Skip to main content

Search Reports

Searches for reports.

Finds reports and uploaded files by various tokens, like hash, filename, report ID etc. If query param is used, other params are ignored.

Basic Parameters

ParameterDescription
File HashSearch reports based on a given SHA256 file hash.
QuerySearch reports in OPSWAT by a given query.

Advanced Parameters

ParameterDescription
File NameSearch for reports by a given file name.
Report IDSearch reports based on a given report ID.
URLSearch for reports by a given URL.
UUIDSearch reports based on a given UUID.

Example Output

{
"items": [
{
"id": "721af1d1-0e8e-4314-98c7-23e47d65bd7f",
"file": {
"name": "rocroc.exe",
"mime_type": "application/x-msdownload",
"short_type": "peexe",
"sha256": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"link": null
},
"scan_init": {
"id": "640f453c56d2bc8d80b73686"
},
"state": "success",
"verdict": "malicious",
"tags": [
{
"source": "MEDIA_TYPE",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": true,
"tag": {
"name": "peexe",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "INFORMATIONAL",
"threatLevel": 0.1,
"confidence": 1
}
}
},
{
"source": "MEDIA_TYPE",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": true,
"tag": {
"name": "txt",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "INFORMATIONAL",
"threatLevel": 0.1,
"confidence": 1
}
}
},
{
"source": "OSINT_LOOKUP",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"tag": {
"name": "comodo",
"synonyms": [
"Comodo Unite"
],
"descriptions": [
{
"description": "Comodo Unite is another free remote access program that creates a secure VPN between multiple computers. Once a VPN is established, you can remotely have access to applications and files through the client software.",
"cluster": {
"type": "rat",
"authors": [
"Various",
"raw-data"
]
}
}
],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "OSINT_LOOKUP",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"tag": {
"name": "nemesis",
"synonyms": [
"Nemesis Ransomware"
],
"descriptions": [
{
"description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 10 bitcoins.",
"cluster": {
"type": "ransomware",
"authors": [
"https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml",
"http://pastebin.com/raw/GHgpWjar",
"MISP Project",
"https://id-ransomware.blogspot.com/2016/07/ransomware-list.html"
]
}
}
],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "OSINT_LOOKUP",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"tag": {
"name": "remcos",
"synonyms": [ ],
"descriptions": [
{
"description": "Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time.",
"cluster": {
"type": "rat",
"authors": [
"Various",
"raw-data"
]
}
},
{
"description": "Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers.\r\nRemcos, once installed, opens a backdoor on the computer, granting full access to the remote user. \r\nRemcos can be used for surveillance and penetration testing purposes, and in some instances has been used in hacking campaigns. ",
"cluster": {
"type": "malpedia",
"authors": [
"Davide Arcuri",
"Alexandre Dulaunoy",
"Steffen Enders",
"Andrea Garavaglia",
"Andras Iklody",
"Daniel Plohmann",
"Christophe Vandeplas"
]
}
}
],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "SIGNAL",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": false,
"tag": {
"name": "packed",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "SIGNAL",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": false,
"tag": {
"name": "overlay",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "SUSPICIOUS",
"threatLevel": 0.5,
"confidence": 1
}
}
},
{
"source": "SIGNAL",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": false,
"tag": {
"name": "shell32.dll",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "SUSPICIOUS",
"threatLevel": 0.5,
"confidence": 1
}
}
}
],
"date": "03/13/2023, 15:46:06",
"updated_date": "03/13/2023, 15:46:23"
},
],
"count": "816",
"count_search_params": "0",
"method": "and",
"dbs_sync": "false"
}

Automation Library Example

Search Reports with Opswat and Send Results Via Email

Automation LibraryPreview this Automation on desktop