> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pulsedive.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Threat by Name

> Retrieve detailed threat intelligence information for a specific threat by looking up the threat's name.
To query links, retrieve the threat by ID instead.




## OpenAPI

````yaml /api/threat/threat-by-name.yaml get /api/threat.php
openapi: 3.0.3
info:
  title: Pulsedive API Reference
  version: 1.0.0
  description: >
    The Pulsedive API lets you programmatically manage resources within
    Pulsedive.

    Users can look up known indicators and threats, enrich and investigate
    indicators, query Pulsedive data, and automate workflows.


    Please report any discrepancies in API behavior to <a
    href="mailto:support@pulsedive.com">Pulsedive Support</a>.
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  contact:
    email: support@pulsedive.com
servers:
  - url: https://pulsedive.com
security: []
tags:
  - name: Threats
    description: Look up threats.
externalDocs:
  url: https://docs.pulsedive.com
paths:
  /api/threat.php:
    get:
      tags:
        - Threats
      summary: Get Threat by Name
      description: >
        Retrieve detailed threat intelligence information for a specific threat
        by looking up the threat's name.

        To query links, retrieve the threat by ID instead.
      operationId: getThreatByName
      parameters:
        - $ref: '#/components/parameters/APIKey'
        - $ref: '#/components/parameters/ThreatName'
        - $ref: '#/components/parameters/Pretty'
      responses:
        '200':
          description: Successful request. Returns threat information in JSON format.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ThreatResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalServerError'
      x-codeSamples:
        - lang: curl
          label: Get by Name
          source: |
            curl "https://pulsedive.com/api/threat.php?threat=zeus"
components:
  parameters:
    APIKey:
      name: key
      in: query
      required: false
      description: >
        Your Pulsedive API key.


        API key authentication is optional. However, requests without a key have
        stricter rate limits. We recommend including an API key for better
        performance and reliability.
      schema:
        type: string
    ThreatName:
      name: threat
      in: query
      required: true
      description: |
        Name of the threat to retrieve.
      schema:
        type: string
        example: zeus
    Pretty:
      name: pretty
      in: query
      required: false
      description: |
        Indicates whether to format returned JSON results.

        For pretty-printed output, set to `1`.
        For compact output, set to `0`.
      schema:
        type: integer
        enum:
          - 0
          - 1
        default: 0
      examples:
        compact:
          summary: Compact output
          value: 0
        pretty:
          summary: Pretty-printed output
          value: 1
  schemas:
    ThreatResponse:
      type: object
      properties:
        tid:
          type: integer
          description: Unique identifier of the threat.
          nullable: false
        threat:
          type: string
          description: Name of the threat being retrieved.
        category:
          type: string
          description: Category assigned to the threat.
          example: malware
        othernames:
          type: array
          description: Alternative names for the threat.
          items:
            type: string
        risk:
          type: string
          description: Risk level associated with the threat.
          enum:
            - unknown
            - none
            - low
            - medium
            - high
            - critical
            - retired
        description:
          type: string
          description: Description of the threat.
          nullable: true
        notes:
          type: string
          description: Additional notes about the threat.
          nullable: true
        wikisummary:
          type: string
          description: Wikipedia summary of the threat.
          nullable: true
        wikireference:
          type: string
          description: Link to Wikipedia reference.
          nullable: true
        retired:
          type: boolean
          description: >
            Indicates whether the threat is inactive or obsolete.


            A threat is automatically retired if, in the past three months, it
            has not been:


            - Reported using the Seen button in the Pulsedive UI

            - Observed in any source feeds

            - Submitted through the Analyze section of the Pulsedive UI


            Pulsedive research can also retire threats manually.


            When set to `1`, this threat is retired.

            When set to `0`, this threat is active.
          nullable: true
        stamp_added:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the threat was first added to Pulsedive. 24-hour
            format, UTC time zone.
          example: '2017-09-27 18:11:38'
          nullable: true
        stamp_updated:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the threat record was last updated in Pulsedive.
            24-hour format, UTC time zone.
          example: '2017-09-27 18:11:38'
          nullable: true
        stamp_seen:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the threat was last seen in Pulsedive. 24-hour
            format, UTC time zone.
          example: '2017-09-27 18:11:38'
          nullable: true
        stamp_retired:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the threat was retired in Pulsedive. 24-hour format,
            UTC time zone.
          example: '2017-09-27 18:11:38'
          nullable: true
        updated_last_domain:
          type: string
          format: sql-date-time
          pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
          description: >
            Timestamp when the threat's last domain was updated in Pulsedive.
            24-hour format, UTC time zone.
          example: '2017-09-27 18:11:38'
          nullable: true
        related:
          type: array
          description: Related threats associated with this threat.
          items:
            type: object
            properties:
              tid:
                type: integer
                description: Unique identifier of the related threat.
              name:
                type: string
                description: Name of the related threat.
              category:
                type: string
                description: Category assigned to the related threat.
                example: malware
              risk:
                type: string
                description: Risk level associated with the related threat.
                enum:
                  - unknown
                  - none
                  - low
                  - medium
                  - high
                  - critical
                  - retired
              stamp_updated:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the related threat record was last updated in
                  Pulsedive. 24-hour format, UTC time zone.
                example: '2025-09-15 07:48:30'
                nullable: true
        attributes:
          type: object
          description: Threat attributes.
          additionalProperties:
            type: array
            items:
              type: string
        ttps:
          type: array
          description: Tactics, techniques, and procedures associated with the threat.
          items:
            type: object
        news:
          type: array
          description: News articles about the threat.
          items:
            type: object
            properties:
              title:
                type: string
                description: Title of the article.
              channel:
                type: string
                description: Name of the news channel or publication.
              icon:
                type: string
                description: URL of the channel icon.
              link:
                type: string
                description: URL of the article.
              stamp:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the article was published. 24-hour format, UTC
                  time zone.
                example: '2017-09-27 18:11:38'
                nullable: true
              primary:
                type: integer
                description: >
                  Indicates whether this is a primary reference for the threat.


                  When set to `1`, it is a primary reference that was
                  intentionally linked to the threat (e.g., from a threat feed
                  or a contributor).

                  When set to `0`, it is a news article that mentioned the
                  threat.
                example: 1
        comments:
          type: array
          description: Comments submitted by Pulsedive users for this threat.
          items:
            type: object
            properties:
              cid:
                type: integer
                description: Unique identifier of the comment.
              username:
                type: string
                description: Username of the commenter.
              title:
                type: string
                description: Title of the commenter.
              comment:
                type: string
                description: Comment text.
              stamp_added:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the comment was added to Pulsedive. 24-hour
                  format, UTC time zone.
                example: '2017-09-27 18:11:38'
                nullable: true
              stamp_updated:
                type: string
                format: sql-date-time
                pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
                description: >
                  Timestamp when the comment was last updated in Pulsedive.
                  24-hour format, UTC time zone.
                example: '2017-09-27 18:11:38'
                nullable: true
        summary:
          type: object
          description: Summary information about the threat.
          properties:
            updated_last_domain:
              type: string
              format: sql-date-time
              pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}$
              description: >
                Timestamp when the threat's last domain was updated. 24-hour
                format, UTC time zone.
              example: '2017-09-27 18:11:38'
              nullable: true
            attributes:
              type: object
              description: Summary attributes for the threat.
              properties:
                technology:
                  type: object
                  description: Technologies identified.
                  additionalProperties:
                    type: object
                    description: >
                      Dynamic keyed object representing a single technology and
                      its properties.


                      Each {key} represents the name of the technology.
                    properties:
                      aid:
                        type: integer
                        description: Unique identifier of the attribute.
                        example: 65110
                      indicators:
                        type: integer
                        description: Count of indicators.
                        example: 4
                hosttype:
                  type: object
                  description: Host types identified.
                  additionalProperties:
                    type: object
                    description: >
                      Dynamic keyed object representing a single host type and
                      its properties.


                      Each {key} represents the name of the host type.
                    properties:
                      aid:
                        type: integer
                        description: Unique identifier of the attribute.
                      indicators:
                        type: integer
                        description: Count of indicators.
                        example: 4
                protocol:
                  type: object
                  description: Protocols identified.
                  additionalProperties:
                    type: object
                    description: >
                      Dynamic keyed object representing a single protocol and
                      its properties.


                      Each {key} represents the name of the protocol.
                    properties:
                      indicators:
                        type: integer
                        description: Count of indicators.
                        example: 8
                      aid:
                        type: integer
                        description: Unique identifer of the attribute.
                        example: 5
                port:
                  type: object
                  description: Ports identified.
                  additionalProperties:
                    type: object
                    description: >
                      Dynamic keyed object representing a single port and its
                      properties.


                      Each {key} represents the number of the port.
                    properties:
                      indicators:
                        type: integer
                        description: Count of indicators.
                        example: 7
                      aid:
                        type: integer
                        description: Unique identifier of the attribute.
                        example: 6
            properties:
              type: object
              description: Additional properties.
            feeds:
              type: array
              description: Feeds associated with this threat.
              items:
                type: object
                properties:
                  fid:
                    type: integer
                    description: Unique identifier of the feed.
                  organization:
                    type: string
                    description: Organization associated with the feed.
                  name:
                    type: string
                    description: Name of the feed.
                  pricing:
                    type: string
                    description: Pricing tier of the feed.
                    example: free
                    nullable: true
                  category:
                    type: string
                    description: Category assigned to the feed.
                    example: malware
                  indicators:
                    type: integer
                    description: Count of indicators in the feed.
                    example: 10
            risk:
              type: object
              description: >
                Count of indicators at each risk level for the threat.


                Consists of key-value pairs, where each key matches an indicator
                risk level and its value contains the corresponding count.
              example:
                unknown: 31
                low: 17
                medium: 20
                high: 5
                critical: 1
                retired: 874
                total: 1037
                none: 89
    ErrorResponse:
      type: object
      properties:
        error:
          type: string
          description: Message describing the error that occurred, if available.
  responses:
    BadRequest:
      description: |
        Bad request. The request was malformed or missing required parameters.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: |
        Unauthorized. Your API key is missing or invalid.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFound:
      description: |
        Not found. The requested threat could not be located.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    TooManyRequests:
      description: >
        Rate limit exceeded. Too many requests have been made in a short period
        of time.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerError:
      description: |
        Server error. An unexpected problem occurred on our end.
        These errors are automatically reported to our team.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'

````