VirusTotal - Private API (Deprecated)
This Integration is part of the VirusTotal - Private API (Deprecated) Pack.#
Deprecated
Use "VirusTotal (API v3)" or "VirusTotal - Premium (API v3)" integrations instead.
Use the Virus Total - Private API integration to investigate suspicious files, domains, URLs, IP addresses, and hashes.
This integration was integrated and tested with Virus Total API v2.0.
Use Cases
- Get extensive reports on interactions between files, domains, URLs, IP addresses, and hashes.
- Investigate activity of recognized malware.
Configure Virus Total - Private API on Cortex XSOAR
- Navigate to Settings > Integrations > Servers & Services .
- Search for Virus Total - Private API.
-
Click
Add instance
to create and configure a new integration instance.
- Name : a textual name for the integration instance
- Virus Total private API key
- Use system proxy settings
- Trust any certificate (not secure)
- File Threshold: If the number of positive results from the VT scanners exceeds the threshold, the file will be considered malicious.
- IP Threshold: If the number of positive results from the VT scanners exceeds the threshold, the IP address is considered malicious.
- URL Threshold: If the number of positive results from the VT scanners exceeds the threshold, the URL is considered malicious.
- Domain Threshold: If the number of positive results from the VT scanners is bigger than the threshold, the domain is considered malicious.
- Preferred Vendors List : A CSV list of vendors that are considered trustworthy.
- Preferred Vendors Threshold : The minimum number of highly trusted vendors required to consider a domain IP, URL, or file as malicious.
- fullResponseGlobal : Determines whether to return all results, which can number in the thousands. If true , returns all results and overrides the fullResponse and long arguments (if they are set to false ) in a command. If false , the fullResponse and long arguments in the command determines how results are returned.
- Click Test to validate URLs and connection.
Commands
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Get file dynamic behavioral report: vt-private-check-file-behaviour
- Get a domain report: vt-private-get-domain-report
- Get malicious file report: vt-private-get-file-report
- Get URL report: vt-private-get-url-report
- Get IP address report: vt-private-get-ip-report
- Submit a query: vt-private-search-file
- Return hashes for a specific IP address: vt--private-hash-communication
- Download a file: vt-private-download-file
1. Get file dynamic behavioral report
Find out which domains, files, hosts, IP addresses, mutexes, URLs, and registry keys, are associated with a specific file.
Base Command
vt-private-check-file-behaviour
Input
| Argument Name | Description |
|---|---|
| resource | The MD5, SHA-1, and SHA-256 hash of the file whose dynamic behavioral report you want to retrieve |
| threshold |
If the number of positives is larger than the threshold, the file is considered malicious. If threshold is not specified, the default file threshold is used.
You configure the default in the instance settings. |
| fullResponse |
Returns all results. Results can number in the thousands, we recommend not using fullResponse in playbooks. The default value is
false
.
|
Context Output
| Path | Description |
|---|---|
| File.MD5 | MD5 of the file |
| File.SHA1 | SHA-1 of the file |
| File.SHA256 | SHA-256 of the file |
| File.VirusTotal.RelatedDomains | Domains that the hash communicates with |
| File.VirusTotal.RelatedURLs | URLs that the hash communicates with |
| File.VirusTotal.RelatedIPs | IPs that the hash communicates with |
| File.VirusTotal.RelatedHosts | Hosts that the hash communicates with |
| File.VirusTotal.RelatedFiles | Files that are related to this hash |
| File.VirusTotal.RelatedRegistryKeys | Keys that are related to this hash |
| File.VirusTotal.RelatedMutexes | Mutexes that are related to this hash |
Command Example
!vt-private-check-file-behaviour resource="2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae" threshold=20
Context Example
{
"SHA256": "2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae",
"VirusTotal": {
"RelatedDomains": [
"stromoliks.com",
"promoliks.com",
"google.com",
"fkjdeljfeew32233.com",
"pornoliks.com",
"fdwelklwe3093443.com"
],
"RelatedFiles": [
"C:\\WINDOWS\\system32\\ntdll.dll",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\~TM4.tmp",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\~DF3C0D.tmp",
"C:\\WINDOWS\\system32\\kernel32.dll",
"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\~TM3.tmp",
"Cmgr.exe"
],
"RelatedHosts": [
"224.0.0.22",
"51.140.127.197",
"10.0.2.2",
"239.255.255.250",
"255.255.255.255",
"10.0.2.255",
"10.0.2.15",
"82.112.184.197",
"0.0.0.0",
"216.58.206.238"
],
"RelatedIPs": [
"51.140.127.197",
"10.0.2.2",
"239.255.255.250",
"10.0.2.255",
"10.0.2.15",
"82.112.184.197",
"255.255.255.255",
"127.0.0.1",
"216.58.206.238"
],
"RelatedMutexes": [
"ShimCacheMutex",
"{65D180CA-BACE-614C-7239-5ABDD5E947B0}"
],
"RelatedRegistryKeys": [
"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\VBA\\Monitors",
"HKEY_LOCAL_MACHINE\\\\System\\Setup",
"HKEY_CLASSES_ROOT\\\\http\\shell\\open\\command",
"0x000000b8\\\\Help",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Rpc",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows",
"0x000000b8\\\\HTML Help",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Cmgr.exe\\RpcThreadPoolThrottle",
"HKEY_LOCAL_MACHINE\\\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"0x00000090\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"0x000000ac\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
"HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Rpc\\PagedBuffers"
],
"RelatedURLs": []
}
}
Human Readable Output
We found the following data about hash 2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae:
Hosts that the hash communicates with are:
| Host |
|---|
| 224.0.0.22 |
| 51.140.127.197 |
| 10.0.2.2 |
| 239.255.255.250 |
| 255.255.255.255 |
| 10.0.2.255 |
| 10.0.2.15 |
| 82.112.184.197 |
| 0.0.0.0 |
| 216.58.206.238 |
IPs that the hash communicates with are:
| IP |
|---|
| 51.140.127.197 |
| 10.0.2.2 |
| 239.255.255.250 |
| 10.0.2.255 |
| 10.0.2.15 |
| 82.112.184.197 |
| 255.255.255.255 |
| 127.0.0.1 |
| 216.58.206.238 |
Domains that the hash communicates with are:
| Domain |
|---|
| stromoliks.com |
| promoliks.com |
| google.com |
| fkjdeljfeew32233.com |
| pornoliks.com |
| fdwelklwe3093443.com |
Files that are related the hash
| File |
|---|
| C:\WINDOWS\system32\ntdll.dll |
|
C:\DOCUME
|
|
C:\DOCUME
|
| C:\WINDOWS\system32\kernel32.dll |
|
C:\DOCUME
|
| Cmgr.exe |
Registry Keys that are related to the hash
| Key |
|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
| HKEY_LOCAL_MACHINE\System\Setup |
| HKEY_CLASSES_ROOT\http\shell\open\command |
| 0x000000b8\Help |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows |
| 0x000000b8\HTML Help |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cmgr.exe\RpcThreadPoolThrottle |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
| 0x00000090\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| 0x000000ac\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\PagedBuffers |
Opened mutexes that are related to the hash
| Mutex |
|---|
| ShimCacheMutex |
| {65D180CA-BACE-614C-7239-5ABDD5E947B0} |
2. Get domain report
Generates a report about a specific domain.
Base Command
vt-private-get-domain-report
Input
| Argument Name | Description |
|---|---|
| domain | Domain name |
| threshold |
If the number of positives is larger than the threshold, the domain is considered malicious. If threshold is not specified, the default domain threshold is used.
You configure the default. |
| fullResponse |
Returns all results. Results can number in the thousands, we recommend not using fullResponse in playbooks. The default value is
false
.
|
Context Output
| Path | Description |
|---|---|
| Domain.Name | Domain name |
| Domain.VirusTotal.DownloadedHashes | Hashes of files that were downloaded from this domain |
| Domain.VirusTotal.CommunicatingHashes | Hashes of files that communicated with this domain in a sandbox |
| Domain.VirusTotal.Resolutions.ip_address | IPs that resolved to this domain |
| Domain.VirusTotal.Whois | Whois report |
| Domain.VirusTotal.Subdomains | Subdomains |
| Domain.VirusTotal.Resolutions.last_resolved | Resolution date of IPs that resolved to this domain |
Command Example
!vt-private-get-domain-report domain=demisto.com
Context Example
{
"Name": "google.com",
"VirusTotal": {
"CommunicatingHashes": [
{
"date": "2018-07-24 07:24:39",
"positives": 62,
"sha256": "2675ef3e888481502fe41addc74f7310639d83df4893a97e8127eb5eb1740798",
"total": 68
},
{
"date": "2018-07-24 07:23:48",
"positives": 49,
"sha256": "629be3e06580b7e532b019c48488c5a18e7ca1a37a374a9519d66a64e49051d1",
"total": 68
},
{
"date": "2018-07-24 07:21:23",
"positives": 52,
"sha256": "31afab5e2079d9fd2590f521237ac8f59ed42fe7234a4cf360daa4f7526bf900",
"total": 66
},
{
"date": "2018-07-24 07:20:18",
"positives": 45,
"sha256": "49b777157965d0f2ee2ab53b47876cbfd815512ec8ea41a6cd1a633b29be6524",
"total": 66
},
{
"date": "2018-07-24 07:19:39",
"positives": 45,
"sha256": "46799d5e6883cdf3f3466645de4a98c7710b4db03fece1780bd6e871d8b858e8",
"total": 66
},
{
"date": "2018-07-24 07:19:38",
"positives": 50,
"sha256": "db8c7cc64521286a1c63de5f8b41c749c4dae5434191baa5179f1233f0722ae8",
"total": 68
},
{
"date": "2018-07-24 07:19:27",
"positives": 51,
"sha256": "a1b2e5eeb9a1b81e167000f6f38446100696e8c5b1b38013a8895f3d6519a111",
"total": 68
},
{
"date": "2018-07-24 07:19:18",
"positives": 54,
"sha256": "6cb02d9888c3653616106241d4de68800b7fb9509b3a71f7ecea0eaf66b48655",
"total": 68
},
{
"date": "2018-07-24 07:18:57",
"positives": 51,
"sha256": "872575af2d9caabe5818c9dbcbc76f1fdebf80b3cf4fea961b99706b179e4fb2",
"total": 68
},
{
"date": "2018-07-24 07:18:47",
"positives": 50,
"sha256": "a3a4225ff984894a4752913069d63faafa3db4398c92dc007497f91602892737",
"total": 68
},
{
"date": "2018-07-24 07:18:19",
"positives": 48,
"sha256": "9b716f7272bb1b57653190ed190f7ceaa658820f5169a2857266ba599034efc9",
"total": 67
},
{
"date": "2018-07-24 07:18:16",
"positives": 53,
"sha256": "10478d5c4db5de5b8a69dfcf78b5de338145d9f1903f54a6429e16c9bb749f3a",
"total": 68
},
{
"date": "2018-07-24 07:18:08",
"positives": 51,
"sha256": "b1b566a462e575e5ddcd1bb73e7457607d036c40efe470a11c5839d2aa6913cf",
"total": 67
},
{
"date": "2018-07-24 07:17:59",
"positives": 50,
"sha256": "18d5e3fec37d15e0b6da54e8fe10a34617f92650b58a9846884b866e74165252",
"total": 68
},
{
"date": "2018-07-24 07:17:45",
"positives": 50,
"sha256": "c63b3787c8b85d96af2ccc8203f1ed905a28538c030efbd5bc91d446bc7e4131",
"total": 68
},
{
"date": "2018-07-24 07:15:50",
"positives": 53,
"sha256": "5391f03a01c67aef9d27cc26d72a5637ea1e4cd11228d04dfca3979b0dcf5afc",
"total": 67
},
{
"date": "2018-07-24 07:15:39",
"positives": 50,
"sha256": "b0556569ac21b97a687153876676488c35ede8eca18383436db731f07856b9a6",
"total": 68
},
{
"date": "2018-07-24 07:15:25",
"positives": 49,
"sha256": "1bf888901165a4cb23510133d5b91b663ec1895425c71b8fdddf0348732b11a9",
"total": 68
},
{
"date": "2018-07-24 07:14:06",
"positives": 52,
"sha256": "f1e29295a668a973b7940f5fbab2edcd05b68395e24fd315662726f1c1767cf4",
"total": 68
},
{
"date": "2018-07-24 07:14:01",
"positives": 53,
"sha256": "6b53c57843888c61c3e0126b816d92872f5e44fc803bbd6029c017e29e828fca",
"total": 68
},
{
"date": "2018-07-24 07:13:59",
"positives": 48,
"sha256": "8e1ab57267d8497b31e4d4f26bf3e6d9b31e139e3744f57ec577c32c6bd97448",
"total": 68
},
{
"date": "2018-07-24 07:13:18",
"positives": 50,
"sha256": "ffe93ef77385d59d7030dfd474373b3fe427ebaa9c7f5541e3f11e43629c3b9f",
"total": 68
},
{
"date": "2018-07-23 10:45:17",
"positives": 48,
"sha256": "aa9a757094b2b8cad5b3ef8152dbf2e5f3880fed2c3f58c84a34ecb1673ba4eb",
"total": 70
},
{
"date": "2018-07-24 07:10:40",
"positives": 50,
"sha256": "f8eaee7c0ea2261e55ee58ea09ac7e954ffa26c55c13f225015a63f4eda55da9",
"total": 68
},
{
"date": "2018-07-24 07:09:42",
"positives": 52,
"sha256": "238c20cf0e7bf2dea360ef9728daaaa1f019625e7451e5722cb75479bbd7e184",
"total": 68
},
{
"date": "2018-07-24 07:08:21",
"positives": 58,
"sha256": "c70659c5034f9b7db6b583a5cc5151b1686cc8fbcbd8860d164b07c1c23bcf5b",
"total": 66
},
{
"date": "2018-07-24 01:20:19",
"positives": 16,
"sha256": "c48447d03aa768b8f99877ec9450f764abb912dc35716603cea74bce71737728",
"total": 69
},
{
"date": "2018-07-24 05:10:10",
"positives": 34,
"sha256": "f48fe93a0ce6db1dfd239bb2705a296ac7c1d3f6a1ab335b8ff15b7960cfe5b0",
"total": 70
},
{
"date": "2018-07-23 12:20:35",
"positives": 15,
"sha256": "cbac4ff65098eb0eb9b459ab9a0a7529b412d86dc61f9961638752a309b301be",
"total": 68
},
{
"date": "2018-07-22 17:43:18",
"positives": 11,
"sha256": "f7076372575863bbbb5d96d3f13d8180d1e07f1b9f70c3ff9c833781482f48ce",
"total": 70
},
{
"date": "2018-07-24 00:18:28",
"positives": 31,
"sha256": "0bd4d66a39c461f7175762f802d26158288cf35bc00b1067d5d3a7e7334e9619",
"total": 70
},
{
"date": "2018-07-24 06:22:30",
"positives": 49,
"sha256": "4c2494bd1988e1d55e418e6e67881103cbe4a7b1a36423a17b54518764e720e0",
"total": 68
},
{
"date": "2018-07-24 06:22:15",
"positives": 49,
"sha256": "de5579608fa1c48dbf6985b80c207d0705d5b0692d8e8f4ee914849bb23a7fc4",
"total": 68
},
{
"date": "2018-07-24 06:22:10",
"positives": 47,
"sha256": "005e579a1fbfff7fb719c2dd142ff253da229067c834a3c77002ccf5d5c88860",
"total": 67
},
{
"date": "2018-07-24 06:21:54",
"positives": 49,
"sha256": "8a232930ea2481d40ef678d71a9a19da52625e94caf74dca07783e948ff5818f",
"total": 68
},
{
"date": "2018-07-24 06:20:43",
"positives": 54,
"sha256": "79b2a672433973b3fdce947a45ab409da4ba5a4f7b6ed94014835b8ac3521abc",
"total": 67
},
{
"date": "2018-07-23 09:04:38",
"positives": 52,
"sha256": "51b74df5019508d78f2b9ea6f7c24fc33e700a59226faef76a814ade67dbddd6",
"total": 70
},
{
"date": "2018-07-23 11:59:58",
"positives": 60,
"sha256": "0e4842f53bae8a32b0673ebee8b5ad3f61b7377634c7122d5d582ec82041154f",
"total": 69
},
{
"date": "2018-07-22 17:26:07",
"positives": 56,
"sha256": "61ea4df7140be285a82a93600592dbc9f3bc5cea95941259de1d05490a15c0e5",
"total": 70
},
{
"date": "2018-07-23 10:51:19",
"positives": 49,
"sha256": "2253a68cc3f4202c1239566437e30ffa112b40d342a8969e63c4177066464682",
"total": 70
},
{
"date": "2018-07-23 10:54:35",
"positives": 54,
"sha256": "94e2bc7b7b7be2b83ac40560d9a93d48511bf3104102e69d3ff21399b7f31dfa",
"total": 70
},
{
"date": "2018-07-23 10:45:12",
"positives": 52,
"sha256": "e5ac53dd24af0985e1617e86f09cb0eb2027e2b12479b47594233ac8b4701bb7",
"total": 70
},
{
"date": "2018-07-22 20:03:38",
"positives": 55,
"sha256": "57512332300ada12813e0a876cdf0090d81aee28953dcc24f3b610e022f89327",
"total": 69
},
{
"date": "2018-07-24 06:05:19",
"positives": 54,
"sha256": "3656d67014dc5ad09c77b06ee1b3da751526fe47cdc21d5002869524beabcd48",
"total": 68
},
{
"date": "2018-07-24 05:50:15",
"positives": 53,
"sha256": "b946b5de6599f02a9fa1af3c166fc50d3b4636a56c0ac73a56d939231a9b42a8",
"total": 67
},
{
"date": "2018-07-24 05:45:38",
"positives": 44,
"sha256": "2bda400f65b3097eb48fd77c8ecb610689884675542062ae2b234d2a1acee9d0",
"total": 67
},
{
"date": "2018-07-23 17:44:19",
"positives": 18,
"sha256": "db7c591fa32343770f3a03c3383e8fb89b1f30ae106263fc6d066aa45c1321f6",
"total": 70
},
{
"date": "2018-07-24 05:34:57",
"positives": 47,
"sha256": "27ae8d443e224eba7fe0da8c03e771be3784ff9485f018074eee191b2bf35644",
"total": 67
},
{
"date": "2018-07-24 05:34:40",
"positives": 58,
"sha256": "263713235cbbeb7714aef21da83f1162f9c5e6e64a6054c97769b339fb2ffe9a",
"total": 68
},
{
"date": "2018-07-24 05:34:36",
"positives": 49,
"sha256": "18e3295f7c6c5528483f25c383dd0e4aadb4c4c74a63ccb86fa30782b5c5c91e",
"total": 67
}
],
"DownloadedHashes": [],
"Resolutions": [
{
"ip_address": "108.167.133.29",
"last_resolved": "2017-05-19 00:00:00"
},
{
"ip_address": "108.177.10.100",
"last_resolved": "2016-02-16 00:00:00"
},
{
"ip_address": "108.177.10.102",
"last_resolved": "2016-02-16 00:00:00"
},
{
"ip_address": "108.177.111.100",
"last_resolved": "2018-03-14 00:00:00"
},
{
"ip_address": "108.177.111.101",
"last_resolved": "2018-03-14 00:00:00"
},
{
"ip_address": "108.177.111.102",
"last_resolved": "2018-03-15 00:00:00"
},
{
"ip_address": "108.177.111.113",
"last_resolved": "2018-03-18 00:00:00"
},
{
"ip_address": "108.177.111.138",
"last_resolved": "2018-03-15 00:00:00"
},
{
"ip_address": "108.177.111.139",
"last_resolved": "2018-03-14 00:00:00"
},
{
"ip_address": "108.177.112.100",
"last_resolved": "2018-07-20 03:31:21"
},
{
"ip_address": "108.177.112.101",
"last_resolved": "2018-07-20 03:31:21"
},
{
"ip_address": "108.177.112.102",
"last_resolved": "2018-07-20 03:31:21"
},
{
"ip_address": "108.177.112.113",
"last_resolved": "2018-07-20 03:31:21"
},
{
"ip_address": "108.177.112.138",
"last_resolved": "2018-07-20 03:31:21"
},
{
"ip_address": "108.177.112.139",
"last_resolved": "2018-07-20 03:31:21"
},
{
"ip_address": "108.177.119.100",
"last_resolved": "2018-07-11 11:27:21"
},
{
"ip_address": "108.177.119.101",
"last_resolved": "2018-07-11 11:27:22"
},
{
"ip_address": "108.177.119.102",
"last_resolved": "2018-07-11 11:27:21"
},
{
"ip_address": "108.177.119.113",
"last_resolved": "2018-07-11 11:27:21"
},
{
"ip_address": "108.177.119.138",
"last_resolved": "2018-07-11 11:27:21"
},
{
"ip_address": "108.177.119.139",
"last_resolved": "2018-07-11 11:27:21"
},
{
"ip_address": "108.177.120.100",
"last_resolved": "2018-07-12 01:45:40"
},
{
"ip_address": "108.177.120.101",
"last_resolved": "2018-07-12 01:45:39"
},
{
"ip_address": "108.177.120.102",
"last_resolved": "2018-07-12 01:45:40"
},
{
"ip_address": "108.177.120.113",
"last_resolved": "2018-07-12 01:45:39"
},
{
"ip_address": "108.177.120.138",
"last_resolved": "2018-07-12 01:45:40"
},
{
"ip_address": "108.177.120.139",
"last_resolved": "2018-07-12 01:45:40"
},
{
"ip_address": "108.177.121.100",
"last_resolved": "2018-07-19 03:28:50"
},
{
"ip_address": "108.177.121.101",
"last_resolved": "2018-07-19 03:28:50"
},
{
"ip_address": "108.177.121.102",
"last_resolved": "2018-07-19 03:28:50"
},
{
"ip_address": "108.177.121.113",
"last_resolved": "2018-07-19 03:28:50"
},
{
"ip_address": "108.177.121.138",
"last_resolved": "2018-07-19 03:28:50"
},
{
"ip_address": "108.177.121.139",
"last_resolved": "2018-07-19 03:28:50"
},
{
"ip_address": "108.177.122.100",
"last_resolved": "2018-06-27 13:14:54"
},
{
"ip_address": "108.177.122.101",
"last_resolved": "2018-06-27 13:14:55"
},
{
"ip_address": "108.177.122.102",
"last_resolved": "2018-06-27 13:14:55"
},
{
"ip_address": "108.177.122.113",
"last_resolved": "2018-06-27 13:14:55"
},
{
"ip_address": "108.177.122.138",
"last_resolved": "2018-06-27 13:14:55"
},
{
"ip_address": "108.177.122.139",
"last_resolved": "2018-06-27 13:14:55"
},
{
"ip_address": "108.177.127.100",
"last_resolved": "2018-06-14 06:42:21"
},
{
"ip_address": "108.177.127.101",
"last_resolved": "2018-06-14 06:42:21"
},
{
"ip_address": "108.177.127.102",
"last_resolved": "2018-06-14 06:42:21"
},
{
"ip_address": "108.177.127.113",
"last_resolved": "2018-06-14 06:42:21"
},
{
"ip_address": "108.177.127.138",
"last_resolved": "2018-06-14 06:42:21"
},
{
"ip_address": "108.177.127.139",
"last_resolved": "2018-06-14 06:42:21"
},
{
"ip_address": "108.177.15.100",
"last_resolved": "2018-07-23 10:36:03"
},
{
"ip_address": "108.177.15.101",
"last_resolved": "2018-07-23 10:35:18"
},
{
"ip_address": "108.177.15.102",
"last_resolved": "2018-07-23 10:33:47"
},
{
"ip_address": "108.177.15.113",
"last_resolved": "2018-07-19 14:15:34"
},
{
"ip_address": "108.177.15.138",
"last_resolved": "2018-07-23 10:32:53"
}
],
"Subdomains": [
"27.docs.google.com",
"8.chart.apis.google.com",
"geoauth.google.com",
"adservice.google.com",
"ogs.google.com",
"accounts.google.com",
"play.google.com",
"news.url.google.com",
"mt2.google.com",
"alt5-mtalk.google.com",
"books.google.com",
"id.google.com",
"apis.google.com",
"notifications.google.com",
"meet.google.com",
"mts0.google.com",
"www.google.com",
"alt2-mtalk.google.com",
"policies.google.com",
"taskassist-pa.clients6.google.com",
"search.google.com",
"xmpp.l.google.com",
"1.client-channel.google.com",
"safebrowsing-cache.google.com",
"encrypted.google.com",
"groups.google.com",
"68.docs.google.com",
"feedburner.google.com",
"clients2.google.com",
"suggestqueries.google.com",
"toolbarqueries.google.com",
"mtalk4.google.com",
"chatenabled.mail.google.com",
"alt6-mtalk.google.com",
"mt0.google.com",
"alt2.gmail-smtp-in.l.google.com",
"reminders-pa.clients6.google.com",
"7.client-channel.google.com",
"hangouts.google.com",
"android.clients.google.com",
"mtalk.google.com",
"wide-youtube.l.google.com",
"15.client-channel.google.com",
"history.google.com",
"drive.google.com",
"8.client-channel.google.com",
"status.cloud.google.com",
"safebrowsing.google.com",
"contributor.google.com",
"docs.google.com"
],
"Whois": "Domain Name: GOOGLE.COM\nRegistry Domain ID: 2138514_DOMAIN_COM-VRSN\nRegistrar WHOIS Server: whois.markmonitor.com\nRegistrar URL: http://www.markmonitor.com\nUpdated Date: 2018-02-21T18:36:40Z\nCreation Date: 1997-09-15T04:00:00Z\nRegistry Expiry Date: 2020-09-14T04:00:00Z\nRegistrar: MarkMonitor Inc.\nRegistrar IANA ID: 292\nRegistrar Abuse Contact Email: abusecomplaints@markmonitor.com\nRegistrar Abuse Contact Phone: +1.2083895740\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited\nDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited\nDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited\nName Server: NS1.GOOGLE.COM\nName Server: NS2.GOOGLE.COM\nName Server: NS3.GOOGLE.COM\nName Server: NS4.GOOGLE.COM\nDNSSEC: unsigned\nDomain Name: google.com\nUpdated Date: 2018-02-21T10:45:07-0800\nCreation Date: 1997-09-15T00:00:00-0700\nRegistrar Registration Expiration Date: 2020-09-13T21:00:00-0700\nRegistrar: MarkMonitor, Inc.\nDomain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)\nDomain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)\nDomain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)\nDomain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)\nDomain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)\nDomain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)\nRegistrant Country: US\nAdmin Organization: Google LLC\nAdmin State/Province: CA\nAdmin Country: US\nTech Organization: Google LLC\nTech State/Province: CA\nTech Country: US\nName Server: ns3.google.com\nName Server: ns2.google.com\nName Server: ns4.google.com\nName Server: ns1.google.com"
}
}
Human Readable Output
Latest detected files that communicated with google.com
| date | positives | total | sha256 |
|---|---|---|---|
| 2018-07-24 07:24:39 | 62 | 68 | 2675ef3e888481502fe41addc74f7310639d83df4893a97e8127eb5eb1740798 |
| 2018-07-24 07:23:48 | 49 | 68 | 629be3e06580b7e532b019c48488c5a18e7ca1a37a374a9519d66a64e49051d1 |
| 2018-07-24 07:21:23 | 52 | 66 | 31afab5e2079d9fd2590f521237ac8f59ed42fe7234a4cf360daa4f7526bf900 |
| 2018-07-24 07:20:18 | 45 | 66 | 49b777157965d0f2ee2ab53b47876cbfd815512ec8ea41a6cd1a633b29be6524 |
| 2018-07-24 07:19:39 | 45 | 66 | 46799d5e6883cdf3f3466645de4a98c7710b4db03fece1780bd6e871d8b858e8 |
| 2018-07-24 07:19:38 | 50 | 68 | db8c7cc64521286a1c63de5f8b41c749c4dae5434191baa5179f1233f0722ae8 |
| 2018-07-24 07:19:27 | 51 | 68 | a1b2e5eeb9a1b81e167000f6f38446100696e8c5b1b38013a8895f3d6519a111 |
| 2018-07-24 07:19:18 | 54 | 68 | 6cb02d9888c3653616106241d4de68800b7fb9509b3a71f7ecea0eaf66b48655 |
| 2018-07-24 07:18:57 | 51 | 68 | 872575af2d9caabe5818c9dbcbc76f1fdebf80b3cf4fea961b99706b179e4fb2 |
| 2018-07-24 07:18:47 | 50 | 68 | a3a4225ff984894a4752913069d63faafa3db4398c92dc007497f91602892737 |
| 2018-07-24 07:18:19 | 48 | 67 | 9b716f7272bb1b57653190ed190f7ceaa658820f5169a2857266ba599034efc9 |
| 2018-07-24 07:18:16 | 53 | 68 | 10478d5c4db5de5b8a69dfcf78b5de338145d9f1903f54a6429e16c9bb749f3a |
| 2018-07-24 07:18:08 | 51 | 67 | b1b566a462e575e5ddcd1bb73e7457607d036c40efe470a11c5839d2aa6913cf |
| 2018-07-24 07:17:59 | 50 | 68 | 18d5e3fec37d15e0b6da54e8fe10a34617f92650b58a9846884b866e74165252 |
| 2018-07-24 07:17:45 | 50 | 68 | c63b3787c8b85d96af2ccc8203f1ed905a28538c030efbd5bc91d446bc7e4131 |
| 2018-07-24 07:15:50 | 53 | 67 | 5391f03a01c67aef9d27cc26d72a5637ea1e4cd11228d04dfca3979b0dcf5afc |
| 2018-07-24 07:15:39 | 50 | 68 | b0556569ac21b97a687153876676488c35ede8eca18383436db731f07856b9a6 |
| 2018-07-24 07:15:25 | 49 | 68 | 1bf888901165a4cb23510133d5b91b663ec1895425c71b8fdddf0348732b11a9 |
| 2018-07-24 07:14:06 | 52 | 68 | f1e29295a668a973b7940f5fbab2edcd05b68395e24fd315662726f1c1767cf4 |
| 2018-07-24 07:14:01 | 53 | 68 | 6b53c57843888c61c3e0126b816d92872f5e44fc803bbd6029c017e29e828fca |
| 2018-07-24 07:13:59 | 48 | 68 | 8e1ab57267d8497b31e4d4f26bf3e6d9b31e139e3744f57ec577c32c6bd97448 |
| 2018-07-24 07:13:18 | 50 | 68 | ffe93ef77385d59d7030dfd474373b3fe427ebaa9c7f5541e3f11e43629c3b9f |
| 2018-07-23 10:45:17 | 48 | 70 | aa9a757094b2b8cad5b3ef8152dbf2e5f3880fed2c3f58c84a34ecb1673ba4eb |
| 2018-07-24 07:10:40 | 50 | 68 | f8eaee7c0ea2261e55ee58ea09ac7e954ffa26c55c13f225015a63f4eda55da9 |
| 2018-07-24 07:09:42 | 52 | 68 | 238c20cf0e7bf2dea360ef9728daaaa1f019625e7451e5722cb75479bbd7e184 |
| 2018-07-24 07:08:21 | 58 | 66 | c70659c5034f9b7db6b583a5cc5151b1686cc8fbcbd8860d164b07c1c23bcf5b |
| 2018-07-24 01:20:19 | 16 | 69 | c48447d03aa768b8f99877ec9450f764abb912dc35716603cea74bce71737728 |
| 2018-07-24 05:10:10 | 34 | 70 | f48fe93a0ce6db1dfd239bb2705a296ac7c1d3f6a1ab335b8ff15b7960cfe5b0 |
| 2018-07-23 12:20:35 | 15 | 68 | cbac4ff65098eb0eb9b459ab9a0a7529b412d86dc61f9961638752a309b301be |
| 2018-07-22 17:43:18 | 11 | 70 | f7076372575863bbbb5d96d3f13d8180d1e07f1b9f70c3ff9c833781482f48ce |
| 2018-07-24 00:18:28 | 31 | 70 | 0bd4d66a39c461f7175762f802d26158288cf35bc00b1067d5d3a7e7334e9619 |
| 2018-07-24 06:22:30 | 49 | 68 | 4c2494bd1988e1d55e418e6e67881103cbe4a7b1a36423a17b54518764e720e0 |
| 2018-07-24 06:22:15 | 49 | 68 | de5579608fa1c48dbf6985b80c207d0705d5b0692d8e8f4ee914849bb23a7fc4 |
| 2018-07-24 06:22:10 | 47 | 67 | 005e579a1fbfff7fb719c2dd142ff253da229067c834a3c77002ccf5d5c88860 |
| 2018-07-24 06:21:54 | 49 | 68 | 8a232930ea2481d40ef678d71a9a19da52625e94caf74dca07783e948ff5818f |
| 2018-07-24 06:20:43 | 54 | 67 | 79b2a672433973b3fdce947a45ab409da4ba5a4f7b6ed94014835b8ac3521abc |
| 2018-07-23 09:04:38 | 52 | 70 | 51b74df5019508d78f2b9ea6f7c24fc33e700a59226faef76a814ade67dbddd6 |
| 2018-07-23 11:59:58 | 60 | 69 | 0e4842f53bae8a32b0673ebee8b5ad3f61b7377634c7122d5d582ec82041154f |
| 2018-07-22 17:26:07 | 56 | 70 | 61ea4df7140be285a82a93600592dbc9f3bc5cea95941259de1d05490a15c0e5 |
| 2018-07-23 10:51:19 | 49 | 70 | 2253a68cc3f4202c1239566437e30ffa112b40d342a8969e63c4177066464682 |
| 2018-07-23 10:54:35 | 54 | 70 | 94e2bc7b7b7be2b83ac40560d9a93d48511bf3104102e69d3ff21399b7f31dfa |
| 2018-07-23 10:45:12 | 52 | 70 | e5ac53dd24af0985e1617e86f09cb0eb2027e2b12479b47594233ac8b4701bb7 |
| 2018-07-22 20:03:38 | 55 | 69 | 57512332300ada12813e0a876cdf0090d81aee28953dcc24f3b610e022f89327 |
| 2018-07-24 06:05:19 | 54 | 68 | 3656d67014dc5ad09c77b06ee1b3da751526fe47cdc21d5002869524beabcd48 |
| 2018-07-24 05:50:15 | 53 | 67 | b946b5de6599f02a9fa1af3c166fc50d3b4636a56c0ac73a56d939231a9b42a8 |
| 2018-07-24 05:45:38 | 44 | 67 | 2bda400f65b3097eb48fd77c8ecb610689884675542062ae2b234d2a1acee9d0 |
| 2018-07-23 17:44:19 | 18 | 70 | db7c591fa32343770f3a03c3383e8fb89b1f30ae106263fc6d066aa45c1321f6 |
| 2018-07-24 05:34:57 | 47 | 67 | 27ae8d443e224eba7fe0da8c03e771be3784ff9485f018074eee191b2bf35644 |
| 2018-07-24 05:34:40 | 58 | 68 | 263713235cbbeb7714aef21da83f1162f9c5e6e64a6054c97769b339fb2ffe9a |
| 2018-07-24 05:34:36 | 49 | 67 | 18e3295f7c6c5528483f25c383dd0e4aadb4c4c74a63ccb86fa30782b5c5c91e |
Latest detected files that were downloaded from google.com
No entries.
google.com has been resolved to the following IP addresses:
| last_resolved | ip_address |
|---|---|
| 2017-05-19 00:00:00 | 108.167.133.29 |
| 2016-02-16 00:00:00 | 108.177.10.100 |
| 2016-02-16 00:00:00 | 108.177.10.102 |
| 2018-03-14 00:00:00 | 108.177.111.100 |
| 2018-03-14 00:00:00 | 108.177.111.101 |
| 2018-03-15 00:00:00 | 108.177.111.102 |
| 2018-03-18 00:00:00 | 108.177.111.113 |
| 2018-03-15 00:00:00 | 108.177.111.138 |
| 2018-03-14 00:00:00 | 108.177.111.139 |
| 2018-07-20 03:31:21 | 108.177.112.100 |
| 2018-07-20 03:31:21 | 108.177.112.101 |
| 2018-07-20 03:31:21 | 108.177.112.102 |
| 2018-07-20 03:31:21 | 108.177.112.113 |
| 2018-07-20 03:31:21 | 108.177.112.138 |
| 2018-07-20 03:31:21 | 108.177.112.139 |
| 2018-07-11 11:27:21 | 108.177.119.100 |
| 2018-07-11 11:27:22 | 108.177.119.101 |
| 2018-07-11 11:27:21 | 108.177.119.102 |
| 2018-07-11 11:27:21 | 108.177.119.113 |
| 2018-07-11 11:27:21 | 108.177.119.138 |
| 2018-07-11 11:27:21 | 108.177.119.139 |
| 2018-07-12 01:45:40 | 108.177.120.100 |
| 2018-07-12 01:45:39 | 108.177.120.101 |
| 2018-07-12 01:45:40 | 108.177.120.102 |
| 2018-07-12 01:45:39 | 108.177.120.113 |
| 2018-07-12 01:45:40 | 108.177.120.138 |
| 2018-07-12 01:45:40 | 108.177.120.139 |
| 2018-07-19 03:28:50 | 108.177.121.100 |
| 2018-07-19 03:28:50 | 108.177.121.101 |
| 2018-07-19 03:28:50 | 108.177.121.102 |
| 2018-07-19 03:28:50 | 108.177.121.113 |
| 2018-07-19 03:28:50 | 108.177.121.138 |
| 2018-07-19 03:28:50 | 108.177.121.139 |
| 2018-06-27 13:14:54 | 108.177.122.100 |
| 2018-06-27 13:14:55 | 108.177.122.101 |
| 2018-06-27 13:14:55 | 108.177.122.102 |
| 2018-06-27 13:14:55 | 108.177.122.113 |
| 2018-06-27 13:14:55 | 108.177.122.138 |
| 2018-06-27 13:14:55 | 108.177.122.139 |
| 2018-06-14 06:42:21 | 108.177.127.100 |
| 2018-06-14 06:42:21 | 108.177.127.101 |
| 2018-06-14 06:42:21 | 108.177.127.102 |
| 2018-06-14 06:42:21 | 108.177.127.113 |
| 2018-06-14 06:42:21 | 108.177.127.138 |
| 2018-06-14 06:42:21 | 108.177.127.139 |
| 2018-07-23 10:36:03 | 108.177.15.100 |
| 2018-07-23 10:35:18 | 108.177.15.101 |
| 2018-07-23 10:33:47 | 108.177.15.102 |
| 2018-07-19 14:15:34 | 108.177.15.113 |
| 2018-07-23 10:32:53 | 108.177.15.138 |
Whois analysis:
Domain Name: GOOGLE.COM
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL:
http://www.markmonitor.com
Updated Date: 2018-02-21T18:36:40Z
Creation Date: 1997-09-15T04:00:00Z
Registry Expiry Date: 2020-09-14T04:00:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email:
abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited
https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited
https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited
https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited
https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited
https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
DNSSEC: unsigned
Domain Name: google.com
Updated Date: 2018-02-21T10:45:07-0800
Creation Date: 1997-09-15T00:00:00-0700
Registrar Registration Expiration Date: 2020-09-13T21:00:00-0700
Registrar: MarkMonitor, Inc.
Domain Status: clientUpdateProhibited (
https://www.icann.org/epp#clientUpdateProhibited
)
Domain Status: clientTransferProhibited (
https://www.icann.org/epp#clientTransferProhibited
)
Domain Status: clientDeleteProhibited (
https://www.icann.org/epp#clientDeleteProhibited
)
Domain Status: serverUpdateProhibited (
https://www.icann.org/epp#serverUpdateProhibited
)
Domain Status: serverTransferProhibited (
https://www.icann.org/epp#serverTransferProhibited
)
Domain Status: serverDeleteProhibited (
https://www.icann.org/epp#serverDeleteProhibited
)
Registrant Country: US
Admin Organization: Google LLC
Admin State/Province: CA
Admin Country: US
Tech Organization: Google LLC
Tech State/Province: CA
Tech Country: US
Name Server: ns3.google.com
Name Server: ns2.google.com
Name Server: ns4.google.com
Name Server: ns1.google.com
Observed subdomains
| Domain |
|---|
| 27.docs.google.com |
| 8.chart.apis.google.com |
| geoauth.google.com |
| adservice.google.com |
| ogs.google.com |
| accounts.google.com |
| play.google.com |
| news.url.google.com |
| mt2.google.com |
| alt5-mtalk.google.com |
| books.google.com |
| id.google.com |
| apis.google.com |
| notifications.google.com |
| meet.google.com |
| mts0.google.com |
| www.google.com |
| alt2-mtalk.google.com |
| policies.google.com |
| taskassist-pa.clients6.google.com |
| search.google.com |
| xmpp.l.google.com |
| 1.client-channel.google.com |
| safebrowsing-cache.google.com |
| encrypted.google.com |
| groups.google.com |
| 68.docs.google.com |
| feedburner.google.com |
| clients2.google.com |
| suggestqueries.google.com |
| toolbarqueries.google.com |
| mtalk4.google.com |
| chatenabled.mail.google.com |
| alt6-mtalk.google.com |
| mt0.google.com |
| alt2.gmail-smtp-in.l.google.com |
| reminders-pa.clients6.google.com |
| 7.client-channel.google.com |
| hangouts.google.com |
| android.clients.google.com |
| mtalk.google.com |
| wide-youtube.l.google.com |
| 15.client-channel.google.com |
| history.google.com |
| drive.google.com |
| 8.client-channel.google.com |
| status.cloud.google.com |
| safebrowsing.google.com |
| contributor.google.com |
| docs.google.com |
3. Get malicious file report
Retrieves metadata for a malicious file.
Base Command
vt-private-get-file-report
Input
| Argument Name | Description |
| resource |
MD5/SHA-1/SHA-256 hash of file to retrieve the most recent antivirus report for.
It is also possible to specify a scan_id (SHA-256-timestamp as returned by the scan API) to access a specific report. |
| allInfo |
Virus Total metadata, signature information, structural information, and more.
Can be viewed with
raw-response=true
.
|
| threshold |
If the number of positive results from the VT scanners is bigger than the threshold, the file will be considered malicious.
Default is configured in the instance settings. |
| longFormat | Returns a full response with scans. |
Context Output
| Path | Description |
|---|---|
| File.MD5 | File's MD5 |
| File.SHA1 | File's SHA1 |
| File.SHA256 | File's SHA256 |
| File.Malicious.Vendor | For malicious files, the vendor that made the decision |
| File.Malicious.Detections | For malicious files. Total detections. |
| File.Malicious.TotalEngines | For malicious files. Total engines |
| DBotScore.Indicator | The indicator we tested |
| DBotScore.Type | The type of the indicator |
| DBotScore.Vendor | Vendor used to calculate the score |
| DBotScore.Score | The actual score |
| File.VirusTotal.Scans.Source | Scan vendor for this hash |
| File.VirusTotal.Scans.Detected | Scan detection for this hash (True,False) |
| File.VirusTotal.Scans.Result | Scan result for this hash - signature, etc. |
Command Example
!vt-private-get-file-report resource=2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae allInfo=true longFormat=true
Context Example
{
"MD5": "fedeb68e5bc9a1627b32504da4d7475a",
"Malicious": {
"Detections": 58,
"TotalEngines": 68,
"Vendor": "VirusTotal"
},
"SHA1": "9ad524ddd2fb551490187bf3d506449f31e20423",
"SHA256": "2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae",
"VirusTotal": {
"Scans": [
{
"Details": null,
"Detected": true,
"Result": "Trojan.Slingup.A",
"Source": "ALYac",
"Update": "20180624"
},
{
"Details": null,
"Detected": true,
"Result": "Win32:RmnDrp",
"Source": "AVG",
"Update": "20180624"
},
{
"Details": null,
"Detected": true,
"Result": "Virus.Win32.Ramnit.b (v)",
"Source": "AVware",
"Update": "20180624"
},
{
"Details": null,
"Detected": true,
"Result": "Trojan.Slingup.A",
"Source": "Ad-Aware",
"Update": "20180624"
}
]
}
}
Human Readable Output
VirusTotal Hash Reputation for: 2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae
Scan ID:
2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae-1529842805
Scan date:
2018-06-24 12:20:05
Detections / Total:
58/68
VT Link:
2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae
MD5:
fedeb68e5bc9a1627b32504da4d7475a
SHA1:
9ad524ddd2fb551490187bf3d506449f31e20423
SHA256:
2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae
Scans
| Details | Source | Detected | Result | Update |
|---|---|---|---|---|
| ALYac | true | Trojan.Slingup.A | 20180624 | |
| AVG | true | Win32:RmnDrp | 20180624 | |
| AVware | true | Virus.Win32.Ramnit.b (v) | 20180624 | |
| Ad-Aware | true | Trojan.Slingup.A | 20180624 | |
| AegisLab | true | W32.Nimnul.tp20 | 20180622 | |
| AhnLab-V3 | true | Win32/Ramnit.J | 20180624 | |
| Antiy-AVL | true | Virus/Win32.Nimnul.a | 20180624 | |
| Arcabit | true | Trojan.Slingup.A | 20180624 | |
| Avast | true | Win32:RmnDrp | 20180624 | |
| Avira | true | W32/Ramnit.C | 20180624 | |
| Baidu | true | Win32.Virus.Nimnul.a | 20180622 | |
| Bkav | true | W32.Tmgrtext.PE | 20180623 | |
| CAT-QuickHeal | true | W32.Ramnit.BA | 20180623 | |
| CMC | true | Virus.Win32.Ramit.1!O | 20180624 | |
| ClamAV | true | Win.Trojan.Ramnit-1847 | 20180624 | |
| Comodo | true | Virus.Win32.Ramnit.K | 20180624 | |
| CrowdStrike | true | malicious_confidence_100% (W) | 20180530 | |
| Cybereason | true | malicious.e5bc9a | 20180225 | |
| Cylance | true | Unsafe | 20180624 | |
| Cyren | true | W32/Ramnit.B!Generic | 20180624 | |
| DrWeb | true | Win32.Rmnet.8 | 20180624 | |
| ESET-NOD32 | true | Win32/Ramnit.H | 20180624 | |
| Emsisoft | true | Trojan.Slingup.A (B) | 20180624 | |
| Endgame | true | malicious (high confidence) | 20180612 | |
| F-Prot | true | W32/Ramnit.B!Generic | 20180624 | |
| Fortinet | true | W32/Ramnit.A | 20180624 | |
| GData | true | Win32.Virus.Nimnul.A | 20180624 | |
| Ikarus | true | Backdoor.Win32.Slingup | 20180624 | |
| Invincea | true | heuristic | 20180601 | |
| Jiangmin | true | Win32/IRCNite.wi | 20180624 | |
| K7AntiVirus | true | Virus ( 002fe95d1 ) | 20180624 | |
| K7GW | true | Virus ( 002fe95d1 ) | 20180624 | |
| Kaspersky | true | Virus.Win32.Nimnul.a | 20180624 | |
| Kingsoft | true | Win32.Ramnit.lx.30720 | 20180624 | |
| MAX | true | malware (ai score=88) | 20180624 | |
| McAfee | true | W32/Ramnit.a | 20180624 | |
| McAfee-GW-Edition | true | BehavesLike.Win32.Ramnit.dh | 20180624 | |
| MicroWorld-eScan | true | Trojan.Slingup.A | 20180624 | |
| Microsoft | true | Virus:Win32/Ramnit.P | 20180624 | |
| NANO-Antivirus | true | Virus.Win32.Nimnul.bmnup | 20180624 | |
| Panda | true | W32/Nimnul.A | 20180624 | |
| Qihoo-360 | true | Virus.Win32.Ramnit.A | 20180624 | |
| Rising | true | Malware.Heuristic!ET#98% (RDM+:cmRtazo2yjxeYhdDtLZXcAxee5+7) | 20180624 | |
| SentinelOne | true | static engine - malicious | 20180618 | |
| Sophos | true | W32/Ramnit-A | 20180624 | |
| Symantec | true | W32.Ramnit.B!inf | 20180623 | |
| TACHYON | true | Virus/W32.Ramnit | 20180624 | |
| Tencent | true | Virus.Win32.Nimnul.e | 20180624 | |
| TotalDefense | true | Win32/Ramnit.C | 20180624 | |
| TrendMicro | true | PE_RAMNIT.DEN | 20180624 | |
| TrendMicro-HouseCall | true | PE_RAMNIT.DEN | 20180624 | |
| VBA32 | true | Virus.Win32.Nimnul.b | 20180622 | |
| VIPRE | true | Virus.Win32.Ramnit.b (v) | 20180624 | |
| ViRobot | true | Win32.Nimnul.A | 20180623 | |
| Yandex | true | Win32.Nimnul.Gen.2 | 20180622 | |
| Zillya | true | Virus.Nimnul.Win32.1 | 20180622 | |
| ZoneAlarm | true | Virus.Win32.Nimnul.a | 20180624 | |
| Zoner | true | Win32.Ramnit.H | 20180623 | |
| Alibaba | false | 20180622 | ||
| Avast-Mobile | false | 20180623 | ||
| Babable | false | 20180406 | ||
| F-Secure | false | 20180624 | ||
| Malwarebytes | false | 20180624 | ||
| Paloalto | false | 20180624 | ||
| SUPERAntiSpyware | false | 20180624 | ||
| TheHacker | false | 20180624 | ||
| Webroot | false | 20180624 | ||
| eGambit | false | 20180624 |
4. Get URL report
Generates a report about a specific URL.
Base Command
vt-private-get-url-report
Input
| Argument Name | Description | Required |
|---|---|---|
| resource | A CSV list of one or more URLs to retrieve the most recent report for. You can also specify a scan_id (sha-256 timestamp returned by the URL submission API) to access a specific report. | Required |
| retries | The number of times the command will try to get the URL report, if the report was not ready on the first attempt. | Optional |
| allInfo | This additional info includes VirusTotal related metadata (first seen date, last seen date, files downloaded from the given URL, etc.) and the output of other tools and datasets when fed with the URL. | Optional |
| shortFormat | If "true", to hide VT scans tables | Optional |
| threshold | If the number of positives is larger than the threshold, the file will be considered malicious. If threshold is not specified, the default file threshold, as configured in the instance settings, will be used. | Optional |
| fullResponse |
Return all of the results, note that it can be thousands of results. Prefer not to use in playbooks. The default value is
false
.
|
Optional |
| retry_time | The amount of time (in seconds) that the integration will wait before trying to get a URL report for URLS whose scans have not completed. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| URL.Data | string | URL address |
| URL.Malicious.Vendor | string | For malicious URLs, the vendor that made the decision |
| URL.Malicious.Description | string | For malicious URLs, the reason that the vendor made the decision |
| DBotScore.Indicator | string | The indicator that was tested |
| DBotScore.Type | string | The indicator type |
| DBotScore.Vendor | string | Vendor used to calculate the score |
| DBotScore.Score | number | The actual score |
| URL.VirusTotal.Resolutions.ip_address | Unknown | IPs that resolved to this URL |
| URL.VirusTotal.Resolutions.last_resolved | Unknown | Resolve date of IPs that resolved to this URL |
| URL.VirusTotal.ResponseContentSHA256 | Unknown | SHA256 hash of the response content |
| URL.VirusTotal.ResponseHeaders | Unknown | The response headers |
| URL.VirusTotal.Scans.Source | Unknown | Scan vendor for this URL |
| URL.VirusTotal.Scans.Detected | Unknown | Scan detection for this URL (True/False) |
| URL.VirusTotal.Scans.Result | Unknown | Scan result for this URL - signature, etc. |
Command Example
!vt-private-get-url-report resource="www.google.com,https://ctgold.in.net/G5?POP!=junk.name@jonk.com"
Context Example
{
"URL": [
{
"Data": "https://ctgold.in.net/G5?POP!=junk.name@jonk.com",
"VirusTotal": {
"Scans": [
{
"Source": "CRDF",
"Detected": true,
"Details": null,
"Update": null,
"Result": "malicious site"
},
{
"Source": "CyRadar",
"Detected": true,
"Details": null,
"Update": null,
"Result": "malicious site"
},
{
"Source": "Forcepoint ThreatSeeker",
"Detected": true,
"Details": null,
"Update": null,
"Result": "phishing site"
},
{
"Source": "Google Safebrowsing",
"Detected": true,
"Details": null,
"Update": null,
"Result": "phishing site"
},
{
"Source": "Kaspersky",
"Detected": true,
"Details": null,
"Update": null,
"Result": "phishing site"
},
{
"Source": "Sophos",
"Detected": true,
"Details": null,
"Update": null,
"Result": "malicious site"
},
{
"Source": "ADMINUSLabs",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "AegisLab WebGuard",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "AlienVault",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Antiy-AVL",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "AutoShun",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Avira",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Baidu-International",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "BitDefender",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Blueliv",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "C-SIRT",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "CLEAN MX",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Certly",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Comodo Site Inspector",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "CyberCrime",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "DNS8",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Dr.Web",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ESET",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Emsisoft",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Fortinet",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "FraudScore",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "FraudSense",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "G-Data",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "K7AntiVirus",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malc0de Database",
"Detected": false,
"Details": "http://malc0de.com/database/index.php?search=ctgold.in.net",
"Update": null,
"Result": "clean site"
},
{
"Source": "Malekal",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malware Domain Blocklist",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "MalwareDomainList",
"Detected": false,
"Details": "http://www.malwaredomainlist.com/mdl.php?search=ctgold.in.net",
"Update": null,
"Result": "clean site"
},
{
"Source": "MalwarePatrol",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malwarebytes hpHosts",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malwared",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Netcraft",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "NotMining",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Nucleon",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "OpenPhish",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Opera",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "PhishLabs",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Phishtank",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Quttera",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Rising",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "SCUMWARE.org",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "SecureBrain",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Spam404",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "StopBadware",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Sucuri SiteCheck",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Tencent",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ThreatHive",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Trustwave",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "URLQuery",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "VX Vault",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Virusdie External Site Scan",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Web Security Guard",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Yandex Safebrowsing",
"Detected": false,
"Details": "http://yandex.com/infected?l10n=en&url=https://ctgold.in.net/G5?POP!=junk.name@jonk.com",
"Update": null,
"Result": "clean site"
},
{
"Source": "ZCloudsec",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ZDB Zeus",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ZeroCERT",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Zerofox",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ZeusTracker",
"Detected": false,
"Details": "https://zeustracker.abuse.ch/monitor.php?host=ctgold.in.net",
"Update": null,
"Result": "clean site"
},
{
"Source": "desenmascara.me",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "malwares.com URL checker",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "securolytics",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "zvelo",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
}
]
}
},
{
"Data": "www.google.com",
"VirusTotal": {
"Scans": [
{
"Source": "ADMINUSLabs",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "AegisLab WebGuard",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "AlienVault",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Antiy-AVL",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "AutoShun",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Avira",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Baidu-International",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "BitDefender",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Blueliv",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "C-SIRT",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "CLEAN MX",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Certly",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Comodo Site Inspector",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "CyRadar",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "CyberCrime",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "DNS8",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Dr.Web",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ESET",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Emsisoft",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Forcepoint ThreatSeeker",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Fortinet",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "FraudScore",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "FraudSense",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "G-Data",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Google Safebrowsing",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "K7AntiVirus",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Kaspersky",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malc0de Database",
"Detected": false,
"Details": "http://malc0de.com/database/index.php?search=www.google.com",
"Update": null,
"Result": "clean site"
},
{
"Source": "Malekal",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malware Domain Blocklist",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "MalwareDomainList",
"Detected": false,
"Details": "http://www.malwaredomainlist.com/mdl.php?search=www.google.com",
"Update": null,
"Result": "clean site"
},
{
"Source": "MalwarePatrol",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malwarebytes hpHosts",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Malwared",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Netcraft",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "NotMining",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Nucleon",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "OpenPhish",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Opera",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "PhishLabs",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Phishtank",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Quttera",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Rising",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "SCUMWARE.org",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "SecureBrain",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Sophos",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Spam404",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "StopBadware",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "Sucuri SiteCheck",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Tencent",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ThreatHive",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Trustwave",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "URLQuery",
"Detected": false,
"Details": null,
"Update": null,
"Result": "unrated site"
},
{
"Source": "VX Vault",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Virusdie External Site Scan",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Web Security Guard",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Yandex Safebrowsing",
"Detected": false,
"Details": "http://yandex.com/infected?l10n=en&url=http://www.google.com/",
"Update": null,
"Result": "clean site"
},
{
"Source": "ZCloudsec",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ZDB Zeus",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ZeroCERT",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "Zerofox",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "ZeusTracker",
"Detected": false,
"Details": "https://zeustracker.abuse.ch/monitor.php?host=www.google.com",
"Update": null,
"Result": "clean site"
},
{
"Source": "desenmascara.me",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "malwares.com URL checker",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "securolytics",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
},
{
"Source": "zvelo",
"Detected": false,
"Details": null,
"Update": null,
"Result": "clean site"
}
]
}
}
],
"DBotScore": [
{
"Vendor": "VirusTotal - Private API",
"Indicator": "https://ctgold.in.net/G5?POP!=junk.name@jonk.com",
"Score": 2,
"Type": "url"
},
{
"Vendor": "VirusTotal - Private API",
"Indicator": "www.google.com",
"Score": 1,
"Type": "url"
}
]
}
Human Readable Output
VirusTotal URL report for: https://ctgold.in.net/G5?POP!=junk.name@jonk.com
Scan ID:
899b8b5d10d3e3b6b20ff94075b9b8d8db771cd24097e2cdd71457e69f4ad705-1552987965
Scan date:
2019-03-19 09:32:45
Detections / Total:
6/67
VT Link:
https://ctgold.in.net/G5?POP!=junk.name@jonk.com
Scans
| Details | Source | Detected | Result | Update |
|---|---|---|---|---|
| CRDF | true | malicious site | ||
| CyRadar | true | malicious site | ||
| Forcepoint ThreatSeeker | true | phishing site | ||
| Google Safebrowsing | true | phishing site | ||
| Kaspersky | true | phishing site | ||
| Sophos | true | malicious site | ||
| ADMINUSLabs | false | clean site | ||
| AegisLab WebGuard | false | clean site | ||
| AlienVault | false | clean site | ||
| Antiy-AVL | false | clean site | ||
| AutoShun | false | unrated site | ||
| Avira | false | clean site | ||
| Baidu-International | false | clean site | ||
| BitDefender | false | clean site | ||
| Blueliv | false | clean site | ||
| C-SIRT | false | clean site | ||
| CLEAN MX | false | clean site | ||
| Certly | false | clean site | ||
| Comodo Site Inspector | false | clean site | ||
| CyberCrime | false | clean site | ||
| DNS8 | false | clean site | ||
| Dr.Web | false | clean site | ||
| ESET | false | clean site | ||
| Emsisoft | false | clean site | ||
| Fortinet | false | clean site | ||
| FraudScore | false | clean site | ||
| FraudSense | false | clean site | ||
| G-Data | false | clean site | ||
| K7AntiVirus | false | clean site | ||
| http://malc0de.com/database/index.php?search=ctgold.in.net | Malc0de Database | false | clean site | |
| Malekal | false | clean site | ||
| Malware Domain Blocklist | false | clean site | ||
| http://www.malwaredomainlist.com/mdl.php?search=ctgold.in.net | MalwareDomainList | false | clean site | |
| MalwarePatrol | false | clean site | ||
| Malwarebytes hpHosts | false | clean site | ||
| Malwared | false | clean site | ||
| Netcraft | false | unrated site | ||
| NotMining | false | unrated site | ||
| Nucleon | false | clean site | ||
| OpenPhish | false | clean site | ||
| Opera | false | clean site | ||
| PhishLabs | false | unrated site | ||
| Phishtank | false | clean site | ||
| Quttera | false | clean site | ||
| Rising | false | clean site | ||
| SCUMWARE.org | false | clean site | ||
| SecureBrain | false | clean site | ||
| Spam404 | false | clean site | ||
| StopBadware | false | unrated site | ||
| Sucuri SiteCheck | false | clean site | ||
| Tencent | false | clean site | ||
| ThreatHive | false | clean site | ||
| Trustwave | false | clean site | ||
| URLQuery | false | unrated site | ||
| VX Vault | false | clean site | ||
| Virusdie External Site Scan | false | clean site | ||
| Web Security Guard | false | clean site | ||
| http://yandex.com/infected?l10n=en&url=https://ctgold.in.net/G5?POP!=junk.name@jonk.com | Yandex Safebrowsing | false | clean site | |
| ZCloudsec | false | clean site | ||
| ZDB Zeus | false | clean site | ||
| ZeroCERT | false | clean site | ||
| Zerofox | false | clean site | ||
| https://zeustracker.abuse.ch/monitor.php?host=ctgold.in.net | ZeusTracker | false | clean site | |
| desenmascara.me | false | clean site | ||
| malwares.com URL checker | false | clean site | ||
| securolytics | false | clean site | ||
| zvelo | false | clean site |
VirusTotal URL report for: www.google.com
Scan ID:
dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1552987806
Scan date:
2019-03-19 09:30:06
Detections / Total:
0/66
VT Link:
www.google.com
Scans
| Details | Source | Detected | Result | Update |
|---|---|---|---|---|
| ADMINUSLabs | false | clean site | ||
| AegisLab WebGuard | false | clean site | ||
| AlienVault | false | clean site | ||
| Antiy-AVL | false | clean site | ||
| AutoShun | false | unrated site | ||
| Avira | false | clean site | ||
| Baidu-International | false | clean site | ||
| BitDefender | false | clean site | ||
| Blueliv | false | clean site | ||
| C-SIRT | false | clean site | ||
| CLEAN MX | false | clean site | ||
| Certly | false | clean site | ||
| Comodo Site Inspector | false | clean site | ||
| CyRadar | false | clean site | ||
| CyberCrime | false | clean site | ||
| DNS8 | false | clean site | ||
| Dr.Web | false | clean site | ||
| ESET | false | clean site | ||
| Emsisoft | false | clean site | ||
| Forcepoint ThreatSeeker | false | clean site | ||
| Fortinet | false | clean site | ||
| FraudScore | false | clean site | ||
| FraudSense | false | clean site | ||
| G-Data | false | clean site | ||
| Google Safebrowsing | false | clean site | ||
| K7AntiVirus | false | clean site | ||
| Kaspersky | false | clean site | ||
| http://malc0de.com/database/index.php?search=www.google.com | Malc0de Database | false | clean site | |
| Malekal | false | clean site | ||
| Malware Domain Blocklist | false | clean site | ||
| http://www.malwaredomainlist.com/mdl.php?search=www.google.com | MalwareDomainList | false | clean site | |
| MalwarePatrol | false | clean site | ||
| Malwarebytes hpHosts | false | clean site | ||
| Malwared | false | clean site | ||
| Netcraft | false | unrated site | ||
| NotMining | false | unrated site | ||
| Nucleon | false | clean site | ||
| OpenPhish | false | clean site | ||
| Opera | false | clean site | ||
| PhishLabs | false | unrated site | ||
| Phishtank | false | clean site | ||
| Quttera | false | clean site | ||
| Rising | false | clean site | ||
| SCUMWARE.org | false | clean site | ||
| SecureBrain | false | clean site | ||
| Sophos | false | unrated site | ||
| Spam404 | false | clean site | ||
| StopBadware | false | unrated site | ||
| Sucuri SiteCheck | false | clean site | ||
| Tencent | false | clean site | ||
| ThreatHive | false | clean site | ||
| Trustwave | false | clean site | ||
| URLQuery | false | unrated site | ||
| VX Vault | false | clean site | ||
| Virusdie External Site Scan | false | clean site | ||
| Web Security Guard | false | clean site | ||
| http://yandex.com/infected?l10n=en&url=http://www.google.com/ | Yandex Safebrowsing | false | clean site | |
| ZCloudsec | false | clean site | ||
| ZDB Zeus | false | clean site | ||
| ZeroCERT | false | clean site | ||
| Zerofox | false | clean site | ||
| https://zeustracker.abuse.ch/monitor.php?host=www.google.com | ZeusTracker | false | clean site | |
| desenmascara.me | false | clean site | ||
| malwares.com URL checker | false | clean site | ||
| securolytics | false | clean site | ||
| zvelo | false | clean site |
5. Get IP address report
Generates a report about a specific IP address.
An IP tested with this command is considered malicious if it has a number of detected communicating samples (files that VT marked as malicious and communicated with this IP) that exceeds the IP threshold, or if it has a URL that was hosted in this IP and had a positive amount that exceeds the URL threshold.
Base Command
vt-private-get-ip-report
Input
| Argument Name | Description |
| ip |
Valid IPv4 address in dotted quad notation.
Only IPv4 addresses are supported. |
| threshold |
If the number of positive results from the VT scanners is bigger than the threshold, the IP address will be considered malicious.
Default is as configured in the instance settings. |
| fullResponse |
Return all results. This can number in the thousands, so we recommend not using in playbooks. Default is
false
.
|
Context Output
| Path | Description |
|---|---|
| IP.Address | Bad IP address found |
| IP.ASN | Bad IP ASN |
| IP.Geo.Country | Bad IP country |
| IP.Malicious.Vendor | For malicious IPs, the vendor that made the decision |
| IP.Malicious.Description | For malicious IPs, the reason that the vendor made the decision |
| DBotScore.Indicator | The indicator that was tested |
| DBotScore.Type | The type of the indicator |
| DBotScore.Vendor | Vendor used to calculate the score |
| DBotScore.Score | The actual score |
| IP.VirusTotal.DownloadedHashes | Latest files that are detected by at least one antivirus solution and were downloaded by VirusTotal from the IP address |
| IP.VirusTotal.UnAVDetectedDownloadedHashes | Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided |
| IP.VirusTotal.DetectedURLs | Latest URLs hosted in this IP address detected by at least one URL scanner |
| IP.VirusTotal.CommunicatingHashes | Latest detected files that communicate with this IP address |
| IP.VirusTotal.UnAVDetectedCommunicatingHashes | Latest undetected files that communicate with this IP address |
| IP.VirusTotal.Resolutions.hostname | The following domains resolved to the given IP |
| IP.VirusTotal.ReferrerHashes | Latest detected files that embed this IP address in their strings |
| IP.VirusTotal.UnAVDetectedReferrerHashes | Latest undetected files that embed this IP address in their strings |
| IP.VirusTotal.Resolutions.last_resolved | The last time the following domains resolved to the given IP |
Command Example
!vt-private-get-ip-report ip=8.8.8.8 fullResponse="false"
Context Example
{
"ASN": "15169",
"Address": "8.8.8.8",
"Geo": {
"Country": "US"
},
"VirusTotal": {
"CommunicatingHashes": [
{
"date": "2018-07-24 04:25:53",
"positives": 37,
"sha256": "63309a3ece4c0c0568db02d3c3e562c75aff756bb9387f56fc86d7a89c59ee7f",
"total": 70
},
{
"date": "2018-07-24 07:15:21",
"positives": 32,
"sha256": "4aeb98aaeb459f8be2fb737f8228e52387f33ec84df4a7933927670f790e3e02",
"total": 68
},
{
"date": "2018-07-24 07:06:31",
"positives": 52,
"sha256": "60b65e182b33241e895e10a672ca1451e1f04b430fdbf98065211ace3a6264a4",
"total": 67
},
{
"date": "2018-07-24 00:13:33",
"positives": 3,
"sha256": "c69d3691cd8d03a1823879ed5dbb1afe3e5b26cb5c72eed05f38f85f6bbaad93",
"total": 70
},
{
"date": "2018-07-24 03:38:37",
"positives": 32,
"sha256": "ef7e0c62ddb624f1b0ec2f64940d8ad218e40dd182031818ef022ba8ddd47d11",
"total": 70
}
]
}
}
6. Submit a query
Submits a query to Virus Total.
Base Command
vt-private-search-file
Input
| Argument Name | Description |
| query | File search query |
| fullResponse |
Return all results. This can number in the thousands, so we recommend not using in playbooks. Default is
false
.
|
Context Output
| Path | Description |
| VirusTotal.SearchFile.SearchResult | Hashes of files that match the query |
| VirusTotal.SearchFile.Query | Original search query |
Command Example
!vt-private-search-file query="type:peexe size:90kb+ positives:5+ behaviour:'taskkill'"
Context Example
{
"SearchFile": {
"Query": "type:peexe size:90kb+ positives:5+ behaviour:'taskkill'",
"SearchResult": [
"698a9a11c38763b514fd6fc74ee773c2510b0a88faefaf0e5807d51d39f59af7",
"7c6ebc9225163da5e6a01766895b9b520c8aa24320e6ff9a6ea87c8b8eecfa8e",
"c42011a62bf4621962788d48ed3938bfddf8b32685f5ced6442934ad80c12c25",
"0f965f6e2285002fa7d082fd3d28b49d96a05ba59d916624061f24e3b94a54c3",
"1cb4ffa0e9914d6c5b4aad008636849096a39d3aaf66297ba826a3e01865ff98",
"ee89e5627b4be45efdd30b8b3cfe5275c1591a4a350cce7ae24a6efc4819f1ef",
"d6582514f1d68ab7976de7ac447a89a9fb9ae7cff8219d27b327c0712cc8e2d1",
"150a67b251607bda468aebfd462976de081ace5015dc43f7024cab58fb6ec5dd",
"16d186b7d4a805b66610fbc626c1af51f5b9cfe47c06d0604a1002bce5e92219",
"aef0b520e96da26126a88de23ee000bc31a15ba0214c5a50e09c9944284dd16e",
"22822ce94523e24e03cb3f63d1f9522929b1d53902818fe8d009b467f68033c3",
"0554588ca5dbf78e1e30375621d32e1d323a18a4296fbf54deb70169113541a7",
"ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e",
"89d7ebfd154c44d17939107b58422736a605d1e80099d6c8fd73462b492227d7",
"c8a44fe52a058ad03b23e07f387c35da6d9cf2cd4ded95835c09b04b8308ac4c",
"296d70d8f10c964f6a8e4cc88760e25c07c0f050ffa2768c30cbd281d94af8d9",
"0556433422e53ededb408d14f522d0956cc5dacb4d1f3d235a05898307f6838a",
"75b0d5a5be55b30975e4694077b178b477ea4c82031f48deab63356a8fef4dd6",
"7cd606da7ff2204a2d5d6d67511e120011c6d0489788ed390e9a5c858b34df8e",
"590d40c79f48aaeae22d07a9e1b0ca4f4c059f5001444902a90a49f1f7d09923",
"a25d8da463ffa1f44138c40fb0f4df6c10f03e7d6c00436531168a5a2aa9707d",
"54ad2ddd1cd747fb6644e9184e9751c4ca2ad5a57c232f33023001d210c48098",
"6b2629629924224a6909bd2c5814b13f8721ebc5caef8c55ee6233be891b7112",
"71acde730859ec1902ed0ec72e16db8fcc5eefb84f1079a5eb2eb19589ea4d88",
"5392685717eb8710017fabea59954ebc8a62d791634439c6d84dbae059578069",
"58fd0f2dd2e60e507b4ac78c10f32c1fb92eef45f43f94b934d2c643b3911731",
"2a2176f026f93116807553342338a59010cfd97fdb96129143e33807f4d66b13",
"4e4fb7ab71072d2a42769dab76f4f54e3bb29a0c288943dcbdc20beb55edf321",
"a6db7d675f031cbcd64a83115bf00e3d50b40cd708ebedf39b94be298137d301",
"9342d1831165c52b92549b7340d9631a05f1ef5609ba74534e9fedd44a8256fc",
"e71235a6a104fbf7f2916153659c460752213ca6c698c9a8f656c1b7187523fa",
"e3f4e83633326ed9a9f085468aac13be840bc6a29fc62b8d90299884800bbf66",
"e760c373a6641ad9b3e817d1f7545f68a6cc7a0811c17e0ff2a5cb3738fb2418",
"a5263a9071152c02f2c16891203263a27876b4da626cd40bef28e46f49472352",
"6edec978e399cde55d66afde8c64f4e1b4bd001b8288c976ce399341145f431b",
"2d375422c0499c929ca7d958ae8354048b1d2972fffc3676f32c6445bc3d20b8",
"10fa90e7c6d7c3a0e172346a8c0fbf0c48f852a9abc9482231007cadae62a539",
"f67b7fab4f5c1c4fda2b51eaeac8a57020a71352d0b5daf27fea3524fd39ba63",
"59df7d186b4f810d870ada1ffe85dad04b5acb12a499dcc51c9e1048ea3a480c",
"2984d96b73586481363af095a9bd630507af604b11b61ed4a20aef7275ef85e3",
"20cd8e956a1700161b9cba57fcae2f0f49cb00217de10e07712007a40b5cd865",
"02db5e24cf325a5ee266624cbbd73a541d007c1c230f89dcd70e08600b356409",
"5b0217cba668bb19ec22e5d567e3391652d9bcaff3632521ac54900f04288ee2",
"b0f67e11ae7a412be4467d16774a188e6571b959bcba856b6188694fb2e36e09",
"c6e09206fd8666c954ccfe8765376dba37591e39f87f404aec87490c9dbbd0c9",
"3bb937aa5151a6eb1232855811d13ea64419e6d1e8176bd2a15d44b4e432972f",
"ed0c33b943a089acf49879b97accfad897141043d97f20ea291b5b09d213b057",
"69f414a12a822242951cefcf8b1b00b4ee9773f394211ca7ab9019be93031621",
"916241775e3a96d6809e2f7b29d89a1f261b025e0f1f891180b8f532572f6aca",
"f06b2052228c6e3c7cd3b713b23ec29cd56c8c7ea112ea2a9ab87309b4c9ff92"
]
}
}
Human Readable Output
Found the following hashes for the query :type:peexe size:90kb+ positives:5+ behaviour:'taskkill'
Hashes are:
| Hash |
|---|
| 698a9a11c38763b514fd6fc74ee773c2510b0a88faefaf0e5807d51d39f59af7 |
| 7c6ebc9225163da5e6a01766895b9b520c8aa24320e6ff9a6ea87c8b8eecfa8e |
| c42011a62bf4621962788d48ed3938bfddf8b32685f5ced6442934ad80c12c25 |
| 0f965f6e2285002fa7d082fd3d28b49d96a05ba59d916624061f24e3b94a54c3 |
| 1cb4ffa0e9914d6c5b4aad008636849096a39d3aaf66297ba826a3e01865ff98 |
| ee89e5627b4be45efdd30b8b3cfe5275c1591a4a350cce7ae24a6efc4819f1ef |
| d6582514f1d68ab7976de7ac447a89a9fb9ae7cff8219d27b327c0712cc8e2d1 |
| 150a67b251607bda468aebfd462976de081ace5015dc43f7024cab58fb6ec5dd |
| 16d186b7d4a805b66610fbc626c1af51f5b9cfe47c06d0604a1002bce5e92219 |
| aef0b520e96da26126a88de23ee000bc31a15ba0214c5a50e09c9944284dd16e |
| 22822ce94523e24e03cb3f63d1f9522929b1d53902818fe8d009b467f68033c3 |
| 0554588ca5dbf78e1e30375621d32e1d323a18a4296fbf54deb70169113541a7 |
| ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e |
| 89d7ebfd154c44d17939107b58422736a605d1e80099d6c8fd73462b492227d7 |
| c8a44fe52a058ad03b23e07f387c35da6d9cf2cd4ded95835c09b04b8308ac4c |
| 296d70d8f10c964f6a8e4cc88760e25c07c0f050ffa2768c30cbd281d94af8d9 |
| 0556433422e53ededb408d14f522d0956cc5dacb4d1f3d235a05898307f6838a |
| 75b0d5a5be55b30975e4694077b178b477ea4c82031f48deab63356a8fef4dd6 |
| 7cd606da7ff2204a2d5d6d67511e120011c6d0489788ed390e9a5c858b34df8e |
| 590d40c79f48aaeae22d07a9e1b0ca4f4c059f5001444902a90a49f1f7d09923 |
| a25d8da463ffa1f44138c40fb0f4df6c10f03e7d6c00436531168a5a2aa9707d |
| 54ad2ddd1cd747fb6644e9184e9751c4ca2ad5a57c232f33023001d210c48098 |
| 6b2629629924224a6909bd2c5814b13f8721ebc5caef8c55ee6233be891b7112 |
7. Return hashes for a specific IP address
Returns information about the hashes that communicate with a specific IP address.
Command Name
vt-private-hash-communication
Input
| Argument Name | Description |
| hash | File hash |
| fullResponse |
Return all results. This can number in the thousands, so we recommend not using in playbooks. Default is
false
.
|
Context Output
| Path | Description |
|---|---|
| File.VirusTotal.CommunicatedDomains | Domains that the hash communicates with |
| File.VirusTotal.CommunicatedURLs | URLs that the hash communicates with |
| File.VirusTotal.CommunicatedIPs | IPs that the hash communicates with |
| File.VirusTotal.CommunicatedHosts | Hosts that the hash communicates with |
| File.MD5 | MD5 of the file |
| File.SHA1 | SHA-1 of the file |
| File.SHA256 | SHA-256 of the file |
Command Example
!vt-private-hash-communication hash="ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e" fullResponse="false"
Context Example
{
"SearchFile": {
"Query": "type:peexe size:90kb+ positives:5+ behaviour:'taskkill'",
"SearchResult": [
"698a9a11c38763b514fd6fc74ee773c2510b0a88faefaf0e5807d51d39f59af7",
"7c6ebc9225163da5e6a01766895b9b520c8aa24320e6ff9a6ea87c8b8eecfa8e",
"c42011a62bf4621962788d48ed3938bfddf8b32685f5ced6442934ad80c12c25",
"0f965f6e2285002fa7d082fd3d28b49d96a05ba59d916624061f24e3b94a54c3",
"1cb4ffa0e9914d6c5b4aad008636849096a39d3aaf66297ba826a3e01865ff98",
"ee89e5627b4be45efdd30b8b3cfe5275c1591a4a350cce7ae24a6efc4819f1ef",
"d6582514f1d68ab7976de7ac447a89a9fb9ae7cff8219d27b327c0712cc8e2d1",
"150a67b251607bda468aebfd462976de081ace5015dc43f7024cab58fb6ec5dd",
"16d186b7d4a805b66610fbc626c1af51f5b9cfe47c06d0604a1002bce5e92219",
"aef0b520e96da26126a88de23ee000bc31a15ba0214c5a50e09c9944284dd16e",
"22822ce94523e24e03cb3f63d1f9522929b1d53902818fe8d009b467f68033c3",
"0554588ca5dbf78e1e30375621d32e1d323a18a4296fbf54deb70169113541a7",
"ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e",
"89d7ebfd154c44d17939107b58422736a605d1e80099d6c8fd73462b492227d7",
"c8a44fe52a058ad03b23e07f387c35da6d9cf2cd4ded95835c09b04b8308ac4c",
"296d70d8f10c964f6a8e4cc88760e25c07c0f050ffa2768c30cbd281d94af8d9",
"0556433422e53ededb408d14f522d0956cc5dacb4d1f3d235a05898307f6838a",
"75b0d5a5be55b30975e4694077b178b477ea4c82031f48deab63356a8fef4dd6",
"7cd606da7ff2204a2d5d6d67511e120011c6d0489788ed390e9a5c858b34df8e",
"590d40c79f48aaeae22d07a9e1b0ca4f4c059f5001444902a90a49f1f7d09923",
"a25d8da463ffa1f44138c40fb0f4df6c10f03e7d6c00436531168a5a2aa9707d",
"54ad2ddd1cd747fb6644e9184e9751c4ca2ad5a57c232f33023001d210c48098",
"6b2629629924224a6909bd2c5814b13f8721ebc5caef8c55ee6233be891b7112",
"71acde730859ec1902ed0ec72e16db8fcc5eefb84f1079a5eb2eb19589ea4d88",
"5392685717eb8710017fabea59954ebc8a62d791634439c6d84dbae059578069",
"58fd0f2dd2e60e507b4ac78c10f32c1fb92eef45f43f94b934d2c643b3911731",
"2a2176f026f93116807553342338a59010cfd97fdb96129143e33807f4d66b13",
]
}
}
Human Readable Output
Communication result for hash ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e
Hosts that the hash communicates with are:
| Host |
|---|
| 224.0.0.22 |
| 10.0.2.2 |
| 239.255.255.250 |
| 255.255.255.255 |
| 10.0.2.255 |
| 10.0.2.15 |
| 51.141.32.51 |
| 0.0.0.0 |
IPs that the hash communicates with are:
| IP |
|---|
| 10.0.2.2 |
| 239.255.255.250 |
| 10.0.2.255 |
| 10.0.2.15 |
| 51.141.32.51 |
| 255.255.255.255 |
8. Download a file
Downloads a file according to file hash.
Base Command
vt-private-download-file
Input
| Argument Name | Description |
| hash | MD5/SHA-1/SHA-256 hash of the file you want to download |
Context Output
There is no context output for this command.
Command Example
!vt-private-download-file hash=ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e
Context Example
{
"EntryID": "4103@14268",
"Extension": "",
"Info": "application/x-dosexec",
"MD5": "d62f1fba82927e7db4bdf5b70fe5a5c2",
"Name": "ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e-vt-file",
"SHA1": "2bd01a1ecfdfcd1824cfa45a54c048c5a31851b1",
"SHA256": "ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e",
"SSDeep": "12288:zhB3ospNelPCXzYaf2oS8tZqZdK87+KDVZpdsYifqI8IqCbK:zh+3/Y/tZCdJPLuK",
"Size": 465064,
"Type": "MS-DOS executable, MZ for MS-DOS\n"
}
Human Readable Output
File downloaded successfully.