Darkfeed IOC detonation and proactive blocking

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Darkfeed Threat hunting/research
  • Block Indicators - Generic v2
  • Detonate File - Generic
  • Block File - Generic v2

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

  • vt-private-download-file

Playbook Inputs#


NameDescriptionDefault ValueRequired
FileFile hash (MD5, SHA-1, SHA-256) from DarkfeedFile.NoneOptional
Indicator QueryIndicators matching the indicator query will be used as playbook inputOptional
URLURL from Darkfeed_010 - Malware available for download from the deep and dark webURL.NoneOptional
Manual downloadSet "true" if analyst can manually download malware from deep and dark web filesharing site.trueOptional
VTdownloadSet "true" if you would like to automatically download file from Virustotal API.trueOptional
AutomatedIndicatorBlockingSet "true" if you would like to automatically block discovered malicious indicators.trueOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Darkfeed IOC detonation and proactive blocking