Page tree

Contents

Provides threat reports on an indicator generated by Malware Analysis.

Data Structure:

{
 “match”: bool,
 “details”: { 
  “as_owner”: string, 
  “asn”: string, 
  “country”: string,
  “response_code”: integer, 
  “verbose_msg”: string,  
  “detected_urls”: [
   {
    “scan_date”: string, 
    “url”: string, 
    “positives”: integer,   
    “total”: integer
   },
   …
  ],
  “resolutions”: [
   {
    “hostname”: string, 
    “last_resolved”: string
   },
   …
  ],
  “detected_communicating_samples”: [
   {
    “date”: string, 
    “positives”: integer, 
    “sha256”: string, 
    “total”: integer
   },
   …
  ],
  “undetected_communicating_samples: [
   {
    “date”: string, 
    “positives”: integer, 
    “sha256”: string, 
    “total”: integer
   },
   …
  ],
  “detected_download_samples: [
   {
    “date”: string, 
    “positives”: integer, 
    “sha256”: string, 
    “total”: integer
   },
   …
  ],
  “undetected_download_samples: [
   {
    “date”: string, 
    “positives”: integer, 
    “sha256”: string, 
    “total”: integer
   },
   …
  ],
  “undetected_referrer_samples: [
    {
    “positives”: integer, 
    “sha256”: string, 
    “total”: integer
   },
   …
  ],
 }
}

Example:

When “moiparks.in” is used as the indicator WHOIS returns the following

{
 "details": {
 "BitDefender domain info": "This URL domain/host was seen to host badware at some point in time",
 "Forcepoint ThreatSeeker category": "bot networks",
 "Malwarebytes hpHosts info": "Has been engaged in the distribution of malware", "categories": [
  "bot networks"
 ],
 "detected_urls": [
  {
   "positives": 3,
   "scan_date": "2017-06-13 02:02:01",
   "total": 64,
   "url": "http://moiparks.in/"
  },
  …
 ],
 "domain_siblings": [], 
 "resolutions": [
  {
   "ip_address": "45.63.119.161",
   "last_resolved": "2017-09-23 00:00:00"
  },
  …
 ],
 "response_code": 1, "subdomains": [
 "www.moiparks.in"
 ],
 "undetected_downloaded_samples": [
  {
   "date": "2016-06-09 16:14:35",
   "positives": 0, 
   "sha256": "7cc79432ea8ef9c1f7eb89e8f90985f00b6916fa938156f3ce42643d5878933c", 
   "total": 56
  },
  …
 ],
  "verbose_msg": "Domain found in dataset",
  "whois": "Domain ID:D414400000001024909-AFIN\nDomain…", 
  "whois_timestamp": 1494605322.90688
 },
 "match": true
}


Click here to return to the Infoblox Dossier User Guide main page.

  • No labels

This page has no comments.