HomeBack to App

Trending Actors

To monitor for trending actors, use the actors index page, with the 'sort' parameter set to one of the following:

  • trending_1d

  • trending_7d

  • trending_30d

Threat Actors Index

get

Endpoint to browse for threat actors, with filters on some criteria.

Query parameters
filterstringOptional

A string used to filter threat actors. It can start with specific prefixes to indicate the type of filter:

  • name:: Filter by Name, case-insensitive.
  • uuid:: Filter by UUID, case-insensitive. If no prefix is provided, it defaults to filtering on the display_name or name fields. Examples:
  • name:APT
  • name:lazarus_group
  • lazarus_group
  • Lazarus Group
offsetintegerOptional

The number of items to skip before starting to collect the result set.

Default: 0
sortstringOptional

Field to sort by - either name, created_at, updated_at, enriched_at, trending_1d, trending_7d, or trending_30d

Default: created_atPattern: ^(name|created_at|updated_at|enriched_at|trending_1d|trending_7d|trending_30d)$
orderstringOptional

Sort order - either asc or desc

Default: descPattern: ^(asc|desc)$
limitinteger · min: 1Optional

The maximum number of items to return.

Default: 100
Responses
200

Successful Response

application/json
get
/v1/actors
GET /v1/actors HTTP/1.1
Host: 
Accept: */*

{
  "total": 1,
  "offset": 1,
  "limit": 1,
  "message": "text",
  "data": [
    {
      "uuid": "text",
      "created_at": "2025-10-25T05:15:52.298Z",
      "updated_at": "2025-10-25T05:15:52.298Z",
      "enriched_at": "2025-10-25T05:15:52.298Z",
      "name": "text",
      "description": "text",
      "display_name": "text",
      "misp_uuid": "text",
      "provenance": "text",
      "motivation": "text",
      "sponsor": "text",
      "family_name": "text",
      "gen_description": "text"
    }
  ]
}

Once you've identified the ideal aperature, and you'd like more detail about /why/ they are trending, you can simply build a list of the actor uuids and request each one individually, the response contains the recent mentions.

Lookup Threat Actor

get
Path parameters
identifierstringRequired

The unique UUID or name of the threat actor to retrieve

Responses
200

Successful Response

application/json
get
/v1/actors/{identifier}
GET /v1/actors/{identifier} HTTP/1.1
Host: 
Accept: */*

{
  "uuid": "text",
  "created_at": "2025-10-25T05:15:52.298Z",
  "updated_at": "2025-10-25T05:15:52.298Z",
  "enriched_at": "2025-10-25T05:15:52.298Z",
  "name": "text",
  "description": "text",
  "display_name": "text",
  "misp_uuid": "text",
  "provenance": "text",
  "motivation": "text",
  "sponsor": "text",
  "family_name": "text",
  "gen_description": "text",
  "mentions_count": 0,
  "synonyms_count": 0,
  "mentions": [
    {
      "uuid": "text",
      "created_at": "2025-10-25T05:15:52.298Z",
      "updated_at": "2025-10-25T05:15:52.298Z",
      "published_at": "2025-10-25T05:15:52.298Z",
      "overview": "text",
      "context": "text",
      "reference_uuid": "text",
      "reference_url": "text",
      "reference_source": "text",
      "reference_topic": "text",
      "reference_user_generated_content": true,
      "threat_actor_uuid": "text",
      "threat_actor_name": "text",
      "threat_actor_display_name": "text"
    }
  ],
  "synonyms": [
    {
      "uuid": "text",
      "created_at": "2025-10-25T05:15:52.298Z",
      "updated_at": "2025-10-25T05:15:52.298Z",
      "enriched_at": "2025-10-25T05:15:52.298Z",
      "name": "text",
      "description": "text",
      "display_name": "text",
      "misp_uuid": "text",
      "provenance": "text",
      "motivation": "text",
      "sponsor": "text",
      "family_name": "text",
      "gen_description": "text"
    }
  ]
}

Last updated