Domain name for API request: tcss.intl.tencentcloudapi.com.
This API is used to query the information of a trojan file at runtime.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeVirusDetail. |
| Version | Yes | String | Common Params. The value used for this API: 2020-11-01. |
| Region | No | String | Common Params. This parameter is not required. |
| Id | Yes | String | Trojan file ID |
| Parameter Name | Type | Description |
|---|---|---|
| ImageId | String | Image ID |
| ImageName | String | Image name |
| CreateTime | String | Creation time. |
| Size | Integer | Trojan File Size |
| FilePath | String | Trojan file path |
| ModifyTime | String | Latest creation time |
| VirusName | String | Virus name |
| RiskLevel | String | Risk Level: RISK_CRITICAL, RISK_HIGH, RISK_MEDIUM, RISK_LOW, and RISK_NOTICE |
| ContainerName | String | Container name |
| ContainerId | String | Container id |
| HostName | String | Host name |
| HostId | String | Host ID |
| ProcessName | String | Process name |
| ProcessPath | String | Process path |
| ProcessMd5 | String | Process md5 |
| ProcessId | Integer | Process id |
| ProcessArgv | String | Process parameter |
| ProcessChan | String | Process chain |
| ProcessAccountGroup | String | Process Group |
| ProcessStartAccount | String | process initiator |
| ProcessFileAuthority | String | Process file permission |
| SourceType | Integer | Source. 0: One-Click Scan; 1: Scheduled Scan; 2: Real-Time Monitoring |
| Tags | Array of String | Tag. |
| HarmDescribe | String | Event description |
| SuggestScheme | String | Recommended solution |
| Mark | String | Remarks |
| FileName | String | Risk File Name |
| FileMd5 | String | File MD5 |
| EventType | String | Event type |
| PodName | String | Cluster name. |
| Status | String | DEAL_NONE: File pending DEAL_IGNORE: Already ignored DEAL_ADD_WHITELIST: Add to whitelist DEAL_DEL: File deleted DEAL_ISOLATE: Has been isolated DEAL_ISOLATING: Isolated DEAL_ISOLATE_FAILED: Isolation failed DEAL_RECOVERING: Recovering DEAL_RECOVER_FAILED: Recovery failed |
| SubStatus | String | Failed sub-status FILE_NOT_FOUND: File not found FILE_ABNORMAL: File abnormality FILE_ABNORMAL_DEAL_RECOVER: File abnormality when recovering file BACKUP FILE NOT FOUND CONTAINER_NOT_FOUND_DEAL_ISOLATE: Container not found in isolation CONTAINER_NOT_FOUND_DEAL_RECOVER: Container not found when recovering |
| HostIP | String | Private IP address |
| ClientIP | String | Public IP address |
| PProcessStartUser | String | Parent Process Startup User |
| PProcessUserGroup | String | Parent process user group |
| PProcessPath | String | Parent process path |
| PProcessParam | String | Parent Process Command Line Parameters |
| AncestorProcessStartUser | String | Ancestor Process Startup User |
| AncestorProcessUserGroup | String | Ancestor Process User Group |
| AncestorProcessPath | String | Ancestor process path |
| AncestorProcessParam | String | Ancestor Process Command Line Parameters |
| OperationTime | String | Last Time for Event Handling |
| ContainerNetStatus | String | Container isolation status |
| ContainerNetSubStatus | String | Container Isolation Sub-status |
| ContainerIsolateOperationSrc | String | Container Isolation Operation Source |
| CheckPlatform | Array of String | detection platform 1: Cloud Killing Engine 2: tav 3: binaryAi 4: Abnormal behavior 5: TI |
| FileAccessTime | String | File Access Time |
| FileModifyTime | String | File Modification Time |
| NodeSubNetID | String | Node subnet ID |
| NodeSubNetName | String | Node subnet name |
| NodeSubNetCIDR | String | Subnet IP range |
| ClusterID | String | Cluster ID |
| PodIP | String | Pod IP |
| PodStatus | String | Pod status |
| NodeUniqueID | String | UID of the node |
| NodeType | String | Node type. Values: NORMAL (general node), SUPER (super node). |
| NodeID | String | Node ID |
| ClusterName | String | Cluster name |
| Namespace | String | Namespace |
| WorkloadType | String | Workload type |
| ContainerStatus | String | Container status. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
Runtime Query Trojan File Information
POST / HTTP/1.1
Host: tcss.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVirusDetail
<Common request parameters>
{
"Id": "10021"
}
{
"Response": {
"AncestorProcessParam": "/usr/local/bin/containerd-shim-runc-v2 -namespace k8s.io -id 7b4ed805844e07bd15663e4f778acf9bf388719cbcdf794290b9637a550a21d6 -address /run/containerd/containerd.****",
"AncestorProcessPath": "/usr/local/bin/containerd-shim-run****",
"AncestorProcessStartUser": "0",
"AncestorProcessUserGroup": "0",
"CheckPlatform": [
"VDC",
"TAV"
],
"ClientIP": "10.*.*.1",
"ClusterID": "cls-dfw3e***",
"ClusterName": "clsfoo***",
"ContainerId": "d4c43f9268ecea2aa75b26632299df8aaf496a*******",
"ContainerIsolateOperationSrc": "Runtime security/File detection and elimination"
"ContainerName": "/container_name",
"ContainerNetStatus": "ISOLATED",
"ContainerNetSubStatus": "NONE",
"CreateTime": "2024-08-27T03:30:37Z",
"EventType": "Malicious file alert"
"FileAccessTime": "2018-02-28T07:45:34Z",
"FileMd5": "81a7701a194c3a******",
"FileModifyTime": "2018-02-28T07:45:34Z",
"FileName": "specimen_*******",
"FilePath": "/home/virus/specimen_******",
"HarmDescribe": "The worm virus Ramnit first appeared in 2010 and has been around for 8 years, known for its strong spread."
"HostIP": "10.0.0.1",
"HostId": "dc56fda9-58c8-4c4f-9e8c-abb0cd4f92aa",
"HostName": "hostname",
"ImageId": "sha256:80beff5ff34259ceb7fbe9cd*******",
"ImageName": "centos:7",
"Mark": "mark reason",
"ModifyTime": "2024-10-21T06:42:49Z",
"Namespace": "tcss",
"NodeID": "mix-GOmf****",
"NodeSubNetCIDR": "10.*.*.1/24",
"NodeSubNetID": "subnet-aau2***",
"NodeSubNetName": "subnet***",
"NodeType": "NORMAL",
"NodeUniqueID": "wer41324-18a1-4775-9e3f-**",
"OperationTime": "2024-08-27T03:30:37Z",
"PProcessParam": "node dist/inde****",
"PProcessPath": "/usr/bin/****",
"PProcessStartUser": "root",
"PProcessUserGroup": "root",
"PodIP": "10.0.*.*",
"PodName": "PodName",
"PodStatus": "Running",
"ProcessAccountGroup": "root",
"ProcessArgv": "git clone --depth=1 https://github.com/busi",
"ProcessChan": "git(433802)|node(280016)|containerd-shim-runc-v2(176637)|system****",
"ProcessFileAuthority": "-rwxr-****",
"ProcessId": 0,
"ProcessMd5": "472c65af3f43136472d1a383f5******",
"ProcessName": "/bin/a***",
"ProcessPath": "/usr/bin****",
"ProcessStartAccount": "root",
"RequestId": "dc56fda9-58c8-4c4f-9e8c-b7296836*****",
"RiskLevel": "RISK_CRITICAL",
"Size": 332155,
"SourceType": 0,
"Status": "DEAL_NONE",
"SubStatus": "FILE_NOT_FOUND",
"SuggestScheme": "1. Temporarily disable system file sharing before the virus is completely removed to prevent further infection spread;\n2. Check for malicious processes and invalid ports, and remove suspicious startup items and scheduled tasks;\n3. Isolate or delete related Trojan files;\n4. Conduct risk detection on the system and reinforce security. For details, see the following link:\n[Linux]https://www.tencentcloud.com/document/product/296/9604?from_cn_redirect=1\n[Windows]https://www.tencentcloud.com/document/product/296/9605?from_cn_redirect=1",
"Tags": [
"ramnit",
"Worm",
Steal user information and infect all html, exe, dll files in the user's local.
],
"VirusName": "Win32.Virus.Ramnit.Qwhl",
"WorkloadType": "DaemonSet",
"ContainerStatus": "RUNNING"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError | An internal error occurred. |
| InternalError.MainDBFail | The database operation failed. |
| InvalidParameter | The parameter is incorrect. |
| ResourceNotFound | The resource does not exist. |
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback