S2W Quaxar

Download 14
Last updated Jul 7, 2022

quaxar-search-indicators

Search indicators of compromise from Quaxar

quaxar-search-indicators type=TYPE value=VALUE
type=TYPE
ipv4-addr, ipv6-addr, domain-name, url, email-addr, mac-addr, MD5, SHA-1, SHA-256, autonomous-system, mutex, directory, x-host-name
value=VALUE
e.g. IP address, hash value

Output Fields

FieldTypeNameDescription
typeStringTypee.g. MD5, SHA-1, SHA-256, domain-name, ipv4-addr, url, x-host-name
valueStringValueIoC value
categoriesStringCategoriese.g. malware, APT, unknown
malwareStringMalwareMalware family. e.g. Formbook
risk_scoreIntegerRisk scoree.g. 1, 2, 3
confidenceIntegerConfidencee.g. 15, 50, 85
recommendIntegerRecommende.g. 1, 2, 3, 4, 5
descriptionStringDescription
etcStringEtc
createdDateCreated
modifiedDateModified
actorsStringActorsThreat actors separated by new line
attack_patternStringAttack patternTTP separated by new line
countryStringCountry
reference_iocStringIoC referenceURL separated by new line
reference_xarvisStringXarvis referenceURL separated by new line
relationMapRelationSTIX object map