get https://www.virustotal.com/api/v3/threat_lists
Public Preview
Threat Lists are provided as a public preview and are subject to change. Use with caution.
This endpoint displays the Categorized Threat Lists that are available to the user, based on the user's Google Threat Intelligence license, as follows:
{
"data": \<_list of dictionaries_> the list of provisioned threat lists.
[
{
"id": \<_string_> the identifier os the provisioned type of threat list (Ex: cryptominer, ransomware, malicious-network-infrastructure, malware, threat-actor, etc).
"type": "threat_list",
"links":
{
"self": \<_string_> the endpoint of the threat list.
},
"attributes": \<_dictionary_> attributes of the threat list.
{
"description": \<_string_> description of the threat list.
"name": \<_string_> name of the threat list.
}
},
]
}
Example response
{
"data":
[
{
"id": "cryptominer",
"type": "threat_list",
"links":
{
"self": "https://www.virustotal.com/api/v3/threat_lists/cryptominer"
},
"attributes":
{
"description": "Cryptominer Threat List",
"name": "cryptominer"
}
},
{
"id": "first-stage-delivery-vectors",
"type": "threat_list",
"links":
{
"self": "https://www.virustotal.com/api/v3/threat_lists/first-stage-delivery-vectors"
},
"attributes":
{
"description": "First Stage Delivery Vector Threat List",
"name": "first-stage-delivery-vectors"
}
}
]
}
Examples
List my provisioned/enabled Threat Lists.
import requests
url = "https://www.virustotal.com/api/v3/threat_lists"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)
print(response.text)
curl -X GET https://www.virustotal.com/api/v3/threat_lists -H "X-Apikey: <api-key>"