URLhaus
App Vendor: URLhaus
Connector Category: Data Enrichment & Threat Intelligence
Connector version: 1.0.0
API Version: 1.0.0
About App
URLhaus is a project operated by Abuse.ch to share intelligence on malicious URLs that are being used for malware distribution. In Orchestrate, URLhaus collects, tracks, and shares malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.
The URLhaus app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Fetch recent malware payload details | This action fetches recent malware payload details. |
Query custom tag feed | This action is used to query custom tag feeds. |
Query hash details | This action is used to query hash details. |
Query host details | This action is used to query host(IP, domain) details. |
Query malicious payload information via hash | This action is used to query malicious payload information via a hash. |
Query malware signature | This action is used to query malware signature via a hash. |
Query url details | This action is used to query URL details. |
Submit malicious url | This action submits a malicious URL to the portal. |
Configuration Parameters
The following configuration parameters are required for the URLhaus app to communicate with the URLhaus enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API key | Enter the URLhaus API key for authorization. | Password | Required |
Action: Fetch recent malware payload details
This action fetches recent malware payload details.
Action Input Parameters
This action does not require any input parameter.
Action: Query custom tag feed
This action is used to query custom tag feeds.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tag name | Enter a tag name. Example: "malware" | Text | Required |
Example Request
[
{
"tag": "malware"
}
]
Action: Query hash details
This action is used to query hash details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash | Enter the hash value. Example: 12c8aec5766ac3e6f26f2505e2f4a8f2 | Text | Required |
Example Request
[
{
"hash_value": "12c8aec5766ac3e6f26f2505e2f4a8f2"
}
]Action: Query host details
This action is used to query host (IP, domain) details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Host | Enter the host value as domain or IP address. Example: "www.sskymedia.com" | Text | Required |
Example Request
[
{
"host_value": "www.sskymedia.com"
}
]Action: Query malicious payload information via hash
This action is used to query malicious payload information via a hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Hash value | Enter the hash value. Example: 12c8aec5766ac3e6f26f2505e2f4a8f2 | Text | Required | |
Hash type | Enter the hash type. Example: "md5" | Text | Optional | Allowed values:
|
Example Request
[
{
"hash_type": "md5",
"hash_value": "12c8aec5766ac3e6f26f2505e2f4a8f2"
}
]Action: Query malware signature
This action is used to query malware signatures via a hash.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Signature name | Enter the signature name. Example: "Gozi" | Text | Required |
Example Request
[
{
"signature": "Gozi"
}
]Action: Query URL details
This action is used to query URL details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL. Example : "www.sskymedia.com" | Text | Required |
Example Request
[
{
"url_value": "www.sskymedia.com"
}
]Action: Submit malicious URL
This action submits a malicious URL to the portal.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL. Example: "https://sskymedia.com/" | Text | Required | |
Threat name | Enter the threat name. Example: "malware_download" | Text | Optional | |
Tags name | Enter the tag name. Example: "emotet" | Text | Optional |
Example Request
[
{
"tags": "heodo",
"threat": "malware_download",
"url_value": "sskymedia.com"
}
]