Detonate URL - Generic v1.5

Detonate URL through one or more active integrations that support URL detonation. Supported integrations: - SecneurX Analysis - ANY.RUN Cloud Sandbox - McAfee Advanced Threat Defense - WildFire - Lastline - Cuckoo Sandbox - Cisco Secure Malware Analytics (ThreatGrid) - JoeSecurity - CrowdStrike Falcon Sandbox - FireEye AX - VMRay Analyzer - Polygon - CrowdStrike Falcon Intelligence Sandbox - OPSWAT Filescan - VirusTotal - Anomali ThreatStream - Hatching Triage - ThreatGrid

Common Playbooks · 23 tasks · 2 inputs · 631 outputs

Inputs

  • URL — The URL object of the URL to be detonated.
  • anyrun_os — Specify ANY.RUN operation system type. Supports: windows, linux, android

Outputs

  • ThreatGrid.Sample.id — The sample id.
  • ThreatGrid.Sample.filename — The sample filename.
  • ThreatGrid.Sample.state — The state of the sample, one of a stable set of strings "wait, prep, run, proc, succ, fail".
  • ThreatGrid.Sample.status — The sample status.
  • ThreatGrid.Sample.md5 — The sample md5.
  • ThreatGrid.Sample.sha1 — The sample sha1.
  • ThreatGrid.Sample.sha256 — The sample sha256.
  • ThreatGrid.Sample.os — The sample os.
  • ThreatGrid.Sample.submitted_at — The sample submission time.
  • ATD.Task.taskId — The task ID of the sample uploaded.
  • ATD.Task.jobId — The job ID of the sample uploaded.
  • ATD.Task.messageId — The message Id relevant to the sample uploaded.
  • ATD.Task.url — The URL detonated.
  • ATD.Task.srcIp — Source IPv4 address.
  • ATD.Task.destIp — Destination IPv4 address.
  • ATD.Task.MD5 — MD5 of the sample uploaded.
  • ATD.Task.SHA1 — SHA1 of the sample uploaded.
  • ATD.Task.SHA256 — SHA256 of the sample uploaded.
  • File.Name — Filename (only in case of report type=json).
  • File.Type — File type e.g. "PE" (only in case of report type=json).
  • File.MD5 — MD5 hash of the file (only in case of report type=json).
  • File.SHA1 — SHA1 hash of the file (only in case of report type=json).
  • File.SHA256 — SHA256 hash of the file (only in case of report type=json).
  • File.EntryID — The Entry ID of the sample.
  • File.Malicious — File Malicious object.
  • DBotScore.Indicator — The indicator we tested (only in case of report type=json).
  • DBotScore.Type — The type of the indicator (only in case of report type=json).
  • DBotScore.Vendor — Vendor used to calculate the score (only in case of report type=json).
  • DBotScore.Score — The actual score (only in case of report type=json).
  • IP.Address — IP's relevant to the sample.
  • InfoFile.EntryID — The EntryID of the report file.
  • InfoFile.Extension — The extension of the report file.
  • InfoFile.Name — The name of the report file.
  • InfoFile.Info — The info of the report file.
  • InfoFile.Size — The size of the report file.
  • InfoFile.Type — The type of the report file.
  • URL.Malicious — URL Malicious object.
  • DBotScore.Reliability — The reliability of the source providing the intelligence data.
  • URL.Data — The URL.
  • Joe.Analysis.AnalysisID — The analysis ID.
  • Joe.Analysis.Classification — The classification.
  • Joe.Analysis.Comments — The comments.
  • Joe.Analysis.detection — The detection.
  • Joe.Analysis.duration — The duration.
  • Joe.Analysis.encrypted — True if the analysis data is encrypted.
  • Joe.Analysis.filename — The filename.
  • Joe.Analysis.score — The score.
  • Joe.Analysis.scriptname — The script name.
  • Joe.Analysis.status — The status.
  • Joe.Analysis.threatname — The threat name.
  • Joe.Analysis.time — The time.
  • Joe.Analysis.webid — The web ID.
  • Joe.Analysis.runs.detection — The detection.
  • Joe.Analysis.runs.error — The error.
  • Joe.Analysis.runs.score — The score.
  • Joe.Analysis.runs.sigma — The sigma.
  • Joe.Analysis.runs.snort — The snort.
  • Joe.Analysis.runs.system — The system.
  • Joe.Analysis.runs.yara — The YARA.
  • Joe.Submission.most_relevant_analysis.detection — The detection.
  • Joe.Submission.most_relevant_analysis.score — The submission score.
  • Joe.Submission.most_relevant_analysis.webid — The submission web ID.
  • Joe.Submission.name — The submission name.
  • Joe.Submission.status — The submission status.
  • Joe.Submission.submission_id — The submission ID.
  • Joe.Submission.time — The submission time.
  • File.Size — File size (only in case of report type=json).
  • File.Malicious.Vendor — The vendor that determined that a file is malicious.
  • File.Malicious.Description — The reason that the vendor determined that the file is malicious.
  • File.Malicious.Score — The score that the malicious file received from the vendor.
  • URL.Malicious.Vendor — The vendor that determined that a URL is malicious.
  • URL.Malicious.Description — The reason that the vendor determined that the URL is malicious.
  • URL.Malicious.Score — The score that the malicious URL received from the vendor.
  • Lastline.Submission.Status — Status of the submission.
  • Lastline.Submission.DNSqueries — List of DNS queries done by the analysis subject.
  • Lastline.Submission.NetworkConnections — List of network connections done by the analysis subject.
  • Lastline.Submission.DownloadedFiles — List of files that were downloaded using the Microsoft Windows file-download API functions. Each element is a tuple of file-origin URL and a File element.
  • Lastline.Submission.UUID — ID of the submission.
  • Lastline.Submission.YaraSignatures.name — Yara signatures name.
  • Lastline.Submission.YaraSignatures.score — The score according to the yara signatures. from 0 to 100.
  • Lastline.Submission.YaraSignatures.internal — True if the signature is only for internal use.
  • Lastline.Submission.Process.arguments — Argument of the process.
  • Lastline.Submission.Process.process_id — The process ID.
  • Lastline.Submission.Process.executable.abs_path — Absolute path of the executable of the process.
  • Lastline.Submission.Process.executable.filename — Filename of the executable.
  • Lastline.Submission.Process.executable.yara_signature_hits — Yara signature of the executable of the process.
  • Cuckoo.Task.Category — Category of task.
  • Cuckoo.Task.Machine — Machine of task.
  • Cuckoo.Task.Errors — Errors of task.
  • Cuckoo.Task.Traget — Traget of task.
  • Cuckoo.Task.Package — Package of task.
  • Cuckoo.Task.SampleID — Sample ID of task.
  • Cuckoo.Task.Guest — Task guest.
  • Cuckoo.Task.Custom — Custom values of task.
  • Cuckoo.Task.Owner — Task owner.
  • Cuckoo.Task.Priority — Priority of task.
  • Cuckoo.Task.Platform — Platform of task.
  • Cuckoo.Task.Options — Task options.
  • Cuckoo.Task.Status — Task status.
  • Cuckoo.Task.EnforceTimeout — Is timeout of task enforced.
  • Cuckoo.Task.Timeout — Task timeout.
  • Cuckoo.Task.Memory — Task memory.
  • Cuckoo.Task.Tags — Task tags.
  • Cuckoo.Task.ID — ID of task.
  • Cuckoo.Task.AddedOn — Date on which the task was added.
  • Cuckoo.Task.CompletedOn — Date on which the task was completed.
  • Cuckoo.Task.Score — Reported score of the the task.
  • Cuckoo.Task.Monitor — Monitor of the reported task.
  • Domain.Name — The Domain name.
  • Domain.DNS — A list of IP objects resolved by DNS.
  • RegistryKey.Path — The path to the registry key.
  • RegistryKey.Value — The value at the given RegistryKey.
  • Process.Name — Process name.
  • Process.PID — Process PID.
  • Process.CommandLine — Process Command Line.
  • Process.Path — Process path.
  • Process.StartTime — Process start time.
  • Process.EndTime — Process end time.
  • Polygon.Analysis.ID — Analysis ID in THF.
  • Polygon.Analysis.Name — File Name.
  • Polygon.Analysis.Size — File Size.
  • Polygon.Analysis.Started — Analysis start timestamp.
  • Polygon.Analysis.Analyzed — Analysis finish timestamp.
  • Polygon.Analysis.MD5 — Analyzed file MD5 hash.
  • Polygon.Analysis.SHA1 — Analyzed file SHA1 hash.
  • Polygon.Analysis.SHA256 — Analyzed file SHA256.
  • Polygon.Analysis.Result — Analysis verdict.
  • Polygon.Analysis.Status — The analysis status.
  • Polygon.Analysis.Verdict — Analysis verdict.
  • Polygon.Analysis.Probability — Verdict probability.
  • Polygon.Analysis.Families — Malware families.
  • Polygon.Analysis.Score — Polygon score.
  • Polygon.Analysis.Internet-connection — Internet availability.
  • Polygon.Analysis.Type — File type.
  • Polygon.Analysis.DumpExists — Network activity dump exists.
  • Polygon.Analysis.File — The information about files in analysis.
  • Polygon.Analysis.URL — The information about URL indicators.
  • Polygon.Analysis.IP — The information about IP indicators.
  • Polygon.Analysis.Domain — The information about Domain indicators.
  • Polygon.Analysis.RegistryKey — The information about registry keys which were modified during the analysis.
  • Polygon.Analysis.Process — The information about processes started during the analysis.
  • CrowdStrike.Submit.job_id — The The submitted report job ID.
  • CrowdStrike.Submit.submission_type — The type of the submission.
  • CrowdStrike.Submit.submission_id — The submission ID.
  • CrowdStrike.Submit.environment_id — The submission environment ID.
  • CrowdStrike.Submit.sha256 — The SHA256 hash of the file.
  • CrowdStrike.Report.job_id — The report job ID.
  • CrowdStrike.Report.environment_id — The report environment ID.
  • CrowdStrike.Report.environment_description — The environment description.
  • CrowdStrike.Report.size — The file size.
  • CrowdStrike.Report.type — The file type.
  • CrowdStrike.Report.type_short — The short description of the file type.
  • CrowdStrike.Report.target_url — The target url.
  • CrowdStrike.Report.state — The report state.
  • CrowdStrike.Report.error_type — The error type.
  • CrowdStrike.Report.error_origin — The error origin.
  • CrowdStrike.Report.submit_name — The file name when submitted.
  • CrowdStrike.Report.md5 — The MD5 hash of the file.
  • CrowdStrike.Report.sha1 — The SHA1 hash of the file.
  • CrowdStrike.Report.sha256 — The SHA256 hash of the file.
  • CrowdStrike.Report.sha512 — The SHA512 hash of the file.
  • CrowdStrike.Report.ssdeep — The SSDeep hash of the file.
  • CrowdStrike.Report.imphash — The imphash hash of the file.
  • CrowdStrike.Report.av_detect — The AV Multiscan range, for example 50-70 (min 0, max 100).
  • CrowdStrike.Report.vx_family — The file malware famil.
  • CrowdStrike.Report.url_analysis — Whether this report is url analysis.
  • CrowdStrike.Report.analysis_start_time — The start time of the analysis.
  • CrowdStrike.Report.threat_score — The file threat score.
  • CrowdStrike.Report.interesting — Whether the file was found to be interesting.
  • CrowdStrike.Report.threat_level — The file threat level.
  • CrowdStrike.Report.verdict — The file verdict.
  • CrowdStrike.Report.total_network_connections — The total number of network connections.
  • CrowdStrike.Report.total_processes — The total number of processes.
  • CrowdStrike.Report.total_signatures — The total number of signatures.
  • CrowdStrike.Report.file_metadata — The file metadata.
  • CrowdStrike.Report.network_mode — The network mode.
  • CrowdStrike.Report.submissions.submission_id — The submission ID.
  • CrowdStrike.Report.submissions.filename — The name of the file.
  • CrowdStrike.Report.submissions.url — The url.
  • CrowdStrike.Report.submissions.created_at — When the submission was created.
  • File.MalwareFamily — The file family classification.
  • WildFire.Report.MD5 — MD5 of the submission.
  • WildFire.Report.SHA256 — SHA256 of the report.
  • WildFire.Report.Status — The status of the submission.
  • WildFire.Report.URL — URL of the submission.
  • WildFire.Report.iocs — Associated IOCs.
  • WildFire.Report.verdict — The verdict of the report.
  • WildFire.Report.Platform — The platform of the report.
  • WildFire.Report.Software — The software of the report.
  • File.DigitalSignature.Publisher — The entity that signed the file for authenticity purposes.
  • WildFire.Report.NetworkInfo.URL.Host — The submission related hosts.
  • WildFire.Report.NetworkInfo.URL.Method — The submission related method.
  • WildFire.Report.NetworkInfo.URL.URI — The submission related URI.
  • WildFire.Report.NetworkInfo.URL.UserAgent — The submission related user agent.
  • WildFire.Report.NetworkInfo.UDP.IP — The submission related IPs, in UDP protocol.
  • WildFire.Report.NetworkInfo.UDP.Port — The submission related ports, in UDP protocol.
  • WildFire.Report.NetworkInfo.UDP.JA3 — The submission related JA3s, in UDP protocol.
  • WildFire.Report.NetworkInfo.UDP.JA3S — The submission related JA3Ss, in UDP protocol.
  • WildFire.Report.NetworkInfo.UDP.Country — The submission related countries, in UDP protocol.
  • WildFire.Report.NetworkInfo.TCP.IP — The submission related IPs, in TCP protocol.
  • WildFire.Report.NetworkInfo.TCP.JA3 — The submission related JA3s, in TCP protocol.
  • WildFire.Report.NetworkInfo.TCP.JA3S — The submission related JA3Ss, in TCP protocol.
  • WildFire.Report.NetworkInfo.TCP.Country — The submission related Countries, in TCP protocol.
  • WildFire.Report.NetworkInfo.TCP.Port — The submission related ports, in TCP protocol.
  • WildFire.Report.NetworkInfo.DNS.Query — The submission DNS queries.
  • WildFire.Report.NetworkInfo.DNS.Response — The submission DNS responses.
  • WildFire.Report.NetworkInfo.DNS.Type — The submission DNS Types.
  • WildFire.Report.Evidence.md5 — The submission evidence MD5 hash.
  • WildFire.Report.Evidence.Text — The submission evidence text.
  • WildFire.Report.detection_reasons.description — Reason for the detection verdict.
  • WildFire.Report.detection_reasons.name — Name of the detection.
  • WildFire.Report.detection_reasons.type — Type of the detection.
  • WildFire.Report.detection_reasons.verdict — Verdict of the detection.
  • WildFire.Report.detection_reasons.artifacts — Artifacts of the detection reasons.
  • WildFire.Report.ProcessList.Service — The process service.
  • WildFire.Report.ProcessList.ProcessCommand — The process command.
  • WildFire.Report.ProcessList.ProcessName — The process name.
  • WildFire.Report.ProcessList.ProcessPid — The process pid.
  • WildFire.Report.ProcessList.ProcessFile — Lists files that started a child processes, including the process name and the action the process performed.
  • WildFire.Report.ProcessTree.ProcessName — The process name.
  • WildFire.Report.ProcessTree.ProcessPid — The process pid.
  • WildFire.Report.ProcessTree.ProcessText — The action the process performed.
  • WildFire.Report.ProcessTree.Process.ChildName — The child process name.
  • WildFire.Report.ProcessTree.Process.ChildPid — The child process pid.
  • WildFire.Report.ProcessTree.Process.ChildText — The action the child process performed.
  • WildFire.Report.ExtractedURL.URL — The extracted URL.
  • WildFire.Report.ExtractedURL.Verdict — The extracted verdict.
  • WildFire.Report.Summary.Text — The summary of the report.
  • WildFire.Report.Summary.Details — The details summary of the report.
  • WildFire.Report.Summary.Behavior — The behavior summary of the report.
  • WildFire.Report.ELF.ShellCommands — The shell commands.
  • VirusTotal.Analysis.data.attributes.stats.harmless — Number of engines found the indicator harmless.
  • VirusTotal.Analysis.data.attributes.stats.malicious — Number of engines found the indicator malicious.
  • VirusTotal.Analysis.data.attributes.stats.suspicious — Number of engines found the indicator suspicious.
  • VirusTotal.Analysis.data.attributes.stats.timeout — Number of engines found the indicator timeout.
  • VirusTotal.Analysis.data.attributes.stats.undetected — Number of engines found the indicator undetected.
  • VirusTotal.Analysis.data.attributes.date — Date of the analysis in epoch.
  • VirusTotal.Analysis.data.attributes.status — Status of the analysis.
  • VirusTotal.Analysis.data.id — ID of the analysis.
  • VirusTotal.Analysis.data.type — Type of object (analysis).
  • VirusTotal.Analysis.meta.url_info.id — ID of the url.
  • VirusTotal.Analysis.meta.url_info.url — The URL.
  • VirusTotal.Analysis.id — The analysis ID.
  • VMRay.Job.JobID — The ID of a new job.
  • VMRay.Job.SampleID — The ID of sample.
  • VMRay.Job.Created — The timestamp of the created job.
  • VMRay.Job.VMName — The name of virtual machine.
  • VMRay.Job.VMID — The ID of virtual machine.
  • VMRay.Sample.SampleID — The sample ID of the task.
  • VMRay.Sample.Created — The timestamp of the created sample.
  • VMRay.Sample.FileName — The file name of the sample.
  • VMRay.Sample.MD5 — The MD5 hash of the sample.
  • VMRay.Sample.SHA1 — The SHA1 hash of the sample.
  • VMRay.Sample.SHA256 — The SHA256 hash of the sample.
  • VMRay.Sample.SSDeep — The SSDeep of the sample.
  • VMRay.Sample.Verdict — Verdict for the sample (Malicious, Suspicious, Clean, Not Available).
  • VMRay.Sample.VerdictReason — Description of the Verdict Reason.
  • VMRay.Sample.Severity — Severity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.
  • VMRay.Sample.Type — The file type.
  • VMRay.Sample.Classifications — The classifications of the sample.
  • VMRay.Submission.SubmissionID — The submission ID.
  • VMRay.Submission.HadErrors — Whether there are any errors in the submission.
  • VMRay.Submission.IsFinished — The status of submission. Can be, "true" or "false".
  • VMRay.Submission.MD5 — The MD5 hash of the sample in submission.
  • VMRay.Submission.SHA1 — The SHA1 hash of the sample in submission.
  • VMRay.Submission.SHA256 — The SHA256 hash of the sample in submission.
  • VMRay.Submission.Verdict — Verdict for the sample (Malicious, Suspicious, Clean, Not Available).
  • VMRay.Submission.VerdictReason — Description of the Verdict Reason.
  • VMRay.Submission.Severity — Severity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.
  • VMRay.Submission.SSDeep — The SSDeep hash of the sample in submission.
  • VMRay.Submission.SampleID — The ID of the sample in submission.
  • VMRay.Sample.IOC.URL.AnalysisID — The IDs of the other analyses that contain the given URL.
  • VMRay.Sample.IOC.URL.URL — The URL.
  • VMRay.Sample.IOC.URL.Operation — The operation of the specified URL.
  • VMRay.Sample.IOC.URL.ID — The ID of the URL.
  • VMRay.Sample.IOC.URL.Type — The type of the URL.
  • VMRay.Sample.IOC.Domain.AnalysisID — The IDs of the other analyses that contain the given domain.
  • VMRay.Sample.IOC.Domain.Domain — The domain.
  • VMRay.Sample.IOC.Domain.ID — The ID of the domain.
  • VMRay.Sample.IOC.Domain.Type — The type of the domain.
  • VMRay.Sample.IOC.IP.AnalysisID — The IDs of the other analyses that contain the given IP address.
  • VMRay.Sample.IOC.IP.IP — The IP address.
  • VMRay.Sample.IOC.IP.Operation — The operation of the given IP address.
  • VMRay.Sample.IOC.IP.ID — The ID of the IP address.
  • VMRay.Sample.IOC.IP.Type — The type of the IP address.
  • VMRay.Sample.IOC.Mutex.AnalysisID — The IDs of other analyses that contain the given IP address.
  • VMRay.Sample.IOC.Mutex.Name — The name of the mutex.
  • VMRay.Sample.IOC.Mutex.Operation — The operation of the given mutex.
  • VMRay.Sample.IOC.Mutex.ID — The ID of the mutex.
  • VMRay.Sample.IOC.Mutex.Type — The type of the mutex.
  • VMRay.Sample.IOC.File.AnalysisID — The IDs of other analyses that contain the given file.
  • VMRay.Sample.IOC.File.Name — The name of the file.
  • VMRay.Sample.IOC.File.Operation — The operation of the given file.
  • VMRay.Sample.IOC.File.ID — The ID of the file.
  • VMRay.Sample.IOC.File.Type — The type of the file.
  • VMRay.Sample.IOC.File.Hashes.MD5 — The MD5 hash of the given file.
  • VMRay.Sample.IOC.File.Hashes.SSDeep — The SSDeep hash of the given file.
  • VMRay.Sample.IOC.File.Hashes.SHA256 — The SHA256 hash of the given file.
  • VMRay.Sample.IOC.File.Hashes.SHA1 — The SHA1 hash of the given file.
  • VMRay.ThreatIndicator.AnalysisID — The list of connected analysis IDs.
  • VMRay.ThreatIndicator.Category — The category of threat indicators.
  • VMRay.ThreatIndicator.Classification — The classifications of threat indicators.
  • VMRay.ThreatIndicator.ID — The ID of the threat indicator.
  • VMRay.ThreatIndicator.Operation — The operation that caused the indicators.
  • ThreatStream.Analysis.ReportID — The report ID submitted to the sandbox.
  • ThreatStream.Analysis.Status — The analysis status.
  • ThreatStream.Analysis.Platform — The platform of the submission submitted to the sandbox.
  • ThreatStream.Analysis.Category — The report category.
  • ThreatStream.Analysis.Started — The detonation start time.
  • ThreatStream.Analysis.Completed — The detonation completion time.
  • ThreatStream.Analysis.Duration — The duration of the detonation (in seconds).
  • ThreatStream.Analysis.VmName — The VM name.
  • ThreatStream.Analysis.VmID — The VM ID.
  • ThreatStream.Analysis.Verdict — The verdict of the sandbox detonation.
  • ThreatStream.Analysis.Network.UdpSource — The UDP source.
  • ThreatStream.Analysis.Network.UdpDestination — The UDP destination.
  • ThreatStream.Analysis.Network.UdpPort — The UDP port.
  • ThreatStream.Analysis.Network.IcmpSource — The ICMP source.
  • ThreatStream.Analysis.Network.IcmpDestination — The ICMP destination.
  • ThreatStream.Analysis.Network.IcmpPort — The ICMP port.
  • ThreatStream.Analysis.Network.TcpSource — The TCP source.
  • ThreatStream.Analysis.Network.TcpDestination — The TCP destination.
  • ThreatStream.Analysis.Network.TcpPort — The TCP port.
  • ThreatStream.Analysis.Network.HttpSource — The source of the HTTP address.
  • ThreatStream.Analysis.Network.HttpDestinaton — The destination of the HTTP address.
  • ThreatStream.Analysis.Network.HttpPort — The port of the HTTP address.
  • ThreatStream.Analysis.Network.HttpsSource — The source of the HTTPS address.
  • ThreatStream.Analysis.Network.HttpsDestinaton — The destination of the HTTPS address.
  • ThreatStream.Analysis.Network.HttpsPort — The port of the HTTPS address.
  • ThreatStream.Analysis.Network.Hosts — The network analysis hosts.
  • FireEyeAX.Submissions.URL.Key — The submission key.
  • FireEyeAX.Submissions.Severity — The severity level of the file.
  • FireEyeAX.Submissions.InfoLevel — The info level of the report.
  • Triage.sample-summaries.completed — Date the sample analysis was completed.
  • Triage.sample-summaries.created — Date the analysis report was created.
  • Triage.sample-summaries.custom — Custom sample analysis.
  • Triage.sample-summaries.owner — Owner of the sample analysis.
  • Triage.sample-summaries.sample — Unique identifier of the sample,.
  • Triage.sample-summaries.score — Score of the sample on a scale of 0 to 10.
  • Triage.sample-summaries.sha256 — SHA256 hash of the sample.
  • Triage.sample-summaries.status — Status of the analysis.
  • Triage.sample-summaries.target — Target for the analysis.
  • Triage.sample-summaries.tasks — Tasks performed in the analysis.
  • SecneurXAnalysis.Report.SHA256 — SHA256 value of the analyzed sample.
  • SecneurXAnalysis.Report.Platform — Platform of the analyzed sample.
  • SecneurXAnalysis.Report.Verdict — Summary result of the analyzed sample.
  • SecneurXAnalysis.Report.Tags — More details of the analyzed sample.
  • SecneurXAnalysis.Report.DnsRequests — List of DNS data observed in the analyzed sample.
  • SecneurXAnalysis.Report.HttpRequests — List of HTTP data observed in the analyzed sample.
  • SecneurXAnalysis.Report.JA3Digests — List of JA3 data observed in the analyzed sample.
  • SecneurXAnalysis.Report.ProcessCreated — Process behaviour data observed in the analyzed sample.
  • SecneurXAnalysis.Report.RegistrySet — List of Registry creations observed in the analyzed sample.
  • SecneurXAnalysis.Report.RegistryDeleted — List of Registry deletions observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileCreated — List of File creations observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileDropped — List of File drops observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileDeleted — List of File deletions observed in the analyzed sample.
  • SecneurXAnalysis.Report.FileModified — List of File changes observed in the analyzed sample.
  • SecneurXAnalysis.Report.IOC — List of IOC's observed in the analyzed sample.
  • SecneurXAnalysis.Report.Status — Analysis queued sample state.
  • csfalconx.resource.id — Analysis ID.
  • csfalconx.resource.verdict — Analysis verdict.
  • csfalconx.resource.created_timestamp — Analysis start time.
  • csfalconx.resource.environment_id — Environment ID.
  • csfalconx.resource.environment_description — Environment description.
  • csfalconx.resource.threat_score — Score of the threat.
  • csfalconx.resource.submit_url — URL submitted for analysis.
  • csfalconx.resource.submission_type — Type of submitted artifact, for example file, URL, etc.
  • csfalconx.resource.sha256 — SHA256 hash of the submitted file.
  • csfalconx.resource.ioc_report_strict_csv_artifact_id — ID of the IOC pack to download (CSV).
  • csfalconx.resource.ioc_report_broad_csv_artifact_id — ID of the IOC pack to download (CSV).
  • csfalconx.resource.ioc_report_strict_json_artifact_id — ID of the IOC pack to download (JSON).
  • csfalconx.resource.ioc_report_broad_json_artifact_id — ID of the IOC pack to download (JSON).
  • csfalconx.resource.ioc_report_strict_stix_artifact_id — ID of the IOC pack to download (STIX).
  • csfalconx.resource.ioc_report_broad_stix_artifact_id — ID of the IOC pack to download (STIX).
  • csfalconx.resource.ioc_report_strict_maec_artifact_id — ID of the IOC pack to download (MAEC).
  • csfalconx.resource.ioc_report_broad_maec_artifact_id — ID of the IOC pack to download (MAEC).
  • OPSWAT.Filescan.Submission.flow_id — The flow ID.
  • OPSWAT.Filescan.Analysis.finalVerdict.verdict — The final verdict.
  • OPSWAT.Filescan.Analysis.allTags — All tags.
  • OPSWAT.Filescan.Analysis.overallState — Overall state of the scan.
  • OPSWAT.Filescan.Analysis.subtaskReferences — Status of scan subtasks.
  • OPSWAT.Filescan.Analysis.allSignalGroups — All signal groups.
  • OPSWAT.Filescan.Analysis.resources — Resources.
  • OPSWAT.Filescan.Analysis.taskReference.name — Name of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.additionalInfo — Additional informations about the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.ID — ID of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.state — State of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.resourceReference — Resource reference of the main scan task.
  • OPSWAT.Filescan.Analysis.taskReference.opcount — Counter.
  • OPSWAT.Filescan.Analysis.taskReference.processTime — processTime.
  • OPSWAT.Filescan.Analysis.file.name — The name of the file.
  • OPSWAT.Filescan.Analysis.file.hash — The SHA256 of the file.
  • OPSWAT.Filescan.Analysis.file.type — The type of the submission.
  • ANYRUN.SandboxAnalysis.mitre.name — MITRE Technic text description.
  • ANYRUN.SandboxAnalysis.mitre.phases — MITRE Technic phases.
  • ANYRUN.SandboxAnalysis.mitre.id — MITRE Technic identifier.
  • ANYRUN.SandboxAnalysis.debugStrings — Analysis debug information.
  • ANYRUN.SandboxAnalysis.incidents.process — Analysis process.
  • ANYRUN.SandboxAnalysis.incidents.events.time — Event time.
  • ANYRUN.SandboxAnalysis.incidents.events.cmdline — Event command line.
  • ANYRUN.SandboxAnalysis.incidents.events.image — Event image.
  • ANYRUN.SandboxAnalysis.incidents.mitre.v — MITRE version.
  • ANYRUN.SandboxAnalysis.incidents.mitre.sid — SID.
  • ANYRUN.SandboxAnalysis.incidents.mitre.tid — TID.
  • ANYRUN.SandboxAnalysis.incidents.count — Count of related incidents.
  • ANYRUN.SandboxAnalysis.incidents.firstSeen — Incident first seen date.
  • ANYRUN.SandboxAnalysis.incidents.source — Incident source.
  • ANYRUN.SandboxAnalysis.incidents.desc — Incident description.
  • ANYRUN.SandboxAnalysis.incidents.title — Incident title.
  • ANYRUN.SandboxAnalysis.incidents.threatLevel — Incident threat level.
  • ANYRUN.SandboxAnalysis.incidents.events.typeValue — Event type value.
  • ANYRUN.SandboxAnalysis.incidents.events.key — Event key.
  • ANYRUN.SandboxAnalysis.incidents.events.value — Event value.
  • ANYRUN.SandboxAnalysis.incidents.events.name — Event name.
  • ANYRUN.SandboxAnalysis.incidents.events.operation — Even operation.
  • ANYRUN.SandboxAnalysis.incidents.events.cmdParent — Event parent cmd.
  • ANYRUN.SandboxAnalysis.incidents.events.cmdChild — Event child cmd.
  • ANYRUN.SandboxAnalysis.modified.registry.time — Registry time.
  • ANYRUN.SandboxAnalysis.modified.registry.process — Registry process.
  • ANYRUN.SandboxAnalysis.modified.registry.operation — Registry operation.
  • ANYRUN.SandboxAnalysis.modified.registry.value — Registry value.
  • ANYRUN.SandboxAnalysis.modified.registry.name — Registry name.
  • ANYRUN.SandboxAnalysis.modified.registry.key — Registry key.
  • ANYRUN.SandboxAnalysis.modified.files.process — File process.
  • ANYRUN.SandboxAnalysis.modified.files.size — File size.
  • ANYRUN.SandboxAnalysis.modified.files.filename — Filename.
  • ANYRUN.SandboxAnalysis.modified.files.time — File creating time.
  • ANYRUN.SandboxAnalysis.modified.files.info.mime — File MIME type.
  • ANYRUN.SandboxAnalysis.modified.files.info.file — File content.
  • ANYRUN.SandboxAnalysis.modified.files.permanentUrl — File url.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.ssdeep — File SSDeep.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.sha256 — File sha256 hash.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.sha1 — File sha1 hash.
  • ANYRUN.SandboxAnalysis.modified.files.hashes.md5 — File md5 hash.
  • ANYRUN.SandboxAnalysis.modified.files.threatLevel — File threat level.
  • ANYRUN.SandboxAnalysis.modified.files.type — File type.
  • ANYRUN.SandboxAnalysis.network.threats — Analysis network threats.
  • ANYRUN.SandboxAnalysis.network.connections.reputation — Network connection reputation.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3SFullstring — Network connection ja3S.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3S — Network connection ja3S.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3Fullstring — Network connection ja3F.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3 — Network connection ja3F.
  • ANYRUN.SandboxAnalysis.network.connections.time — Network connection time.
  • ANYRUN.SandboxAnalysis.network.connections.asn — Network connection ASN.
  • ANYRUN.SandboxAnalysis.network.connections.country — Network connection country.
  • ANYRUN.SandboxAnalysis.network.connections.protocol — Network connection protocol.
  • ANYRUN.SandboxAnalysis.network.connections.port — Network connection port.
  • ANYRUN.SandboxAnalysis.network.connections.ip — Network connection ip.
  • ANYRUN.SandboxAnalysis.network.connections.process — Network connection processes.
  • ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.jarm — Network connection jarm.
  • ANYRUN.SandboxAnalysis.network.httpRequests.country — HTTP Request country.
  • ANYRUN.SandboxAnalysis.network.httpRequests.reputation — HTTP Request reputation.
  • ANYRUN.SandboxAnalysis.network.httpRequests.process — HTTP Request related process.
  • ANYRUN.SandboxAnalysis.network.httpRequests.httpCode — HTTP Request status code.
  • ANYRUN.SandboxAnalysis.network.httpRequests.status — HTTP Request status.
  • ANYRUN.SandboxAnalysis.network.httpRequests.user-agent — HTTP Request User-Agent header value.
  • ANYRUN.SandboxAnalysis.network.httpRequests.proxyDetected — HTTP Request is proxy detected.
  • ANYRUN.SandboxAnalysis.network.httpRequests.port — HTTP Request port.
  • ANYRUN.SandboxAnalysis.network.httpRequests.ip — HTTP Request ip.
  • ANYRUN.SandboxAnalysis.network.httpRequests.url — HTTP Request url.
  • ANYRUN.SandboxAnalysis.network.httpRequests.host — HTTP Request host.
  • ANYRUN.SandboxAnalysis.network.httpRequests.method — HTTP Request method.
  • ANYRUN.SandboxAnalysis.network.httpRequests.time — HTTP Request time estimate.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.reputationNumber — DNS Request reputation number.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.reputation — DNS Request reputation.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.ips — DNS Request IPs.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.domain — DNS Request domain.
  • ANYRUN.SandboxAnalysis.network.dnsRequests.time — DNS Request time estimate.
  • ANYRUN.SandboxAnalysis.malconf — Analysis malconf.
  • ANYRUN.SandboxAnalysis.processes.synchronization — Analysis processes synchronization.
  • ANYRUN.SandboxAnalysis.processes.modules — Analysis processes modules.
  • ANYRUN.SandboxAnalysis.processes.hasMalwareConfig — Process has malware config.
  • ANYRUN.SandboxAnalysis.processes.parentUUID — Process parent UUID.
  • ANYRUN.SandboxAnalysis.processes.status — Process status.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.malwareConfig — Process malware config.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.privEscalation — Process priv escalation.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.stealing — Process stealing.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.networkLoader — Process network loader.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.network — Process network.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.lowAccess — Process low access.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.knownThreat — Process known threat.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.injects — Process inject.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.exploitable — Process exploitable.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.executableDropped — Process executable dropped.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.debugOutput — Process debug output.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.crashedApps — Process crashed apps.
  • ANYRUN.SandboxAnalysis.processes.scores.specs.autoStart — Process auto start.
  • ANYRUN.SandboxAnalysis.processes.scores.loadsSusp — Process loads susp.
  • ANYRUN.SandboxAnalysis.processes.scores.injected — Process injected.
  • ANYRUN.SandboxAnalysis.processes.scores.dropped — Process dropped.
  • ANYRUN.SandboxAnalysis.processes.scores.verdict.threatLevelText — Process threat level text.
  • ANYRUN.SandboxAnalysis.processes.scores.verdict.threatLevel — Process threat level.
  • ANYRUN.SandboxAnalysis.processes.scores.verdict.score — Process score.
  • ANYRUN.SandboxAnalysis.processes.context.userName — Process context username.
  • ANYRUN.SandboxAnalysis.processes.context.integrityLevel — Process context integrity level.
  • ANYRUN.SandboxAnalysis.processes.context.rebootNumber — Process context reboot number.
  • ANYRUN.SandboxAnalysis.processes.versionInfo.version — Process version.
  • ANYRUN.SandboxAnalysis.processes.versionInfo.description — Process description.
  • ANYRUN.SandboxAnalysis.processes.versionInfo.company — Process company.
  • ANYRUN.SandboxAnalysis.processes.mainProcess — Process main process.
  • ANYRUN.SandboxAnalysis.processes.fileType — Process file type.
  • ANYRUN.SandboxAnalysis.processes.fileName — Process filename.
  • ANYRUN.SandboxAnalysis.processes.commandLine — Process cmd.
  • ANYRUN.SandboxAnalysis.processes.image — Process image.
  • ANYRUN.SandboxAnalysis.processes.uuid — Process uuid.
  • ANYRUN.SandboxAnalysis.processes.ppid — Process PPID.
  • ANYRUN.SandboxAnalysis.processes.important — Process important.
  • ANYRUN.SandboxAnalysis.processes.pid — Process PID.
  • ANYRUN.SandboxAnalysis.processes.exitCode — Process exit code.
  • ANYRUN.SandboxAnalysis.processes.times.terminate — Process time terminate.
  • ANYRUN.SandboxAnalysis.processes.times.start — Process time start.
  • ANYRUN.SandboxAnalysis.processes.resolvedCOM.title — Process resolved COM title.
  • ANYRUN.SandboxAnalysis.processes.synchronization.operation — Process sync operation.
  • ANYRUN.SandboxAnalysis.processes.synchronization.type — Process sync type.
  • ANYRUN.SandboxAnalysis.processes.synchronization.name — Process sync name.
  • ANYRUN.SandboxAnalysis.processes.synchronization.time — Process sync time.
  • ANYRUN.SandboxAnalysis.processes.modules.image — Process module image.
  • ANYRUN.SandboxAnalysis.processes.modules.time — Process module time.
  • ANYRUN.SandboxAnalysis.processes.scores.monitoringReason — Process monitoring reason.
  • ANYRUN.SandboxAnalysis.processes.times.monitoringSince — Process monitoring since.
  • ANYRUN.SandboxAnalysis.counters.synchronization.type.event — Process sync event.
  • ANYRUN.SandboxAnalysis.counters.synchronization.type.mutex — Process sync mutex.
  • ANYRUN.SandboxAnalysis.counters.synchronization.operation.create — Process sync operation create.
  • ANYRUN.SandboxAnalysis.counters.synchronization.operation.open — Process sync operation open.
  • ANYRUN.SandboxAnalysis.counters.synchronization.total — Process sync total.
  • ANYRUN.SandboxAnalysis.counters.registry.delete — Registry delete.
  • ANYRUN.SandboxAnalysis.counters.registry.write — Registry write.
  • ANYRUN.SandboxAnalysis.counters.registry.read — Registry reed.
  • ANYRUN.SandboxAnalysis.counters.registry.total — Registry total.
  • ANYRUN.SandboxAnalysis.counters.files.malicious — File malicious count.
  • ANYRUN.SandboxAnalysis.counters.files.suspicious — File suspicious count.
  • ANYRUN.SandboxAnalysis.counters.files.text — File text.
  • ANYRUN.SandboxAnalysis.counters.files.unknown — File unknown count.
  • ANYRUN.SandboxAnalysis.counters.network.threats — Network threats count.
  • ANYRUN.SandboxAnalysis.counters.network.dns — Network dns count.
  • ANYRUN.SandboxAnalysis.counters.network.connections — Network connections count.
  • ANYRUN.SandboxAnalysis.counters.network.http — Network networks count.
  • ANYRUN.SandboxAnalysis.counters.processes.malicious — Malicious processes count.
  • ANYRUN.SandboxAnalysis.counters.processes.suspicious — Suspicious processes count.
  • ANYRUN.SandboxAnalysis.counters.processes.monitored — Monitored processes count.
  • ANYRUN.SandboxAnalysis.counters.processes.total — Total processes count.
  • ANYRUN.SandboxAnalysis.environments.hotfixes.title — Environment hotfixes title.
  • ANYRUN.SandboxAnalysis.environments.software.version — Environment software version.
  • ANYRUN.SandboxAnalysis.environments.software.title — Environment software title.
  • ANYRUN.SandboxAnalysis.environments.internetExplorer.kbnum — Environment Internet Explorer KBNUM.
  • ANYRUN.SandboxAnalysis.environments.internetExplorer.version — Environment Internet Explorer version.
  • ANYRUN.SandboxAnalysis.environments.os.bitness — Environment OS version.
  • ANYRUN.SandboxAnalysis.environments.os.softSet — Environment OS software set.
  • ANYRUN.SandboxAnalysis.environments.os.servicePack — Environment OS service pack.
  • ANYRUN.SandboxAnalysis.environments.os.major — Environment OS major version.
  • ANYRUN.SandboxAnalysis.environments.os.productType — Environment OS product type.
  • ANYRUN.SandboxAnalysis.environments.os.variant — Environment OS variant.
  • ANYRUN.SandboxAnalysis.environments.os.product — Environment OS product.
  • ANYRUN.SandboxAnalysis.environments.os.build — Environment OS build.
  • ANYRUN.SandboxAnalysis.environments.os.title — Environment OS title.
  • ANYRUN.SandboxAnalysis.analysis.content.dumps — Content dumps.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.thumbnailUrl — Screenshots thumbnail url.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.permanentUrl — Screenshots permanent url.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.time — Screenshots time.
  • ANYRUN.SandboxAnalysis.analysis.content.screenshots.uuid — Screenshots uuid.
  • ANYRUN.SandboxAnalysis.analysis.content.sslkeys.present — SSL keys present.
  • ANYRUN.SandboxAnalysis.analysis.content.pcap.permanentUrl — Pcap dump permanent url.
  • ANYRUN.SandboxAnalysis.analysis.content.pcap.present — Pcap present.
  • ANYRUN.SandboxAnalysis.analysis.content.video.permanentUrl — Video permanent url.
  • ANYRUN.SandboxAnalysis.analysis.content.video.present — Video present.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.ssdeep — Main object ssdeep.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.sha256 — Main object sha256.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.sha1 — Main object sha1.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.md5 — Main object md5.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.url — Main object url.
  • ANYRUN.SandboxAnalysis.analysis.content.mainObject.type — Main object type.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.knownThreat — Specs known threat.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.malwareConfig — Specs malware Config.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.notStarted — Specs not started.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.privEscalation — Specs priv escalation.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.torUsed — Specs TOR used.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.suspStruct — Specs susp structure.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.stealing — Specs stealing.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.staticDetections — Specs static detections.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.spam — Specs spam.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.serviceLauncher — Specs service launcher.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.rebooted — Specs rebooted.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.networkThreats — Specs network threats.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.networkLoader — Specs network loader.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.multiprocessing — Specs multiprocessing.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.memOverrun — Specs memory overrun.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.lowAccess — Specs low access.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.exploitable — Specs exploitable.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.executableDropped — Specs executable dropped.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.debugOutput — Specs debug output.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.crashedTask — Specs crashed task.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.crashedApps — Specs crashed apps.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.cpuOverrun — Specs CPU overrun.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.autoStart — Specs suto start.
  • ANYRUN.SandboxAnalysis.analysis.scores.specs.injects — Specs injects.
  • ANYRUN.SandboxAnalysis.analysis.scores.verdict.threatLevelText — Verdict threat level text.
  • ANYRUN.SandboxAnalysis.analysis.scores.verdict.threatLevel — Verdict threat level.
  • ANYRUN.SandboxAnalysis.analysis.scores.verdict.score — Verdict score.
  • ANYRUN.SandboxAnalysis.analysis.options.automatization.uac — Options automatization UAC.
  • ANYRUN.SandboxAnalysis.analysis.options.privateSample — Options private sample.
  • ANYRUN.SandboxAnalysis.analysis.options.privacy — Options privacy.
  • ANYRUN.SandboxAnalysis.analysis.options.network — Options network.
  • ANYRUN.SandboxAnalysis.analysis.options.hideSource — Options hide source.
  • ANYRUN.SandboxAnalysis.analysis.options.video — Options video.
  • ANYRUN.SandboxAnalysis.analysis.options.presentation — Options presentation.
  • ANYRUN.SandboxAnalysis.analysis.options.tor.used — Options tor used.
  • ANYRUN.SandboxAnalysis.analysis.options.mitm — Options MITM proxy.
  • ANYRUN.SandboxAnalysis.analysis.options.heavyEvasion — Options kernel heavy evasion.
  • ANYRUN.SandboxAnalysis.analysis.options.fakeNet — Options fake network.
  • ANYRUN.SandboxAnalysis.analysis.options.additionalTime — Options additions time.
  • ANYRUN.SandboxAnalysis.analysis.options.timeout — Options timeout.
  • ANYRUN.SandboxAnalysis.analysis.tags — Analysis tags.
  • ANYRUN.SandboxAnalysis.analysis.stopExecText — Analysis stopExecText.
  • ANYRUN.SandboxAnalysis.analysis.stopExec — Analysis creation stopExec.
  • ANYRUN.SandboxAnalysis.analysis.creationText — Analysis creation creation text.
  • ANYRUN.SandboxAnalysis.analysis.creation — Analysis creation date.
  • ANYRUN.SandboxAnalysis.analysis.duration — Analysis duration.
  • ANYRUN.SandboxAnalysis.analysis.sandbox.plan.name — Analysis sandbox user plan name.
  • ANYRUN.SandboxAnalysis.analysis.sandbox.name — Analysis sandbox name.
  • ANYRUN.SandboxAnalysis.analysis.reports.graph — Analysis reports graph.
  • ANYRUN.SandboxAnalysis.analysis.reports.STIX — Analysis STIX report url.
  • ANYRUN.SandboxAnalysis.analysis.reports.HTML — Analysis HTML report url.
  • ANYRUN.SandboxAnalysis.analysis.reports.MISP — Analysis MISP report url.
  • ANYRUN.SandboxAnalysis.analysis.reports.IOC — Analysis IOC report url.
  • ANYRUN.SandboxAnalysis.analysis.permanentUrl — Analysis permanent url.
  • ANYRUN.SandboxAnalysis.analysis.uuid — Analysis uuid.
  • ANYRUN.SandboxAnalysis.status — Analysis status.
  • ANYRUN.SandboxAnalysisReportVerdict — The analysis verdict.
  • ANYRUN_DetonateUrlAndroid.TaskID — Task UUID.
  • ANYRUN_DetonateUrlLinux.TaskID — Task UUID.
  • ANYRUN_DetonateUrlWindows.TaskID — Task UUID.

Commands used

joe-submit-url opswat-filescan-scan-url

Flowchart

yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes Android Linux Windows Start Start Check if URL exists Check if URL exists Detonate URL - McAfee ATD - Detonate URL - McAfee ATD Detonate URL - McAfee ATD Detonate URL - McAfee ATD Detonate URL - Lastline v2 - Detonate URL - Lastline v2 Detonate URL - Lastline v2 Detonate URL - Lastline v2 Detonate URL - Cuckoo - Detonate URL - Cuckoo Detonate URL - Cuckoo Detonate URL - Cuckoo Detonate URL - Group-IB TDS Polygon - Detonate URL - Group-IB TDS Polygon Detonate URL - Group-IB T... Detonate URL - Group-IB TDS P... Detonate URL - VirusTotal (API v3) - Detonate URL - VirusTotal (API v3) Detonate URL - VirusTotal... Detonate URL - VirusTotal (AP... Detonate URL - VMRay - Detonate URL - VMRay Detonate URL - VMRay Detonate URL - VMRay Detonate URL - ThreatStream - Detonate URL - ThreatStream Detonate URL - ThreatStream Detonate URL - ThreatStream Detonate URL - FireEye AX - Detonate URL - FireEye AX Detonate URL - FireEye AX Detonate URL - FireEye AX Detonate URL - Hatching Triage - Detonate URL - Hatching Triage Detonate URL - Hatching T... Detonate URL - Hatching Triage Detonate URL - SecneurX Analysis - Detonate URL - SecneurX Analysis Detonate URL - SecneurX A... Detonate URL - SecneurX Analysis Detonate URL - OPSWAT - opswat-filescan-scan-url Detonate URL - OPSWAT opswat-filescan-scan-url Done Done Detonate URL - CrowdStrike Falcon Intelligence Sandbox v2 - Detonate URL - CrowdStrike Falcon Intelligence Sandbox v2 Detonate URL - CrowdStrik... Detonate URL - CrowdStrike Fa... Detonate URL - WildFire v2.2 - Detonate URL - WildFire v2.2 Detonate URL - WildFire v2.2 Detonate URL - WildFire v2.2 Detonate URL - JoeSecurity - joe-submit-url Detonate URL - JoeSecurity joe-submit-url Detonate URL - ThreatGrid v2 - Detonate URL - ThreatGrid v2 Detonate URL - ThreatGrid v2 Detonate URL - ThreatGrid v2 Check the correctness of the ANY.RUN parameters Check the correctness of ... ANYRUN Detonate Url Linux - ANYRUN Detonate Url Linux ANYRUN Detonate Url Linux ANYRUN Detonate Url Linux ANYRUN Detonate Url Windows - ANYRUN Detonate Url Windows ANYRUN Detonate Url Windows ANYRUN Detonate Url Windows Select ANY.RUN playbook Select ANY.RUN playbook ANYRUN Detonate Url Android - ANYRUN Detonate Url Android ANYRUN Detonate Url Android ANYRUN Detonate Url Android