Using Hash Intelligence Card Extensions

This page is intended to help you use the Intelligence Card Extensions for Hash Intelligence Cards: 

Applicable Intelligence Card:

Hash Card

Applicable Intelligence Partners:

Palo Alto Autofocus, PhishMe, ReversingLabs

Step 1: Identify a suspicious file hash

  • The top hash indicators from the Cyber Dashboard are often good starting points for an investigation.  Note that it is not uncommon to find hashes without hits in one or more of the extensions, so don't be surprised if you need to try a few hashes before finding one with any extension data.
    • Note that the PhishMe Extension can be slow in returning a response; they are aware of the issue and working on improving performance.  
  • For illustrative purposes, here is a list of selected hashes with known extension responses:
 

Hash

Has Data?

Palo Alto Autofocus

PhishMe

ReversingLabs

03718676311de33dd0b8f4f18cffd488

Yes

No

Yes

12c9c0bc18fdf98189457a9d112eebfc

Yes

No

Yes

80132a037cbef3cd8e801f330c0522d0

Yes

Yes

Yes

  • This last hash (80132…) is a good example because at present (June 6, 2016) the hash has a risk score of 0 and has many high-risk IPs as 'related entities'.  The hits from Palo Alto, PhishMe, and ReversingLabs reveal that it is indeed a malicious hash. Screen shot included below:

Step 2: Open the Recorded Future Hash Intelligence Card for this hash

  • You can click on the hash in the Cyber dashboard, or type the hash into the Quick Search box

Step 3: Click "Lookup" for the extensions you have enabled for your account

  • Below is an example of a Hash Intelligence Card including the lookup (expanded) of Palo Alto Networks' Autofocus, PhishMe, and ReversingLabs data:

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section