scoutTHREAT - Creating a Malware Object
B
Written by Benjamin Dewey
Updated over a week ago

1. To add a new Malware Object, navigate to Intelligence, then click on Malware.

2. A list of existing Malware Objects will be displayed, showing the Object’s Name, Type, and date Created, as well Created By, Modified On, and Modified By fields.

3. Click Create New at the top right corner of the form.

4. Enter a name and narrative description for the Malware Object.

5. The right-hand column of the form contains optional fields for Types, Malware Family, Kill Chain Phases, Sample References, Operating systems, First seen, Last seen, Processor architectures, Implementation languages, Capabilities, Revoked, Confidence, Labels, and Aliases. For more information on these fields, see scoutTHREAT - Malware Intelligence Objects Overview and the STIX 2.1 Documentation.

6. Click the plus sign (+) icon at the top center of the form to save the Malware Object

Saved Malware Object

1. Once saved, the Malware Object can be reviewed, edited, or enriched with a Relationship, External Reference, Note, or Opinion.

2. To edit the Malware Object, click the pencil icon at the top center of the form.

3. To add a Relationship, Click the Add link to the right of EXTERNAL REFERENCES. Typing in the Target or Source field will show all matching objects. Use the button between Source and Target to swap the fields. Next, select a Relationship Type, provide an optional Description, and click Add. For more information on relationships, see scoutTHREAT – Relationship Objects.

4. To add an External Reference, Click the Add link to the right of EXTERNAL REFERENCES. Typing in the field will show all matching objects. Click the intended object to fill the field and click Save. For more information on External References, see scoutTHREAT - External References Overview.

5. The Details tab in the right-hand column displays the manually entered information entered for the Object. The Audit tab displays the Source, date Created, date Modified, for the object, as well as the user name and modified timestamp for the user that created and last modified the object.

6. The Notes tab in the right-hand column displays any existing notes and allows a user to create new notes or read, edit, or delete existing notes. To add a new Note, click the Add new link and filling in the Abstract and Content fields. The Note can be edited or created with the pencil and trash can icons, respectively. For more information on adding notes, see scoutTHREAT - Adding Notes to Objects.

7. The Opinions tab displays any existing Opinions and allows a user to create new notes or read, edit, or delete existing Opinions. To add a new Opinion, click the Add new link, selecting an Opinion representing an analytical assessment and providing a narrative Explanation. For more information on Opinions, see scoutTHREAT - Creating Opinions.


Related Content

Did this answer your question?