The comprehensive list of the ThreatExchange APIs and the related end points.
A sample of the malware.
A group, cluster or similar type grouping of Malware.
A participant within ThreatExchange.
An indicator of compromise.
A label to group threat objects together.
The kind of indicator being described by a ThreatIndicator object.
A description of the type of malware, see MalwareAnalysisType.
A description of the type of logic or automation used to create a MalwareFamily object.
Defines how accurately the threat intelligence detects its intended target, victim or actor.
Defines who can access the threat intelligence.
A description of how the threat intelligence was vetted.
A description of the dangerousness of the threat associated with a ThreatIndicator object. The order of the values below are ordered from least severe to most severe.
The kind or format of signature described by a ThreatIndicator object.
ShareLevelType (aka Traffic Light Protocol or TLP)
A designation of how any object in ThreatExchange may be re-shared both within and outside of ThreatExchange, based on the US-CERT's Traffic Light Protocol.
A description of the maliciousness of any object within ThreatExchange.
The prefered way of downloading all the data for a collaboration and staying in sync with updates. Not enabled for all privacy groups. See page for details
Search for malware samples by hash and other metadata
Search for malware families by name and other metadata
Enables searching for indicators of compromise descriptors
Enables searching for indicators of compromise
Enables searching for threat tags
Returns a list of current members of the ThreatExchange