GET/intent Pre-attack intent signals from Telegram: access sales, 0days, ransomware targeting. Filters: sector, country, organization, intent_type(access_sale|0day|ransomware|exploit), limit. Signals appear before attacks. | 100% | 173 ms | $0.05 |
GET/c2 C2 infrastructure from Telegram. Filters: framework(cobalt_strike|sliver|havoc|brute_ratel), severity, min_confidence, since, tag, limit, offset. Returns items[] with C2 IPs/domains, MITRE TTPs, confidence. | 100% | 528 ms | $0.02 |
GET/ioc IOC feed from Telegram CTI channels. Filters: type(ip|domain|url|hash|cve), severity, min_confidence, since, tlp, tag, channel, limit, offset. Returns items[] with iocs[], ttps[], confidence, severity, tlp, tags[]. | 100% | 205 ms | $0.01 |
GET/feed Full intel feed across all categories. Filters: category(ioc|c2|actor|breach|intent), severity, min_confidence, since, tag, tlp, limit, offset. Returns all record types newest first. Use for SIEM ingestion. | — | — | $0.05 |
GET/breach Breach disclosures from Telegram. Filters: sector, country, organization, severity, min_confidence, since, limit. Returns items[] with target{sectors,countries,organizations}, leak iocs[], confidence. | — | — | $0.03 |
GET/actor Threat actor profiles from Telegram. Filters: name, nation_state(kp|ru|cn|ir), motivation(financial|espionage|hacktivism), ttp, severity, limit. Returns items[] with actor{}, ttps[], target{sectors,countries}. | — | — | $0.02 |