fcti-malware-hashes
Fetch malware hashes from FCTI
fcti-malware-hashes [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
- proxy=PROXY
- URL of the proxy server
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10s
means data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
Output Fields
Field | Type | Name | Description |
---|---|---|---|
_time | Date | Time | |
md5 | String | MD5 | |
sha1 | String | SHA1 | |
sha256 | String | SHA256 | |
file_name | String | File name | |
version | String | File version | e.g. 1.0.0.0 |
file_size | Long | File size | |
file_type | String | File type | e.g. PE |
importance | String | Severity | e.g. H (High), M (Medium), L (Low) |
confirm_yn | String | Confirm request | e.g. Y, N |
confirm_status | String | Confirm status | |
static_report | String | Static report | Static file analysis report |
dynamic_report | String | Dynamic report | Dynamic file analysis report |
packer | String | Packer | |
description | String | Description | |
detect_engines | Integer | Detect engines | Number of antivirus engines that have diagnosed the file as malware |
total_engines | Integer | Total engines | Number of the antivirus engines |
av_result | List | AV result | |
sign_name | String | Signer | |
sign_publisher | String | Issuer | e.g. Symantec Class 3 Extended Validation Code Signing CA - G2 |
sign_time | Date | Sign time | |
is_signed | Bool | Is signed | |
is_valid_sign | Bool | Is valid sign | |
country | String | Country | |
pdb_path | String | PDB path | |
copyright | String | Copyright | |
organization | String | Organization | |
writer | String | Author | |
stix_id | String | STIX ID | |
shared_scope | String | Shared scope | e.g. ALL, FSI, BANK, INVEST, INSURANCE, NONBANK, CUSTOM |
dns | List | DNS flows | Elements with dnsHash, request, answers properties |
irc | List | IRC flows | Elements with type, command, params properties |
icmp | List | ICMP flows | Elements with type, src, dst properties |
smtp | List | SMTP flows | Elements with src, raw properties |
tcp | List | TCP flows | Elements with src, sport, dst, dport properties |
udp | List | UDP flows | Elements with src, sport, dst, dport properties |