70 docs tagged with "spectra-intelligence"

Submit a certificate common name or partial name to TCA-0503 and receive matching common names with their associated MD5, SHA1, and SHA256 thumbprints.

Spectra Intelligence Certificate Indicator feeds provide continuous streams of code signing certificates and their signed samples to detect impersonation and compromised certs.

Consume TCF-0601 for a continuous stream of code signing certificates with signed sample hashes, classification filter support, and detection of impersonation attempts.

Submit a certificate thumbprint to TCA-0501 and receive a list of signed samples with reputation data, metadata, classification, and download availability.

Spectra Intelligence Certificate Threat Intelligence APIs for investigating code signing certificates, finding signed samples, and detecting certificate misuse.

Submit certificate thumbprints to TCA-0502 and receive analytics including sample counts by classification, blacklist status, trust factor, threat level, and chain-of-trust data.

Spectra Intelligence Customer Administration APIs for managing users, licenses, usage quotas, and automated email alerts on your account.

Manage Spectra Intelligence accounts with TCA-9999: view and create users, monitor license and API usage limits, and configure automated email usage alerts.

Spectra Intelligence CVE feeds deliver daily exploit overviews, per-CVE file hashes, hourly and daily new exploit samples detected in the wild.

Consume TCF-0203 for hourly lists of new file hashes containing CVE or exploit identifications detected in Spectra Intelligence; includes first-scan samples only.

Consume TCF-0204 for daily lists of new file hashes containing CVE or exploit identifications detected in Spectra Intelligence; includes first-scan samples only.

Consume TCF-0201 to get a daily overview of CVE identifiers detected in Spectra Intelligence for files exploiting known vulnerabilities collected in the wild.

Consume TCF-0202 for per-day reports on CVE identifiers with associated file hashes, scan counts, SHA1/MD5/SHA256, and threat names from Spectra Intelligence.

Consume TCF-0109 to receive a continuous list of Spectra Intelligence samples showing detection changes between multi-AV scan reports; records retained for 365 days.

Delete user-owned samples from the Spectra Intelligence repository using tca-0204; accepts single or bulk hash requests (MD5, SHA1, SHA256) of up to 100 hashes.

Submit a URI SHA1 or plain-text value to TCA-0401 and receive SHA1 hashes of files that referenced the URI (email, URL, IPv4, or domain) during static analysis.

Query TCA-0405 for domain reports with reputation, DNS records, certificates, related URLs, and subdomains from Spectra Intelligence.

Retrieve dynamic analysis reports from TCA-0106 for files and URLs detonated in the ReversingLabs sandbox, including behavior, network traffic, and malware configuration data.

Submit files or URLs to Spectra Intelligence tca-0207 for sandbox detonation on Win11, Win10, Win7, macOS, Linux, or Android; retrieve results via tca-0106.

Submit advanced search queries to TCA-0320 to filter Spectra Intelligence samples by classification, threat level, malware family, file type, and network indicators.

Retrieve comprehensive file analysis from Spectra Intelligence tca-0104: static analysis, dynamic behavior, AV scans, certificates, URLs, and IP/domain IOCs by hash.

Submit a SHA1 hash to TCA-0321 and receive real-time statistics on malicious, suspicious, and known files that are functionally similar at a selected RHA1 precision level.

Download file samples from the Spectra Intelligence repository by MD5, SHA1, or SHA256 hash using tca-0201; supports multi-threaded downloads at up to 100 req/min.

Consume TCF-0108 to receive a continuous list of Spectra Intelligence samples that have been scanned for the first time or rescanned; records retained for 365 days.

Spectra Intelligence File Indicator feeds deliver continuous streams of newly detected malware, AV scan results, classification changes, and first-scan file hashes.

Consume TCF-0102-0106 to get platform-filtered malware detections from Spectra Intelligence; separate feeds for Windows, Android, macOS, and other platforms.

Query malware status, threat level, trust factor, and malware family for MD5, SHA1, or SHA256 hashes using the Spectra Intelligence tca-0101 File Reputation API.

Override file classifications to malicious, suspicious, or known using Spectra Intelligence tca-0102; manage false positives and list org-wide overrides by hash.

Upload file samples and metadata to Spectra Intelligence using tca-0202 and tca-0203; triggers automatic analysis pipeline and supports archive password and privacy settings.

Find functionally similar files using Spectra Intelligence tca-0301 and the RHA1 algorithm; query by SHA1 hash at 25% or 50% precision for PE, MachO, and ELF files.

Retrieve trust factor, hashes, relationships, size, and sources for known-good files only using Spectra Intelligence tca-0105; returns 404 for malicious hashes.

Retrieve current and historical multi-AV scan records for file hashes using Spectra Intelligence tca-0103; supports single and bulk queries of up to 100 hashes.

Find Windows PE files sharing the same import hash (imphash) using Spectra Intelligence tca-0302; returns SHA1 hashes paginated at up to 1000 records per page.

Spectra Intelligence Industry Sector feeds deliver early-warning malware samples filtered by category: APT, Financial, Retail, Ransomware, CVE Exploits, and Malware Configuration.

Consume TCF-0401-0406 for early-warning malware samples from Spectra Intelligence filtered by industry category: Financial, Retail, Ransomware, Exploits, APT, and more.

Submit a URI SHA1 to TCA-0402 and receive counts of known, malicious, and suspicious files associated with that URI (email, URL, IPv4, or domain) from static analysis.

Query TCA-0406 for IP address reports with reputation, WHOIS, GeoIP, hosted files, and domain resolutions from Spectra Intelligence.

Consume TCF-0101 to receive a continuous stream of new samples with at least one AV scanner detection, including file hashes, file type, and targeted platform.

Spectra Intelligence Network Indicator feeds provide continuous streams of malicious URLs detected in the system, with associated file metadata and threat details.

Consume TCF-0301 for a continuous stream of malicious URLs identified by Spectra Intelligence, including associated file SHA1/SHA256 hashes and threat names.

Query TCA-0330 for structured IoC data on samples and URLs with filtering by classification, threat level, malware family, platform, and vertical; returns paginated JSON.

Spectra Intelligence Network Threat Intelligence APIs for investigating URLs, domains, and IP addresses, querying reputation data, and correlating network IOCs with files.

Trigger rescanning of file samples with updated AV signatures in Spectra Intelligence using tca-0205; supports single and bulk hash requests of up to 100 hashes.

Use TCA-0408 to override URL classifications within your organization and manage existing overrides in Spectra Intelligence.

Subscribe to up to 1 billion file and URL hashes in Spectra Intelligence via tca-0206 and receive Data Change Feed notifications when classification or metadata changes.

Consume TCF-0502 for a continuous list of Spectra Intelligence samples whose whitelist status changed from KNOWN to MALICIOUS or SUSPICIOUS, with MD5/SHA1/SHA256 and platform.

Consume TCF-0111 to receive new malicious samples, false positive reclassifications, and threat name changes from the Spectra Intelligence malware presence change events feed.

Learn how to authenticate, format requests, and interpret rate limits and response codes for Spectra Intelligence TCA and TCF endpoints.

Upload, download, delete, and monitor file samples in the Spectra Intelligence repository using tca-0201 through tca-0206 Automation APIs.

Install and use the ReversingLabs Chrome extension to query Spectra Intelligence for file hashes, URLs, domains, and IPs directly from any webpage.

Query file reputation, retrieve multi-AV scan results, and get detailed malware analysis reports by hash using Spectra Intelligence tca-0101 through tca-0105.

Hunt threats using Spectra Intelligence Malware Hunting APIs: YARA rules, advanced search, RHA1 similarity, IoC retrieval, and industry-specific malware statistics.

Get API credentials, authenticate with HTTP Basic Auth, and run your first Spectra Intelligence file reputation lookup using tca-0101.

Submit files and URLs for sandbox detonation and retrieve behavioral reports using Spectra Intelligence tca-0207 and tca-0106 RL Cloud Sandbox APIs.

Resolve Spectra Intelligence API errors: fix 401 Unauthorized, 429 rate limit exceeded, feed timeout issues, and unexpected file classification results.

Spectra Intelligence Supply Chain Security feeds track malicious Open Source Software packages and reclassification events with near-real-time threat intelligence.

Consume TCF-0701 for malicious Open Source Software packages and reclassification events from Spectra Intelligence, with full historical data and approximately 1-hour delay.

Consume TCTF-0001/0002 for curated ransomware IOCs via TAXII 2.1 in STIX format, including ransomware files, C2 infrastructure, and payload download URLs.

Query the Spectra Intelligence Flexible Intel Feed (TCTF-0003) via TAXII 2.1 to receive private STIX 2.1 IOCs scoped to your account's submissions, with OpenCTI integration support.

Spectra Intelligence TAXII feeds deliver curated threat intelligence in STIX 2.1 format via TAXII 2.1, enabling integration with platforms like OpenCTI.

Spectra Intelligence Whitelist File Indicator feeds deliver continuous streams of newly whitelisted known-good files and track changes from known to malicious or suspicious.

Consume TCF-0501 for a continuous stream of newly whitelisted known-good files from Spectra Intelligence; requires trusted source and at least two weeks between scans.

Submit a URL to TCA-0403 and receive a threat report including ReversingLabs classification, third-party reputation, analysis history, and associated malicious files.

Submit URLs to TCA-0404 for analysis including content download, screenshots, and dynamic analysis in Spectra Intelligence.

Query TCA-0407 for reputation data on URLs, domains, and IP addresses with third-party detections from Spectra Intelligence.

Search industry-specific malware feeds in Spectra Intelligence by family name using tca-0312 to tca-0316 and tca-0318; covers APT, Financial, Ransomware, and CVE Exploit feeds.

Query weekly malware family statistics by industry category using Spectra Intelligence tca-0307 to tca-0311 and tca-0317 — APT, Financial, Ransomware, Retail, and CVE.

Upload YARA rulesets to Spectra Intelligence tca-0303 to match text or binary patterns against newly ingested samples; supports PE, ELF, Dex, Macho, and Dotnet modules.

Run YARA rulesets retroactively against the last 90 days of Spectra Intelligence samples using tca-0319; manage retro hunts with retro-admin and fetch matches via retro-matches.

Consume TCF-0107 to receive a continuous stream of file hashes scanned for the first time in Spectra Intelligence; records are retained for 365 days.