Malware configuration for certain malware families
malware_config contains extracted malware configuration files for certain malware families that are identified via Yara rules. Extracted subfields may vary from family to family but they'll always be string key-values.
This field is only available for Premium API users.
{
"data": {
"attributes": {
"malware_config": {
"<string:field_name>": "<string:value>",...
}
}
}
}
{
"data": {
"attributes": {
"malware_config": {
"campaign_id": "Hcwfjr",
"domain": "0.tcp.ngggke.io",
"family": "njRat",
"install_dir": "TEMP",
"install_flag": "True",
"install_name": "server1.exe",
"network_separator": "|'|'|",
"port": "18354",
"registry_value": "92893539d5d3558f5b256571544dccb0",
"version": "0.7d"
}
}
}
}