API Beta
TweetFeed.live API (limited to 10k results per search)
Introduction
Open and Free API to get IOCs shared by the community at Twitter.
Endpoint
GET https://api.tweetfeed.live/v1/{time}/{filter1}/{filter2}
Key | Required? | Possible values |
---|---|---|
time | Required |
today (Today starting 00:00 UTC)
week (Last 7 days) month (Last 30 days) year (Last 365 days) |
filter1 | Optional |
User (@malwrhunterteam / @MBThreatIntel / @1ZRR4H ...)
Type (url / domain / ip / sha256 / md5) Tag (phishing / ransomware / CobaltStrike ...) |
filter2 | Optional |
User (@malwrhunterteam / @MBThreatIntel / @1ZRR4H ...)
Type (url / domain / ip / sha256 / md5) Tag (phishing / ransomware / CobaltStrike ...) |
Some examples
Example 1: IOCs posted todayhttps://api.tweetfeed.live/v1/today
Example 2: URLs posted today with phishing tag
https://api.tweetfeed.live/v1/today/phishing/url
Example 3: IPs posted in the last 7 days with CobaltStrike tag
https://api.tweetfeed.live/v1/week/cobaltstrike/ip
Example 4: SHA256 hashes posted by @malwrhunterteam in the last month
https://api.tweetfeed.live/v1/month/@malwrhunterteam/sha256
Output example
[ { "date": "2022-05-11 19:39:06", "user": "Unit42_Intel", "type": "ip", "value": "138.124.183.147", "tags": [ "#CobaltStrike", "#IcedID" ], "tweet": "https://twitter.com/Unit42_Intel/status/1524474195471745028" }, { "date": "2022-05-11 19:43:48", "user": "GootLoaderSites", "type": "url", "value": "https://www.kipperfamily.co.uk/forum.php", "tags": [ "#GootLoader" ], "tweet": "https://twitter.com/GootLoaderSites/status/1524475379997675522" }, { "date": "2022-05-11 20:00:44", "user": "ecarlesi", "type": "url", "value": "https://tinpan.top/bancocuscatlan/", "tags": [ "#phishing" ], "tweet": "https://twitter.com/ecarlesi/status/1524479640584466432" }, ... ]
Please consider making your own analysis before taking any action related to the IOCs. The confidence of the shared IOCs is not always 100% so it is strongly recommended NOT adding them to a blocklist directly. These could potentially be used for Threat Hunting and could be added to a Watchlist.