Package Categories

In EVE, the following terms are used to name packages:

Known

This type of package only holds samples that are already known and detected by security solutions and whose behavior is of low impact on the host.

Challenger

This package has obfuscated samples.

Interactive

It has samples that can use command and control (C2) callback functionality, or samples that can be interacted with in the EndPoint after emulation.

Zero

It has samples created by EVE with malicious methodologies and a specific target, dangerous and challenging for security solutions.

Uncategorized

If the user are not sure in which category to place the package, the user can use this option.