The CIRCL Action allows ThreatQ users to enrich hashes by checking them against CIRCL’s hash lookup service, seeing if a hash is part of a known public distribution system. You’ll be able to identify if a hash can be trusted or not.

The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to gather, review, report and respond to computer security threats and incidents. CIRCL provides free services to to check URLs, documents, and hashes.

The integration provides the following action:

• CIRCL - Hash Lookup - checks hashes to see if they are part of a known public distribution system.

The action is compatible and enriches with the following system indicator types:

• MD5
• SHA-1
• SHA-256

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.