Playbook Fridays: Koodous Playbook Components

Today’s post features two Playbook Components designed to query Koodous. The Playbook Components are available on our GitHub repository here.

The first component, named “[Koodous] Request APK Data.pbx”, takes the sha256 hash of a file as input and returns information for this file, if any exists, from Koodous. If you would like to test this component, install the component, create a simple playbook that uses this component (there is an example below), and submit “9be4fb5e337bb0b994c9d2b781355f934a349b76abc34a02a40527ae760eb1f0” as the sha256 (this is the sha256 of the APK here).

 

The second component, named “[Koodous] Search for APKs.pbx”, queries Koodous using the advanced searches documented here. If you would like to test this component, install the component, create a simple playbook using the component (there is an example below), and submit “package_name:”com.whatsapp” -developer:”WhatsApp Inc.”” as the query. This query will return a list of APKs in Koodous where the package name is “com.whatsapp” and the developer is not “WhatsApp Inc.”.

If you have any questions or feedback, feel free to raise an issue. Also, don’t forget to explore our repository of Playbooks, Playbook Components, and Playbook Apps.

 

About the Author
ThreatConnect

With ThreatConnect, security analysts can simultaneously coordinate with incident response, security operations and risk management teams while aggregating data from trusted communities. Your team will be better equipped to protect the organization from modern cyber threats, mitigate risk and address strategic business needs all thorough a single, robust platform.