GTI Enrichment Report Failed
{{content.errorMessage}}

GTI Enrichment Report - {{content.type === 'ip_address' ? 'IP Address' : (content.type === 'domain' ? 'Domain' : (content.type === 'file' ? 'File' : 'URL'))}}

Summary
{{content.type === 'ip_address' ? 'IP Address' : (content.type === 'domain' ? 'Domain' : (content.type === 'file' ? 'File Hash' : 'URL'))}} {{content.type === 'url' ? content.attributes.url : content.id}}
Malicious {{content.attributes.last_analysis_stats.malicious}}/{{content.attributes.last_analysis_stats.harmless + content.attributes.last_analysis_stats.suspicious + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.malicious + content.attributes.last_analysis_stats.undetected}}
Suspicious {{content.attributes.last_analysis_stats.suspicious}}/{{content.attributes.last_analysis_stats.harmless + content.attributes.last_analysis_stats['type-unsupported'] + content.attributes.last_analysis_stats.suspicious + content.attributes.last_analysis_stats['confirmed-timeout'] + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.failure + content.attributes.last_analysis_stats.malicious + content.attributes.last_analysis_stats.undetected}}
Undefined {{content.attributes.last_analysis_stats['type-unsupported'] + content.attributes.last_analysis_stats['confirmed-timeout'] + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.failure + content.attributes.last_analysis_stats.undetected}}/{{content.attributes.last_analysis_stats['type-unsupported'] + content.attributes.last_analysis_stats['confirmed-timeout'] + content.attributes.last_analysis_stats.timeout + content.attributes.last_analysis_stats.failure + content.attributes.last_analysis_stats.undetected + content.attributes.last_analysis_stats.harmless + content.attributes.last_analysis_stats.malicious + content.attributes.last_analysis_stats.suspicious}}
Last Analysis Date {{content.attributes.last_analysis_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Reputation {{content.attributes.reputation}}
ASN {{content.attributes.asn}}
AS Owner {{content.attributes.as_owner}}
Network {{content.attributes.network}}
Country {{content.attributes.rdap.country}}
VirusTotal Report
URL Details
Page Title {{content.attributes.title}}
HTTP Response Code {{content.attributes.last_http_response_code}}
Content Length {{content.attributes.last_http_response_content_length}} bytes
Times Submitted {{content.attributes.times_submitted}}
First Submission {{content.attributes.first_submission_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Last Submission {{content.attributes.last_submission_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Top Level Domain {{content.attributes.tld}}
Has Content {{content.attributes.has_content ? 'Yes' : 'No'}}
Domain Details
Registrar {{content.attributes.registrar}}
Creation Date {{content.attributes.creation_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Expiration Date {{content.attributes.expiration_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Last Update Date {{content.attributes.last_update_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Top Level Domain {{content.attributes.tld}}
JARM Fingerprint {{content.attributes.jarm}}
Popularity Rank
{{service}}: #{{rank.rank}}
File Details
File Size {{content.attributes.size}} bytes
File Type {{content.attributes.type_description}}
First Submission {{content.attributes.first_submission_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Last Submission {{content.attributes.last_submission_date*1000 | date: 'yyyy-MM-dd HH:mm:ss'}}
Times Submitted {{content.attributes.times_submitted}}
MD5 {{content.attributes.md5}}
SHA1 {{content.attributes.sha1}}
SHA256 {{content.attributes.sha256}}
SSDEEP {{content.attributes.ssdeep}}
GTI Assessment
Verdict {{content.attributes.gti_assessment.verdict.value}}
Severity {{content.attributes.gti_assessment.severity.value}}
Threat Score {{content.attributes.gti_assessment.threat_score.value}}
Description {{content.attributes.gti_assessment.description}}
Mandiant Confidence Score {{content.attributes.gti_assessment.contributing_factors.mandiant_confidence_score}}
GTI Confidence Score {{content.attributes.gti_assessment.contributing_factors.gti_confidence_score}}
Categories {{content.attributes.gti_assessment.contributing_factors.normalised_categories.join(', ')}}
Pervasive Indicator {{content.attributes.gti_assessment.contributing_factors.pervasive_indicator}}
Mandiant Domain Hijack {{content.attributes.gti_assessment.contributing_factors.mandiant_domain_hijack}}
Associated Malware Configuration {{content.attributes.gti_assessment.contributing_factors.associated_malware_configuration}}
Mandiant Analyst Benign {{content.attributes.gti_assessment.contributing_factors.mandiant_analyst_benign}}
Malicious Sandbox Verdict {{content.attributes.gti_assessment.contributing_factors.malicious_sandbox_verdict}}
Mandiant Association Report {{content.attributes.gti_assessment.contributing_factors.mandiant_association_report}}
Google Malware Analysis {{content.attributes.gti_assessment.contributing_factors.google_malware_analysis}}
Threat Severity
Level {{content.attributes.threat_severity.threat_severity_level}}
Detections {{content.attributes.threat_severity.threat_severity_data.num_detections}}
Threat Category {{content.attributes.threat_severity.threat_severity_data.popular_threat_category}}
Description {{content.attributes.threat_severity.level_description}}
Bad Communicating Files (High) {{content.attributes.threat_severity.threat_severity_data.has_bad_communicating_files_high}}
Bad Communicating Files (Medium) {{content.attributes.threat_severity.threat_severity_data.has_bad_communicating_files_medium}}
Belongs to Bad Collection {{content.attributes.threat_severity.threat_severity_data.belongs_to_bad_collection}}
Belongs To Threat Actor {{content.attributes.threat_severity.threat_severity_data.belongs_to_threat_actor}}
Domain Rank {{content.attributes.threat_severity.threat_severity_data.domain_rank}}
GAV Detections {{content.attributes.threat_severity.threat_severity_data.num_gav_detections}}
URL Security & Categories
Categories
{{engine}}: {{category}}
Tags {{tag}}
Outgoing Links
Redirection Chain
HTTPS Certificate
Subject {{content.attributes.last_https_certificate.subject.CN}}
Issuer {{content.attributes.last_https_certificate.issuer.CN}}
Valid From {{content.attributes.last_https_certificate.validity.not_before}}
Valid To {{content.attributes.last_https_certificate.validity.not_after}}
Serial Number {{content.attributes.last_https_certificate.serial_number}}
Thumbprint SHA256 {{content.attributes.last_https_certificate.thumbprint_sha256}}
Scans
Scanner Detected Method Result
{{scanner.engine_name || scanner_name}} {{scanner.method || "-"}} {{scanner.result || "-"}}

Relationships

Reports ({{content.relationships.reports.length}})
(First 10)
ID Name Origin Details
{{report.id || '-'}} {{report.attributes.name || '-'}} {{report.attributes.origin || '-'}}
Targeted Industries:
{{report.attributes.targeted_industries_tree}} -
Source Regions:
{{report.attributes.source_regions_hierarchy}} -
Targeted Regions:
{{report.attributes.targeted_regions_hierarchy}} -
Collections ({{content.relationships.collections.length}})
(First 10)
ID Name Origin Details
{{collection.id || '-'}} {{collection.attributes.name || '-'}} {{collection.attributes.origin || '-'}}
Targeted Industries:
{{collection.attributes.targeted_industries_tree}} -
Source Regions:
{{collection.attributes.source_regions_hierarchy}} -
Targeted Regions:
{{collection.attributes.targeted_regions_hierarchy}} -
Campaigns ({{content.relationships.campaigns.length}})
(First 10)
ID Name Origin Details
{{campaign.id || '-'}} {{campaign.attributes.name || '-'}} {{campaign.attributes.origin || '-'}}
Targeted Industries:
{{campaign.attributes.targeted_industries_tree}} -
Source Regions:
{{campaign.attributes.source_regions_hierarchy}} -
Targeted Regions:
{{campaign.attributes.targeted_regions_hierarchy}} -
Malware Families ({{content.relationships.malware_families.length}})
(First 10)
ID Name Origin Details
{{malware_familie.id || '-'}} {{malware_familie.attributes.name || '-'}} {{malware_familie.attributes.origin || '-'}}
Targeted Industries:
{{malware_familie.attributes.targeted_industries_tree}} -
Source Regions:
{{malware_familie.attributes.source_regions_hierarchy}} -
Targeted Regions:
{{malware_familie.attributes.targeted_regions_hierarchy}} -
Threat Actors ({{content.relationships.related_threat_actors.length}})
(First 10)
ID Name Origin Details
{{related_threat_actor.id || '-'}} {{related_threat_actor.attributes.name || '-'}} {{related_threat_actor.attributes.origin || '-'}}
Targeted Industries:
{{related_threat_actor.attributes.targeted_industries_tree}} -
Source Regions:
{{related_threat_actor.attributes.source_regions_hierarchy}} -
Targeted Regions:
{{related_threat_actor.attributes.targeted_regions_hierarchy}} -
Software Toolkits ({{content.relationships.software_toolkits.length}})
(First 10)
ID Name Origin Details
{{software_toolkit.id || '-'}} {{software_toolkit.attributes.name || '-'}} {{software_toolkit.attributes.origin || '-'}}
Targeted Industries:
{{software_toolkit.attributes.targeted_industries_tree}} -
Source Regions:
{{software_toolkit.attributes.source_regions_hierarchy}} -
Targeted Regions:
{{software_toolkit.attributes.targeted_regions_hierarchy}} -
Vulnerabilities ({{content.relationships.vulnerabilities.length}})
(First 10)
ID Name Priority Details
{{vuln.id || '-'}} {{vuln.attributes.name || '-'}} {{vuln.attributes.priority || '-'}}
Executive Summary:
CVSS Scores:
v3.1: {{vuln.attributes.cvss.cvssv3_x.base_score}} ({{vuln.attributes.cvss.cvssv3_x.vector}}) , Temporal: {{vuln.attributes.cvss.cvssv3_x.temporal_score}}
v2.0: {{vuln.attributes.cvss.cvssv2_0.base_score}} ({{vuln.attributes.cvss.cvssv2_0.vector}}) , Temporal: {{vuln.attributes.cvss.cvssv2_0.temporal_score}}
Sources:
-
Comments ({{content.relationships.comments.length}})
(First 10)
ID Date Details
{{comment.id || '-'}} {{comment.attributes.date * 1000 | date:'yyyy-MM-dd HH:mm:ss'}}
Comment:
{{ (comment.attributes.text.split(' ').length > 30) ? comment.attributes.text.split(' ').slice(0,30).join(' ') + '...' : comment.attributes.text }}
Tags: {{tag}}, -
Votes:
Positive: {{comment.attributes.votes.positive}} | Negative: {{comment.attributes.votes.negative}} | Abuse: {{comment.attributes.votes.abuse}}
Resolutions ({{content.relationships.resolutions.length}})
(First 10)
Host Name IP Address Resolver Host Name Analysis IP Address Analysis
{{res.attributes.host_name || '-'}} {{res.attributes.ip_address || '-'}} {{res.attributes.resolver || '-'}}
Malicious: {{res.attributes.host_name_last_analysis_stats.malicious}}
Suspicious: {{res.attributes.host_name_last_analysis_stats.suspicious}}
Undetected: {{res.attributes.host_name_last_analysis_stats.undetected}}
Harmless: {{res.attributes.host_name_last_analysis_stats.harmless}}
Malicious: {{res.attributes.ip_address_last_analysis_stats.malicious}}
Suspicious: {{res.attributes.ip_address_last_analysis_stats.suspicious}}
Undetected: {{res.attributes.ip_address_last_analysis_stats.undetected}}
Harmless: {{res.attributes.ip_address_last_analysis_stats.harmless}}
File Behaviour Analysis ({{content.relationships.behaviours.length}})
(First 10)
Sandbox: {{beh.attributes.sandbox_name || '-'}}
Confidence: {{beh.attributes.verdict_confidence}}%
Verdict: {{ver}}
Command Executions:
  • {{cmd}}
DNS Lookups:
Hostname Resolved IPs
{{dns.hostname || '-'}} {{dns.resolved_ips.join(', ')}} -
Signature Matches:
Name Description Matched Data
{{sig.name || '-'}} {{sig.description || '-'}} {{sig.match_data.join(', ')}} -

MITRE ATT&CK Report

MITRE ATT&CK Analysis ({{content.mitre_attack_data.length}})
(First 10)
ID Tactic Details
{{tactic.id || '-'}} {{tactic.name || '-'}}
{{tactic.sandbox_name || '-'}}
Description:
{{ (tactic.description.split(' ').length > 30) ? tactic.description.split(' ').slice(0,30).join(' ') + '...' : tactic.description }}
Techniques:
{{tech.id}} - {{tech.name}}
{{ (tech.description.split(' ').length > 30) ? tech.description.split(' ').slice(0,30).join(' ') + '...' : tech.description }}
Signatures:
Severity Description
{{sig.severity}} {{ (sig.description.split(' ').length > 30) ? sig.description.split(' ').slice(0,30).join(' ') + '...' : sig.description }}
-