OrionMalware | Marketplace

Details
Content
Dependencies
Version History

Analyze suspicious hashes or files using static and dynamic analysis

Orion Malware content pack

This content pack is made to call Orion Malware API service ton analyze 2 types of inputs:

file
hash

Analysis will return a report with a risk level and qualitative information about the detection.

By analyzing a file indicator, this file will be uploaded to Orion Malware server, and analyzed using default workflow for your apikey user.

By analyzing a hash observable, Orion Malware will return you a report from previous matching hashes from files analyzed on this Orion Malware server.

Extracted Observables

Orion Malware analyzer extract hostnames, domains, IP addresses, and TTP. These indicators are added as relationships to the initial file or hash indicator.

More information

Airbus Orion Malware Presentation

Orion Malware content pack

This content pack is made to call Orion Malware API service ton analyze 2 types of inputs:

file
hash

Analysis will return a report with a risk level and qualitative information about the detection.

By analyzing a file indicator, this file will be uploaded to Orion Malware server, and analyzed using default workflow for your apikey user.

By analyzing a hash observable, Orion Malware will return you a report from previous matching hashes from files analyzed on this Orion Malware server.

Extracted Observables

Orion Malware analyzer extract hostnames, domains, IP addresses, and TTP. These indicators are added as relationships to the initial file or hash indicator.

More information

Airbus Orion Malware Presentation

Indicator Fields

Name	Description
Orion Engine Detection Names
Orion Engine Detections
Orion Engine Vendors

Integrations

Name	Description
OrionMalware (Partner Contribution)	This is the Orion Malware integration. Analyzes hash and files with static and dynamic analysis.

Playbooks

Name	Description
File Enrichment - OrionMalware	Get file information using the OrionMalware API integration.
Detonate File - OrionMalware	Detonate a file through OrionMalware.

Indicator Types

Name	Description
File

Indicator Fields

Name	Description
Orion Engine Vendors
Orion Engine Detections
Orion Engine Detection Names

Integrations

Name	Description
OrionMalware (Partner Contribution)	This is the Orion Malware integration. Analyzes hash and files with static and dynamic analysis.

Playbooks

Name	Description
Detonate File - OrionMalware	Detonate a file through OrionMalware.
File Enrichment - OrionMalware	Get file information using the OrionMalware API integration.

Indicator Types

Name	Description
File

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (4)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	May 20, 2026
Last Release	May 20, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.