πŸ”’ malware_config

Malware configuration for certain malware families

malware_config contains extracted malware configuration files for certain malware families that are identified via Yara rules. Extracted subfields may vary from family to family but they'll always be string key-values.

This field is only available for Premium API users.

{
    "data": {
        "attributes": {
            "malware_config": {
                "<string:field_name>": "<string:value>",...
            }
        }
    }
}
{
    "data": {
        "attributes": {
            "malware_config": {
                "campaign_id": "Hcwfjr",
                "domain": "0.tcp.ngggke.io",
                "family": "njRat",
                "install_dir": "TEMP",
                "install_flag": "True",
                "install_name": "server1.exe",
                "network_separator": "|'|'|",
                "port": "18354",
                "registry_value": "92893539d5d3558f5b256571544dccb0",
                "version": "0.7d"
            }
        }
    }
}