get https://www.virustotal.com/api/v3/threat_lists
This endpoint displays the Categorized Threat Lists that are available to the user, based on the user's Google Threat Intelligence license, as follows:
{
"data": \<_list of dictionaries_> the list of provisioned threat lists.
[
{
"id": \<_string_> the identifier os the provisioned type of threat list (Ex: cryptominer, ransomware, malicious-network-infrastructure, malware, threat-actor, etc).
"type": "threat_list",
"links":
{
"self": \<_string_> the endpoint of the threat list.
},
"attributes": \<_dictionary_> attributes of the threat list.
{
"description": \<_string_> description of the threat list.
"name": \<_string_> name of the threat list.
}
},
]
}
Example response
{
"data":
[
{
"id": "cryptominer",
"type": "threat_list",
"links":
{
"self": "https://www.virustotal.com/api/v3/threat_lists/cryptominer"
},
"attributes":
{
"description": "Cryptominer Threat List",
"name": "cryptominer"
}
},
{
"id": "first-stage-delivery-vectors",
"type": "threat_list",
"links":
{
"self": "https://www.virustotal.com/api/v3/threat_lists/first-stage-delivery-vectors"
},
"attributes":
{
"description": "First Stage Delivery Vector Threat List",
"name": "first-stage-delivery-vectors"
}
}
]
}
Examples
List my provisioned/enabled Threat Lists.
import requests
url = "https://www.virustotal.com/api/v3/threat_lists"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)
print(response.text)
curl -X GET https://www.virustotal.com/api/v3/threat_lists -H "X-Apikey: <api-key>"