| sample.tasks.connection | Connection Activity | StringProx | Network activity including connections,
IP addresses, and country codes. Example: tcp-connection, 46.254.18.90:80 , , RU |
| sample.tasks.dns | DNS Activity | StringProx | DNS activity including query, response,
and type. Example: a0ce.akamaiedge.net |
| sample.tasks.file | File Activity | StringProx | Parent process, action, and file path. Example: Program Files\Zona\utils.jar, |
| sample.tasks.http | HTTP Activity | StringProx | HTTP request including host, method, URL,
and user agent string. Example: /T/a93E_X.jpeg |
| sample.tasks.metadata_sections | PE Metadata | StringProx | Metadata from PE files, including the name,
virtual address, virtual size, and raw size. Example: .text , 15872 , 4096 , 15866 |
| sample.tasks.japi | Java API Activity | StringProx | Java runtime activity. Example: load, class barcode.Get2D not found. |
| sample.tasks.behavior_type | Observed Behavior | StringProx | Behaviors seen when a sample is analyzed
by WildFire. Example: pe_sa_abnl_sect_name |
| sample.tasks.misc | Other API Behavior | StringProx | Non-Java API activity seen when a sample
is analyzed by WildFire. Example: sample.exe , ZwProtectVirtualMemoryFailed , 0xc0000045 , 0xffffffff , pid=1516 , 0x0012fed8 , 0x0012fedc , 0x00000000 |
| sample.tasks.process | Process Activity | StringProx | Processes that showed activity when the
sample was analyzed by WildFire. Example: cmd.exe , terminated , , Users\\Administratorexp lorer.exe" |
| sample.tasks.service | Service Activity | StringProx | Services that showed activity when the sample was
analyzed by WildFire. Example: WINWORD.EXE , StartService , , |
| sample.tasks.user_agent | User Agent Fragments | StringProx | The user agent header for HTTP requests
sent when the sample was analyzed by Wildfire. Example: Microsoft-CryptoAPI/6.1 |
