VirusTotal - Private API

Use the Virus Total - Private API integration to investigate suspicious files, domains, URLs, IP addresses, and hashes.

This integration was integrated and tested with Virus Total API v2.0.

Use Cases

  • Get extensive reports on interactions between files, domains, URLs, IP addresses, and hashes.
  • Investigate activity of recognized malware.

Configure Virus Total - Private API on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for Virus Total - Private API.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance
    • Virus Total private API key
    • Use system proxy settings
    • Trust any certificate (not secure)
    • File Threshold: If the number of positive results from the VT scanners exceeds the threshold, the file will be considered malicious.
    • IP Threshold: If the number of positive results from the VT scanners exceeds the threshold, the IP address is considered malicious.
    • URL Threshold: If the number of positive results from the VT scanners exceeds the threshold, the URL is considered malicious.
    • Domain Threshold: If the number of positive results from the VT scanners is bigger than the threshold, the domain is considered malicious.
    • Preferred Vendors List : A CSV list of vendors that are considered trustworthy.
    • Preferred Vendors Threshold : The minimum number of highly trusted vendors required to consider a domain IP, URL, or file as malicious.
    • fullResponseGlobal : Determines whether to return all results, which can number in the thousands. If true , returns all results and overrides the fullResponse and long arguments (if they are set to false ) in a command. If false , the fullResponse and long arguments in the command determines how results are returned.
  4. Click Test to validate URLs and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Get file dynamic behavioral report: vt-private-check-file-behaviour
  2. Get a domain report: vt-private-get-domain-report
  3. Get malicious file report: vt-private-get-file-report
  4. Get URL report: vt-private-get-url-report
  5. Get IP address report: vt-private-get-ip-report
  6. Submit a query: vt-private-search-file
  7. Return hashes for a specific IP address: vt--private-hash-communication
  8. Download a file: vt-private-download-file

1. Get file dynamic behavioral report


Find out which domains, files, hosts, IP addresses, mutexes, URLs, and registry keys, are associated with a specific file.

Base Command

vt-private-check-file-behaviour

Input
Argument Name Description
resource The MD5, SHA-1, and SHA-256 hash of the file whose dynamic behavioral report you want to retrieve
threshold If the number of positives is larger than the threshold, the file is considered malicious. If threshold is not specified, the default file threshold is used.
You configure the default in the instance settings.
fullResponse Returns all results. Results can number in the thousands, we recommend not using fullResponse in playbooks. The default value is false .

Context Output
Path Description
File.MD5 MD5 of the file
File.SHA1 SHA-1 of the file
File.SHA256 SHA-256 of the file
File.VirusTotal.RelatedDomains Domains that the hash communicates with
File.VirusTotal.RelatedURLs URLs that the hash communicates with
File.VirusTotal.RelatedIPs IPs that the hash communicates with
File.VirusTotal.RelatedHosts Hosts that the hash communicates with
File.VirusTotal.RelatedFiles Files that are related to this hash
File.VirusTotal.RelatedRegistryKeys Keys that are related to this hash
File.VirusTotal.RelatedMutexes Mutexes that are related to this hash

Command Example
!vt-private-check-file-behaviour resource="2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae" threshold=20
Context Example
{
  "SHA256": "2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae",
  "VirusTotal": {
    "RelatedDomains": [
      "stromoliks.com",
      "promoliks.com",
      "google.com",
      "fkjdeljfeew32233.com",
      "pornoliks.com",
      "fdwelklwe3093443.com"
    ],
    "RelatedFiles": [
      "C:\\WINDOWS\\system32\\ntdll.dll",
      "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\~TM4.tmp",
      "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\~DF3C0D.tmp",
      "C:\\WINDOWS\\system32\\kernel32.dll",
      "C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\~TM3.tmp",
      "Cmgr.exe"
    ],
    "RelatedHosts": [
      "224.0.0.22",
      "51.140.127.197",
      "10.0.2.2",
      "239.255.255.250",
      "255.255.255.255",
      "10.0.2.255",
      "10.0.2.15",
      "82.112.184.197",
      "0.0.0.0",
      "216.58.206.238"
    ],
    "RelatedIPs": [
      "51.140.127.197",
      "10.0.2.2",
      "239.255.255.250",
      "10.0.2.255",
      "10.0.2.15",
      "82.112.184.197",
      "255.255.255.255",
      "127.0.0.1",
      "216.58.206.238"
    ],
    "RelatedMutexes": [
      "ShimCacheMutex",
      "{65D180CA-BACE-614C-7239-5ABDD5E947B0}"
    ],
    "RelatedRegistryKeys": [
      "HKEY_LOCAL_MACHINE\\\\SOFTWARE\\Microsoft\\VBA\\Monitors",
      "HKEY_LOCAL_MACHINE\\\\System\\Setup",
      "HKEY_CLASSES_ROOT\\\\http\\shell\\open\\command",
      "0x000000b8\\\\Help",
      "HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Rpc",
      "HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows",
      "0x000000b8\\\\HTML Help",
      "HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Cmgr.exe\\RpcThreadPoolThrottle",
      "HKEY_LOCAL_MACHINE\\\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
      "0x00000090\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
      "0x000000ac\\\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
      "HKEY_LOCAL_MACHINE\\\\Software\\Microsoft\\Rpc\\PagedBuffers"
    ],
    "RelatedURLs": []
  }
}
Human Readable Output

We found the following data about hash 2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae:

Hosts that the hash communicates with are:

Host
224.0.0.22
51.140.127.197
10.0.2.2
239.255.255.250
255.255.255.255
10.0.2.255
10.0.2.15
82.112.184.197
0.0.0.0
216.58.206.238

IPs that the hash communicates with are:

IP
51.140.127.197
10.0.2.2
239.255.255.250
10.0.2.255
10.0.2.15
82.112.184.197
255.255.255.255
127.0.0.1
216.58.206.238

Domains that the hash communicates with are:

Domain
stromoliks.com
promoliks.com
google.com
fkjdeljfeew32233.com
pornoliks.com
fdwelklwe3093443.com

Files that are related the hash

File
C:\WINDOWS\system32\ntdll.dll
C:\DOCUME 1\JANETT 1\LOCALS~1\Temp~TM4.tmp
C:\DOCUME 1\JANETT 1\LOCALS~1\Temp~DF3C0D.tmp
C:\WINDOWS\system32\kernel32.dll
C:\DOCUME 1\JANETT 1\LOCALS~1\Temp~TM3.tmp
Cmgr.exe

Registry Keys that are related to the hash

Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\System\Setup
HKEY_CLASSES_ROOT\http\shell\open\command
0x000000b8\Help
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
0x000000b8\HTML Help
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cmgr.exe\RpcThreadPoolThrottle
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
0x00000090\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
0x000000ac\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\PagedBuffers

Opened mutexes that are related to the hash

Mutex
ShimCacheMutex
{65D180CA-BACE-614C-7239-5ABDD5E947B0}

2. Get domain report


Generates a report about a specific domain.

Base Command

vt-private-get-domain-report

Input
Argument Name Description
domain Domain name
threshold If the number of positives is larger than the threshold, the domain is considered malicious. If threshold is not specified, the default domain threshold is used.
You configure the default.
fullResponse Returns all results. Results can number in the thousands, we recommend not using fullResponse in playbooks. The default value is false .

Context Output
Path Description
Domain.Name Domain name
Domain.VirusTotal.DownloadedHashes Hashes of files that were downloaded from this domain
Domain.VirusTotal.CommunicatingHashes Hashes of files that communicated with this domain in a sandbox
Domain.VirusTotal.Resolutions.ip_address IPs that resolved to this domain
Domain.VirusTotal.Whois Whois report
Domain.VirusTotal.Subdomains Subdomains
Domain.VirusTotal.Resolutions.last_resolved Resolution date of IPs that resolved to this domain

Command Example
!vt-private-get-domain-report domain=demisto.com
Context Example
{
  "Name": "google.com",
  "VirusTotal": {
    "CommunicatingHashes": [
      {
        "date": "2018-07-24 07:24:39",
        "positives": 62,
        "sha256": "2675ef3e888481502fe41addc74f7310639d83df4893a97e8127eb5eb1740798",
        "total": 68
      },
      {
        "date": "2018-07-24 07:23:48",
        "positives": 49,
        "sha256": "629be3e06580b7e532b019c48488c5a18e7ca1a37a374a9519d66a64e49051d1",
        "total": 68
      },
      {
        "date": "2018-07-24 07:21:23",
        "positives": 52,
        "sha256": "31afab5e2079d9fd2590f521237ac8f59ed42fe7234a4cf360daa4f7526bf900",
        "total": 66
      },
      {
        "date": "2018-07-24 07:20:18",
        "positives": 45,
        "sha256": "49b777157965d0f2ee2ab53b47876cbfd815512ec8ea41a6cd1a633b29be6524",
        "total": 66
      },
      {
        "date": "2018-07-24 07:19:39",
        "positives": 45,
        "sha256": "46799d5e6883cdf3f3466645de4a98c7710b4db03fece1780bd6e871d8b858e8",
        "total": 66
      },
      {
        "date": "2018-07-24 07:19:38",
        "positives": 50,
        "sha256": "db8c7cc64521286a1c63de5f8b41c749c4dae5434191baa5179f1233f0722ae8",
        "total": 68
      },
      {
        "date": "2018-07-24 07:19:27",
        "positives": 51,
        "sha256": "a1b2e5eeb9a1b81e167000f6f38446100696e8c5b1b38013a8895f3d6519a111",
        "total": 68
      },
      {
        "date": "2018-07-24 07:19:18",
        "positives": 54,
        "sha256": "6cb02d9888c3653616106241d4de68800b7fb9509b3a71f7ecea0eaf66b48655",
        "total": 68
      },
      {
        "date": "2018-07-24 07:18:57",
        "positives": 51,
        "sha256": "872575af2d9caabe5818c9dbcbc76f1fdebf80b3cf4fea961b99706b179e4fb2",
        "total": 68
      },
      {
        "date": "2018-07-24 07:18:47",
        "positives": 50,
        "sha256": "a3a4225ff984894a4752913069d63faafa3db4398c92dc007497f91602892737",
        "total": 68
      },
      {
        "date": "2018-07-24 07:18:19",
        "positives": 48,
        "sha256": "9b716f7272bb1b57653190ed190f7ceaa658820f5169a2857266ba599034efc9",
        "total": 67
      },
      {
        "date": "2018-07-24 07:18:16",
        "positives": 53,
        "sha256": "10478d5c4db5de5b8a69dfcf78b5de338145d9f1903f54a6429e16c9bb749f3a",
        "total": 68
      },
      {
        "date": "2018-07-24 07:18:08",
        "positives": 51,
        "sha256": "b1b566a462e575e5ddcd1bb73e7457607d036c40efe470a11c5839d2aa6913cf",
        "total": 67
      },
      {
        "date": "2018-07-24 07:17:59",
        "positives": 50,
        "sha256": "18d5e3fec37d15e0b6da54e8fe10a34617f92650b58a9846884b866e74165252",
        "total": 68
      },
      {
        "date": "2018-07-24 07:17:45",
        "positives": 50,
        "sha256": "c63b3787c8b85d96af2ccc8203f1ed905a28538c030efbd5bc91d446bc7e4131",
        "total": 68
      },
      {
        "date": "2018-07-24 07:15:50",
        "positives": 53,
        "sha256": "5391f03a01c67aef9d27cc26d72a5637ea1e4cd11228d04dfca3979b0dcf5afc",
        "total": 67
      },
      {
        "date": "2018-07-24 07:15:39",
        "positives": 50,
        "sha256": "b0556569ac21b97a687153876676488c35ede8eca18383436db731f07856b9a6",
        "total": 68
      },
      {
        "date": "2018-07-24 07:15:25",
        "positives": 49,
        "sha256": "1bf888901165a4cb23510133d5b91b663ec1895425c71b8fdddf0348732b11a9",
        "total": 68
      },
      {
        "date": "2018-07-24 07:14:06",
        "positives": 52,
        "sha256": "f1e29295a668a973b7940f5fbab2edcd05b68395e24fd315662726f1c1767cf4",
        "total": 68
      },
      {
        "date": "2018-07-24 07:14:01",
        "positives": 53,
        "sha256": "6b53c57843888c61c3e0126b816d92872f5e44fc803bbd6029c017e29e828fca",
        "total": 68
      },
      {
        "date": "2018-07-24 07:13:59",
        "positives": 48,
        "sha256": "8e1ab57267d8497b31e4d4f26bf3e6d9b31e139e3744f57ec577c32c6bd97448",
        "total": 68
      },
      {
        "date": "2018-07-24 07:13:18",
        "positives": 50,
        "sha256": "ffe93ef77385d59d7030dfd474373b3fe427ebaa9c7f5541e3f11e43629c3b9f",
        "total": 68
      },
      {
        "date": "2018-07-23 10:45:17",
        "positives": 48,
        "sha256": "aa9a757094b2b8cad5b3ef8152dbf2e5f3880fed2c3f58c84a34ecb1673ba4eb",
        "total": 70
      },
      {
        "date": "2018-07-24 07:10:40",
        "positives": 50,
        "sha256": "f8eaee7c0ea2261e55ee58ea09ac7e954ffa26c55c13f225015a63f4eda55da9",
        "total": 68
      },
      {
        "date": "2018-07-24 07:09:42",
        "positives": 52,
        "sha256": "238c20cf0e7bf2dea360ef9728daaaa1f019625e7451e5722cb75479bbd7e184",
        "total": 68
      },
      {
        "date": "2018-07-24 07:08:21",
        "positives": 58,
        "sha256": "c70659c5034f9b7db6b583a5cc5151b1686cc8fbcbd8860d164b07c1c23bcf5b",
        "total": 66
      },
      {
        "date": "2018-07-24 01:20:19",
        "positives": 16,
        "sha256": "c48447d03aa768b8f99877ec9450f764abb912dc35716603cea74bce71737728",
        "total": 69
      },
      {
        "date": "2018-07-24 05:10:10",
        "positives": 34,
        "sha256": "f48fe93a0ce6db1dfd239bb2705a296ac7c1d3f6a1ab335b8ff15b7960cfe5b0",
        "total": 70
      },
      {
        "date": "2018-07-23 12:20:35",
        "positives": 15,
        "sha256": "cbac4ff65098eb0eb9b459ab9a0a7529b412d86dc61f9961638752a309b301be",
        "total": 68
      },
      {
        "date": "2018-07-22 17:43:18",
        "positives": 11,
        "sha256": "f7076372575863bbbb5d96d3f13d8180d1e07f1b9f70c3ff9c833781482f48ce",
        "total": 70
      },
      {
        "date": "2018-07-24 00:18:28",
        "positives": 31,
        "sha256": "0bd4d66a39c461f7175762f802d26158288cf35bc00b1067d5d3a7e7334e9619",
        "total": 70
      },
      {
        "date": "2018-07-24 06:22:30",
        "positives": 49,
        "sha256": "4c2494bd1988e1d55e418e6e67881103cbe4a7b1a36423a17b54518764e720e0",
        "total": 68
      },
      {
        "date": "2018-07-24 06:22:15",
        "positives": 49,
        "sha256": "de5579608fa1c48dbf6985b80c207d0705d5b0692d8e8f4ee914849bb23a7fc4",
        "total": 68
      },
      {
        "date": "2018-07-24 06:22:10",
        "positives": 47,
        "sha256": "005e579a1fbfff7fb719c2dd142ff253da229067c834a3c77002ccf5d5c88860",
        "total": 67
      },
      {
        "date": "2018-07-24 06:21:54",
        "positives": 49,
        "sha256": "8a232930ea2481d40ef678d71a9a19da52625e94caf74dca07783e948ff5818f",
        "total": 68
      },
      {
        "date": "2018-07-24 06:20:43",
        "positives": 54,
        "sha256": "79b2a672433973b3fdce947a45ab409da4ba5a4f7b6ed94014835b8ac3521abc",
        "total": 67
      },
      {
        "date": "2018-07-23 09:04:38",
        "positives": 52,
        "sha256": "51b74df5019508d78f2b9ea6f7c24fc33e700a59226faef76a814ade67dbddd6",
        "total": 70
      },
      {
        "date": "2018-07-23 11:59:58",
        "positives": 60,
        "sha256": "0e4842f53bae8a32b0673ebee8b5ad3f61b7377634c7122d5d582ec82041154f",
        "total": 69
      },
      {
        "date": "2018-07-22 17:26:07",
        "positives": 56,
        "sha256": "61ea4df7140be285a82a93600592dbc9f3bc5cea95941259de1d05490a15c0e5",
        "total": 70
      },
      {
        "date": "2018-07-23 10:51:19",
        "positives": 49,
        "sha256": "2253a68cc3f4202c1239566437e30ffa112b40d342a8969e63c4177066464682",
        "total": 70
      },
      {
        "date": "2018-07-23 10:54:35",
        "positives": 54,
        "sha256": "94e2bc7b7b7be2b83ac40560d9a93d48511bf3104102e69d3ff21399b7f31dfa",
        "total": 70
      },
      {
        "date": "2018-07-23 10:45:12",
        "positives": 52,
        "sha256": "e5ac53dd24af0985e1617e86f09cb0eb2027e2b12479b47594233ac8b4701bb7",
        "total": 70
      },
      {
        "date": "2018-07-22 20:03:38",
        "positives": 55,
        "sha256": "57512332300ada12813e0a876cdf0090d81aee28953dcc24f3b610e022f89327",
        "total": 69
      },
      {
        "date": "2018-07-24 06:05:19",
        "positives": 54,
        "sha256": "3656d67014dc5ad09c77b06ee1b3da751526fe47cdc21d5002869524beabcd48",
        "total": 68
      },
      {
        "date": "2018-07-24 05:50:15",
        "positives": 53,
        "sha256": "b946b5de6599f02a9fa1af3c166fc50d3b4636a56c0ac73a56d939231a9b42a8",
        "total": 67
      },
      {
        "date": "2018-07-24 05:45:38",
        "positives": 44,
        "sha256": "2bda400f65b3097eb48fd77c8ecb610689884675542062ae2b234d2a1acee9d0",
        "total": 67
      },
      {
        "date": "2018-07-23 17:44:19",
        "positives": 18,
        "sha256": "db7c591fa32343770f3a03c3383e8fb89b1f30ae106263fc6d066aa45c1321f6",
        "total": 70
      },
      {
        "date": "2018-07-24 05:34:57",
        "positives": 47,
        "sha256": "27ae8d443e224eba7fe0da8c03e771be3784ff9485f018074eee191b2bf35644",
        "total": 67
      },
      {
        "date": "2018-07-24 05:34:40",
        "positives": 58,
        "sha256": "263713235cbbeb7714aef21da83f1162f9c5e6e64a6054c97769b339fb2ffe9a",
        "total": 68
      },
      {
        "date": "2018-07-24 05:34:36",
        "positives": 49,
        "sha256": "18e3295f7c6c5528483f25c383dd0e4aadb4c4c74a63ccb86fa30782b5c5c91e",
        "total": 67
      }
    ],
    "DownloadedHashes": [],
    "Resolutions": [
      {
        "ip_address": "108.167.133.29",
        "last_resolved": "2017-05-19 00:00:00"
      },
      {
        "ip_address": "108.177.10.100",
        "last_resolved": "2016-02-16 00:00:00"
      },
      {
        "ip_address": "108.177.10.102",
        "last_resolved": "2016-02-16 00:00:00"
      },
      {
        "ip_address": "108.177.111.100",
        "last_resolved": "2018-03-14 00:00:00"
      },
      {
        "ip_address": "108.177.111.101",
        "last_resolved": "2018-03-14 00:00:00"
      },
      {
        "ip_address": "108.177.111.102",
        "last_resolved": "2018-03-15 00:00:00"
      },
      {
        "ip_address": "108.177.111.113",
        "last_resolved": "2018-03-18 00:00:00"
      },
      {
        "ip_address": "108.177.111.138",
        "last_resolved": "2018-03-15 00:00:00"
      },
      {
        "ip_address": "108.177.111.139",
        "last_resolved": "2018-03-14 00:00:00"
      },
      {
        "ip_address": "108.177.112.100",
        "last_resolved": "2018-07-20 03:31:21"
      },
      {
        "ip_address": "108.177.112.101",
        "last_resolved": "2018-07-20 03:31:21"
      },
      {
        "ip_address": "108.177.112.102",
        "last_resolved": "2018-07-20 03:31:21"
      },
      {
        "ip_address": "108.177.112.113",
        "last_resolved": "2018-07-20 03:31:21"
      },
      {
        "ip_address": "108.177.112.138",
        "last_resolved": "2018-07-20 03:31:21"
      },
      {
        "ip_address": "108.177.112.139",
        "last_resolved": "2018-07-20 03:31:21"
      },
      {
        "ip_address": "108.177.119.100",
        "last_resolved": "2018-07-11 11:27:21"
      },
      {
        "ip_address": "108.177.119.101",
        "last_resolved": "2018-07-11 11:27:22"
      },
      {
        "ip_address": "108.177.119.102",
        "last_resolved": "2018-07-11 11:27:21"
      },
      {
        "ip_address": "108.177.119.113",
        "last_resolved": "2018-07-11 11:27:21"
      },
      {
        "ip_address": "108.177.119.138",
        "last_resolved": "2018-07-11 11:27:21"
      },
      {
        "ip_address": "108.177.119.139",
        "last_resolved": "2018-07-11 11:27:21"
      },
      {
        "ip_address": "108.177.120.100",
        "last_resolved": "2018-07-12 01:45:40"
      },
      {
        "ip_address": "108.177.120.101",
        "last_resolved": "2018-07-12 01:45:39"
      },
      {
        "ip_address": "108.177.120.102",
        "last_resolved": "2018-07-12 01:45:40"
      },
      {
        "ip_address": "108.177.120.113",
        "last_resolved": "2018-07-12 01:45:39"
      },
      {
        "ip_address": "108.177.120.138",
        "last_resolved": "2018-07-12 01:45:40"
      },
      {
        "ip_address": "108.177.120.139",
        "last_resolved": "2018-07-12 01:45:40"
      },
      {
        "ip_address": "108.177.121.100",
        "last_resolved": "2018-07-19 03:28:50"
      },
      {
        "ip_address": "108.177.121.101",
        "last_resolved": "2018-07-19 03:28:50"
      },
      {
        "ip_address": "108.177.121.102",
        "last_resolved": "2018-07-19 03:28:50"
      },
      {
        "ip_address": "108.177.121.113",
        "last_resolved": "2018-07-19 03:28:50"
      },
      {
        "ip_address": "108.177.121.138",
        "last_resolved": "2018-07-19 03:28:50"
      },
      {
        "ip_address": "108.177.121.139",
        "last_resolved": "2018-07-19 03:28:50"
      },
      {
        "ip_address": "108.177.122.100",
        "last_resolved": "2018-06-27 13:14:54"
      },
      {
        "ip_address": "108.177.122.101",
        "last_resolved": "2018-06-27 13:14:55"
      },
      {
        "ip_address": "108.177.122.102",
        "last_resolved": "2018-06-27 13:14:55"
      },
      {
        "ip_address": "108.177.122.113",
        "last_resolved": "2018-06-27 13:14:55"
      },
      {
        "ip_address": "108.177.122.138",
        "last_resolved": "2018-06-27 13:14:55"
      },
      {
        "ip_address": "108.177.122.139",
        "last_resolved": "2018-06-27 13:14:55"
      },
      {
        "ip_address": "108.177.127.100",
        "last_resolved": "2018-06-14 06:42:21"
      },
      {
        "ip_address": "108.177.127.101",
        "last_resolved": "2018-06-14 06:42:21"
      },
      {
        "ip_address": "108.177.127.102",
        "last_resolved": "2018-06-14 06:42:21"
      },
      {
        "ip_address": "108.177.127.113",
        "last_resolved": "2018-06-14 06:42:21"
      },
      {
        "ip_address": "108.177.127.138",
        "last_resolved": "2018-06-14 06:42:21"
      },
      {
        "ip_address": "108.177.127.139",
        "last_resolved": "2018-06-14 06:42:21"
      },
      {
        "ip_address": "108.177.15.100",
        "last_resolved": "2018-07-23 10:36:03"
      },
      {
        "ip_address": "108.177.15.101",
        "last_resolved": "2018-07-23 10:35:18"
      },
      {
        "ip_address": "108.177.15.102",
        "last_resolved": "2018-07-23 10:33:47"
      },
      {
        "ip_address": "108.177.15.113",
        "last_resolved": "2018-07-19 14:15:34"
      },
      {
        "ip_address": "108.177.15.138",
        "last_resolved": "2018-07-23 10:32:53"
      }
    ],
    "Subdomains": [
      "27.docs.google.com",
      "8.chart.apis.google.com",
      "geoauth.google.com",
      "adservice.google.com",
      "ogs.google.com",
      "accounts.google.com",
      "play.google.com",
      "news.url.google.com",
      "mt2.google.com",
      "alt5-mtalk.google.com",
      "books.google.com",
      "id.google.com",
      "apis.google.com",
      "notifications.google.com",
      "meet.google.com",
      "mts0.google.com",
      "www.google.com",
      "alt2-mtalk.google.com",
      "policies.google.com",
      "taskassist-pa.clients6.google.com",
      "search.google.com",
      "xmpp.l.google.com",
      "1.client-channel.google.com",
      "safebrowsing-cache.google.com",
      "encrypted.google.com",
      "groups.google.com",
      "68.docs.google.com",
      "feedburner.google.com",
      "clients2.google.com",
      "suggestqueries.google.com",
      "toolbarqueries.google.com",
      "mtalk4.google.com",
      "chatenabled.mail.google.com",
      "alt6-mtalk.google.com",
      "mt0.google.com",
      "alt2.gmail-smtp-in.l.google.com",
      "reminders-pa.clients6.google.com",
      "7.client-channel.google.com",
      "hangouts.google.com",
      "android.clients.google.com",
      "mtalk.google.com",
      "wide-youtube.l.google.com",
      "15.client-channel.google.com",
      "history.google.com",
      "drive.google.com",
      "8.client-channel.google.com",
      "status.cloud.google.com",
      "safebrowsing.google.com",
      "contributor.google.com",
      "docs.google.com"
    ],
    "Whois": "Domain Name: GOOGLE.COM\nRegistry Domain ID: 2138514_DOMAIN_COM-VRSN\nRegistrar WHOIS Server: whois.markmonitor.com\nRegistrar URL: http://www.markmonitor.com\nUpdated Date: 2018-02-21T18:36:40Z\nCreation Date: 1997-09-15T04:00:00Z\nRegistry Expiry Date: 2020-09-14T04:00:00Z\nRegistrar: MarkMonitor Inc.\nRegistrar IANA ID: 292\nRegistrar Abuse Contact Email: abusecomplaints@markmonitor.com\nRegistrar Abuse Contact Phone: +1.2083895740\nDomain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited\nDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited\nDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited\nDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited\nDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited\nDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited\nName Server: NS1.GOOGLE.COM\nName Server: NS2.GOOGLE.COM\nName Server: NS3.GOOGLE.COM\nName Server: NS4.GOOGLE.COM\nDNSSEC: unsigned\nDomain Name: google.com\nUpdated Date: 2018-02-21T10:45:07-0800\nCreation Date: 1997-09-15T00:00:00-0700\nRegistrar Registration Expiration Date: 2020-09-13T21:00:00-0700\nRegistrar: MarkMonitor, Inc.\nDomain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)\nDomain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)\nDomain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)\nDomain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)\nDomain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)\nDomain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)\nRegistrant Country: US\nAdmin Organization: Google LLC\nAdmin State/Province: CA\nAdmin Country: US\nTech Organization: Google LLC\nTech State/Province: CA\nTech Country: US\nName Server: ns3.google.com\nName Server: ns2.google.com\nName Server: ns4.google.com\nName Server: ns1.google.com"
  }
}
Human Readable Output

Latest detected files that communicated with google.com

date positives total sha256
2018-07-24 07:24:39 62 68 2675ef3e888481502fe41addc74f7310639d83df4893a97e8127eb5eb1740798
2018-07-24 07:23:48 49 68 629be3e06580b7e532b019c48488c5a18e7ca1a37a374a9519d66a64e49051d1
2018-07-24 07:21:23 52 66 31afab5e2079d9fd2590f521237ac8f59ed42fe7234a4cf360daa4f7526bf900
2018-07-24 07:20:18 45 66 49b777157965d0f2ee2ab53b47876cbfd815512ec8ea41a6cd1a633b29be6524
2018-07-24 07:19:39 45 66 46799d5e6883cdf3f3466645de4a98c7710b4db03fece1780bd6e871d8b858e8
2018-07-24 07:19:38 50 68 db8c7cc64521286a1c63de5f8b41c749c4dae5434191baa5179f1233f0722ae8
2018-07-24 07:19:27 51 68 a1b2e5eeb9a1b81e167000f6f38446100696e8c5b1b38013a8895f3d6519a111
2018-07-24 07:19:18 54 68 6cb02d9888c3653616106241d4de68800b7fb9509b3a71f7ecea0eaf66b48655
2018-07-24 07:18:57 51 68 872575af2d9caabe5818c9dbcbc76f1fdebf80b3cf4fea961b99706b179e4fb2
2018-07-24 07:18:47 50 68 a3a4225ff984894a4752913069d63faafa3db4398c92dc007497f91602892737
2018-07-24 07:18:19 48 67 9b716f7272bb1b57653190ed190f7ceaa658820f5169a2857266ba599034efc9
2018-07-24 07:18:16 53 68 10478d5c4db5de5b8a69dfcf78b5de338145d9f1903f54a6429e16c9bb749f3a
2018-07-24 07:18:08 51 67 b1b566a462e575e5ddcd1bb73e7457607d036c40efe470a11c5839d2aa6913cf
2018-07-24 07:17:59 50 68 18d5e3fec37d15e0b6da54e8fe10a34617f92650b58a9846884b866e74165252
2018-07-24 07:17:45 50 68 c63b3787c8b85d96af2ccc8203f1ed905a28538c030efbd5bc91d446bc7e4131
2018-07-24 07:15:50 53 67 5391f03a01c67aef9d27cc26d72a5637ea1e4cd11228d04dfca3979b0dcf5afc
2018-07-24 07:15:39 50 68 b0556569ac21b97a687153876676488c35ede8eca18383436db731f07856b9a6
2018-07-24 07:15:25 49 68 1bf888901165a4cb23510133d5b91b663ec1895425c71b8fdddf0348732b11a9
2018-07-24 07:14:06 52 68 f1e29295a668a973b7940f5fbab2edcd05b68395e24fd315662726f1c1767cf4
2018-07-24 07:14:01 53 68 6b53c57843888c61c3e0126b816d92872f5e44fc803bbd6029c017e29e828fca
2018-07-24 07:13:59 48 68 8e1ab57267d8497b31e4d4f26bf3e6d9b31e139e3744f57ec577c32c6bd97448
2018-07-24 07:13:18 50 68 ffe93ef77385d59d7030dfd474373b3fe427ebaa9c7f5541e3f11e43629c3b9f
2018-07-23 10:45:17 48 70 aa9a757094b2b8cad5b3ef8152dbf2e5f3880fed2c3f58c84a34ecb1673ba4eb
2018-07-24 07:10:40 50 68 f8eaee7c0ea2261e55ee58ea09ac7e954ffa26c55c13f225015a63f4eda55da9
2018-07-24 07:09:42 52 68 238c20cf0e7bf2dea360ef9728daaaa1f019625e7451e5722cb75479bbd7e184
2018-07-24 07:08:21 58 66 c70659c5034f9b7db6b583a5cc5151b1686cc8fbcbd8860d164b07c1c23bcf5b
2018-07-24 01:20:19 16 69 c48447d03aa768b8f99877ec9450f764abb912dc35716603cea74bce71737728
2018-07-24 05:10:10 34 70 f48fe93a0ce6db1dfd239bb2705a296ac7c1d3f6a1ab335b8ff15b7960cfe5b0
2018-07-23 12:20:35 15 68 cbac4ff65098eb0eb9b459ab9a0a7529b412d86dc61f9961638752a309b301be
2018-07-22 17:43:18 11 70 f7076372575863bbbb5d96d3f13d8180d1e07f1b9f70c3ff9c833781482f48ce
2018-07-24 00:18:28 31 70 0bd4d66a39c461f7175762f802d26158288cf35bc00b1067d5d3a7e7334e9619
2018-07-24 06:22:30 49 68 4c2494bd1988e1d55e418e6e67881103cbe4a7b1a36423a17b54518764e720e0
2018-07-24 06:22:15 49 68 de5579608fa1c48dbf6985b80c207d0705d5b0692d8e8f4ee914849bb23a7fc4
2018-07-24 06:22:10 47 67 005e579a1fbfff7fb719c2dd142ff253da229067c834a3c77002ccf5d5c88860
2018-07-24 06:21:54 49 68 8a232930ea2481d40ef678d71a9a19da52625e94caf74dca07783e948ff5818f
2018-07-24 06:20:43 54 67 79b2a672433973b3fdce947a45ab409da4ba5a4f7b6ed94014835b8ac3521abc
2018-07-23 09:04:38 52 70 51b74df5019508d78f2b9ea6f7c24fc33e700a59226faef76a814ade67dbddd6
2018-07-23 11:59:58 60 69 0e4842f53bae8a32b0673ebee8b5ad3f61b7377634c7122d5d582ec82041154f
2018-07-22 17:26:07 56 70 61ea4df7140be285a82a93600592dbc9f3bc5cea95941259de1d05490a15c0e5
2018-07-23 10:51:19 49 70 2253a68cc3f4202c1239566437e30ffa112b40d342a8969e63c4177066464682
2018-07-23 10:54:35 54 70 94e2bc7b7b7be2b83ac40560d9a93d48511bf3104102e69d3ff21399b7f31dfa
2018-07-23 10:45:12 52 70 e5ac53dd24af0985e1617e86f09cb0eb2027e2b12479b47594233ac8b4701bb7
2018-07-22 20:03:38 55 69 57512332300ada12813e0a876cdf0090d81aee28953dcc24f3b610e022f89327
2018-07-24 06:05:19 54 68 3656d67014dc5ad09c77b06ee1b3da751526fe47cdc21d5002869524beabcd48
2018-07-24 05:50:15 53 67 b946b5de6599f02a9fa1af3c166fc50d3b4636a56c0ac73a56d939231a9b42a8
2018-07-24 05:45:38 44 67 2bda400f65b3097eb48fd77c8ecb610689884675542062ae2b234d2a1acee9d0
2018-07-23 17:44:19 18 70 db7c591fa32343770f3a03c3383e8fb89b1f30ae106263fc6d066aa45c1321f6
2018-07-24 05:34:57 47 67 27ae8d443e224eba7fe0da8c03e771be3784ff9485f018074eee191b2bf35644
2018-07-24 05:34:40 58 68 263713235cbbeb7714aef21da83f1162f9c5e6e64a6054c97769b339fb2ffe9a
2018-07-24 05:34:36 49 67 18e3295f7c6c5528483f25c383dd0e4aadb4c4c74a63ccb86fa30782b5c5c91e

Latest detected files that were downloaded from google.com

No entries.

google.com has been resolved to the following IP addresses:

last_resolved ip_address
2017-05-19 00:00:00 108.167.133.29
2016-02-16 00:00:00 108.177.10.100
2016-02-16 00:00:00 108.177.10.102
2018-03-14 00:00:00 108.177.111.100
2018-03-14 00:00:00 108.177.111.101
2018-03-15 00:00:00 108.177.111.102
2018-03-18 00:00:00 108.177.111.113
2018-03-15 00:00:00 108.177.111.138
2018-03-14 00:00:00 108.177.111.139
2018-07-20 03:31:21 108.177.112.100
2018-07-20 03:31:21 108.177.112.101
2018-07-20 03:31:21 108.177.112.102
2018-07-20 03:31:21 108.177.112.113
2018-07-20 03:31:21 108.177.112.138
2018-07-20 03:31:21 108.177.112.139
2018-07-11 11:27:21 108.177.119.100
2018-07-11 11:27:22 108.177.119.101
2018-07-11 11:27:21 108.177.119.102
2018-07-11 11:27:21 108.177.119.113
2018-07-11 11:27:21 108.177.119.138
2018-07-11 11:27:21 108.177.119.139
2018-07-12 01:45:40 108.177.120.100
2018-07-12 01:45:39 108.177.120.101
2018-07-12 01:45:40 108.177.120.102
2018-07-12 01:45:39 108.177.120.113
2018-07-12 01:45:40 108.177.120.138
2018-07-12 01:45:40 108.177.120.139
2018-07-19 03:28:50 108.177.121.100
2018-07-19 03:28:50 108.177.121.101
2018-07-19 03:28:50 108.177.121.102
2018-07-19 03:28:50 108.177.121.113
2018-07-19 03:28:50 108.177.121.138
2018-07-19 03:28:50 108.177.121.139
2018-06-27 13:14:54 108.177.122.100
2018-06-27 13:14:55 108.177.122.101
2018-06-27 13:14:55 108.177.122.102
2018-06-27 13:14:55 108.177.122.113
2018-06-27 13:14:55 108.177.122.138
2018-06-27 13:14:55 108.177.122.139
2018-06-14 06:42:21 108.177.127.100
2018-06-14 06:42:21 108.177.127.101
2018-06-14 06:42:21 108.177.127.102
2018-06-14 06:42:21 108.177.127.113
2018-06-14 06:42:21 108.177.127.138
2018-06-14 06:42:21 108.177.127.139
2018-07-23 10:36:03 108.177.15.100
2018-07-23 10:35:18 108.177.15.101
2018-07-23 10:33:47 108.177.15.102
2018-07-19 14:15:34 108.177.15.113
2018-07-23 10:32:53 108.177.15.138

Whois analysis:

Domain Name: GOOGLE.COM
Registry Domain ID: 2138514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2018-02-21T18:36:40Z
Creation Date: 1997-09-15T04:00:00Z
Registry Expiry Date: 2020-09-14T04:00:00Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
DNSSEC: unsigned
Domain Name: google.com
Updated Date: 2018-02-21T10:45:07-0800
Creation Date: 1997-09-15T00:00:00-0700
Registrar Registration Expiration Date: 2020-09-13T21:00:00-0700
Registrar: MarkMonitor, Inc.
Domain Status: clientUpdateProhibited ( https://www.icann.org/epp#clientUpdateProhibited )
Domain Status: clientTransferProhibited ( https://www.icann.org/epp#clientTransferProhibited )
Domain Status: clientDeleteProhibited ( https://www.icann.org/epp#clientDeleteProhibited )
Domain Status: serverUpdateProhibited ( https://www.icann.org/epp#serverUpdateProhibited )
Domain Status: serverTransferProhibited ( https://www.icann.org/epp#serverTransferProhibited )
Domain Status: serverDeleteProhibited ( https://www.icann.org/epp#serverDeleteProhibited )
Registrant Country: US
Admin Organization: Google LLC
Admin State/Province: CA
Admin Country: US
Tech Organization: Google LLC
Tech State/Province: CA
Tech Country: US
Name Server: ns3.google.com
Name Server: ns2.google.com
Name Server: ns4.google.com
Name Server: ns1.google.com

Observed subdomains

Domain
27.docs.google.com
8.chart.apis.google.com
geoauth.google.com
adservice.google.com
ogs.google.com
accounts.google.com
play.google.com
news.url.google.com
mt2.google.com
alt5-mtalk.google.com
books.google.com
id.google.com
apis.google.com
notifications.google.com
meet.google.com
mts0.google.com
www.google.com
alt2-mtalk.google.com
policies.google.com
taskassist-pa.clients6.google.com
search.google.com
xmpp.l.google.com
1.client-channel.google.com
safebrowsing-cache.google.com
encrypted.google.com
groups.google.com
68.docs.google.com
feedburner.google.com
clients2.google.com
suggestqueries.google.com
toolbarqueries.google.com
mtalk4.google.com
chatenabled.mail.google.com
alt6-mtalk.google.com
mt0.google.com
alt2.gmail-smtp-in.l.google.com
reminders-pa.clients6.google.com
7.client-channel.google.com
hangouts.google.com
android.clients.google.com
mtalk.google.com
wide-youtube.l.google.com
15.client-channel.google.com
history.google.com
drive.google.com
8.client-channel.google.com
status.cloud.google.com
safebrowsing.google.com
contributor.google.com
docs.google.com

3. Get malicious file report


Retrieves metadata for a malicious file.

Base Command

vt-private-get-file-report

Input
Argument Name Description
resource MD5/SHA-1/SHA-256 hash of file to retrieve the most recent antivirus report for.
It is also possible to specify a scan_id (SHA-256-timestamp as returned by the scan API) to access a specific report.
allInfo Virus Total metadata, signature information, structural information, and more.
Can be viewed with raw-response=true .
threshold If the number of positive results from the VT scanners is bigger than the threshold, the file will be considered malicious.
Default is configured in the instance settings.
longFormat Returns a full response with scans.

Context Output
Path Description
File.MD5 File's MD5
File.SHA1 File's SHA1
File.SHA256 File's SHA256
File.Malicious.Vendor For malicious files, the vendor that made the decision
File.Malicious.Detections For malicious files. Total detections.
File.Malicious.TotalEngines For malicious files. Total engines
DBotScore.Indicator The indicator we tested
DBotScore.Type The type of the indicator
DBotScore.Vendor Vendor used to calculate the score
DBotScore.Score The actual score
File.VirusTotal.Scans.Source Scan vendor for this hash
File.VirusTotal.Scans.Detected Scan detection for this hash (True,False)
File.VirusTotal.Scans.Result Scan result for this hash - signature, etc.

Command Example
!vt-private-get-file-report resource=2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae allInfo=true longFormat=true
Context Example
{
  "MD5": "fedeb68e5bc9a1627b32504da4d7475a",
  "Malicious": {
    "Detections": 58,
    "TotalEngines": 68,
    "Vendor": "VirusTotal"
  },
  "SHA1": "9ad524ddd2fb551490187bf3d506449f31e20423",
  "SHA256": "2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae",
  "VirusTotal": {
    "Scans": [
      {
        "Details": null,
        "Detected": true,
        "Result": "Trojan.Slingup.A",
        "Source": "ALYac",
        "Update": "20180624"
      },
      {
        "Details": null,
        "Detected": true,
        "Result": "Win32:RmnDrp",
        "Source": "AVG",
        "Update": "20180624"
      },
      {
        "Details": null,
        "Detected": true,
        "Result": "Virus.Win32.Ramnit.b (v)",
        "Source": "AVware",
        "Update": "20180624"
      },
      {
        "Details": null,
        "Detected": true,
        "Result": "Trojan.Slingup.A",
        "Source": "Ad-Aware",
        "Update": "20180624"
      }
    ]
  }
}
Human Readable Output

VirusTotal Hash Reputation for: 2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae

Scan ID: 2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae-1529842805
Scan date: 2018-06-24 12:20:05
Detections / Total: 58/68
VT Link: 2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae
MD5: fedeb68e5bc9a1627b32504da4d7475a
SHA1: 9ad524ddd2fb551490187bf3d506449f31e20423
SHA256: 2d8bb37078ff9efd02d9361975c9e625ae56bd8a8a65d50fc568341bc88392ae

Scans

Details Source Detected Result Update
ALYac true Trojan.Slingup.A 20180624
AVG true Win32:RmnDrp 20180624
AVware true Virus.Win32.Ramnit.b (v) 20180624
Ad-Aware true Trojan.Slingup.A 20180624
AegisLab true W32.Nimnul.tp20 20180622
AhnLab-V3 true Win32/Ramnit.J 20180624
Antiy-AVL true Virus/Win32.Nimnul.a 20180624
Arcabit true Trojan.Slingup.A 20180624
Avast true Win32:RmnDrp 20180624
Avira true W32/Ramnit.C 20180624
Baidu true Win32.Virus.Nimnul.a 20180622
Bkav true W32.Tmgrtext.PE 20180623
CAT-QuickHeal true W32.Ramnit.BA 20180623
CMC true Virus.Win32.Ramit.1!O 20180624
ClamAV true Win.Trojan.Ramnit-1847 20180624
Comodo true Virus.Win32.Ramnit.K 20180624
CrowdStrike true malicious_confidence_100% (W) 20180530
Cybereason true malicious.e5bc9a 20180225
Cylance true Unsafe 20180624
Cyren true W32/Ramnit.B!Generic 20180624
DrWeb true Win32.Rmnet.8 20180624
ESET-NOD32 true Win32/Ramnit.H 20180624
Emsisoft true Trojan.Slingup.A (B) 20180624
Endgame true malicious (high confidence) 20180612
F-Prot true W32/Ramnit.B!Generic 20180624
Fortinet true W32/Ramnit.A 20180624
GData true Win32.Virus.Nimnul.A 20180624
Ikarus true Backdoor.Win32.Slingup 20180624
Invincea true heuristic 20180601
Jiangmin true Win32/IRCNite.wi 20180624
K7AntiVirus true Virus ( 002fe95d1 ) 20180624
K7GW true Virus ( 002fe95d1 ) 20180624
Kaspersky true Virus.Win32.Nimnul.a 20180624
Kingsoft true Win32.Ramnit.lx.30720 20180624
MAX true malware (ai score=88) 20180624
McAfee true W32/Ramnit.a 20180624
McAfee-GW-Edition true BehavesLike.Win32.Ramnit.dh 20180624
MicroWorld-eScan true Trojan.Slingup.A 20180624
Microsoft true Virus:Win32/Ramnit.P 20180624
NANO-Antivirus true Virus.Win32.Nimnul.bmnup 20180624
Panda true W32/Nimnul.A 20180624
Qihoo-360 true Virus.Win32.Ramnit.A 20180624
Rising true Malware.Heuristic!ET#98% (RDM+:cmRtazo2yjxeYhdDtLZXcAxee5+7) 20180624
SentinelOne true static engine - malicious 20180618
Sophos true W32/Ramnit-A 20180624
Symantec true W32.Ramnit.B!inf 20180623
TACHYON true Virus/W32.Ramnit 20180624
Tencent true Virus.Win32.Nimnul.e 20180624
TotalDefense true Win32/Ramnit.C 20180624
TrendMicro true PE_RAMNIT.DEN 20180624
TrendMicro-HouseCall true PE_RAMNIT.DEN 20180624
VBA32 true Virus.Win32.Nimnul.b 20180622
VIPRE true Virus.Win32.Ramnit.b (v) 20180624
ViRobot true Win32.Nimnul.A 20180623
Yandex true Win32.Nimnul.Gen.2 20180622
Zillya true Virus.Nimnul.Win32.1 20180622
ZoneAlarm true Virus.Win32.Nimnul.a 20180624
Zoner true Win32.Ramnit.H 20180623
Alibaba false 20180622
Avast-Mobile false 20180623
Babable false 20180406
F-Secure false 20180624
Malwarebytes false 20180624
Paloalto false 20180624
SUPERAntiSpyware false 20180624
TheHacker false 20180624
Webroot false 20180624
eGambit false 20180624

4. Get URL report


Generates a report about a specific URL.

Base Command

vt-private-get-url-report

Input
Argument Name Description Required
resource A CSV list of one or more URLs to retrieve the most recent report for. You can also specify a scan_id (sha-256 timestamp returned by the URL submission API) to access a specific report. Required
retries The number of times the command will try to get the URL report, if the report was not ready on the first attempt. Optional
allInfo This additional info includes VirusTotal related metadata (first seen date, last seen date, files downloaded from the given URL, etc.) and the output of other tools and datasets when fed with the URL. Optional
shortFormat If "true", to hide VT scans tables Optional
threshold If the number of positives is larger than the threshold, the file will be considered malicious. If threshold is not specified, the default file threshold, as configured in the instance settings, will be used. Optional
fullResponse Return all of the results, note that it can be thousands of results. Prefer not to use in playbooks. The default value is false . Optional
retry_time The amount of time (in seconds) that the integration will wait before trying to get a URL report for URLS whose scans have not completed. Optional

Context Output
Path Type Description
URL.Data string URL address
URL.Malicious.Vendor string For malicious URLs, the vendor that made the decision
URL.Malicious.Description string For malicious URLs, the reason that the vendor made the decision
DBotScore.Indicator string The indicator that was tested
DBotScore.Type string The indicator type
DBotScore.Vendor string Vendor used to calculate the score
DBotScore.Score number The actual score
URL.VirusTotal.Resolutions.ip_address Unknown IPs that resolved to this URL
URL.VirusTotal.Resolutions.last_resolved Unknown Resolve date of IPs that resolved to this URL
URL.VirusTotal.Scans.Source Unknown Scan vendor for this URL
URL.VirusTotal.Scans.Detected Unknown Scan detection for this URL (True/False)
URL.VirusTotal.Scans.Result Unknown Scan result for this URL - signature, etc.

Command Example
!vt-private-get-url-report resource="www.google.com,https://ctgold.in.net/G5?POP!=junk.name@jonk.com"
Context Example
{
    "URL": [
        {
            "Data": "https://ctgold.in.net/G5?POP!=junk.name@jonk.com", 
            "VirusTotal": {
                "Scans": [
                    {
                        "Source": "CRDF", 
                        "Detected": true, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "malicious site"
                    }, 
                    {
                        "Source": "CyRadar", 
                        "Detected": true, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "malicious site"
                    }, 
                    {
                        "Source": "Forcepoint ThreatSeeker", 
                        "Detected": true, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "phishing site"
                    }, 
                    {
                        "Source": "Google Safebrowsing", 
                        "Detected": true, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "phishing site"
                    }, 
                    {
                        "Source": "Kaspersky", 
                        "Detected": true, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "phishing site"
                    }, 
                    {
                        "Source": "Sophos", 
                        "Detected": true, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "malicious site"
                    }, 
                    {
                        "Source": "ADMINUSLabs", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "AegisLab WebGuard", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "AlienVault", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Antiy-AVL", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "AutoShun", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Avira", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Baidu-International", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "BitDefender", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Blueliv", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "C-SIRT", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "CLEAN MX", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Certly", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Comodo Site Inspector", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "CyberCrime", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "DNS8", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Dr.Web", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ESET", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Emsisoft", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Fortinet", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "FraudScore", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "FraudSense", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "G-Data", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "K7AntiVirus", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malc0de Database", 
                        "Detected": false, 
                        "Details": "http://malc0de.com/database/index.php?search=ctgold.in.net", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malekal", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malware Domain Blocklist", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "MalwareDomainList", 
                        "Detected": false, 
                        "Details": "http://www.malwaredomainlist.com/mdl.php?search=ctgold.in.net", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "MalwarePatrol", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malwarebytes hpHosts", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malwared", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Netcraft", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "NotMining", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Nucleon", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "OpenPhish", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Opera", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "PhishLabs", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Phishtank", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Quttera", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Rising", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "SCUMWARE.org", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "SecureBrain", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Spam404", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "StopBadware", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Sucuri SiteCheck", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Tencent", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ThreatHive", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Trustwave", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "URLQuery", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "VX Vault", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Virusdie External Site Scan", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Web Security Guard", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Yandex Safebrowsing", 
                        "Detected": false, 
                        "Details": "http://yandex.com/infected?l10n=en&url=https://ctgold.in.net/G5?POP!=junk.name@jonk.com", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZCloudsec", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZDB Zeus", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZeroCERT", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Zerofox", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZeusTracker", 
                        "Detected": false, 
                        "Details": "https://zeustracker.abuse.ch/monitor.php?host=ctgold.in.net", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "desenmascara.me", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "malwares.com URL checker", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "securolytics", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "zvelo", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }
                ]
            }
        }, 
        {
            "Data": "www.google.com", 
            "VirusTotal": {
                "Scans": [
                    {
                        "Source": "ADMINUSLabs", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "AegisLab WebGuard", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "AlienVault", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Antiy-AVL", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "AutoShun", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Avira", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Baidu-International", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "BitDefender", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Blueliv", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "C-SIRT", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "CLEAN MX", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Certly", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Comodo Site Inspector", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "CyRadar", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "CyberCrime", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "DNS8", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Dr.Web", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ESET", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Emsisoft", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Forcepoint ThreatSeeker", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Fortinet", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "FraudScore", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "FraudSense", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "G-Data", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Google Safebrowsing", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "K7AntiVirus", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Kaspersky", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malc0de Database", 
                        "Detected": false, 
                        "Details": "http://malc0de.com/database/index.php?search=www.google.com", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malekal", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malware Domain Blocklist", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "MalwareDomainList", 
                        "Detected": false, 
                        "Details": "http://www.malwaredomainlist.com/mdl.php?search=www.google.com", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "MalwarePatrol", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malwarebytes hpHosts", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Malwared", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Netcraft", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "NotMining", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Nucleon", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "OpenPhish", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Opera", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "PhishLabs", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Phishtank", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Quttera", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Rising", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "SCUMWARE.org", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "SecureBrain", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Sophos", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Spam404", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "StopBadware", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "Sucuri SiteCheck", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Tencent", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ThreatHive", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Trustwave", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "URLQuery", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "unrated site"
                    }, 
                    {
                        "Source": "VX Vault", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Virusdie External Site Scan", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Web Security Guard", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Yandex Safebrowsing", 
                        "Detected": false, 
                        "Details": "http://yandex.com/infected?l10n=en&url=http://www.google.com/", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZCloudsec", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZDB Zeus", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZeroCERT", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "Zerofox", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "ZeusTracker", 
                        "Detected": false, 
                        "Details": "https://zeustracker.abuse.ch/monitor.php?host=www.google.com", 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "desenmascara.me", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "malwares.com URL checker", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "securolytics", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }, 
                    {
                        "Source": "zvelo", 
                        "Detected": false, 
                        "Details": null, 
                        "Update": null, 
                        "Result": "clean site"
                    }
                ]
            }
        }
    ], 
    "DBotScore": [
        {
            "Vendor": "VirusTotal - Private API", 
            "Indicator": "https://ctgold.in.net/G5?POP!=junk.name@jonk.com", 
            "Score": 2, 
            "Type": "url"
        }, 
        {
            "Vendor": "VirusTotal - Private API", 
            "Indicator": "www.google.com", 
            "Score": 1, 
            "Type": "url"
        }
    ]
}
Human Readable Output

Scan ID: 899b8b5d10d3e3b6b20ff94075b9b8d8db771cd24097e2cdd71457e69f4ad705-1552987965
Scan date: 2019-03-19 09:32:45
Detections / Total: 6/67
VT Link: https://ctgold.in.net/G5?POP!=junk.name@jonk.com

Scans

Details Source Detected Result Update
CRDF true malicious site
CyRadar true malicious site
Forcepoint ThreatSeeker true phishing site
Google Safebrowsing true phishing site
Kaspersky true phishing site
Sophos true malicious site
ADMINUSLabs false clean site
AegisLab WebGuard false clean site
AlienVault false clean site
Antiy-AVL false clean site
AutoShun false unrated site
Avira false clean site
Baidu-International false clean site
BitDefender false clean site
Blueliv false clean site
C-SIRT false clean site
CLEAN MX false clean site
Certly false clean site
Comodo Site Inspector false clean site
CyberCrime false clean site
DNS8 false clean site
Dr.Web false clean site
ESET false clean site
Emsisoft false clean site
Fortinet false clean site
FraudScore false clean site
FraudSense false clean site
G-Data false clean site
K7AntiVirus false clean site
http://malc0de.com/database/index.php?search=ctgold.in.net Malc0de Database false clean site
Malekal false clean site
Malware Domain Blocklist false clean site
http://www.malwaredomainlist.com/mdl.php?search=ctgold.in.net MalwareDomainList false clean site
MalwarePatrol false clean site
Malwarebytes hpHosts false clean site
Malwared false clean site
Netcraft false unrated site
NotMining false unrated site
Nucleon false clean site
OpenPhish false clean site
Opera false clean site
PhishLabs false unrated site
Phishtank false clean site
Quttera false clean site
Rising false clean site
SCUMWARE.org false clean site
SecureBrain false clean site
Spam404 false clean site
StopBadware false unrated site
Sucuri SiteCheck false clean site
Tencent false clean site
ThreatHive false clean site
Trustwave false clean site
URLQuery false unrated site
VX Vault false clean site
Virusdie External Site Scan false clean site
Web Security Guard false clean site
http://yandex.com/infected?l10n=en&url=https://ctgold.in.net/G5?POP!=junk.name@jonk.com Yandex Safebrowsing false clean site
ZCloudsec false clean site
ZDB Zeus false clean site
ZeroCERT false clean site
Zerofox false clean site
https://zeustracker.abuse.ch/monitor.php?host=ctgold.in.net ZeusTracker false clean site
desenmascara.me false clean site
malwares.com URL checker false clean site
securolytics false clean site
zvelo false clean site

VirusTotal URL report for: www.google.com

Scan ID: dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1552987806
Scan date: 2019-03-19 09:30:06
Detections / Total: 0/66
VT Link: www.google.com

Scans

Details Source Detected Result Update
ADMINUSLabs false clean site
AegisLab WebGuard false clean site
AlienVault false clean site
Antiy-AVL false clean site
AutoShun false unrated site
Avira false clean site
Baidu-International false clean site
BitDefender false clean site
Blueliv false clean site
C-SIRT false clean site
CLEAN MX false clean site
Certly false clean site
Comodo Site Inspector false clean site
CyRadar false clean site
CyberCrime false clean site
DNS8 false clean site
Dr.Web false clean site
ESET false clean site
Emsisoft false clean site
Forcepoint ThreatSeeker false clean site
Fortinet false clean site
FraudScore false clean site
FraudSense false clean site
G-Data false clean site
Google Safebrowsing false clean site
K7AntiVirus false clean site
Kaspersky false clean site
http://malc0de.com/database/index.php?search=www.google.com Malc0de Database false clean site
Malekal false clean site
Malware Domain Blocklist false clean site
http://www.malwaredomainlist.com/mdl.php?search=www.google.com MalwareDomainList false clean site
MalwarePatrol false clean site
Malwarebytes hpHosts false clean site
Malwared false clean site
Netcraft false unrated site
NotMining false unrated site
Nucleon false clean site
OpenPhish false clean site
Opera false clean site
PhishLabs false unrated site
Phishtank false clean site
Quttera false clean site
Rising false clean site
SCUMWARE.org false clean site
SecureBrain false clean site
Sophos false unrated site
Spam404 false clean site
StopBadware false unrated site
Sucuri SiteCheck false clean site
Tencent false clean site
ThreatHive false clean site
Trustwave false clean site
URLQuery false unrated site
VX Vault false clean site
Virusdie External Site Scan false clean site
Web Security Guard false clean site
http://yandex.com/infected?l10n=en&url=http://www.google.com/ Yandex Safebrowsing false clean site
ZCloudsec false clean site
ZDB Zeus false clean site
ZeroCERT false clean site
Zerofox false clean site
https://zeustracker.abuse.ch/monitor.php?host=www.google.com ZeusTracker false clean site
desenmascara.me false clean site
malwares.com URL checker false clean site
securolytics false clean site
zvelo false clean site

5. Get IP address report


Generates a report about a specific IP address.

An IP tested with this command is considered malicious if it has a number of detected communicating samples (files that VT marked as malicious and communicated with this IP) that exceeds the IP threshold, or if it has a URL that was hosted in this IP and had a positive amount that exceeds the URL threshold.

Base Command

vt-private-get-ip-report

Input
Argument Name Description
ip Valid IPv4 address in dotted quad notation.
Only IPv4 addresses are supported.
threshold If the number of positive results from the VT scanners is bigger than the threshold, the IP address will be considered malicious.
Default is as configured in the instance settings.
fullResponse Return all results. This can number in the thousands, so we recommend not using in playbooks. Default is false .

Context Output
Path Description
IP.Address Bad IP address found
IP.ASN Bad IP ASN
IP.Geo.Country Bad IP country
IP.Malicious.Vendor For malicious IPs, the vendor that made the decision
IP.Malicious.Description For malicious IPs, the reason that the vendor made the decision
DBotScore.Indicator The indicator that was tested
DBotScore.Type The type of the indicator
DBotScore.Vendor Vendor used to calculate the score
DBotScore.Score The actual score
IP.VirusTotal.DownloadedHashes Latest files that are detected by at least one antivirus solution and were downloaded by VirusTotal from the IP address
IP.VirusTotal.UnAVDetectedDownloadedHashes Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided
IP.VirusTotal.DetectedURLs Latest URLs hosted in this IP address detected by at least one URL scanner
IP.VirusTotal.CommunicatingHashes Latest detected files that communicate with this IP address
IP.VirusTotal.UnAVDetectedCommunicatingHashes Latest undetected files that communicate with this IP address
IP.VirusTotal.Resolutions.hostname The following domains resolved to the given IP
IP.VirusTotal.ReferrerHashes Latest detected files that embed this IP address in their strings
IP.VirusTotal.UnAVDetectedReferrerHashes Latest undetected files that embed this IP address in their strings
IP.VirusTotal.Resolutions.last_resolved The last time the following domains resolved to the given IP

Command Example
!vt-private-get-ip-report ip=8.8.8.8 fullResponse="false"
Context Example
{
  "ASN": "15169",
  "Address": "8.8.8.8",
  "Geo": {
    "Country": "US"
  },
  "VirusTotal": {
    "CommunicatingHashes": [
      {
        "date": "2018-07-24 04:25:53",
        "positives": 37,
        "sha256": "63309a3ece4c0c0568db02d3c3e562c75aff756bb9387f56fc86d7a89c59ee7f",
        "total": 70
      },
      {
        "date": "2018-07-24 07:15:21",
        "positives": 32,
        "sha256": "4aeb98aaeb459f8be2fb737f8228e52387f33ec84df4a7933927670f790e3e02",
        "total": 68
      },
      {
        "date": "2018-07-24 07:06:31",
        "positives": 52,
        "sha256": "60b65e182b33241e895e10a672ca1451e1f04b430fdbf98065211ace3a6264a4",
        "total": 67
      },
      {
        "date": "2018-07-24 00:13:33",
        "positives": 3,
        "sha256": "c69d3691cd8d03a1823879ed5dbb1afe3e5b26cb5c72eed05f38f85f6bbaad93",
        "total": 70
      },
      {
        "date": "2018-07-24 03:38:37",
        "positives": 32,
        "sha256": "ef7e0c62ddb624f1b0ec2f64940d8ad218e40dd182031818ef022ba8ddd47d11",
        "total": 70
      }
      ]
  }
}

6. Submit a query


Submits a query to Virus Total.

Base Command

vt-private-search-file

Input
Argument Name Description
query File search query
fullResponse Return all results. This can number in the thousands, so we recommend not using in playbooks. Default is false .

Context Output
Path Description
VirusTotal.SearchResult Hashes of files that match the query
VirusTotal.Query Original search query

Command Example
!vt-private-search-file query="type:peexe size:90kb+ positives:5+ behaviour:'taskkill'"
Context Example
{
  "SearchFile": {
    "Query": "type:peexe size:90kb+ positives:5+ behaviour:'taskkill'",
    "SearchResult": [
      "698a9a11c38763b514fd6fc74ee773c2510b0a88faefaf0e5807d51d39f59af7",
      "7c6ebc9225163da5e6a01766895b9b520c8aa24320e6ff9a6ea87c8b8eecfa8e",
      "c42011a62bf4621962788d48ed3938bfddf8b32685f5ced6442934ad80c12c25",
      "0f965f6e2285002fa7d082fd3d28b49d96a05ba59d916624061f24e3b94a54c3",
      "1cb4ffa0e9914d6c5b4aad008636849096a39d3aaf66297ba826a3e01865ff98",
      "ee89e5627b4be45efdd30b8b3cfe5275c1591a4a350cce7ae24a6efc4819f1ef",
      "d6582514f1d68ab7976de7ac447a89a9fb9ae7cff8219d27b327c0712cc8e2d1",
      "150a67b251607bda468aebfd462976de081ace5015dc43f7024cab58fb6ec5dd",
      "16d186b7d4a805b66610fbc626c1af51f5b9cfe47c06d0604a1002bce5e92219",
      "aef0b520e96da26126a88de23ee000bc31a15ba0214c5a50e09c9944284dd16e",
      "22822ce94523e24e03cb3f63d1f9522929b1d53902818fe8d009b467f68033c3",
      "0554588ca5dbf78e1e30375621d32e1d323a18a4296fbf54deb70169113541a7",
      "ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e",
      "89d7ebfd154c44d17939107b58422736a605d1e80099d6c8fd73462b492227d7",
      "c8a44fe52a058ad03b23e07f387c35da6d9cf2cd4ded95835c09b04b8308ac4c",
      "296d70d8f10c964f6a8e4cc88760e25c07c0f050ffa2768c30cbd281d94af8d9",
      "0556433422e53ededb408d14f522d0956cc5dacb4d1f3d235a05898307f6838a",
      "75b0d5a5be55b30975e4694077b178b477ea4c82031f48deab63356a8fef4dd6",
      "7cd606da7ff2204a2d5d6d67511e120011c6d0489788ed390e9a5c858b34df8e",
      "590d40c79f48aaeae22d07a9e1b0ca4f4c059f5001444902a90a49f1f7d09923",
      "a25d8da463ffa1f44138c40fb0f4df6c10f03e7d6c00436531168a5a2aa9707d",
      "54ad2ddd1cd747fb6644e9184e9751c4ca2ad5a57c232f33023001d210c48098",
      "6b2629629924224a6909bd2c5814b13f8721ebc5caef8c55ee6233be891b7112",
      "71acde730859ec1902ed0ec72e16db8fcc5eefb84f1079a5eb2eb19589ea4d88",
      "5392685717eb8710017fabea59954ebc8a62d791634439c6d84dbae059578069",
      "58fd0f2dd2e60e507b4ac78c10f32c1fb92eef45f43f94b934d2c643b3911731",
      "2a2176f026f93116807553342338a59010cfd97fdb96129143e33807f4d66b13",
      "4e4fb7ab71072d2a42769dab76f4f54e3bb29a0c288943dcbdc20beb55edf321",
      "a6db7d675f031cbcd64a83115bf00e3d50b40cd708ebedf39b94be298137d301",
      "9342d1831165c52b92549b7340d9631a05f1ef5609ba74534e9fedd44a8256fc",
      "e71235a6a104fbf7f2916153659c460752213ca6c698c9a8f656c1b7187523fa",
      "e3f4e83633326ed9a9f085468aac13be840bc6a29fc62b8d90299884800bbf66",
      "e760c373a6641ad9b3e817d1f7545f68a6cc7a0811c17e0ff2a5cb3738fb2418",
      "a5263a9071152c02f2c16891203263a27876b4da626cd40bef28e46f49472352",
      "6edec978e399cde55d66afde8c64f4e1b4bd001b8288c976ce399341145f431b",
      "2d375422c0499c929ca7d958ae8354048b1d2972fffc3676f32c6445bc3d20b8",
      "10fa90e7c6d7c3a0e172346a8c0fbf0c48f852a9abc9482231007cadae62a539",
      "f67b7fab4f5c1c4fda2b51eaeac8a57020a71352d0b5daf27fea3524fd39ba63",
      "59df7d186b4f810d870ada1ffe85dad04b5acb12a499dcc51c9e1048ea3a480c",
      "2984d96b73586481363af095a9bd630507af604b11b61ed4a20aef7275ef85e3",
      "20cd8e956a1700161b9cba57fcae2f0f49cb00217de10e07712007a40b5cd865",
      "02db5e24cf325a5ee266624cbbd73a541d007c1c230f89dcd70e08600b356409",
      "5b0217cba668bb19ec22e5d567e3391652d9bcaff3632521ac54900f04288ee2",
      "b0f67e11ae7a412be4467d16774a188e6571b959bcba856b6188694fb2e36e09",
      "c6e09206fd8666c954ccfe8765376dba37591e39f87f404aec87490c9dbbd0c9",
      "3bb937aa5151a6eb1232855811d13ea64419e6d1e8176bd2a15d44b4e432972f",
      "ed0c33b943a089acf49879b97accfad897141043d97f20ea291b5b09d213b057",
      "69f414a12a822242951cefcf8b1b00b4ee9773f394211ca7ab9019be93031621",
      "916241775e3a96d6809e2f7b29d89a1f261b025e0f1f891180b8f532572f6aca",
      "f06b2052228c6e3c7cd3b713b23ec29cd56c8c7ea112ea2a9ab87309b4c9ff92"
    ]
  }
}
Human Readable Output

Found the following hashes for the query :type:peexe size:90kb+ positives:5+ behaviour:'taskkill'

Hashes are:

Hash
698a9a11c38763b514fd6fc74ee773c2510b0a88faefaf0e5807d51d39f59af7
7c6ebc9225163da5e6a01766895b9b520c8aa24320e6ff9a6ea87c8b8eecfa8e
c42011a62bf4621962788d48ed3938bfddf8b32685f5ced6442934ad80c12c25
0f965f6e2285002fa7d082fd3d28b49d96a05ba59d916624061f24e3b94a54c3
1cb4ffa0e9914d6c5b4aad008636849096a39d3aaf66297ba826a3e01865ff98
ee89e5627b4be45efdd30b8b3cfe5275c1591a4a350cce7ae24a6efc4819f1ef
d6582514f1d68ab7976de7ac447a89a9fb9ae7cff8219d27b327c0712cc8e2d1
150a67b251607bda468aebfd462976de081ace5015dc43f7024cab58fb6ec5dd
16d186b7d4a805b66610fbc626c1af51f5b9cfe47c06d0604a1002bce5e92219
aef0b520e96da26126a88de23ee000bc31a15ba0214c5a50e09c9944284dd16e
22822ce94523e24e03cb3f63d1f9522929b1d53902818fe8d009b467f68033c3
0554588ca5dbf78e1e30375621d32e1d323a18a4296fbf54deb70169113541a7
ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e
89d7ebfd154c44d17939107b58422736a605d1e80099d6c8fd73462b492227d7
c8a44fe52a058ad03b23e07f387c35da6d9cf2cd4ded95835c09b04b8308ac4c
296d70d8f10c964f6a8e4cc88760e25c07c0f050ffa2768c30cbd281d94af8d9
0556433422e53ededb408d14f522d0956cc5dacb4d1f3d235a05898307f6838a
75b0d5a5be55b30975e4694077b178b477ea4c82031f48deab63356a8fef4dd6
7cd606da7ff2204a2d5d6d67511e120011c6d0489788ed390e9a5c858b34df8e
590d40c79f48aaeae22d07a9e1b0ca4f4c059f5001444902a90a49f1f7d09923
a25d8da463ffa1f44138c40fb0f4df6c10f03e7d6c00436531168a5a2aa9707d
54ad2ddd1cd747fb6644e9184e9751c4ca2ad5a57c232f33023001d210c48098
6b2629629924224a6909bd2c5814b13f8721ebc5caef8c55ee6233be891b7112

7. Return hashes for a specific IP address


Returns information about the hashes that communicate with a specific IP address.

Command Name

vt-private-hash-communication

Input
Argument Name Description
hash File hash
fullResponse Return all results. This can number in the thousands, so we recommend not using in playbooks. Default is false .

Context Output
Path Description
File.VirusTotal.CommunicatedDomains Domains that the hash communicates with
File.VirusTotal.CommunicatedURLs URLs that the hash communicates with
File.VirusTotal.CommunicatedIPs IPs that the hash communicates with
File.VirusTotal.CommunicatedHosts Hosts that the hash communicates with
File.MD5 MD5 of the file
File.SHA1 SHA-1 of the file
File.SHA256 SHA-256 of the file

Command Example
!vt-private-hash-communication hash="ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e" fullResponse="false"
Context Example
{
  "SearchFile": {
    "Query": "type:peexe size:90kb+ positives:5+ behaviour:'taskkill'",
    "SearchResult": [
      "698a9a11c38763b514fd6fc74ee773c2510b0a88faefaf0e5807d51d39f59af7",
      "7c6ebc9225163da5e6a01766895b9b520c8aa24320e6ff9a6ea87c8b8eecfa8e",
      "c42011a62bf4621962788d48ed3938bfddf8b32685f5ced6442934ad80c12c25",
      "0f965f6e2285002fa7d082fd3d28b49d96a05ba59d916624061f24e3b94a54c3",
      "1cb4ffa0e9914d6c5b4aad008636849096a39d3aaf66297ba826a3e01865ff98",
      "ee89e5627b4be45efdd30b8b3cfe5275c1591a4a350cce7ae24a6efc4819f1ef",
      "d6582514f1d68ab7976de7ac447a89a9fb9ae7cff8219d27b327c0712cc8e2d1",
      "150a67b251607bda468aebfd462976de081ace5015dc43f7024cab58fb6ec5dd",
      "16d186b7d4a805b66610fbc626c1af51f5b9cfe47c06d0604a1002bce5e92219",
      "aef0b520e96da26126a88de23ee000bc31a15ba0214c5a50e09c9944284dd16e",
      "22822ce94523e24e03cb3f63d1f9522929b1d53902818fe8d009b467f68033c3",
      "0554588ca5dbf78e1e30375621d32e1d323a18a4296fbf54deb70169113541a7",
      "ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e",
      "89d7ebfd154c44d17939107b58422736a605d1e80099d6c8fd73462b492227d7",
      "c8a44fe52a058ad03b23e07f387c35da6d9cf2cd4ded95835c09b04b8308ac4c",
      "296d70d8f10c964f6a8e4cc88760e25c07c0f050ffa2768c30cbd281d94af8d9",
      "0556433422e53ededb408d14f522d0956cc5dacb4d1f3d235a05898307f6838a",
      "75b0d5a5be55b30975e4694077b178b477ea4c82031f48deab63356a8fef4dd6",
      "7cd606da7ff2204a2d5d6d67511e120011c6d0489788ed390e9a5c858b34df8e",
      "590d40c79f48aaeae22d07a9e1b0ca4f4c059f5001444902a90a49f1f7d09923",
      "a25d8da463ffa1f44138c40fb0f4df6c10f03e7d6c00436531168a5a2aa9707d",
      "54ad2ddd1cd747fb6644e9184e9751c4ca2ad5a57c232f33023001d210c48098",
      "6b2629629924224a6909bd2c5814b13f8721ebc5caef8c55ee6233be891b7112",
      "71acde730859ec1902ed0ec72e16db8fcc5eefb84f1079a5eb2eb19589ea4d88",
      "5392685717eb8710017fabea59954ebc8a62d791634439c6d84dbae059578069",
      "58fd0f2dd2e60e507b4ac78c10f32c1fb92eef45f43f94b934d2c643b3911731",
      "2a2176f026f93116807553342338a59010cfd97fdb96129143e33807f4d66b13",
    ]
  }
}
Human Readable Output

Communication result for hash ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e

Hosts that the hash communicates with are:

Host
224.0.0.22
10.0.2.2
239.255.255.250
255.255.255.255
10.0.2.255
10.0.2.15
51.141.32.51
0.0.0.0

IPs that the hash communicates with are:

IP
10.0.2.2
239.255.255.250
10.0.2.255
10.0.2.15
51.141.32.51
255.255.255.255

8. Download a file


Downloads a file according to file hash.

Base Command

vt-private-download-file

Input
Argument Name Description
hash MD5/SHA-1/SHA-256 hash of the file you want to download

Context Output

There is no context output for this command.

Command Example
!vt-private-download-file hash=ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e
Context Example
{
  "EntryID": "4103@14268",
  "Extension": "",
  "Info": "application/x-dosexec",
  "MD5": "d62f1fba82927e7db4bdf5b70fe5a5c2",
  "Name": "ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e-vt-file",
  "SHA1": "2bd01a1ecfdfcd1824cfa45a54c048c5a31851b1",
  "SHA256": "ba5d0f897e89ff70cffb3e95e4d54ea152d6a273a95bdff2224a224c90c0d16e",
  "SSDeep": "12288:zhB3ospNelPCXzYaf2oS8tZqZdK87+KDVZpdsYifqI8IqCbK:zh+3/Y/tZCdJPLuK",
  "Size": 465064,
  "Type": "MS-DOS executable, MZ for MS-DOS\n"
}
Human Readable Output

File downloaded successfully.