The Lenaean Taxonomy

A Scientific Classification System for Malmons

Overview

The Lenaean Taxonomy is a structured, pseudo-Latin naming system for Malmons, providing a scientific classification counterpart to common malware names. This system emphasizes observable behavior, ecological impact, and discovery context over speculative intent or attribution biases.

The Naming Structure

Every Malmon receives a five-part scientific name:

<Habitat><Kingdom> <Function> <Trait> (<Discovery Context>)

1. Habitat β€” Operating System Prefix

Fused directly to the kingdom name. Only the first letter is capitalized.

  • Win β€” Windows
  • Mac β€” macOS
  • Lin β€” Linux/UNIX
  • And β€” Android
  • Ios β€” iOS
  • Dos β€” Legacy MS-DOS

2. Kingdom β€” Type Suffix (-ia)

Three observational and extensible kingdoms:

  • Wormia β€” Autonomous self-propagation (scans, replicates, spreads without human assistance).
  • Trojania β€” Deception and social engineering for entry (persuades host to execute).
  • Wareia β€” Modular, hybrid, evolving systems (frameworks, loader-payload architectures, multi-component ecosystems).

3. Function β€” Primary Impact (-or)

The Malmon’s primary ecological impact:

  • Cryptor β€” Encrypts host data (ransomware).
  • Destroyor β€” Sabotages, wipes, or corrupts data/systems.
  • Controllor β€” Remote command and persistent manipulation.
  • Spyor β€” Observes, records, and surveils.
  • Loador β€” Delivers, installs, and stages additional malware.
  • Stealor β€” Extracts credentials, data, and secrets.
  • Infector β€” Binds to executables or files.
  • Denior β€” Disrupts availability (DoS).

4. Trait β€” Species Epithet

  • -ius for name-markers (strings, aliases): e.g., Loveletterius (ILOVEYOU).
  • -ium for mechanical or behavioral features: e.g., Centrifugium (Stuxnet’s centrifuges).

5. Discovery Context

Non-attributive marker of first documentation.

  • Location: Global, regional, or specific country.
  • Year: Discovery marker.

Type Kingdoms Explained

The Three Kingdoms represent the fundamental strategies Malmons use to survive and spread in the digital ecosystem.

Wormia: The Self-Propagators

Wormia rely on automation. They exploit vulnerabilities in services or protocols to move from system to system without user intervention. Their survival depends on network connectivity and unpatched services.

Trojania: The Deceivers

Trojania rely on human psychology. They camouflage themselves as legitimate software or documents, requiring a host to β€œinvite” them in. Their survival depends on social engineering effectiveness and user trust.

Wareia: The Ecosystems

Wareia represent the apex of Malmon evolution. They are not single programs but complex, multi-component frameworks. They often feature modular payloads, advanced command-and-control, and the ability to evolve over time.

Complete Specimen Table

Malmon scientific Name
Code Red Winwormia Denior Coderedius (Global 2001)
FakeBat Wintrojania Loador Fakebatius (Global 2024)
GaboonGrabber Wintrojania Loador Gaboongrabberius (Global 2023)
Gh0st RAT Wintrojania Controllor Gh0stius (Asia 2008)
LitterDrifter Winwormia Spyor Litterdrifterius (Global 2023)
LockBit Winwareia Cryptor Lockbitium (Global 2019)
Noodle RAT Lintrojania Controllor Noodleratius (Asia 2024)
PoisonIvy Wintrojania Controllor Poisonivyius (Global 2005)
Raspberry Robin Winwormia Loador Qnapium (Europe 2019)
Stuxnet Winwormia Destroyor Centrifugium (Iran 2010)
WannaCry Winwormia Cryptor Eternalblueium (Global 2017)
WireLurker Maciostrojania Infector Wirelurkerius (China 2014)
The Inquisitor Wintrojania Spyor Inquisitorius (Global 2024)

Guiding Principles

  1. Neutrality: No attribution biases; no author-assigned names are privileged.
  2. No Glorification: Scientific documentation, not celebration of the threat.
  3. Behavior over Ancestry: Focus on the observable ecological role rather than speculative intent.
  4. Intellectual Humility: The system is extensible and open to revision as malware evolves.
  5. Coexistence: Complements common names; it does not replace them.

The Three Kingdoms

Trojania ~65%
Wormia ~25%
~10%

Approximate real-world encounter rates. Social engineering attacks (Trojania) are consistently the most prevalent attack vector globally.

WarningWormia

The Self-Propagators

Exploit vulnerabilities to spread autonomously – no user interaction required.

Code Red, WannaCry, LitterDrifter, Raspberry Robin, Stuxnet

NoteTrojania

The Deceivers

Rely on social engineering – require a host to execute them.

GaboonGrabber, PoisonIvy, FakeBat, Gh0st RAT, The Inquisitor

ImportantWareia

The Ecosystems

Multi-component frameworks with modular payloads and advanced command-and-control.

LockBit

Lineage Overview

Malwaria
Wormia
Code RedDenior Β· 2001
Stuxnet β˜…Destroyor Β· 2010
WannaCryCryptor Β· 2017
Raspberry RobinLoador Β· 2019
LitterDrifterSpyor Β· 2023
Trojania
PoisonIvyControllor Β· 2005
Gh0st RATControllor Β· 2008
WireLurkerInfector Β· 2014
GaboonGrabberLoador Β· 2023
The InquisitorSpyor Β· 2024
FakeBatLoador Β· 2024
Noodle RATControllor Β· 2024
Wareia
LockBitCryptor Β· 2019

β˜… Legendary specimen. Specimens sorted chronologically by discovery context. Scrolls horizontally on narrow screens.