- Cyware Orchestrate
- Integrations
- Data Enrichment & Threat Intelligence
- Malpedia Premium
Malpedia Premium
App Vendor: Malpedia Premium
Connector Category: Data Enrichment & Threat Intelligence
Connector version: 1.0.0
API Version: 1.0.0
About App
Malpedia Premium provides a resource for rapid identification and actionable context while investigating malware. In Orchestrate this app, allows the security team to query malware families, Yara rules, and malware samples from Malpedia Premium.
The Malpedia Premium app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Find threat actor information | This action obtains details regarding a particular threat actor. |
Find malware family | This action obtains data regarding malware families and their relations. |
Get malware family IDs | This action obtains all the malware family IDs. |
Get malware family metadata | This action obtains all the metadata about a particular malware family ID. |
Get malware family yara rules | This action obtains yara rules for detecting a particular malware strain. |
Get sample from md5 hash | This action obtains a malware sample from an md5 hash. |
Get malware sample from sha256 hash | This action obtains a malware sample from a sha256 hash. |
Configuration Parameters
The following configuration parameters are required for the Malpedia Premium app to communicate with the Malpedia Premium enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API token | Enter the Malpedia API token. Example: "218iuh5kkelgdhigbg4r0ipvnn" | Text | Required |
Action: Find Threat Actor Information
This action obtains details regarding a particular threat actor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Actor | Enter the threat actor name or its associated synonyms. | Text | Required |
Action: Find Malware Family
This action obtains data regarding Malware families and their relations.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware | Enter the Malware name or its associated synonyms. | Text | Required |
Action: Get Malware Family IDs
This action obtains all the Malware family IDs.
Action Input Parameters
This action does not require any input parameter.
Action: Get Malware Family Metadata
This action obtains all the metadata about a particular Malware family ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Family ID | Enter the family ID to obtain the metadata information. | Text | Required |
Action: Get Malware Family YARA Rules
This action obtains YARA rules for detecting a particular Malware strain.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Family ID | Enter the Malware family ID. | Text | Required |
Action: Get a sample from the MD5 hash
This action obtains a Malware sample from an MD5 hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
MD5 hash | Enter the MD5 hash to obtain samples. | Text | Required |
Action: Get Malware sample from SHA256 hash
This action obtains a Malware sample from a SHA256 hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
SHA256 hash | Enter the SHA256 hash to obtain samples. | Text | Required |