Summary

General information about the file analysis results.

MD5—MD5 hash of the analyzed file.

File size—Size of the analyzed file, in bytes.

Reset similarity thresholds—Indicates whether similarity thresholds for compared samples were ignored, i.e. the corresponding parameter (check box) was selected while creating a task.

Matched attribution entities—List of malicious actors or tools matched with the submitted file (if found).

Extracted path—Path to the file in the archive (for files that were unpacked for analysis).

Unpack—Indicates whether contents of the attached file were unpacked before analysis, i.e. the corresponding parameter (check box) was selected while creating a task.

Sample & Content

Information about files extracted from the packed file that is submitted for Kaspersky Threat Attribution Engine analysis.

Status—Status of the extracted file.

MD5—MD5 hash of the extracted file. Clicking the item navigates you to the Threat Lookup page where lookup results for this file are displayed.

File name—Name of the extracted file.

Size—Size of the extracted file, in bytes.

Bad genotypes (matched/total)—Number of genotypes in the analyzed file that match the genotypes in the similar attribution entity samples.

Bad strings (matched/total)—Number of strings in the analyzed file that match the strings in the similar attribution entity samples.

Attribution entities—Attribution entities related to the extracted file. Actor names are presented as clickable tags. When you click a tag, Kaspersky Threat Intelligence Portal searches for the respective actor and opens the Reporting tab of the Threat Lookup page with search results.

Similar samples

Information about attribution entity samples similar to the analyzed file.

Status—Status of the sample.

MD5—MD5 hash of a similar sample. Clicking the item navigates you to the Threat Lookup page where lookup results for this file are displayed.

Size—Size of a similar sample, in bytes.

Genotypes matched (total)—Number of genotypes in the similar attribution entity sample that match the analyzed file. This is followed by the total number of genotypes in the similar sample that are related to the attribution entity.

Strings matched (total)—Number of strings in the similar attribution entity sample that match the analyzed file. This is followed by the total number of strings in the similar sample that are related to the attribution entity.

Similarity—Percentage of similarity between the analyzed file and the similar attribution entity sample.

Attribution entities—Malicious actors or tools matched with the sample. Actor names are presented as clickable tags. When you click a tag, Kaspersky Threat Intelligence Portal searches for the respective actor and opens the Reporting tab of the Threat Lookup page with search results.

Aliases—Known aliases for the attribution entity related to this sample.

Matched genotypes

Information about the genotypes matched with the analyzed file.

Genotype—Genotype in the analyzed file that matches genotypes of similar attribution entity samples.

Matched—Number of all known attribution entity samples with this genotype.

Used by—Attribution entities related to samples with this genotype.

Matched strings

Information about strings matched with the analyzed file.

String—String in the analyzed file that matches strings of similar attribution entity samples.

Matched—Number of all known attribution entity samples with this string.

Used by—Attribution entities related to samples with this string.