Detonate URL - Lastline v2

Detonates a URL using the Lastline sandbox integration.

Lastline · 9 tasks · 3 inputs · 36 outputs

Inputs

  • URL — URL to detonate.
  • Interval — Polling frequency - how often the polling command should run (minutes)
  • Timeout — How much time to wait before a timeout occurs (minutes)

Outputs

  • File.Size — File size (only in case of report type=json)
  • DBotScore.Indicator — The indicator we tested (only in case of report type=json)
  • DBotScore.Vendor — Vendor used to calculate the score (only in case of report type=json)
  • DBotScore.Score — The actual score (only in case of report type=json)
  • IP.Address — IP's relevant to the sample
  • DBotScore.Type — The type of the indicator (only in case of report type=json)
  • File.Name — Filename (only in case of report type=json)
  • File.Type — File type e.g. "PE" (only in case of report type=json)
  • File.MD5 — MD5 hash of the file (only in case of report type=json)
  • File.SHA1 — SHA1 hash of the file (only in case of report type=json)
  • File.SHA256 — SHA256 hash of the file (only in case of report type=json)
  • File.EntryID — The Entry ID of the sample
  • File.Malicious.Vendor — The vendor that determined that a file is malicious.
  • File.Malicious.Description — The reason that the vendor determined that the file is malicious.
  • URL.Data — List of malicious URLs identified by Lastline analysis
  • URL.Malicious.Vendor — The vendor that determined that a URL is malicious.
  • URL.Malicious.Description — The reason that the vendor determined that the URL is malicious.
  • URL.Malicious.Score — The score that the malicious URL received from the vendor.
  • File.Malicious.Score — The score that the malicious file received from the vendor.
  • Lastline.Submission.Status — Status of the submission
  • Lastline.Submission.DNSqueries — List of DNS queries done by the analysis subject
  • Lastline.Submission.NetworkConnections — List of network connections done by the analysis subject
  • Lastline.Submission.DownloadedFiles — List of files that were downloaded using the Microsoft Windows file-download API functions. Each element is a tuple of file-origin URL and a File element.
  • Lastline.Submission.UUID — ID of the submission
  • Lastline.Submission.YaraSignatures.name — Yara signatures name
  • Lastline.Submission.YaraSignatures.score — The score according to the yara signatures. from 0 to 100.
  • Lastline.Submission.Process.arguments — Argument of the process.
  • Lastline.Submission.YaraSignatures.internal — True if the signature is only for internal use.
  • Lastline.Submission.Process.process_id — The process ID.
  • Lastline.Submission.Process.executable.abs_path — Absolute path of the executable of the process.
  • Lastline.Submission.Process.executable.filename — Filename of the executable.
  • Lastline.Submission.Process.executable.yara_signature_hits — Yara signature of the executable of the process.
  • URL — URL object
  • URL.Malicious — URL Malicious object
  • DBotScore — DBot score object
  • Lastline.Submission — Lastline submission object

Commands used

lastline-check-status lastline-get-report lastline-upload-url

Flowchart

yes yes yes Start Start Lastline v2 Upload URL - lastline-upload-url Lastline v2 Upload URL lastline-upload-url GenericPolling - GenericPolling GenericPolling GenericPolling Lastline Get Report - lastline-get-report Lastline Get Report lastline-get-report Is there a URL to detonate? Is there a URL to detonate? Done Done Is Lastline sandbox enabled? Is Lastline sandbox enabled? Filter UUIDs Filter UUIDs Lastline Check Status - lastline-check-status Lastline Check Status lastline-check-status