Obtaining archive with dropped files

Expand all | Collapse all

Kaspersky Threat Intelligence Portal provides an API to obtain a password-protected .zip archive containing the files dropped during the object execution. Use the password infected to unpack the archive.

Request

Request method: GET

Endpoint to obtain a password-protected .zip archive containing the dropped files: https://tip.kaspersky.com/api/sandbox/tasks/{task ID}/drop_file/{MD5 hash of the dropped file}

Query parameters:

Obtaining dropped files

Parameter

Data type

Occurrence

Description

Task ID

string

Required

Object execution task ID (GUID).

MD5 hash

string

Required

Dump file's MD5 hash.

Request example:

Obtain a .zip archive containing dropped files:

$ curl --user <user name> --request GET 'https://tip.kaspersky.com/api/sandbox/tasks/<task ID>/drop_file/{MD5 hash}' --output <.zip archive name>

You will be asked to enter your password. The password is not displayed as you type it.

Responses

200 OK

401 Unauthorized

403 Forbidden

404 Not Found

451 Unavailable For Legal Reasons

Page top