ngfcti-malware-urls
Get malware deployment URLs from NGFCTI service.
ngfcti-malware-urls [proxy=PROXY] [duration=NUM{mon|w|d}] [from=yyyyMMdd] [to=yyyyMMdd] [raw=t]
- proxy=PROXY
- Proxy server setting If not specified, send feed requests directly without proxy server. e.g. IP:PORT
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use d(day), mon(month) time unit. For example,
1dmeans data from 1 day earlier. if not specified, the time is set based on 'from' - from=yyyyMMdd
- Start date of range. yyyyMMdd format. if not specified, it is set to current date.
- to=yyyyMMdd
- End date of range. yyyyMMdd format. if not specified, it is set to current date.
- raw=t
- If 't' is specified, output the JSON data to the
rawfield.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| tlp_name | String | TLP Name | e.g. green |
| url | String | Malware URL | |
| md5 | String | Malware MD5 | |
| sha1 | String | Malware SHA1 | |
| sha256 | String | Malware SHA256 | |
| publisher | String | Publisher | |
| guid | String | GUID | |
| stix_id | String | STIX ID | |
| created | Date | Created | |
| updated | Date | Updated | |
| raw | String | Raw data | Only if raw=t |