Darkfeed IOC detonation and proactive blocking

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Darkfeed Threat hunting/research
  • Block Indicators - Generic v2
  • Detonate File - Generic
  • Block File - Generic v2

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

  • vt-private-download-file

Playbook Inputs


NameDescriptionDefault ValueRequired
FileFile hash (MD5, SHA-1, SHA-256) from DarkfeedFile.NoneOptional
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
URLURL from Darkfeed_010 - Malware available for download from the deep and dark webURL.NoneOptional
Manual downloadSet "true" if analyst can manually download malware from deep and dark web filesharing site.trueOptional
VTdownloadSet "true" if you would like to automatically download file from Virustotal API.trueOptional
AutomatedIndicatorBlockingSet "true" if you would like to automatically block discovered malicious indicators.trueOptional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


Darkfeed IOC detonation and proactive blocking