Data Sets - Common Fields
Field | Description | Data_Sets |
area_code | area code geolocated from indicator | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
attribution | provides malware attribution or actor attribution for sinkhole | sinkhole_traffic, threat_recon |
city | city name geolocated from indicator | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
country | two character country code geolocated from indicator | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
domain_cat | general site categorization of indicator | keylogger_data, pastebin, malicious_emails, sinkhole_traffic |
etl_date | date data was exported, transformed or loaded(ETL) | darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon, |
first_seen | when keylogger output first observed | darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
indicator | indicator extracted from keylogger output | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
indicator_context | context in which keylogger indicator observed; keylogged email, portal etc. | keylogger_data, malicious_emails, sinkhole_traffic, threat_recon |
indicator_type | indicator type | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
last_seen | when keylogger output last observed | darkweb, keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
location | latitude longitude coordinates | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
postal_code | postal code geolocated from indicator | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
raw_data_file | normalized name of keylogger output file- consists of md5 hash +_content.txt or .eml | keylogger_data, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon |
reference | URL for paste: may not resolve if paste taken down | darkweb, pastebin, malicious_emails, malicious_emails_context, malicious_email_detections, sinkhole_traffic, threat_recon |
region | region name geolocated from indicator | keylogger_data, pastebin, malicious_emails, sinkhole_traffic, threat_recon |
url_cat | specific site categorization of indicator | keylogger_data, pastebin, malicious_emails, sinkhole_traffic |
Last updated