ThreatExchange API Reference
The comprehensive list of the ThreatExchange APIs and the related end points.
A sample of the malware.
A group, cluster or similar type grouping of Malware.
A participant within ThreatExchange.
An indicator of compromise.
A label to group threat objects together.
The kind of attack a ThreatIndicator object was associated with.
The kind of indicator being described by a ThreatIndicator object.
A description of the type of malware, see MalwareAnalysisType.
A description of the type of logic or automation used to create a MalwareFamily object.
Defines how accurately the threat intelligence detects its intended target, victim or actor.
Defines who can access the threat intelligence.
A description of how the threat intelligence was vetted.
A description of the dangerousness of the threat associated with a ThreatIndicator object. The order of the values below are ordered from least severe to most severe.
ShareLevelType (aka Traffic Light Protocol or TLP)
A designation of how any object in ThreatExchange may be re-shared both within and outside of ThreatExchange, based on the US-CERT's Traffic Light Protocol.
A description of the maliciousness of any object within ThreatExchange.
The kind of threat a ThreatIndicator object is expressing.
Search for malware samples by hash and other metadata
Search for malware families by name and other metadata
Enables searching for indicators of compromise descriptors
Enables searching for indicators of compromise
Enables searching for threat tags