Detonate File - Group-IB TDS Polygon
Detonate file using Group-IB THF Polygon integration. This playbook returns relevant reports to the War Room and file reputations to the context data. The detonation supports the following file types: 7z, ace, ar, arj, bat, bz2, cab, chm, cmd, com, cpgz, cpl, csv, dat, doc, docm, docx, dot, dotm, dotx, eml, exe, gz, gzip, hta, htm, html, iqy, iso, jar, js, jse, lnk, lz, lzma, lzo, lzh, mcl, mht, msg, msi, msp, odp, ods, odt, ots, ott, pdf, pif, potm, potx, pps, ppsm, ppsx, ppt, pptm, pptx, ps1, pub, py, pyc, r*, rar, reg, rtf, scr, settingcontent-ms, stc, svg, sxc, sxw, tar, taz, .tb2, .tbz, .tbz2, tgz, tlz, txz, tzo, txt, url, uue, vbe, vbs, wsf, xar, xls, xlsb, xlsm, xlsx, xml, xz, z*, zip.
Polygon · 11 tasks · 4 inputs · 46 outputs
Inputs
file_id— The File EntryID which will be detonated.Interval— Report requests frequency (minutes)Timeout— Report waiting timeout (minutes)Password— Password for the uploaded file.
Outputs
File.Name— The full file name (including file extension).File.MD5— The MD5 hash of the file.File.SHA1— The SHA1 hash of the file.File.SHA256— The SHA256 hash of the file.File.Type— File type.File.Malicious.Vendor— The vendor that reported the file as malicious.File.Malicious.Description— A description explaining why the file was determined to be malicious.DBotScore.Indicator— The indicator that was tested.DBotScore.Type— The indicator type.DBotScore.Vendor— The vendor used to calculate the score.DBotScore.Score— The actual score.IP.Address— IP address.Domain.Name— The domain name.Domain.DNS— A list of IP objects resolved by DNS.URL.Data— The URL.RegistryKey.Path— The path to the registry key.RegistryKey.Value— The value at the given RegistryKey.Process.Name— Process name.Process.PID— Process PID.Process.CommandLine— Process command line.Process.Path— Process path.Process.StartTime— Process start time.Process.EndTime— Process end time.Polygon.Analysis.ID— Analysis ID in THF.Polygon.Analysis.Name— File name.Polygon.Analysis.Size— File size.Polygon.Analysis.Started— Analysis start timestamp.Polygon.Analysis.Analyzed— Analysis finish timestamp.Polygon.Analysis.MD5— Analyzed file MD5 hash.Polygon.Analysis.SHA1— Analyzed file SHA1 hash.Polygon.Analysis.SHA256— Analyzed file SHA256.Polygon.Analysis.Result— Analysis verdict.Polygon.Analysis.Status— The analysis status.Polygon.Analysis.Verdict— Analysis verdict.Polygon.Analysis.Probability— Verdict probability.Polygon.Analysis.Families— Malware families.Polygon.Analysis.Score— Polygon score.Polygon.Analysis.Internet-connection— Internet availability.Polygon.Analysis.Type— File type.Polygon.Analysis.DumpExists— Network activity dump exists.Polygon.Analysis.File— The information about files in analysis.Polygon.Analysis.URL— The information about URL indicators.Polygon.Analysis.IP— The information about IP indicators.Polygon.Analysis.Domain— The information about domain indicators.Polygon.Analysis.RegistryKey— The information about registry keys which were modified during the analysis.Polygon.Analysis.Process— The information about processes started during the analysis.
Commands used
polygon-analysis-info
polygon-export-pcap
polygon-export-report
polygon-export-video
polygon-upload-file