- Cyware Orchestrate
- Integrations
- Data Enrichment & Threat Intelligence
- Malpedia Premium
Malpedia Premium
App Vendor: Malpedia Premium
Connector Category: Data Enrichment & Threat Intelligence
Connector version: 1.1.0
API Version: 1.0.0
About App
Malpedia Premium provides a resource for rapid identification and actionable context while investigating malware. In Orchestrate this app, allows the security team to query malware families, Yara rules, and malware samples from Malpedia Premium.
The Malpedia Premium app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Find Threat Actor Information | This action obtains details regarding a particular threat actor. |
Find Malware Family | This action obtains data regarding malware families and their relations. |
Get Malware Family IDs | This action obtains all the malware family IDs. |
Get Malware Family Metadata | This action obtains all the metadata about a particular malware family ID. |
Get Malware Family YARA Rules | This action obtains yara rules for detecting a particular malware strain. |
Get Sample From MD5 Hash | This action obtains a malware sample from an md5 hash. |
Get Malware Sample From SHA256 Hash | This action obtains a malware sample from a sha256 hash. |
Generic Action | This is a generic action used to make requests to any Malpedia Premium endpoint. |
Configuration Parameters
The following configuration parameters are required for the Malpedia Premium app to communicate with the Malpedia Premium enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API token | Enter the Malpedia API token. Example: 218iuh5kkelgdhigbg4r0ipvnn | Text | Required | |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds requests will wait to connect to Malpedia Premium and read the response. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Find Threat Actor Information
This action obtains details regarding a particular threat actor.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Actor | Enter the threat actor name or its associated synonyms. | Text | Required |
Action: Find Malware Family
This action obtains data regarding Malware families and their relations.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Malware | Enter the Malware name or its associated synonyms. | Text | Required |
Action: Get Malware Family IDs
This action obtains all the Malware family IDs.
Action Input Parameters
This action does not require any input parameter.
Action: Get Malware Family Metadata
This action obtains all the metadata about a particular Malware family ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Family ID | Enter the family ID to obtain the metadata information. | Text | Required |
Action: Get Malware Family YARA Rules
This action obtains YARA rules for detecting a particular Malware strain.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Family ID | Enter the Malware family ID. | Text | Required |
Action: Get a sample from the MD5 hash
This action obtains a Malware sample from an MD5 hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
MD5 hash | Enter the MD5 hash to obtain samples. | Text | Required |
Action: Get Malware sample from SHA256 hash
This action obtains a Malware sample from a SHA256 hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
SHA256 hash | Enter the SHA256 hash to obtain samples. | Text | Required |
Action: Generic Action
This is a generic action used to make requests to any Malpedia Premium endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request to. Example: /api/get/version. | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | This is passed under the payload_json key. |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, download, files, filename, retry_wait, retry_count, custom_output, response_type |