Skip to main content

Detonate File - Group-IB TDS Polygon

This Playbook is part of the Polygon Pack.#

Detonate file using Group-IB THF Polygon integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types: 7z, ace, ar, arj, bat, bz2, cab, chm, cmd, com, cpgz, cpl, csv, dat, doc, docm, docx, dot, dotm, dotx, eml, exe, gz, gzip, hta, htm, html, iqy, iso, jar, js, jse, lnk, lz, lzma, lzo, lzh, mcl, mht, msg, msi, msp, odp, ods, odt, ots, ott, pdf, pif, potm, potx, pps, ppsm, ppsx, ppt, pptm, pptx, ps1, pub, py, pyc, r, rar, reg, rtf, scr, settingcontent-ms, stc, svg, sxc, sxw, tar, taz, .tb2, .tbz, .tbz2, tgz, tlz, txz, tzo, txt, url, uue, vbe, vbs, wsf, xar, xls, xlsb, xlsm, xlsx, xml, xz, z, zip.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


  • Group-IB TDS Polygon


  • Exists
  • IsTrue


  • polygon-export-video
  • polygon-analysis-info
  • polygon-upload-file
  • polygon-export-report
  • polygon-export-pcap

Playbook Inputs#

NameDescriptionDefault ValueRequired
file_idFile EntryID to detonateFile.EntryIDOptional
IntervalReport requests frequency (minutes).1Required
TimeoutReport waiting timeout (minutes).60Required
PasswordPassword for the uploaded file.Optional

Playbook Outputs#

File.NameThe full file name (including file extension).string
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.TypeFile type.string
File.Malicious.VendorThe vendor that reported the file as malicious.string
File.Malicious.DescriptionA description explaining why the file was determined to be malicious.string
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe indicator type.string
DBotScore.VendorThe vendor used to calculate the score.string
DBotScore.ScoreThe actual score.number
IP.AddressIP address.string
Domain.NameThe domain name.string
Domain.DNSA list of IP objects resolved by DNS.string
URL.DataThe URL.string
RegistryKey.PathThe path to the registry key.string
RegistryKey.ValueThe value at the given RegistryKey.string
Process.NameProcess name.string
Process.PIDProcess PID.number
Process.CommandLineProcess command line.string
Process.PathProcess path.string
Process.StartTimeProcess start
Process.EndTimeProcess end
Polygon.Analysis.IDAnalysis ID in THF.number
Polygon.Analysis.NameFile name.string
Polygon.Analysis.SizeFile size.number
Polygon.Analysis.StartedAnalysis start
Polygon.Analysis.AnalyzedAnalysis finish
Polygon.Analysis.MD5Analyzed file MD5 hash.string
Polygon.Analysis.SHA1Analyzed file SHA1 hash.string
Polygon.Analysis.SHA256Analyzed file SHA256.string
Polygon.Analysis.ResultAnalysis verdict.string
Polygon.Analysis.StatusThe analysis status.string
Polygon.Analysis.VerdictAnalysis verdict.boolean
Polygon.Analysis.ProbabilityVerdict probability.string
Polygon.Analysis.FamiliesMalware families.string
Polygon.Analysis.ScorePolygon score.number
Polygon.Analysis.Internet-connectionInternet availability.string
Polygon.Analysis.TypeFile type.string
Polygon.Analysis.DumpExistsNetwork activity dump exists.boolean
Polygon.Analysis.FileThe information about files in analysis.unknown
Polygon.Analysis.URLThe information about URL indicators.unknown
Polygon.Analysis.IPThe information about IP indicators.unknown
Polygon.Analysis.DomainThe information about Domain indicators.unknown
Polygon.Analysis.RegistryKeyThe information about registry keys which were modified during the analysis.unknown
Polygon.Analysis.ProcessThe information about processes started during the analysis.unknown

Playbook Image#

Detonate File - Group-IB TDS Polygon