Malwation ThreatZone Documentation

URL will be analyzed by Threat.Zone URL Scanner, use the UUID to track the status of the submission

post

Authorizations

AuthorizationstringRequired

Communication key

Body

urlstringOptional

URL to be analyzed

Example: https://example.com

privatebooleanOptional

Determines if the scan should be private

Default: false

Responses

200

Successful analysis

No content

400

Bad Request - Invalid URL or body

401

Unauthorized

post

/public-api/scan/url-analysis

No content

File will be scanned by Threat.Zone Sandbox & Static Scanner, use the UUID to track the status of the submission

post

Authorizations

AuthorizationstringRequired

Communication key

Query parameters

autostringOptional

If this passed as "true", all of the metafields and environment will be set automatically

Example: false

Body

filestring · binaryRequired

File to be analyzed

extensionCheckstringOptional

Make a MIMEType check for the file and auto-assign the extension

Example: true

modulesstring[]Optional

Modules to be used in analysis

Example: ["csi","cdr"]

entrypointstring | nullableOptional

Select the file to be executed within the archive

Example: file.exe

passwordstring | nullableOptional

Enter the password that will be used to open the archive file

Example: password

Responses

200

Successful analysis

No content

401

Unauthorized

422

Unprocessable Entity - Invalid file or body

post

/public-api/scan/sandbox

No content

File will be scanned by Threat.Zone Static Scanner, use the UUID to track the status of the submission

post

This endpoint allows users to upload a file and perform a static scan on it.

Authorizations

AuthorizationstringRequired

Communication key

Body

filestring · binaryRequired

The file to be scanned

extensionCheckone ofOptional

Option to check file extension

booleanOptional

stringOptional

isPublicbooleanOptional

Whether the scan results should be public

entrypointstring | nullableOptional

Select the file to be executed within the archive

Example: file.exe

passwordstring | nullableOptional

Enter the password that will be used to open the archive file

Example: password

Responses

200

The file has been successfully scanned

No content

401

Unauthorized

422

Unprocessable Entity - Invalid file or body

post

/public-api/scan/static-scan

No content

Perform a CDR (Content Disarm and Reconstruction) scan on an uploaded file

post

This endpoint allows users to upload a file and perform a CDR scan on it, extension check is not optional because it is necessary for CDR module to work properly.

Authorizations

AuthorizationstringRequired

Communication key

Body

filestring · binaryRequired

The file to be scanned

isPublicbooleanOptional

Whether the scan results should be public

entrypointstring | nullableOptional

Select the file to be executed within the archive

Example: file.exe

passwordstring | nullableOptional

Enter the password that will be used to open the archive file

Example: password

Responses

200

The file has been successfully submitted for CDR

application/json

401

Unauthorized

422

Unprocessable Entity - Invalid file or body

post

/public-api/scan/cdr

POST /public-api/scan/sandbox HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: multipart/form-data
Accept: */*
Content-Length: 671

{
  "file": "binary",
  "analyzeConfig": [
    {
      "metafieldId": "environment",
      "value": "w10_x64"
    },
    {
      "metafieldId": "private",
      "value": false
    },
    {
      "metafieldId": "timeout",
      "value": 180
    },
    {
      "metafieldId": "work_path",
      "value": "desktop"
    },
    {
      "metafieldId": "mouse_simulation",
      "value": true
    },
    {
      "metafieldId": "https_inspection",
      "value": false
    },
    {
      "metafieldId": "internet_connection",
      "value": false
    },
    {
      "metafieldId": "raw_logs",
      "value": false
    },
    {
      "metafieldId": "snapshot",
      "value": false
    },
    {
      "metafieldId": "sleep_evasion",
      "value": false
    },
    {
      "metafieldId": "smart_tracing",
      "value": false
    },
    {
      "metafieldId": "dump_collector",
      "value": false
    }
  ],
  "extensionCheck": "true",
  "modules": [
    "csi",
    "cdr"
  ],
  "entrypoint": "file.exe",
  "password": "password"
}

POST /public-api/scan/sandbox HTTP/1.1
Host: 
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: multipart/form-data
Accept: */*
Content-Length: 671

{
  "file": "binary",
  "analyzeConfig": [
    {
      "metafieldId": "environment",
      "value": "w10_x64"
    },
    {
      "metafieldId": "private",
      "value": false
    },
    {
      "metafieldId": "timeout",
      "value": 180
    },
    {
      "metafieldId": "work_path",
      "value": "desktop"
    },
    {
      "metafieldId": "mouse_simulation",
      "value": true
    },
    {
      "metafieldId": "https_inspection",
      "value": false
    },
    {
      "metafieldId": "internet_connection",
      "value": false
    },
    {
      "metafieldId": "raw_logs",
      "value": false
    },
    {
      "metafieldId": "snapshot",
      "value": false
    },
    {
      "metafieldId": "sleep_evasion",
      "value": false
    },
    {
      "metafieldId": "smart_tracing",
      "value": false
    },
    {
      "metafieldId": "dump_collector",
      "value": false
    }
  ],
  "extensionCheck": "true",
  "modules": [
    "csi",
    "cdr"
  ],
  "entrypoint": "file.exe",
  "password": "password"
}