The ExploitType characterizes any exploitable weakness that may be targeted for exploitation by a malware instance through a Behavior. Most commonly, this refers to a known and identifiable vulnerability, but it may also refer to one or more weaknesses.
| Field Name | Type | Description |
|---|---|---|
| @known_vulnerabilityoptional | boolean |
The known_vulnerability field specifies whether the vulnerability that the malware is exploiting has been previously identified. If so, it should be referenced via a CVE ID in the CVE element. If not, the platform(s) targeted by the vulnerability exploitation behavior may be specified in the Targeted_Platforms element. |
| CVE0..1 | CVEVulnerabilityType |
The CVE field specifies the CVE ID and description of the vulnerability targeted by the exploit, if available. |
| CWE_ID0..n | string |
The CWE_ID field captures the ID of the Common Weakness Enumeration (CWE) entry that represents the type of weakness targeted by the exploit. More than one such CWE ID can be specified by using multiple occurrences of this field. |
| Targeted_Platforms0..1 | PlatformListType |
The Targeted_Platforms field specifies the platforms(s) targeted by the vulnerability exploit. |
