Special privileges required
Threat Actors and Campaigns are only available to users with the Google Threat Intelligence (Google TI) Enterprise or Enterprise Plus licenses.
With this endpoint you can post a comment for a given threat object (threat actor, campaign, malware & tool or IoC collection). The body for the POST
request must be the JSON representation of a comment object. Notice however that you don't need to provide an ID for the object, as they are automatically generated for new comments.
Any word starting with # in your comment's text will be considered a tag, and added to the comment's tag attribute.
{
"data": {
"type": "comment",
"attributes": {
"text": "Lorem #ipsum dolor sit ..."
}
}
}
{
"data": {
"type": "comment",
"id": "<comment's ID>",
"links": {
"self": "https://www.virustotal.com/api/v3/comments/<comment's ID>"
},
"attributes": {
"date": 1521725475,
"tags": ["ipsum"],
"html": "Lorem #ipsum dolor sit ...",
"text": "Lorem #ipsum dolor sit ...",
"votes": {
"abuse": 0,
"negative": 0,
"positive": 0
}
}
}
}
Examples
Add a comment to a threat actor object.
import requests
import urllib
object_id = "threat-actor--eaeae8e9-cc4b-4be8-82fd-8edc65ff9a5e"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
"type": "comment",
"attributes": { "text": "Lorem #ipsum dolor sit ..." }
} }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)
Add a comment to a malware or toolkit object.
import requests
import urllib
object_id = "malpedia_win_remexi"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
"type": "comment",
"attributes": { "text": "Lorem #ipsum dolor sit ..." }
} }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)
Add a comment to a campaign object.
import requests
import urllib
object_id = "campaign--24f96f40-b2fa-512c-b1da-2f22a949d12d"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
"type": "comment",
"attributes": { "text": "Lorem #ipsum dolor sit ..." }
} }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)
Add a comment to a IoC collection object.
import requests
import urllib
object_id = "cobaltstrikebot_614a3b996769300a3b3132cf"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/comments"
payload = { "data": {
"type": "comment",
"attributes": { "text": "Lorem #ipsum dolor sit ..." }
} }
headers = {"accept": "application/json","x-apikey": <api-key>,"content-type": "application/json"}
response = requests.post(url, json=payload, headers=headers)