Graph API Version

MalwareAnalysis

A sample of malware.

Fields

ParameterDescriptionTypeLimited To

id

Unique identifier of the malware

number

added_on

Datetime the analysis was created

string

crx

A Google Chrome Browser Extension ID

string

Chrome extensions

imphash

The PE Import hash of the malware

string

Portable Executable files

md5

The MD5 hash of the malware

string

password

The password required to decompress the sample

string

pe_rich_header

The PE Rich Header hash of the malware

string

Portable Executable files compiled by Visual C++

review_status

Whether this data has been reviewed manually or automatically

ReviewStatusType

sample

A base64 encoded ZIP file containing the sample. The password field will be needed to decompress the file.

string

sample_type

The MIME type of the malware sample.

string

sha1

The SHA1 hash of the malware

string

sha256

The SHA256 hash of the malware

string

sha3_384

The SHA3-384 hash of the malware

string

share_level

A designation of how the indicator may be shared, based on the US-CERT's Traffic Light Protocol

ShareLevelType

ssdeep

The SSDeep hash of the malware

string

status

The maliciousness of the sample

StatusType

victim_count

A count of known victims infected and/or spreading the malware

number

xpi

The Mozilla Firefox extension ID

string

Firefox extensions

Sample Usage

Example query for a specific malware sample: 518964484802467

https://graph.facebook.com/v2.8/518964484802467/?access_token=555|aSdF123GhK&fields=added_on,id,status,md5,sha1,sha256

Data returned:

{
  "added_on": "2014-02-10T08:15:08+0000",
  "id": "518964484802467",
  "md5": "31a345a897ef34cf2a5ce707d217ac6b",
  "sha1": "bc45693e681244bef57bc2e20bff0ff9e32e2105",
  "sha256": "2b7f45684ed8a86f446a0a835debaf9b3dda7d38f74d672eb5237ca2001add1e",
  "status": "UNKNOWN"
}

Connections

NameDescriptionType

dropped

Malware installed by this malware

Malware

dropped_by

Malware installing this malware

Malware

families

The groups or clusters the malware belongs to

MalwareFamily

threat_indicators

Threat indicators linked to this malware

ThreatIndicator

tags

The tags applied to this descriptor

string

Sample Usage

Example query for a specific malware sample: 518964484802467

https://graph.facebook.com/v2.8/518964484802467/dropped/?access_token=555|aSdF123GhK

Data returned:

{
  "data": [
    {
      "added_on": "2014-05-17T08:50:23+0000",
      "crx": "imidebfpiccjhkmkliilncodnlcijpnl",
      "status": "MALICIOUS",
      "victim_count": 1,
      "id": "636198259806586"
    },
    ...
  ]
}