VirusTotal · Capability

VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt

VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. 6 operations. Lead operation: Get a List of Retrohunt Jobs. Self-contained Naftiko capability covering one VirusTotal business surface.

Run with Naftiko VirusTotalYARA HuntingRetrohunt

What You Can Do

GET
Getretrohuntjobs — VirusTotal Get a List of Retrohunt Jobs
/v1/intelligence/retrohunt_jobs
POST
Createretrohuntjob — VirusTotal Create a New Retrohunt Job
/v1/intelligence/retrohunt_jobs
DELETE
Deleteretrohuntjob — VirusTotal Delete a Retrohunt Job
/v1/intelligence/retrohunt_jobs/{id}
GET
Getretrohuntjob — VirusTotal Get a Retrohunt Job Object
/v1/intelligence/retrohunt_jobs/{id}
POST
Abortretrohuntjob — VirusTotal Abort a Retrohunt Job
/v1/intelligence/retrohunt_jobs/{id}/abort
GET
Getretrohuntjobrelationships — VirusTotal Retrieve Matches for a Retrohunt Job
/v1/intelligence/retrohunt_jobs/{id}/matching_files

MCP Tools

get-list-retrohunt-jobs

VirusTotal Get a List of Retrohunt Jobs

read-only idempotent
create-new-retrohunt-job

VirusTotal Create a New Retrohunt Job

delete-retrohunt-job

VirusTotal Delete a Retrohunt Job

idempotent
get-retrohunt-job-object

VirusTotal Get a Retrohunt Job Object

read-only idempotent
abort-retrohunt-job

VirusTotal Abort a Retrohunt Job

retrieve-matches-retrohunt-job

VirusTotal Retrieve Matches for a Retrohunt Job

read-only idempotent

Capability Spec

yara-hunting-yara-hunting-retrohunt.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt
  description: 'VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. 6 operations. Lead operation: Get a List of Retrohunt Jobs. Self-contained Naftiko capability
    covering one VirusTotal business surface.'
  tags:
  - VirusTotal
  - YARA Hunting
  - Retrohunt
  created: '2026-05-29'
  modified: '2026-05-29'
binds:
- namespace: env
  keys:
    VIRUSTOTAL_API_KEY: VIRUSTOTAL_API_KEY
capability:
  consumes:
  - type: http
    namespace: yara-hunting-yara-hunting-retrohunt
    baseUri: https://www.virustotal.com/api/v3
    description: VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. Self-contained, no shared references.
    authentication:
      type: apikey
      key: x-apikey
      value: '{{env.VIRUSTOTAL_API_KEY}}'
      placement: header
    resources:
    - name: intelligence-retrohunt-jobs
      path: /intelligence/retrohunt_jobs
      operations:
      - name: getRetrohuntJobs
        method: GET
        description: VirusTotal Get a List of Retrohunt Jobs
        inputParameters:
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number jobs to retrieve
        - name: filter
          in: query
          type: string
          required: false
          description: Return the jobs matching the given criteria only
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createRetrohuntJob
        method: POST
        description: VirusTotal Create a New Retrohunt Job
        inputParameters:
        - name: body
          in: body
          type: object
          required: false
          description: Request body payload.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: intelligence-retrohunt-jobs-id
      path: /intelligence/retrohunt_jobs/{id}
      operations:
      - name: deleteRetrohuntJob
        method: DELETE
        description: VirusTotal Delete a Retrohunt Job
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Job identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: getRetrohuntJob
        method: GET
        description: VirusTotal Get a Retrohunt Job Object
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Job identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: intelligence-retrohunt-jobs-id-abort
      path: /intelligence/retrohunt_jobs/{id}/abort
      operations:
      - name: abortRetrohuntJob
        method: POST
        description: VirusTotal Abort a Retrohunt Job
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Job identifier
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: intelligence-retrohunt-jobs-id-matching-files
      path: /intelligence/retrohunt_jobs/{id}/matching_files
      operations:
      - name: getRetrohuntJobRelationships
        method: GET
        description: VirusTotal Retrieve Matches for a Retrohunt Job
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
          description: Job identifier
        - name: cursor
          in: query
          type: string
          required: false
          description: Continuation cursor
        - name: limit
          in: query
          type: integer
          required: false
          description: Maximum number of matching files to retrieve
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    namespace: yara-hunting-yara-hunting-retrohunt-rest
    port: 8080
    description: REST adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/intelligence/retrohunt_jobs
      name: intelligence-retrohunt-jobs
      description: REST surface for /intelligence/retrohunt_jobs.
      operations:
      - method: GET
        name: getRetrohuntJobs
        description: VirusTotal Get a List of Retrohunt Jobs
        call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobs
        outputParameters:
        - type: object
          mapping: $.
        with:
          limit: rest.limit
          filter: rest.filter
          cursor: rest.cursor
      - method: POST
        name: createRetrohuntJob
        description: VirusTotal Create a New Retrohunt Job
        call: yara-hunting-yara-hunting-retrohunt.createRetrohuntJob
        outputParameters:
        - type: object
          mapping: $.
        with:
          body: rest.body
    - path: /v1/intelligence/retrohunt_jobs/{id}
      name: intelligence-retrohunt-jobs-id
      description: REST surface for /intelligence/retrohunt_jobs/{id}.
      operations:
      - method: DELETE
        name: deleteRetrohuntJob
        description: VirusTotal Delete a Retrohunt Job
        call: yara-hunting-yara-hunting-retrohunt.deleteRetrohuntJob
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
      - method: GET
        name: getRetrohuntJob
        description: VirusTotal Get a Retrohunt Job Object
        call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJob
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/intelligence/retrohunt_jobs/{id}/abort
      name: intelligence-retrohunt-jobs-id-abort
      description: REST surface for /intelligence/retrohunt_jobs/{id}/abort.
      operations:
      - method: POST
        name: abortRetrohuntJob
        description: VirusTotal Abort a Retrohunt Job
        call: yara-hunting-yara-hunting-retrohunt.abortRetrohuntJob
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
    - path: /v1/intelligence/retrohunt_jobs/{id}/matching_files
      name: intelligence-retrohunt-jobs-id-matching-files
      description: REST surface for /intelligence/retrohunt_jobs/{id}/matching_files.
      operations:
      - method: GET
        name: getRetrohuntJobRelationships
        description: VirusTotal Retrieve Matches for a Retrohunt Job
        call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobRelationships
        outputParameters:
        - type: object
          mapping: $.
        with:
          id: rest.id
          cursor: rest.cursor
          limit: rest.limit
  - type: mcp
    namespace: yara-hunting-yara-hunting-retrohunt-mcp
    port: 9090
    transport: http
    description: MCP adapter for VirusTotal API v3 - YARA Hunting (Livehunt, Retrohunt, IoC Stream) — YARA Hunting - Retrohunt. One tool per consumed operation, routed inline through this capability's consumes
      block.
    tools:
    - name: get-list-retrohunt-jobs
      description: VirusTotal Get a List of Retrohunt Jobs
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobs
      outputParameters:
      - type: object
        mapping: $.
      with:
        limit: tools.limit
        filter: tools.filter
        cursor: tools.cursor
    - name: create-new-retrohunt-job
      description: VirusTotal Create a New Retrohunt Job
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: yara-hunting-yara-hunting-retrohunt.createRetrohuntJob
      outputParameters:
      - type: object
        mapping: $.
      with:
        body: tools.body
    - name: delete-retrohunt-job
      description: VirusTotal Delete a Retrohunt Job
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: yara-hunting-yara-hunting-retrohunt.deleteRetrohuntJob
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: get-retrohunt-job-object
      description: VirusTotal Get a Retrohunt Job Object
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJob
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: abort-retrohunt-job
      description: VirusTotal Abort a Retrohunt Job
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: yara-hunting-yara-hunting-retrohunt.abortRetrohuntJob
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
    - name: retrieve-matches-retrohunt-job
      description: VirusTotal Retrieve Matches for a Retrohunt Job
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: yara-hunting-yara-hunting-retrohunt.getRetrohuntJobRelationships
      outputParameters:
      - type: object
        mapping: $.
      with:
        id: tools.id
        cursor: tools.cursor
        limit: tools.limit