Download 1
Last updated May 16, 2023


Retrieve a list of malicious files from the FCTI service.

ngfcti-files [proxy=PROXY] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [order=asc|desc] [assessment=0|1|2|3|4|5]
Proxy server URL
Limited to logs within a certain time range from the current time. Can be specified in s (seconds), m (minutes), h (hours), d (days), and mon (months). For example, 10s means a range from the current time to 10 seconds before.
Specify the start of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
Specify the end of the range in the format yyyyMMddHHmmss. If you don't write a trailing digit, it will be filled with zeros.
Sort order. If unspecified, fetches the most recent data first.
Selectively look up only domains with a specified Threat Intelligence Assessment level or higher.

Output fields

_timeDatetimeRegistration timee.g.: 2022-12-30 01:19:04+0900
file_nameStringFile namee.g.: phishingeyes.apk
file_size64-bit integerFile size
file_typeStringFile typee.g.: DOC
md5StringMD5 hashe.g.: fca30b4d4e3d28ac1bfaefa404feb3f3
sha1StringSHA1 hash
sha256StringSHA256 hashe.g.: 0f9db0f431b363b0ca3b397f33ca405f4260e234fb49a1c491e9da5338233561
sha512StringSHA512 hash
classification32-bit integerMaliciousness-1: Clean, 0: Unclassified, 1: Malicious
classification_nameStringMaliciousness namee.g.: Malicious
signatureStringDetectione.g.: Android/Agent.DSI!tr
tlp32-bit integerScope of information disclosure0: TLP:CLEAR, 1: TLP:GREEN, 2: TLP:AMBER, 3: TLP:AMBER+STRICT, 4: TLP:RED
tlp_nameStringScope of information disclosure namee.g.: TLP:GREEN
assessment32-bit integerThreat Information Assessment Level0: Safe, 1: Unknown, 2: Low, 3: Moderate, 4: Danger, 5: Critical
assessment_nameStringThreat Information Assessment Level namee.g.: Moderate
created_atDatetimeThreat level creation datee.g.: 2022-12-30 01:19:04+0900
modified_atDatetimeThreat level modification datee.g.: 2023-01-06 17:08:15+0900
expire_atDatetimeThreat level expiration date
first_seen_atDatetimeFirst discovered datee.g.: 2022-12-30 01:19:04+0900
last_seen_atDatetimeLatest discovered datee.g.: 2022-12-30 01:19:04+0900
intel_idStringUnique identifiere.g.: 02rwR1vEOgGxPVqyNp8eyx
virustotal_reputationMapVirustotal information
relationships_outgoingArrayList of outgoing relationships
relationships_incomingArrayList of incoming relationships