| sample.tasks.elf_suspicious_behavior | Linux Suspicious Behavior | StringProx | Suspicious behavior from an Linux file based
on static analysis. Example: sample contains hard-coded malicious IP address |
| sample.tasks.elf_functions | Linux Functions | StringProx | Function contained in the Linux
file. Example: __libc_sigaction |
| sample.tasks.elf_commands | Linux Commands | StringProx | Command contained in the Linux
file. Example: rm -rf /var/log/wtmp |
| sample.tasks.elf_file_paths | Linux File Paths | StringProx | File path contained in an Linux
file. Example: /var/run |
| sample.tasks.elf_ip_address | Linux IP Address | StringProx | An IP address detected during
Linux sample analysis. |
| sample.tasks.elf_domains | Linux Domains | StringProx | Domain detected during Linux
sample analysis. Example: run.work. |
| sample.tasks.elf_url | Linux URLs | StringProx | URL detected during Linux sample
analysis. Example: http://208.67.1.59/bins.sh. |
| sample.tasks.elf_command_action | Linux Command Action | StringProx | Command actions embedded into Linux sample
file. Example: /usr/bin/pusjcgkdgq gnome-terminal 739 |
| sample.tasks.elf_file_activity | Linux File Activity | StringProx | Files that showed activity as a result of the
sample being executed in the WildFire analysis environment. Artifacts listed
for each file activity include the parent process that showed activity,
the action the parent process performed, and the file that was altered
(created, modified, duplicated, or deleted). Example: unlink , /usr/bin/pusjcgkdgq |
| sample.tasks.elf_suspicious_action | Linux Suspicious Action | StringProx | An action that the Linux file performed with
it was executed in the WildFire analysis environment. Example: Sample accesses network information or configuration , /proc/net/tcp |
