Get Profile Details
Retrieves the details for the given profile.
Curl Example
# Get profile details $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles/apt33'
Response
{ "id": "apt33", "title": "APT33", "link": "https://community.riskiq.com/intel-profiles/apt33", "osintIndicatorsCount": 429, "riskIqIndicatorsCount": 122, "indicators": "https://api.community.riskiq.com/v2/intel-profiles/apt33/indicators", "aliases": [ "Elfin", "Holmium", "Cobalt Trinity" ], "tags": [ { "label": "Espionage", "countryCode": null }, { "label": "Sabotage", "countryCode": null }, { "label": "Windows", "countryCode": null } ] }
Get All Intel Profiles
Retrieves all profiles.
Types: actor, tool, backdoor
Curl Example
# Get all profiles $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles' # Using query $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles?query=atp33' # Using type $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles?type=actor'
Response
{ "totalCount": 2, "results": [ { "id": "apt33", "title": "APT33", "link": "https://community.riskiq.com/intel-profiles/apt33", "osintIndicatorsCount": 429, "riskIqIndicatorsCount": 122, "indicators": "https://api.community.riskiq.com/v2/intel-profiles/apt33/indicators", "aliases": [ "Elfin", "Magnallium" ], "tags": [ { "label": "Espionage", "countryCode": null }, { "label": "Sabotage", "countryCode": null }, { "label": "Windows", "countryCode": null } ] }, { "id": "shadowpad", "title": "ShadowPad", "link": "https://community.riskiq.com/intel-profiles/shadowpad", "osintIndicatorsCount": 100, "riskIqIndicatorsCount": 50, "indicators": "https://api.community.riskiq.com/v2/intel-profiles/shadowpad/indicators", "aliases": [ "SHADOWPAD" ], "tags": [ { "label": "Shadowpad", "countryCode": null }, { "label": "POISONPLUG", "countryCode": null }, { "label": "State Sponsored Usage: Axiom", "countryCode": "cn" } ] } ] }
Get All Indicators For Given Profile
Retrieves the indicators for the given profile id.
Curl Example
# Get all indicators for given profile $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles/apt33/indicators' # Using all parameters $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles/apt33/indicators?page=1&size=100&types=domain&sources=osint&categories=host&query=37.48.67.58'
Response
{ "totalCount": 3, "types": [ "certificate_sha1", "domain", "email", "hash_md5", "hash_sha256", "ip", "pdb_path", "soa_email", "url", "whois_email" ], "results": [ { "id": "60492b863b180694ecb1b8e9", "profileId": "apt33", "type": "whois_email", "value": "order396@yahoo.com", "category": "network", "firstSeen": "2014-07-23T14:23:00.201+0000", "lastSeen": "2018-05-21T18:24:51.201+0000", "osint": false, "osintUrl": null, "articleGuids": null }, { "id": "60492b873b180694ecb1b8fc", "profileId": "apt33", "type": "ip", "value": "212.83.161.63", "category": "network", "firstSeen": "2018-02-28T21:33:39.201+0000", "lastSeen": "2019-04-08T15:03:57.201+0000", "osint": false, "osintUrl": null, "articleGuids": null }, { "id": "60492b873b180694ecb1b8f9", "profileId": "apt33", "type": "url", "value": "hxxp://sabic.myftp.org/Sabic.hta", "category": "network", "firstSeen": "2016-12-30T14:05:12.201+0000", "lastSeen": "2017-01-02T09:04:29.201+0000", "osint": false, "osintUrl": null, "articleGuids": null } ] }
Get All Profiles By Indicator
Retrieves all profiles containing the given indicator.
Curl Example
# Get profiles containing the specified query $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles/indicator?query=37.48.67.58' # Using all parameters $ curl -u $USERNAME:$KEY 'https://api.riskiq.net/pt/v2/intel-profiles/indicator?query=37.48.67.58&types=ip&sources=osint&categories=host'
Response
{ "totalCount": 1, "results": [ { "id": "apt33", "title": "APT33", "link": "https://community.riskiq.com/intel-profiles/apt33", "osintIndicatorsCount": 429, "riskIqIndicatorsCount": 122, "indicators": "https://api.community.riskiq.com/v2/intel-profiles/apt33/indicators", "aliases": [ "Elfin", "Holmium", "Cobalt Trinity" ], "tags": [ { "label": "Espionage", "countryCode": null }, { "label": "Sabotage", "countryCode": null }, { "label": "Windows", "countryCode": null } ] } ] }