Skip to main content
Glama
malloryai

Mallory MCP Server

Official
by malloryai
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

get_threat_actor

Retrieve detailed intelligence about specific threat actors or APT groups to understand their tactics, techniques, procedures, target sectors, and tools used for security research and incident analysis.

Instructions

Get threat actor by identifier

Use this tool when you need detailed intelligence about a specific threat actor or advanced persistent threat (APT) group. This information is valuable for:

  • Understanding the tactics, techniques, and procedures (TTPs) of threat actors

  • Researching who might be behind a security incident

  • Evaluating the sophistication level of potential adversaries

  • Gathering threat intelligence for security briefings

  • Understanding which sectors or regions a threat actor typically targets

Args: identifier (str): The identifier of the threat actor - can be either: - UUID (e.g., "a9b46d37-42b8-4b27-8b69-583dbcb2f5e1") - Name (e.g., "dark_cloud_shield")

Returns: Dict[str, Any]: Detailed threat actor information including: - uuid: Unique identifier for this threat actor - name: Machine-readable name (typically lowercase with underscores) - display_name: Human-readable name with proper formatting - created_at/updated_at/enriched_at: Timestamps for record management - gen_description: Generated description (if available) - mentions: List of references to this threat actor from various sources, each containing: - uuid: Unique identifier for this mention - overview: Summary of the threat actor's activities from this source - published_at: When the source material was published - collected_at: When this mention was collected - reference_url: URL of the source material - reference_source: Name of the source (e.g., "talos_intelligence_blog") - reference_user_generated_content: Whether this is user-generated content - Other metadata about the mention and reference

These mentions provide valuable context about the threat actor's:

  • Known attack vectors and exploited vulnerabilities

  • Target sectors, regions, or organizations

  • Tools and malware used

  • Attribution confidence and alternate names

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
identifierNo

Implementation Reference

  • malloryai/mcp/tools/threat_actors.py:7-50 (handler)
    The handler function for the 'get_threat_actor' tool. It is decorated with @mcp.tool() for registration and @handle_api_errors. Takes an identifier (UUID or name) and returns detailed threat actor information by calling the malloryai_client API.
    @mcp.tool() @handle_api_errors async def get_threat_actor( identifier: str = None, ) -> Dict[str, Any]: """Get threat actor by identifier Use this tool when you need detailed intelligence about a specific threat actor or advanced persistent threat (APT) group. This information is valuable for: - Understanding the tactics, techniques, and procedures (TTPs) of threat actors - Researching who might be behind a security incident - Evaluating the sophistication level of potential adversaries - Gathering threat intelligence for security briefings - Understanding which sectors or regions a threat actor typically targets Args: identifier (str): The identifier of the threat actor - can be either: - UUID (e.g., "a9b46d37-42b8-4b27-8b69-583dbcb2f5e1") - Name (e.g., "dark_cloud_shield") Returns: Dict[str, Any]: Detailed threat actor information including: - uuid: Unique identifier for this threat actor - name: Machine-readable name (typically lowercase with underscores) - display_name: Human-readable name with proper formatting - created_at/updated_at/enriched_at: Timestamps for record management - gen_description: Generated description (if available) - mentions: List of references to this threat actor from various sources, each containing: - uuid: Unique identifier for this mention - overview: Summary of the threat actor's activities from this source - published_at: When the source material was published - collected_at: When this mention was collected - reference_url: URL of the source material - reference_source: Name of the source (e.g., "talos_intelligence_blog") - reference_user_generated_content: Whether this is user-generated content - Other metadata about the mention and reference These mentions provide valuable context about the threat actor's: - Known attack vectors and exploited vulnerabilities - Target sectors, regions, or organizations - Tools and malware used - Attribution confidence and alternate names """ return await malloryai_client.threat_actors.get_threat_actor(identifier)
  • malloryai/mcp/tools/threat_actors.py:7-7 (registration)
    The @mcp.tool() decorator registers the get_threat_actor function as an MCP tool.
    @mcp.tool()
  • malloryai/mcp/tools/threat_actors.py:9-11 (schema)
    Function signature defining input schema (identifier: str = None) and output type (Dict[str, Any]), with detailed Arg/Returns docstring.
    async def get_threat_actor( identifier: str = None, ) -> Dict[str, Any]:

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/malloryai/mallory-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server