Document toolboxDocument toolbox

Malware Analysis API

Owned by Gary Leicht
Jun 21, 2023
9 min read

Malware Analysis

The Malware Analysis API call provides threat reports on an indicator generated by Malware Analysis.


Data Structure:

{
        “match”: bool,
        “details”: {
           “as_owner”: string,
           “asn”: string,
           “country”: string,
           “response_code”:
           integer, “verbose_msg”:
           string, “detected_urls”:
           [
               {
                “scan_date”:
                string, “url”:
                string,
                “positives”:
                integer,
                “total”: integer
                },

               ],
               “resolutions”: [
                 {
                 “hostname”: string,
                 “last_resolved”: string
                 },

               ],
               “resolutions”: [
                {
                 “hostname”: string,
                 “last_resolved”: string
                },

               ],
               “detected_communicating_samples”: [
                 {
                   “date”: string,
                   “positives”:
                   integer,
                   “sha256”: string,
                   “total”: integer
                 },

               ],
               “undetected_communicating_samples: [
                  {
                    “date”: string,
                    “positives”: integer,
                    “sha256”: string,
                    “total”: integer
                  },

                ],
                “detected_download_samples: [
                  {
                    “date”: string,
                    “positives”: integer,
                    “sha256”: string,
                    “total”: integer
                  },

                ],
                “undetected_download_samples: [
                  {
                    “date”: string,
                    “positives”: integer,
                    “sha256”: string,
                    “total”: integer
                  },

                ],
                “undetected_referrer_samples: [
                  {
                    “positives”: integer,
                    “sha256”: string,
                    “total”: integer
                  },

           ],
      }
}


Example:

Given “moiparks.in” is used as an indicator, Malware Analysis will return the following:

{
        
        “details": {
             "BitDefender domain info": "This URL domain/host was seen to host badware at some point in time",
             "alphaMountain.ai category": "Malicious",
             "detected_communicating_samples": [
                   {
                        "date": "2019-10-06 23:27:39",
                        "positives": 42,
                        "sha256":
                   "6cd6abeccf5e7f8507d209eafb8a1a77f2bd4fe679dd633725759f0a7385500c",
                        "total": 73
                   }
               ],
               "detected_downloaded_samples": [],
               "detected_urls": [
                   {
                         "positives": 1,
                         "scan_date": "2021-04-08 01:27:26",
                         "total": 85,
                         "url": "https://moiparks.in/jack/admin.php"
                    },...
               ],
               "domain_siblings": [],
               “resolutions”: [
                 {
                        “ip_address": "198.54.117.200",
                        "last_resolved": "2018-09-26 17:02:16"
                 },...
               ],
               “response_code": 1,
               "subdomains": [
                     "www.moiparks.in"
               ],
               "undetected_communicating_samples": [],
               "undetected_downloaded_samples": [
                  {
                        "date": "2018-09-14 02:52:35",
                        "positives": 0,
                        "sha256": "21f2049d5b7a94430621acbc5f6c467c134d368a2c69a8283cc08b1f6183962c",
                        "total": 57
                   },...
                        ],
                   “undetected_urls": [],
                   "verbose_msg": "Domain found in dataset",
                  "whois": "",
                  "whois_timestamp": 1600070810
                },
                  "match": true
}

Back