnants post removal. |
|
|
Remote Access |
This file can access another system remotely. |
|
|
Rootkit |
This file avoids detection. |
|
|
Scripting Tool |
This is any script that can run as if it were an executable. |
|
|
Tool |
These are administrative features used to attack or intrude. |
|
|
Toolbar |
This is any technology that places additional buttons or input boxes on-screen. |
|
|
Trojan |
This file disguises itself as legitimate software. |
|
|
Virus |
This file inserts or appends itself to other files. |
|
|
Worm |
This file propagates by copying itself to another device. |
|
Example message for threat classifications
BlackBerry Protect Desktop: Event Type: ThreatClassification, Event Name: ThreatUpdated, SHA256: 1218493137321C1D1F897B0C25BEF17CDD0BE9C99B84B4DD8B51EAC8F9794F65, Threat Classification: Malware - Worm - QuKart