File Name | SHA1 | SHA256 | MIME Type | Score |
---|---|---|---|---|
{{artifact.attachment.name | fang}} | {{content.analysis_subject.sha1}} | {{content.analysis_subject.sha256}} | {{content.analysis_subject.mime_type}} | {{content.score}} |
Category | Activity |
---|---|
Suspicious | {{activity}} |
Network | {{activity}} |
Signature | {{activity}} |
Classification | Classification Type | Artifact | Artifact Type | Threat Name | PID |
---|---|---|---|---|---|
{{mc.classification}} | {{mc.classification_type}} | {{mc.artifact}} | {{mc.artifact_type}} | {{mc.threat_name}} | {{mc.pid}} |
Process | Path | PID |
---|---|---|
{{file.process}} | {{file.path}} | {{file.pid}} |
Path |
---|
{{file.path}} |
TimeStamp | Process | PID | Key | Value | Data |
---|---|---|---|---|---|
{{regkey.timestamp}} | {{regkey.process}} | {{regkey.pid}} | {{regkey.key}} | {{regkey.reg_value}} | {{regkey.reg_data}} |
TimeStamp | Process | PID | Key |
---|---|---|---|
{{regkey.timestamp}} | {{regkey.process}} | {{regkey.pid}} | {{regkey.key}} |
Start Time | Process | PID | Parent Process | Parent PID | Command Line |
---|---|---|---|---|---|
{{proc.start_time}} | {{proc.process}} | {{proc.pid}} | {{proc.parent_process}} | {{proc.ppid}} | {{proc.command_line}} |
IP | Port | Protocol | Host | Process | PID |
---|---|---|---|---|---|
{{connection.ip}} | {{connection.port}} | {{connection.protocol}} | {{connection.host}} | {{connection.process}} | {{connection.pid}} |
URI | HTTP Method | HTTP User Agent | IP | Process | URL Classification | Response |
---|---|---|---|---|---|---|
{{http.uri}} | {{http.http_method}} | {{http.http_useragent}} | {{http.ip}} | {{http.process}} | {{http.url_classification}} | Code: {{http.response.http_status}} MIME Type: {{http.response.mime_type}} Size: {{http.response.size}} SHA1: {{http.response.sha1}} |
IP | Domain |
---|---|
{{request.ip}} | {{request.domain}} |