Detonate File - Trend Micro Deep Discovery Analyzer Beta
Detonates a File using the TrendAI™ Deep Discovery™ Analyzer sandbox. Deep Discovery Analyzer(version 6.0.0) supports the following File Types: bat, cell, chm, class, cmd, dll, doc, docx, exe, gul, hta, htm, html, hwp, hwpx, jar, js, jse, jtd, lnk, mov, pdf, ppt, pptx, ps1, pub, rtf, slk, svg, swf, vbe, vbs, wsf, xls, xlsx, xml
TrendAI™ Deep Discovery™ Analyzer · 10 tasks · 3 inputs · 17 outputs
Inputs
File— The file to detonate. File is taken from the context.interval— Polling frequency - how often the polling command should run (minutes)timeout— How much time to wait before a timeout occurs (minutes)
Outputs
DBotScore.Type— The type of the indicatorDBotScore.Vendor— Vendor used to calculate the scoreTrendMicroDDA.Submissions.SHA1— SHA1 of the submissionTrendMicroDDA.Submissions.RiskLevel— The Risk Level of the sampleDBotScore.Score— The actual scoreTrendMicroDDA.Submissions.isCompleted— Stating if the detonation was complete or notDBotScore.Indicator— The indicator we testedTrendMicroDDA.Submissions.status— The status of the sampleInfoFile.MD5— MD5 hash of the report fileInfoFile.SHA1— SHA1 hash of the report fileInfoFile.SHA256— SHA256 hash of the report fileInfoFile.Name— Report file nameInfoFile.Type— Report file type e.g. "PE"InfoFile.Size— Report file sizeFile.Malicious.Vendor— For malicious files, the vendor that made the decisionFile.Malicious.Description— For malicious files, the reason for the vendor to make the decisionIP.Address— IPs relevant to the submission
Commands used
trendmicro-dda-check-status
trendmicro-dda-get-report
trendmicro-dda-upload-file