| | Feature category |
|---|
| Lock system | Annoyance |
| Erase files | Annoyance |
| Encrypt files | Annoyance |
| MBR overwrite | Annoyance |
| Decryption of locked files | Annoyance |
| Encrypt MFT | Annoyance |
| Display pop-up message | Annoyance |
| Open website in browser | Annoyance |
| Pop-up | Annoyance |
| Disable network adapters | Annoyance |
| Encrypt without C&C connection | Annoyance |
| Hidden file storage | Armor |
| Debugging detection | Armor |
| Anti-virus blocking | Armor |
| Polymorphism | Armor |
| Launch delay | Armor |
| Removal of competing malware | Armor |
| Register as print processor | Armor |
| Anti-virus uninstall | Armor |
| String stacking | Armor |
| Monitor mouse events | Armor |
| DNS blocking of AV companies | Armor |
| Store data in ADS | Armor |
| Virtual machine detection | Armor |
| Check CPU name in registry | Armor |
| Server-side polymorphism | Armor |
| Microphone capture | Audio visual |
| Screen capture | Audio visual |
| Video screen capture | Audio visual |
| Camera capture | Audio visual |
| Netcat | Backdoors |
| Backdoor | Backdoors |
| VNC server | Backdoors |
| Backconnect server | Backdoors |
| Mozilla browser extension | Browser extensions |
| Affiliation | Commercial model |
| Kit | Commercial model |
| Credit card checking | Criminal services |
| Pay-per-install | Criminal services |
| Traffic distribution service | Criminal services |
| TDS | Criminal services |
| Exchange | Criminal services |
| Anti-virus checking | Criminal services |
| Bullet-proof hosting | Criminal services |
| Carding | Criminal services |
| Forum | Criminal services |
| Handle generation algorithm | DNS and URL features |
| Fast flux | DNS and URL features |
| Domain generation algorithm | DNS and URL features |
| Double fastflux | DNS and URL features |
| Dynamic DNS | DNS and URL features |
| Netflix password theft | Data theft |
| Document theft | Data theft |
| Bitcoin wallet theft | Data theft |
| Outlook password theft | Data theft |
| Web password theft | Data theft |
| Firefox cookie theft | Data theft |
| Banking credential theft | Data theft |
| File theft | Data theft |
| WoW password theft | Data theft |
| Twitter password theft | Data theft |
| Browse file systems | Data theft |
| Internet Explorer password theft | Data theft |
| Mail client password theft | Data theft |
| Cookie theft | Data theft |
| Pidgin password theft | Data theft |
| Bebo password theft | Data theft |
| Form data theft | Data theft |
| AOL password theft | Data theft |
| Credit card data theft | Data theft |
| IM password theft | Data theft |
| Browser password theft | Data theft |
| Data theft | Data theft |
| Firefox password theft | Data theft |
| Chrome browser extension | Data theft |
| Friendster password theft | Data theft |
| JDownloader password theft | Data theft |
| POP3 password theft | Data theft |
| FTP client password theft | Data theft |
| Sendspace password theft | Data theft |
| Vkontakte password theft | Data theft |
| Windows products ID theft | Data theft |
| Paypal password theft | Data theft |
| Memory scrapping | Data theft |
| Password theft | Data theft |
| FTP password theft | Data theft |
| VNC password theft | Data theft |
| HTTP password theft | Data theft |
| Software ID theft | Data theft |
| Email password theft | Data theft |
| Email harvesting | Data theft |
| FileZilla password theft | Data theft |
| Certificate theft | Data theft |
| Contact theft | Data theft |
| Mozilla Sqlite data theft | Data theft |
| Facebook password theft | Data theft |
| Regular expression filtering | Data validation |
| Luhn algorithm check | Data validation |
| HTTP flood | Denial of service |
| POST flood | Denial of service |
| Slowloris | Denial of service |
| GRE flood | Denial of service |
| SYN flood | Denial of service |
| TCP flood | Denial of service |
| ApacheKiller | Denial of service |
| UDP flood | Denial of service |
| DDoS | Denial of service |
| Slow POST | Denial of service |
| Bandwidth flood | Denial of service |
| Layer 7 attack | Denial of service |
| Booter | Denial of service |
| GET flood | Denial of service |
| Skype vector | Distribution vector |
| Torrent vector | Distribution vector |
| Worm | Distribution vector |
| YIM vector | Distribution vector |
| Facebook vector | Distribution vector |
| Removable drive vector | Distribution vector |
| Social network vector | Distribution vector |
| Email worm | Distribution vector |
| RDP vector | Distribution vector |
| Right-to-left override | Distribution vector |
| MSN vector | Distribution vector |
| Brute-force | Distribution vector |
| Shared drive vector | Distribution vector |
| USB vector | Distribution vector |
| SQL Injection | Distribution vector |
| Base64 encoding | Encoding |
| Data compression | Encoding |
| XOR encoding | Encoding |
| JPEG encoding | Encoding |
| Twofish encryption | Encryption |
| Encryption of captured data | Encryption |
| RC4 encryption | Encryption |
| AES encryption | Encryption |
| Custom C&C encryption algorithm | Encryption |
| Elliptic curve encryption | Encryption |
| Steganography | Encryption |
| Diffie-Hellman | Encryption |
| Custom XOR-based encryption | Encryption |
| Custom encryption algorithm | Encryption |
| .cerber | File extension |
| .lukitus | File extension |
| Dynamic webinject configuration update | Injections |
| Webinject | Injections |
| Javascript injection | Injections |
| Automated transfer system (ATS) | Injections |
| Man in the browser | Injections |
| Java Signed Applet Social Engineering Code Execution | Injections |
| IM surveillance | Interception |
| Email surveillance | Interception |
| Network sniffing | Interception |
| SMS interception | Interception |
| Skype surveillance | Interception |
| MTAN interception | Interception |
| Voice-over-IP surveillance | Interception |
| Keylogger | Interception |
| SPDY grabbing | Interception |
| Winpcap interception | Interception |
| Port scanning | Maintenance |
| Update | Maintenance |
| Debugging | Maintenance |
| Geolocalisation | Maintenance |
| Uninstall | Maintenance |
| Logging | Maintenance |
| Upload minidump | Maintenance |
| Network information gathering | Maintenance |
| Phone home | Maintenance |
| System information gathering | Maintenance |
| Bitcoin payment | Monetization |
| Premium calls | Monetization |
| Premium services | Monetization |
| MoneXy payment | Monetization |
| Premium SMS | Monetization |
| Display advertising pop-ups | Monetization |
| SMS payment | Monetization |
| VMProtect | Obfuscators |
| Enigma | Packers |
| TELock | Packers |
| UPX Packing | Packers |
| Armadillo | Packers |
| Visual Basic crypter | Packers |
| UPX Protector | Packers |
| Themida | Packers |
| Custom packer | Packers |
| Cross-infection | Potency |
| SOCKS5 | Proxy |
| HTTP proxy | Proxy |
| Proxy | Proxy |
| SOCKS | Proxy |
| File download | Remote control |
| Query system processes | Remote control |
| Remote control | Remote control |
| Command shell | Remote control |
| File execute | Remote control |
| File upload | Remote control |
| Run commands | Remote control |
| Kill system processes | Remote control |
| Click fraud | Resource exploitation |
| Bitcoin mining | Resource exploitation |
| Web server | Resource exploitation |
| CAPTCHA display to solve | Resource exploitation |
| MBR installation | Rootkit |
| BIOS installation | Rootkit |
| Rootkit | Rootkit |
| Bootkit | Rootkit |
| Phishing | Spam |
| Send spam | Spam |
| Gmail spam | Spam |
| SMS spam | Spam |
| Produce spam from templates | Spam |
| DNS configuration modification | Traffic hijacking techniques |
| Search results manipulation | Traffic hijacking techniques |
| URL redirection | Traffic hijacking techniques |
| DNS hijack | Traffic hijacking techniques |
| Pharming | Traffic hijacking techniques |
| Startpage modification | Traffic hijacking techniques |
| Hosts modification | Traffic hijacking techniques |
| Component Object Model (COM) | Tunnel |
| Mailslot | Tunnel |