ReversingLabs A1000 v2
This Integration is part of the ReversingLabs A1000 Pack.#
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
ReversingLabs A1000 advanced Malware Analysis Platform.
Configure ReversingLabs A1000 v2 in Cortex#
Parameter | Required |
---|---|
ReversingLabs A1000 instance URL | True |
API Token | True |
Verify host certificates | False |
Reliability | False |
Wait time between report fetching retries (seconds). Deafult is 2 seconds. | False |
Number of report fetching retries. Default is 30. | False |
HTTP proxy address with the protocol and port number. | False |
HTTP proxy username | False |
HTTP proxy password | False |
HTTPS proxy address with the protocol and port number. | False |
HTTPS proxy username | False |
HTTPS proxy password | False |
Commands#
You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
reversinglabs-a1000-get-results#
Retrieve sample analysis results
Base Command#
reversinglabs-a1000-get-results
Input#
Argument Name | Description | Required |
---|---|---|
hash | file hash. | Required |
Context Output#
Path | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.SHA512 | String | The SHA512 hash of the file. |
File.Name | String | The name of the file. |
File.EntryID | String | The Entry ID. |
File.Info | String | Information about the file. |
File.Type | String | The type of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
ReversingLabs.a1000_report | Unknown | A1000 report |
Command example#
!reversinglabs-a1000-get-results hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6"
Context Example#
Human Readable Output#
ReversingLabs A1000 results for: a94775deb818a4d68635eeed3d16abc7f7b8bdd6#
Type: Binary/Archive
Size: 607237 bytes
MD5: a322205db6c3b1c451725b84f1d010cc
SHA1: a94775deb818a4d68635eeed3d16abc7f7b8bdd6
SHA256: d3d8091a287c8aee0ee5c54838540e714f22eef7cbeb65eb2b6af42116f5d5f2
SHA512: d1fd72d5a52d75f23836016772e8895d901fa5a1cb1f9b25ba455db6cccbd97e9daf43fde4f8bb77b43c0b5c4937405d51dece20cda7fa7db7600715c7769554
ID: 3065
Malware status: malicious
Local first seen: 2022-12-19T11:39:10.929115Z
Local last seen: 2022-12-20T17:37:24.670052Z
First seen: 2022-12-19T11:39:11Z
Last seen: 2022-12-20T17:37:29Z
DBot score: 3
Risk score: 10
Threat name: Win32.Trojan.Delf
Category: archive
Classification origin: {'sha1': 'aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad', 'sha256': '43d51f009bf94707556031b9688e84bb85df2c59854fba8fcb90be6c0d19e1d1', 'sha512': '8a1c9512fa167b938ea31c047a48dd6ec36d9b22443bc4ee6b97a116e16ff33427645ac76349f531cd9a672b4fffc3c4c92d1c82d2a71241915c1499336fd221', 'md5': '8521e64c683e47c1db64d80577513016', 'imphash': 'c57e34b759dff2e57f71960b2fdb93da'}
Classification reason: antivirus
Aliases: aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl.zip
Extracted file count: 85
Identification name: ZIP
Identification version: Generic
reversinglabs-a1000-upload-sample#
Upload sample to A1000 for analysis
Base Command#
reversinglabs-a1000-upload-sample
Input#
Argument Name | Description | Required |
---|---|---|
entryId | The file entry to upload. | Required |
comment | A comment to add to the file. | Optional |
tags | List of tags for the file. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_upload_report | Unknown | A1000 report |
Command example#
!reversinglabs-a1000-upload-sample entryId="7469@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59" comment="this_is_a_comment" tags="one_tag"
Context Example#
Human Readable Output#
ReversingLabs A1000 upload sample#
Message: Done. ID: 150 SHA1: 0000a0a549be5b7a95b782d31f73d8f608c4a440 Created: 2023-06-06T16:40:33.541071Z
reversinglabs-a1000-upload-sample-and-get-results#
Upload sample to A1000 and retrieve analysis results
Base Command#
reversinglabs-a1000-upload-sample-and-get-results
Input#
Argument Name | Description | Required |
---|---|---|
entryId | The file entry to upload. | Required |
comment | A comment to add to the file. | Optional |
tags | List of tags for the file. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.SHA512 | String | The SHA512 hash of the file. |
File.Name | String | The name of the file. |
File.EntryID | String | The Entry ID. |
File.Info | String | Information about the file. |
File.Type | String | The type of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
ReversingLabs.a1000_report | Unknown | A1000 report |
Command example#
!reversinglabs-a1000-upload-sample-and-get-results entryId="7469@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59" comment="this_is_a_comment" tags="one_tag"
Context Example#
Human Readable Output#
ReversingLabs A1000 results for: 0000a0a549be5b7a95b782d31f73d8f608c4a440#
Type: PE/Exe Size: 385774 bytes MD5: 96d17cad51f2b7c817481e5a724c9b3f SHA1: 0000a0a549be5b7a95b782d31f73d8f608c4a440 SHA256: 0b40fb0cef3b557a34a3d7a9cd75d5180099205ccdceb8a73e1dfe73dbd282fd SHA512: 4546796ffd5075fc317549f6522df808f03d0d9e97398243259ed3d1bfb0b108083a2200fff49e4de25c5521eaef751d420763c089327b384feea27dc36d316a ID: 5722 Malware status: malicious Local first seen: 2023-06-06T16:40:34.604510Z Local last seen: 2023-06-06T16:40:34.604510Z First seen: 2014-02-10T18:16:00Z Last seen: 2023-03-06T12:17:51Z DBot score: 3 Risk score: 9 Threat name: Win32.Browser.StartPage Category: application Classification origin: None Classification reason: antivirus Aliases: 0000a0a549be5b7a95b782d31f73d8f608c4a440 Extracted file count: 6 Identification name: NSIS Identification version: Generic
ReversingLabs threat indicators#
category description id priority reasons relevance 22 Deletes files in Windows system directories. 101 7 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: DeleteFileA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetSystemDirectoryA'}0 11 Requests permission required to shut down a system. 990 7 {'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: AdjustTokenPrivileges'},
{'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: SeShutdownPrivilege'}0 10 Contains lzma compressed PE file. 1052 7 {'propagated': False, 'category': 'Pattern Match', 'description': 'Found a pattern [3c 2d 57 47 be 2d be 94 bd 8b dc 6f 25 97 af 50 f1 d2 5b 85 52 e1 d4 7c 3d 4c 75 4d a7 1f 1b 73 ed eb 01 c5 71 2f 70 5f b4 25 6f 1e a3 c5 c8 f1 1b bd] that ends at offset 138465'} 0 10 Executes a file. 21 6 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateProcessA'} 0 22 Writes to files in Windows system directories. 99 5 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateFileA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetSystemDirectoryA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: WriteFile'}0 11 Tampers with user/account privileges. 329 5 {'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: AdjustTokenPrivileges'} 0 12 Checks operating system version. 930 5 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetVersion'} 0 22 Creates temporary files. 969 5 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetTempFileNameA'} 0 6 Contains a reference to ActiveX GUID with the Kill-Bit flag set. 1086 5 {'propagated': False, 'category': 'Pattern Match', 'description': 'Found a pattern [65 72 5c 51 75 69 63 6b 20 4c 61 75 6e 63 68 00 00 00 ee 14 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 01 14 02 00 00 00 00 00 c0 00 00 00 00 00 00 46] that ends at offset 25492'} 0 22 Deletes files. 5 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: DeleteFileA'} 0 9 Accesses/modifies registry. 7 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: RegDeleteValueA'},
{'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: RegDeleteKeyExA'}0 22 Creates/opens files in Windows system directories. 95 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateFileA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetSystemDirectoryA'}0 22 Reads from files in Windows system directories. 97 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateFileA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetSystemDirectoryA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: ReadFile'}0 10 Tampers with system shutdown. 117 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: ExitWindowsEx'} 0 13 Enumerates system information. 149 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetSystemDirectoryA'} 0 0 Contains URLs. 310 4 {'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: http://ailiao.liaoban.com/'},
{'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: http://nsis.sf.net/'},
{'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: open http://ailiao.liaoban.com/'}0 22 Modifies file/directory attributes. 384 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: SetFileAttributesA'} 0 22 Copies, moves, renames, or deletes a file system object. 965 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: SHFileOperationA'} 0 12 Reads paths to special directories on Windows. 966 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: SHGetSpecialFolderLocation'} 0 12 Reads paths to system directories on Windows. 967 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetSystemDirectoryA'} 0 12 Reads path to temporary file location on Windows. 968 4 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetTempPathA'} 0 11 Enumerates user/account privilege information. 1215 4 {'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: LookupPrivilegeValueA'} 0 22 Writes to files. 3 3 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateFileA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: WriteFile'}0 1 Uses anti-debugging methods. 9 3 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetTickCount'} 0 7 Detects/enumerates process modules. 81 3 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetModuleFileNameA'} 0 22 Removes a directory. 340 3 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: RemoveDirectoryA'} 0 7 Tampers with keyboard/mouse status. 381 3 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: EnableWindow'} 0 22 Copies a file. 1031 3 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CopyFileA'} 0 22 Reads from files. 1 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateFileA'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: ReadFile'}0 10 Might load additional DLLs and APIs. 69 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetProcAddress'},
{'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: LoadLibraryA'}0 12 Enumerates files. 119 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: FindFirstFileA'} 0 13 Enumerates system variables. 151 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: ExpandEnvironmentStringsA'} 0 22 Creates a directory. 338 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateDirectoryA'} 0 22 Renames files. 920 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: MoveFileA'} 0 22 Creates/Opens a file. 0 1 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: CreateFileA'} 0 12 Contains references to executable file extensions. 313 1 {'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: $PLUGINSDIR\SkinBtn.dll'} 0 12 Contains references to source code file extensions. 314 1 {'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: http://ailiao.liaoban.com/xszd/index.html'},
{'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: open http://ailiao.liaoban.com/xszd/index.html'}0 12 Contains references to image file extensions. 315 1 {'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: /IMGID=$PLUGINSDIR\checkbox1.bmp'},
{'propagated': False, 'category': 'Strings', 'description': 'Contains the following string: /IMGID=$PLUGINSDIR\checkbox2.bmp'}0 18 Accesses clipboard. 328 1 {'propagated': False, 'category': 'Capability Match', 'description': 'Matched the following application capabilities: Clipboard'} 0
reversinglabs-a1000-delete-sample#
Delete an uploaded sample from A1000
Base Command#
reversinglabs-a1000-delete-sample
Input#
Argument Name | Description | Required |
---|---|---|
hash | The hash to delete. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_delete_report | Unknown | A1000 file delete report |
Command example#
!reversinglabs-a1000-delete-sample hash="0000a0a381d31e0dafcaa22343d2d7e40ff76e06"
Context Example#
Human Readable Output#
ReversingLabs A1000 delete sample#
Message: Sample deleted successfully. MD5: a984de0ce47a8d5337ef569c812b57d0 SHA1: 0000a0a381d31e0dafcaa22343d2d7e40ff76e06 SHA256: b25e707a78a472d92a99b08be5d0e55072f695275a7408d1e841a5344ca85dc3
reversinglabs-a1000-list-extracted-files#
List files extracted from a sample.
Base Command#
reversinglabs-a1000-list-extracted-files
Input#
Argument Name | Description | Required |
---|---|---|
hash | The sample hash. | Required |
max_results | Maximum number of results to return. Default is 5000. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_list_extracted_report | Unknown | A1000 list extracted files report. |
Command example#
!reversinglabs-a1000-list-extracted-files hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6" max_results="2"
Context Example#
Human Readable Output#
Extracted files#
SHA1 Name Path Info Size Local First Seen Local Last Seen Malware Status Risk Score Identification Name Identification Version Type Display aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl PE/Exe 1432064 2022-10-27T11:03:31.473395Z 2023-08-10T00:15:32.849362Z malicious 10 PE/Exe 1489f923c4dca729178b3e3233458550d8dddf29 1 binary_layer/resource/1 Text/None 2 2022-10-27T11:03:31.473395Z 2023-08-10T00:15:32.849362Z malicious 10 Text/None
reversinglabs-a1000-download-sample#
Download sample from A1000
Base Command#
reversinglabs-a1000-download-sample
Input#
Argument Name | Description | Required |
---|---|---|
hash | Sample hash to download. | Required |
Context Output#
There is no context output for this command.
Command example#
!reversinglabs-a1000-download-sample hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6"
Context Example#
Human Readable Output#
ReversingLabs A1000 download sample#
Requested sample is available for download under the name a94775deb818a4d68635eeed3d16abc7f7b8bdd6
reversinglabs-a1000-reanalyze#
Re-analyze sample on A1000
Base Command#
reversinglabs-a1000-reanalyze
Input#
Argument Name | Description | Required |
---|---|---|
hash | The hash of an already uploaded sample. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_reanalyze_report | Unknown | Get extracted files report |
Command example#
!reversinglabs-a1000-reanalyze hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6"
Context Example#
Human Readable Output#
ReversingLabs A1000 re-analyze sample#
Message: Sample is queued for analysis. MD5: a322205db6c3b1c451725b84f1d010cc SHA1: a94775deb818a4d68635eeed3d16abc7f7b8bdd6 SHA256: d3d8091a287c8aee0ee5c54838540e714f22eef7cbeb65eb2b6af42116f5d5f2
reversinglabs-a1000-download-extracted-files#
Download samples obtained through the unpacking process
Base Command#
reversinglabs-a1000-download-extracted-files
Input#
Argument Name | Description | Required |
---|---|---|
hash | The sample hash we want unpacked samples for. | Required |
Context Output#
There is no context output for this command.
Command example#
!reversinglabs-a1000-download-extracted-files hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6"
Context Example#
Human Readable Output#
ReversingLabs A1000 download extraced files#
Extracted files are available for download under the name a94775deb818a4d68635eeed3d16abc7f7b8bdd6.zip
reversinglabs-a1000-get-classification#
Retrieve classification report for a sample
Base Command#
reversinglabs-a1000-get-classification
Input#
Argument Name | Description | Required |
---|---|---|
hash | The hash of a desired sample. | Required |
localOnly | Return only local classification data for the sample, without falling back to querying TitaniumCloud. Default is False. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.SHA512 | String | The SHA512 hash of the file. |
File.Name | String | The name of the file. |
File.EntryID | String | The Entry ID. |
File.Info | String | Information about the file. |
File.Type | String | The type of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
ReversingLabs.a1000_classification_report | Unknown | A1000 classification report |
Command example#
!reversinglabs-a1000-get-classification hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6" localOnly="False"
Context Example#
Human Readable Output#
ReversingLabs A1000 get classification for sha1: a94775deb818a4d68635eeed3d16abc7f7b8bdd6#
Classification: malicious Riskscore: 10 First seen: 2022-12-19T11:39:11Z Last seen: 2023-06-06T16:02:03Z Classification result: Win32.Trojan.Delf Classification reason: Antivirus Classification origin: {'sha1': 'aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad', 'sha256': '43d51f009bf94707556031b9688e84bb85df2c59854fba8fcb90be6c0d19e1d1', 'sha512': '8a1c9512fa167b938ea31c047a48dd6ec36d9b22443bc4ee6b97a116e16ff33427645ac76349f531cd9a672b4fffc3c4c92d1c82d2a71241915c1499336fd221', 'md5': '8521e64c683e47c1db64d80577513016', 'imphash': 'c57e34b759dff2e57f71960b2fdb93da'} Cloud last lookup: 2023-06-06T16:05:02Z Data source: LOCAL Sha1: a94775deb818a4d68635eeed3d16abc7f7b8bdd6 Sha256: d3d8091a287c8aee0ee5c54838540e714f22eef7cbeb65eb2b6af42116f5d5f2 Md5: a322205db6c3b1c451725b84f1d010cc Av scanners: {'scanner_count': 32, 'scanner_match': 0, 'scanner_percent': 0.0, 'vendor_count': 21, 'vendor_match': 0, 'vendor_percent': 0.0, 'antivirus': {'vendor_match': 0, 'scanner_match': 0, 'vendor_count': 21, 'scanner_count': 32}}
reversinglabs-a1000-advanced-search#
Search for hashes on A1000 using multi-part search criteria.
Base Command#
reversinglabs-a1000-advanced-search
Input#
Argument Name | Description | Required |
---|---|---|
query | Advanced search query. | Required |
ticloud | Show only cloud results. If omitted, the response will show only local results. Possible values are: true, false. Default is false. | Optional |
result_limit | Maximum number of results. Default is 5000. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_advanced_search_report | Unknown | A1000 classification report |
Command example#
!reversinglabs-a1000-advanced-search query="av-count:5 available:TRUE" ticloud="False" result_limit=2
Context Example#
Human Readable Output#
Reversinglabs A1000 advanced Search#
Full report is returned in a downloadable file
reversinglabs-a1000-url-report#
Get a report for the submitted URL.
Base Command#
reversinglabs-a1000-url-report
Input#
Argument Name | Description | Required |
---|---|---|
url | URL string. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_url_report | Unknown | A1000 URL report |
Command example#
!reversinglabs-a1000-url-report url="http://akiwinds.duckdns.org/chats/fre.php"
Context Example#
Human Readable Output#
ReversingLabs A1000 URL Report for http://akiwinds.duckdns.org/chats/fre.php#
Classification: malicious
Third party reputation statistics#
Total: 20 Malicious: 1 Clean: 0 Undetected: 19
Analysis statistics#
Unknown: None Suspicious: None Malicious: None Goodware: None Total: None
First analysis: None Analysis count: None
Third party reputation sources#
Sources#
detection source update_time undetected phishing_database 2023-06-06T10:57:14 undetected cyren 2023-06-06T13:09:05 undetected cyradar 2023-06-06T07:37:28 undetected netstar 2023-06-06T11:25:58 undetected malsilo 2023-06-06T11:06:03 undetected mute 2023-06-06T13:39:52 malicious adminus_labs 2023-06-06T14:33:53 undetected apwg 2023-06-06T13:21:19 undetected 0xSI_f33d 2023-06-06T05:21:10 undetected threatfox_abuse_ch 2023-06-06T07:20:33 undetected alphamountain 2023-06-06T13:52:05 undetected phishstats 2023-06-06T04:12:33 undetected comodo_valkyrie 2023-06-06T14:40:10 undetected alien_vault 2023-06-06T00:34:26 undetected osint 2023-06-06T00:30:41 undetected openphish 2023-06-05T17:01:38 undetected mrg 2023-06-06T13:44:31 undetected phishtank 2023-06-06T10:31:21 undetected crdf 2023-06-06T11:30:27 undetected urlhaus 2023-06-06T09:24:38 Last analysis#
No entries.
Analysis history#
No entries.
reversinglabs-a1000-domain-report#
Get a report for the submitted domain.
Base Command#
reversinglabs-a1000-domain-report
Input#
Argument Name | Description | Required |
---|---|---|
domain | Domain string. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_domain_report | Unknown | A1000 domain report |
Command example#
!reversinglabs-a1000-domain-report domain="ink-scape.online"
Context Example#
Human Readable Output#
ReversingLabs A1000 Domain Report for ink-scape.online#
Modified time: 2023-06-06T13:52:05
Top threats#
files_count risk_score threat_name 1 10 Win64.Trojan.Casdet 1 10 ByteCode-MSIL.Backdoor.DCRat 1 10 ByteCode-MSIL.Infostealer.RedLine 1 10 Win32.Trojan.Fragtor Third party reputation statistics#
Malicious: 1 Undetected: 12 Clean: 0 Total: 13
Downloaded files statistics#
Unknown: 0 Suspicious: 0 Malicious: 4 Goodware: 0 Total: 4
Last DNS records time: 2023-05-11T17:46:01
Last DNS records#
provider type value ReversingLabs A 37.140.192.210 Third party reputation sources#
detection source update_time undetected phishing_database 2023-06-06T01:26:52 undetected 0xSI_f33d 2023-06-06T05:21:10 undetected cyradar 2023-06-06T07:37:28 undetected adminus_labs 2023-06-06T13:48:57 undetected apwg 2023-06-06T05:48:47 malicious netstar 2023-06-06T11:25:58 undetected threatfox_abuse_ch 2023-06-06T07:20:33 undetected botvrij 2023-06-06T01:26:07 undetected alphamountain 2023-06-06T13:52:05 undetected comodo_valkyrie 2023-06-06T04:52:55 undetected web_security_guard 2022-01-21T06:56:15 undetected osint 2023-06-06T00:30:41 undetected crdf 2023-06-06T11:30:27
reversinglabs-a1000-ip-address-report#
Get a report for the submitted IP address.
Base Command#
reversinglabs-a1000-ip-address-report
Input#
Argument Name | Description | Required |
---|---|---|
ip_address | IP address string. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_ip_address_report | Unknown | A1000 IP address report |
Command example#
!reversinglabs-a1000-ip-address-report ip_address="105.101.110.37"
Context Example#
Human Readable Output#
ReversingLabs A1000 IP Address Report for 105.101.110.37#
Modified time: 2023-06-06T14:00:43
Top threats#
No entries.
Third party reputation statistics#
Malicious: 2 Undetected: 5 Clean: 0 Total: 7
Downloaded files statistics#
Unknown: 0 Suspicious: 0 Malicious: 0 Goodware: 0 Total: 0
Third party reputation sources#
category detect_time detection source update_time undetected alphamountain 2023-06-06T13:52:05 undetected apwg 2023-06-06T08:24:03 command_and_control 2023-05-15T15:20:23 malicious threatfox_abuse_ch 2023-06-06T07:20:33 undetected adminus_labs 2023-06-06T14:00:43 undetected osint 2023-06-06T00:30:41 undetected feodotracker 2023-06-06T04:27:58 2023-05-28T05:00:06 malicious crdf 2023-06-06T11:30:27
reversinglabs-a1000-ip-downloaded-files#
Get a list of files downloaded from an IP address.
Base Command#
reversinglabs-a1000-ip-downloaded-files
Input#
Argument Name | Description | Required |
---|---|---|
ip_address | IP address string. | Required |
extended_results | Return extended results. Default is True. | Optional |
classification | Return only results with this classification. | Optional |
page_size | Number of results per query page. Default is 500. | Optional |
max_results | Maximum number of returned results. Default is 5000. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_ip_address_downloaded_files | Unknown | A1000 Files downloaded from IP address |
Command example#
!reversinglabs-a1000-ip-downloaded-files classification="MALICIOUS" page_size="2" max_results="2" ip_address="123.140.161.243" extended_results="true"
Context Example#
Human Readable Output#
ReversingLabs A1000 Files Downloaded From IP Address 123.140.161.243#
Files downloaded from IP address#
classification first_download first_seen last_download last_download_url last_seen malware_family malware_type md5 platform risk_score sample_available sample_size sample_type sha1 sha256 subplatform threat_name MALICIOUS 2022-11-02T07:38:05 2022-11-02T07:38:05 2022-11-02T07:38:05 http://uaery.top/dl/buildz.exe 2023-04-27T15:22:05 RedLine Trojan 1af44914e2340ab6da17a3a61609a2e4 Win32 10 true 840704 03359456add1d7c5eae291f8f50576e0a324cbbd 069027da6066f79736223dbc9fa99a42533cfbdf24f6e683f6e9d3934f009afa Win32.Trojan.RedLine MALICIOUS 2023-03-28T04:12:36 2023-03-28T04:12:36 2023-03-28T04:12:36 https://worldofcreatures.at/Launcher.exe 2023-04-29T15:38:56 TrickOrTreat Trojan aea58c2837e8dd1850d46198e9870c5e Win64 10 true 1179894205 PE+/Exe 1181efbb5f267554a4ca8ffe98434c83e456d6bb 33ba1893894e50bc960af51348b99e3064e98e533f255b255846b49ea5ed5421 Win64.Trojan.TrickOrTreat
reversinglabs-a1000-ip-domain-resolutions#
Get a list of IP-to-domain resolutions.
Base Command#
reversinglabs-a1000-ip-domain-resolutions
Input#
Argument Name | Description | Required |
---|---|---|
ip_address | IP address string. | Required |
page_size | Number of results per query page. Default is 500. | Optional |
max_results | Maximum number of returned results. Default is 5000. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_ip_domain_resolutions | Unknown | A1000 IP-to-domain resolutions |
Command example#
!reversinglabs-a1000-ip-domain-resolutions ip_address="142.250.186.142" page_size="2" max_results="2"
Context Example#
Human Readable Output#
ReversingLabs A1000 IP-to-domain Resolutions for IP address 142.250.186.142#
IP-to-domain resolutions#
host_name last_resolution_time provider pl16304805.trustedcpmrevenue.com 2022-01-22T14:42:19 ReversingLabs pl16023914.revenuenetworkcpm.com 2022-02-15T13:54:37 ReversingLabs
reversinglabs-a1000-ip-urls#
Get a list of URLs hosted on the requested IP address.
Base Command#
reversinglabs-a1000-ip-urls
Input#
Argument Name | Description | Required |
---|---|---|
ip_address | IP address string. | Required |
page_size | Number of results per query page. Default is 500. | Optional |
max_results | Maximum number of returned results. Default is 5000. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_ip_urls | Unknown | A1000 URL-s hosted on an IP address |
Command example#
!reversinglabs-a1000-ip-urls ip_address="142.250.186.142" page_size="2" max_results="2"
Context Example#
Human Readable Output#
ReversingLabs A1000 URL-s Hosted On IP Address 142.250.186.142#
URL-s hosted on the IP address#
url https://vam.simpleintactloop.com/?kw=25&s1=dfadc40091de4d20b5ae5178a3ed04cf&s2=25&s3=1812092 https://consent.youtube.com/m?continue=https://www.youtube.com/playlist?list=PLUdyEkajrVvQgvw3E7Ms4YAvqa8yze0mk&bsft_aaid=d3faaff4-8ea9-405d-9544-4da5a26dc24a&bsft_eid=9ee948cc-69cb-27ef-383f-8b42608edab0&bsft_clkid=a51526e6-0d0d-42ba-a5b2-4ffe739b39b3&bsft_uid=13d7aa07-4c09-453f-85ae-fbd4e975b709&bsft_mid=5b0f75fb-615d-401c-b15c-8e301bce51a0&bsft_txnid=a887540d-743a-4d12-ab6a-9e9a09073a67&bsft_mime_type=html&bsft_ek=2022-03-20T12%253A10%253A17Z&bsft_lx=7&bsft_tv=25&&list_code=MONMARW&email_id=000139679745&cbrd=1&gl=DE&hl=de&m=0&pc=yt&src=1&uxe=23983171
reversinglabs-a1000-user-tags#
Perform user tag actions for a sample - Get existing tags, create new tags or delete existing tags.
Base Command#
reversinglabs-a1000-user-tags
Input#
Argument Name | Description | Required |
---|---|---|
action | Which tag action to perform - GET, CREATE or DELETE. Possible values are: GET, CREATE, DELETE. | Required |
hash | Hash of the desired sample. | Required |
tags | Comma-separated list of tags. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_user_tags | Unknown | Actions for managing user tags on samples. |
Command example#
!reversinglabs-a1000-user-tags hash="0000a0a381d31e0dafcaa22343d2d7e40ff76e06" tags="tag3,tag4" action="CREATE"
Context Example#
Human Readable Output#
ReversingLabs A1000 user tags - CREATE tags#
Tag list: ["tag3","tag4"]
reversinglabs-a1000-file-analysis-status#
Check the analysis status of submitted files.
Base Command#
reversinglabs-a1000-file-analysis-status
Input#
Argument Name | Description | Required |
---|---|---|
hashes | Comma-separated list of file hashes. Should be written without spaces and all hashes should be of the same type. | Required |
analysis_status | Check only files with this analysis status. Available values are 'processed' and 'not_found'. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_file_analysis_status | Unknown | Analysis status of requested files. |
Command example#
!reversinglabs-a1000-file-analysis-status hashes="0000a0a381d31e0dafcaa22343d2d7e40ff76e06" analysis_status="processed"
Context Example#
Human Readable Output#
ReversingLabs A1000 file analysis status#
Hash type: sha1 Only status: processed
Analysis status#
hash_value status 0000a0a381d31e0dafcaa22343d2d7e40ff76e06 processed
reversinglabs-a1000-pdf-report#
Perform PDF report actions for a sample - create a report, check the status of a report and download a report.
Base Command#
reversinglabs-a1000-pdf-report
Input#
Argument Name | Description | Required |
---|---|---|
hash | Sample hash. | Required |
action | Which PDF report action to perform - CREATE REPORT, CHECK STATUS or DOWNLOAD REPORT. Possible values are: CREATE REPORT, CHECK STATUS, DOWNLOAD REPORT. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_pdf_report | Unknown | Actions for creating and downloading PDF reports. |
Command example#
!reversinglabs-a1000-pdf-report hash="0000a0a381d31e0dafcaa22343d2d7e40ff76e06" action="CREATE REPORT"
Context Example#
Human Readable Output#
ReversingLabs A1000 PDF report - CREATE REPORT#
Status endpoint: /api/pdf/0000a0a381d31e0dafcaa22343d2d7e40ff76e06/status Download endpoint: /api/pdf/0000a0a381d31e0dafcaa22343d2d7e40ff76e06/download
reversinglabs-a1000-static-analysis-report#
Retrieve the static analysis report for a local sample.
Base Command#
reversinglabs-a1000-static-analysis-report
Input#
Argument Name | Description | Required |
---|---|---|
hash | Sample hash. | Required |
Context Output#
Path | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
ReversingLabs.a1000_static_analysis_report | Unknown | The static analysis report. |
Command example#
!reversinglabs-a1000-static-analysis-report hash="0000a0a381d31e0dafcaa22343d2d7e40ff76e06"
Context Example#
Human Readable Output#
ReversingLabs A1000 static analysis report for 0000a0a381d31e0dafcaa22343d2d7e40ff76e06#
Classification: 3 Factor: 8 Result: Win32.Downloader.Unruy SHA-1: 0000a0a381d31e0dafcaa22343d2d7e40ff76e06 MD5: a984de0ce47a8d5337ef569c812b57d0 SHA-256: b25e707a78a472d92a99b08be5d0e55072f695275a7408d1e841a5344ca85dc3 SHA-512: 9357144084c64531dec928de2a85c924d8079b50b5e98ab2c61ae59b97992a39b833f618341e91b071ec94e65bd901ebdf892851e5a4247e1557a55c14923da5 Story: This file (SHA1: 0000a0a381d31e0dafcaa22343d2d7e40ff76e06) is a 32-bit portable executable application. The application uses the Windows graphical user interface (GUI) subsystem. Appended data was detected at the file's end. Its length is smaller than the size of the image. This application has access to running processes. Libraries kernel32 Generic and user32 Generic were detected in the file. There are no extracted files.
Indicators#
category description id priority reasons relevance 4 Allocates additional memory in the calling process. 17985 3 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: HeapAlloc'} 0 10 Loads additional libraries. 69 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: LoadLibraryA'} 1 10 Loads additional APIs. 70 2 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: GetProcAddress'},
{'propagated': False, 'category': 'Indicator Match', 'description': 'Matched another indicator that describes the following: Loads additional libraries.'}0 16 Uses string related methods. 18050 1 {'propagated': False, 'category': 'Imported API Name', 'description': 'Imports the following function: lstrcatA'} 0 Tags#
ticore user antivirus,
arch-x86,
capability-execution,
desktop,
entropy-high,
gui,
machine-learning,
overlay,
rich-headertag1,
tag2,
tag3,
tag4
reversinglabs-a1000-dynamic-analysis-report#
Perform dynamic analysis report actions for a sample - create a report, check the status of a report and download a report.
Base Command#
reversinglabs-a1000-dynamic-analysis-report
Input#
Argument Name | Description | Required |
---|---|---|
hash | Sample hash. | Required |
action | Which dynamic analysis report action to perform - CREATE REPORT, CHECK STATUS or DOWNLOAD REPORT. Possible values are: CREATE REPORT, CHECK STATUS, DOWNLOAD REPORT. | Required |
report_format | Dynamic analysis report format. Possible values are: pdf, html. Default is pdf. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_dynamic_analysis_report | Unknown | Actions for creating and downloading dynamic analysis reports. |
Command example#
!reversinglabs-a1000-dynamic-analysis-report report_format="pdf" hash="0000a0a381d31e0dafcaa22343d2d7e40ff76e06" action="CREATE REPORT"
Context Example#
Human Readable Output#
ReversingLabs A1000 dynamic analysis report - CREATE REPORT#
Status endpoint: /api/rl_dynamic_analysis/export/summary/0000a0a381d31e0dafcaa22343d2d7e40ff76e06/pdf/status/ Download endpoint: /api/rl_dynamic_analysis/export/summary/0000a0a381d31e0dafcaa22343d2d7e40ff76e06/pdf/download/
reversinglabs-a1000-sample-classification#
Perform sample classification actions - get sample classification, set sample classification or delete sample classification.
Base Command#
reversinglabs-a1000-sample-classification
Input#
Argument Name | Description | Required |
---|---|---|
hash | Sample hash. | Required |
action | Which classification action to perform - GET CLASSIFICATION, SET CLASSIFICATION or DELETE CLASSIFICATION. Possible values are: GET CLASSIFICATION, SET CLASSIFICATION, DELETE CLASSIFICATION. | Required |
system | Local or TitaniumCloud. Possible values are: local, ticloud. | Optional |
local_only | Return only local samples without querying TitaniumCloud. Possible values are: true, false. | Optional |
av_scanners | Return return AV scanner results. Possible values are: true, false. | Optional |
classification | goodware, suspicious or malicious. Possible values are: goodware, suspicious, malicious. | Optional |
risk_score | If specified, it must be within range for the specified classification. If not specified, a default value is used. Goodware - 0, Suspicious - 6, Malicious - 10. | Optional |
threat_platform | If specified, it must be on the supported list (platforms and subplatforms - see official API docs). If not specified, the default value is 'Win32'. | Optional |
threat_type | If specified, it must be on the supported list (malware types - see official API docs). If not specified, the default value is 'Malware'. | Optional |
threat_name | If specified, must be an alphanumeric string not longer than 32 characters. If not specified, the default value is 'Generic'. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
ReversingLabs.a1000_sample_classification | Unknown | Sample classification actions. |
Command example#
!reversinglabs-a1000-sample-classification hash="0000a0a381d31e0dafcaa22343d2d7e40ff76e06" action="GET CLASSIFICATION" system="local" local_only="true" av_scanners="false" classification="malicious"
Context Example#
Human Readable Output#
ReversingLabs A1000 sample classification - GET CLASSIFICATION#
Classification: malicious Risk score: 8 First seen: 2011-09-21T02:09:00Z Last seen: 2024-06-05T15:10:39Z Classification result: Win32.Downloader.Unruy Classification reason: Antivirus SHA-1: 0000a0a381d31e0dafcaa22343d2d7e40ff76e06 SHA-256: b25e707a78a472d92a99b08be5d0e55072f695275a7408d1e841a5344ca85dc3 MD5: a984de0ce47a8d5337ef569c812b57d0
reversinglabs-a1000-yara#
Perform A1000 YARA actions.
Base Command#
reversinglabs-a1000-yara
Input#
Argument Name | Description | Required |
---|---|---|
action | Which YARA action to perform. Possible values are: GET RULESETS, GET CONTENTS, GET MATCHES, UPDATE RULESET, DELETE RULESET, ENABLE RULESET, DISABLE RULESET, GET SYNCHRONIZATION TIME, UPDATE SYNCHRONIZATION TIME. | Required |
ruleset_name | Ruleset name. | Optional |
ruleset_content | Ruleset content. | Optional |
publish | Publish the ruleset. Possible values are: true, false. | Optional |
sync_time | Desired ruleset synchronization time. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_yara | Unknown | YARA actions. |
Command example#
!reversinglabs-a1000-yara action="GET RULESETS"
Context Example#
Human Readable Output#
ReversingLabs A1000 YARA - GET RULESETS#
count next previous results source status type 4 {'status': 'pending', 'suspicious_match_count': 0, 'malicious_match_count': 1, 'goodware_match_count': 27, 'unknown_match_count': 1, 'name': 'get_money3', 'owner': 'admin', 'last_matched': '2024-06-05T15:47:06.917422Z', 'system_ruleset': False, 'cloud_synced': False},
{'status': 'pending', 'suspicious_match_count': 0, 'malicious_match_count': 0, 'goodware_match_count': 2, 'unknown_match_count': 0, 'name': 'Rule_Find_PDF_with_URLs', 'owner': 'admin', 'last_matched': '2024-05-24T16:00:19.220946Z', 'system_ruleset': False, 'cloud_synced': False},
{'status': 'pending', 'suspicious_match_count': 0, 'malicious_match_count': 0, 'goodware_match_count': 0, 'unknown_match_count': 0, 'name': 'MislavTesting', 'owner': 'admin', 'last_matched': None, 'system_ruleset': False, 'cloud_synced': False},
{'status': 'active', 'suspicious_match_count': 0, 'malicious_match_count': 0, 'goodware_match_count': 0, 'unknown_match_count': 0, 'name': 'test_yara_rule', 'owner': 'admin', 'last_matched': None, 'system_ruleset': False, 'cloud_synced': True}all all my
reversinglabs-a1000-yara-retro#
Perform A1000 YARA Retroactive Hunt actions.
Base Command#
reversinglabs-a1000-yara-retro
Input#
Argument Name | Description | Required |
---|---|---|
action | Which YARA Retro action to perform. Possible values are: MANAGE LOCAL SCAN, LOCAL SCAN STATUS, MANAGE CLOUD SCAN, CLOUD SCAN STATUS. | Required |
ruleset_name | Ruleset name. | Optional |
operation | Select a ruleset operation. Possible values are: START, STOP, CLEAR. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_yara_retro | Unknown | YARA Retro actions. |
Command example#
!reversinglabs-a1000-yara-retro action="LOCAL SCAN STATUS" ruleset_name="get_money3"
Context Example#
Human Readable Output#
ReversingLabs A1000 YARA Retroactive Hunt - LOCAL SCAN STATUS#
message status success state: COMPLETED
started: 2024-05-24T15:58:55.075337+00:00
stopped: 2024-05-24T16:28:13.110974+00:00
samples: 281
processed: 371
history: {'state': 'COMPLETED', 'started': '2024-05-24T15:58:55.075337+00:00', 'stopped': '2024-05-24T16:28:13.110974+00:00', 'samples': 281, 'started_username': 'admin', 'stopped_username': None},
{'state': 'COMPLETED', 'started': '2022-11-15T10:14:16.515681+00:00', 'stopped': '2022-11-15T10:14:20.687855+00:00', 'samples': 11, 'started_username': 'admin', 'stopped_username': None},
{'state': 'COMPLETED', 'started': '2022-11-11T15:02:00.683418+00:00', 'stopped': '2022-11-11T15:02:07.011490+00:00', 'samples': 11, 'started_username': 'admin', 'stopped_username': None}true
reversinglabs-a1000-list-containers#
Get a list of all top-level containers from which the requested samples have been extracted during analysis.
Base Command#
reversinglabs-a1000-list-containers
Input#
Argument Name | Description | Required |
---|---|---|
sample_hashes | Comma-separated list of sample hashes. No whitespaces are allowed. | Required |
Context Output#
Path | Type | Description |
---|---|---|
ReversingLabs.a1000_list_containers | Unknown | A10000 list top-level containers. |
Command example#
!reversinglabs-a1000-list-containers sample_hashes="0000a0a381d31e0dafcaa22343d2d7e40ff76e06,661566e9131c39a1b34cabde9a14877d9bcb3d90"
Context Example#
Human Readable Output#
ReversingLabs A1000 List containers for hashes#
count next previous results 0
reversinglabs-a1000-upload-from-url-actions#
Actions for uploading a sample from a URL and fetching the analysis results.
Base Command#
reversinglabs-a1000-upload-from-url-actions
Input#
Argument Name | Description | Required |
---|---|---|
action | Which action to perform. Upload a sample from URL, get the report for an sample or both actions combined. Possible values are: UPLOAD, GET REPORT, UPLOAD AND GET REPORT, CHECK ANALYSIS STATUS. | Required |
file_url | URL to the file you want to submit for analysis. Used in UPLOAD and UPLOAD AND GET REPORT. | Optional |
crawler | Which crawler to use - local or cloud. Used in UPLOAD and UPLOAD AND GET REPORT. Possible values are: local, cloud. | Optional |
archive_password | Required if the sample is an archive and it has a password. Used in UPLOAD and UPLOAD AND GET REPORT. | Optional |
sandbox_platform | Which sandbox platform to use. Check the A1000 documentation to see the current list of supported platforms. Used in UPLOAD and UPLOAD AND GET REPORT. | Optional |
task_id | ID of the URL processing task. Used in GET REPORT. | Optional |
retry | Utilize the retry mechanism for fetching the report. Used in GET REPORT and UPLOAD AND GET REPORT. | Optional |
Context Output#
Path | Type | Description |
---|---|---|
File.SHA256 | String | The SHA256 hash of the file. |
File.SHA1 | String | The SHA1 hash of the file. |
File.MD5 | String | MD5 hash of the file. |
DBotScore.Score | Number | The actual score. |
DBotScore.Type | String | The indicator type. |
DBotScore.Indicator | String | The indicator that was tested. |
DBotScore.Vendor | String | The vendor used to calculate the score. |
DBotScore.Reliability | String | Reliability of the source providing the intelligence data. |
ReversingLabs.a1000_upload_from_url_actions | Unknown | Actions for uploading a sample from a URL and fetching the analysis results. |
Command example#
!reversinglabs-a1000-upload-from-url-actions action="UPLOAD" file_url="https://download.sublimetext.com/sublime_text_build_4169_x64_setup.exe" crawler="local" sandbox_platform="windows10"
Context Example#
Human Readable Output#
ReversingLabs A1000 URL sample actions - UPLOAD#
Upload results#
code detail message 201 id: 419
user: 1
created: 2024-06-05T15:50:40.409482Z
filename: https://download.sublimetext.com/sublime_text_build_4169_x64_setup.exeDone.