S2W Quaxar

Download 14
Last updated Jul 7, 2022

quaxar-indicators

Get indicators of compromise of the specified type from S2W Quaxar service.

quaxar-indicators type=TYPE
type=TYPE
autonomous-system, directory, domain-name, email-addr, ipv6-addr, ipv4-addr, mac-addr, mutex, MD5, SHA-1, SHA-256, x-host-name

Output Fields

FieldTypeNameDescription
typeStringTypee.g. MD5, SHA-1, SHA-256, domain-name, ipv4-addr, url, x-host-name
valueStringValueIoC value
categoriesStringCategoriese.g. malware, APT, unknown
malwareStringMalwareMalware family. e.g. Formbook
risk_scoreIntegerRisk scoree.g. 1, 2, 3
confidenceIntegerConfidencee.g. 15, 50, 85
recommendIntegerRecommende.g. 1, 2, 3, 4, 5
descriptionStringDescription
etcStringEtc
createdDateCreated
modifiedDateModified
actorsStringActorsThreat actors separated by new line
attack_patternStringAttack patternTTP separated by new line
countryStringCountry
reference_iocStringIoC referenceURL separated by new line
reference_xarvisStringXarvis referenceURL separated by new line
relationMapRelationSTIX object map