This endpoint displays the Categorized Threat Lists that are available to the user, based on the user's Google Threat Intelligence license, as follows:

{
    "data": \<_list of dictionaries_> the list of provisioned threat lists.
    [
        {
            "id": \<_string_> the identifier os the provisioned type of threat list (Ex: cryptominer, ransomware, malicious-network-infrastructure, malware, threat-actor, etc).
            "type": "threat_list",
            "links":
            {
                "self": \<_string_> the endpoint of the threat list.
            },
            "attributes": \<_dictionary_> attributes of the threat list.
            {
                "description": \<_string_> description of the threat list.
                "name": \<_string_> name of the threat list.
            }
        },
    ]
}

Example response

{
    "data":
    [
        {
            "id": "cryptominer",
            "type": "threat_list",
            "links":
            {
                "self": "https://www.virustotal.com/api/v3/threat_lists/cryptominer"
            },
            "attributes":
            {
                "description": "Cryptominer Threat List",
                "name": "cryptominer"
            }
        },
        {
            "id": "first-stage-delivery-vectors",
            "type": "threat_list",
            "links":
            {
                "self": "https://www.virustotal.com/api/v3/threat_lists/first-stage-delivery-vectors"
            },
            "attributes":
            {
                "description": "First Stage Delivery Vector Threat List",
                "name": "first-stage-delivery-vectors"
            }
        }
    ]
}

Examples

List my provisioned/enabled Threat Lists.

import requests

url = "https://www.virustotal.com/api/v3/threat_lists"
headers = {"accept": "application/json","x-apikey": <api-key>}
response = requests.get(url, headers=headers)
print(response.text)

curl -X GET https://www.virustotal.com/api/v3/threat_lists -H "X-Apikey: <api-key>"