α’ααααααααααΉαααΆααααααααααααααΆααα’ααααααααααΆαααα
αα
αααα·ααααΆ α
ααα»α
αα·αα·ααα αααααΆαααααΆααααΆαα―αααΆα (ααΆαααααΆααααΆαααΆαααααΆαααα αα) αα·αααΆααααα’αΆαα―αααΆαααααα (ααΆαααΆαααααΆαααααΆαααα αα) α αΎαα
αααααααα αΆαααααααα
ααααΆαααααΎα±αααα·α
αα
ααΆαααΆααααααααααααααααααααα·α α
ααα»α
αααα½ααα·αα·αααααΆα
α’ααααααΆααααΆααΌαααααΆα
API ααΆαααΆαααΆαααααΆαααα αα ααααΎαααΆαααΆαα½ααααΆαααΆαααααΆααααΈ αααααααΌαααΆαα α αααα»α API ααΆαααααααααα’αααααααΆααααααα
av - αααΆαααΆαα»αααααΆααααααα αααααα½ααα»αααααΌαα ααααααΆααα·ααΆαα αααααααΆααααΆαααααΆαααα αααααααααααΆααα
te - αααΆαααΆαααΆαααααΆααααΆαααααΆαααα αα ααα½ααα»αααααΌααααα»αααΆααααα½ααα·αα·αααα―αααΆααα αααα»ααααα’ααααααΆα α αα·ααααααΎαααΆαααααααααΆααΆα/ααααΌαααΌααααααΆααααΈααΆαααααΆααααΆαα
ααΆααααααα αα - ααΆαα»ααααααααΆαααΆαααααΆαααααΆαααα αα αααααα½ααα»αααααΌαα ααααααΆααααααααα―αααΆαααΆαα·ααΆααααααΆαααΆαααα αααα ααΆαααααααα»ααααα·ααΆα (αααααααΉαααΆααααααΆααααααααααΆααααΆααα’ααααααΌαααΆαααα αα) ααΎααααΈαααααΌαααΆαα ααΆααα’αααααααΎααααΆαα/ααααααααααΆααααΆαααΆαααα ααα
αα ααΆαααααααα API αα·αααααααααααααΆααα
API ααΆαααΆαααΆαααααΆαααα ααααααΎαα 4 ααααΎ β αααα»αα‘αΎα αααα½α ααΆααα αα·αααΌααΆ. αα
αααα»αααααααΆαααααΆααααααΎααΆαααα½α α’αααααααΌαααααααΆαααα API αααααααΎαααΆαααΆαααααα ααΆαα’αα»ααααΆα. αα
glance ααααΌα αα
ααΆααααααααα’αΆα
α αΆααααΌα
ααΆααΆααααααΆααα
αααα»α
αα αααααα αααααααα½αααααα API ααΆαααΆαααΆαααααΆαααα ααααααΌαααΆαα ααααααΆα - 1.0 URL αααααΆααααΆαα α API αα½ααααα½ααααα αΌα v1 αα αααα»αααααααααα’αααααααΌααααααΆααααααα αα·αααΌα ααΆαααααααααα API αα ααΆα αΆαααΆα ααααα»αααΆαα ααα’α»ααααα αΆααααα API αα αααα»α URL ααΎαα·αααΌα ααααααααααΎααΉααα·αααααΌαααΆαααααα·ααααα·ααα
αααΆαααΆααααααΆααααααα αα αααα α αααααααΆααααΆαααΆααααααααα (te, αααααα αα) αα αα α»ααααααααΆααααααααααΎαααα½αααΆαα½α md5 hash sums ααα»αααααα ααΆαααααΆααααΆαααΆαααααΆαααα αα αα·αααΆαααΆαααααΆαααααΆαααα ααααααΆαααααααααααΌα sha1 αα·α sha256 αααααα
ααΆααΆαααΆααααααΆααααααΆααααΆααααααα·αααααΎα±ααααΆαααα α»ααααα»ααααα½α! ααααΎα’αΆα ααααΌαααΆαα’αα»αααααααααααΆαααα α»α ααα»αααααα·αααΆαααααα»αααα αααα‘ααααΎααα αα»αααααα·α ααΌααααα‘ααααΎαα’αααΈαααα’αΆα ααΎαα‘αΎααα ααααααααΆα error/typos αα αααα»ααααα½αα
ααααΎαα»αααΆαα½αααΆαααΆαα’ααααααΆαα½αααΉαααΆααα αααΆαααΆααα (αααΆαααΆααα)
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reportss: ["tar", "pdf", "xml"]
}
}
]
}
ααΆβααΉαβαα·αβααΆαβααα α»αβαααα»αβααΆαβααααΎαβααβαααβαα ααα»ααααβααΉαβαα·αβααΆαβααααααΆαβα’αααΈβαααΆαααΆαααβααΆααβααβααα
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ααα»ααααβαααααΆααβααααΎβαααβαα·αβααΆαβααΆαβααΆαβαααα αΌαβαααα»αβαααααΉαβαααΆαααΆααα
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
reports: ["tar", "pdf", "xml"]
}
}
]
}
ααΎαααα½αααΆαααΆαααααΎααααααααΆαααααααααΆαααα½α α αΎααααααΆααααΆαααΆααααααΆαααΆααα
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9cc488fa6209caeb201678f8360a6bb806bd2f85b59d108517ddbbf90baec33a",
"file_type": "pdf",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "b684066e-e41c-481a-a5b4-be43c27d8b65",
"pdf_report": "e48f14f1-bcc7-4776-b04b-1a0a09335115",
"xml_report": "d416d4a9-4b7c-4d6d-84b9-62545c588963"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ααααα·αααΎααΎαααααΎαα API αα·αααααΉαααααΌα/αα»αααααα ααΎαααΉαααα½αααΆαααα α»α 403 ααΆααΆαααααΎαααα
SandBlast APIα αα αααα»αααα αα·ααα ααΎα§ααααααααα»αααααα
ααααΎ API α’αΆα βααααΌαβααΆαβααααΎβαα βα§ααααα Check Point αααβααΆαβααΎαβααααΎαααΆαβαααΆαααΆαβααααΆααααΆαβααΆαααααΆαααα αα ( blade)α ααΆα’αΆααααααΆααααααΆααααααΎ α’αααααααΌαααααΎ ip/url ααα§ααααα αα·αα ααα 18194 (α§ααΆα ααα https://10.10.57.19:18194/tecloud/api/v1/file/query)α α’ααααααα½αααααΎα±ααααααΆααααΆαααααΆααααα»ααααα·ααΆααα ααΎα§αααααα’αα»ααααΆαα±ααααΆαααΆααααααΆααααααααα ααΆαα’αα»ααααΆαααΆαααααααααΉα API αα ααΎα§αααααααΌαααααΆαααΆαααααΆαααΎα αα·α α αΎαααα’αα»ααααΆααα αααα»αααααααΆααααΎα’αΆα αα·αααααΌαααΆαααααΎααΆαααααααα
ααααΎ API αα CheckPoint cloud αα½αααααααΌαααΆαααααΎαα te.checkpoint.com (α§ααΆα ααα - https://te.checkpoint.com/tecloud/api/v1/file/query)α αααααΉα API α’αΆα ααα½αααΆαααΆα’αΆααααΆαααααααΆααααααααααα 60 αααααααααΆααααααααΌ Check Point α¬ααΆαα·ααΆααααααα»αααααααααααααα»αα αα»αα
αα
ααΎα§ααααααααα»ααααα»α ααΆαααΆαααααΆαααααΆαααα αααα·αααΆααααααΌαααΆαααΆααααααΆαααααααΆααα
α‘αΎαααα
α§ααααααααα»αααααααα·αααΆααααααααΎααΌααΆααα
ααΎαα·αααΌα αααααα ααΆαα·αααΆαααΆααα»αααααΆαααΆαααααΎαα ααΆααα§αααααααΌαααααΆα αα·ααα αααααα
αααα ααααΆαα α API
αα·ααΈααΆααααααααααΆαααααΎ - POST
α α α’αΆααααααΆα - https:///tecloud/api/v1/file/upload
ααααΎααΆαααΈαααααα (αααααααα·αααααα)α α―αααΆααααααΆααααααααααΆααααααΆααααΆα/αααα’αΆα αα·ααααααααααΎαααααΆαα’αααααα
ααααΎα’ααααααα·αα’αΆα αααααΆααα ααα»ααααααΆαααα ααααΆαα·αααΆαααΆαααααααα ααΆααααααααααΆαα½αααα ααΎααααΈα±ααααααΎααα½αααΆααααααα α’αααααααΌαααααααΎαααΆαα αα ααΆααα’αααααααΆαααααααα αααα»αααααΎα
ααΆαααΆαα’αααααααΆαααααΆααααααΎαααα αα
HTTP POST
https:///tecloud/api/v1/file/upload
ααααααΆ:
ααΆαα’αα»ααααΆα:
αα½
{
"ααααΎ"α {
}
}
α―αααΆα
α―αααΆα
αααα»αααααΈααα α―αααΆαααΉαααααΌαααΆαααααΎαααΆααααα’αα»αααααΆααααΆαααΆααααααααααΆαααΎαα αααΆαααΆα - te, ααΌαααΆα OS - αααα XP αα·α Win 7ααααα·ααααααΎααααΆαααΆαααα
ααα·αααααααΎααΆαααααΆααααααα»αααααΎα’αααααα
αααααβα―αααΆα ΠΈ ααααααα―αααΆα α’αααα’αΆα αα»ααα½αααΆα±αααα ααα α¬αα·αααααΎααΆααΆααααααα αααααααααα·ααααααΆααααααΆαααΆαααααααααααΆαα·ααααα ααααααα»αα―αααΆαα‘αΎαα αα αααα»αααΆαααααΎααα API ααΆαααΆαααααααΉαααααΌαααΆαααααααααααααααααααααα·αααααα’ααααΎαααααα―αααΆααααααΆαααΆααα α αΎαααααααΆααα αααα»αααααΆαααααααΆααααΉααα ααααααΌαααααααααααααααΎ md5/sha1/sha256 hash amounts α
ααααΎα§ααΆα αααααΆαα½α file_name αα·α file_type ααα
{
"request": {
"file_name": "",
"file_type": "",
}
}
αααααααα·ααα - αααααΈααααααα αΆαααΈαα»αααΆαα αΆαααΆα ααα αααααααΎαααΆααα αααα»ααααα’ααααααΆα α - av (Anti-Virus), te (Threat Emulation), ααΆααα (Threat Extraction)α ααααα·αααΎαααΆαααΆααααααααααα·αααααΌαααΆαααααααΆααααΆααααααα αααααΆααααααΆαααΆαααααΆαααΎαααα»ααααααααααΉαααααΌαααΆαααααΎ - te (ααΆαααααΆααααΆαααααΆαααα αα) α
ααΎααααΈααΎαααΆααα·αα·αααααΎααααΆαααΆαα»αααααΆαααΈ α’αααααααΌααααααΆαααααΆαααΆαα»ααΆααααααα αααα»αααααΎ API α
α§ααΆα αααααααααΎααΆαα½αααΉαααΆααααααααααα»α av, te αα·αααΆααααααα αα
{ "request": [
{
"sha256": {{sha256}},
"features": ["av", "te", "extraction"]
}
]
}
ααααΆααα α»α αα αααα»αααααα te
ααΌαααΆα - αααααΈαααααΆααα ααΆαα»αααααααααΆαααααααααΆαα αα·ααααααααααααααααααααααααα·ααααα·ααΆα αααααΆααααα½ααα·αα·αααααΉαααααΌαααΆαα’αα»ααααα ααααααααΆαα αα·ααααααααααααΊααΌα ααααΆαααααΆααα§ααααααααα»ααααα»αααΆααα’αα αα·ααααα
αααααΈααααααααααααα·ααααα·ααΆα αα·αααΆααααααα
ααααααααΆααααΌαααΆα OS αααα’αΆα ααααΎααΆα
ααΆααα·αα·αααβα‘αΎααα·α
ααΌαααΆα OS αα·ααααααα·ααΈ
e50e99f3-5963-4573-af9e-e3f4750b55e2
1
αααα»αα αα»α Microsoft Windowsα XP - 32 αααΈα SP3
ααΆαα·ααΆααα: 2003, 2007
αααααα·ααΈ Adobe Acrobat Reader: 9.0
α’ααααααααα 9r115 αα·α ααααα X 10.0
αααααααΆααααΎαααΆα Javaα 1.6.0u22
7e6fe36e-889e-4c25-8704-56378f0830df
1
αααα»αα αα»α Microsoft Windows: 7 - 32 αααΈα
ααΆαα·ααΆααα: 2003, 2007
αααααα·ααΈ Adobe Acrobat Reader: 9.0
α’αααααα Flashα 10.2r152 (αααααα·ααΈαααα½α& ααααα X)
αααααααΆααααΎαααΆα Javaα 1.6.0u0
8d188031-1010-4466-828b-0cd13d4303ff
1
αααα»αα αα»α Microsoft Windows: 7 - 32 αααΈα
ααΆαα·ααΆααα: 2010
αααααα·ααΈ Adobe Acrobat Reader: 9.4
α’αααααα Flashα 11.0.1.152 (αααααα·ααΈαααα½α & ααααα X)
αααααααΆααααΎαααΆα Javaα 1.7.0u0
5e5de275-a103-4f67-b55b-47532918fa59
1
αααα»αα αα»α Microsoft Windows: 7 - 32 αααΈα
ααΆαα·ααΆααα: 2013
αααααα·ααΈ Adobe Acrobat Reader: 11.0
α’αααααα Flashα 15 (αααααα·ααΈαααα½α & ααααα X)
αααααααΆααααΎαααΆα Javaα 1.7.0u9
3ff3ddae-e7fd-4969-818c-d5f1a2be336d
1
αααα»αα αα»α Microsoft Windows: 7 - 64 αααΈα
ααΆαα·ααΆααα: 2013 (32 αααΈα)
αααααα·ααΈ Adobe Acrobat Reader: 11.0.01
α’αααααα Flashα 13 (αααααα·ααΈαααα½α & ααααα X)
αααααααΆααααΎαααΆα Javaα 1.7.0u9
6c453c9b-20f7-471a-956c-3198a868dc92
1
αααα»αα αα»α Microsoft Windows: 8.1 - 64 αααΈα
ααΆαα·ααΆααα: 2013 (64 αααΈα)
αααααα·ααΈ Adobe Acrobat Reader: 11.0.10
α’αααααα Flashα 18.0.0.160 (αααααα·ααΈαααα½α & ααααα X)
αααααααΆααααΎαααΆα Javaα 1.7.0u9
10b4a9c6-e414-425c-ae8b-fe4dd7b25244
1
αααα»αα αα»α Microsoft Windows: 10
ααΆαα·ααΆαααα Professional Plus 2016 en-us
αααααα·ααΈ Adobe Acrobat Readerα DC 2015 MUI
α’αααααα Flashα 20 (αααααα·ααΈαααα½α & ααααα X)
αααααααΆααααΎαααΆα Javaα 1.7.0u9
ααααα·αααΎααααΆααα α»α ααΌαααΆααα·αααααΌαααΆααααααΆααααΆααααααα αααααΆαααααΎααααΆααααΆαααΉαααΎαα‘αΎααα αααα»αααΌαααΆααααααΆαααααΆαααα Check Point (αα αα α»αααααα Win XP αα·α Win 7)α ααΌαααΆαααΆαααααααααΌαααΆαααααΆααααααα’ααααΎααΆααα·α αΆαααΆα’αααΈαααα»αααααααα’αααα»αααααΆαα’αα»αααα αα·αα’ααααΆα αΆααα
αααΆαααΆααα - αααααΈαααΆαααΆααααααααΎαααααΎαα»ααααα»αααααΈαααα―αααΆαααααααααα ααΆααααΆααΆαα αααααΎαααΆααααααα’αΆα ααααΎααΆαα
-
ααα ααααΈβαααααα - ααααααΆα .tar.gz αααααΆααααΆαααΆαααααααΈααΈααΆαααααΎααααΆααααΆαααα αα ααΆααα’αα ααΌαααΆααααααΆαααααΎαα»α (ααΆααααααα html αα·ααααΆαααΆαα»ααΌα ααΆααΈααα’αΌααΈαααααα·ααΈααααΆααααΆαααααααααααααα·ααααα·ααΆα ααΆααααα ααα ααΆα ααααααααΆα αααΆαααΆααααα αααα»α json αα·αααααΌαααα½αααΆαα αααα»αααααααΆααααααΆαααΆααααααΆααααααααΆαα)α ααΎααααα»αααααααααααααΉααα αααα»αα ααααΎα - αααΆαααΆααααααααα αααααΆααααΆαααΆααααααΆαααΆαααααΆαααααααααΆααα
-
ααΆ PDF - α―αααΆαα’αααΈααΆαααααΎααααΆααααΆα αα½αα ααΌαααΆα αααααα»αααααΆα αααΎααααααΆααααα½αααΆαααΆαααα Smart Consoleα ααΎααααα»αααααααααααααΉααα αααα»αα ααααΎα - pdf_report αααααΆααααΆαααΆααααααΆαααΆαααααΆαααααααααΆααα
-
xml - α―αααΆαα’αααΈααΆαααααΎααααΆααααΆα αα½αα ααΌαααΆα ααΆααααα½ααααααΆααααΆααα·ααΆαααΆαααααααααΆαααααααΆαααΆαααααααα αααα»ααααΆαααΆαααα ααΎααααα»αααααααααααααΉααα αααα»αα ααααΎα - xml_report αααααΆααααΆαααΆααααααΆαααΆαααααΆαααααααααΆααα
-
tar - ααααααΆα .tar.gz αααααΆααααΆαααΆαααααααΈααΈααΆαααααΎααααΆααααΆα αα½αα ααΌαααΆααααααΆαααααΎαα»α (ααΆααααααα html αα·ααααΆαααΆαα»ααΌα ααΆααΈααα’αΌααΈαααααα·ααΈααααΆααααΆαααααααααααααα·ααααα·ααΆα ααΆααααα ααα ααΆα ααααααααΆα αααΆαααΆααααα αααα»α json αα·αααααΌαααα½αααΆαα αααα»αααααααΆααααααΆαααΆααααααΆααααααααΆαα)α ααΎααααα»αααααααααααααΉααα αααα»αα ααααΎα - αααΆαααΆααααααααα αααααΆααααΆαααΆααααααΆαααΆαααααΆαααααααααΆααα
α’αααΈααααα ααΆααααα»ααααΆαααΆααααααααα
keys full_report, pdf_report, xml_report ααΆααα αααα»ααα ααΆαα»αααααααααΆαα OS ααΈαα½αα
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9e6f07d03b37db0d3902bde4e239687a9e3d650e8c368188c7095750e24ad2d5",
"file_type": "html",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "8d18067e-b24d-4103-8469-0117cd25eea9",
"pdf_report": "05848b2a-4cfd-494d-b949-6cfe15d0dc0b",
"xml_report": "ecb17c9d-8607-4904-af49-0970722dd5c8"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "d7c27012-8e0c-4c7e-8472-46cc895d9185",
"pdf_report": "488e850c-7c96-4da9-9bc9-7195506afe03",
"xml_report": "e5a3a78d-c8f0-4044-84c2-39dc80ddaea2"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ααα»αααααααααΉααααΆαααΆααααααααα - ααΆααα½ααααααΆααααααΆααααΆαααΆααΌαα
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "d57eadb7b2f91eea66ea77a9e098d049c4ecebd5a4c70fb984688df08d1fa833",
"file_type": "exe",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"full_report": "c9a1767b-741e-49da-996f-7d632296cf9f",
"xml_report": "cc4dbea9-518c-4e59-b6a3-4ea463ca384b"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
},
{
"report": {
"verdict": "malicious",
"full_report": "ba520713-8c0b-4672-a12f-0b4a1575b913",
"xml_report": "87bdb8ca-dc44-449d-a9ab-2d95e7fe2503"
},
"status": "found",
"id": "6c453c9b-20f7-471a-956c-3198a868dc92",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"summary_report": "7e7db12d-5df6-4e14-85f3-2c1e29cd3e34",
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
α’αααα’αΆα ααααΎαα»ααααΆαααΆααα tar αα·α xml αα·α pdf αααα»αααααααα½α α’αααα’αΆα ααααΎαα»αααα ααααΈαααααα αα·α tar αα·α xml α ααΆααΉααα·αα’αΆα ααααΎαα»ααααΆαααΆααααααααα αα·α pdf αααα»αααααααα½αααΆαααα
ααααΆααα α»α αα αααα»ααααααααΆααα
αααααΆααααΆαααΆαααααΆαααααΆαααα αα ααΆαααααααΈαααα»ααααααααααααΌαααΆαααααΎααααΆααα
αα·ααΈααΆααααα - pdf (ααααααααα ααΆ pdf ααααΎααΆαααααΆαααΎα) α¬ααα’αΆα (αααα’αΆαααΆαα·ααΆααααα)α
extracted_parts_codes - αααααΈααΌααααααΆαααα»αααΆαα·ααΆααααα α’αα»αααααααααΆαααααα·ααΈααΆαααααααα’αΆαααα»αααααα
ααΌααααααΆαααα»αααΆαα·ααΆα ααααΈα―αααΆα
αααααΌα
ααΆααα·αααααΆ
1025
ααααα»ααααΆαα
1026
αααΆααααΌ αα·αααΌα
1034
αααααααααααααΆαααααααα
1137
PDF GoToR αααααααΆα
1139
αααααααΆαααΎαααααΎαααΆα PDF
1141
PDF URI αααααααΆα
1142
αααααααΆαααα‘αα PDF
1143
αααααααΆαααΆααααα PDF
1150
PDF αααααααΆα JavaScript
1151
αααααααΆαααΆααααααΎαααααα PDF
1018
αααα½αααΌαααααΆααα·αααααα
1019
ααααα»αααααα
1021
αααααΆαα»ααα·ααααααααΏα
1017
αααααααααααααα·ααααΆαααααα½α
1036
αααααααααααααα·αααα·αα·
1037
ααααααβαααααααα·βαααααα
ααΎααααΈααΆαααα αααΆααα αααααααααΆααααα’αΆα α’αααααααΉαααααΌαααααΎααααΎααααα½α (αααααΉαααααΌαααΆααα·ααΆααααΆααΆαααααα) αααααΆααααΈααΈαααΈαα·ααΆααΈ ααααααααΆααα ααα½α hash ααα―αααΆα αα·ααααΆαααΆααααααα αααα αααα»αα’αααααααααΎα α’αααα’αΆα ααα―αααΆααααααΆααααα’αΆααααααααΎααααααααΆααααΈααΆαααααΎααααα ααΉααααα½α - extracted_file_download_id α ααΆβααααΈβααααβααα αααβαααααΉαβααΎαβαα βαα»αβααααα·α αααα»αβαααααβα§ααΆα αααβααβααααΎβαα½α αα·αβααΆαβααααΎαβααβαααα½αβααΎααααΈβαααααβααβαααβαααααΆααβαααααΆααβααΆαβααΆαβααβα―αααΆαβαααβααΆαβαααααα
ααααΎααα»αααααααααααααΉα extracted_file_download_id
{ "request": [
{
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"features": ["extraction"] ,
"extraction": {
"method": "pdf"
}
}
]
}
ααΆαααααΎααααα ααΉααααα½α (ααααΎααααααΉα extracted_file_download_id)
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "9a346005ee8c9adb489072eb8b5b61699652962c17596de9c326ca68247a8876",
"file_type": "",
"file_name": "",
"features": [
"extraction"
],
"extraction": {
"method": "pdf",
"extract_result": "CP_EXTRACT_RESULT_SUCCESS",
"extracted_file_download_id": "b5f2b34e-3603-4627-9e0e-54665a531ab2",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"time": "0.013",
"extract_content": "Macros and Code",
"extraction_data": {
"input_extension": "xls",
"input_real_extension": "xls",
"message": "OK",
"output_file_name": "kp-20-xls.cleaned.xls.pdf",
"protection_name": "Potential malicious content extracted",
"protection_type": "Conversion to PDF",
"protocol_version": "1.0",
"risk": 5.0,
"scrub_activity": "Active content was found - XLS file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0.0,
"scrub_time": "0.013",
"scrubbed_content": "Macros and Code"
},
"tex_product": false,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ααααααΆαααΌαα
αα αααα»αααΆαα α API αα½α α’αααα’αΆα ααααΎα―αααΆααααα½αααααααααΆααααΆααααααααααΆααα
αααΆαααΆα av αα·ααααααΌαα±ααααΆαααααααααααααααααΆαααΌααααα ααΆαααααααααΆααααΎααααΈαααααΆααααΆαα αααα»ααα ααΆαα»αααα αααααααα·ααα.
ααΆαα α API αααα½α
αα·ααΈααΆααααααααααΆαααααΎ - POST
α α α’αΆααααααΆα - https:///tecloud/api/v1/file/query
αα»ααααααααΎα―αααΆααααααΆααααΆαααΆααα (ααααΎαααα»αα‘αΎα) αα½ααααα·αα·αααααΎαααααΆαααααααΆαααααα’ααααααΆα α (ααααΎαααα½α) ααΎααααΈαααααΎαααααα·αααααΆαααΆααααα»ααα ααΎαααΆαααΈααα API α αΆααααΆααααΈαααΆαααΈααα API α’αΆα ααΆαααααααΆα αα·αααΆαααααααΎα―αααΆααααααΆαααΆααααα½α α αΎαα ααΆαα α ααΌαααααααΆααααααααα’αααααααα»αααααα ααααααααααααΌαααΆαααααααΎααΊα ααα½α sha1/sha256/md5 ααα―αααΆαα ααααα·ααΈααα α’αααα’αΆα ααα½αααΆαααΆαα αααα»αααΆαααααΎααααα ααΉαααααΎαααα ααα
ααΆαααΆαα’αααααααΆαααααΆαααααα½α
HTTP POST
https:///tecloud/api/v1/file/query
ααααααΆ:
ααΆαα’αα»ααααΆα:
αα½
{
"ααααΎ"α {
"sha256":
}
}
α§ααΆα αααβααβααΆαβααααΎαβααβαα βααΉαβααΆαβααααΎβαα»αβαααα»αβα‘αΎαβαααβα ααα½α sha1/md5/sha256 α’αΆα ααΎαααΎα
{
"response": {
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
},
"sha1": "954b5a851993d49ef8b2412b44f213153bfbdb32",
"md5": "ac29b7c26e7dcf6c6fdb13ac0efe98ec",
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "",
"file_name": "kp-20-doc.doc",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1002,
"label": "UPLOAD_SUCCESS",
"message": "The file was uploaded successfully."
}
}
}
}
ααααΎαααα½αααααααααΎα ααα½α hash αα½αααααΌα ααααΆαα ααΉαααααΎαααα»αα‘αΎα (α¬ααααΌαααΆαααααααα»α) α¬ααΌααααΈαα "αα½α α αΎα" (ααΆαααΆααα·α ααΆααα αααα»αααααΎαααα½αααΆααα αααα»αααααΎαααα αα)α αααα»αααααΈαααααααΎαααα½αααΆαααΆαα αααΎαααΆααα αααα»αααααΎαααα»αα‘αΎα α’αααααΉααα·αα’αΆα ααα½αααΆαααααααΆααααααααΌαααΆαααΆααα’αααα αααα»αααΆαααααΎααααααααα
αααααΊααΆα§ααΆα αααααααΆαααααΎααααα ααΉααααα½ααα½α ααααα·αααΆααα·αααααααααααααΌαααΆαααΆααα’ααααααΌαααΆαααααΎα
{
"response": [
{
"status": {
"code": 1006,
"label": "PARTIALLY_FOUND",
"message": "The request cannot be fully answered at this time."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te",
"extraction"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
},
"extraction": {
"method": "pdf",
"tex_product": false,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}
ααα α·ααααα»αααΆααααΎααΆα αααααΌα ΠΈ ααααΆα. ααΆαααΆαααααααα α‘αΎαααΈαααααα»ααα ααΆαα»ααααααααΆαααΆαα ααααΌαααΎαααΎαααΌαααααα "ααΌα": 1006 αα·α "ααααΆα": "PARTIALLY_FOUND" α αααααΆαααα ααααΆαααααααααΌαααΆαααααΎααααααΆαααααΆαααΆαααΈαα½αααααααΎαααΆαααααΎαα»α - te αα·αααΆααααααα ααα α αΎαααααα·αααΎαααααΆαα te ααΆα αααΆααααΆααααΆαα·ααααααααααΌαααΆαααααΎααααααΆαααααααααΆααααΆααααααα αααα·αααΆαααααααΆαααα
αααααΆα’αααΈααααααα½αααΎααα ααΌα α§ααΆα αααααΆαααΎ
{ "request": [
{
"sha256": {{sha256}},
"features": ["te", "extraction"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}
ααααα·αααΎα’αααααααΎααααΎαααα½ααααααααΆααααΆαααΆααααααα αα
{ "request": [
{
"sha256": {{sha256}},
"features": ["te"] ,
"te": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": [
"xml", "pdf"
]
}
}
]
}
αααααΆααααα ααααΎαααΉαααΆαααααααΆααααααα ("αααααΌα": 1001, "ααααΆα": "ααΆαααααΎα")
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd90",
"file_type": "doc",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious",
"pdf_report": "4e9cddaf-03a4-489f-aa03-3c18f8d57a52",
"xml_report": "9c18018f-c761-4dea-9372-6a12fcb15170"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 1,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
}
]
}
ααααα·αααΎαα·αααΆαααααααΆααα αααα»αααααΆαααααααΆααααΆααααααα αααααΆαααααΎαααααΉαααΆ βααααΆαβα βNOT_FOUNDβ
{
"response": [
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "313c0feb009356495b7f4a60e96737120beb30e1912c6d866218cee830aebd91",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}
αα αααα»αααΆαα α API αα½α α’αααα’αΆα ααααΎα ααα½α hash ααΆα αααΎααααα»αααααααα½ααααααΆααααΆααααααααααΆααα ααΆαααααΎαααααΉααααα‘αααα·αααααααααα»αααααΆααααΌα ααααΆ ααΌα αααααΆααααΌαααΆαααααΎαα αααα»αααααΎα
ααααΎαααα½αα§ααΆα αααααΆαα½αα ααα½α sha256 ααΆα αααΎαα
{ "request": [
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81"
},
{
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82"
}
]
}
ααααΎααααα ααΉααααα½ααααααΆαα ααα½α sha256 α αααΎαα
{
"response": [
{
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd81",
"file_type": "dll",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 10,
"images": [
{
"report": {
"verdict": "malicious"
},
"status": "found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"combined_verdict": "malicious",
"severity": 4,
"confidence": 3,
"status": {
"code": 1001,
"label": "FOUND",
"message": "The request has been fully answered."
}
}
},
{
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
},
"sha256": "b84531d3829bf6131655773a3863d6b16f6389b7f4036aef9b81c0cb60e7fd82",
"file_type": "",
"file_name": "",
"features": [
"te"
],
"te": {
"trust": 0,
"images": [
{
"report": {
"verdict": "unknown"
},
"status": "not_found",
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"score": -2147483648,
"status": {
"code": 1004,
"label": "NOT_FOUND",
"message": "Could not find the requested file. Please upload it."
}
}
}
]
}
ααΆαααααΎαα»αααααΌα hash ααΆα αααΎααααα»αααααααα½ααααα»αααααΎαααα½αααααΉαααΆαα₯αααα·ααααΆαααααααααααααααΎαααΆααααΆαααΈααα API αααααα
ααΆαααααΆαα α API
αα·ααΈααΆααααααααααΆαααααΎ - POST (αααααΆαα―αααΆα) ααα½αααΆα ααααααΎαααΆαααααα (α αΎααααα ααααΆααΎααα α‘αΌααΈααααΆα)
α α α’αΆααααααΆα - https:///tecloud/api/v1/file/download?id=
ααααααΆαααααΌαα±αααααα αΌααα API αα½ααααααΎααΊααα ααααααααΆααααΆαααΆαααααααΌαααΆαα α»α αα αααα»αα’αΆααααααΆα URL α
ααΆααΆαααααΎααααα ααΉαααααΎαααα½α ααααα·αααΎααΆαααααΎααααΆααααΆαααααΌαααΆααααα αα α αΎααααΆαααΆαααααααΌαααΆαααααΎαα»ααα αααααΆαααα―αααΆαααα ααααααααΆαααααααΆααααΆαααΆααααααΆαααΆαααααΉαα’αΆα ααΎαααΎαα ααααα·αααΎα αααΆααα αααααααααΆααααα’αΆαααααΌαααΆαααααΎαα»α α’ααααα½ααααααααααααααααααΆααααΎααααΈααΆαααα―αααΆααααααΆααααα’αΆαα
ααα»ααα ααααΆααα α»α αααα»αααΆαααααΎααααα ααΉααααα½ααααααΆααααααααααααααΆαααααααΆααααΆααααα»αα’αΆα ααΆα
-
αααΆαααΆααααααααα
-
αααΆαααΆααααααααα
-
pdf_report
-
xml_report
-
extracted_file_download_id
ααΆααΆααα·αααΆαα ααΎααααΈααα½αααΆαααΌαααααΆαααααααΆααΆαααααΎααααα ααΉαααααΎαααα½α αα½αααααααΌααααααααΆαααα αααα»αααααΎ (αααααΆαααααΆαααΆααα) α¬α αα αΆαααΎααααΈααααΎααααΎαααααααΎαα»αααΆααααααα αα (αααααΆααα―αααΆααααααΆααααα’αΆα)
ααΆαα α αα ααΆαα Quota API
αα·ααΈααΆααααααααααΆαααααΎ - POST
α α α’αΆααααααΆα - https:///tecloud/api/v1/file/quota
ααΎααααΈαα·αα·αααααΎαααΌααΆααααα ααααααα»αααα ααΌαααααΎαααα½αααΌααΆα αα½ααααΎααΊαααα
α§ααΆα αααααΆαααααΎααααα ααΉαααααΎααΌααΆ
{
"response": [
{
"remain_quota_hour": 1250,
"remain_quota_month": 10000000,
"assigned_quota_hour": 1250,
"assigned_quota_month": 10000000,
"hourly_quota_next_reset": "1599141600",
"monthly_quota_next_reset": "1601510400",
"quota_id": "TEST",
"cloud_monthly_quota_period_start": "1421712300",
"cloud_monthly_quota_usage_for_this_gw": 0,
"cloud_hourly_quota_usage_for_this_gw": 0,
"cloud_monthly_quota_usage_for_quota_id": 0,
"cloud_hourly_quota_usage_for_quota_id": 0,
"monthly_exceeded_quota": 0,
"hourly_exceeded_quota": 0,
"cloud_quota_max_allow_to_exceed_percentage": 1000,
"pod_time_gmt": "1599138715",
"quota_expiration": "0",
"action": "ALLOW"
}
]
}
API ααΆαααΆαααΆαααααΆαααα αααααααΆααα αααααααΆααα»ααααα·ααΆα
API αααααααΌαααΆααααααΎαα‘αΎααα»α API ααΆαααΆαααΆαααααΆαααα αα α αΎαααααΌαααΆαααααα»ααα»ααααααΆααααα§ααααααααα»ααααα»αααα»αααααα αααααΆαααααααα ααΆα’αΆα
ααΆααααααααα ααααα·αααΎα’αααααααΌαααΆα Threat Extraction APIα αααααΆααααΆαααααΆααααΆαααΆαααααΆαααα αα ααΆααΆααΆααααααΎααααα»αααΆαααααΎααααΆαα API ααΆαααΆαααΆαααααΆαααα ααααααααΆα ααΎααααΈααΎα TP API αααααΆαα SG αα·αααααααα
ααΆαααααααααα API αααα’αααααααΌαααααΎααΆαααα αΆαααΈ
α₯α‘αΌααααααΌααα·αα·αααααΎαα±ααααΆααααα αααΆααα’αααΈαα»αααΆα te ΠΈ ααΆααααααα αα αα αααα»α API αααα
αααααΆαααααΆαααΆα te αα
ααΆαα»αααααααααΆαααααα te_αααααΎα αα
αααα»αααααΎαααα»αα‘αΎα/αααα½α α αΎαααααΆααα
α»α
αα
αααα»αααααΎαααααααΌαααααΆααΆαααααα»αααΆαα½αααΉα te keys α
αΌα
α§ααΆα αααααααΎαααααΆααααΆαααααΆααααΆαα―αααΆααα αααα»α Win10 ααΆαα½αααΉααααΆαααΆααα
{
"request": [{
"protocol_version": "1.1",
"api_key": "<api_key>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "<filename>",
"te_options": {
"images": [
{
"id": "10b4a9c6-e414-425c-ae8b-fe4dd7b25244",
"revision": 1
}
],
"reports": ["summary", "xml"]
}
}
]
}
αααααΆαααααΆαααΆα ααΆααααααα αα αα ααΆαα»αααααααααΆαααααα scrub_options. ααααΎααααααααΆαααα·ααΈααΆααααααααα’αΆαα ααααααααα ααΆ PDF αααα’αΆαααααΉαααΆαααααα α¬ααααΎαααΎααααααα½αααααααΆαααααααααΆαααΆαααΆαααααΆαααα αα (αααααααααααααααΌαααΆαα ααα’α»ααααα αΆα)α ααΏαααα’ααα αΆαααα’αααΈααΆαααααΎααααα ααΉαααααΎ API αααααα αααααααΆααα―αααΆααα½αααΊααΆα’αααααα½αααΆαα αααΆααα αααααααααΆααααα’αΆααααα»αααΆαααααΎααααα ααΉαααααΎαααααΆααααα’αααααααααΆαα’αα·αααααΈα base64 (α’ααααα·αα αΆαααΆα αααααΎααΆαααααΎαα»ααααα½α α αΎαααααΎαααααααααΆααααΎααααΈααΆααα α―αααΆα)
α§ααΆα αααααααααΎααΎααααΈαααααα―αααΆααα½αα
{
"request": [{
"protocol_version": "1.1",
"api_key": "<API_KEY>",
"request_name": "UploadFile",
"file_enc_data": "<base64_encoded_file>",
"file_orig_name": "hi.txt",
"scrub_options": {
"scrub_method": 2
}
}]
}
ααααΎααααα ααΉαααααΎ
{
"response": [{
"protocol_version": "1.1",
"src_ip": "<IP_ADDRESS>",
"scrub": {
"file_enc_data": "<base64_encoded_converted_to_PDF_file>",
"input_real_extension": "js",
"message": "OK",
"orig_file_url": "",
"output_file_name": "hi.cleaned.pdf",
"protection_name": "Extract potentially malicious content",
"protection_type": "Conversion to PDF",
"real_extension": "txt",
"risk": 0,
"scrub_activity": "TXT file was converted to PDF",
"scrub_method": "Convert to PDF",
"scrub_result": 0,
"scrub_time": "0.011",
"scrubbed_content": ""
}
}]
}
αααααΈααΆααΆααα·ααααααΆααααΎ API αα·α
ααΆααααααααΌαααΆααααααααΌαα±ααααα½αααΆαα
αααΆααα
αααααααααΆααααααααααα αααα»ααααααΆαααααΎαααααα·αααΌαα
αΌαα
α·ααα αα·αααΆααααα½αααΆαααααΎαααααααα·αααααααααααΆαααααΎαα
αααα»α
ααΆααααααΌα Postman
αααα»αααΆααααααΎαααααα»ααα αααα»α Postman αααααΆααααΆαα API ααΆαααΆαααΆαααααΆαααα αα αα·α API ααΆαααΆαααΆαααααΆαααα αααααααΆαα Security Gateway αααααααΆαα±ααααααΎ API ααΌαα αααα»αα ααΎααααΈα±αα server ip/url API αα·α key ααααΌαααΆααααα½ααααααααααααααααα·αα αααα»αααααΎ α αΎαα ααα½α sha256 hash αααααααΌαα αα αΆααααααΆααααΈααΆαααα―αααΆαααα α’αααα ααα½αααΈααααΌαααΆααααααΎααα ααΆααααα»αααααα»α (α’αααα’αΆα ααααααααα½αααΆαααα αΌααα ααΆααααΆααααααααααα»α ααααααα½α -> α’ααα)α te_api (ααΆαααΆα), api_key (αααααΌαα±ααααααα ααΎαααααααααααααΎ TP API ααΆαα½αα§αααααααΌαααααΆα), sha256 (αα»αα ααααα αα·αααααΎαααα»α TP API αααααΆαα SG).
α§ααΆα αααααΆαααααΎααααΆαα
αα
αααα»ααα αααα
ααααα: www.habr.com