quaxar-sha256-indicators
Get SHA-256 indicators of compromise from S2W Quaxar service.
quaxar-sha256-indicators
Output Fields
Field | Type | Name | Description |
---|---|---|---|
type | String | Type | e.g. MD5, SHA-1, SHA-256, domain-name, ipv4-addr, url, x-host-name |
value | String | Value | IoC value |
categories | String | Categories | e.g. malware, APT, unknown |
malware | String | Malware | Malware family. e.g. Formbook |
risk_score | Integer | Risk score | e.g. 1, 2, 3 |
confidence | Integer | Confidence | e.g. 15, 50, 85 |
recommend | Integer | Recommend | e.g. 1, 2, 3, 4, 5 |
description | String | Description | |
etc | String | Etc | |
created | Date | Created | |
modified | Date | Modified | |
actors | String | Actors | Threat actors separated by new line |
attack_pattern | String | Attack pattern | TTP separated by new line |
country | String | Country | |
reference_ioc | String | IoC reference | URL separated by new line |
reference_xarvis | String | Xarvis reference | URL separated by new line |
relation | Map | Relation | STIX object map |