Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Malware Analysis V.3

The Malware Analysis v3 API call provides threat reports on an indicator generated by Malware Analysis. Malware Analysis v3 API is currently powered by VirusTotal. For information on lining either your free or paid license, see Managing External Licenses


Data Structure:

{
     "data": {
          "attributes": {},
          "communicating_files": [],
          "downloaded_files": [],
          "id": string,
          "links": {},
          "referrer_files": [],
          "resolutions": [],
          "siblings": [],
          "subdomains": [],
          "type": string,
          "urls": []
     }
}


Example:

Given an indicator of “moiparks.in”, Malware Analysis v3 will return the following:

{
"data": {
"attributes": {
"categories": {
"alphaMountain.ai": "Malicious"
},
"last_analysis_results": { "ADMINUSLabs": {
"category": "harmless", "engine_name": "ADMINUSLabs", "method": "blacklist", "result": "clean"
},...
},
"last_analysis_stats": { "harmless": 71,
"malicious": 4,
"suspicious": 1,
"timeout": 0,
"undetected": 9
},
"last_dns_records": [], "last_modification_date": 1617845258, "popularity_ranks": {},
"reputation": 0, "tags": [], "total_votes": { "harmless": 0,
"malicious": 0
},
"whois": "", "whois_date": 1600070810
},
"communicating_files": [
{
"attributes": { "capabilities_tags": [], "downloadable": true, "exiftool": {
"FileType": "RTF", "FileTypeExtension": "rtf", "MIMEType": "text/rtf"
},
"first_seen_itw_date": 1465386294,
"first_submission_date": 1465386468,
"last_analysis_date": 1620122891,
"last_analysis_results": { "ALYac": {
"category": "malicious", "engine_name": "ALYac", "engine_update":
"20210504",
"engine_version": "1.1.3.1",
"method": "blacklist", "result": "Trojan.RTF-COM-
Dropper.Gen"
},...
},
"last_analysis_stats": { "confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 37,
"suspicious": 0,
"timeout": 0,
"type-unsupported": 15,
"undetected": 23
},
"last_modification_date": 1620130159,
"last_submission_date": 1526341830,
"magic": "Rich Text Format data, version 1, unknown character set",
"md5": "11c4c7cc2bbab51f6353ecbab4a34d68",
"meaningful_name": "SOA \u0026 payment copy.doc",
"names": [
"SOA \u0026 payment copy.doc", "SOA",
"sourcedoc1$"
],
"packers": {
"F-PROT": "appended"
},
"popular_threat_classification":
{
"popular_threat_category": [
{
"count": 16,
"value": "trojan"
},
{
"count": 8, "value": "dropper"
}
],
"popular_threat_name": [
{
"count": 3,
"value": "cve20151641"
},
{
"count": 2,
"value": "expl"
},
{
"count": 2,
"value": "mo97"
}
],
"suggested_threat_label": "trojan.cve20151641/expl"
},
"reputation": -4,
"rtf_info": { "document_properties": {
"custom_xml_data_propertie
s": 0,
"default_character_set":
"ANSI (default)",
"dos_stubs": 0,
"embedded_drawings": 0,
"embedded_pictures": 0, "longest_hex_string":
86779,
"non_ascii_characters":
293846,
"objects": [
{
"class": "otkloadr WRAssembly 1",
"type": "OLE control"
},
{
"class": "otkloadr WRAssembly 1",
"type": "OLE embedded"
},
{
"class":
"otkloadr WRAssembly 1",
"type": "OLE embedded"
}
],
"read_only_protection ": false,
"rtf_header": "rtf1", "user_protection":
false
}
},
"sandbox_verdicts": { "Lastline": {
"category": "malicious", "malware_classification":
[
"MALWARE"
],
"sandbox_name": "Lastline"
}
},
"sha1": "609a4c511be0e6042c94ff88c26b0acf19f7d a8c",
"sha256": "6cd6abeccf5e7f8507d209eafb8a1a77f2bd4 fe679dd633725759f0a7385500c",
"size": 761563,
"ssdeep": "12288:9v4VZv95bR7embfqQOK6wbVvqSGNImo dL48JkibF0eYGhpv6g:9yx9lRtnt5lpZF0rGd"
,
"tags": [
"ole-embedded", "exploit", "rtf",
"cve-2015-1641",
"ole-control"
],
"times_submitted": 14, "tlsh":
"T1CDF4CFA7034937C1DE9B5D71EF99B407490 5F0A3E6C90B24DBEFE0709BE612938B2A45",
"total_votes": { "harmless": 0,
"malicious": 1
},
"trid": [
{
"file_type": "Rich Text Format",
"probability": 100
}
],
"type_description": "Rich Text Format",
"type_extension": "rtf", "type_tag": "rtf", "unique_sources": 12, "vhash":
"8c37320968a225c52fb8344bd0bed6dc9"
},
"id": "6cd6abeccf5e7f8507d209eafb8a1a77f2bd4fe679 dd633725759f0a7385500c",
"links": {
"self": "https://www.virustotal.com/api/v3/files/6c d6abeccf5e7f8507d209eafb8a1a77f2bd4fe679dd6 33725759f0a7385500c"
},
"type": "file"
},...
],
"downloaded_files": [
{
"attributes": {
"autostart_locations": [
{
"entry": "C:\\WINDOWS\\winmain64.exe",
"location": "Task Scheduler"
},
{
"entry": "C:\\Windows\\winmain64.exe",
"location": "Task Scheduler"
}
],
"downloadable": true, "exiftool": { "FileType": "TXT",
"FileTypeExtension": "txt", "LineCount": 1, "MIMEEncoding": "us-ascii", "MIMEType": "text/plain", "Newlines": "(none)", "WordCount": 6
},
"first_submission_date": 1473369233,
"last_analysis_date": 1574853432,
"last_analysis_results": { "ALYac": {
"category": "undetected", "engine_name": "ALYac", "engine_update":
"20191127",
"engine_version": "1.1.1.5",
"method": "blacklist", "result": null
},...
},
"last_analysis_stats": { "confirmed-timeout": 0,
"failure": 0,
"harmless": 0,
"malicious": 0,
"suspicious": 0,
"timeout": 0,
"type-unsupported": 13,
"undetected": 57
},
"last_modification_date": 1620640787,
"last_submission_date": 1560296158,
"magic": "ASCII text, with no line terminators",
"md5": "43b31a333c9b78f0c53d0f392c233581",
"meaningful_name": "gate.php", "names": [
"gate.php",...
],
"reputation": 0, "sha1":
"5a6c92842517f32fc654fa90d1bb7aff59779 39e",
"sha256": "21f2049d5b7a94430621acbc5f6c467c134d3 68a2c69a8283cc08b1f6183962c",
"size": 15,
"ssdeep": "3:eXCRXn:e0n", "tags": [
"text"
],
"times_submitted": 90, "total_votes": { "harmless": 0,
"malicious": 0
},
"trid": [
{
"file_type": "file seems
to be plain text/ASCII", "probability": 0
}
},
"id":
],
"type_description": "Text", "type_extension": "txt", "type_tag": "text", "unique_sources": 11
"21f2049d5b7a94430621acbc5f6c467c134d368a2c 69a8283cc08b1f6183962c",
"links": {
"self": "https://www.virustotal.com/api/v3/files/21 f2049d5b7a94430621acbc5f6c467c134d368a2c69a 8283cc08b1f6183962c"
},
"type": "file"
},..
],
"id": "moiparks.in", "links": {
"self": "https://www.virustotal.com/api/v3/domains/moiparks.in "
},
"referrer_files": [], "resolutions": [
{
"attributes": {
"date": 1538837772,
"host_name": "moiparks.in", "ip_address": "69.64.147.10", "resolver": "VirusTotal"
},
"id": "69.64.147.10moiparks.in", "links": {
"self": "https://www.virustotal.com/api/v3/resoluti ons/69.64.147.10moiparks.in"
},
"type": "resolution"
},...
],
"siblings": [], "subdomains": [
{
"attributes": {
"categories": {
"Comodo Valkyrie Verdict": "media sharing",
"sophos": "malware callhome, command and control"
},
"last_analysis_results": { "ADMINUSLabs": {
"category": "harmless", "engine_name":
"ADMINUSLabs",
"method": "blacklist", "result": "clean"
},...
},
"last_analysis_stats": { "harmless": 74,
"malicious": 2,
"suspicious": 1,
"timeout": 0,
"undetected": 8
},
"last_dns_records": [], "last_modification_date":
1610393131,
"popularity_ranks": {}, "reputation": 0, "tags": [], "total_votes": { "harmless": 0,
"malicious": 0
},
"whois": ""
},
"id": "www.moiparks.in", "links": {
"self": "https://www.virustotal.com/api/v3/domains/ www.moiparks.in"
},
"type": "domain"
},...
],
"type": "domain", "urls": [
{
"attributes": {
"categories": {
"sophos": "malware callhome, command and control"
},
"first_submission_date": 1617845246,
"has_content": false, "html_meta": {}, "last_analysis_date": 1617845246, "last_analysis_results": {
"ADMINUSLabs": {
"category": "harmless",
"engine_name": "ADMINUSLabs",
"method": "blacklist", "result": "clean"
},...
},
"last_analysis_stats": { "harmless": 75,
"malicious": 1,
"suspicious": 0,
"timeout": 0,
"undetected": 9
},
"last_final_url": "https://moiparks.in/jack/admin.php",
"last_modification_date": 1617845256,
"last_submission_date": 1617845246,
"reputation": 0, "tags": [], "targeted_brand": {}, "threat_names": [
"C2/Generic-A"
],
"times_submitted": 1, "total_votes": { "harmless": 0,
"malicious": 0
},
"trackers": {}, "url":
"https://moiparks.in/jack/admin.php"
},
"context_attributes": { "url":
"https://moiparks.in/jack/admin.php"
},
"id": "fc9079b288905dab4db77984c4f8d78feacf015f99 26e0baeb0cfefc061693f1",
"links": {
"self": "https://www.virustotal.com/api/v3/urls/fc9 079b288905dab4db77984c4f8d78feacf015f9926e0 baeb0cfefc061693f1"
},
"type": "url"
},...
]
}

Back





  • No labels