List provisioned Categorised Threat Lists

🚧

Public Preview

Threat Lists are provided as a public preview and are subject to change. Use with caution.

This endpoint displays the Categorized Threat Lists that are available to the user, based on the user's Google Threat Intelligence license, as follows:

{
    "data": \<_list of dictionaries_> the list of provisioned threat lists.
    [
        {
            "id": \<_string_> the identifier os the provisioned type of threat list (Ex: cryptominer, ransomware, malicious-network-infrastructure, malware, threat-actor, etc).
            "type": "threat_list",
            "links":
            {
                "self": \<_string_> the endpoint of the threat list.
            },
            "attributes": \<_dictionary_> attributes of the threat list.
            {
                "description": \<_string_> description of the threat list.
                "name": \<_string_> name of the threat list.
            }
        },
    ]
}

Example response

{
    "data":
    [
        {
            "id": "cryptominer",
            "type": "threat_list",
            "links":
            {
                "self": "https://www.virustotal.com/api/v3/threat_lists/cryptominer"
            },
            "attributes":
            {
                "description": "Cryptominer Threat List",
                "name": "cryptominer"
            }
        },
        {
            "id": "first-stage-delivery-vectors",
            "type": "threat_list",
            "links":
            {
                "self": "https://www.virustotal.com/api/v3/threat_lists/first-stage-delivery-vectors"
            },
            "attributes":
            {
                "description": "First Stage Delivery Vector Threat List",
                "name": "first-stage-delivery-vectors"
            }
        }
    ]
}

Examples

List my provisioned/enabled Threat Lists.

import requests

url = "https://www.virustotal.com/api/v3/threat_lists"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)
print(response.text)
curl -X GET https://www.virustotal.com/api/v3/threat_lists -H "X-Apikey: <api-key>"
Language
Click Try It! to start a request and see the response here!