Documentation
¶
Index ¶
- type Config
- type Credentials
- type DNSEntry
- type Dropper
- type DropperURL
- type Dump
- type Extract
- type FileReport
- type Hashes
- type Indicator
- type Key
- type NetworkDomainRequest
- type NetworkDomainResponse
- type NetworkFlow
- type NetworkReport
- type NetworkRequest
- type NetworkWebRequest
- type NetworkWebResponse
- type OverviewAnalysis
- type OverviewExtracted
- type OverviewIOCs
- type OverviewReport
- type OverviewSample
- type OverviewTarget
- type Process
- type Ransom
- type ReportAnalysis
- type ReportAnalysisInfo
- type ReportSample
- type ReportTask
- type ReportedFailure
- type Signature
- type StaticReport
- type TargetDesc
- type TaskSummary
- type TriageReport
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Family string `json:"family,omitempty"`
Tags []string `json:"tags,omitempty"`
Rule string `json:"rule,omitempty"`
C2 []string `json:"c2,omitempty"`
Version string `json:"version,omitempty"`
Botnet string `json:"botnet,omitempty"`
Campaign string `json:"campaign,omitempty"`
Mutex []string `json:"mutex,omitempty"`
Decoy []string `json:"decoy,omitempty"`
DNS []string `json:"dns,omitempty"`
Keys []Key `json:"keys,omitempty"`
Webinject []string `json:"webinject,omitempty"`
CommandLines []string `json:"command_lines,omitempty"`
ListenAddr string `json:"listen_addr,omitempty"`
ListenPort int `json:"listen_port,omitempty"`
ListenFor []string `json:"listen_for,omitempty"`
Shellcode [][]byte `json:"shellcode,omitempty"`
ExtractedPE []string `json:"extracted_pe,omitempty"`
Credentials []Credentials `json:"credentials,omitempty"`
Attributes interface{} `json:"attr,omitempty"`
}
triage_report.json
type Credentials ¶
type Credentials struct {
Flow int `json:"flow,omitempty"`
Protocol string `json:"protocol"`
Host string `json:"host,omitempty"`
Port int `json:"port,omitempty"`
User string `json:"username"`
Pass string `json:"password"`
}
triage_report.json
type DNSEntry ¶
type DNSEntry struct {
Name string `json:"name"`
Type string `json:"type"`
Value string `json:"value,omitempty"`
}
triage_report.json
type Dropper ¶
type Dropper struct {
Family string `json:"family,omitempty"`
Language string `json:"language"`
Source string `json:"source"`
Deobf string `json:"deobfuscated"`
URLs []DropperURL `json:"urls"`
}
triage_report.json
type DropperURL ¶
triage_report.json
type Dump ¶
type Dump struct {
At uint32 `json:"at"`
PID uint64 `json:"pid,omitempty"`
ProcID int32 `json:"procid,omitempty"`
Path string `json:"path,omitempty"`
Name string `json:"name,omitempty"`
Kind string `json:"kind,omitempty"`
Addr uint64 `json:"addr,omitempty"`
Length uint64 `json:"length,omitempty"`
MD5 string `json:"md5,omitempty"`
SHA1 string `json:"sha1,omitempty"`
SHA256 string `json:"sha256,omitempty"`
SHA512 string `json:"sha512,omitempty"`
}
triage_report.json
type Extract ¶
type Extract struct {
DumpedFile string `json:"dumped_file,omitempty"`
Resource string `json:"resource,omitempty"`
Config *Config `json:"config,omitempty"`
Path string `json:"path,omitempty"`
RansomNote *Ransom `json:"ransom_note,omitempty"`
Dropper *Dropper `json:"dropper,omitempty"`
Credentials *Credentials `json:"credentials,omitempty"`
}
triage_report.json
type FileReport ¶
type FileReport struct {
Name string `json:"filename"`
RelPath string `json:"relpath,omitempty"`
Size uint64 `json:"filesize"`
Hashes
Extensions []string `json:"exts"`
Tags []string `json:"tags"`
Filetype string `json:"filetype,omitempty"`
Mime string `json:"mime,omitempty"`
Depth int `json:"depth"`
Error string `json:"error,omitempty"`
Kind string `json:"kind"`
Selected bool `json:"selected"`
RunAs string `json:"runas,omitempty"`
Password string `json:"password,omitempty"`
}
static.json
type Hashes ¶
type Hashes struct {
MD5 string `json:"md5,omitempty"`
SHA1 string `json:"sha1,omitempty"`
SHA256 string `json:"sha256,omitempty"`
SHA512 string `json:"sha512,omitempty"`
}
static.json
type Indicator ¶
type Indicator struct {
IOC string `json:"ioc,omitempty"`
Description string `json:"description,omitempty"`
At uint32 `json:"at,omitempty"`
SourcePID uint64 `json:"pid,omitempty"`
SourceProcID int32 `json:"procid,omitempty"`
TargetPID uint64 `json:"pid_target,omitempty"`
TargetProcID int32 `json:"procid_target,omitempty"`
Flow int `json:"flow,omitempty"`
DumpFile string `json:"dump_file,omitempty"`
Resource string `json:"resource,omitempty"`
YaraRule string `json:"yara_rule,omitempty"`
}
triage_report.json
type Key ¶
type Key struct {
Kind string `json:"kind"`
Key string `json:"key"`
Value interface{} `json:"value"`
}
triage_report.json
type NetworkDomainRequest ¶
type NetworkDomainRequest struct {
Domains []string `json:"domains,omitempty"`
Questions []DNSEntry `json:"questions,omitempty"`
}
triage_report.json
type NetworkDomainResponse ¶
type NetworkDomainResponse struct {
Domains []string `json:"domains,omitempty"`
IP []string `json:"ip,omitempty"`
Answers []DNSEntry `json:"answers,omitempty"`
}
triage_report.json
type NetworkFlow ¶
type NetworkFlow struct {
ID int `json:"id,omitempty"`
Source string `json:"src,omitempty"`
Dest string `json:"dst,omitempty"`
Proto string `json:"proto,omitempty"`
PID uint64 `json:"pid,omitempty"`
ProcID int32 `json:"procid,omitempty"`
FirstSeen int64 `json:"first_seen,omitempty"`
LastSeen int64 `json:"last_seen,omitempty"`
RxBytes uint64 `json:"rx_bytes,omitempty"`
RxPackets uint64 `json:"rx_packets,omitempty"`
TxBytes uint64 `json:"tx_bytes,omitempty"`
TxPackets uint64 `json:"tx_packets,omitempty"`
Protocols []string `json:"protocols,omitempty"`
Domain string `json:"domain,omitempty"`
JA3 string `json:"tls_ja3,omitempty"`
JA3S string `json:"tls_ja3s,omitempty"`
SNI string `json:"tls_sni,omitempty"`
Country string `json:"country,omitempty"`
AS string `json:"as_num,omitempty"`
Org string `json:"as_org,omitempty"`
}
triage_report.json
type NetworkReport ¶
type NetworkReport struct {
Flows []NetworkFlow `json:"flows,omitempty"`
Requests []NetworkRequest `json:"requests,omitempty"`
}
triage_report.json
type NetworkRequest ¶
type NetworkRequest struct {
Flow int `json:"flow,omitempty"`
Index int `json:"index,omitempty"`
At uint32 `json:"at,omitempty"`
DomainReq *NetworkDomainRequest `json:"dns_request,omitempty"`
DomainResp *NetworkDomainResponse `json:"dns_response,omitempty"`
WebReq *NetworkWebRequest `json:"http_request,omitempty"`
WebResp *NetworkWebResponse `json:"http_response,omitempty"`
}
triage_report.json
type NetworkWebRequest ¶
type NetworkWebRequest struct {
Method string `json:"method,omitempty"`
URL string `json:"url"`
Request string `json:"request"`
Headers []string `json:"headers,omitempty"`
}
triage_report.json
type NetworkWebResponse ¶
type NetworkWebResponse struct {
Status string `json:"status"`
Response string `json:"response"`
Headers []string `json:"headers,omitempty"`
}
triage_report.json
type OverviewAnalysis ¶
type OverviewAnalysis struct {
Score int `json:"score"`
Family []string `json:"family,omitempty"`
Tags []string `json:"tags,omitempty"`
}
overview.json
type OverviewExtracted ¶
overview.json
type OverviewIOCs ¶
type OverviewIOCs struct {
URLs []string `json:"urls,omitempty"`
Domains []string `json:"domains,omitempty"`
IPs []string `json:"ips,omitempty"`
}
overview.json
type OverviewReport ¶
type OverviewReport struct {
Version string `json:"version"`
Sample OverviewSample `json:"sample"`
Tasks []TaskSummary `json:"tasks,omitempty"`
Analysis OverviewAnalysis `json:"analysis"`
Targets []OverviewTarget `json:"targets"`
Errors []ReportedFailure `json:"errors,omitempty"`
Signatures []Signature `json:"signatures,omitempty"`
Extracted []OverviewExtracted `json:"extracted,omitempty"`
}
overview.json
type OverviewSample ¶
type OverviewSample struct {
TargetDesc
Created time.Time `json:"created"`
Completed time.Time `json:"completed"`
IOCs *OverviewIOCs `json:"iocs,omitempty"`
}
overview.json
type OverviewTarget ¶
type OverviewTarget struct {
Tasks []string `json:"tasks"`
TargetDesc
Tags []string `json:"tags,omitempty"`
Family []string `json:"family,omitempty"`
Signatures []Signature `json:"signatures"`
IOCs *OverviewIOCs `json:"iocs,omitempty"`
}
overview.json
type Process ¶
type Process struct {
ProcID int32 `json:"procid,omitempty"`
ParentProcID int32 `json:"procid_parent,omitempty"`
PID uint64 `json:"pid"`
PPID uint64 `json:"ppid"`
Cmd interface{} `json:"cmd"`
Image string `json:"image,omitempty"`
Orig bool `json:"orig"`
System bool `json:"-"`
Started uint32 `json:"started"`
Terminated uint32 `json:"terminated,omitempty"`
}
triage_report.json
type Ransom ¶
type Ransom struct {
Family string `json:"family,omitempty"`
Target string `json:"target,omitempty"`
Emails []string `json:"emails,omitempty"`
Wallets []string `json:"wallets,omitempty"`
URLs []string `json:"urls,omitempty"`
Contact []string `json:"contact,omitempty"`
Note string `json:"note"`
}
triage_report.json
type ReportAnalysis ¶
type ReportAnalysis struct {
Reported string `json:"reported,omitempty"`
Score int `json:"score,omitempty"`
Tags []string `json:"tags,omitempty"`
}
static.json
type ReportAnalysisInfo ¶
type ReportAnalysisInfo struct {
Score int `json:"score,omitempty"`
Tags []string `json:"tags"`
TTP []string `json:"ttp,omitempty"`
Features []string `json:"features,omitempty"`
Submitted string `json:"submitted,omitempty"`
Reported string `json:"reported,omitempty"`
MaxTimeNetwork int64 `json:"max_time_network,omitempty"`
MaxTimeKernel uint32 `json:"max_time_kernel,omitempty"`
Backend string `json:"backend,omitempty"`
Resource string `json:"resource,omitempty"`
ResourceTags []string `json:"resource_tags,omitempty"`
Platform string `json:"platform,omitempty"`
}
triage_report.json
type ReportSample ¶
type ReportSample struct {
ID string `json:"sample"`
Kind string `json:"kind,omitempty"`
Size uint64 `json:"size,omitempty"`
Target string `json:"target,omitempty"`
Submitted string `json:"submitted,omitempty"`
}
static.json
type ReportTask ¶
static.json
type ReportedFailure ¶
type ReportedFailure struct {
Task string `json:"task,omitempty"`
Backend string `json:"backend,omitempty"`
Reason string `json:"reason"`
}
triage_report.json
type Signature ¶
type Signature struct {
Label string `json:"label,omitempty"`
Name string `json:"name"`
Score int `json:"score,omitempty"`
TTP []string `json:"ttp,omitempty"`
Tags []string `json:"tags,omitempty"`
Indicators []Indicator `json:"indicators,omitempty"`
YaraRule string `json:"yara_rule,omitempty"`
Description string `json:"desc,omitempty"`
URL string `json:"url,omitempty"`
}
triage_report.json
type StaticReport ¶
type StaticReport struct {
Version string `json:"version"`
Sample ReportSample `json:"sample"`
Task ReportTask `json:"task"`
Analysis ReportAnalysis `json:"analysis"`
Signatures []*Signature `json:"signatures,omitempty"`
Files []*FileReport `json:"files"`
UnpackCount int `json:"unpack_count"`
ErrorCount int `json:"error_count"`
CompatKind string `json:"kind,omitempty"`
Errors []ReportedFailure `json:"errors,omitempty"`
Extracted []*Extract `json:"extracted,omitempty"`
}
static.json
type TargetDesc ¶
type TargetDesc struct {
ID string `json:"id,omitempty"`
CompatScore int `json:"score,omitempty"`
Submitted string `json:"submitted,omitempty"`
CompatCompleted string `json:"completed,omitempty"`
Target string `json:"target,omitempty"`
Pick string `json:"pick,omitempty"`
Type string `json:"type,omitempty"`
Size int64 `json:"size,omitempty"`
MD5 string `json:"md5,omitempty"`
SHA1 string `json:"sha1,omitempty"`
SHA256 string `json:"sha256,omitempty"`
SHA512 string `json:"sha512,omitempty"`
Filetype string `json:"filetype,omitempty"`
StaticTags []string `json:"static_tags,omitempty"`
}
triage_report.json
type TaskSummary ¶
type TaskSummary struct {
Sample string `json:"sample"`
Kind string `json:"kind,omitempty"`
Name string `json:"name,omitempty"`
Status string `json:"status,omitempty"`
TTP []string `json:"ttp,omitempty"`
Tags []string `json:"tags,omitempty"`
Score int `json:"score,omitempty"`
Target string `json:"target,omitempty"`
Backend string `json:"backend,omitempty"`
Resource string `json:"resource,omitempty"`
Platform string `json:"platform,omitempty"`
TaskName string `json:"task_name,omitempty"`
Failure string `json:"failure,omitempty"`
QueueID int64 `json:"queue_id,omitempty"`
Pick string `json:"pick,omitempty"`
}
overview.json
type TriageReport ¶
type TriageReport struct {
Version string `json:"version"`
Sample TargetDesc `json:"sample"`
Task TargetDesc `json:"task"`
Errors []ReportedFailure `json:"errors,omitempty"`
Analysis ReportAnalysisInfo `json:"analysis,omitempty"`
Processes []Process `json:"processes,omitempty"`
Signatures []Signature `json:"signatures"`
Network NetworkReport `json:"network"`
Debug map[string]interface{} `json:"debug,omitempty"`
Dumped []Dump `json:"dumped,omitempty"`
Extracted []Extract `json:"extracted,omitempty"`
}
triage_report.json
Source Files
Click to show internal directories.
Click to hide internal directories.