Skip to main content

Cyware Orchestrate

Malpedia Premium

App Vendor: Malpedia Premium

Connector Category: Data Enrichment & Threat Intelligence

Connector version: 1.1.0

API Version: 1.0.0

About App

Malpedia Premium provides a resource for rapid identification and actionable context while investigating malware. In Orchestrate this app, allows the security team to query malware families, Yara rules, and malware samples from Malpedia Premium.

The Malpedia Premium app is configured with the Orchestrate application to perform the following actions:

Action Name

Description

Find Threat Actor Information

This action obtains details regarding a particular threat actor.

Find Malware Family

This action obtains data regarding malware families and their relations.

Get Malware Family IDs

This action obtains all the malware family IDs.

Get Malware Family Metadata

This action obtains all the metadata about a particular malware family ID.

Get Malware Family YARA Rules

This action obtains yara rules for detecting a particular malware strain.

Get Sample From MD5 Hash

This action obtains a malware sample from an md5 hash.

Get Malware Sample From SHA256 Hash

This action obtains a malware sample from a sha256 hash.

Generic Action

This is a generic action used to make requests to any Malpedia Premium endpoint.

Configuration Parameters

The following configuration parameters are required for the Malpedia Premium app to communicate with the Malpedia Premium enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

API token

Enter the Malpedia API token.

Example:

218iuh5kkelgdhigbg4r0ipvnn

Text

Required

Verify

Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection.

Boolean

Optional

By default, verification is enabled.

Timeout

Enter the timeout value in seconds. This is the number of seconds requests will wait to connect to Malpedia Premium and read the response.

Integer

Optional

Allowed range:

15-120

Default value:

15

Action: Find Threat Actor Information

This action obtains details regarding a particular threat actor.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Actor

Enter the threat actor name or its associated synonyms.

Text

Required

Action: Find Malware Family

This action obtains data regarding Malware families and their relations.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Malware

Enter the Malware name or its associated synonyms.

Text

Required

Action: Get Malware Family IDs

This action obtains all the Malware family IDs.

Action Input Parameters

This action does not require any input parameter.

Action: Get Malware Family Metadata

This action obtains all the metadata about a particular Malware family ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Family ID

Enter the family ID to obtain the metadata information.

Text

Required

Action: Get Malware Family YARA Rules

This action obtains YARA rules for detecting a particular Malware strain.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Family ID

Enter the Malware family ID.

Text

Required

Action: Get a sample from the MD5 hash

This action obtains a Malware sample from an MD5 hash.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

MD5 hash

Enter the MD5 hash to obtain samples.

Text

Required

Action: Get Malware sample from SHA256 hash

This action obtains a Malware sample from a SHA256 hash.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

SHA256 hash

Enter the SHA256 hash to obtain samples.

Text

Required

Action: Generic Action

This is a generic action used to make requests to any Malpedia Premium endpoint.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Method

Enter the HTTP method to make the request. 

Text

Required

Allowed values:

GET, PUT, POST, DELETE

Endpoint

Enter the endpoint to make the request to.

Example:

/api/get/version.

Text

Required

Query Params

Enter the query parameters to pass to the API.

Key Value

Optional

Payload

Enter the payload to pass to the API.

Any

Optional

This is passed under the payload_json key.

Extra Fields

Enter the extra fields to pass to the API.

Key Value

Optional

Allowed keys:

payload_json, download, files, filename, retry_wait, retry_count, custom_output, response_type