Badlist¶
Badlist Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| added | Date | Date when the badlisted hash was added | Yes |
NOW |
| attribution | Attribution | Attribution related to the bad hash | Optional |
None |
| classification | Classification | Computed max classification for the bad hash | Yes |
None |
| enabled | Boolean | Is bad hash enabled or not? | Yes |
True |
| expiry_ts | Date | When does this item expire from the list? | Optional |
None |
| hashes | Hashes | List of hashes related to the bad hash | Yes |
See Hashes for more details. |
| file | File | Information about the file | Optional |
None |
| sources | List [Source] | List of reasons why hash is badlisted | Yes |
None |
| tag | Tag | Information about the tag | Optional |
None |
| type | Enum | Type of bad hash Supported values are: "file", "tag" |
Yes |
None |
| updated | Date | Last date when sources were added to the bad hash | Yes |
NOW |
Attribution¶
Attribution Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| actor | List [UpperKeyword] | Attribution Actor | Optional |
None |
| campaign | List [UpperKeyword] | Attribution Campaign | Optional |
None |
| category | List [UpperKeyword] | Attribution Category | Optional |
None |
| exploit | List [UpperKeyword] | Attribution Exploit | Optional |
None |
| implant | List [UpperKeyword] | Attribution Implant | Optional |
None |
| family | List [UpperKeyword] | Attribution Family | Optional |
None |
| network | List [UpperKeyword] | Attribution Network | Optional |
None |
File¶
File Details
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| name | List [Keyword] | List of names seen for that file | Yes |
[] |
| size | Integer | Size of the file in bytes | Optional |
None |
| type | Keyword | Type of file as identified by Assemblyline | Optional |
None |
Hashes¶
Hashes of a badlisted file
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| md5 | MD5 | MD5 | Optional |
None |
| sha1 | SHA1 | SHA1 | Optional |
None |
| sha256 | SHA256 | SHA256 | Optional |
None |
| ssdeep | SSDeepHash | SSDEEP | Optional |
None |
| tlsh | Keyword | None | Optional |
None |
Source¶
Badlist source
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| classification | Classification | Classification of the source | Yes |
TLP:C |
| name | Keyword | Name of the source | Yes |
None |
| reason | List [Keyword] | Reason for why file was badlisted | Yes |
None |
| type | Enum | Type of badlisting source Supported values are: "external", "user" |
Yes |
None |
Tag¶
Tag associated to file
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| type | Keyword | Tag type | Yes |
None |
| value | Keyword | Tag value | Yes |
None |