Kaspersky Threat Intelligence Portal provides information about detected items and activities that were registered during the file execution. For registered users, execution map, information about suspicious activities, and screenshots are also available.
Dynamic analysis detects
Detects that were registered during the file execution.
Dynamic analysis detects
Field name |
Description |
|---|---|
Status |
Danger zone (level) associated with the detect (Malware or Adware and other). |
Name |
Name of the detected object (for example, HEUR:Exploit.Script.Blocker). Each item in the list is clickable—you can click it to view its description on the Kaspersky threats website. |
Triggered network rules
SNORT and Suricata rules that were triggered during analysis of traffic from the executed file.
Triggered network rules
Field name |
Description |
|---|---|
Zone |
Danger zone (level) associated with the network traffic detected by the SNORT or Suricata rule (High, Medium, Low, Info). |
Rule |
SNORT or Suricata rule name. |
Execution map
Graphically represented sequence of the file activities and relationships between them.
Execution map is available only for registered users.
The root node of the tree represents the executed file. Each tree element is marked according to its danger level (High, Medium, or Low). You can click a tree element to view detailed information. You can also zoom the execution map by scrolling the map area.
Suspicious activities
Suspicious activities registered during the file execution.
This section is available only for registered users.
Suspicious activities
Field name |
Description |
|---|---|
Zone |
Danger zone (level) of the registered activity (High, Medium, Low). |
Severity |
Numerical value of the danger level of the registered activity (integer 1–999). |
Description |
Activity description. For example, "Executable has obtained the privilege," "The file has been dropped and executed," or "The process has injected binary code into another process." Certain descriptions contain mapping with MITRE ATT&CK threat classification. For example, "MITRE: T1082 System Information Discovery." |
Screenshots
Set of screenshots that were taken during the file execution.
Screenshots are available only for registered users.
Page top