API Reference

Export IOCs from a threat

get https://www.virustotal.com/api/v3/collections//download/

🚧

Special privileges required

Threat Actors and Campaigns are only available to users with the Google Threat Intelligence (Google TI) Enterprise or Enterprise Plus licenses.

Examples

Export IoCs from a threat actor.

import requests
import urllib

object_id = "threat-actor--bcaaad6f-0597-4b89-b69b-84a6be2b7bc3"
format = "json"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/download/{format}"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)

Export IoCs from a malware or toolkit.

import requests
import urllib

object_id = "malware--350aa703-7750-5e07-997b-476375955828"
format = "csv"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/download/{format}"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)

Export IoCs from a campaign.

import requests
import urllib

object_id = "campaign--24f96f40-b2fa-512c-b1da-2f22a949d12d"
format = "json"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/download/{format}"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)

Export IoCs from a IoC collection.

import requests
import urllib

object_id = "alienvault_64edfc5ab93abb1407070292"
format = "json"
url = f"https://www.virustotal.com/api/v3/collections/{object_id}/download/{format}"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)
Language
Click Try It! to start a request and see the response here!