Search Reports
Searches for reports.
Finds reports and uploaded files by various tokens, like hash, filename, report ID etc. If query param is used, other params are ignored.
Basic Parameters
| Parameter | Description |
|---|---|
| File Hash | Search reports based on a given SHA256 file hash. |
| Query | Search reports in OPSWAT by a given query. |
Advanced Parameters
| Parameter | Description |
|---|---|
| File Name | Search for reports by a given file name. |
| Report ID | Search reports based on a given report ID. |
| URL | Search for reports by a given URL. |
| UUID | Search reports based on a given UUID. |
Example Output
{
"items": [
{
"id": "721af1d1-0e8e-4314-98c7-23e47d65bd7f",
"file": {
"name": "rocroc.exe",
"mime_type": "application/x-msdownload",
"short_type": "peexe",
"sha256": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"link": null
},
"scan_init": {
"id": "640f453c56d2bc8d80b73686"
},
"state": "success",
"verdict": "malicious",
"tags": [
{
"source": "MEDIA_TYPE",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": true,
"tag": {
"name": "peexe",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "INFORMATIONAL",
"threatLevel": 0.1,
"confidence": 1
}
}
},
{
"source": "MEDIA_TYPE",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": true,
"tag": {
"name": "txt",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "INFORMATIONAL",
"threatLevel": 0.1,
"confidence": 1
}
}
},
{
"source": "OSINT_LOOKUP",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"tag": {
"name": "comodo",
"synonyms": [
"Comodo Unite"
],
"descriptions": [
{
"description": "Comodo Unite is another free remote access program that creates a secure VPN between multiple computers. Once a VPN is established, you can remotely have access to applications and files through the client software.",
"cluster": {
"type": "rat",
"authors": [
"Various",
"raw-data"
]
}
}
],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "OSINT_LOOKUP",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"tag": {
"name": "nemesis",
"synonyms": [
"Nemesis Ransomware"
],
"descriptions": [
{
"description": "It’s directed to English speaking users, therefore is able to infect worldwide. It is spread using email spam, fake updates, attachments and so on. It encrypts all your files, including: music, MS Office, Open Office, pictures, videos, shared online files etc.. Ransom is 10 bitcoins.",
"cluster": {
"type": "ransomware",
"authors": [
"https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml",
"http://pastebin.com/raw/GHgpWjar",
"MISP Project",
"https://id-ransomware.blogspot.com/2016/07/ransomware-list.html"
]
}
}
],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "OSINT_LOOKUP",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"tag": {
"name": "remcos",
"synonyms": [ ],
"descriptions": [
{
"description": "Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time.",
"cluster": {
"type": "rat",
"authors": [
"Various",
"raw-data"
]
}
},
{
"description": "Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers.\r\nRemcos, once installed, opens a backdoor on the computer, granting full access to the remote user. \r\nRemcos can be used for surveillance and penetration testing purposes, and in some instances has been used in hacking campaigns. ",
"cluster": {
"type": "malpedia",
"authors": [
"Davide Arcuri",
"Alexandre Dulaunoy",
"Steffen Enders",
"Andrea Garavaglia",
"Andras Iklody",
"Daniel Plohmann",
"Christophe Vandeplas"
]
}
}
],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "SIGNAL",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": false,
"tag": {
"name": "packed",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "LIKELY_MALICIOUS",
"threatLevel": 0.75,
"confidence": 1
}
}
},
{
"source": "SIGNAL",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": false,
"tag": {
"name": "overlay",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "SUSPICIOUS",
"threatLevel": 0.5,
"confidence": 1
}
}
},
{
"source": "SIGNAL",
"sourceIdentifier": "06fbb80f37ae3534d8d87fe5444da0a09f10e45b8f2882c9e9fe89e879d380c7",
"isRootTag": false,
"tag": {
"name": "shell32.dll",
"synonyms": [ ],
"descriptions": [ ],
"verdict": {
"verdict": "SUSPICIOUS",
"threatLevel": 0.5,
"confidence": 1
}
}
}
],
"date": "03/13/2023, 15:46:06",
"updated_date": "03/13/2023, 15:46:23"
},
],
"count": "816",
"count_search_params": "0",
"method": "and",
"dbs_sync": "false"
}
Workflow Library Example
Search Reports with Opswat and Send Results Via Email
Preview this Workflow on desktop