hybridanalysisx 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +58 -0
- data/.rspec +3 -0
- data/.travis.yml +7 -0
- data/Gemfile +6 -0
- data/LICENSE +21 -0
- data/README.md +30 -0
- data/Rakefile +8 -0
- data/bin/console +15 -0
- data/bin/setup +8 -0
- data/hybridanalysisx.gemspec +36 -0
- data/lib/hybridanalysis.rb +21 -0
- data/lib/hybridanalysis/api.rb +45 -0
- data/lib/hybridanalysis/clients/abuse_reports.rb +23 -0
- data/lib/hybridanalysis/clients/client.rb +118 -0
- data/lib/hybridanalysis/clients/feed.rb +16 -0
- data/lib/hybridanalysis/clients/file_collection.rb +101 -0
- data/lib/hybridanalysis/clients/overview.rb +51 -0
- data/lib/hybridanalysis/clients/quick_scan.rb +126 -0
- data/lib/hybridanalysis/clients/report.rb +131 -0
- data/lib/hybridanalysis/clients/search.rb +87 -0
- data/lib/hybridanalysis/clients/submit.rb +238 -0
- data/lib/hybridanalysis/clients/system.rb +61 -0
- data/lib/hybridanalysis/version.rb +5 -0
- data/lib/hybridanalysisx.rb +3 -0
- metadata +154 -0
@@ -0,0 +1,101 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module HybridAnalysis
|
4
|
+
module Clients
|
5
|
+
class FileCollection < Client
|
6
|
+
#
|
7
|
+
# remove file within collection without hard removal from system
|
8
|
+
#
|
9
|
+
# @param [String] id File collection id
|
10
|
+
# @param [String] hash SHA256 of file to remove
|
11
|
+
#
|
12
|
+
# @return [Hash]
|
13
|
+
#
|
14
|
+
def delete(id:, hash: )
|
15
|
+
_delete("/file-collection/#{id}/files/#{hash}") { |json| json }
|
16
|
+
end
|
17
|
+
|
18
|
+
#
|
19
|
+
# return a summary of file collection
|
20
|
+
#
|
21
|
+
# @param [String] id File collection id
|
22
|
+
#
|
23
|
+
# @return [Hash]
|
24
|
+
#
|
25
|
+
def get(id)
|
26
|
+
_get("/file-collection/#{id}") { |json| json }
|
27
|
+
end
|
28
|
+
|
29
|
+
#
|
30
|
+
# return an archive with all collection samples
|
31
|
+
#
|
32
|
+
# @param [String] id File collection id
|
33
|
+
#
|
34
|
+
# @return [Hash]
|
35
|
+
#
|
36
|
+
def download(id)
|
37
|
+
_get("/file-collection/#{id}/files/download") { |json| json }
|
38
|
+
end
|
39
|
+
|
40
|
+
#
|
41
|
+
# search the database using the search terms
|
42
|
+
#
|
43
|
+
# @param [String, nil] collection_name Collection Name
|
44
|
+
# @param [String, nil] tag Hashtag e.g. ransomware
|
45
|
+
#
|
46
|
+
# @return [Hash]
|
47
|
+
#
|
48
|
+
def search(collection_name: nil, tag: nil)
|
49
|
+
params = {
|
50
|
+
collection_name: collection_name,
|
51
|
+
tag: tag
|
52
|
+
}.compact
|
53
|
+
_post("/file-collection/search", params) { |json| json }
|
54
|
+
end
|
55
|
+
|
56
|
+
#
|
57
|
+
# create file collection
|
58
|
+
#
|
59
|
+
# @param [String, nil] collection_name Optional collection name
|
60
|
+
# @param [String, nil] comment Optional comment text that may be associated with the file collection (Note: you can use #tags here)
|
61
|
+
# @param [Boolean, nil] no_share_third_party When set to 'true', samples within collection will never be shared with any third party. Default: true
|
62
|
+
# @param [Boolean, nil] allow_community_access When set to 'true', samples within collection will be available for the community. Default: true
|
63
|
+
#
|
64
|
+
# @return [Hash]
|
65
|
+
#
|
66
|
+
def create(collection_name: nil, comment: nil, no_share_third_party: nil, allow_community_access: nil)
|
67
|
+
params = {
|
68
|
+
collection_name: collection_name,
|
69
|
+
comment: comment,
|
70
|
+
no_share_third_party: no_share_third_party,
|
71
|
+
allow_community_access: allow_community_access
|
72
|
+
}.compact
|
73
|
+
_post("/file-collection/create", params) { |json| json }
|
74
|
+
end
|
75
|
+
|
76
|
+
#
|
77
|
+
# add file to collection
|
78
|
+
#
|
79
|
+
# @param [String] id File collection id
|
80
|
+
# @param [String] file File to add
|
81
|
+
#
|
82
|
+
# @return [Hash]
|
83
|
+
#
|
84
|
+
def add(id:, file: )
|
85
|
+
params = { file: file }.compact
|
86
|
+
_post("/file-collection/#{id}/files/add", params) { |json| json }
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
class Key < Client
|
91
|
+
#
|
92
|
+
# return information about the used API key and it limits
|
93
|
+
#
|
94
|
+
# @return [Hash]
|
95
|
+
#
|
96
|
+
def current
|
97
|
+
_get("/key/current") { |json| json }
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module HybridAnalysis
|
4
|
+
module Clients
|
5
|
+
class Overview < Client
|
6
|
+
#
|
7
|
+
# return overview for hash
|
8
|
+
#
|
9
|
+
# @param [String] sha256 SHA256 for lookup
|
10
|
+
#
|
11
|
+
# @return [Hash]
|
12
|
+
#
|
13
|
+
def get(sha256)
|
14
|
+
_get("/overview/#{sha256}") { |json| json }
|
15
|
+
end
|
16
|
+
|
17
|
+
#
|
18
|
+
# refresh overview and download fresh data from external services
|
19
|
+
#
|
20
|
+
# @param [String] sha256 SHA256 for lookup
|
21
|
+
#
|
22
|
+
# @return [Hash]
|
23
|
+
#
|
24
|
+
def refresh(sha256)
|
25
|
+
_get("/overview/#{sha256}/refresh") { |json| json }
|
26
|
+
end
|
27
|
+
|
28
|
+
#
|
29
|
+
# return overview for hash
|
30
|
+
#
|
31
|
+
# @param [String] sha256 SHA256 for lookup
|
32
|
+
#
|
33
|
+
# @return [Hash]
|
34
|
+
#
|
35
|
+
def summary(sha256)
|
36
|
+
_get("/overview/#{sha256}/summary") { |json| json }
|
37
|
+
end
|
38
|
+
|
39
|
+
#
|
40
|
+
# downloading sample file
|
41
|
+
#
|
42
|
+
# @param [String] sha256 SHA256 for download
|
43
|
+
#
|
44
|
+
# @return [Hash]
|
45
|
+
#
|
46
|
+
def sample(sha256)
|
47
|
+
_get("/overview/#{sha256}/sample") { |json| json }
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,126 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module HybridAnalysis
|
4
|
+
module Clients
|
5
|
+
class QuickScan < Client
|
6
|
+
#
|
7
|
+
# return list of available scanners
|
8
|
+
#
|
9
|
+
# @return [Array]
|
10
|
+
#
|
11
|
+
def state
|
12
|
+
_get("/quick-scan/state") { |json| json }
|
13
|
+
end
|
14
|
+
|
15
|
+
#
|
16
|
+
# submit a file for quick scan, you can check results in overview endpoint
|
17
|
+
#
|
18
|
+
# @param [String] scan_type Type of scan, please see /quick-scan/state to see available scanners
|
19
|
+
# @param [String] file File to submit
|
20
|
+
# @param [Boolean, nil] no_share_third_party When set to 'true', the sample is never shared with any third party. Default: true
|
21
|
+
# @param [Boolean, nil] allow_community_access When set to 'true', the sample will be available for the community. Default: true (Note: when 'no_share_third_party' is set to 'false', it won't be possible to set different value than 'true')
|
22
|
+
# @param [String, nil] comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
|
23
|
+
# @param [String, nil] submit_name Optional 'submission name' field that will be used for file type detection and analysis
|
24
|
+
#
|
25
|
+
# @return [Hash]
|
26
|
+
#
|
27
|
+
def file(scan_type:, file:, no_share_third_party: nil, allow_community_access: nil, comment: nil, submit_name: nil)
|
28
|
+
name = File.basename(file)
|
29
|
+
data = File.read(file)
|
30
|
+
|
31
|
+
params = {
|
32
|
+
scan_type: scan_type,
|
33
|
+
no_share_third_party: no_share_third_party,
|
34
|
+
allow_community_access: allow_community_access,
|
35
|
+
comment: comment,
|
36
|
+
submit_name: submit_name
|
37
|
+
}.compact
|
38
|
+
|
39
|
+
_post_with_file("/quick-scan/file", file: data, filename: name, params: params) { |json| json }
|
40
|
+
end
|
41
|
+
|
42
|
+
#
|
43
|
+
# submit a website's url or url with file for analysis
|
44
|
+
#
|
45
|
+
# @param [String] scan_type type of scan, please see /quick-scan/state to see available scanners
|
46
|
+
# @param [String] url website's url or url with file to submit
|
47
|
+
# @param [Boolean, nil] no_share_third_party When set to 'true', the sample is never shared with any third party. Default: true
|
48
|
+
# @param [Boolean, nil] allow_community_access When set to 'true', the sample will be available for the community. Default: true (Note: when 'no_share_third_party' is set to 'false', it won't be possible to set different value than 'true')
|
49
|
+
# @param [String, nil] comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
|
50
|
+
# @param [String, nil] submit_name Optional 'submission name' field that will be used for file type detection and analysis
|
51
|
+
#
|
52
|
+
# @return [Hash]
|
53
|
+
#
|
54
|
+
def url(scan_type:, url:, no_share_third_party: nil, allow_community_access: nil, comment: nil, submit_name: nil)
|
55
|
+
params = {
|
56
|
+
scan_type: scan_type,
|
57
|
+
url: url,
|
58
|
+
no_share_third_party: no_share_third_party,
|
59
|
+
allow_community_access: allow_community_access,
|
60
|
+
comment: comment,
|
61
|
+
submit_name: submit_name
|
62
|
+
}.compact
|
63
|
+
_post("/quick-scan/url", params) { |json| json }
|
64
|
+
end
|
65
|
+
|
66
|
+
#
|
67
|
+
# some scanners need time to process file, if in response `finished` is set to false, then you need use this endpoint to get final results
|
68
|
+
#
|
69
|
+
# @param [String] id id of scan
|
70
|
+
#
|
71
|
+
# @return [Hash]
|
72
|
+
#
|
73
|
+
def get(id)
|
74
|
+
_get("/quick-scan/#{id}") { |json| json }
|
75
|
+
end
|
76
|
+
|
77
|
+
#
|
78
|
+
# convert quick scan to sandbox report
|
79
|
+
#
|
80
|
+
# @param [String] id ID of quick scan to convert
|
81
|
+
# @param [Integer, nil] environment_id Environment ID. Available environments ID: <strong>300</strong>: 'Linux (Ubuntu 16.04, 64 bit)', <strong>200</strong>: 'Android Static Analysis', <strong>120</strong>: 'Windows 7 64 bit', <strong>110</strong>: 'Windows 7 32 bit (HWP Support)', <strong>100</strong>: 'Windows 7 32 bit'
|
82
|
+
# @param [Boolean, nil] no_hash_lookup Default: false
|
83
|
+
# @param [String, nil] action_script Optional custom runtime action script. Available runtime scripts: **default**, **default_maxantievasion**, **default_randomfiles**, **default_randomtheme**, **default_openie**
|
84
|
+
# @param [Boolean, nil] hybrid_analysis When set to 'false', no memory dumps or memory dump analysis will take place. Default: true
|
85
|
+
# @param [Boolean, nil] experimental_anti_evasion When set to 'true', will set all experimental anti-evasion options of the Kernelmode Monitor. Default: false
|
86
|
+
# @param [Boolean, nil] script_logging When set to 'true', will set the in-depth script logging engine of the Kernelmode Monitor. Default: false
|
87
|
+
# @param [Boolean, nil] input_sample_tampering When set to 'true', will allow experimental anti-evasion options of the Kernelmode Monitor that tamper with the input sample. Default: false
|
88
|
+
# @param [Boolean, nil] tor_enabled_analysis When set to 'true', will route the network traffic for the analysis via TOR (if properly configured on the server). Default: false
|
89
|
+
# @param [Boolean, nil] offline_analysis When set to “true”, will disable outbound network traffic for the guest VM (takes precedence over ‘tor_enabled_analysis’ if both are provided). Default: false
|
90
|
+
# @param [String, nil] email Optional E-Mail address that may be associated with the submission for notification
|
91
|
+
# @param [String, nil] comment Optional comment text that may be associated with the submission/sample (Note: you can use #tags here)
|
92
|
+
# @param [String, nil] custom_date_time Optional custom date/time that can be set for the analysis system. Expected format: yyyy-MM-dd HH:mm
|
93
|
+
# @param [String, nil] custom_cmd_line Optional commandline that should be passed to the analysis file
|
94
|
+
# @param [Integer, nil] custom_run_time Optional runtime duration (in seconds)
|
95
|
+
# @param [String, nil] submit_name Optional 'submission name' field that will be used for file type detection and analysis
|
96
|
+
# @param [String, nil] document_password Optional document password that will be used to fill-in Adobe/Office password prompts
|
97
|
+
# @param [String, nil] environment_variable Optional system environment value. The value is provided in the format: name=value
|
98
|
+
#
|
99
|
+
# @return [Hash]
|
100
|
+
#
|
101
|
+
def convert_to_full(id, environment_id:, no_hash_lookup: nil, action_script: nil, hybrid_analysis: nil, experimental_anti_evasion: nil, script_logging: nil, input_sample_tampering: nil, tor_enabled_analysis: nil, offline_analysis: nil, email: nil, comment: nil, custom_date_time: nil, custom_cmd_line: nil, custom_run_time: nil, submit_name: nil, document_password: nil, environment_variable: nil)
|
102
|
+
params = {
|
103
|
+
environment_id: environment_id,
|
104
|
+
no_hash_lookup: no_hash_lookup,
|
105
|
+
action_script: action_script,
|
106
|
+
hybrid_analysis: hybrid_analysis,
|
107
|
+
experimental_anti_evasion: experimental_anti_evasion,
|
108
|
+
script_logging: script_logging,
|
109
|
+
input_sample_tampering: input_sample_tampering,
|
110
|
+
tor_enabled_analysis: tor_enabled_analysis,
|
111
|
+
offline_analysis: offline_analysis,
|
112
|
+
email: email,
|
113
|
+
comment: comment,
|
114
|
+
custom_date_time: custom_date_time,
|
115
|
+
custom_cmd_line: custom_cmd_line,
|
116
|
+
custom_run_time: custom_run_time,
|
117
|
+
submit_name: submit_name,
|
118
|
+
document_password: document_password,
|
119
|
+
environment_variable: environment_variable
|
120
|
+
}.compact
|
121
|
+
|
122
|
+
_post("/quick-scan/#{id}/convert-to-full", params) { |json| json }
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
@@ -0,0 +1,131 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module HybridAnalysis
|
4
|
+
module Clients
|
5
|
+
class Report < Client
|
6
|
+
#
|
7
|
+
# downloading certificate file from report (is available)
|
8
|
+
#
|
9
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
10
|
+
#
|
11
|
+
# @return [Hash]
|
12
|
+
#
|
13
|
+
def certificate(id)
|
14
|
+
_get("/report/#{id}/certificate") { |json| json }
|
15
|
+
end
|
16
|
+
|
17
|
+
#
|
18
|
+
# downloading process memory dump files as zip file (is available)
|
19
|
+
#
|
20
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
21
|
+
#
|
22
|
+
# @return [Hash]
|
23
|
+
#
|
24
|
+
def memory_dumps(id)
|
25
|
+
_get("/report/#{id}/memory-dumps") { |json| json }
|
26
|
+
end
|
27
|
+
|
28
|
+
#
|
29
|
+
# downloading network PCAP file from report (is available)
|
30
|
+
#
|
31
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
32
|
+
#
|
33
|
+
# @return [Hash]
|
34
|
+
#
|
35
|
+
def pcap(id)
|
36
|
+
_get("/report/#{id}/pcap") { |json| json }
|
37
|
+
end
|
38
|
+
|
39
|
+
#
|
40
|
+
# downloading sample file
|
41
|
+
#
|
42
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
43
|
+
#
|
44
|
+
# @return [Hash]
|
45
|
+
#
|
46
|
+
def sample(id)
|
47
|
+
_get("/report/#{id}/sample") { |json| json }
|
48
|
+
end
|
49
|
+
|
50
|
+
#
|
51
|
+
# return state of a submission
|
52
|
+
#
|
53
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
54
|
+
#
|
55
|
+
# @return [Hash]
|
56
|
+
#
|
57
|
+
def state(id)
|
58
|
+
_get("/report/#{id}/state") { |json| json }
|
59
|
+
end
|
60
|
+
|
61
|
+
#
|
62
|
+
# return summary of a submission
|
63
|
+
#
|
64
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
65
|
+
#
|
66
|
+
# @return [Hash]
|
67
|
+
#
|
68
|
+
def summary(id)
|
69
|
+
_get("/report/#{id}/summary") { |json| json }
|
70
|
+
end
|
71
|
+
|
72
|
+
#
|
73
|
+
# return summary of multiple submissions (bulk query)
|
74
|
+
#
|
75
|
+
# @param [Array<String>] hashes[] List of ids. Allowed format: jobId, md5:environmentId, sha1:environmentId or sha256:environmentId
|
76
|
+
#
|
77
|
+
# @return [Array]
|
78
|
+
#
|
79
|
+
def summaries(*hashes)
|
80
|
+
params = { "hashes[]": hashes }.compact
|
81
|
+
_post("/report/summary", params) { |json| json }
|
82
|
+
end
|
83
|
+
|
84
|
+
#
|
85
|
+
# downloading report data (e.g. JSON, XML, PCAP)
|
86
|
+
#
|
87
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
88
|
+
# @param [String] type Type of requested report,
|
89
|
+
#
|
90
|
+
# @return [Hash]
|
91
|
+
#
|
92
|
+
def get(id:, type: )
|
93
|
+
_get("/report/#{id}/report/#{type}") { |json| json }
|
94
|
+
end
|
95
|
+
|
96
|
+
#
|
97
|
+
# retrieve an array of screenshots from a report in the Base64 format
|
98
|
+
#
|
99
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
100
|
+
#
|
101
|
+
# @return [Hash]
|
102
|
+
#
|
103
|
+
def screenshots(id)
|
104
|
+
_get("/report/#{id}/screenshots") { |json| json }
|
105
|
+
end
|
106
|
+
|
107
|
+
#
|
108
|
+
# retrieve single extracted/dropped binaries files for a report
|
109
|
+
#
|
110
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
111
|
+
# @param [String] hash SHA256 of dropped file
|
112
|
+
#
|
113
|
+
# @return [Hash]
|
114
|
+
#
|
115
|
+
def dropped_file_raw(id:, hash: )
|
116
|
+
_get("/report/#{id}/dropped-file-raw/#{hash}") { |json| json }
|
117
|
+
end
|
118
|
+
|
119
|
+
#
|
120
|
+
# retrieve all extracted/dropped binaries files for a report, as zip
|
121
|
+
#
|
122
|
+
# @param [String] id Id in one of format: 'jobId' or 'sha256:environmentId'
|
123
|
+
#
|
124
|
+
# @return [Hash]
|
125
|
+
#
|
126
|
+
def dropped_files(id)
|
127
|
+
_get("/report/#{id}/dropped-files") { |json| json }
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
end
|
@@ -0,0 +1,87 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module HybridAnalysis
|
4
|
+
module Clients
|
5
|
+
class Search < Client
|
6
|
+
#
|
7
|
+
# summary for given hash
|
8
|
+
#
|
9
|
+
# @param [String] hash MD5, SHA1 or SHA256
|
10
|
+
#
|
11
|
+
# @return [Array]
|
12
|
+
#
|
13
|
+
def hash(hash)
|
14
|
+
params = { hash: hash }.compact
|
15
|
+
_post("/search/hash", params) { |json| json }
|
16
|
+
end
|
17
|
+
|
18
|
+
#
|
19
|
+
# summary for given hashes
|
20
|
+
#
|
21
|
+
# @param [Array<String>] List of hashes. Allowed type: MD5, SHA1 or SHA256
|
22
|
+
#
|
23
|
+
# @return [Array]
|
24
|
+
#
|
25
|
+
def hashes(*hashes)
|
26
|
+
params = { "hashes[]": hashes }.compact
|
27
|
+
_post("/search/hashes", params) { |json| json }
|
28
|
+
end
|
29
|
+
|
30
|
+
#
|
31
|
+
# search the database using the search terms
|
32
|
+
#
|
33
|
+
# @param [String, nil] filename Filename e.g. invoice.exe
|
34
|
+
# @param [String, nil] filetype Filetype e.g. docx <p>Available options: .NET exe, 64-bit .NET exe, 64-bit dll, 64-bit exe, 64-bit service, apk, bat, cmd, com, csv, bash, chm, composite, database, dll, doc, docx, dos, empty, exe, elf, 64-bit elf, file link, gen link, hta, html, hwp, hwpx, image, iqy, java jar, js, jse, lib, mach-o, 64-bit mach-o, mime, msg, msi, pdf, perl, ppt, pptx, ps1, psd1, psm1, pub, python, sct, raw data, rtf, service, svg, swf, text, url, vbe, vbs, wsf, xls, xlsx, zip</p>
|
35
|
+
# @param [String, nil] filetype_desc Filetype description e.g. PE32 executable
|
36
|
+
# @param [String, nil] env_id Environment Id
|
37
|
+
# @param [String, nil] country Country (3 digit ISO) e.g. swe
|
38
|
+
# @param [Integer, nil] verdict Verdict e.g. 1 <p>Available options: <strong>1</strong> 'whitelisted', <strong>2</strong> 'no verdict', <strong>3</strong> 'no specific threat', <strong>4</strong> 'suspicious', <strong>5</strong> 'malicious'</p>
|
39
|
+
# @param [String, nil] av_detect AV Multiscan range e.g. 50-70 (min 0, max 100)
|
40
|
+
# @param [String, nil] vx_family AV Family Substring e.g. nemucod
|
41
|
+
# @param [String, nil] tag Hashtag e.g. ransomware
|
42
|
+
# @param [String, nil] date_from Date from in format: 'Y-m-d H:i:s' e.g. 2018-09-28 15:30:00
|
43
|
+
# @param [String, nil] date_to Date to in format: 'Y-m-d H:i:s' e.g. 2018-09-28 15:30:00
|
44
|
+
# @param [Integer, nil] port Port e.g. 8080
|
45
|
+
# @param [String, nil] host Host e.g. 192.168.0.1
|
46
|
+
# @param [String, nil] domain Domain e.g. checkip.dyndns.org
|
47
|
+
# @param [String, nil] url HTTP Request Substring e.g. google
|
48
|
+
# @param [String, nil] similar_to Similar Samples e.g. \<sha256\>
|
49
|
+
# @param [String, nil] context Sample Context e.g. \<sha256\>
|
50
|
+
# @param [String, nil] imp_hash
|
51
|
+
# @param [String, nil] ssdeep
|
52
|
+
# @param [String, nil] authentihash
|
53
|
+
# @param [Boolean, nil] uses_tactic Uses Tactic
|
54
|
+
# @param [Boolean, nil] uses_technique Uses Technique
|
55
|
+
#
|
56
|
+
# @return [Hash]
|
57
|
+
#
|
58
|
+
def terms(filename: nil, filetype: nil, filetype_desc: nil, env_id: nil, country: nil, verdict: nil, av_detect: nil, vx_family: nil, tag: nil, date_from: nil, date_to: nil, port: nil, host: nil, domain: nil, url: nil, similar_to: nil, context: nil, imp_hash: nil, ssdeep: nil, authentihash: nil, uses_tactic: nil, uses_technique: nil)
|
59
|
+
params = {
|
60
|
+
filename: filename,
|
61
|
+
filetype: filetype,
|
62
|
+
filetype_desc: filetype_desc,
|
63
|
+
env_id: env_id,
|
64
|
+
country: country,
|
65
|
+
verdict: verdict,
|
66
|
+
av_detect: av_detect,
|
67
|
+
vx_family: vx_family,
|
68
|
+
tag: tag,
|
69
|
+
date_from: date_from,
|
70
|
+
date_to: date_to,
|
71
|
+
port: port,
|
72
|
+
host: host,
|
73
|
+
domain: domain,
|
74
|
+
url: url,
|
75
|
+
similar_to: similar_to,
|
76
|
+
context: context,
|
77
|
+
imp_hash: imp_hash,
|
78
|
+
ssdeep: ssdeep,
|
79
|
+
authentihash: authentihash,
|
80
|
+
uses_tactic: uses_tactic,
|
81
|
+
uses_technique: uses_technique
|
82
|
+
}.compact
|
83
|
+
_post("/search/terms", params) { |json| json }
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|