ReversingLabs Intelligence (Preview)

ReversingLabs continually processes goodware and malware files providing early intelligence about attacks before they infiltrate customer infrastructures. This visibility to threats “in-the-wild” enables preparation for new attacks and quickly identifies the threat levels of new files as they arrive. ReversingLabs enables more effective and efficient threat identification, development of better threat intelligence, and implementation of proactive threat hunting programs.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
Contact
Name ReversingLabs support
URL https://support.reversinglabs.com/
Email support@reversinglabs.com
Connector Metadata
Publisher ReversingLabs US Inc.
Website https://www.reversinglabs.com/
Privacy policy https://www.reversinglabs.com/privacy-policy
Categories Security

Prerequisites

To use this integration, you need to have a ReversingLabs account. Please contact sales@reversinglabs.com to get started.

Known issues and limitations

Please note that some of our APIs will return a 404 to indicate that a resource was not found. This is not an error state but simply informational. To avoid the Logic App showing errors in the run state, we were advised to place calls to APIs in a Scope primitive.

Creating a connection

The connector supports the following authentication types:

Default Required parameters for creating connection. All regions

Default

Applicable: All regions

Required parameters for creating connection.

Name Type Description
username securestring The username for this api
password securestring The password for this api

Throttling Limits

Name Calls Renewal Period
API calls per connection10060 seconds

Actions

Analyze URL

This service enables the submission of a URL for analysis. ReversingLabs will crawl the URL, identifying files to download and submitting them to our file processing pipeline for classification and enrichment. A detailed report can then be retrieved using our URL Threat Intelligence API.

File dynamic analysis

This service allows users to detonate a previously uploaded file in the ReversingLabs TitaniumCloud sandbox.

Find Files Using Multi-Part Search Criteria

This service provides a means to acquire a list of hashes that match the provided multi-part search criteria.

Get File Hash Analysis Detail

This service provides analysis results for the requested file.

Get File Hash Analysis Detail - Bulk Request

This service provides a means to send multiple file hashes in a single request and provides analysis results for these file hashes.

Get File Hash Reputation

This service provides information about the malware status of requested files.

Get File Hash Reputation - Bulk Request

This service provides a means to send multiple hashes of files in a single request and provides information about the malware status for those files..

Get Files Signed with Specific Certificate Thumbprint(s)

This service provides a list of files signed with a particular certificate, specified by its thumbprint.

Get Functionally Similar File Hashes Using ReversingLabs Hash Algorithm

This service provides a list of SHA1 hashes of files that are functionally similar to the provided file (SHA1 hash) at the selected precision level.

Get Historic Multi-AV Scan Records

This service provides historic Multi-AV scan records for a given file hash.

Get Historic Multi-AV Scan Records - Bulk Request

This service provides a means to send multiple hashes of files in a single request and provides Multi-AV scan records data for those files.

Get merged dynamic analysis report for a file

This service allows user to download a merged report with an overview of all dynamic analyses performed on the file.

Get Similar File Hashes Using Import Hashing Algorithm

This service provides a list of SHA1 hashes functionally similar to the file associated with the provided import hash (ImpHash).

Get specific dynamic analysis report for a file

This service allows user to download a specific report of a dynamic analysis performed on the file.

Get URI Statistics on Email addresses, IP(s), Domain(s) and URL(s)

This service provides statistical information on the number of known, malicious, and suspicious file(s) associated with the URI.

Get URL Threat Intelligence Report

This service returns threat intelligence data, including reputation from various reputation sources, metadata for performed URL analyses, and the maliciousness of files found on the submitted URL.

Re-Analyze File

This service provides a means to send file(s) for rescanning.

Re-Analyze File - Bulk Request

This service provides a means to initiate multiple files to be rescanned using a single request.

Sample file upload

This services provides a means to upload a file for analysis.

Sample metadata file upload

This service provides a means to send metadata for previously successfully uploaded file.

Analyze URL

This service enables the submission of a URL for analysis. ReversingLabs will crawl the URL, identifying files to download and submitting them to our file processing pipeline for classification and enrichment. A detailed report can then be retrieved using our URL Threat Intelligence API.

Parameters

Name Key Required Type Description
Post format
post_format True string

Required parameter that defines the POST payload format. Supported options are xml and json

Content type
Content-Type: string

Content type

url
url True string

full URL of a website including the protocol

response_format
response_format string

xml, json

File dynamic analysis

This service allows users to detonate a previously uploaded file in the ReversingLabs TitaniumCloud sandbox.

Parameters

Name Key Required Type Description
Post format
post_format True string

Required parameter that defines the POST payload format. Supported options are xml and json

sha1
sha1 string

sha1

platform
platform string

windows10/windows7

Returns

Name Path Type Description
status
rl.status string

status

requested_hash
rl.requested_hash string

requested_hash

analysis_id
rl.analysis_id string

analysis_id

Find Files Using Multi-Part Search Criteria

This service provides a means to acquire a list of hashes that match the provided multi-part search criteria.

Parameters

Name Key Required Type Description
Content type
Content-Type: string

Content type

query
query True string

Every expression must be built according the the following format:<field_name>:<field_value>. Please consult RL documentation for a list of field names and the operators that can be applied.

page
page integer
records_per_page
records_per_page integer

The number of records returned in the response.

format
format string

Option to return in specific format

Get File Hash Analysis Detail

This service provides analysis results for the requested file.

Parameters

Name Key Required Type Description
Hash type
hash_type True string

required parameter; accepts these options: md5, sha1, sha256

Hash value
hash_value True string

required parameter; must be a valid hash of the type defined by ash_type

Format
format string

Optional parameter that allows choosing the response format. Supported values are xml and json. If the parameter is not provided in the request, the response will be returned in xml (default).

Get File Hash Analysis Detail - Bulk Request

This service provides a means to send multiple file hashes in a single request and provides analysis results for these file hashes.

Parameters

Name Key Required Type Description
Post format
post_format True string

Required parameter that defines the POST payload format. Supported options are xml and json

Content type
Content-Type: string

Content type

hash_type
hash_type True string

md5, sha1, sha256

hashes
hashes string

Get File Hash Reputation

This service provides information about the malware status of requested files.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

required parameter; accepts these options: md5, sha1, sha256

Hash Value
hash_value True string

required parameter; must be a valid hash of the type defined by hash_type

Show Hashes
show_hashes boolean

Both single and bulk malware presence queries support an additional request parameter show_hashes which can be either true or false. The parameter show_hashes can also be used with the Extended Malware Presence query. If not specified, the default value is false. When set to true, the show_hashes parameter will direct databrowser to provide md5, sha1 and sha256 hashes for the requested file(s), in addition to the rest of the Malware Presence information.

Extended
extended True boolean

Both single and bulk malware presence queries support an additional query flag extended which can be either true or false. If not specified, the default value is false. When set to true, the extended flag will direct databrowser to provide a richer response schema with additional information about the requested file(s).

Format
format string

Optional parameter that allows choosing the response format. Supported values are xml and json. If the parameter is not provided in the request, the response will be returned in xml (default).

Get File Hash Reputation - Bulk Request

This service provides a means to send multiple hashes of files in a single request and provides information about the malware status for those files..

Parameters

Name Key Required Type Description
Post format
post_format True string

Required parameter that defines the POST payload format. Supported options are xml and json

Content type
Content-Type: string

Content type

hash_type
hash_type True string

md5, sha1, sha256

hashes
hashes string

Get Files Signed with Specific Certificate Thumbprint(s)

This service provides a list of files signed with a particular certificate, specified by its thumbprint.

Parameters

Name Key Required Type Description
Thumbprint
thumbprint True string

the thumbprint (sha1, sha256, md5) of the requested certificate. Most of our certificates use SHA256 for storing the thumbprint

Classification
classification string

if this parameter is provided in the request, the query will return a list of only those files that match the requested threat status. Possible values are: KNOWN, MALICIOUS, SUSPICIOUS, UNKNOWN

Format
format string

Optional parameter that allows choosing the response format. Supported values are xml and json. If the parameter is not provided in the request, the response will be returned in xml (default).

Limit
limit integer

Maximum number of files to return in the certificate file list. It is possible to choose a number between 1 and 100 (100 is the default value)

Extended
extended True boolean

Both single and bulk malware presence queries support an additional query flag extended which can be either true or false. If not specified, the default value is false. When set to true, the extended flag will direct databrowser to provide a richer response schema with additional information about the requested file(s).

Get Functionally Similar File Hashes Using ReversingLabs Hash Algorithm

This service provides a list of SHA1 hashes of files that are functionally similar to the provided file (SHA1 hash) at the selected precision level.

Parameters

Name Key Required Type Description
RHA1 type
rha1_type True string

rha1_type is a measure of the RHA1 precision level. It represents the degree to which a file is functionally similar to another file. A higher Precision Level will match fewer files but the files will have more functional similarity: - pe01, elf01, machO01 - 25% precision level - pe02 - 50% precision level

Hash value
hash_value True string

required parameter; must be a valid SHA1 value

Next page sha1
next_page_sha1 string

next_page_sha1 is an optional parameter used for pagination. It is the SHA1 hash of the first file on the next page.

Format
format string

Optional parameter that allows choosing the response format. Supported values are xml and json. If the parameter is not provided in the request, the response will be returned in xml (default).

Limit
limit integer

the maximum number of file SHA1 hashes to return. This value has to be an integer in the range from 1 and 1000 (1000 is the default value)

Extended
extended string

extended is an optional parameter. Possible values are true - extended, and false - non-extended data set (default)

Classification
classification string

if this parameter is provided in the request, the query will return a filtered list of files that match the requested classification. Possible values are: - KNOWN - SUSPICIOUS - MALICIOUS - UNKNOWN

Get Historic Multi-AV Scan Records

This service provides historic Multi-AV scan records for a given file hash.

Parameters

Name Key Required Type Description
Hash type
hash_type True string

required parameter; accepts these options: md5, sha1, sha256

Hash value
hash_value True string

required parameter; must be a valid hash of the type defined by hash_type

History
history True boolean

Both single and bulk malware presence queries support an additional query flag extended which can be either true or false. If not specified, the default value is false. When set to true, the extended flag will direct databrowser to provide a richer response schema with additional information about the requested file(s).

Format
format string

Optional parameter that allows choosing the response format. Supported values are xml and json. If the parameter is not provided in the request, the response will be returned in xml (default).

Get Historic Multi-AV Scan Records - Bulk Request

This service provides a means to send multiple hashes of files in a single request and provides Multi-AV scan records data for those files.

Parameters

Name Key Required Type Description
Post format
post_format True string

Required parameter that defines the POST payload format. Supported options are xml and json

Content type
Content-Type: string

Content type

hash_type
hash_type True string

md5, sha1, sha256

hashes
hashes string

Get merged dynamic analysis report for a file

This service allows user to download a merged report with an overview of all dynamic analyses performed on the file.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

required parameter; accepts these options: sha1

Hash Value
hash_value True string

required parameter; must be a valid hash of the type defined by hash_type

Get Similar File Hashes Using Import Hashing Algorithm

This service provides a list of SHA1 hashes functionally similar to the file associated with the provided import hash (ImpHash).

Parameters

Name Key Required Type Description
Hash value
hash_value True string

required parameter; must be a valid ImpHash hash

Format
format string

Optional parameter that allows choosing the response format. Supported values are xml and json. If the parameter is not provided in the request, the response will be returned in xml (default).

Get specific dynamic analysis report for a file

This service allows user to download a specific report of a dynamic analysis performed on the file.

Parameters

Name Key Required Type Description
Hash Type
hash_type True string

required parameter; accepts these options: md5,sha1

Hash Value
hash_value True string

required parameter; must be a valid hash of the type defined by hash_type

analysis_id value should be an exact analysis id or keyword "latest"
analysis_id True string

required parameter; analysis_id value should be an exact analysis id or keyword "latest"

Get URI Statistics on Email addresses, IP(s), Domain(s) and URL(s)

This service provides statistical information on the number of known, malicious, and suspicious file(s) associated with the URI.

Parameters

Name Key Required Type Description
Hash value
hash_value True string

required parameter; The SHA1 hash value of the URI string

Format
format string

Optional parameter that allows choosing the response format. Supported values are xml and json. If the parameter is not provided in the request, the response will be returned in json (default).

Get URL Threat Intelligence Report

This service returns threat intelligence data, including reputation from various reputation sources, metadata for performed URL analyses, and the maliciousness of files found on the submitted URL.

Parameters

Name Key Required Type Description
Post format
post_format True string

Required parameter that defines the POST payload format. Supported options are xml and json

Content type
Content-Type: string

Content type

url
url True string

full URL of a website including the protocol

response_format
response_format string

xml, json

Re-Analyze File

This service provides a means to send file(s) for rescanning.

Parameters

Name Key Required Type Description
Hash type
hash_type True string

required parameter; accepts these options: md5, sha1, sha256

Hash value
hash_value True string

required parameter; must be a valid hash of the type defined by hash_type

Re-Analyze File - Bulk Request

This service provides a means to initiate multiple files to be rescanned using a single request.

Parameters

Name Key Required Type Description
Format
format True string

format accepts the options xml or json and defines the return format

Post format
post_format True string

Required parameter that defines the POST payload format. Supported options are xml and json

Content type
Content-Type: string

Content type

hash_type
hash_type True string

md5, sha1, sha256

hashes
hashes string

Sample file upload

This services provides a means to upload a file for analysis.

Parameters

Name Key Required Type Description
SHA1 value
sha1_value True string

Required parameter.

Content type
Content-Type: string

Content type

Sample metadata file upload

This service provides a means to send metadata for previously successfully uploaded file.

Parameters

Name Key Required Type Description
SHA1 value
sha1_value True string

Required parameter.

Content type
Content-Type: string

Content type