Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema Risk Metric Schema
Coming Soon
Enrich
PassiveTotal
Getting Started Actions Artifact Articles Attack Surface Intelligence Intel Profiles Data Card Enrichment Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Cookies Components Passive DNS Whois Bulk Enrichment Reputation Vulnerability Intelligence
Additional Resources
Workspace Management API
RiskIQ.com

Articles

The articles endpoints allow you to consult all information related with the riskiq articles and indicators.

 

What It Looks Like

Get Article Details

Retrieves the details of the article specified.

Curl Example

# Get article details
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/b61c1037'

Response

{
    "guid": "b61c1037",
    "title": "AgentTesla Delivered via a Malicious PowerPoint Add-In",
    "summary": "Powerpoint was being leveraged to deliver AgentTelsa malware via malicious macros. While in actuality, it was not a template, but an add-i. PowerPoint supports ‘add-ins’ developed by third parties, making Microsoft documents easy to further weaponize.",
    "type": "public",
    "publishedDate": "2020-09-11 14:51:03",
    "createdDate": "2020-09-11 14:51:03",
    "link": "https://community.riskiq.com/article/b61c1037",
    "categories": [],
    "tags": [
        "AgentTesla",
        "Malware",
        "Powerpoint",
        "Windows",
        "SANS"
    ],
    "indicators": [
        {
            "type": "url",
            "count": 8,
            "values": [
                "hxxp://j.mp/dmamabbeazma",
                "hxxp://pastebin.com/raw/3rm9m42v",
                "hxxp://pastebin.com/raw/EBgGU3ia",
                "hxxp://pastebin.com/raw/mLVrB57y",
                "hxxps://pastebin.com/raw/EyRQAwZ9",
                "hxxps://pastebin.com/raw/MbysCQ9a",
                "hxxps://pastebin.com/raw/eyrqawz9",
                "hxxps://pastebin.com/raw/u78a8pxj"
            ],
            "source": "public"
        },
        {
            "type": "hash_sha256",
            "count": 1,
            "values": [
                "d46615754e00e004d683ff2ad5de9bca976db9d110b43e0ab0f5ae35c652fab7"
            ],
            "source": "public"
        }
    ]
}
			

Get Articles

Retrieves all articles

Curl Example

# Get all articles
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles'
# Get all articles after a specific date
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles?createdAfter=2020-05-11'

Response

{
    "success": true,
    "articles": [
        {
            "guid": "18e090b9",
            "title": "Free PlayStations on the Internet are Probably an Online Scam",
            "summary": "Did you know that you can get all kinds of free stuff, just by giving out your personal information? The internet is full of these fake reward scams which RiskIQ's sytems surface every hour of the day.",
            "type": "public",
            "publishedDate": "2020-09-11 14:51:03",
            "createdDate": "2020-09-11 14:51:03",
            "link": "https://community.riskiq.com/article/18e090b9",
            "categories": [],
            "tags": [
                "fake rewards",
                "playstation",
                "scam"
            ],
            "indicators": [
                {
                    "type": "domain",
                    "count": 1,
                    "values": [
                        "2016prizefeed.com"
                    ],
                    "source": "public"
                }
            ]
        },
        {
            "guid": "8006d494",
            "title": "Finding Scams Through Suspect Web Components",
            "summary": "Aside from pDNS and WHOIS, RiskIQ also collects data on what makes a web service work which goes from the Apache server to the JavaScript libraries. Researchers can use these pieces of metadata to hunt for threats when the bad guys have a really specific profile",
            "type": "public",
            "publishedDate": "2020-09-11 14:51:03",
            "createdDate": "2020-09-11 14:51:03",
            "link": "https://community.riskiq.com/article/8006d494",
            "categories": [],
            "tags": [
                "webcomponents",
                "components",
                "threats"
            ],
            "indicators": [
                {
                    "type": "ip",
                    "count": 5,
                    "values": [
                        "163.172.207.173",
                        "163.172.224.23",
                        "163.172.225.211",
                        "163.172.226.191",
                        "163.172.228.115"
                    ],
                    "source": "public"
                },
                {
                    "type": "host",
                    "count": 2,
                    "values": [
                        "freechecknow.clickforultimateandbest2updatepc.download",
                        "upgrade4life.pressingupgradeforcontinue.info"
                    ],
                    "source": "public"
                }
            ]
        }
    ],
    "totalRecords": 2
}
			

Threat Intel Indicators

Retrieves all articles indicators ordered by its article publish date from oldest to newest.
For consideration:
If you want to consult the indicators of a single article then use only the articleGuid parameter.
If you want to consult the indicators of multiple articles then you can use the startDate parameter to start looking from a specific publish date or you just can call the api without parameters.

Curl Example

# Get all indicators
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators'
# Get all indicators from a specific publish date
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators?startDate=2020-05-23 00:00:00'
# Get all indicators of a single article
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators?articleGuid=f990eb3b'

Response

{
    "success": true,
    "indicators": [
        {
            "value": "047af34af65efd5c6ee38eb7ad100a01",
            "type": "hash_md5",
            "source": "public",
            "guid": "f990eb3b",
            "link": "https://api.community.riskiq.com/article/f990eb3b",
            "publishedDate": "2020-05-06T14:30:00.000+0000",
            "tags": [
                "RAT",
                "FireEye",
                "Malware",
                "DarkCrystal",
                ".NET",
                "Windows"
            ]
        },
        {
            "value": "b478d340a787b85e086cc951d0696cb1",
            "type": "hash_md5",
            "source": "public",
            "guid": "f990eb3b",
            "link": "https://api.community.riskiq.com/article/f990eb3b",
            "publishedDate": "2020-05-12T13:30:00.000+0000",
            "tags": [
                "RAT",
                "FireEye",
                "Malware",
                "DarkCrystal",
                ".NET",
                "Windows"
            ]
        }
    ],
    "totalRecords": 2
}
			

Get Articles by Indicator

Retrieves all articles containing the indicator specified.

Curl Example

# Get articles with the specified query
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicator?query=2016prizefeed.com'
# Get articles with the specified query and indicator type
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicator?query=2016prizefeed.com&type=domain'

Response

{
    "success": true,
    "articles": [
        {
            "guid": "18e090b9",
            "title": "Free PlayStations on the Internet are Probably an Online Scam",
            "summary": "Did you know that you can get all kinds of free stuff, just by giving out your personal information? The internet is full of these fake reward scams which RiskIQ's sytems surface every hour of the day.",
            "type": "public",
            "publishedDate": "2020-08-29 14:51:03",
            "createdDate": "2020-08-29 14:51:03",
            "link": "https://community.riskiq.com/article/18e090b9",
            "categories": [],
            "tags": [
                "fake rewards",
                "playstation",
                "scam"
            ],
            "indicators": [
                {
                    "type": "domain",
                    "count": 1,
                    "values": [
                        "2016prizefeed.com"
                    ],
                    "source": "public"
                }
            ]
        }
    ],
    "totalRecords": 1
}