🚧
Special privileges required
Threat Actors and Campaigns are only available to users with the Google Threat Intelligence (Google TI) Enterprise or Enterprise Plus licenses.

With this endpoint you can post a comment for a given threat object (threat actor, campaign, malware & tool or IoC collection). The body for the POST request must be the JSON representation of a comment object. Notice however that you don't need to provide an ID for the object, as they are automatically generated for new comments.

Any word starting with # in your comment's text will be considered a tag, and added to the comment's tag attribute.

{
  "data": {
    "type": "comment",
    "attributes": {
    	"text": "Lorem #ipsum dolor sit ..."
    }
  }
}

{
  "data": {
    "type": "comment",
    "id": "<comment's ID>",
    "links": {
      "self": "https://www.virustotal.com/api/v3/comments/<comment's ID>"
    },
    "attributes": {
      "date": 1521725475,
      "tags": ["ipsum"],
      "html": "Lorem #ipsum dolor sit ...",
      "text": "Lorem #ipsum dolor sit ...",
      "votes": {
        "abuse": 0,
        "negative": 0,
        "positive": 0
      }
    }
  }
}

Examples

Add a comment to a threat actor object.

import requests
import urllib

object_id = "threat-actor--eaeae8e9-cc4b-4be8-82fd-8edc65ff9a5e"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
        "type": "comment",
        "attributes": { "text": "Lorem #ipsum dolor sit ..." }
    } }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)

Add a comment to a malware or toolkit object.

import requests
import urllib

object_id = "malpedia_win_remexi"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
        "type": "comment",
        "attributes": { "text": "Lorem #ipsum dolor sit ..." }
    } }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)

Add a comment to a campaign object.

import requests
import urllib

object_id = "campaign--24f96f40-b2fa-512c-b1da-2f22a949d12d"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
        "type": "comment",
        "attributes": { "text": "Lorem #ipsum dolor sit ..." }
    } }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)

Add a comment to a IoC collection object.

import requests
import urllib

object_id = "cobaltstrikebot_614a3b996769300a3b3132cf"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
        "type": "comment",
        "attributes": { "text": "Lorem #ipsum dolor sit ..." }
    } }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)