# Malware

## What is a malware card?

Malware is malicious software and it's what Threat Actors use to break into their target systems. Malware can be ransome, infostealers, keyloggers, spyware, backdoors, RATs, et cetera.

Tracking malware is useful, because it allows you to proactively monitor for developments and subsequently defend against them. If, for example, a certain malware exploits a vulnerability in one of your assets, that's definitely something you want to be aware of, track and mitigate.&#x20;

It also helps you create custom descriptions with recommendations on those malware families, so you know exactly how it applies to you and what to do  about it.

## How to create a malware card

There are a few really easy ways to create (and with that, track) malware in Liberty91.&#x20;

#### Creating Malware cards in the sidebar

1. Go to the [Workbench](broken://spaces/56f9evYVURi6SAGI5JIC/pages/ZV5tojeCmpzTyFnhTt3n#the-workbench) in the sidebar ([go there now with this link](https://platform.liberty91.com/disco/workbench))&#x20;
2. Scroll down to 'Malware'
3. Type in the name of the Malware family you want to create, click on 'create'
4. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware
5. Don't forget to tune its [criticality](/what-is-liberty91/key-concepts.md#criticality)

<figure><img src="/files/5cmqhRN3AMzNtCPH5KRV" alt="" width="375"><figcaption><p>Creating Malware cards in the Workbench is easy</p></figcaption></figure>

#### Creating a Threat Actor in the Malware Overview

1. Go to 'Malware' under your Threat Library in the [sidebar](broken://spaces/56f9evYVURi6SAGI5JIC/pages/ZV5tojeCmpzTyFnhTt3n#the-sidebar). You may have to scroll down a bit.
2. The top-left card is green, and shows a plus-sign. Type in the name of your new malware card and click 'create'.
3. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware family
4. Don't forget to tune its [criticality](/what-is-liberty91/key-concepts.md#criticality)

<figure><img src="/files/hUhX9gtlWtZUZ1UlPYld" alt=""><figcaption><p>create a new malware card in the green card in the top-let</p></figcaption></figure>

#### Creating a Malware Card based on a Suggestion

Sometimes, Liberty91 will suggest new Threat Actors, Malware of Vulnerabilities for in your Threat Library. These are based on events in your dashboards. When you see one that you'd like to keep tracking, just click on it and Liberty91 will collect the relevant reporting and generate a relevant and accurate description for you.

1. Find the 'Suggested Malware' in an Event Card. They are on the side, under the Analysis and the Threat Library Links that already exist.
2. Click on the Malware family you want to create a card for and track
3. Wait a minute or two: Liberty91 is looking for relevant reporting and generating a custom description for your new Malware Card
4. Don't forget to tune its [criticality](/what-is-liberty91/key-concepts.md#criticality)

<figure><img src="/files/iEbsaUDO8qAqWonE2q8h" alt="" width="323"><figcaption><p>Clicking on 'FunnySwitch' (for example) would create a new Malware Card in your Threat Library</p></figcaption></figure>

## Aliases

Because every security company uses a [different naming convention](https://www.infosecurityeurope.com/en-gb/blog/threat-vectors/understanding-threat-actor-naming-conventions.html), they often use different names for the same Threat Actor. For example: 'Sandworm' is the same team as 'APT44'. Although far less common, the same can be true for malware. You don't want to create separate Malware cards for the same piece of code, so this is where 'aliases' come in handy. Just create an alias for an existing malware card and Liberty91 will capture all mentions under the same Threat Card in your Library.

## What is on a malware card?

A malware card has the exact same information on it as a Threat Actor Card.&#x20;

Click here:[Threat Actors](/the-threat-library/threat-actors.md#what-is-on-a-threat-actor-card) to find a very thorough description.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.liberty91.com/the-threat-library/malware.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.