Playbook Fridays: Koodous Playbook Components

Today’s post features two Playbook Components designed to query Koodous. The Playbook Components are available on our GitHub repository here.

The first component, named “[Koodous] Request APK Data.pbx”, takes the sha256 hash of a file as input and returns information for this file, if any exists, from Koodous. If you would like to test this component, install the component, create a simple playbook that uses this component (there is an example below), and submit “9be4fb5e337bb0b994c9d2b781355f934a349b76abc34a02a40527ae760eb1f0” as the sha256 (this is the sha256 of the APK here).

 

The second component, named “[Koodous] Search for APKs.pbx”, queries Koodous using the advanced searches documented here. If you would like to test this component, install the component, create a simple playbook using the component (there is an example below), and submit “package_name:”com.whatsapp” -developer:”WhatsApp Inc.”” as the query. This query will return a list of APKs in Koodous where the package name is “com.whatsapp” and the developer is not “WhatsApp Inc.”.

If you have any questions or feedback, feel free to raise an issue. Also, don’t forget to explore our repository of Playbooks, Playbook Components, and Playbook Apps.

 

ThreatConnect
About the Author
ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.