quaxar-indicators
Get indicators of compromise of the specified type from S2W Quaxar service.
quaxar-indicators type=TYPE
- type=TYPE
- autonomous-system, directory, domain-name, email-addr, ipv6-addr, ipv4-addr, mac-addr, mutex, MD5, SHA-1, SHA-256, x-host-name
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| type | String | Type | e.g. MD5, SHA-1, SHA-256, domain-name, ipv4-addr, url, x-host-name |
| value | String | Value | IoC value |
| categories | String | Categories | e.g. malware, APT, unknown |
| malware | String | Malware | Malware family. e.g. Formbook |
| risk_score | Integer | Risk score | e.g. 1, 2, 3 |
| confidence | Integer | Confidence | e.g. 15, 50, 85 |
| recommend | Integer | Recommend | e.g. 1, 2, 3, 4, 5 |
| description | String | Description | |
| etc | String | Etc | |
| created | Date | Created | |
| modified | Date | Modified | |
| actors | String | Actors | Threat actors separated by new line |
| attack_pattern | String | Attack pattern | TTP separated by new line |
| country | String | Country | |
| reference_ioc | String | IoC reference | URL separated by new line |
| reference_xarvis | String | Xarvis reference | URL separated by new line |
| relation | Map | Relation | STIX object map |