Data Sets - Common Fields

Field

Description

Data_Sets

area_code

area code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

attribution

provides malware attribution or actor attribution for sinkhole

sinkhole_traffic, threat_recon

city

city name geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

country

two character country code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

domain_cat

general site categorization of indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic

etl_date

date data was exported, transformed or loaded(ETL)

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon,

first_seen

when keylogger output first observed

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

indicator

indicator extracted from keylogger output

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

indicator_context

context in which keylogger indicator observed; keylogged email, portal etc.

keylogger_data, malicious_emails, sinkhole_traffic, threat_recon

indicator_type

indicator type

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

last_seen

when keylogger output last observed

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

location

latitude longitude coordinates

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

postal_code

postal code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

raw_data_file

normalized name of keylogger output file- consists of md5 hash +_content.txt or .eml

keylogger_data, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon

reference

URL for paste: may not resolve if paste taken down

darkweb, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon

region

region name geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

url_cat

specific site categorization of indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic

PreviousData Sets - Unique Fields NextElastic Stack Field Listing: wl_*

Last updated 4 years ago

Data Sets - Common Fields

Field

Description

Data_Sets

area_code

area code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

attribution

provides malware attribution or actor attribution for sinkhole

sinkhole_traffic, threat_recon

city

city name geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

country

two character country code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

domain_cat

general site categorization of indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic

etl_date

date data was exported, transformed or loaded(ETL)

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon,

first_seen

when keylogger output first observed

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

indicator

indicator extracted from keylogger output

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

indicator_context

context in which keylogger indicator observed; keylogged email, portal etc.

keylogger_data, malicious_emails, sinkhole_traffic, threat_recon

indicator_type

indicator type

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

last_seen

when keylogger output last observed

darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

location

latitude longitude coordinates

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

postal_code

postal code geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

raw_data_file

normalized name of keylogger output file- consists of md5 hash +_content.txt or .eml

keylogger_data, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon

reference

URL for paste: may not resolve if paste taken down

darkweb, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon

region

region name geolocated from indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon

url_cat

specific site categorization of indicator

keylogger_data, pastebin, malicious_emails, sinkhole_traffic

PreviousData Sets - Unique Fields NextElastic Stack Field Listing: wl_*

Last updated 4 years ago