{% extends "base.html" %} {% block content %}
For MD5, SHA1, SHA256 and SHA512 no prefix is needed.
Prefix | Description |
---|---|
name: |
File name pattern |
type: |
File type/format |
string: |
String contained in the binary |
ssdeep: |
Fuzzy hash |
crc32: |
CRC32 hash |
imphash: |
Search for PE Imphash |
iconhash: |
Search for exact hash of the icon associated with the PE |
iconfuzzy: |
Search for hash designed to match on similar-looking icons |
file: |
Open files matching the pattern |
command: |
Executed commands matching the pattern |
resolvedapi: |
APIs resolved at runtime matching the pattern |
key: |
Open registry keys matching the pattern |
mutex: |
Open mutexes matching the pattern |
ip: |
Contact the specified IP address |
domain: |
Contact the specified domain |
url: |
Search for Cuckoo Sandbox URL analysis |
signame: |
Search for Cuckoo Sandbox signatures through signature names |
signature: |
Search for Cuckoo Sandbox signatures through signature descriptions |
malfamily: |
Search for samples associated with malware family |
surialert: |
Search for Suricata Alerts |
suritls: |
Search for Suricata TLS |
surihttp: |
Search for Suricata HTTP |
clamav: |
Local ClamAV detections |
yaraname: |
Yara Rule Name for analysis samples |
procmemyara: |
Yara Rule Name for process memory dumps |
virustotal: |
Virus Total Detected Name |
comment: |
Search for Analysis Comments |
ID | Timestamp | Filename | Target/MD5 | {% if config.moloch %}Moloch | {% endif %} {% if config.suricata %}SuriAlert | {% endif %} {% if config.virustotal %}VT | {% endif %}MalScore | Status |
---|---|---|---|---|---|---|---|---|
{{analysis.id}} | {% if analysis.status == "reported" %} {{analysis.completed_on}} {% else %} {{analysis.added_on}} (added on) {% endif %} | {{analysis.filename}} | {% if analysis.status == "reported" %} {% if analysis.category == "url" %} {{analysis.target}} {% else %} {{analysis.sample.md5}} {% endif %} {% else %} {% if analysis.category == "url" %} {{analysis.target}} {% else %} {{analysis.sample.md5}} {% endif %} {% endif %} | {% if config.moloch %}{% if analysis.moloch_url %} MOLOCH {% else %} None {% endif %} | {% endif %} {% if config.suricata %}{% if analysis.suri_alert_cnt %} {{analysis.suri_alert_cnt}} {% else %} None {% endif %} | {% endif %} {% if config.virustotal %}{% if analysis.virustotal_summary %} {{analysis.virustotal_summary}} {% else %} None {% endif %} | {% endif %}{% if analysis.malscore != None %} {{analysis.malscore|floatformat:1}} {% else %} None {% endif %} | {% if analysis.status == "pending" %} pending {% elif analysis.status == "running" %} running {% elif analysis.status == "completed" %} processing {% elif analysis.status == "reported" %} {% if analysis.errors %} {% else %} {% endif%} reported {% else %} {{analysis.status}} {% endif %} |