The endpoint returns a JSON object that contains information about the reports.
Parameter
|
Description
|
publications
|
Array with the keys described in this table.
|
id
|
Report ID. This value can be used as a publication_id argument for the get_one endpoint.
Now the id parameter is a string value. For example, the new value format is ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt unlike the previous format 1234-fin. To determine the report group, consider the report_group parameter value, but not the id value suffix (-apt or -fin). The examples provided are not real publication IDs, but only show the difference between the new and old value format.
|
updated
|
Time stamp when a report was updated.
|
published
|
Time stamp when a report was published.
|
name
|
Report name.
|
desc
|
Report description.
|
report_group
|
Report group. For example: "apt", "fin".
|
tags
|
Array of all tags associated with the report. For example: ["turla", "epic turla"].
|
tags_industry
|
Array of industry tags associated with the report: industries that are involved in APT attacks or mentioned in Crimeware Threat Intelligence reports. For example: ["Activists", "Zoo"].
|
tags_geo
|
Array of geography tags associated with the report: countries and regions that are targeted by APTs or mentioned in Crimeware Threat Intelligence reports. For example: ["Egypt", "Iran", "Jordan"].
|
tags_actors
|
Array of actor tags associated with the report: personalities or companies that are involved in APT attacks or mentioned in Crimeware Threat Intelligence reports. For example: ["APT28"].
|
pdfs
|
Array of two-letter codes of the languages in which a report is available. The value can be one of the following: ru (Russian), en (English), pt (Portuguese), or es (Spanish). You can specify an available value as a value for the lang parameter for the get_one endpoint to fetch a report in the specific language.
|
exec_sums
|
Array of two-letter codes of the languages in which an executive summary is available. The value can be one of the following: ru (Russian), en (English), pt (Portuguese), or es (Spanish). You can specify an available value as a value for the lang parameter for the get_one endpoint to fetch an executive summary in the specific language.
|
exec_sum_text
|
Text of the executive summary (only for APT Threat Intelligence reports). If the executive summary is not available, this field is not included in the return data.
|
Count
|
Total number of returned reports.
|
Tag values can contain UTF-8 (Unicode Transformation Format 8-bit) symbols. The list of values is not limited, and tags can be added or deleted without prior notification.
{
"status": "ok",
"status_msg": "",
"return_data": {
"count": 2,
"publications": [
{
"id": "ac36f485-337b-4f91-4177-0c7b6bdf6a48-apt",
"updated": 1489079546,
"published": 1489079546,
"name": "APT10 Spearphishes Japanese Policy Experts late 2016 to early 2017",
"desc": "In late January 2017, JPCERT/CC reported a spearphishing campaign and related backdoor which they named ChChes. The campaign, which we have high confidence was carried out by the APT10 actor, targeted multiple Japanese organizations.",
"report_group": "apt",
"tags": ["Japan", "Educational", "APT10"],
"tags_industry": ["Educational"],
"tags_geo": ["Japan"],
"tags_actors": ["APT10"],
"pdfs": ["pt", "en"],
"exec_sums": ["en"]
},
{
"id": "ac36f465-337b-4f91-4177-0c7b6bdf6a48-apt",
"updated": 1487783546,
"published": 1487783546,
"name": "Ismdoor - possible Shamoon attack vector found in Saudi Arabia",
"desc": "Ismdoor is a family of malware which according to public sources might be connected or used in relation to the Shamoon2 attacks. Although no solid proof of connections with Shamoon have been identified so far, the distribution of the victims has a strong bias towards Saudi Arabia and Qatar, as well as other countries from the Gulf region.",
"report_group": "apt",
"tags": ["Iraq", "Jordan", " Qatar", " Saudi Arabia", "Energy"],
"tags_industry": ["Energy"],
"tags_geo": ["Iraq", "Jordan", "Qatar", "Saudi Arabia"],
"pdfs": ["pt", "en"],
"exec_sums": ["en"],
"exec_sum_text": [Text of the executive summary]
}
]
}
}