{ "data": [ { "attributes": { "meta": { "read": false, "last_modified_on": "2022-11-22T11:33:52.037", "legacy_id": 85534366, "acknowledged": false, "alert_type": "yara" }, "ati": {}, "alert": { "product": "ETP", "alert_type": [ "at" ], "severity": "majr", "ack": "no", "malware_md5": "b2255f656c300f3e00e51b6d0e62a7bb", "explanation": { "analysis": "binary", "protocol": "", "anomaly": "", "timestamp": "2022-11-22T11:32:50.000000", "malware_detected": { "malware": [ { "name": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more", "stype": "yara", "type": "ehdr", "original_name": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more", "original": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more", "downloaded_at": "2022-11-22T11:32:50.154835", "md5sum": "b2255f656c300f3e00e51b6d0e62a7bb", "submitted_at": "2022-11-22T11:32:48.665004", "sha256": "94e617d9cfb98fcc0abc4010e1e4f030cdd5c0820be31c06259081cf4869561", "executed_at": "2022-11-22T11:32:50.154835" } ] }, "os_changes": null, "cnc_services": { "cnc_service": null } }, "timestamp": "2022-11-22T11:33:52.036", "action": "notified", "name": "malware-object" "sha256":"94e617d9cfb98fcc0abc4010e1e4f030cdd5c0820be31c06259081cf48695261" }, "email": { "status": "quarantined", "source_ip": "96.47.26.93", "smtp": { "rcpt_to": "userc@musubi2.etp-testdomain5.com", "mail_from": "bounce-cn1-zh_cnn_i_news_ndban112220227630041-h-ee3d2699f7=2@newsletters.cnn.com" }, "etp_message_id": "3yINFWA-1111152-7B1209271853BC7365d49e4a8", "headers": { "cc": "", "to": "userc@musubi2.etptestdomain5.com", "from": "CNN's 5 Things <5things@newsletters.cnn.com>", "subject": "Test mail" },"attachment": "yara|yara_simple_eg.yara|AsciiExample_1 and 1 more", "timestamp": { "accepted":"2022-11-22T11:32:41" }, "source_country": "us" } }, "id": "3yINFWA-1111152-8784f526-be90-45ed-8867-ec1fcf066dd8" } ], "meta": { "total": 1, "copyright": "Copyright 2022 FireEye Security Holdings US LLC" },"type": "alerts" }
Preview this Workflow on desktop