ngfcti-malware-urls
Get malware deployment URLs from NGFCTI service.
ngfcti-malware-urls [proxy=PROXY] [duration=NUM{mon|w|d}] [from=yyyyMMdd] [to=yyyyMMdd] [raw=t]
- proxy=PROXY
- Proxy server setting If not specified, send feed requests directly without proxy server. e.g. IP:PORT
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use d(day), mon(month) time unit. For example,
1d
means data from 1 day earlier. if not specified, the time is set based on 'from' - from=yyyyMMdd
- Start date of range. yyyyMMdd format. if not specified, it is set to current date.
- to=yyyyMMdd
- End date of range. yyyyMMdd format. if not specified, it is set to current date.
- raw=t
- If 't' is specified, output the JSON data to the
raw
field.
Output Fields
Field | Type | Name | Description |
---|---|---|---|
tlp_name | String | TLP Name | e.g. green |
url | String | Malware URL | |
md5 | String | Malware MD5 | |
sha1 | String | Malware SHA1 | |
sha256 | String | Malware SHA256 | |
publisher | String | Publisher | |
guid | String | GUID | |
stix_id | String | STIX ID | |
created | Date | Created | |
updated | Date | Updated | |
raw | String | Raw data | Only if raw=t |