ID Ransomware
App Vendor: ID Ransomware
App Category: Forensics & Malware Analysis
Connector Version: 1.0.0
API Version: 1.0.0
About App
The ID Ransomware app allows security teams to integrate with the ID Ransomware application to identify the ransomware that may have encrypted the files in the system.
The ID Ransomware app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get a list of Ransomware | This action retrieves a list of basic data about all ransomware supported from the ID Ransomware application. |
Get details of Ransomware | This action retrieves details of data for single ransomware, including status and information URL from the ID Ransomware application. |
Get a list of Extensions | This action retrieves a list of extensions, grouped by ransomware from the ID Ransomware application. |
Get a list of Ransomware notes | This action retrieves a list of all ransomware notes supported as regex patterns, grouped by ransomware from the ID Ransomware application. |
Get a list of addresses | This action retrieves a list of all addresses from the ID Ransomware application. |
Get details of Ransomware extensions | This action retrieves details of extensions for single ransomware from the ID Ransomware application. |
Get details of Ransomware notes | This action retrieves details of notes for single ransomware from the ID Ransomware application. |
Get details of Ransomware address | This action retrieves details of addresses for single ransomware from the ID Ransomware application. |
Configuration Parameters
The following configuration parameters are required for the ID Ransomware app to communicate with the ID Ransomware enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key for the ID Ransomware application. | Text | Required | |
Secret Key | Enter the secret key for your ID Ransomware application. | Password | Required |
Action: Get a list of Ransomware
This action retrieves a list of basic data about all ransomware supported from the ID Ransomware application.
Action Input Parameters
This action does not require any input parameter.
Action: Get details of Ransomware
This action retrieves details of data for single ransomware, including status and information URL from the ID Ransomware application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tag | Enter the tag for the ransomware. Example: "teslacrypt3" | Text | Required |
Example Request
[
{
"tag": "teslacrypt3"
}
]Action: Get a list of Extensions
This action retrieves a list of extensions, grouped by ransomware from the ID Ransomware application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Enable regex | Specify the choice to either enable or disable regex patterns for extensions. | Boolean | Optional | Allowed values:
Default value:
|
Example Request
[
{
"regex": "False"
}
]Action: Get a list of Ransomware notes
This action retrieves a list of all ransomware notes supported as regex patterns, grouped by ransomware from the ID Ransomware application
Action Input Parameters
This action does not require any input parameter.
Action: Get a list of addresses
This action retrieves a list of all addresses from the ID Ransomware application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Type | Enter the addresses of a specific type. Example: "email" | Text | Optional | Allowed values:
Default value:
|
Example Request
[
{
"type": "email"
}
]Action: Get details of Ransomware extensions
This action retrieves details of extensions for single ransomware from the ID Ransomware application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tag | Enter the tag to get the details of ransomware extensions. Example: "teslacrypt3" | Text | Required | |
Enable regex | Specify your preference to either enable or disable regex for extensions. Example: "False" | Boolean | Optional | Allowed values:
Default value:
|
Example Request
[
{
"tag": "teslacrypt3",
"regex": "False"
}
]Action: Get details of Ransomware notes
This action retrieves details of notes for single ransomware from the ID Ransomware application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tag | Enter the tag name to get details of ransomware notes. Example: "teslacrypt3" | Text | Required |
Example Request
[
{
"tag": "teslacrypt3"
}
]Action: Get details of Ransomware address
This action retrieves details of addresses for single ransomware from the ID Ransomware application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tag | Enter the tag to get the details of the ransomware address. Example: "teslacrypt3" | Text | Required | |
Type | Enter the addresses of a specific type. Example: "email" | Text | Optional | Allowed values:
Default value:
|
Example Request
[
{
"tag": "teslacrypt3",
"type": "email"
}
]