Trending Actors

To monitor for trending actors, use the actors index page, with the 'sort' parameter set to one of the following:

trending_1d
trending_7d
trending_30d

Threat Actors Index

get

Endpoint to browse for threat actors, with filters on some criteria.

Query parameters

filterstringOptional

A string used to filter threat actors. It can start with specific prefixes to indicate the type of filter:

name:: Filter by Name, case-insensitive.
uuid:: Filter by UUID, case-insensitive. If no prefix is provided, it defaults to filtering on the display_name or name fields. Examples:
name:APT
name:lazarus_group
lazarus_group
Lazarus Group

offsetintegerOptional

The number of items to skip before starting to collect the result set.

Default: 0

sortstringOptional

Field to sort by - either name, created_at, updated_at, enriched_at, trending_1d, trending_7d, or trending_30d

orderstringOptional

Sort order - either asc or desc

Default: descPattern: ^(asc|desc)$

limitinteger · min: 1Optional

The maximum number of items to return.

Default: 100

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/actors

GET /v1/actors HTTP/1.1
Host: 
Accept: */*

{
  "total": 1,
  "offset": 1,
  "limit": 1,
  "message": "text",
  "data": [
    {
      "uuid": "text",
      "created_at": "2025-12-10T08:31:41.578Z",
      "updated_at": "2025-12-10T08:31:41.578Z",
      "enriched_at": "2025-12-10T08:31:41.578Z",
      "name": "text",
      "description": "text",
      "display_name": "text",
      "misp_uuid": "text",
      "provenance": "text",
      "motivation": "text",
      "sponsor": "text",
      "family_name": "text",
      "gen_description": "text"
    }
  ]
}

Once you've identified the ideal aperature, and you'd like more detail about /why/ they are trending, you can simply build a list of the actor uuids and request each one individually, the response contains the recent mentions.

Lookup Threat Actor

get

Path parameters

identifierstringRequired

The unique UUID or name of the threat actor to retrieve

Responses

200

Successful Response

application/json

404

Not found

422

Validation Error

application/json

get

/v1/actors/{identifier}

GET /v1/actors/{identifier} HTTP/1.1
Host: 
Accept: */*

{
  "uuid": "text",
  "created_at": "2025-12-10T08:31:41.578Z",
  "updated_at": "2025-12-10T08:31:41.578Z",
  "enriched_at": "2025-12-10T08:31:41.578Z",
  "name": "text",
  "description": "text",
  "display_name": "text",
  "misp_uuid": "text",
  "provenance": "text",
  "motivation": "text",
  "sponsor": "text",
  "family_name": "text",
  "gen_description": "text",
  "mentions_count": 0,
  "synonyms_count": 0,
  "mentions": [
    {
      "uuid": "text",
      "created_at": "2025-12-10T08:31:41.578Z",
      "updated_at": "2025-12-10T08:31:41.578Z",
      "published_at": "2025-12-10T08:31:41.578Z",
      "overview": "text",
      "context": "text",
      "reference_uuid": "text",
      "reference_url": "text",
      "reference_source": "text",
      "reference_topic": "text",
      "reference_user_generated_content": true,
      "threat_actor_uuid": "text",
      "threat_actor_name": "text",
      "threat_actor_display_name": "text"
    }
  ],
  "synonyms": [
    {
      "uuid": "text",
      "created_at": "2025-12-10T08:31:41.578Z",
      "updated_at": "2025-12-10T08:31:41.578Z",
      "enriched_at": "2025-12-10T08:31:41.578Z",
      "name": "text",
      "description": "text",
      "display_name": "text",
      "misp_uuid": "text",
      "provenance": "text",
      "motivation": "text",
      "sponsor": "text",
      "family_name": "text",
      "gen_description": "text"
    }
  ]
}

Last updated 1 month ago