Get Article Details
Retrieves the details of the article specified.
Curl Example
# Get article details $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/b61c1037'
Response
{ "guid": "b61c1037", "title": "AgentTesla Delivered via a Malicious PowerPoint Add-In", "summary": "Powerpoint was being leveraged to deliver AgentTelsa malware via malicious macros. While in actuality, it was not a template, but an add-i. PowerPoint supports ‘add-ins’ developed by third parties, making Microsoft documents easy to further weaponize.", "type": "public", "publishedDate": "2020-09-11 14:51:03", "createdDate": "2020-09-11 14:51:03", "link": "https://community.riskiq.com/article/b61c1037", "categories": [], "tags": [ "AgentTesla", "Malware", "Powerpoint", "Windows", "SANS" ], "indicators": [ { "type": "url", "count": 8, "values": [ "hxxp://j.mp/dmamabbeazma", "hxxp://pastebin.com/raw/3rm9m42v", "hxxp://pastebin.com/raw/EBgGU3ia", "hxxp://pastebin.com/raw/mLVrB57y", "hxxps://pastebin.com/raw/EyRQAwZ9", "hxxps://pastebin.com/raw/MbysCQ9a", "hxxps://pastebin.com/raw/eyrqawz9", "hxxps://pastebin.com/raw/u78a8pxj" ], "source": "public" }, { "type": "hash_sha256", "count": 1, "values": [ "d46615754e00e004d683ff2ad5de9bca976db9d110b43e0ab0f5ae35c652fab7" ], "source": "public" } ] }
Get Articles
Retrieves all articles
Curl Example
# Get all articles $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles' # Get all articles after a specific date $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles?createdAfter=2020-05-11'
Response
{ "success": true, "articles": [ { "guid": "18e090b9", "title": "Free PlayStations on the Internet are Probably an Online Scam", "summary": "Did you know that you can get all kinds of free stuff, just by giving out your personal information? The internet is full of these fake reward scams which RiskIQ's sytems surface every hour of the day.", "type": "public", "publishedDate": "2020-09-11 14:51:03", "createdDate": "2020-09-11 14:51:03", "link": "https://community.riskiq.com/article/18e090b9", "categories": [], "tags": [ "fake rewards", "playstation", "scam" ], "indicators": [ { "type": "domain", "count": 1, "values": [ "2016prizefeed.com" ], "source": "public" } ] }, { "guid": "8006d494", "title": "Finding Scams Through Suspect Web Components", "summary": "Aside from pDNS and WHOIS, RiskIQ also collects data on what makes a web service work which goes from the Apache server to the JavaScript libraries. Researchers can use these pieces of metadata to hunt for threats when the bad guys have a really specific profile", "type": "public", "publishedDate": "2020-09-11 14:51:03", "createdDate": "2020-09-11 14:51:03", "link": "https://community.riskiq.com/article/8006d494", "categories": [], "tags": [ "webcomponents", "components", "threats" ], "indicators": [ { "type": "ip", "count": 5, "values": [ "163.172.207.173", "163.172.224.23", "163.172.225.211", "163.172.226.191", "163.172.228.115" ], "source": "public" }, { "type": "host", "count": 2, "values": [ "freechecknow.clickforultimateandbest2updatepc.download", "upgrade4life.pressingupgradeforcontinue.info" ], "source": "public" } ] } ], "totalRecords": 2 }
Threat Intel Indicators
Retrieves all articles indicators ordered by its article publish date from oldest to newest.
For consideration:
If you want to consult the indicators of a single article then use only the articleGuid parameter.
If you want to consult the indicators of multiple articles then you can use the startDate parameter to start looking from a specific publish date or you just can call the api without parameters.
Curl Example
# Get all indicators $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators' # Get all indicators from a specific publish date $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators?startDate=2020-05-23 00:00:00' # Get all indicators of a single article $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicators?articleGuid=f990eb3b'
Response
{ "success": true, "indicators": [ { "value": "047af34af65efd5c6ee38eb7ad100a01", "type": "hash_md5", "source": "public", "guid": "f990eb3b", "link": "https://api.community.riskiq.com/article/f990eb3b", "publishedDate": "2020-05-06T14:30:00.000+0000", "tags": [ "RAT", "FireEye", "Malware", "DarkCrystal", ".NET", "Windows" ] }, { "value": "b478d340a787b85e086cc951d0696cb1", "type": "hash_md5", "source": "public", "guid": "f990eb3b", "link": "https://api.community.riskiq.com/article/f990eb3b", "publishedDate": "2020-05-12T13:30:00.000+0000", "tags": [ "RAT", "FireEye", "Malware", "DarkCrystal", ".NET", "Windows" ] } ], "totalRecords": 2 }
Get Articles by Indicator
Retrieves all articles containing the indicator specified.
Curl Example
# Get articles with the specified query $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicator?query=2016prizefeed.com' # Get articles with the specified query and indicator type $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/articles/indicator?query=2016prizefeed.com&type=domain'
Response
{ "success": true, "articles": [ { "guid": "18e090b9", "title": "Free PlayStations on the Internet are Probably an Online Scam", "summary": "Did you know that you can get all kinds of free stuff, just by giving out your personal information? The internet is full of these fake reward scams which RiskIQ's sytems surface every hour of the day.", "type": "public", "publishedDate": "2020-08-29 14:51:03", "createdDate": "2020-08-29 14:51:03", "link": "https://community.riskiq.com/article/18e090b9", "categories": [], "tags": [ "fake rewards", "playstation", "scam" ], "indicators": [ { "type": "domain", "count": 1, "values": [ "2016prizefeed.com" ], "source": "public" } ] } ], "totalRecords": 1 }