Threat Intel Search

Here you can find a convenience Postman collection for the MetaDefender Cloud Threat Intelligence Search API, which is an integral part of MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox).

Store the following JSON file to disc and import it:

{ "info": { "_postman_id": "997685f7-d05a-403a-ad78-b5f9aaf3ccfc", "name": "ThreatIntel Search API", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "11461903" }, "item": [ { "name": "v4 Apikey - Get", "request": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}", "description": "Gives rights to use the endpoint" } ], "url": { "raw": "https://api.metadefender.com/v4/apikey", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v4", "apikey" ] } }, "response": [ { "name": "Successful request", "originalRequest": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}" } ], "url": { "raw": "https://api.metadefender.com/v4/apikey/", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v4", "apikey", "" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json; charset=utf-8" }, { "key": "X-Authenticated", "value": "by apikey" }, { "key": "X-Response-Time", "value": "expressed in milliseconds" } ], "cookie": [], "body": "{\n \"max_upload_file_size\": 140,\n \"max_archive_file_size\": 140,\n \"max_archive_file_number\": 50,\n \"limit_prevention\": 40,\n \"limit_reputation\": 4000,\n \"limit_sandbox\": 1,\n \"limit_feed\": 1000,\n \"qos_scan\": \"normal\",\n \"updated_at\": \"2019-02-21T09:12:36.275Z\",\n \"created_at\": \"2019-02-21T09:12:36.275Z\",\n \"portal_api_key\": \"1981b1387c84f2f1465ae14994b96c5c\",\n \"source\": \"mdcloud_fingerprint\",\n \"workflow_rule\": 0,\n \"votes\": [],\n \"vulnerability_submissions\": [],\n \"expiration_date\": \"1970-01-01T00:00:00.000Z\",\n \"time_interval\": \"daily\",\n \"nickname\": \"throbbing_band_caae\",\n \"paid_user\": 0\n}" }, { "name": "Failed request", "originalRequest": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}" } ], "url": { "raw": "https://api.metadefender.com/v4/apikey/", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v4", "apikey", "" ] } }, "status": "Not Found", "code": 404, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json; charset=utf-8" } ], "cookie": [], "body": "{\n \"success\": false,\n \"error\": {\n \"code\": 404008,\n \"messages\": [\n \"The apikey was not found\"\n ]\n }\n}" } ] }, { "name": "v5 Threat Intel Status", "request": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}", "type": "text" } ], "url": { "raw": "https://api.metadefender.com/v5/threat-intel/status", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "status" ] } }, "response": [] }, { "name": "Search - Simple Threat Name", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "description": "Gives rights to use the endpoint", "key": "apikey", "value": "{{apikey}}" }, { "description": "Specify the http content type", "key": "Content-Type", "value": "application/json" }, { "key": "includescandetails", "value": "1", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{\n \"filters\": { \n \"standard_threat_name\": \"*.Trojan.*\" \n },\n \"limit\": 100\n}" }, "url": { "raw": "https://api.metadefender.com/v5/threat-intel/search/", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "search", "" ] } }, "response": [] }, { "name": "Search - Glob Patterns", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "description": "Gives rights to use the endpoint", "key": "apikey", "value": "{{apikey}}" }, { "description": "Specify the http content type", "key": "Content-Type", "value": "application/json" }, { "key": "includescandetails", "value": "1", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{\n \"filters\": {\n \"reputation\": \"mal*\",\n \"risk_level\": \"hi*\",\n \"platforms\": \"Win*\"\n },\n \"limit\": 100\n}" }, "url": { "raw": "https://api.metadefender.com/v5/threat-intel/search/", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "search", "" ] } }, "response": [] }, { "name": "Search - Text Arrays", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "description": "Gives rights to use the endpoint", "key": "apikey", "value": "{{apikey}}" }, { "description": "Specify the http content type", "key": "Content-Type", "value": "application/json" }, { "key": "includescandetails", "value": "1", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{\n \"filters\": {\n \"first_seen\": {\"gt\": \"2023-06-20T12:00:00.000Z\"},\n \"file_info.file_type_category\": \"E\",\n \"malware_types\": [\"trojan*\", \"*miner\"],\n \"malware_families\": [\"eldorado*\", \"kryptik\"],\n \"risk_level\": \"high\",\n \"standard_threat_name\": \"*\"\n },\n \"limit\": 100\n}" }, "url": { "raw": "https://api.metadefender.com/v5/threat-intel/search/", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "search", "" ] } }, "response": [] }, { "name": "Search - Numeric and date comparisons", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "description": "Gives rights to use the endpoint", "key": "apikey", "value": "{{apikey}}" }, { "description": "Specify the http content type", "key": "Content-Type", "value": "application/json" }, { "key": "includescandetails", "value": "1", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{\n \"filters\": {\n \"reputation_i\": [1, 2],\n \"first_seen\": {\"gt\": \"2023-06-20T18:26:40.000Z\"},\n \"av_detection_count\": {\"gte\": 5, \"lt\": 20},\n \"file_info.file_type_extension\": \"exe\",\n \"file_info.file_size\": {\"lte\": 100000},\n \"standard_threat_name\": \"*\"\n }, \n \"limit\": 10\n}" }, "url": { "raw": "https://api.metadefender.com/v5/threat-intel/search/", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "search", "" ] } }, "response": [] }, { "name": "Search - Benign executables", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "description": "Gives rights to use the endpoint", "key": "apikey", "value": "{{apikey}}" }, { "description": "Specify the http content type", "key": "Content-Type", "value": "application/json" }, { "key": "includescandetails", "value": "1", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{\n \"filters\": {\n \"first_seen\": {\"gt\": \"2023-06-20T18:26:40.000Z\"},\n \"file_info.file_size\": {\n \"lt\": 1000000\n },\n \"file_info.file_type_extension\": \"EXE\",\n \"reputation\": \"benign\"\n },\n \"limit\": 10\n}" }, "url": { "raw": "https://api.metadefender.com/v5/threat-intel/search/", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "search", "" ] } }, "response": [] }, { "name": "Similarity Search - Hash Lookup #1", "request": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}", "type": "text" }, { "key": "limit", "value": "5", "type": "text" } ], "url": { "raw": "https://api.metadefender.com/v5/threat-intel/similarity-search/bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "similarity-search", "bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb" ] } }, "response": [] }, { "name": "Similarity Search - Hash Lookup #2", "request": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}", "type": "text" }, { "key": "limit", "value": "5", "type": "text" }, { "key": "tags", "value": "installer", "type": "text" }, { "key": "verdict", "value": "MALICIOUS", "type": "text" } ], "url": { "raw": "https://api.metadefender.com/v5/threat-intel/similarity-search/d5c9ac7722bca76ff8e44ea7b8ebc8bfed23f09ebd39e94d1a042273801d8425", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "similarity-search", "d5c9ac7722bca76ff8e44ea7b8ebc8bfed23f09ebd39e94d1a042273801d8425" ] } }, "response": [] }, { "name": "Similarity Search - Hash Lookup #3", "request": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}", "type": "text" }, { "key": "limit", "value": "5", "type": "text" } ], "url": { "raw": "https://api.metadefender.com/v5/threat-intel/similarity-search/2e8a440a90ff1b15c8cf93eaf47fbb8f95fc0d14e9fa665dd9f4a2596387bbbf", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "similarity-search", "2e8a440a90ff1b15c8cf93eaf47fbb8f95fc0d14e9fa665dd9f4a2596387bbbf" ] } }, "response": [] }, { "name": "Similarity Search - Hash Lookup #4", "request": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}", "type": "text" }, { "key": "limit", "value": "5", "type": "text" } ], "url": { "raw": "https://api.metadefender.com/v5/threat-intel/similarity-search/f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "similarity-search", "f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37" ] } }, "response": [] }, { "name": "Similarity Search - Hash Lookup #5", "request": { "method": "GET", "header": [ { "key": "apikey", "value": "{{apikey}}", "type": "text" }, { "key": "limit", "value": "5", "type": "text" } ], "url": { "raw": "https://api.metadefender.com/v5/threat-intel/similarity-search/414ed6f7183b0a53b29f31e960246a9f59c2e1949fd69b94d53f06dd27ec6869", "protocol": "https", "host": [ "api", "metadefender", "com" ], "path": [ "v5", "threat-intel", "similarity-search", "414ed6f7183b0a53b29f31e960246a9f59c2e1949fd69b94d53f06dd27ec6869" ] } }, "response": [] } ] }

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
MISP

See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet

On This Page
Threat Intel Search