Conditions for System Process IOCs
The following table summarizes the conditions applicable for indicators used by System Process IOCs.
|
Items |
Indicator |
|
|
|
|
|
|
|
|
|---|---|---|---|---|---|---|---|---|---|
| fileitem | filepath |
|
|
|
|
||||
| fullpath |
|
|
|
|
|||||
| md5sum |
|
||||||||
| sizeinbytes |
|
|
|
|
|||||
| created |
|
|
|||||||
| modified |
|
|
|||||||
| accessed |
|
|
|||||||
| peinfo / digitalsignature / certificateissuer |
|
|
|
|
|||||
| peinfo / digitalsignature / certificatesubject |
|
|
|
|
|||||
| processitem | pid |
|
|
|
|
||||
| path |
|
|
|
|
|||||
| sectionlist / memorysection / digitalsignature / certificateissuer |
|
|
|
|
|||||
| sectionlist/ memorysection / digitalsignature / certificatesubject |
|
|
|
|
|||||
| sectionlist/ memorysection / md5sum |
|
||||||||
| handlelist / handle / type |
|
|
|
|
|||||
| handlelist / handle / name |
|
|
|
|
|||||
| starttime |
|
|
|||||||
| serviceitem | type |
|
|
|
|
||||
| name |
|
|
|
|
|||||
| descriptivename |
|
|
|
|
|||||
| description |
|
|
|
|
|||||
| status |
|
|
|
|
|||||
| startedas |
|
|
|
|
|||||
| servicedllcertificateissuer |
|
|
|
|
|||||
| servicedllcertificatesubject |
|
|
|
|
|||||
| servicedllmd5sum |
|
||||||||
| registryitem | keypath |
|
|
|
|
||||
| path |
|
|
|
|
|||||
| valuename |
|
|
|
|
|||||
| value |
|
|
|
|
