Skip to main content
GET
/
api
/
threat.php
Get by Name
curl "https://pulsedive.com/api/threat.php?threat=zeus"

{
  "tid": 123,
  "threat": "<string>",
  "category": "malware",
  "othernames": [
    "<string>"
  ],
  "risk": "unknown",
  "description": "<string>",
  "notes": "<string>",
  "wikisummary": "<string>",
  "wikireference": "<string>",
  "retired": true,
  "stamp_added": "2017-09-27 18:11:38",
  "stamp_updated": "2017-09-27 18:11:38",
  "stamp_seen": "2017-09-27 18:11:38",
  "stamp_retired": "2017-09-27 18:11:38",
  "updated_last_domain": "2017-09-27 18:11:38",
  "related": [
    {
      "tid": 123,
      "name": "<string>",
      "category": "malware",
      "risk": "unknown",
      "stamp_updated": "2025-09-15 07:48:30"
    }
  ],
  "attributes": {},
  "ttps": [
    {}
  ],
  "news": [
    {
      "title": "<string>",
      "channel": "<string>",
      "icon": "<string>",
      "link": "<string>",
      "stamp": "2017-09-27 18:11:38",
      "primary": 1
    }
  ],
  "comments": [
    {
      "cid": 123,
      "username": "<string>",
      "title": "<string>",
      "comment": "<string>",
      "stamp_added": "2017-09-27 18:11:38",
      "stamp_updated": "2017-09-27 18:11:38"
    }
  ],
  "summary": {
    "updated_last_domain": "2017-09-27 18:11:38",
    "attributes": {
      "technology": {},
      "hosttype": {},
      "protocol": {},
      "port": {}
    },
    "properties": {},
    "feeds": [
      {
        "fid": 123,
        "organization": "<string>",
        "name": "<string>",
        "pricing": "free",
        "category": "malware",
        "indicators": 10
      }
    ],
    "risk": {
      "unknown": 31,
      "low": 17,
      "medium": 20,
      "high": 5,
      "critical": 1,
      "retired": 874,
      "total": 1037,
      "none": 89
    }
  }
}

Query Parameters

key
string

Your Pulsedive API key.

API key authentication is optional. However, requests without a key have stricter rate limits. We recommend including an API key for better performance and reliability.

threat
string
required

Name of the threat to retrieve.

Example:

"zeus"

pretty
enum<integer>
default:0

Indicates whether to format returned JSON results.

For pretty-printed output, set to 1. For compact output, set to 0.

Available options:
0,
1

Response

Successful request. Returns threat information in JSON format.

tid
integer

Unique identifier of the threat.

threat
string

Name of the threat being retrieved.

category
string

Category assigned to the threat.

Example:

"malware"

othernames
string[]

Alternative names for the threat.

risk
enum<string>

Risk level associated with the threat.

Available options:
unknown,
none,
low,
medium,
high,
critical,
retired
description
string | null

Description of the threat.

notes
string | null

Additional notes about the threat.

wikisummary
string | null

Wikipedia summary of the threat.

wikireference
string | null

Link to Wikipedia reference.

retired
boolean | null

Indicates whether the threat is inactive or obsolete.

A threat is automatically retired if, in the past three months, it has not been:

  • Reported using the Seen button in the Pulsedive UI
  • Observed in any source feeds
  • Submitted through the Analyze section of the Pulsedive UI

Pulsedive research can also retire threats manually.

When set to 1, this threat is retired. When set to 0, this threat is active.

stamp_added
string<sql-date-time> | null

Timestamp when the threat was first added to Pulsedive. 24-hour format, UTC time zone.

Pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
Example:

"2017-09-27 18:11:38"

stamp_updated
string<sql-date-time> | null

Timestamp when the threat record was last updated in Pulsedive. 24-hour format, UTC time zone.

Pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
Example:

"2017-09-27 18:11:38"

stamp_seen
string<sql-date-time> | null

Timestamp when the threat was last seen in Pulsedive. 24-hour format, UTC time zone.

Pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
Example:

"2017-09-27 18:11:38"

stamp_retired
string<sql-date-time> | null

Timestamp when the threat was retired in Pulsedive. 24-hour format, UTC time zone.

Pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
Example:

"2017-09-27 18:11:38"

updated_last_domain
string<sql-date-time> | null

Timestamp when the threat's last domain was updated in Pulsedive. 24-hour format, UTC time zone.

Pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
Example:

"2017-09-27 18:11:38"

related
object[]

Related threats associated with this threat.

attributes
object

Threat attributes.

ttps
object[]

Tactics, techniques, and procedures associated with the threat.

news
object[]

News articles about the threat.

comments
object[]

Comments submitted by Pulsedive users for this threat.

summary
object

Summary information about the threat.