ReversingLabs continually processes goodware and malware files providing early intelligence about attacks before they infiltrate customer infrastructures. This visibility to threats “in-the-wild” enables preparation for new attacks and quickly identifies the threat levels of new files as they arrive. ReversingLabs enables more effective and efficient threat identification, development of better threat intelligence, and implementation of proactive threat hunting programs.
Status: Preview |
Tier: Premium |
Version: 1.0 |
Name |
Summary |
Get File Hash Reputation |
|
Get File Hash Reputation - Bulk Request |
|
Get Historic Multi-AV Scan Records |
|
Get Historic Multi-AV Scan Records - Bulk Request |
|
Get File Hash Analysis Detail |
|
Get File Hash Analysis Detail - Bulk Request |
|
Get-api-reanalyze-query-hash_type-hash_value (string hash_type, string hash_value) |
Re-Analyze File |
Re-Analyze File - Bulk Request |
|
Get Functionally Similar File Hashes Using ReversingLabs Hash Algorithm |
|
Get Similar File Hashes Using Import Hashing Algorithm |
|
Post-advanced-search-query ([Optional]string Content-Type:, Query body) |
Find Files Using Multi-Part Search Criteria |
Get-fetch-uri-state (string hash_value, [Optional]string format) |
Get URI Statistics on Email addresses, IP(s), Domain(s) and URL(s) |
Get URL Threat Intelligence Report |
|
Analyze URL |
|
Get Files Signed with Specific Certificate Thumbprint(s) |
|
Post-api-sample-file-upload (string sha1_value, [Optional]string Content-Type:, rl body) |
Sample file upload |
Post-api-sample-metadata-upload (string sha1_value, [Optional]string Content-Type:, rl body) |
Sample metadata file upload |
Post-file-dynamic-analysis (string post_format, Post-file-dynamic-analysisParameterBody body) |
File dynamic analysis |
Get specific dynamic analysis report for a file |
|
Get-file-merged-dynamic-analysis-report-hash_type-hash_value (string hash_type, string hash_value) |
Get merged dynamic analysis report for a file |
Name |
Summary |
Summary: Get File Hash Reputation
Description: This service provides information about the malware status of requested files.
Syntax:
ReversingLabsIntelligence.Get-api-databrowser-malware_presence-query-hash_type-hash_value (string hash_type, string hash_value, [Optional]boolean show_hashes, boolean extended, [Optional]string format)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_type |
string (Hash Type) |
required parameter; accepts these options: md5, sha1, sha256 |
True |
|
hash_value |
string (Hash Value) |
required parameter; must be a valid hash of the type defined by hash_type |
True |
|
show_hashes |
boolean (Show Hashes) |
Both single and bulk malware presence queries support an additional request parameter show\_hashes which can be either true or false. The parameter show\_hashes can also be used with the Extended Malware Presence query. If not specified, the default value is false. When set to true, the show_hashes parameter will direct databrowser to provide md5, sha1 and sha256 hashes for the requested file(s), in addition to the rest of the Malware Presence information. |
False |
|
extended |
boolean (Extended) |
Both single and bulk malware presence queries support an additional query flag extended which can be either true or false. If not specified, the default value is false. When set to true, the extended flag will direct databrowser to provide a richer response schema with additional information about the requested file(s). |
True |
|
format |
string (Format) |
Optional parameter that allows choosing the response format. Supported values are `xml` and `json`. If the parameter is not provided in the request, the response will be returned in `xml` (default). |
False |
Returns:
Summary: Get File Hash Reputation - Bulk Request
Description: This service provides a means to send multiple hashes of files in a single request and provides information about the malware status for those files..
Syntax:
ReversingLabsIntelligence.Post-api-databrowser-malware_presence-bulk_query-post_format (string post_format, [Optional]string Content-Type:, Post-api-databrowser-malware_presence-bulk_query-post_formatParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
post_format |
string (Post format) |
Required parameter that defines the POST payload format. Supported options are xml and json |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
Post-api-databrowser-malware_presence-bulk_query-post_formatParameterBody
|
|
True |
Returns:
Summary: Get Historic Multi-AV Scan Records
Description: This service provides historic Multi-AV scan records for a given file hash.
Syntax:
ReversingLabsIntelligence.Get-historic-multi-av-scan-records-query-hash_type-hash_value (string hash_type, string hash_value, boolean history, [Optional]string format)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_type |
string (Hash type) |
required parameter; accepts these options: md5, sha1, sha256 |
True |
|
hash_value |
string (Hash value) |
required parameter; must be a valid hash of the type defined by hash_type |
True |
|
history |
boolean (History) |
Both single and bulk malware presence queries support an additional query flag extended which can be either true or false. If not specified, the default value is false. When set to true, the extended flag will direct databrowser to provide a richer response schema with additional information about the requested file(s). |
True |
|
format |
string (Format) |
Optional parameter that allows choosing the response format. Supported values are `xml` and `json`. If the parameter is not provided in the request, the response will be returned in `xml` (default). |
False |
Returns:
Summary: Get Historic Multi-AV Scan Records - Bulk Request
Description: This service provides a means to send multiple hashes of files in a single request and provides Multi-AV scan records data for those files.
Syntax:
ReversingLabsIntelligence.Get-historic-multi-av-scan-records-query-hash_type-hash_value-bulk (string post_format, [Optional]string Content-Type:, Get-historic-multi-av-scan-records-query-hash_type-hash_value-bulkParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
post_format |
string (Post format) |
Required parameter that defines the POST payload format. Supported options are xml and json |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
Get-historic-multi-av-scan-records-query-hash_type-hash_value-bulkParameterBody
|
|
True |
Returns:
Summary: Get File Hash Analysis Detail
Description: This service provides analysis results for the requested file.
Syntax:
ReversingLabsIntelligence.Get-api-databrowser-rldata-query-hash_type-hash_value (string hash_type, string hash_value, [Optional]string format)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_type |
string (Hash type) |
required parameter; accepts these options: md5, sha1, sha256 |
True |
|
hash_value |
string (Hash value) |
required parameter; must be a valid hash of the type defined by ash_type |
True |
|
format |
string (Format) |
Optional parameter that allows choosing the response format. Supported values are `xml` and `json`. If the parameter is not provided in the request, the response will be returned in `xml` (default). |
False |
Returns:
Summary: Get File Hash Analysis Detail - Bulk Request
Description: This service provides a means to send multiple file hashes in a single request and provides analysis results for these file hashes.
Syntax:
ReversingLabsIntelligence.Post-api-databrowser-rldata-bulk_query-post_format (string post_format, [Optional]string Content-Type:, Post-api-databrowser-rldata-bulk_query-post_formatParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
post_format |
string (Post format) |
Required parameter that defines the POST payload format. Supported options are xml and json |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
Post-api-databrowser-rldata-bulk_query-post_formatParameterBody
|
|
True |
Returns:
Summary: Re-Analyze File
Description: This service provides a means to send file(s) for rescanning.
Syntax:
ReversingLabsIntelligence.Get-api-reanalyze-query-hash_type-hash_value (string hash_type, string hash_value)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_type |
string (Hash type) |
required parameter; accepts these options: md5, sha1, sha256 |
True |
|
hash_value |
string (Hash value) |
required parameter; must be a valid hash of the type defined by hash_type |
True |
Returns:
Summary: Re-Analyze File - Bulk Request
Description: This service provides a means to initiate multiple files to be rescanned using a single request.
Syntax:
ReversingLabsIntelligence.Post-api-rescan-v1-bulk_query-post_format (string format, string post_format, [Optional]string Content-Type:, Post-api-rescan-v1-bulk_query-post_formatParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
format |
string (Format) |
format accepts the options xml or json and defines the return format |
True |
|
post_format |
string (Post format) |
Required parameter that defines the POST payload format. Supported options are xml and json |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
Post-api-rescan-v1-bulk_query-post_formatParameterBody
|
|
True |
Returns:
Summary: Get Functionally Similar File Hashes Using ReversingLabs Hash Algorithm
Description: This service provides a list of SHA1 hashes of files that are functionally similar to the provided file (SHA1 hash) at the selected precision level.
Syntax:
ReversingLabsIntelligence.Get-Group-By-RHA1-Single-Query (string rha1_type, string hash_value, [Optional]string next_page_sha1, [Optional]string format, [Optional]integer limit, [Optional]string extended, [Optional]string classification)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
rha1_type |
string (RHA1 type) |
rha1_type is a measure of the RHA1 precision level. It represents the degree to which a file is functionally similar to another file. A higher Precision Level will match fewer files but the files will have more functional similarity: - pe01, elf01, machO01 - 25% precision level - pe02 - 50% precision level |
True |
|
hash_value |
string (Hash value) |
required parameter; must be a valid SHA1 value |
True |
|
next_page_sha1 |
string (Next page sha1) |
next_page_sha1 is an optional parameter used for pagination. It is the SHA1 hash of the first file on the next page. |
False |
|
format |
string (Format) |
Optional parameter that allows choosing the response format. Supported values are `xml` and `json`. If the parameter is not provided in the request, the response will be returned in `xml` (default). |
False |
|
limit |
integer (Limit) |
the maximum number of file SHA1 hashes to return. This value has to be an integer in the range from 1 and 1000 (1000 is the default value) |
False |
|
extended |
string (Extended) |
extended is an optional parameter. Possible values are true - extended, and false - non-extended data set (default) |
False |
|
classification |
string (Classification) |
if this parameter is provided in the request, the query will return a filtered list of files that match the requested classification. Possible values are: - KNOWN - SUSPICIOUS - MALICIOUS - UNKNOWN |
False |
Returns:
Summary: Get Similar File Hashes Using Import Hashing Algorithm
Description: This service provides a list of SHA1 hashes functionally similar to the file associated with the provided import hash (ImpHash).
Syntax:
ReversingLabsIntelligence.Get-api-historic-multi-av-scan-records-query-hash_type-hash_value (string hash_value, [Optional]string format)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_value |
string (Hash value) |
required parameter; must be a valid ImpHash hash |
True |
|
format |
string (Format) |
Optional parameter that allows choosing the response format. Supported values are `xml` and `json`. If the parameter is not provided in the request, the response will be returned in `xml` (default). |
False |
Returns:
Summary: Find Files Using Multi-Part Search Criteria
Description: This service provides a means to acquire a list of hashes that match the provided multi-part search criteria.
Syntax:
ReversingLabsIntelligence.Post-advanced-search-query ([Optional]string Content-Type:, Query body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
|
|
True |
Returns:
Summary: Get URI Statistics on Email addresses, IP(s), Domain(s) and URL(s)
Description: This service provides statistical information on the number of known, malicious, and suspicious file(s) associated with the URI.
Syntax:
ReversingLabsIntelligence.Get-fetch-uri-state (string hash_value, [Optional]string format)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_value |
string (Hash value) |
required parameter; The SHA1 hash value of the URI string |
True |
|
format |
string (Format) |
Optional parameter that allows choosing the response format. Supported values are `xml` and `json`. If the parameter is not provided in the request, the response will be returned in `json` (default). |
False |
Returns:
Summary: Get URL Threat Intelligence Report
Description: This service returns threat intelligence data, including reputation from various reputation sources, metadata for performed URL analyses, and the maliciousness of files found on the submitted URL.
Syntax:
ReversingLabsIntelligence.Post-url-threat-intelligence (string post_format, [Optional]string Content-Type:, Post-url-threat-intelligenceParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
post_format |
string (Post format) |
Required parameter that defines the POST payload format. Supported options are xml and json |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
Post-url-threat-intelligenceParameterBody
|
|
True |
Returns:
Summary: Analyze URL
Description: This service enables the submission of a URL for analysis. ReversingLabs will crawl the URL, identifying files to download and submitting them to our file processing pipeline for classification and enrichment. A detailed report can then be retrieved using our URL Threat Intelligence API.
Syntax:
ReversingLabsIntelligence.Post-url-analyze (string post_format, [Optional]string Content-Type:, Post-url-analyzeParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
post_format |
string (Post format) |
Required parameter that defines the POST payload format. Supported options are xml and json |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
|
|
True |
Returns:
Summary: Get Files Signed with Specific Certificate Thumbprint(s)
Description: This service provides a list of files signed with a particular certificate, specified by its thumbprint.
Syntax:
ReversingLabsIntelligence.Get-api-certificate-index-v1-query-thumbprint (string thumbprint, [Optional]string classification, [Optional]string format, [Optional]integer limit, boolean extended)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
thumbprint |
string (Thumbprint) |
the thumbprint (sha1, sha256, md5) of the requested certificate. Most of our certificates use SHA256 for storing the thumbprint |
True |
|
classification |
string (Classification) |
if this parameter is provided in the request, the query will return a list of only those files that match the requested threat status. Possible values are: KNOWN, MALICIOUS, SUSPICIOUS, UNKNOWN |
False |
|
format |
string (Format) |
Optional parameter that allows choosing the response format. Supported values are `xml` and `json`. If the parameter is not provided in the request, the response will be returned in `xml` (default). |
False |
|
limit |
integer (Limit) |
Maximum number of files to return in the certificate file list. It is possible to choose a number between 1 and 100 (100 is the default value) |
False |
|
extended |
boolean (Extended) |
Both single and bulk malware presence queries support an additional query flag extended which can be either true or false. If not specified, the default value is false. When set to true, the extended flag will direct databrowser to provide a richer response schema with additional information about the requested file(s). |
True |
Returns:
Summary: Sample file upload
Description: This services provides a means to upload a file for analysis.
Syntax:
ReversingLabsIntelligence.Post-api-sample-file-upload (string sha1_value, [Optional]string Content-Type:, rl body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
sha1_value |
string (SHA1 value) |
Required parameter. |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
|
|
True |
Returns:
Summary: Sample metadata file upload
Description: This service provides a means to send metadata for previously successfully uploaded file.
Syntax:
ReversingLabsIntelligence.Post-api-sample-metadata-upload (string sha1_value, [Optional]string Content-Type:, rl body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
sha1_value |
string (SHA1 value) |
Required parameter. |
True |
|
Content-Type: |
string (Content type) |
Content type |
False |
|
body |
|
|
True |
Returns:
Summary: File dynamic analysis
Description: This service allows users to detonate a previously uploaded file in the ReversingLabs TitaniumCloud sandbox.
Syntax:
ReversingLabsIntelligence.Post-file-dynamic-analysis (string post_format, Post-file-dynamic-analysisParameterBody body)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
post_format |
string (Post format) |
Required parameter that defines the POST payload format. Supported options are xml and json |
True |
|
body |
Post-file-dynamic-analysisParameterBody
|
|
True |
Returns:
Type:Post-file-dynamic-analysisResponse
Summary: Get specific dynamic analysis report for a file
Description: This service allows user to download a specific report of a dynamic analysis performed on the file.
Syntax:
ReversingLabsIntelligence.Get-file-dynamic-analysis-report-hash_type-hash_value-analysis_id (string hash_type, string hash_value, string analysis_id)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_type |
string (Hash Type) |
required parameter; accepts these options: md5,sha1 |
True |
|
hash_value |
string (Hash Value) |
required parameter; must be a valid hash of the type defined by hash_type |
True |
|
analysis_id |
string (analysis_id value should be an exact analysis id or keyword "latest") |
required parameter; analysis_id value should be an exact analysis id or keyword "latest" |
True |
Returns:
Summary: Get merged dynamic analysis report for a file
Description: This service allows user to download a merged report with an overview of all dynamic analyses performed on the file.
Syntax:
ReversingLabsIntelligence.Get-file-merged-dynamic-analysis-report-hash_type-hash_value (string hash_type, string hash_value)
Parameters:
Name |
Type |
Summary |
Required |
Related Action |
hash_type |
string (Hash Type) |
required parameter; accepts these options: sha1 |
True |
|
hash_value |
string (Hash Value) |
required parameter; must be a valid hash of the type defined by hash_type |
True |
Returns:
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
query |
|
query |
Summary:
Description: query
Properties:
Name |
Type |
Summary |
hash_type |
string
|
md5, sha1, sha256 |
hashes |
array of (string)
|
hashes |
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
query |
|
query |
Summary:
Description: query
Properties:
Name |
Type |
Summary |
hash_type |
string
|
md5, sha1, sha256 |
hashes |
array of (string)
|
hashes |
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
query |
|
query |
Summary:
Description: query
Properties:
Name |
Type |
Summary |
hash_type |
string
|
md5, sha1, sha256 |
hashes |
array of (string)
|
hashes |
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
query |
|
query |
Summary:
Description: query
Properties:
Name |
Type |
Summary |
hash_type |
string
|
md5, sha1, sha256 |
hashes |
array of (string)
|
hashes |
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
sha1 |
string
|
sha1 |
platform |
string
|
windows10/windows7 |
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
status |
string
|
status |
requested_hash |
string
|
requested_hash |
analysis_id |
string
|
analysis_id |
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
query |
|
query |
Summary:
Description: query
Properties:
Name |
Type |
Summary |
url |
string
|
full URL of a website including the protocol |
response_format |
string
|
xml, json |
Summary:
Description:
Properties:
Name |
Type |
Summary |
rl |
|
rl |
Summary:
Description: rl
Properties:
Name |
Type |
Summary |
query |
|
query |
Summary:
Description: query
Properties:
Name |
Type |
Summary |
url |
string
|
full URL of a website including the protocol |
response_format |
string
|
xml, json |
Summary:
Description:
Properties:
Name |
Type |
Summary |
query |
string
|
Every expression must be built according the the following format:<field_name>:<field_value>. Please consult RL documentation for a list of field names and the operators that can be applied. |
page |
integer(int32)
|
|
records_per_page |
integer(int32)
|
The number of records returned in the response. |
format |
string
|
Option to return in specific format Values: [xml, json] |
Summary:
Description:
Properties:
Name |
Type |
Summary |