Hybrid Analysis

With this Playbook app, you can submit suspicious files and URLs to retrieve analyses from the Hybrid Analysis malware sandbox. This all leads to more informed decision-making and more efficient remediation of malicious files through automation.

The following actions are available within the Playbook App:

• Submit File for Analysis - Submit a file to be analyzed in the malware sandbox.
• Submit URL for Analysis - Submit a URL to be analyzed in the malware sandbox.
• Enrich File - Query the malware sandbox service based on a file hash and retrieve insight into the file's behavior.
• Get Report - Retrieve insights on a file or URL you've submitted.

This app can be found in the ThreatConnect App Catalog under the name: Hybrid Analysis

The Polarity - Hybrid Analysis integration utilizes Hybrid Analysis's vast open source tooling to provide insights into file hashes. Enabling analysts to quickly gain insights into if a file hash is deemed malicious or what MITRE techniques threat actors can use when deploying the file.

Examples

Hybrid Analysis Data Overview

• Summary Tags: As an analyst you can quickly see the threat score that Hybrid Analysis establishes for hashes, as well and see the hash relation.
• Scan Summary: When drilling into the details, quickly understand all of the output from the Hybrid Analysis scans from the verdict to when the scan was completed to the file type.
• MITRE ATT&CK techniques: Quickly get the details on what attacks were identified by the scan that can be utilized by threat actors when deploying the hash.