S2W Quaxar

Download 57

Last updated Aug 5, 2023

quaxar-search-indicators

Search indicators of compromise from Quaxar

quaxar-search-indicators type=TYPE value=VALUE

type=TYPE: ipv4-addr, ipv6-addr, domain-name, url, email-addr, mac-addr, MD5, SHA-1, SHA-256, autonomous-system, mutex, directory, x-host-name
value=VALUE: e.g. IP address, hash value

Output Fields

Field	Type	Name	Description
type	String	Type	e.g. MD5, SHA-1, SHA-256, domain-name, ipv4-addr, url, x-host-name
value	String	Value	IoC value
categories	String	Categories	e.g. malware, APT, unknown
malware	String	Malware	Malware family. e.g. Formbook
risk_score	Integer	Risk score	e.g. 1, 2, 3
confidence	Integer	Confidence	e.g. 15, 50, 85
recommend	Integer	Recommend	e.g. 1, 2, 3, 4, 5
description	String	Description
etc	String	Etc
created	Date	Created
modified	Date	Modified
actors	String	Actors	Threat actors separated by new line
attack_pattern	String	Attack pattern	TTP separated by new line
country	String	Country
reference_ioc	String	IoC reference	URL separated by new line
reference_xarvis	String	Xarvis reference	URL separated by new line
relation	Map	Relation	STIX object map