Documentation
Start typing to search…

Threat Intelligence objects search modifiers

Some advanced search modifiers for threat intelligence objects, such as Threat Actors, Malware Families, Software or Tools, Campaigns, IoC Collections, Reports, and Vulnerabilities, only accept specific case-sensitive values:

  • collection_type:
    • Threat Actors: "threat-actor"
    • Malware Families: "malware-family"
    • Software or Tools: "software-toolkit"
    • Campaigns: "campaign"
    • IoC Collections: "collection"
    • Reports: "report"
    • Vulnerabilities: "vulnerability"
  • origin:
    • Threat Actors, Malware Families, Software or Tools: "Google Threat Intelligence", "Partner".
    • Campaigns: "Google Threat Intelligence".
    • IoC Collections: "Crowdsourced", "Google Threat Intelligence", "Partner".
    • Reports: "Crowdsourced", "Google Threat Intelligence".
  • source_region: ISO country code, "Global", "Africa", "America", "Asia", "Europe", "Oceania", "Eastern Africa", "Northern Africa", "Southern Africa", "Central America", "Northern America", "South America", "Central Asia", "Eastern Asia", "South-eastern Asia", "Southern Asia", "Western Asia", "Western Africa", "Eastern Europe", "Northern Europe", "Southern Europe", "Western Europe", "Australia and New Zealand".
  • targeted_region: ISO country code, "Global", "Africa", "America", "Asia", "Europe", "Oceania", "Eastern Africa", "Northern Africa", "Southern Africa", "Central America", "Northern America", "South America", "Central Asia", "Eastern Asia", "South-eastern Asia", "Southern Asia", "Western Asia", "Western Africa", "Eastern Europe", "Northern Europe", "Southern Europe", "Western Europe", "Australia and New Zealand".
  • targeted_industry: "Defense, "Aerospace, "Agriculture, "Food, "Automotive, "Chemical, "Steel, "Activists, "Citizens, "Civil society, "NGO, "Political party, "Religion, "Construction, "Engineering, "Industrial, "Academia - University, "Education, "Higher education, "Electric, "Energy, "Infrastructure, "Bank, "Cryptocurrency, "Finance, "Investment, "Payment, "eCommerce, "Diplomacy, "Government, Administration, "Trade, "Health, "Hospitality, "Hotels, "Travel, "Insurance, "Consulting, "Employment, "Legal, "Logistic, "Research - Innovation, "Manufacturing, "Casino, "Game, "Journalist, "News - Media, "Streaming service, "Multi-sector, "Oil and Gas, "Pharmacy, "Retail, "Electronic, "High tech, "IT - Security, "Social networks, "Technology, "Communication equipment, "IT, "IT - ISP, "Telecoms, "Civil Aviation, "Maritime, "Shipping, "Transport, "Unknown".
  • targeted_industry_group: "Aerospace & Defense", "Agriculture", "Automotive", "Chemicals & Materials", "Civil Society & Non-Profits", "Construction & Engineering", "Education", "Energy & Utilities", "Financial Services", "Government", "Healthcare", "Hospitality", "Insurance", "Legal & Professional Services", "Manufacturing", "Media & Entertainment", "Multi-sector", "Oil & Gas", "Pharmaceuticals", "Retail", "Technology", "Telecommunications", "Transportation", "Unknown".
  • operating_system: "Android", "BSD", "FreeBSD", "Linux", "Mac", "Unix", "VMkernel", "Windows", "ios".
  • malware_role: "Archiver", "ATM Malware", "Backdoor - Botnet", "Backdoor - Webshell", "Backdoor", "Bootkit", "Builder", "Controller", "Credential Stealer", "Cryptocurrency Miner", "Data Miner", "Decoder", "Disruption Tool", "Downloader", "Dropper - Memory Only", "Dropper", "Exploit Builder", "Exploit", "File Infector", "Framework", "Installer", "Keylogger", "Lateral Movement Tool", "Launcher", "Lightweight Backdoor", "Module", "Point-of-Sale Malware", "Privilege Escalation Tool", "Ransomware", "Reconnaissance Tool", "Remote Control and Administration Tool", "Remote Exploitation Tool", "Rootkit", "Screen Capture Tool", "Sniffer", "Spambot", "Tunneler", "Uploader", "Utility".
  • motivation: "Attack / Destruction", "Espionage", "Financial Gain", "Hacktivism", "Influence", "Surveillance", "Opportunistic".
  • report_type (for Reports only): "Actor Overview", "Actor Profile", "Country Profile", "Event Coverage/Implication", "Executive Perspective", "FireEye Labs Research", "Futures Scenario", "Horizons", "ICS Security Roundup", "Industry Intelligence Quarterly", "Industry Reporting", "Malicious Activity Report", "Malware Overview", "Malware Profile", "Net Assessment", "Network Activity Reports", "News Analysis", "OSINT Article", "Patch Report", "TTP Deep Dive", "Tactical Threat Report", "Threat Activity Alert", "Threat Activity Report", "Trends and Forecasting", "Technical Intelligence", "Threat Intelligence", "Weekly Vulnerability Exploitation Report".

Updated 2 days ago