URLhaus

Cyware Orchestrate

URLhaus

App Vendor: URLhaus

Connector Category: Data Enrichment & Threat Intelligence

Connector version: 1.0.0

API Version: 1.0.0

About App

URLhaus is a project operated by Abuse.ch to share intelligence on malicious URLs that are being used for malware distribution. In Orchestrate, URLhaus collects, tracks, and shares malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.

The URLhaus app is configured with the Orchestrate application to perform the following actions:

Action Name	Description
Fetch recent malware payload details	This action fetches recent malware payload details.
Query custom tag feed	This action is used to query custom tag feeds.
Query hash details	This action is used to query hash details.
Query host details	This action is used to query host(IP, domain) details.
Query malicious payload information via hash	This action is used to query malicious payload information via a hash.
Query malware signature	This action is used to query malware signature via a hash.
Query url details	This action is used to query URL details.
Submit malicious url	This action submits a malicious URL to the portal.

Configuration Parameters

The following configuration parameters are required for the URLhaus app to communicate with the URLhaus enterprise application. The parameters can be configured by creating instances in the app.

Parameter	Description	Field Type	Required/Optional	Comments
API key	Enter the URLhaus API key for authorization.	Password	Required

Action: Fetch recent malware payload details

This action fetches recent malware payload details.

Action Input Parameters

This action does not require any input parameter.

Action: Query custom tag feed

This action is used to query custom tag feeds.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Tag name	Enter a tag name. Example: "malware"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Tag name

Enter a tag name.

Example:

"malware"

Text

Required

Example Request

[
    {
        "tag": "malware"
    }
]

Action: Query hash details

This action is used to query hash details.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Hash	Enter the hash value. Example: 12c8aec5766ac3e6f26f2505e2f4a8f2	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Hash

Enter the hash value.

Example:

12c8aec5766ac3e6f26f2505e2f4a8f2

Text

Required

Example Request

[
    {
        "hash_value": "12c8aec5766ac3e6f26f2505e2f4a8f2"
    }
]

Action: Query host details

This action is used to query host (IP, domain) details.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Host	Enter the host value as domain or IP address. Example: "www.sskymedia.com"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Host

Enter the host value as domain or IP address.

Example:

"www.sskymedia.com"

Text

Required

Example Request

[
    {
        "host_value": "www.sskymedia.com"
    }
]

Action: Query malicious payload information via hash

This action is used to query malicious payload information via a hash.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Hash value	Enter the hash value. Example: 12c8aec5766ac3e6f26f2505e2f4a8f2	Text	Required
Hash type	Enter the hash type. Example: "md5"	Text	Optional	Allowed values: md5 sha256

Parameter

Description

Field Type

Required/Optional

Comments

Hash value

Enter the hash value.

Example:

12c8aec5766ac3e6f26f2505e2f4a8f2

Text

Required

Hash type

Enter the hash type.

Example:

"md5"

Text

Optional

Allowed values:

md5
sha256

Example Request

[
    {
        "hash_type": "md5",
        "hash_value": "12c8aec5766ac3e6f26f2505e2f4a8f2"
    }
]

Action: Query malware signature

This action is used to query malware signatures via a hash.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
Signature name	Enter the signature name. Example: "Gozi"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

Signature name

Enter the signature name.

Example:

"Gozi"

Text

Required

Example Request

[
    {
        "signature": "Gozi"
    }
]

Action: Query URL details

This action is used to query URL details.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional	Comments
URL	Enter the URL. Example : "www.sskymedia.com"	Text	Required

Parameter

Description

Field Type

Required/Optional

Comments

URL

Enter the URL.

Example :

"www.sskymedia.com"

Text

Required

Example Request

[
    {
        "url_value": "www.sskymedia.com"
    }
]

Action: Submit malicious URL

This action submits a malicious URL to the portal.

Action Input Parameters

Parameter	Description	Field Type	Required/Optional
URL	Enter the URL. Example: "https://sskymedia.com/"	Text	Required
Threat name	Enter the threat name. Example: "malware_download"	Text	Optional
Tags name	Enter the tag name. Example: "emotet"	Text	Optional

Parameter

Description

Field Type

Required/Optional

Comments

URL

Enter the URL.

Example:

"https://sskymedia.com/"

Text

Required

Threat name

Enter the threat name.

Example:

"malware_download"

Text

Optional

Tags name

Enter the tag name.

Example:

"emotet"

Text

Optional

Example Request

[
    {
        "tags": "heodo",
        "threat": "malware_download",
        "url_value": "sskymedia.com"
    }
]

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.

Cyware Orchestrate

URLhaus

About App

Configuration Parameters

Action: Fetch recent malware payload details

Action: Query custom tag feed

Action: Query hash details

Action: Query host details

Action: Query malicious payload information via hash

Action: Query malware signature

Action: Query URL details

Action: Submit malicious URL

Search results