Detonate URL - Lastline v2
Detonates a URL using the Lastline sandbox integration.
Lastline · 9 tasks · 3 inputs · 36 outputs
Inputs
URL— URL to detonate.Interval— Polling frequency - how often the polling command should run (minutes)Timeout— How much time to wait before a timeout occurs (minutes)
Outputs
File.Size— File size (only in case of report type=json)DBotScore.Indicator— The indicator we tested (only in case of report type=json)DBotScore.Vendor— Vendor used to calculate the score (only in case of report type=json)DBotScore.Score— The actual score (only in case of report type=json)IP.Address— IP's relevant to the sampleDBotScore.Type— The type of the indicator (only in case of report type=json)File.Name— Filename (only in case of report type=json)File.Type— File type e.g. "PE" (only in case of report type=json)File.MD5— MD5 hash of the file (only in case of report type=json)File.SHA1— SHA1 hash of the file (only in case of report type=json)File.SHA256— SHA256 hash of the file (only in case of report type=json)File.EntryID— The Entry ID of the sampleFile.Malicious.Vendor— The vendor that determined that a file is malicious.File.Malicious.Description— The reason that the vendor determined that the file is malicious.URL.Data— List of malicious URLs identified by Lastline analysisURL.Malicious.Vendor— The vendor that determined that a URL is malicious.URL.Malicious.Description— The reason that the vendor determined that the URL is malicious.URL.Malicious.Score— The score that the malicious URL received from the vendor.File.Malicious.Score— The score that the malicious file received from the vendor.Lastline.Submission.Status— Status of the submissionLastline.Submission.DNSqueries— List of DNS queries done by the analysis subjectLastline.Submission.NetworkConnections— List of network connections done by the analysis subjectLastline.Submission.DownloadedFiles— List of files that were downloaded using the Microsoft Windows file-download API functions. Each element is a tuple of file-origin URL and a File element.Lastline.Submission.UUID— ID of the submissionLastline.Submission.YaraSignatures.name— Yara signatures nameLastline.Submission.YaraSignatures.score— The score according to the yara signatures. from 0 to 100.Lastline.Submission.Process.arguments— Argument of the process.Lastline.Submission.YaraSignatures.internal— True if the signature is only for internal use.Lastline.Submission.Process.process_id— The process ID.Lastline.Submission.Process.executable.abs_path— Absolute path of the executable of the process.Lastline.Submission.Process.executable.filename— Filename of the executable.Lastline.Submission.Process.executable.yara_signature_hits— Yara signature of the executable of the process.URL— URL objectURL.Malicious— URL Malicious objectDBotScore— DBot score objectLastline.Submission— Lastline submission object
Commands used
lastline-check-status
lastline-get-report
lastline-upload-url