Detonate URL - Lastline
Detonates a URL using the Lastline sandbox integration.
Lastline · 9 tasks · 3 inputs · 36 outputs
Inputs
URL— URL to detonate.Interval— Polling frequency - how often the polling command should run (minutes)Timeout— How much time to wait before a timeout occurs (minutes)
Outputs
File.Size— File size (only in case of report type=json)DBotScore.Indicator— The indicator we tested (only in case of report type=json)DBotScore.Vendor— Vendor used to calculate the score (only in case of report type=json)DBotScore.Score— The actual score (only in case of report type=json)IP.Address— IP's relevant to the sampleDBotScore.Type— The type of the indicator (only in case of report type=json)File.Name— Filename (only in case of report type=json)File.Type— File type e.g. "PE" (only in case of report type=json)File.MD5— MD5 hash of the file (only in case of report type=json)File.SHA1— SHA1 hash of the file (only in case of report type=json)File.SHA256— SHA256 hash of the file (only in case of report type=json)File.EntryID— The Entry ID of the sampleFile.Malicious.Vendor— For malicious files, the vendor that made the decisionFile.Malicious.Description— For malicious files, the reason for the vendor to make the decisionURL.Data— List of malicious URLs identified by Lastline analysisURL.Malicious.Vendor— For malicious URLs, the vendor that made the decisionURL.Malicious.Description— For malicious URLs, the reason for the vendor to make the decisionURL.Malicious.Score— For malicious URLs, the score from the vendorFile.Malicious.Score— For malicious files, the score from the vendorLastline.Submission.Status— Status of the submissionLastline.Submission.DNSqueries— List of DNS queries done by the analysis subjectLastline.Submission.NetworkConnections— ist of network connections done by the analysis subjectLastline.Submission.DownloadedFiles— List of files that were downloaded using the Microsoft Windows file-download API functions. Each element is a tuple of file-origin URL and a File element.Lastline.Submission.UUID— ID of the submissionLastline.Submission.YaraSignatures.name— Yara signatures nameLastline.Submission.YaraSignatures.score— The score according to the yara signatures. from 0 to 100.Lastline.Submission.Process.arguments— Argument of the processLastline.Submission.YaraSignatures.internal— True if the signature is only for internal usageLastline.Submission.Process.process_id— The process IDLastline.Submission.Process.executable.abs_path— Absolute path of the executable of the processLastline.Submission.Process.executable.filename— Filename of the executableLastline.Submission.Process.executable.yara_signature_hits— Yara signature of the executable of the processURL— URL objectURL.Malicious— URL Malicious objectDBotScore— DBot score objectLastline.Submission— Lastline submission object
Commands used
lastline-check-status
lastline-get-report
lastline-upload-url