Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update "integrity.Software installation" to include both in memory and on disk #422

Open
gdbassett opened this issue Dec 2, 2021 · 1 comment
Open

Update "integrity.Software installation" to include both in memory and on disk #422

gdbassett opened this issue Dec 2, 2021 · 1 comment
Assignees
@gdbassett @planglois925
Labels
accepted enumeration
Milestone
1.3.7

Comments

@gdbassett
Copy link
Contributor

"Software installation" is currently defined "Software installation or code modification" however, it somewhat implies on-disk installation. Unfortunately that leaves no impact for in-memory malware. A short term fix is to clarify the definition of "Software installation" to include in-memory or on-disk malware. A mid-point would be to add an integrity variety specific to in-memory malware, (potentially as a child of software installation along with an on-disk child). Finally, there are more wide-impacting changes around defining a new attribute associated with volatile memory manipulation (or no impact at all).
@gdbassett
Copy link
Contributor Author

Update definition to specify on disk and for folks to use 'in-memory' if a malware only exists in memory.

@gdbassett gdbassett self-assigned this Oct 12, 2022
@gdbassett gdbassett added this to the 1.3.7 milestone Oct 12, 2022
@planglois925 planglois925 self-assigned this Nov 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gdbassett gdbassett

@planglois925 planglois925

Labels
accepted enumeration
Projects
None yet
Milestone
1.3.7
Development

No branches or pull requests
2 participants
@gdbassett @planglois925