API Documentation Moving
API documentation is moving to docs.recordedfuture.com. We will no longer be updating this content. You can access this page until April 25, 2025, but we recommend you bookmark the new site.
This is the Go structure definition of the Overview JSON report that Triage generates.
This report can be fetched through the /samples/{sampleID}/overview.json endpoint.
type(
OverviewReport struct{
Version string`json:"version"`
Sample OverviewSample `json:"sample"`
Tasks []TaskSummary `json:"tasks,omitempty"`
Analysis OverviewAnalysis `json:"analysis"`
Targets []OverviewTarget `json:"targets"`
Errors []ReportedFailure `json:"errors,omitempty"`
Signatures []Signature `json:"signatures,omitempty"`
Extracted []OverviewExtracted `json:"extracted,omitempty"`}
OverviewSample struct{
TargetDesc
Created time.Time `json:"created"`
Completed time.Time `json:"completed"`
IOCs *OverviewIOCs `json:"iocs,omitempty"`}
TaskSummary struct{
Sample string`json:"sample"`
Kind string`json:"kind,omitempty"`
Name string`json:"name,omitempty"`
Status string`json:"status,omitempty"`
TTP []string`json:"ttp,omitempty"`
Tags []string`json:"tags,omitempty"`
Score int`json:"score,omitempty"`
Target string`json:"target,omitempty"`
Backend string`json:"backend,omitempty"`
Resource string`json:"resource,omitempty"`
Platform string`json:"platform,omitempty"`
TaskName string`json:"task_name,omitempty"`
Failure string`json:"failure,omitempty"`
QueueID int64`json:"queue_id,omitempty"`
Pick string`json:"pick,omitempty"`}
OverviewAnalysis struct{
Score int`json:"score"`
Family []string`json:"family,omitempty"`
Tags []string`json:"tags,omitempty"`}
OverviewTarget struct{
Tasks []string`json:"tasks"`
TargetDesc
Tags []string`json:"tags,omitempty"`
Family []string`json:"family,omitempty"`
Signatures []Signature `json:"signatures"`
IOCs *OverviewIOCs `json:"iocs,omitempty"`}
ReportedFailure struct{
Task string`json:"task,omitempty"`
Backend string`json:"backend,omitempty"`
Reason string`json:"reason"`}
OverviewExtracted struct{
Tasks []string`json:"tasks"`*Extract
}
TargetDesc struct{
ID string`json:"id,omitempty"`
CompatScore int`json:"score,omitempty"`
Submitted string`json:"submitted,omitempty"`
CompatCompleted string`json:"completed,omitempty"`
Target string`json:"target,omitempty"`
Pick string`json:"pick,omitempty"`
Type string`json:"type,omitempty"`
Size int64`json:"size,omitempty"`
MD5 string`json:"md5,omitempty"`
SHA1 string`json:"sha1,omitempty"`
SHA256 string`json:"sha256,omitempty"`
SHA512 string`json:"sha512,omitempty"`
Filetype string`json:"filetype,omitempty"`
StaticTags []string`json:"static_tags,omitempty"`}
Signature struct{
Label string`json:"label,omitempty"`
Name string`json:"name"`
Score int`json:"score,omitempty"`
TTP []string`json:"ttp,omitempty"`
Tags []string`json:"tags,omitempty"`
Indicators []Indicator `json:"indicators,omitempty"`
YaraRule string`json:"yara_rule,omitempty"`
Description string`json:"desc,omitempty"`
URL string`json:"url,omitempty"`}
Extract struct{
DumpedFile string`json:"dumped_file,omitempty"`
Resource string`json:"resource,omitempty"`
Config *Config `json:"config,omitempty"`
Path string`json:"path,omitempty"`
RansomNote *Ransom `json:"ransom_note,omitempty"`
Dropper *Dropper `json:"dropper,omitempty"`
Credentials *Credentials `json:"credentials,omitempty"`}
OverviewIOCs struct{
URLs []string`json:"urls,omitempty"`
Domains []string`json:"domains,omitempty"`
IPs []string`json:"ips,omitempty"`}
Indicator struct{
IOC string`json:"ioc,omitempty"`
Description string`json:"description,omitempty"`
At uint32`json:"at,omitempty"`
SourcePID uint64`json:"pid,omitempty"`
SourceProcID int32`json:"procid,omitempty"`
TargetPID uint64`json:"pid_target,omitempty"`
TargetProcID int32`json:"procid_target,omitempty"`
Flow int`json:"flow,omitempty"`
Stream int`json:"stream,omitempty"`
DumpFile string`json:"dump_file,omitempty"`
Resource string`json:"resource,omitempty"`
YaraRule string`json:"yara_rule,omitempty"`}
Config struct{
Family string`json:"family,omitempty"`
Tags []string`json:"tags,omitempty"`
Rule string`json:"rule,omitempty"`
C2 []string`json:"c2,omitempty"`
Version string`json:"version,omitempty"`
Botnet string`json:"botnet,omitempty"`
Campaign string`json:"campaign,omitempty"`
Mutex []string`json:"mutex,omitempty"`
Decoy []string`json:"decoy,omitempty"`
Wallet []string`json:"wallet,omitempty"`
DNS []string`json:"dns,omitempty"`
Keys []Key `json:"keys,omitempty"`
Webinject []string`json:"webinject,omitempty"`
CommandLines []string`json:"command_lines,omitempty"`
ListenAddr string`json:"listen_addr,omitempty"`
ListenPort int`json:"listen_port,omitempty"`
ListenFor []string`json:"listen_for,omitempty"`
Shellcode [][]byte`json:"shellcode,omitempty"`
ExtractedPE []string`json:"extracted_pe,omitempty"`
Credentials []Credentials `json:"credentials,omitempty"`
Attributes interface{}`json:"attr,omitempty"`
Raw string`json:"raw,omitempty"`}
Ransom struct{
Family string`json:"family,omitempty"`
Target string`json:"target,omitempty"`
Emails []string`json:"emails,omitempty"`
Wallets []string`json:"wallets,omitempty"`
URLs []string`json:"urls,omitempty"`
Contact []string`json:"contact,omitempty"`
Note string`json:"note"`}
Dropper struct{
Family string`json:"family,omitempty"`
Language string`json:"language"`
Source string`json:"source,omitempty"`
Deobf string`json:"deobfuscated,omitempty"`
URLs []DropperURL `json:"urls"`}
Credentials struct{
Flow int`json:"flow,omitempty"`
Protocol string`json:"protocol,omitempty"`
Host string`json:"host,omitempty"`
Port int`json:"port,omitempty"`
User string`json:"username"`
Pass string`json:"password"`
EmailTo string`json:"email_to,omitempty"`}
Key struct{
Kind string`json:"kind"`
Key string`json:"key"`
Value interface{}`json:"value"`}
DropperURL struct{
Type string`json:"type"`
URL string`json:"url"`})