# mpatriol recently changed their business model
# these top-level configs are the defaults applied to each section
confidence = 85
restriction = 'need-to-know'
guid = everyone
source = malware.com.br
alternativeid_restriction = public
assessment = malware
[md5]
regex = '^(\S+)[\t]+([a-f0-9]{32})[\t]+[a-f0-9]{40}$'
regex_values = 'description,malware_md5'
confidence = 95
severity = high
[sha1]
regex = '^(\S+)[\t]+[a-f0-9]{32}[\t]+([a-f0-9]{40})$'
regex_values = 'description,malware_sha1'
confidence = 95
severity = high
[urls]
node = 'url'
elements = 'uri,id,date,av_info'
elements_map = 'url,id,detecttime,description'