Tagging¶
Tagging Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| attribution | Attribution | Attribution Tagging | Optional |
None |
| av | AV | Antivirus Tagging | Optional |
None |
| cert | Cert | Certificate Tagging | Optional |
None |
| code | Code | Code Tagging | Optional |
None |
| dynamic | Dynamic | Dynamic Analysis Tagging | Optional |
None |
| info | Info | Informational Tagging | Optional |
None |
| file | File | File Tagging | Optional |
None |
| network | Network | Network Tagging | Optional |
None |
| source | List [Keyword] | Source Tagging | Optional |
None |
| technique | Technique | Technique Tagging | Optional |
None |
| vector | List [Keyword] | Vector Tagging | Optional |
None |
AV¶
Antivirus Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| heuristic | List [Keyword] | List of heuristics | Optional |
None |
| virus_name | List [Keyword] | Collection of virus names identified by antivirus tools | Optional |
None |
Attribution¶
Attribution Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| actor | List [UpperKeyword] | Attribution Actor | Optional |
None |
| campaign | List [UpperKeyword] | Attribution Campaign | Optional |
None |
| category | List [UpperKeyword] | Attribution Category | Optional |
None |
| exploit | List [UpperKeyword] | Attribution Exploit | Optional |
None |
| implant | List [UpperKeyword] | Attribution Implant | Optional |
None |
| family | List [UpperKeyword] | Attribution Family | Optional |
None |
| network | List [UpperKeyword] | Attribution Network | Optional |
None |
Cert¶
Certificate Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| extended_key_usage | List [Keyword] | Extended Key Usage | Optional |
None |
| issuer | List [Keyword] | Issuer | Optional |
None |
| key_usage | List [Keyword] | Key Usage | Optional |
None |
| owner | List [Keyword] | Owner | Optional |
None |
| serial_no | List [Keyword] | Serial Number | Optional |
None |
| signature_algo | List [Keyword] | Signature Algorithm | Optional |
None |
| subject | List [Keyword] | Subject Name | Optional |
None |
| subject_alt_name | List [Keyword] | Alternative Subject Name | Optional |
None |
| thumbprint | List [Keyword] | Thumbprint | Optional |
None |
| valid | CertValid | Validity Information | Optional |
None |
| version | List [Keyword] | Version | Optional |
None |
CertValid¶
Valid Certificate Period
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| start | List [Keyword] | Start date of certificate validity | Optional |
None |
| end | List [Keyword] | End date of certificate validity | Optional |
None |
Code¶
Code Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| sha256 | List [SHA256] | SHA256 of Code | Optional |
None |
Dynamic¶
Dynamic Tag Model. Commonly Used by Dynamic Analysis
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| autorun_location | List [Keyword] | Autorun location | Optional |
None |
| dos_device | List [Keyword] | DOS Device | Optional |
None |
| mutex | List [Keyword] | Mutex | Optional |
None |
| registry_key | List [Keyword] | Registy Keys | Optional |
None |
| process | DynamicProcess | Sandbox Processes | Optional |
None |
| signature | DynamicSignature | Sandbox Signatures | Optional |
None |
| ssdeep | DynamicSSDeep | Sandbox SSDeep | Optional |
None |
| window | DynamicWindow | Sandbox Window | Optional |
None |
| operating_system | DynamicOperatingSystem | Sandbox Operating System | Optional |
None |
| processtree_id | List [Keyword] | Process Tree ID | Optional |
None |
DynamicOperatingSystem¶
Operating System
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| platform | List [Platform] | Platform | Optional |
None |
| version | List [Keyword] | Version | Optional |
None |
| processor | List [Processor] | Processor | Optional |
None |
DynamicProcess¶
Dynamic Process
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| command_line | List [Keyword] | Commandline | Optional |
None |
| file_name | List [Keyword] | Filename | Optional |
None |
| shortcut | List [Keyword] | Shortcut | Optional |
None |
DynamicSSDeep¶
SSDeep
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| cls_ids | List [SSDeepHash] | CLSIDs | Optional |
None |
| dynamic_classes | List [SSDeepHash] | Dynamic Classes | Optional |
None |
| regkeys | List [SSDeepHash] | Registry Keys | Optional |
None |
DynamicSignature¶
Signatures
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| category | List [Keyword] | Signature Category | Optional |
None |
| family | List [Keyword] | Signature Family | Optional |
None |
| name | List [Keyword] | Signature Name | Optional |
None |
DynamicWindow¶
Windows
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| cls_ids | List [Keyword] | CLSIDs | Optional |
None |
| dynamic_classes | List [Keyword] | Dynamic Classes | Optional |
None |
| regkeys | List [Keyword] | Registry Keys | Optional |
None |
File¶
File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| ancestry | List [Keyword] | File Genealogy | Optional |
None |
| behavior | List [Keyword] | File Behaviour | Optional |
None |
| compiler | List [Keyword] | Compiler of File | Optional |
None |
| config | List [Keyword] | File Configuration | Optional |
None |
| date | FileDate | File's Date Information | Optional |
None |
| elf | FileELF | ELF File Properties | Optional |
None |
| lib | List [Keyword] | File Libraries | Optional |
None |
| lsh | List [Keyword] | File LSH hashes | Optional |
None |
| name | FileName | File Name | Optional |
None |
| path | List [Keyword] | File Path | Optional |
None |
| rule | Mapping [String, List [Keyword]] | Rule/Signature File | Optional |
None |
| string | FileStrings | File Strings Properties | Optional |
None |
| apk | FileAPK | APK File Properties | Optional |
None |
| jar | FileJAR | JAR File Properties | Optional |
None |
| img | FileIMG | Image File Properties | Optional |
None |
| ole | FileOLE | OLE File Properties | Optional |
None |
| pe | FilePE | PE File Properties | Optional |
None |
| FilePDF | PDF File Properties | Optional |
None |
|
| plist | FilePList | PList File Properties | Optional |
None |
| powershell | FilePowerShell | PowerShell File Properties | Optional |
None |
| shortcut | FileShortcut | Shortcut File Properties | Optional |
None |
| swf | FileSWF | SWF File Properties | Optional |
None |
FileAPK¶
APK File Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| activity | List [Keyword] | Activity | Optional |
None |
| app | FileAPKApp | APK Application Information | Optional |
None |
| feature | List [Keyword] | Features | Optional |
None |
| locale | List [Keyword] | Locale | Optional |
None |
| permission | List [Keyword] | Permissions | Optional |
None |
| pkg_name | List [Keyword] | Package Name | Optional |
None |
| provides_component | List [Keyword] | Components Provided | Optional |
None |
| sdk | FileAPKSDK | APK SDK Information | Optional |
None |
| used_library | List [Keyword] | Libraries Used | Optional |
None |
FileAPKApp¶
APK Application Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| label | List [Keyword] | Label | Optional |
None |
| version | List [Keyword] | Version | Optional |
None |
FileAPKSDK¶
APK SDK Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| min | List [Keyword] | Minimum OS required | Optional |
None |
| target | List [Keyword] | Target OS | Optional |
None |
FileDate¶
File Date Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| creation | List [Keyword] | File Creation Date | Optional |
None |
| last_modified | List [Keyword] | File Last Modified Date | Optional |
None |
FileELF¶
ELF File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| libraries | List [Keyword] | Libraries | Optional |
None |
| interpreter | List [Keyword] | Interpreter | Optional |
None |
| sections | FileELFSections | ELF Sections | Optional |
None |
| segments | FileELFSegments | ELF Segments | Optional |
None |
| notes | FileELFNotes | ELF Notes | Optional |
None |
FileELFNotes¶
ELF Notes
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| name | List [Keyword] | Note Name | Optional |
None |
| type | List [Keyword] | Note Type | Optional |
None |
| type_core | List [Keyword] | Note Core Type | Optional |
None |
FileELFSections¶
ELF Sections
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| name | List [Keyword] | Section Name | Optional |
None |
FileELFSegments¶
ELF Segments
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| type | List [Keyword] | Segment Type | Optional |
None |
FileIMG¶
Image File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| exif_tool | FileIMGExiftool | Exiftool Information | Optional |
None |
| mega_pixels | List [Keyword] | Megapixels | Optional |
None |
| mode | List [Keyword] | Image Mode | Optional |
None |
| size | List [Keyword] | Image Size | Optional |
None |
| sorted_metadata_hash | List [Keyword] | Sorted Metadata Hash | Optional |
None |
FileIMGExiftool¶
Exiftool Information Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| creator_tool | List [Keyword] | Image Creation Tool | Optional |
None |
| derived_document_id | List [Keyword] | Derived Document ID | Optional |
None |
| document_id | List [Keyword] | Document ID | Optional |
None |
| instance_id | List [Keyword] | Instance ID | Optional |
None |
| toolkit | List [Keyword] | Toolkit | Optional |
None |
FileJAR¶
JAR File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| main_class | List [Keyword] | Main Class | Optional |
None |
| main_package | List [Keyword] | Main Package | Optional |
None |
| imported_package | List [Keyword] | Imported package | Optional |
None |
FileName¶
File Name Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| anomaly | List [Keyword] | Name of Anomaly | Optional |
None |
| extracted | List [Keyword] | Name of Extracted | Optional |
None |
FileOLE¶
OLE File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| macro | FileOLEMacro | OLE Macro | Optional |
None |
| summary | FileOLESummary | OLE Summary | Optional |
None |
| clsid | List [Keyword] | CLSID | Optional |
None |
| dde_link | List [Keyword] | DDE Link | Optional |
None |
| fib_timestamp | List [Keyword] | FIB Timestamp | Optional |
None |
FileOLEMacro¶
OLE Macro Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| sha256 | List [SHA256] | SHA256 of Macro | Optional |
None |
| suspicious_string | List [Keyword] | Suspicious Strings | Optional |
None |
FileOLESummary¶
OLE Summary Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| author | List [Keyword] | Author | Optional |
None |
| codepage | List [Keyword] | Code Page | Optional |
None |
| comment | List [Keyword] | Comment | Optional |
None |
| company | List [Keyword] | Company | Optional |
None |
| create_time | List [Keyword] | Creation Time | Optional |
None |
| last_printed | List [Keyword] | Date Last Printed | Optional |
None |
| last_saved_by | List [Keyword] | User Last Saved By | Optional |
None |
| last_saved_time | List [Keyword] | Date Last Saved | Optional |
None |
| manager | List [Keyword] | Manager | Optional |
None |
| subject | List [Keyword] | Subject | Optional |
None |
| title | List [Keyword] | Title | Optional |
None |
FilePDF¶
PDF File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| date | FilePDFDate | PDF Date Information | Optional |
None |
| javascript | FilePDFJavascript | PDF Javascript Information | Optional |
None |
| stats | FilePDFStats | PDF Statistics Information | Optional |
None |
FilePDFDate¶
PDF Date Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| modified | List [Keyword] | Date Modified | Optional |
None |
| pdfx | List [Keyword] | PDFx | Optional |
None |
| source_modified | List [Keyword] | Date Source Modified | Optional |
None |
FilePDFJavascript¶
PDF Javascript Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| sha1 | List [SHA1] | SHA1 of Javascript | Optional |
None |
FilePDFStats¶
PDF Statistics Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| sha1 | List [SHA1] | SHA1 of Statistics | Optional |
None |
FilePE¶
PE File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| api_vector | List [Keyword] | API Vector | Optional |
None |
| authenticode | FilePEAuthenticode | PE Authenticode Information | Optional |
None |
| debug | FilePEDebug | PE Debug Information | Optional |
None |
| exports | FilePEExports | PE Exports Information | Optional |
None |
| imports | FilePEImports | PE Imports Information | Optional |
None |
| linker | FilePELinker | PE Linker Information | Optional |
None |
| oep | FilePEOEP | PE OEP Information | Optional |
None |
| pdb_filename | List [Keyword] | PDB Filename | Optional |
None |
| resources | FilePEResources | PE Resources Information | Optional |
None |
| rich_header | FilePERichHeader | PE Rich Header Information | Optional |
None |
| sections | FilePESections | PE Sections Information | Optional |
None |
| versions | FilePEVersions | PE Versions Information | Optional |
None |
FilePEAuthenticode¶
PE Authenticode Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| spc_sp_opus_info | FilePEAuthenticodeSpcSpOpusInfo | AAA | Optional |
None |
FilePEAuthenticodeSpcSpOpusInfo¶
PE SpcSpOpusInfo Attribute Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| program_name | List [Keyword] | Program Name | Optional |
None |
FilePEDebug¶
PE Debug Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| guid | List [Keyword] | GUID | Optional |
None |
FilePEExports¶
PE Exports Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| function_name | List [Keyword] | Function Name | Optional |
None |
| module_name | List [Keyword] | Module Name | Optional |
None |
FilePEImports¶
PE Imports Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| fuzzy | List [SSDeepHash] | Fuzzy | Optional |
None |
| md5 | List [MD5] | MD5 | Optional |
None |
| imphash | List [MD5] | Imphash | Optional |
None |
| sorted_fuzzy | List [SSDeepHash] | Sorted Fuzzy | Optional |
None |
| sorted_sha1 | List [SHA1] | Sorted SHA1 | Optional |
None |
| gimphash | List [SHA256] | Go Import hash | Optional |
None |
| suspicious | List [Keyword] | Suspicious | Optional |
None |
FilePELinker¶
PE Linker Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| timestamp | List [Keyword] | Timestamp | Optional |
None |
FilePEOEP¶
PE OEP Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| bytes | List [Keyword] | Bytes | Optional |
None |
| hexdump | List [Keyword] | Hex Dump | Optional |
None |
FilePEResources¶
PE Resources Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| language | List [Keyword] | Language | Optional |
None |
| name | List [Keyword] | Name | Optional |
None |
FilePERichHeader¶
PE Rich Header Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| hash | List [Keyword] | Hash | Optional |
None |
FilePESections¶
PE Sections Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| hash | List [Keyword] | Hash | Optional |
None |
| name | List [Keyword] | Name | Optional |
None |
FilePEVersions¶
PE Versions Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| description | List [Keyword] | Description | Optional |
None |
| filename | List [Keyword] | Filename | Optional |
None |
FilePList¶
PList File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| installer_url | List [Keyword] | Installer URL | Optional |
None |
| min_os_version | List [Keyword] | Minimum OS Version | Optional |
None |
| requests_open_access | List [Keyword] | Requests Open Access | Optional |
None |
| build | FilePListBuild | Build Information | Optional |
None |
| cf_bundle | FilePListCFBundle | CF Bundle Information | Optional |
None |
| dt | FilePListDT | DT Information | Optional |
None |
| ls | FilePListLS | LS Information | Optional |
None |
| ns | FilePListNS | NS Information | Optional |
None |
| ui | FilePListUI | UI Information | Optional |
None |
| wk | FilePListWK | WK Information | Optional |
None |
FilePListBuild¶
PList Build Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| machine_os | List [Keyword] | Machine OS | Optional |
None |
FilePListCFBundle¶
PList CF Bundle Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| development_region | List [Keyword] | Development Region | Optional |
None |
| display_name | List [Keyword] | Display Name | Optional |
None |
| executable | List [Keyword] | Executable Name | Optional |
None |
| identifier | List [Keyword] | Identifier Name | Optional |
None |
| name | List [Keyword] | Bundle Name | Optional |
None |
| pkg_type | List [Keyword] | Package Type | Optional |
None |
| signature | List [Keyword] | Signature | Optional |
None |
| url_scheme | List [Keyword] | URL Scheme | Optional |
None |
| version | FilePListCFBundleVersion | Bundle Version Information | Optional |
None |
FilePListCFBundleVersion¶
PList CF Bundle Version Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| long | List [Keyword] | Long Version | Optional |
None |
| short | List [Keyword] | Short Version | Optional |
None |
FilePListDT¶
PList DT Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| compiler | List [Keyword] | Compiler | Optional |
None |
| platform | FilePListDTPlatform | Platform Information | Optional |
None |
FilePListDTPlatform¶
PList DT Platform Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| build | List [Keyword] | Build | Optional |
None |
| name | List [Keyword] | Name | Optional |
None |
| version | List [Keyword] | Version | Optional |
None |
FilePListLS¶
PList LS Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| background_only | List [Keyword] | Background Only | Optional |
None |
| min_system_version | List [Keyword] | Minimum System Versuion | Optional |
None |
FilePListNS¶
PList NS Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| apple_script_enabled | List [Keyword] | Apple Script Enabled | Optional |
None |
| principal_class | List [Keyword] | Principal Class | Optional |
None |
FilePListUI¶
PList UI Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| background_modes | List [Keyword] | Background Modes | Optional |
None |
| requires_persistent_wifi | List [Keyword] | Requires Persistent WIFI | Optional |
None |
FilePListWK¶
PList WK Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| app_bundle_identifier | List [Keyword] | App Bundle ID | Optional |
None |
FilePowerShell¶
PowerShell File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| cmdlet | List [Keyword] | Cmdlet | Optional |
None |
FileSWF¶
SWF File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| header | FileSWFHeader | Header Information | Optional |
None |
| tags_ssdeep | List [SSDeepHash] | Tags SSDeep | Optional |
None |
FileSWFHeader¶
SWF Header Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| frame | FileSWFHeaderFrame | Header Frame Information | Optional |
None |
| version | List [Keyword] | Version | Optional |
None |
FileSWFHeaderFrame¶
SWF Header Frame
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| count | List [Integer] | Number of Frames | Optional |
None |
| rate | List [Keyword] | Speed of Animation | Optional |
None |
| size | List [Keyword] | Size of Frame | Optional |
None |
FileShortcut¶
Shortcut File Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| command_line | List [Keyword] | Command Line | Optional |
None |
| icon_location | List [Keyword] | Icon Location | Optional |
None |
| machine_id | List [Keyword] | Machine ID | Optional |
None |
| tracker_mac | List [Keyword] | Possible MAC address from the Tracker block | Optional |
None |
FileStrings¶
Strings File Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| api | List [Keyword] | API | Optional |
None |
| blacklisted | List [Keyword] | Blacklisted | Optional |
None |
| decoded | List [Keyword] | Decoded | Optional |
None |
| extracted | List [Keyword] | Extracted | Optional |
None |
Info¶
General Information Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| phone_number | List [PhoneNumber] | None | Optional |
None |
| password | List [Keyword] | Password | Optional |
None |
Network¶
Network Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| attack | List [Keyword] | Attack | Optional |
None |
| dynamic | NetworkIOCs | Dynamic IOCs | Optional |
None |
| NetworkEmail | Optional |
None |
||
| mac_address | List [MAC] | MAC Address | Optional |
None |
| port | List [Integer] | Port | Optional |
None |
| protocol | List [Keyword] | Protocol | Optional |
None |
| signature | NetworkSignature | Signatures | Optional |
None |
| static | NetworkIOCs | Static IOCs | Optional |
None |
| tls | NetworkTLS | TLS | Optional |
None |
| user_agent | List [Keyword] | User Agent | Optional |
None |
NetworkEmail¶
Network Email Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| address | List [Email] | Email Address | Optional |
None |
| date | List [Keyword] | Date | Optional |
None |
| subject | List [Keyword] | Subject | Optional |
None |
| msg_id | List [Keyword] | Message ID | Optional |
None |
NetworkIOCs¶
Network IOC Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| domain | List [Domain] | Domain | Optional |
None |
| ip | List [IP] | IP | Optional |
None |
| unc_path | List [UNCPath] | UNC Path | Optional |
None |
| uri | List [URI] | URI | Optional |
None |
| uri_path | List [URIPath] | URI Path | Optional |
None |
NetworkSignature¶
Network Signature Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| signature_id | List [Keyword] | Signature ID | Optional |
None |
| message | List [Keyword] | Signature Message | Optional |
None |
NetworkTLS¶
Network TLS Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| ja3_hash | List [MD5] | JA3 Hash | Optional |
None |
| ja3_string | List [Keyword] | JA3 String | Optional |
None |
| ja3s_hash | List [MD5] | JA3S Hash | Optional |
None |
| ja3s_string | List [Keyword] | JA3S String | Optional |
None |
| ja4_hash | List [ValidatedKeyword] | JA4 Hash | Optional |
None |
| ja4s_hash | List [ValidatedKeyword] | JA4S Hash | Optional |
None |
| sni | List [Keyword] | SNI | Optional |
None |
Technique¶
Technique Tag Model
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| comms_routine | List [Keyword] | Communication Routine | Optional |
None |
| config | List [Keyword] | Configuration | Optional |
None |
| crypto | List [Keyword] | Cryptography | Optional |
None |
| exploit | List [Keyword] | Exploit | Optional |
None |
| keylogger | List [Keyword] | Keylogger | Optional |
None |
| macro | List [Keyword] | Macro | Optional |
None |
| masking_algo | List [Keyword] | Masking Algorithm | Optional |
None |
| obfuscation | List [Keyword] | Obfuscation | Optional |
None |
| packer | List [Keyword] | Packer | Optional |
None |
| persistence | List [Keyword] | Persistence | Optional |
None |
| shellcode | List [Keyword] | Shell Code | Optional |
None |
| string | List [Keyword] | String | Optional |
None |