Overview
Hybrid Analysis is an independent service, powered by Falcon Sandbox and provides a subset of Falcon Sandbox capabilities. CrowdStrike Falcon Sandbox is an automated malware analysis solution Falcon Sandbox performs deep analysis of evasive and unknown threats, enriches the results with threat intelligence, and delivers actionable indicators of compromise (IOCs).
Hybrid Analysis is a file analysis approach that combines runtime data with memory dump analysis to extract all possible execution pathways even for the most evasive malware. All data extracted from the Hybrid Analysis engine is processed automatically and integrated into the malware analysis reports. Users can search thousands of existing malware reports or download samples and IOCs.
With the help of these Transforms investigators can query into the Hybrid Analysis API.
To read more click here.
Hybrid Analysis Transforms
[HybridAnalysis] Query Hash
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Domain Name of Private Cloud Instance | string | www.hybrid-analysis.com | true | false | false |
| Hybrid-Analysis API Key | string | DefaultValue | false | true | false |
| Hybrid-Analysis API Secret | string | DefaultValue | false | true | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [HybridAnalysis] Query Hash |
| Owner | iTDS |
| Author | iTDS@Paterva.com |
| Data Source | HybridAnalysis |
| Input Entities | maltego.affiliation.Twitter |
| Output Entities | Phrase |
| Short Description |
Variants
Transform Name
QueryHash QueryMHash
[HybridAnalysis] Query Domain
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Domain Name of Private Cloud Instance | string | www.hybrid-analysis.com | true | false | false |
| Hybrid-Analysis API Key | string | DefaultValue | false | true | false |
| Hybrid-Analysis API Secret | string | DefaultValue | false | true | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [HybridAnalysis] Query Domain |
| Owner | iTDS |
| Author | iTDS@Paterva.com |
| Data Source | HybridAnalysis |
| Output Entities | Phrase |
| Short Description |
Variants
| Transform Name | Input Entities |
|---|---|
| QueryDomain | maltego.DNSName |
| QueryDNS | maltego.Domain |
[HybridAnalysis] Query IP Address
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Domain Name of Private Cloud Instance | string | www.hybrid-analysis.com | true | false | false |
| Hybrid-Analysis API Key | string | DefaultValue | false | true | false |
| Hybrid-Analysis API Secret | string | DefaultValue | false | true | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [HybridAnalysis] Query IP Address |
| Owner | iTDS |
| Author | iTDS@Paterva.com |
| Data Source | HybridAnalysis |
| Transform Name | QueryIP |
| Input Entities | maltego.IPv4Address |
| Output Entities | Phrase |
| Short Description |
[HybridAnalysis] Query Similar Samples
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| Domain Name of Private Cloud Instance | string | www.hybrid-analysis.com | true | false | false |
| Hybrid-Analysis API Key | string | DefaultValue | false | true | false |
| Hybrid-Analysis API Secret | string | DefaultValue | false | true | false |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | [HybridAnalysis] Query Similar Samples |
| Owner | iTDS |
| Author | iTDS@Paterva.com |
| Data Source | HybridAnalysis |
| Output Entities | Phrase |
| Short Description |
Variants
| Transform Name | Input Entities |
|---|---|
| QuerySimilar | CS.Hash |
| QueryMSimilar | maltego.affiliation.Twitter |