Overview
API Concepts Manage API Key
Internet Data
DNSIQ® WHOISIQ™ SSL Certificates Blacklist Lookup Host Attributes
Attack Analytics
Newly Observed Domains Newly Observed Hosts Malware Phishing Scam Content
Digital Footprint
Global Inventory API Global Inventory Schema
Coming Soon
Enrich
PassiveTotal
Getting Started Actions Artifact Articles Data Card Enrichment Services Monitor Project SSL Certificates Tag Artifact Trackers Host Attributes Cookies Components Passive DNS Whois Bulk Enrichment
Additional Resources
Workspace Management API
RiskIQ.com

Articles

The articles endpoints allow you to consult all information related with the riskiq articles and indicators.

 

What It Looks Like

Get Article Details

Retrieves the details of the article specified.

Curl Example

# Get article details
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/b61c1037'

Response

{
    "guid": "b61c1037",
    "title": "AgentTesla Delivered via a Malicious PowerPoint Add-In",
    "summary": "Powerpoint was being leveraged to deliver AgentTelsa malware via malicious macros. While in actuality, it was not a template, but an add-i. PowerPoint supports ‘add-ins’ developed by third parties, making Microsoft documents easy to further weaponize.",
    "type": "public",
    "publishedDate": "Fri May 22 20:00:00 VET 2020",
    "link": "https://community.riskiq.com/article/b61c1037",
    "categories": [],
    "tags": [
        "AgentTesla",
        "Malware",
        "Powerpoint",
        "Windows",
        "SANS"
    ],
    "indicators": [
        {
            "type": "url",
            "count": 8,
            "values": [
                "hxxp://j.mp/dmamabbeazma",
                "hxxp://pastebin.com/raw/3rm9m42v",
                "hxxp://pastebin.com/raw/EBgGU3ia",
                "hxxp://pastebin.com/raw/mLVrB57y",
                "hxxps://pastebin.com/raw/EyRQAwZ9",
                "hxxps://pastebin.com/raw/MbysCQ9a",
                "hxxps://pastebin.com/raw/eyrqawz9",
                "hxxps://pastebin.com/raw/u78a8pxj"
            ],
            "source": "public"
        },
        {
            "type": "hash_sha256",
            "count": 1,
            "values": [
                "d46615754e00e004d683ff2ad5de9bca976db9d110b43e0ab0f5ae35c652fab7"
            ],
            "source": "public"
        }
    ]
}
			

Get Articles

Retrieves all articles

Curl Example

# Get all articles
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles'

Response

{
    "success": true,
    "articles": [
        {
            "guid": "18e090b9",
            "title": "Free PlayStations on the Internet are Probably an Online Scam",
            "summary": "Did you know that you can get all kinds of free stuff, just by giving out your personal information? The internet is full of these fake reward scams which RiskIQ's sytems surface every hour of the day.",
            "type": "public",
            "publishedDate": "Mon Aug 29 20:00:00 VET 2016",
            "link": "https://community.riskiq.com/article/18e090b9",
            "categories": [],
            "tags": [
                "fake rewards",
                "playstation",
                "scam"
            ],
            "indicators": [
                {
                    "type": "domain",
                    "count": 1,
                    "values": [
                        "2016prizefeed.com"
                    ],
                    "source": "public"
                }
            ]
        },
        {
            "guid": "8006d494",
            "title": "Finding Scams Through Suspect Web Components",
            "summary": "Aside from pDNS and WHOIS, RiskIQ also collects data on what makes a web service work which goes from the Apache server to the JavaScript libraries. Researchers can use these pieces of metadata to hunt for threats when the bad guys have a really specific profile",
            "type": "public",
            "publishedDate": "Tue Jun 27 20:00:00 VET 2017",
            "link": "https://community.riskiq.com/article/8006d494",
            "categories": [],
            "tags": [
                "webcomponents",
                "components",
                "threats"
            ],
            "indicators": [
                {
                    "type": "ip",
                    "count": 5,
                    "values": [
                        "163.172.207.173",
                        "163.172.224.23",
                        "163.172.225.211",
                        "163.172.226.191",
                        "163.172.228.115"
                    ],
                    "source": "public"
                },
                {
                    "type": "host",
                    "count": 2,
                    "values": [
                        "freechecknow.clickforultimateandbest2updatepc.download",
                        "upgrade4life.pressingupgradeforcontinue.info"
                    ],
                    "source": "public"
                }
            ]
        }
    ],
    "totalRecords": 2
}
			

Threat Intel Indicators

Retrieves all articles indicators ordered by its article publish date from oldest to newest.
For consideration:
If you want to consult the indicators of a single article then use only the articleGuid parameter.
If you want to consult the indicators of multiple articles then you can use the startDate parameter to start looking from a specific publish date or you just can call the api without parameters.

Curl Example

# Get all indicators
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators'
# Get all indicators from a specific publish date
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators?startDate=2020-05-23 00:00:00'
# Get all indicators of a single article
$ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators?articleGuid=f990eb3b'

Response

{
    "success": true,
    "indicators": [
        {
            "value": "047af34af65efd5c6ee38eb7ad100a01",
            "type": "hash_md5",
            "source": "public",
            "guid": "f990eb3b",
            "link": "https://api.community.riskiq.com/article/f990eb3b",
            "publishedDate": "2020-05-06T14:30:00.000+0000",
            "tags": [
                "RAT",
                "FireEye",
                "Malware",
                "DarkCrystal",
                ".NET",
                "Windows"
            ]
        },
        {
            "value": "b478d340a787b85e086cc951d0696cb1",
            "type": "hash_md5",
            "source": "public",
            "guid": "f990eb3b",
            "link": "https://api.community.riskiq.com/article/f990eb3b",
            "publishedDate": "2020-05-12T13:30:00.000+0000",
            "tags": [
                "RAT",
                "FireEye",
                "Malware",
                "DarkCrystal",
                ".NET",
                "Windows"
            ]
        }
    ],
    "totalRecords": 2
}