Falcon Intelligence or Falcon Intelligence Premium.| Parameter | Description |
|---|---|
| Sample ID | The sample ID of the submitted file. Can be obtained from the List Submitted Samples IDs action. |
{
"meta": {
"query_time": 0.016057403,
"powered_by": "falconx-api",
"trace_id": "09a275cf-6d1b-4ef6-816a-cb5b2cc949f8",
"quota": {
"total": 5000,
"used": 3,
"in_progress": 0
}
},
"resources": [
{
"id": "5ddb0407bef249c19c7a975f17979a1f_eecd9a8f319940dfb0255e5d436822d9",
"cid": "5ddb0407bef249c19c7a975f17979a1f",
"created_timestamp": "2019-01-03T13:09:49Z",
"origin": "uiproxy",
"sandbox": [
{
"sha256": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",
"environment_id": 100,
"environment_description": "Windows 7 32 bit",
"submit_name": "42a615198bcdfc72839936409c88af7ded125feabfec4753b307dc985aaba48f",
"threat_score": 100,
"verdict": "malicious",
"file_type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"incidents": [
{
"name": "Fingerprint",
"details": [
"Reads the active computer name"
]
}
],
"classification_tags": [
"gop",
"guardianofpeace",
"operationtroy",
"phandoor",
"silentchollima",
"targeted",
"whoisteam"
],
"sample_flags": [
"Extracted Files"
]
}
],
"intel": [
{
"actors": [
{
"id": 1779,
"name": "SILENT CHOLLIMA",
"slug": "silent-chollima"
}
]
}
],
"tags": [
"silent chollima",
"operationtroy",
"silentchollima",
"whoisteam",
"guardianofpeace",
"targeted",
"darkseoul",
"andariel",
"phandoor",
"gop"
],
"ioc_report_strict_csv_artifact_id": "9a24ffdfe64bc885dc023a43ced533fd90c4187ffe4800e266d54b79c3e1b198",
"ioc_report_broad_csv_artifact_id": "a93e7888b9fd253a05c0568a85a8c572d09a301db4fada4177695a65235ab813",
"ioc_report_strict_json_artifact_id": "ea103590a8fb876486f6f8d21180f82ea7497285aebd48aedfe6b13b44849850",
"ioc_report_broad_json_artifact_id": "555b372175de540a3ea29c7410f451a125b53d4f9bb10fe17c0a1317a5e2fa9e"
}
],
"errors": []
}
Was this page helpful?