rat-dns Remote Access Trojan (RAT) network
communicationsschedule
d-tasksScheduled task data observed during sample
executionsinkhole
d-ip-dnsDNS entries for samples communicating with a
known DNS sinkholestolen-
cert-dnsDNS entries observed from samples signed with
a stolen certificateNow let’s look at an example of going through all the feed
types and printing out the feed if any data exists. In this
case, you can use the GET method and the API
https://panacea.threatgrid.com/api/v2/search/submissi
ons. The API key must be passed as a query parameter.
Example 11-22 show the Python requests script you use
in this case.
Example 11-22 Threat Grid: Listing Details for Each
Curated Feed Type
Click here to view code image
""" Threat Grid - List details for each curated
feed type """
import requests
FEED_URL =
"https://panacea.threatgrid.com/api/v3/feeds"
FEEDS_NAME = {
"autorun-registry": "Autorun Registry
Malware",
"banking-dns": "Banking Trojans",
"dga-dns": "Domain Generation Algorithm
Destinations",
"dll-hijacking-dns": "DLL Hijackers /
Sideloaders",
"doc-net-com-dns": "Document File Network
Communication",
"downloaded-pe-dns": "Dropper
Communication",
"dynamic-dns": "Dynamic DNS Communication",
"irc-dns": "IRC Communication",
"modified-hosts-dns": "Modified HOSTS File