TECHINT APIs#
Malware-sandbox, vulnerability, and component-data APIs the TECHINT operator pulls from. Most have free tiers gated to non-commercial use; commercial use needs a license.
API |
Auth + tier |
Endpoint |
Returns |
|---|---|---|---|
VirusTotal API v3 |
API key; free + paid. |
File / URL / domain / IP intel; sample download on paid tiers. |
|
Hybrid Analysis |
API key. |
Sandbox reports, sample search. |
|
Joe Sandbox Cloud |
API key. |
Detonation reports. |
|
ANY.RUN |
API key; paid. |
Interactive sandbox; public submissions. |
|
MalwareBazaar (abuse.ch) |
Free; API key for some endpoints. |
Malware sample sharing. |
|
URLhaus (abuse.ch) |
Free. |
Malicious URL feed. |
|
ThreatFox (abuse.ch) |
Free. |
IOC feed. |
|
MISP |
API key per instance. |
<misp-instance>/events |
Threat-intel platform; events, attributes, galaxies. |
NVD API |
API key optional. |
CVE, CPE, CVSS. |
|
CIRCL CVE Search |
Free. |
CVE lookup and matching. |
|
ExploitDB |
Public. |
Public exploit archive. |
|
Vulners API |
API key. |
Aggregated vulnerability database. |
|
EPSS |
Free. |
Exploit Prediction Scoring System. |
|
KEV catalog |
Free. |
https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |
CISA Known Exploited Vulnerabilities. |
References#
TECHINT for the discipline overview.
TECHINT Tools for the operator’s kit.
TECHINT Sources for the data sources.
TECHINT Techniques for the tradecraft.
TECHINT Intel for the finished-product side.