One-Click querying of the Wayback Machine
See if a website has been archived in the Wayback Machine
ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention.
When investigating phishing pages it can be helpful to see what a malicious website looks like. This can help you identify what organization the phishing page is spoofing and possibly whether or not a phishing kit is being used. Sometimes, however, the phishing page is taken down before an analyst gets a chance to see what it looked like.
Archive.org's Wayback Machine can be helpful in these cases as it allows anyone to archive a snapshot of a website. This playbook allows you to check if a Host or URL Indicator has already been archived in the Wayback Machine.
One-click querying of the Wayback Machine
This playbook is triggered with a User Action Trigger available on the page for all Host and URL Indicators.
Once triggered, the playbook queries Archive.org's Wayback Machine to see if the domain exists. If a domain exists, it will return a link to the archived website. Otherwise, it will let you know that the indicator has not yet been archived.
This playbook requires no configuration. Just install and turn it on!