Class: HybridAnalysis::Clients::Search

Inherits:

Client

• Object
• Client
• HybridAnalysis::Clients::Search

Defined in:

lib/hybridanalysis/clients/search.rb

Constant Summary

Constants inherited from Client

Client::BASE_URL, Client::DEFAULT_UA, Client::HOST, Client::VERSION

Instance Attribute Summary

Attributes inherited from Client

#key

Instance Method Summary

• #hash(hash) ⇒ Array

  summary for given hash.

• #hashes(*hashes) ⇒ Array

  summary for given hashes.

• #terms(filename: nil, filetype: nil, filetype_desc: nil, env_id: nil, country: nil, verdict: nil, av_detect: nil, vx_family: nil, tag: nil, date_from: nil, date_to: nil, port: nil, host: nil, domain: nil, url: nil, similar_to: nil, context: nil, imp_hash: nil, ssdeep: nil, authentihash: nil, uses_tactic: nil, uses_technique: nil) ⇒ Hash

  search the database using the search terms.

Methods inherited from Client

#initialize

Constructor Details

This class inherits a constructor from HybridAnalysis::Clients::Client

Instance Method Details

#hash(hash) ⇒ Array

summary for given hash

Parameters:

• hash (String) —

  MD5, SHA1 or SHA256

Returns:

• (Array)

# File 'lib/hybridanalysis/clients/search.rb', line 13

def hash(hash)
  params = { hash: hash }.compact
  _post("/search/hash", params) { |json| json }
end

#hashes(*hashes) ⇒ Array

summary for given hashes

Parameters:

• List (Array<String>) —

  of hashes. Allowed type: MD5, SHA1 or SHA256

Returns:

• (Array)

# File 'lib/hybridanalysis/clients/search.rb', line 25

def hashes(*hashes)
  params = { "hashes[]": hashes }.compact
  _post("/search/hashes", params) { |json| json }
end

#terms(filename: nil, filetype: nil, filetype_desc: nil, env_id: nil, country: nil, verdict: nil, av_detect: nil, vx_family: nil, tag: nil, date_from: nil, date_to: nil, port: nil, host: nil, domain: nil, url: nil, similar_to: nil, context: nil, imp_hash: nil, ssdeep: nil, authentihash: nil, uses_tactic: nil, uses_technique: nil) ⇒ Hash

search the database using the search terms

Parameters:

• filename (String, nil) (defaults to: nil) —

  Filename e.g. invoice.exe

• filetype (String, nil) (defaults to: nil) —

  Filetype e.g. docx <p>Available options: .NET exe, 64-bit .NET exe, 64-bit dll, 64-bit exe, 64-bit service, apk, bat, cmd, com, csv, bash, chm, composite, database, dll, doc, docx, dos, empty, exe, elf, 64-bit elf, file link, gen link, hta, html, hwp, hwpx, image, iqy, java jar, js, jse, lib, mach-o, 64-bit mach-o, mime, msg, msi, pdf, perl, ppt, pptx, ps1, psd1, psm1, pub, python, sct, raw data, rtf, service, svg, swf, text, url, vbe, vbs, wsf, xls, xlsx, zip</p>

• filetype_desc (String, nil) (defaults to: nil) —

  Filetype description e.g. PE32 executable

• env_id (String, nil) (defaults to: nil) —

  Environment Id

• country (String, nil) (defaults to: nil) —

  Country (3 digit ISO) e.g. swe

• verdict (Integer, nil) (defaults to: nil) —

  Verdict e.g. 1 <p>Available options: <strong>1</strong> ‘whitelisted’, <strong>2</strong> ‘no verdict’, <strong>3</strong> ‘no specific threat’, <strong>4</strong> ‘suspicious’, <strong>5</strong> ‘malicious’</p>

• av_detect (String, nil) (defaults to: nil) —

  AV Multiscan range e.g. 50-70 (min 0, max 100)

• vx_family (String, nil) (defaults to: nil) —

  AV Family Substring e.g. nemucod

• tag (String, nil) (defaults to: nil) —

  Hashtag e.g. ransomware

• date_from (String, nil) (defaults to: nil) —

  Date from in format: ‘Y-m-d H:i:s’ e.g. 2018-09-28 15:30:00

• date_to (String, nil) (defaults to: nil) —

  Date to in format: ‘Y-m-d H:i:s’ e.g. 2018-09-28 15:30:00

• port (Integer, nil) (defaults to: nil) —

  Port e.g. 8080

• host (String, nil) (defaults to: nil) —

  Host e.g. 192.168.0.1

• domain (String, nil) (defaults to: nil) —

  Domain e.g. checkip.dyndns.org

• url (String, nil) (defaults to: nil) —

  HTTP Request Substring e.g. google

• similar_to (String, nil) (defaults to: nil) —

  Similar Samples e.g. <sha256>

• context (String, nil) (defaults to: nil) —

  Sample Context e.g. <sha256>

• imp_hash (String, nil) (defaults to: nil)
• ssdeep (String, nil) (defaults to: nil)
• authentihash (String, nil) (defaults to: nil)
• uses_tactic (Boolean, nil) (defaults to: nil) —

  Uses Tactic

• uses_technique (Boolean, nil) (defaults to: nil) —

  Uses Technique

Returns:

• (Hash)

# File 'lib/hybridanalysis/clients/search.rb', line 58

def terms(filename: nil, filetype: nil, filetype_desc: nil, env_id: nil, country: nil, verdict: nil, av_detect: nil, vx_family: nil, tag: nil, date_from: nil, date_to: nil, port: nil, host: nil, domain: nil, url: nil, similar_to: nil, context: nil, imp_hash: nil, ssdeep: nil, authentihash: nil, uses_tactic: nil, uses_technique: nil)
  params = {
    filename: filename,
    filetype: filetype,
    filetype_desc: filetype_desc,
    env_id: env_id,
    country: country,
    verdict: verdict,
    av_detect: av_detect,
    vx_family: vx_family,
    tag: tag,
    date_from: date_from,
    date_to: date_to,
    port: port,
    host: host,
    domain: domain,
    url: url,
    similar_to: similar_to,
    context: context,
    imp_hash: imp_hash,
    ssdeep: ssdeep,
    authentihash: authentihash,
    uses_tactic: uses_tactic,
    uses_technique: uses_technique
  }.compact
  _post("/search/terms", params) { |json| json }
end