Graph API Version

ThreatIndicator

An indicator of compromise.

Fields

ParameterDescriptionType

id

Unique identifier of the threat indicator

number

indicator

The value of the indicator

string

type

The type of indicator.

List of IndicatorType

Sample Usage

Example query for a specific indicator: 788497497903212:

https://graph.facebook.com/v2.7/788497497903212/?access_token=555|aSdF123GhK

Data returned:

{
   "indicator": "facebook.com",
   "type": "DOMAIN",
   "id": "788497497903212"
}

Connections

NameDescriptionType

descriptors

Subjective opinions about this indicator

ThreatDescriptor

malware_analyses

Malware analyses linked to the indicator

Malware

related

Other threat indicators that have been associated.

ThreatIndicator

Sample Usage

Example query for malware analyses related to a specific indicator: 768629009848617

https://graph.facebook.com/v2.7/768629009848617/malware_analyses/?access_token=555|aSdF123GhK

Data returned:

{
  "data": [
    {
      "added_on": "2014-06-05T19:52:11+0000",
      "md5": "7914a485bdc6df7103e7cae379f7a152",
      "sha1": "fd1b83fc4c1f5b5a68ddfdec8ba97d59d78e6065",
      "sha256": "ab402de2c79ad620a84cf651d7cf4f8287acf8564a8c551e5b39bb82813abbc6",
      "status": "MALICIOUS",
      "victim_count": 0,
      "id": "673692009351404"
    },
    ...
  ]
}

Example query for descriptors related to a specific indicator: 852121234856016

https://graph.facebook.com/v2.7/852121234856016/descriptors/?access_token=555|aSdF123GhK

Data returned:

 {
   "data": [
  {
    "id": "811927545529339",
    "indicator": {
      "indicator": "test1434227164.evilevillabs.com",
      "type": "DOMAIN",
      "id": "852121234856016"
    },
    "owner": {
      "id": "588498724619612",
      "name": "Facebook CERT ThreatExchange"
    },
    "type": "DOMAIN",
    "raw_indicator": "test1434227164.evilevillabs.com",
    "description": "This is our test domain. It's harmless",
    "status": "NON_MALICIOUS"
  },
  {
    "id": "799906626794304",
    "indicator": {
      "indicator": "test1434227164.evilevillabs.com",
      "type": "DOMAIN",
      "id": "852121234856016"
    },
    "owner": {
      "id": "682796275165036",
      "name": "Facebook Site Integrity ThreatExchange"
    },
    "type": "DOMAIN",
    "raw_indicator": "test1434227164.evilevillabs.com",
    "description": "Malware command and control",
    "status": "MALICIOUS"
  }
],
"paging": {
  "cursors": {
    "before": "ODExOTI3NTQ1NTI5MzM5",
    "after": "Nzk5OTA2NjI2Nzk0MzA0"
  }
}